VETERANS HEALTH ADMINISTRATION:

Report to Congressional Committees

June 2026

GAO-26-107596

United States Government Accountability Office

A report to congressional committees

For more information, contact: Seto J. Bagdoyan at bagdoyans@gao.gov

What GAO Found

The Department of Veterans Affairs (VA) reported approximately $1 billion in cumulative estimated improper payments—including overpayments, underpayments, and unknown payments—across the Beneficiary Travel (BT) Program from fiscal years 2018 through 2024. During that period, 10 cases of fraud related to the BT Program were adjudicated. The cases involved at least 892 fraudulent claims and totaled at least $219,000. Most of the cases involved beneficiaries that fraudulently reported addresses.

VA has implemented data systems partly to mitigate fraud and improper payment risks in the BT Program. Examples include automatically verifying certain claim information before claims can be processed and flagging claims for further review if information is missing or does not appear to meet eligibility requirements.

GAO tested specific areas of risk for improper payments or fraud and found VA potentially made improper payments from fiscal years 2018 through 2023 totaling over $10 million in these areas. Specifically, GAO found instances in which

·         VA potentially improperly paid beneficiaries who provided ineligible departure addresses, such as post office boxes rather than residential addresses;

·         VA potentially made duplicate payments to special mode transportation (SMT) vendors for the same invoice; and

·         VA staff manually modified BT claims, resulting in potentially improper payments to beneficiaries and SMT vendors, such as instances in which SMT vendors were paid amounts that exceeded the claimed amount.

Since GAO’s analysis, VA has made changes to prevent potential duplicate and improper payments. For example, VA began transitioning to a new system for processing certain SMT invoices and implemented new controls to prevent overpayments. However, VA has not ensured that existing controls have been implemented effectively, such as ensuring that staff use acceptable documentation to verify residential addresses to reduce the risk of improper payments. VA also has not monitored and evaluated its new controls to ensure they are operating effectively to reduce the risk of improper payments.

Why GAO Did This Study

VA reported spending over $2.3 billion in fiscal year 2025 to reimburse eligible veterans and others for certain necessary transportation costs associated with veteran health care through the BT Program.

The Consolidated Appropriations Act, 2023, includes a provision for GAO to examine potential fraud and improper payments in this program. Among other things, this report examines VA’s reported improper payments and adjudicated fraud in the BT Program and indicators of potential improper payments or fraud in the BT Program identified from selected data sources and VA’s controls to mitigate related risks.

GAO reviewed relevant VA documents and adjudicated fraud cases and interviewed knowledgeable officials. To identify instances of potential improper payments, GAO analyzed information from VA’s data systems used to process BT claims from fiscal years 2018 through 2023, the most recent full fiscal year for which data were available at the time of GAO’s analysis.

Further, GAO compared VA’s efforts against leading practices from GAO’s Fraud Risk Framework, BT Program requirements, and VA’s financial policies.

 

What GAO Recommends

GAO is making nine recommendations to VA, including that VA provide guidance to staff on acceptable documentation for verifying residential addresses and monitor and evaluate its controls for SMT claims and invoices. VA concurred with all nine recommendations and indicated that it will take actions to implement them.

 

 

Abbreviations

BT                                           Beneficiary Travel

BTSSS                                    Beneficiary Travel Self-Service System

CMRA                                     commercial mail receiving agency

eCAMS                                   Electronic Claims Administration and Management System

FSC                                         Financial Services Center

Fraud Risk Framework           A Framework for Managing Fraud Risks in Federal Programs

GHCT                                     general health care travel

IPPS                                        Invoice Payment Processing System

OBO                                        Office of Business Oversight

OIC                                         Office of Integrity and Compliance

OIG                                         Office of Inspector General

PBSA                                      post office box street address

SMT                                        special mode transportation

VA                                           Department of Veterans Affairs

VES                                        Veterans Health Administration Enrollment System

VHA                                        Veterans Health Administration

VISN                                       Veterans Integrated Service Network

VistA                                       Veterans Health Information Systems and Technology Architecture

