Improper Payments Remain a Quiet Risk to Federal Health Program Integrity

Improper payments across federal healthcare programs continue to absorb tens of billions of taxpayer dollars each year, posing a persistent operational risk that too often escapes strategic scrutiny. The Centers for Medicare & Medicaid Services (CMS) has released its Fiscal Year 2025 estimates, revealing a complex and often misunderstood picture of payment accuracy, documentation failures, and structural compliance breakdowns.

While the agency rightly emphasizes that improper payments are not synonymous with fraud, the sheer volume and recurring nature of these disbursements raise critical questions about oversight, interoperability, and eligibility system resilience. Beneath the surface of year-over-year rate fluctuations lies a broader tension: Are federal and state systems fundamentally equipped to document, validate, and enforce proper payments at scale?

Year-Over-Year Reductions Mask Persistent Structural Vulnerabilities

The FY 2025 estimated improper payment rate for Medicare Fee-for-Service (FFS) declined to 6.55%, or $28.83 billion, continuing a nine-year streak below the statutory 10% compliance threshold. Medicare Part D also remained low at 4.00%, or $4.23 billion. However, these improvements in percentage terms can obscure the absolute scale of payment errors and the degree to which “technical noncompliance,” rather than outright inaccuracy, continues to generate liability.

For example, nearly half of the $657 million in improper payments within the Premium Tax Credit (APTC) program resulted from manual processing errors and documentation mismatches, not eligibility fraud. This distinction is more than academic. It highlights how bureaucratic workflow missteps, such as inconsistent data entry or insufficient document validation—can produce legally improper payments even when recipient eligibility is intact.

A 2023 GAO report underscored this point, noting that agency capacity to track root causes of improper payments remains limited, particularly when payments involve multiple handoffs between systems, states, or private contractors. CMS’ admission that 43% of APTC improper payments were technically improper, but substantively correct, illustrates the narrow compliance margin federal programs must manage.

Medicaid and CHIP Reflect Pandemic-Era Reentry Strains

The most notable increases in FY 2025 improper payment rates occurred within the Medicaid and Children’s Health Insurance Program (CHIP) domains. Medicaid’s estimated improper payment rate rose to 6.12%, amounting to $37.39 billion, while CHIP’s climbed to 7.05%, or $1.37 billion. In both cases, the leading cause was insufficient documentation, particularly missing or incomplete eligibility verification records.

These spikes align with the unwinding of COVID-19 public health emergency (PHE) flexibilities. As states resumed routine eligibility redeterminations and provider revalidations in 2023, gaps emerged in documentation systems that had operated under suspended compliance protocols for more than two years. According to KFF, more than 14 million individuals have lost Medicaid coverage during the redetermination process since April 2023, further stressing verification workflows.

Critically, 77% of Medicaid and 56% of CHIP improper payments were linked to documentation failures, not fraudulent billing or services never rendered. This data suggests that administrative capacity, rather than provider intent, remains the primary weakness in ensuring program integrity.

Beyond Rates: What “Improper” Really Means for Payers and Providers

The Payment Integrity Information Act of 2019 defines a significant improper payment as one that exceeds $100 million or represents more than 1.5% of total program expenditures. Every CMS program covered in the FY 2025 report met or exceeded these thresholds. Yet improper payment rates tell only part of the story.

For health systems, managed care organizations, and state Medicaid agencies, an “improper” designation, even in the absence of fraud, can trigger clawbacks, audits, or compliance reviews. Payment that was legally inappropriate, even if clinically justified, represents a liability event. This creates operational exposure not only for billing offices and contractors, but for enterprise risk leaders who must reconcile policy updates, eligibility criteria, and data exchange rules across sprawling networks.

A 2024 Health Affairs analysis warned that increased auditing intensity, especially in Medicare Advantage and Medicaid, could lead to substantial recoupments unless providers and plans modernize their documentation and claims validation pipelines. Electronic health record (EHR) interoperability alone cannot resolve these issues; eligibility checks, benefit designs, and submission workflows must be aligned to withstand post-PHE enforcement expectations.

Strategic Oversight Must Catch Up to Technical Compliance

CMS has made consistent efforts to increase transparency around improper payment methodologies, including publishing root causes and clarifying distinctions between fraud, abuse, and error. Yet what’s notably absent from the FY 2025 summary is any systemic commitment to investing in state or contractor capacity to prevent errors before payment occurs.

The Office of the Inspector General (OIG) has repeatedly recommended prepayment review strategies, enhanced data sharing between state and federal entities, and automated verification tools. However, implementation has been inconsistent. As the improper payment conversation remains anchored in post-hoc reporting, opportunities to improve upstream system design risk being sidelined.

Moreover, the focus on documentation completeness, rather than substantive care delivery or patient impact, reinforces a compliance culture that prioritizes checkboxes over outcomes. While audit readiness is crucial, overemphasis on form over function could disincentivize provider participation or introduce perverse incentives in coding and intake workflows.

The Unfinished Work of Integrity Infrastructure

Improper payments will never reach zero. But reducing their frequency and scale requires more than retrospective reporting or statistical adjustments. It demands a deeper reckoning with the architecture of eligibility determination, documentation capture, and cross-agency coordination.

As CMS continues to release annual rates and root cause analyses, stakeholders across the payer and provider landscape should recalibrate how they define, and manage, compliance. The risks are no longer just financial. As the line between technical error and systemic vulnerability blurs, so too does the boundary between operational oversight and executive accountability.