GAO Identifies Persistent Fraud Risks in Obamacare Advance Premium Tax Credit Program

The Government Accountability Office (GAO) recently released a report highlighting significant vulnerabilities and fraud risks within the Affordable Care Act's (Obamacare) advance premium tax credit (APTC) program. This program, designed to subsidize health insurance premiums for eligible individuals, has been subject to systemic abuse for over a decade despite previous GAO warnings. The report identifies that for the 2023 plan year, over $21 billion in APTC payments lacked IRS reconciliation, representing about 32% of subsidies for enrollees with Social Security numbers (SSNs). Further scrutiny revealed around 60,000 SSNs receiving APTC subsidies appeared in Social Security Administration death records, with approximately 26,000 cases exhibiting suspicious patterns suggestive of synthetic identity fraud. The GAO employed a mix of data analytics and undercover operations to detect these issues, testing the system by submitting fictitious applications with invalid or stolen SSNs and observing how the federal marketplace processed these applications. Remarkably, in plan year 2025 testing, 18 out of 20 fake applicants received subsidies totaling over $10,000 per month. The GAO's findings show persistent weaknesses in identity verification, document validation, and income verification procedures within the federal Marketplace. These deficiencies enable fraudulent activities such as enrollment with deceased identities, synthetic identities, and manipulation of income estimates to unlawfully increase subsidy amounts. Agents and brokers, compensated by insurance companies, face incentives that may contribute to such abuses by prioritizing enrollment quantity over quality. In response to these issues, the Centers for Medicare & Medicaid Services (CMS) initiated targeted measures including enhanced SSN verification requirements in 2024, restrictions on plan changes by unassociated agents, and the termination of the low-income special enrollment period used in fraud testing. Despite these efforts, the GAO criticizes CMS for an outdated fraud-risk assessment – last updated in 2018 when the program's subsidy outlays were less than half their 2024 levels of nearly $124 billion. The APTC system relies heavily on self-reported income to determine subsidy eligibility and amounts. However, lack of upfront income verification combined with insufficient follow-up enforcement creates vulnerabilities where fraudsters can exploit the system, often without immediate detection. Payment flows directly to insurers, which obscures misuse and complicates recovery efforts when discrepancies arise at tax reconciliation. The system's dependence on SSNs further complicates fraud controls, as stolen or synthetic SSNs can be reused across multiple applications. Broker incentives aligned with enrollment volume can exacerbate abuses, including unauthorized enrollments and subsidy inflation. The complexity of program rules and inconsistent enforcement contribute to widespread misunderstanding among enrollees regarding their reconciliation responsibilities. Given these findings, the GAO underscores the need for comprehensive updates to CMS's fraud detection and prevention framework to address the burgeoning scale of financial risk and evolving fraud tactics. Enhanced automated controls, improved identity verification technologies, and stricter broker oversight are critical to safeguarding the integrity of the APTC program and ensuring responsible use of federal subsidies. This analysis holds significant implications for insurance professionals, regulators, and policymakers engaged in marketplace oversight and compliance. Understanding the enduring challenges and the current remedial efforts provides crucial context for managing risk, improving program administration, and anticipating regulatory developments in the health insurance landscape.