Health Insurance

Obamacare marketplaces remain vulnerable to fraud, new government audits find

A woman sits with an insurance agent to pick an insurance health plan under the Affordable Care Act.
Getty Images

Don't worry if you don't exist, you can still get Obamacare.

Two new government audits reveal that the nation's Obamacare marketplaces remain "vulnerable to fraud," after investigators successfully applied for coverage for multiple people who don't actually exist.

In several cases this year, fake people who hadn't filed tax returns for 2014 were still able to get Obamacare tax credits to help pay their monthly premiums for 2016 coverage. This year is the first in which applicants for those subsidies had to have filed their federal tax returns from prior coverage years to obtain such assistance.

The audits, which looked at the 2015 and 2016 Obamacare coverage years, echo previous findings about the potential for fraud, and the failure to detect it, on the government-run exchanges that sell individual health plans. The audits come less than two months before Obamacare's fourth open enrollment season, for 2017 coverage, is scheduled to begin.

Congressional critics of Obamacare seized on the audits as further proof that the health-care reform law is not working as promised, and that the Obama administration was being lax in securing the insurance marketplaces against fraud.

"It's deja vu all over again as it seems the situation only continues to get worse, and we all are paying the price," said House Energy and Commerce Committee Chairman Fred Upton, R-Mich.

The investigations, conducted by the Government Accountability Office, looked at how well those exchanges did at verifying whether an applicant was eligible for Obamacare coverage. They also looked at whether people with dubious documentation could actually enroll in coverage, particularly for coverage that was subsidized by the federal government by virtue of applicants having low or moderate incomes.

For the 2015 coverage year, the federal exchange, which serves residents of 38 states, or the state-run exchanges of California and Kentucky, "approved each of 10 fictitious applications GAO made for subsidized health plans," the GAO said.

"Although 8 of these 10 fictitious applications failed the initial online identity-checking process, all 10 were subsequently approved," the agency said.

Four of the fictitious applications used Social Security numbers that had never been issued, according to the audit. "Other applications obtained duplicate enrollment or obtained coverage by claiming their employer did not provide insurance that met minimum essential coverage," the GAO said.

The agency's investigators also submitted another eight fictitious applications for coverage from Medicaid, the jointly run federal-state program that covers poor people.

For those applications, and the state-run exchanges approved three for Medicaid coverage, but did not approve Medicaid coverage for four of the applications. However, those other four applications were subsequently approved for subsidized Obamacare coverage. The eighth application was declined by California's exchange because the application did not provide a Social Security number as required.

GAO said that for both sets of testing for 2015, it "submitted fictitious documentation as part of the application and enrollment process."

"According to officials from the Centers for Medicaid & Medicare Services (CMS), California, Kentucky, and North Dakota, the marketplace or Medicaid office only inspect for supporting documentation that has obviously been altered," GAO said. "Thus, if the documentation submitted does not show such signs, it would not be questioned for authenticity."

For the 2016 coverage year, or the California exchange "initially approved coverage and subsidies for GAO's 15 fictitious applications."

Three applications, however, were unable to put their policies into effect because their first month's premium payments were not successfully processed.

GAO noted that four of the applications used fictitious identities that had been used to get subsidized coverage in 2014.

"Although none of the fictitious applications filed a 2014 tax return, all were approved for 2016 subsidies," GAO said.

Federal officials told GAO that "they allowed applicants to attest to filing taxes if information from the Internal Revenue Service ... indicated that the applicant did not file tax returns," according to the audit.

For eight other applications, GAO used new phony identities to test verification for identity or citizenship and immigration status.

"In each case," GAO said, the fake applicants "successfully obtained subsidized coverage."

The U.S. Department of Health and Human Services, which oversees Obamacare, in a letter responding to the GAO's findings noted that, "As the GAO mentioned in their report, the results cannot be generalized to the overall population of applications or enrollees."

"HHS takes seriously its responsibilities to protect taxpayer funds, while making coverage available to eligible individuals," that letter said.

"While the GAO has not provided details on the fictitious persons they used nor made recommendations to address the findings in this report, HHS continues to make ongoing improvements to strengthen program integrity efforts and marketplace controls."

But Upton, the Republican chairman of the House Energy and Commerce Committee, said, "The nonpartisan watchdog reports underscore that there is still tremendous weakness in how the federal marketplace operates and immediate action must be taken to ensure all avenues for fraud are impossible."

"When a fire is raging, the first thing you do is grab a hose — but there is no urgency by the administration," Upton said.

House Ways and Means Committee Chairman Kevin Brady, R-Texas, said, "This report unfortunately tells us more of what we already know — that the Obamacare federal exchanges have been riddled with problems since Day One."

"The fact that the exchanges are so susceptible to fraud is just further proof that the president's health-care law is not working as promised — and wasting billions of taxpayer dollars in the process," Brady said.

The federal Centers for Medicare and Medicaid Services, the HHS division responsible directly for Affordable Care Act programs, in a statement to CNBC, said: "The marketplace takes seriously the responsibility to protect taxpayer funds, while making coverage available to eligible people. We have a robust verification process to make sure people get benefits they are eligible for while protecting taxpayer dollars."

"Within we have multiple checks to verify that applicants provide correct eligibility information on their applications, and GAO deliberately circumvented those checks by giving false information, which is against the law for actual applicants," CMS said.

"We appreciate the work [of] the GAO and HHS Office of Inspector General to improve marketplace operations and take action when provided with recommendations or other information," CMS said. "That's why we have repeatedly requested, and remain disappointed, that we still have not received specific details or recommendations from the GAO relating to their fraudulent applications. Specific and actionable information will enable us to analyze and understand what occurred and whether we can make improvements to our processes or procedures."

A CMS official noted that over the past year it has implemented 43 of the GAO's recommendations and submitted almost 100 for review, and has also implemented more than 100 recommendations from the inspector general's office of HHS and submitted nearly 125 for review.

"As recommended by the GAO, we are applying their marketplace Fraud Risk Assessment to areas of eligibility and enrollment to identify and prioritize key areas for potential risk in the marketplace," the official said. "We are also working closely with issuers through the Healthcare Fraud Prevention Partnership to identify trends, schemes and specific bad actors."

Correction: The investigations were conducted by the Government Accountability Office. An earlier version misstated the agency's name.