The Public Health Emergency (PHE) disrupted the course of daily activities for the nation. The provision and manner in which medical services were provided—including to Medicare and Medicaid populations—changed from almost exclusively in-person services to virtual services. This shift in the provision and type of services rendered, and populations eligible to receive services, required federal and state agencies to quickly suspend or relax existing policies, implement new COVID-related procedure codes, and respond to demands to extend benefits quickly to affected populations.

The need to extend benefits quickly to affected populations provided unscrupulous individuals with opportunities to take advantage of relaxed and suspended policies. This paper highlights five lessons learned from the pandemic that may assist federal and state agencies as they prepare for a potential future crisis.

1. Leadership is Essential

Leadership is critical to making sure there is no dichotomy between meeting recipient needs in an emergency and protecting against fraud. Leadership is necessary to implement necessary mitigation protocols. At all levels, leaders should actively pursue “buy-in” from stakeholders throughout their organizations for the Government Accountability Office (GAO) Fraud Risk Framework and establish the prioritization of program integrity activities. Program staff should understand that the prioritization of program integrity, even in times of crisis, has vast benefits that include reducing improper payments, providing confidence in government programs, and lending transparency during times of crisis. Leaders should set the tone and prioritize the necessary practices, so their crisis response does not create an unnecessary trade-off between provision of necessary services and payment accuracy. A lesson learned is to build a culture of continuous improvement, including incorporating recommendations from the Office of Inspector General, outside stakeholders, and interested third parties into agency practices and plans.

2. Make Program Integrity a Critical Part of Overall Program Success

Our research suggests that a thorough review of actions taken during crises can reveal the most significant issues to address before the next crisis arises. Leaders can use this information to inform future actions. In this realm, it is especially important for leaders to stress that a significant focus on program integrity is not antithetical to the rapid implementation of new programs and policy changes. Continued enhancement of technology can aid in the review and proactive development of strategies that can benefit those needing assistance in times of trouble, with the protection of public funds.

By implementing these safeguards, current leaders can take steps now to lay the foundation for stronger fraud protections in the face of future unanticipated situations—such as cyberattacks, extreme weather events, and public health emergencies—while acting swiftly to meet recipient needs.

3. Make Data-Driven Decisions and Leverage New Technological Capabilities

The pandemic showed how important data usage, sharing, and analysis is to delivering aid to the right individuals and businesses in a crisis. To improve these processes, government agencies can leverage new technological tools to address gaps while maximizing the use of the data available.

The Treasury’s Do Not Pay system is a strong example. It provides a secure online interface to check various data sources to verify eligibility of a vendor, grantee, loan recipient, or beneficiary to receive federal payments.

To protect highly sensitive data, the federal government—through the Chief Data Officer Council—could develop and implement a hierarchy of data privacy to determine which data to share and which data to withhold. In the end, sharing data allows programs to make more accurate and efficient decisions because program staff will have easier access to the information they need before distributing funds to recipients. The increased data visibility can bolster transparency while improving data accuracy and accountability.

PACE (Pandemic Analytics Center of Excellence) found success in detecting fraud using device fingerprinting, link analysis, and web crawlers. The Small Business Administration (SBA) also saw success in using technological tools during the pandemic, as it implemented an Artificial Intelligence (AI) system to organize and respond to hotline calls. In addition, machine learning could assist in grant oversight for the Bipartisan Infrastructure Law by quickly identifying common language and phrases in applications that could indicate potential fraud.

4. Implement GAO’s Fraud Risk Management Framework

In 2015, the GAO published a 61-page document titled: “A Framework for Managing Fraud Risks in Federal Programs.” It is a risk-based framework to aid program managers in addressing fraud risks. The framework consists of four key actions:

1. Commit to combating fraud by creating an organizational culture and structure conducive to fraud risk management.
2. Plan regular fraud risk assessments and assess risks to determine a fraud risk profile.
3. Design and implement a strategy with specific control activities to mitigate assessed fraud risks and collaborate to help ensure effective implementation.
4. Evaluate outcomes using a risk-based approach and adapt activities to improve fraud risk management.

The above framework provides a good resource for agencies to enhance their fraud risk management framework. For example, an HHS OIG report examining the pandemic telemedicine expansions for Medicare found that program integrity could be improved by implementing several of the recommendations from the framework. The framework provides detailed guidance on how to build and run programs in ways that mitigate fraud risk on an ongoing basis. Preventing fraud is not a set it and forget it job – in part because fraudsters evolve around the controls that are put in place. By incorporating these principles and practices into their operations, agencies can be better prepared for the next disruptive event.

5. Implement Agile Practices

Agile practices derive from software development in which products are developed with small, cross-functional teams, continuous experimentation and evaluation, and customer-driven behavior. By implementing agile practices at the team, program, and organizational levels, agencies can more easily respond to the various challenges of future emergencies.

Agile organizations prioritize customer or end-user satisfaction. For federal programs, the end-users are typically the recipients of federal funding. Agencies could set up short feedback cycles with the program recipients to understand if the program is meeting recipients’ needs consistent with the legal and programmatic requirements. Having an established channel for direct engagement to get such input is key to preparing for future scenarios.

Conclusion

While no agency can be pre-prepared for an unknown crisis or adverse event, understanding the prioritization of program integrity and its valuable benefits through the use of the forgoing concepts, agencies can be better prepared to protect public funds. Using these practices, agencies can prepare for the next applicable crisis; protect taxpayer funds with which they operate from improper payments and fraud; build the trust of the taxpayers, stakeholders, and other interested parties; and more efficiently manage their response and recovery from a major crisis.