State Medicaid agencies: New challenges in the battle against fraud

Agencies are exploring forward-thinking approaches to make sure those truly in need of Medicaid benefits receive them

Thomson Reuters and market research firm Market Connections undertook a “state Medicaid opportunity prioritization and approach survey” that gathered responses from approximately 200 Medicaid agency employees involved in fraud prevention and investigation. The survey’s chief goals were to identify:

  1. The biggest challenges facing state officials in Medicaid administration.
  2. Important considerations for evaluating and procuring vendors of prevention, detection, and investigation software.

These agencies are under more pressure than ever in the never-ending battle against fraud and abuse. The pandemic period added numerous new enrollees for benefits. With pandemic-driven Medicaid programs ending this past spring, millions of recipients have been seeking to re-enroll. This puts even more strain on agency staffers, who want to ensure qualified recipients receive the benefits they need while keeping Medicaid funds out of the hands of fraudsters and others who are ineligible.

This report provides a closer look at the many challenges that Medicaid state and federal officials face. It also examines how well state agencies are managing those challenges — and which tools they are working with to help them do so.

According to the survey, nearly eight in 10 respondents describe their agencies as modernized, although over half say they aren’t completely modernized. Six in 10 are fairly to completely confident in their organization’s ability to prevent, detect, and investigate Medicaid fraud and abuse. Overall, respondents favor software solutions over service providers for prevention and detection capabilities. When seeking a software vendor, respondents typically cite tech support, time to value, and mission knowledge as the most important considerations.


To better understand the landscape of Medicaid fraud prevention, detection, and investigation software and services, Thomson Reuters surveyed approximately 200 Medicaid fraud workers representing 15 state agencies focused on healthcare and Medicaid administration. They conducted the survey online during January and February 2023.

Respondents were screened for involvement in their organization’s handling of fraud and abuse within the state Medicaid system and their selection of vendors that provide Medicaid fraud and abuse prevention, detection, or investigation services or software solutions. The following report draws from these responses.

Sources and usages

State agencies overseeing the management of Medicaid programs are dedicated to fulfilling their mission: making sure that those in need of these benefits receive them in a timely manner. At the same time, they’re under more pressure than ever in the never-ending battle against fraud and abuse.

According to estimates from the Kaiser Family Foundation, enrollment in Medicaid and the Children’s Health Insurance Program (CHIP) grew by 23.3 million to nearly 95 million from February 2020 through March 2023. That’s mainly due to the continuous enrollment program established by the Families First Coronavirus Response Act (FFCRA). But in April, the federal government shut down that program. As of April 1, states began disenrolling Medicaid coverage for people enrolled via the FFCRA.

How many people have had coverage terminated? The Kaiser Family Foundation estimates that 5.5 million people lost Medicaid coverage from April 1 through the end of August. Earlier that month, the Office of the Assistant Secretary for Planning and Evaluation at the U.S. Department of Health and Human Services (HHS) projected that 17.4% of Medicaid recipients would lose coverage following the end of the continuous enrollment provision. That’s roughly 15 million people.

It’s difficult to predict how many people have sought or will seek to re-enroll. HHS notes that many of those enrolled in Medicaid during the pandemic could qualify for other forms of coverage. Still, the department projects that 7.9% of enrollees — about 6.8 million people — will lose coverage while still being eligible.

Many who’ve lost coverage under the FFCRA are re-enrolling — or trying to do so. The Commonwealth Fund noted in August: “Some are still eligible for Medicaid but may lose coverage for administrative reasons, including not having a current address on file, submitting an incomplete renewal application, not applying for a renewal, or submitting a late application. These are called procedural or administrative terminations, and many individuals who lose coverage this way may resume Medicaid coverage after a period of being uninsured.”