VTP                                         Veterans Transportation Program

 

 

June 29, 2026

The Honorable Jerry Moran

Chairman

The Honorable Richard Blumenthal

Ranking Member

Committee on Veterans’ Affairs

United States Senate

The Honorable Mike Bost

Chairman

The Honorable Mark Takano

Ranking Member

Committee on Veterans’ Affairs

House of Representatives

Within the Department of Veterans Affairs (VA), the Veterans Health Administration (VHA) administers the Beneficiary Travel (BT) Program. Through this program, VHA reimburses eligible veterans, caregivers, and others for certain necessary transportation costs associated with veteran health care.[1] Costs eligible for reimbursement include those related to general health care travel, such as mileage driven to and from VA medical facilities or VA-authorized health care facilities, tolls, meals, and lodging.[2] The BT Program also covers special mode transportation, such as ambulance trips, under certain conditions. In fiscal year 2025, spending on the BT Program exceeded $2.3 billion, according to information provided by program officials. Special mode transportation claims represented the largest proportion of spending—approximately $1.88 billion, according to that information.

We and the VA Office of Inspector General (OIG) have previously reported on fraud risks in the BT Program and found that systems for processing BT claims may not be operating as intended.[3] In addition, the VA OIG has identified, and the Department of Justice has prosecuted, instances of fraud in the BT Program. For example, in 2016, the VA OIG reported on its investigation of a fraud scheme in which VA travel clerks recruited veterans to submit inflated and fictitious travel benefit vouchers. The clerks then received kickback payments from the veterans. Nine veterans and two travel clerks were sentenced in the case.[4] Further, VA has identified the BT Program as high risk for fraud and improper payments.[5]

The Consolidated Appropriations Act, 2023, includes a provision for GAO to examine potential fraud, waste, and abuse in this program during the 5-year period ending in December 2022.[6] This report examines

1.    the extent of reported improper payments and adjudicated fraud in the BT Program from fiscal years 2018 through 2024;

2.    VA’s controls to mitigate fraud risk in the BT Program and indicators of potential improper payments or fraud in selected data sources;

3.    the extent to which VA’s fraud risk management efforts for the BT Program align with selected leading practices from our A Framework for Managing Fraud Risks in Federal Programs (Fraud Risk Framework);[7] and

4.    the extent to which VA provided training and communication regarding fraud to VA employees and contractors handling BT claims.

To address our first objective, we reviewed documents related to VA’s improper payments methodology and reporting. We also reviewed adjudicated case information from Department of Justice press releases, VA OIG identified cases, and court documents.

To address our second objective, we reviewed relevant documents, such as VHA directives and documentation related to controls designed to mitigate fraud, and data systems used to process BT claims. We also reviewed documentation related to the effectiveness of those controls. In addition, we analyzed BT Program data from four data systems used to process BT claims from fiscal years 2018 through 2023—the most recent full fiscal years for which data were available at the time of our data request—to identify fraud risk indicators and specific instances of potential improper payments or fraud in the BT program.[8] We performed quality checks on the data to assess their suitability for analytical procedures, such as reviewing the code used to produce the data, analyzing the fields provided for completeness, and interviewing VA officials to clarify questions concerning the data.[9] Based on our quality checks performed, we determined that the data received were sufficiently reliable for our analysis.

We tested specific areas of risk for improper payments or fraud, including claims with potentially ineligible addresses, duplicate payments for the same invoice or claim, and manually modified claims resulting in overpayments. Specifically, we performed data matching and mining using the data sources provided by the VA and third-party sources to identify instances of potential improper payments in these areas. To complete our data matching analytics, we merged general health care travel (GHCT) claims with data from the United States Postal Service Address Matching System to identify claims with potentially ineligible addresses. We performed data mining on provided GHCT and special mode transportation (SMT) claims and invoices to identify potential duplicate payments and overpayments. We provided instances of claims and invoices identified by our data matching and mining to VA officials for further review.

