Identity theft, fictitious applicants and other forms of fraud continue with the advance premium tax credit for buying health insurance under the Affordable Care Act, according to a new
The report found that the fraud risks have persisted since the GAO first
The report noted that the program's fraud risks were last assessed in 2018, even though the program and its risks have since evolved.
The preliminary results from the GAO's ongoing secret testing suggest fraud risks in the advance premium tax credit persist. The federal health insurance marketplace approved coverage for nearly all of the GAO's fictitious applicants in plan years 2024 and 2025, which was generally consistent with similar GAO testing in plan years 2014 through 2016. However, the GAO acknowledged that its covert testing is merely illustrative and can't be generalized to the enrollee population.
For plan year 2024, the federal marketplace approved subsidized coverage for all four of the fictitious applicants the GAO submitted in October 2024. In total, the Centers for Medicare & Medicaid Services paid approximately $2,350 per month in APTC in November and December for these fictitious enrollees. For some of the fictitious applicants, the federal marketplace requested documentation to support their Social Security numbers, citizenship and reported income. The GAO did not provide the documentation, but the fictitious applicants received coverage anyway.
For plan year 2025, of the 20 fictitious applicants, 18 of them are still actively covered as of September 2025. The APTC for these 18 enrollees totaled over $10,000 per month. The GAO said it's continuing to monitor the enrollments as part of its ongoing work.
The GAO's preliminary analyses found vulnerabilities related to potential SSN misuse and likely unauthorized enrollment changes in federal marketplace data for plan years 2023 and 2024. The GAO's preliminary analyses identified over 29,000 SSNs in plan year 2023 and nearly 68,000 SSNs in plan year 2024 used to receive more than one year's worth of insurance coverage with APTC in a single plan year. CMS officials told the GAO that the federal marketplace does not prohibit multiple enrollments per SSN to help ensure that the actual SSN-holder can enroll in insurance coverage in cases of identity theft or data entry errors.
The GAO's preliminary analyses also found at least 30,000 applications in plan year 2023 and at least 160,000 applications in plan year 2024 that probably had unauthorized changes by agents or brokers. The report noted this can result in consumer harm, including loss of access to medications. In July 2024, CMS implemented a new control to prevent such changes, which GAO is reviewing in its ongoing work.
The GAO also found weaknesses in CMS's APTC fraud risk management practices. CMS hasn't updated its fraud risk assessment since 2018 despite changes in the program and its controls. In that assessment, CMS didn't identify inherent fraud risks nor use its 2018 assessment to develop an antifraud strategy. "Together, these weaknesses appear to hinder CMS's ability to effectively and proactively manage fraud risks in APTC," said the report.