All this is causing a massive strain on state Medicaid agencies, many of which have long been under resourced. These agencies need to verify the identities of all these applicants, even if they had been verified in the past, to detect and prevent any fraudulent claims. Even without the added numbers of those re-enrolling for benefits, Medicaid agencies have always been weighed down by the time-consuming identity verification process. That situation became more difficult with the explosion in enrollees during the federal continuous enrollment program.

Time has long been one of the critical resources in short supply at most state agencies — and in the current employment environment, many are also dealing with staffing shortages. In some cases, that’s due to retirements and a shrinking talent pool. In others, there’s a lack of sufficient funding. In many cases, it’s both.

Fraudsters aren’t making the task of identity verification any easier. They’ve learned new tricks — most of them digitally based — to get past overworked investigative staff. One recent worry troubling many agency leaders is the use of AI to create false identities and communications to access Medicaid benefits illicitly.

On top of all these worries, agencies have the added, ongoing challenge of keeping on top of changing regulations. For instance, the Consolidated Appropriations Act, the federal legislation passed last December that included the termination of the continuous enrollment program, requires states to provide additional enrollment and disenrollment data. The legislation also requires the Centers for Medicare and Medicaid Services (CMS) to publish state-by-state data regularly.

How prepared are state agencies to carry all these burdens? According to the Thomson Reuters survey, about six in 10 are at least fairly confident in their organization’s ability to prevent, detect, and investigate Medicaid fraud and abuse. Nearly eight in 10 survey respondents describe their organization’s Medicaid management process technologies as modernized. However, most respondents say that their agency’s processes aren’t completely modernized, which suggests there is room for improvement.

Part 1: Solutions employed

A crucial element when it comes to modernization is the use of a prevention, detection, and investigation service or software platform to detect Medicaid fraud and abuse. Overall, only about 10% of survey respondents said that they’re not using either software or a service.

Those who currently are using one or the other list the following as the top three perceived benefits:

  • Detecting fraud schemes, anomalies, and patterns of fraud (43%)
  • Ensuring appropriate use of taxpayer dollars (39%)
  • Detecting improper payments (32%)

Those not currently using software or a service say that the capability to better detect fraud schemes, anomalies, and patterns (41%) is the chief reason they’re considering such tools. These non-users also cite the need to more effectively conduct audits (32%), investigate and prosecute fraud and abuse (29%), and detect improper payments (29%) as significant reasons for considering software or services.*

Overall, respondents are split on using software or a service provider for identifying Medicaid fraud and abuse, with many respondents not having a preference either way. That noted, when asked specifically about the capability to prevent and detect fraud and abuse, respondents significantly favor software over a service provider.

Among survey respondents, 63% see software as having stronger fraud prevention capability, compared to 28% preferring an outside service as a fraud prevention tool. When it comes to another proactive process — namely, fraud detection — 74% of survey respondents prefer software compared to 15% choosing a service. These respondents most frequently cite the reason for their preference as software’s ability to ensure data privacy, protection, and safeguards. Other reasons they identify include software’s cost-effectiveness and its capabilities to provide quick analysis and monitor data in real time.

In other words, the responses to the Thomson Reuters survey suggest that agencies are seeking to be proactive about protecting Medicaid funds, which makes sense. A reactive approach — paying benefits to the undeserving and then trying to claw them back, the so-called “pay and chase” — can be expensive, both in terms of lost money and the costs of investigating the erroneous payments.

Part 2: Decision making

Many stakeholders are involved in the procurement process as state agencies explore and consider solutions to help them handle Medicaid prevention, detection, and investigation workloads. Nearly all survey respondents said compliance and legal are involved, with 81% saying this function is either extremely or very involved. Respondents from two states said the administration and operations area had taken the lead in procurement. Interestingly, only 40% of respondents said the agency’s procurement and contracting function is extremely or very involved.

Regarding the lead decision maker, nearly one-third of respondents (31%) identify the chief information officer in that role. Other top decision makers cited were compliance and legal departments (18%) and IT management and staff (16%). But as we’ll see, getting support for acquiring fraud prevention solutions is yet another challenge that Medicaid agency staff must address as they seek ways to make their fraud-prevention work more effective.