Results of our analyses may include instances of claims or invoices that have indicators of potential fraud or improper payments but could be false positives. The results of our analyses should not be interpreted as proof of fraud or improper payments. Additional review, investigation, and adjudication would be needed to determine if, and the extent to which, fraud or improper payments exist in the BT Program.

We reviewed information on VA’s controls to determine the extent to which they prevented or detected the improper payment or fraud risk indicators we identified. We compared this information with BT Program requirements and VA’s financial policies. In addition, we reviewed information on VA’s efforts to monitor and evaluate the effectiveness of its controls to prevent or detect the improper payment or fraud risk indicators we identified. We compared this information against relevant leading practices for monitoring and evaluation from our Fraud Risk Framework as key steps for helping to ensure the effectiveness of antifraud controls.[10]

To address our third objective, we reviewed documentation related to VA’s fraud risk management activities, such as documentation outlining roles and responsibilities, and VA’s fraud risk assessments for the BT Program. We compared this information with relevant leading practices from the Fraud Risk Framework related to establishing an organizational structure and identifying and assessing fraud risks as key initial steps in developing effective fraud risk management activities.[11]

To address our fourth objective, we reviewed VA and VHA fraud-related trainings and communications that may be applicable to VA employees and contractors that handle BT claims. We also reviewed information provided by Veterans Integrated Service Network (VISN) officials about VISN and VA medical facility BT-related fraud trainings and communications. We compared VA’s efforts with leading practices for fraud awareness initiatives identified in the Fraud Risk Framework.

To address all four objectives, in addition to the individual steps described above, we interviewed relevant VA and VHA officials. In addition, we interviewed relevant officials from three VISNs that were geographically dispersed, reported high BT Program expenditures, and had recent program-related fraud or compliance issues. In addition to these interviews, we obtained written responses from the remaining 15 VISNs. We also interviewed VA OIG officials and interviewed or obtained written responses from four Veterans Service Organizations that address veterans’ transportation issues or whose mission focuses on veterans likely to be eligible for the BT Program, such as disabled veterans.[12]

We conducted this performance audit from May 2024 to June 2026 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for findings and conclusions based on our audit objectives.

Background

BT Program Overview

The BT Program reimburses eligible veterans and other beneficiaries for health care-related transportation costs. Specifically, through this program, VA reimburses eligible veterans, caregivers, and others for GHCT. GHCT includes mileage, reimbursed at a rate of 41.5 cents per mile, less a deductible in some cases; and other travel costs, such as tolls, meals, and lodging when using personal vehicles to attend appointments for VHA-approved care.[13] VA may also reimburse eligible beneficiaries for costs associated with GHCT expenses related to using a common carrier, such as taxis, buses, rideshare services, or other public transportation.

Under certain conditions, VA may also cover the costs of vendor-provided SMT services, such as ambulances, wheelchair vans, or other modes of transportation that are specifically designed to transport certain types of disabled individuals. Veterans may be eligible for SMT services if medically required and preauthorized by VA, or VA may approve SMT services without preauthorization in cases of emergency medical treatment. VA medical facilities may enter contracts with appropriate vendors to provide SMT services.

Relevant VA Entities and Data Systems

The BT Program is overseen by the Veterans Transportation Program (VTP) within VHA’s Member Services. The BT Program benefit is generally administered locally at VA medical facilities, such as VA Medical Centers. VISNs are responsible for ensuring compliance with VHA’s policies at the VA medical facilities within their region. However, VA medical facilities may also have local procedures for maintaining the program. In addition to BT Program staff in VA medical facilities, a centralized team within VTP handles processing of some BT claims.[14]

In addition to BT Program staff, other entities within VA have responsibilities for processing aspects of certain BT claims, including VHA’s Office of Finance and VA’s Financial Services Center (FSC).[15] During fiscal years 2018 through 2024, VA used multiple systems to process BT claims, as shown in figure 1.

^aGHCT claims are generally processed by BT Program staff at VA medical facilities but may also be processed by BT Program staff in a centralized team within the Veterans Transportation Program.

