- The federal Health Insurance Marketplace (Marketplace) desperately needs to tighten up its security measures, confirms a new report from the US Government Accountability Office (GAO). In an undercover series of 18 tests to better identify how secure the Patient Protection and Affordable Care Act’s (PPACA’s) enrollment controls actually are, fictitious applicants received coverage even without submitting all of the required documentation, and with glaring intentional inconsistencies present within what was submitted.
The Marketplace approved subsidized coverage under the PPACA for 11 of 12 fake applicants within 2014, subsequently administering $30,000 – $2,500 monthly – in annual advance premium tax credits and decreased cost eligibility. Some bogus applications were even rewarded with taxpayer subsidies that exceeded the amount of their insurance premiums.
12 of the 18 pretend applications sought coverage by applying by phone to effectively circumvent the identity-proofing control that had previously posed as a hiccup during the investigation. Others applied online or in person. Only one applicant who declined to provide a Social Security number via phone was denied the ability to move forward with the application, confirms GAO.
According to the report’s prepared testimony before the Committee on Finance from Seto J. Bagdoyan, Director of Forensic Audits and Investigative Service, “When we later asked CMS officials about this difference between online and telephone applications, they told us that unlike with online applications, the Marketplace allows phone applications to be made on the basis of verbal attestations by applicants, given under penalty of perjury, who are directed to provide supporting documentation.”
Of these 11 pretend applicants who successfully obtained subsidized coverage, 7 deliberately failed to submit the Marketplace’s required verification documentation. Despite this fact, these false applications experienced no cancelation of subsidized coverage. In some cases, says GAO, no needed documentation at all was submitted. “There is nothing else to do at this time,” the investigators were told by a representative.
“As appropriate, in our applications for coverage and subsidies, we used publicly available information to construct our scenarios. We also used publicly available hardware, software, and materials to produce counterfeit or fictitious documents, which we submitted, as appropriate for our testing, when instructed to do so,” according to testimony. “We then observed the outcomes of the document submissions, such as any approvals received or requests to provide additional supporting documentation.”
GAO disclosed several observations made during the course of its testing to the Centers of Medicare & Medicaid Services (CMS). First, inconsistencies regarding mismatching or unverified information were not properly recorded by the Marketplace. Say CMS officials, the Marketplace did not cut off coverage for these pretend applications even though several glaring contradictions were evident, such as missing Social Security numbers or conflicting information about incarceration status. Other accepted applicants were alleged noncitizens claiming they were lawfully present in the US.
Second, GAO noted that the Marketplace had made numerous errors regarding federal income tax filing information – including erroneous coverage periods and subsidy amounts – for 3 of the 11 successful pretend applicants. Thirdly, these 11 applicants had their coverage automatically reenrolled for the year 2015.
According to the report highlights, “Representatives of these organizations acknowledged the issues GAO raised in handling of the inquiries. CMS officials said that their experience from the first open-enrollment period helped improve training for the 2015 enrollment period.”
CMS officials confirm they are actively working to correct consumer communication.