Challenges and considerations

The state Medicaid agencies surveyed in the report are seeking solutions for fraud and abuse prevention, detection, and investigation primarily because they have to bear the numerous burdens discussed earlier. These challenges have become heavier in the past few years, primarily because of the pandemic’s impact on enrollment levels, agency management, and staffing.

Respondents to the Thomson Reuters survey list three challenges regarding Medicaid fraud and abuse prevention, detection, and investigation. More than half of those surveyed rate having the internal staff to handle the volume of work (57%), gaining management buy-in for needed fraud detection software or services (55%), and quickly distributing the right benefits to the right people (52%) as either extremely or very challenging.

Staffing is a particularly complicated issue. The volume of work that state Medicaid agencies had to manage became particularly heavy during the pandemic. The stress levels staffers had to handle led many to retire early or leave for jobs outside the agency. Agencies that have been able to hire staff to fill those positions have to spend long hours getting those hires up to speed. Managing recipients and reimbursements is complex work. To take just one example: staffers need to understand medical codes to determine if a Medicaid request for reimbursement is legitimate or being upcoded.

Another challenge agencies have been facing is the ongoing fallout from the expansion of Medicaid during the pandemic. Even with the end of the public health emergency related to COVID-19, many Medicaid recipients don’t actually qualify for benefits. Removing undeserving recipients from the rolls has added significantly to agency workloads, and the pandemic has also introduced online forms for those applying for benefits.

As Medicaid agencies increasingly moved to web-based application systems, robust fraud detection systems weren’t always entirely in place, giving digitally skilled fraudsters open windows into the program’s IT systems. This is why survey respondents believe that the right digital tools can help them in the ongoing battle against Medicaid fraud. In considering which software to choose, the state agency staffers surveyed in the Thomson Reuters report said that tech support (33%), time to value (30%), and mission knowledge (30%) are the most critical factors in determining which vendor agencies choose.


State Medicaid agencies have been managing numerous challenges during the pandemic period. With the end of the federal continuous enrollment program this past spring, those challenges are more daunting than ever.

As the Thomson Reuters “State Medicaid opportunity prioritization and approach survey” makes clear, agencies are actively seeking and — in most cases — using software programs and service providers to help them handle their most significant challenges: preventing, detecting, and investigating fraud and abuse.

When it comes to proactively preventing and detecting fraud, state agencies have a clear preference for software over outside services. Cost-effectiveness and data protection are among the chief reasons for this preference. Regarding vendor options, Thomson Reuters does well in converting consideration into preference, with one-quarter of respondents saying that Thomson Reuters would be their top vendor choice. That represents more respondents than other software and service providers. The top reasons they cite for this preference include the perception that it is the best in the field (28%), that it offers the most advanced software and tools (16%), and that it demonstrates the highest level of expertise (12%).

State Medicaid agencies are committed to providing benefits to those truly in need while stopping fraudsters from using false identities to steal federal funds. That commitment extends to finding the best tools to help them fulfill that mission and effectively meet the many challenges associated with preventing fraud.

Thomson Reuters is not a consumer reporting agency and none of its services or the data contained therein constitute a “consumer report” as such term is defined in the Federal Fair Credit Reporting Act (FCRA), 15 U.S.C. sec. 1681 et seq. The data provided to you may not be used as a factor in consumer debt collection decisioning; establishing a consumer’s eligibility for credit, insurance, employment, government benefits, or housing; or for any other purpose authorized under the FCRA. By accessing one of our services, you agree not to use the service or data for any purpose authorized under the FCRA or in relation to taking an adverse action relating to a consumer application.

Confidently detect fraudulent behavior

Jumpstart your investigations and get the industry-specific analytics you need with the machine-learning capabilities of Fraud Detect