^bVA began piloting BTSSS at five facilities in July 2020 before fully implementing the system nationwide in November 2020.

^cIn addition, according to program officials, invoices for noncontract SMT when initiated by VA and GHCT common carrier claims paid directly to the vendor, such as rideshare services, may be processed through IPPS.

^dIn November 2024, VA began transitioning to another system—VetRide—to process claims for BT transportation initiated by VA, including contract SMT claims and common carrier claims initiated by VA and paid directly to the vendor, such as rideshare services. According to program officials, as of February 2026, VA anticipated that processing of all VA-initiated SMT and common carrier rideshare services would be transitioned to VetRide by the end of September and December 2026, respectively.

^ePrior to the implementation of eCAMS for noncontract claims processing, such claims were processed through IPPS, VistA, or the Fee Basis Claims System.

Improper Payments and Fraud Risk Management

While improper payments and fraud are related concepts, they do not mean the same thing.

·         Fraud is obtaining something of value through willful misrepresentation. Fraud can sometimes involve benefits that do not result in direct financial loss to the government. Fraud determinations can only be made through the judicial or other adjudicative system.

·         Improper payments are payments that should not have been made or that were made in the incorrect amount (including overpayments and underpayments) under a statutory, contractual, administrative, or other legally applicable requirement.[16] Typically, they are overpayments but can also include underpayments caused by nonpayment or incomplete payment to recipients to which the funds are owed. Improper payment determinations are made by agency officials.

While all fraudulent payments are considered improper, not all improper payments are due to fraud, as shown in figure 2.

Both improper payments and fraud result in significant financial and nonfinancial impacts to the integrity of federal programs. They erode public trust in government, waste taxpayer dollars, and hinder agencies’ efforts to execute their missions and program objectives effectively and efficiently. Therefore, reducing both fraud and improper payments is critical to safeguarding federal funds, ensuring that federal agencies execute their missions effectively, and making sure that the public maintains trust in the government.

The Payment Integrity Information Act of 2019 contains requirements for managing improper payments and fraud.[17] Requirements for agencies to manage improper payments include identifying risks; taking corrective actions; and estimating, and reporting on, improper payments.[18] The improper payment estimation process is not designed to detect or measure the amount of fraud that may exist. The act’s requirements related to fraud generally involve implementing control activities to prevent, detect, and respond to fraud.

Managers of federal programs, such as the BT Program, are responsible for managing fraud risks. Effectively managing fraud risks helps to ensure that federal programs’ services fulfill their intended purpose, funds are spent effectively, and assets are safeguarded. In July 2015, we issued the Fraud Risk Framework, which provides a comprehensive set of key components and leading practices that serve as a guide for agency managers to use when developing efforts to combat fraud in a strategic, risk-based way. The Fraud Risk Framework describes leading practices within four components: (1) Commit, (2) Assess, (3) Design and Implement, and (4) Evaluate and Adapt. See figure 3.

VA Reported About $1 Billion in Cumulative Estimated Improper Payments for the BT Program, and 10 Defendants Pleaded Guilty to BT Fraud

BT Estimated Improper Payments Reported from Fiscal Years 2018 Through 2024 Totaled About $1 Billion, While Amounts and Rates Generally Decreased

VA reported approximately $1 billion in cumulative estimated improper payments in the BT Program from fiscal years 2018 through 2024.[19] The estimated improper payment amounts and rates generally decreased from about $215 million (about 24 percent of BT Program outlays) in fiscal year 2018 to about $150 million (about 8 percent of BT Program outlays) in fiscal year 2024. Figure 4 illustrates program outlays and estimated improper payments and rates associated with the BT Program for this period.

Note: Improper payment estimates and rates displayed in the figure include both improper and unknown payments. Executive agency estimates of improper payments treat as improper any payments whose propriety cannot be determined due to lack of, or insufficient, documentation. In estimating improper payments for the Beneficiary Travel Program, the Department of Veterans Affairs reports an associated point estimate—the estimated improper payment rate—and a 95 percent confidence interval around that estimate. The 95 percent confidence interval accounts for sampling uncertainty in the point estimates such that the range of the interval is expected to contain the actual improper payment rate in 95 percent of all possible samples that could be selected.

In 2023, we reported that VA officials attributed the reduction in improper payments—from a high of 25.1 percent of BT Program outlays in fiscal year 2017 to 7.9 percent of BT Program outlays in fiscal year 2022—to implementation of the new BTSSS system, among other things.[20] According to VA officials, BTSSS provided enhanced tools to streamline claims and automate eligibility determinations. More recently, the estimated improper payment rate from fiscal years 2022 through 2024 was relatively consistent.

According to VA, from fiscal years 2018 through 2024, common reasons for improper payments in the BT Program included that

(1) the amount to be paid was calculated incorrectly, for example, because mileage or other data needed to process the claim were entered incorrectly;

(2) documentation was either not provided, or insufficient, to determine if the veteran or appointment was eligible; and

(3) clinical documentation was not properly approved to confirm that SMT was medically necessary.

VA does not calculate or report the number of claims associated with its estimated improper payments in the BT Program. According to VHA officials, the Payment Integrity Information Act of 2019 requires these estimates to be based on payment amounts and not the count of claims. In reviewing VA’s annual improper payment estimates, we also could not determine the number of BT claims that correspond to the estimated improper payment amounts. This is because, according to VA officials, the method through which information is collected in the different systems used to process BT claims does not always allow for claims data to be disaggregated.[21]

We were, however, able to disaggregate estimated improper payment amounts and rates by SMT and GHCT for fiscal years 2019 through 2024. As shown in figure 5, estimated improper payment amounts were higher for SMT than GHCT in recent years, although the estimated improper payment rates for SMT and GHCT varied.

Note: Improper payment estimates displayed in the figure include both improper and unknown payments. Executive agency estimates of improper payments treat as improper any payments whose propriety cannot be determined due to lack of, or insufficient, documentation. In addition to estimated improper payment amounts for each BT Program component, in some fiscal years VA determined that insufficient documentation existed to determine if some items selected in its testing sample were GHCT or SMT payments. The portion of the total estimated improper payment amount for the BT Program for which the program component could not be determined ranged from 0 to approximately 5 percent. Estimates presented in this figure are point estimates and are subject to sampling error (margins of error). Actual improper payment amounts each year may have been higher or lower. VA reported that margins of error for its total improper payment estimates for the BT Program overall ranged from +/- 1.19 percent for fiscal year 2023 to +/- 7.13 percent for fiscal year 2019. VA did not report margins of error for improper payment estimates by BT Program component. According to VA data and VA officials, due to sampling design and stratification, improper payment estimates by BT Program component are not statistically valid.

^aGAO could not determine estimated improper payment amounts and rates for GHCT and SMT for fiscal year 2018, because VA did not report estimated improper payments by payment type for that year.

Ten Defendants Pleaded Guilty to BT Fraud, and Most Cases Involved Attempts to Obtain Reimbursement Through Falsified Claims

We identified, and the VA OIG confirmed, that a total of 10 cases involving fraud related to the BT Program were adjudicated from fiscal years 2018 through 2024.[22] Adjudicated fraud may reflect only a small portion of the full extent of fraud in the BT Program. According to court documents we reviewed, eight of the 10 adjudicated cases targeted the GHCT component of the BT Program. The eight cases involved at least 892 fraudulent claims for travel reimbursement, totaling at least $219,000. The remaining two adjudicated cases, in which two defendants were involved in the same criminal proceedings, involved conspiracy, bribery, and contract fraud related to the SMT component of the BT Program, rather than specific BT claims.

Of the 10 BT fraud cases adjudicated from fiscal years 2018 through 2024, eight cases involved defendants that were BT Program beneficiaries, such as veterans, targeting the GHCT component of the BT Program.[23] The defendants generally made false claims when attesting to residential addresses to inflate reimbursement amounts through mechanisms such as false statements and falsified documents.[24] One of the eight defendants falsely claimed reimbursement for mileage when the defendant had traveled at no expense to themselves through the use of county-provided transportation.

Illustrative Example of an Adjudicated Case Involving Fraudulent Beneficiary Travel (BT) General Health Care Travel (GHCT) Mileage Reimbursement Claims For almost a year, one defendant submitted more than 100 GHCT mileage reimbursement claims to the BT Program. In each claim, the defendant said that they traveled from a residence in Maryland to a Department of Veterans Affairs medical facility in West Virginia for medical treatment. The investigation found that during the time frame, the defendant resided in two counties in West Virginia—much closer to the medical facility than the defendant claimed. In total, the claims made by this defendant amounted to $17,384. In 2024, the defendant pleaded guilty to submitting false documents. The defendant was sentenced to 5 years of probation and ordered to pay restitution in the full amount of the defrauded funds. Source: GAO review of Department of Justice case information and court documents.  |  GAO‑26‑107596

VA OIG officials said that fraud schemes involving residential addresses were the primary type of fraud their office investigates related to the BT Program. In some cases, depending on the location of the veteran’s actual residential address and the location of the closest facility that could provide the veteran’s treatment, a veteran may not be eligible for reimbursements if they provide their actual address. Specifically, we previously reported that because of the deductible that is applied to some mileage claims, veterans must travel at least 15 miles round-trip to receive reimbursement.[25] Figure 6 outlines the common characteristics of the residential address fraud scheme used against the GHCT component of the BT Program.

^aDepending on the location of the defendant’s actual residential address and the location of the closest facility that could provide the defendant’s treatment, the defendant may not have been eligible for reimbursements had they provided their actual address.

In addition to the eight GHCT cases, two SMT cases—which were part of the same criminal proceedings—were adjudicated from fiscal years 2018 through 2024. In these two cases, the defendants attempted to circumnavigate VA’s competitive contract bidding process for SMT contracts. Specifically, one defendant was a VA official responsible for evaluating and awarding contract bids that were competing to provide services to the VA. The other defendant owned and operated several businesses, including a transportation company that provided services for veterans. The conspiracy involved the VA official providing competitive bidding information and awarding two separate contracts, totaling approximately $4 million, to the business owner, in exchange for a total of $100,000. Figure 7 provides characteristics of the conspiracy and bribery scheme.

Both participants in this conspiracy pleaded guilty. The VA official was placed on a 4-year probation, forfeited approximately $42,000, and was ordered to pay an additional fine of $48,000 and complete 1,500 hours of community service. The business owner was sentenced to over 2 years in prison and debarred indefinitely from obtaining any future federal contracts.

The 10 adjudicated cases related to the BT Program reflect, in part, a low number of cases reported to, and investigated by, the VA OIG. According to VA OIG officials, whether a case will be prosecuted may depend on factors such as the dollar amount involved, the number of veterans impacted, and the type of fraud that occurred. Prosecuting some cases at the federal level, the local level, or even pursuing them civilly can be difficult because of the characteristically low dollar amount, according to these officials. However, in some cases, claims could accrue to a high amount over time and lead to an OIG investigation and prosecution, as shown by the cases we identified.

One of the many challenges in determining the full extent of fraud is its deceptive nature. Programs can incur losses related to fraud that are never identified, and such losses are difficult to reliably estimate. All adjudicated fraud may reflect only a small portion of the full extent of fraud.[26]

VA Has Sought to Mitigate Fraud Risks in the BT Program, but Our Data Analyses Identified Weaknesses in Fraud and Improper Payment Controls

VA Implemented Systems Designed to Reduce Improper Payments and Fraud in the BT Program

In part to mitigate fraud and improper payments risks in the GHCT component of the BT Program, VA implemented its new data system, BTSSS. VA began moving from the VistA legacy system to BTSSS in 2020 and operated both systems simultaneously before fully transitioning to BTSSS in December 2023. According to VA officials, VistA had poor controls to ensure that veterans were eligible and that claims were calculated properly.

In contrast, the new system was intended to automate the travel reimbursement claims process, reduce long-term costs, provide better oversight, and decrease the risk of improper payments. The functionalities in BTSSS are designed to help reduce fraud, waste, and abuse. Specifically:

·         BTSSS automatically reviews and approves claims that meet certain requirements. To verify eligibility information and mitigate risks, BTSSS integrates directly with various VA systems and mapping software. Claims that do not appear to meet eligibility requirements or lack necessary information must undergo manual review. Manual review may include requesting and reviewing supporting documentation from the beneficiary, VA systems, or other sources.

·         In addition, BTSSS enables segregation of duties by separating creation of travel claims from payment of such claims. Segregation of duties helps address the risk of management override, which circumvents existing control activities and increases fraud risks.

To improve processing of noncontract claims for emergency SMT, VA began using another new system, eCAMS, in 2019. According to VA officials, eCAMS allowed VA to establish national-level controls required to process claims prior to payment, making it more difficult for staff members to ignore controls. As with BTSSS, eCAMS enables segregation of duties and has built-in rules to verify claims before they can be processed. These include rules to identify claims that may not be eligible or that require further review, such as those from nonveterans or veterans whose income exceeds eligibility thresholds and are not eligible for other reasons, such as service-connected disability. In addition, eCAMS flags claims for further review if information is missing, or dates and other information do not meet basic requirements, such as if the date of service listed on the claim is after the billed date.

Our Data Tests Identified Over $10 Million in Potentially Improper Payments in Selected Data Sources for the BT Program

Our analysis of data related to GHCT mileage claims and SMT vendor invoices and claims indicate that VA potentially made improper payments from fiscal years 2018 through 2023 in the BT Program in three areas of risk for improper payments and fraud.[27] Specifically, according to our test results, VA potentially made improper payments to

·         beneficiaries who potentially provided ineligible departure addresses for GHCT mileage claims;

·         SMT vendors who may have received duplicate payments for the same invoice; and

·         beneficiaries and vendors whose claims appear to have been incorrectly modified by VA staff.

Collectively, our tests identified over $10 million in potential improper payments.[28] While the results do not confirm that fraud or improper payments occurred, they provide insights about potential weaknesses in internal controls, as of the time frame of the data we analyzed. We took steps to confirm instances of improper payments from our testing, where possible. We plan to refer the results from our analyses to the VA OIG for further action, as appropriate.

VA Potentially Paid Beneficiaries with Ineligible Departure Addresses

Beneficiary travel generally must originate from an eligible beneficiary’s physical place of residence to be eligible for reimbursement.[29] In 2022, VA issued updated BT Program guidance to add the definition of “residence” and explicitly state that a post office box or other nonresidential point of delivery does not constitute a residence.[30] Prior guidance did not explicitly mention post office boxes or other nonresidential points of delivery but stated that payment is generally limited to travel from a beneficiary’s physical residence.[31]

We identified fewer than 120,000 of the 60 million claims in our scope submitted by beneficiaries for GHCT mileage reimbursement that had departure addresses that were potentially ineligible for payment—less than 1 percent of claims in both the VistA legacy system and in BTSSS.[32] Specifically, our analysis identified claims where the departure address was potentially a nonresidential point of delivery because it was likely a commercial mail receiving agency (CMRA) or post office box street address (PBSA).[33] The claims identified may be overpayments or underpayments, depending on the location of the CMRA or PBSA in relation to the beneficiary’s true place of residence, or lack thereof.

Figure 8 below shows how a beneficiary using a PBSA or other nonresidential address on a GHCT mileage claim application, rather than their actual residential address, may result in either an underpayment or overpayment in the BT Program.

VistA, which VA officials stated had “very poor controls,” was decommissioned in December 2023. Claims submitted through BTSSS are automatically reviewed against preset rules, including verification of travel to the closest facility and confirmation of the departure address against the Veterans Health Administration Enrollment System (VES).[34] Claims with information that cannot be automatically verified must be manually reviewed by BT Program staff. BT Program staff may request additional documentation from the beneficiary and override the system, if no errors are found. If address information matches VES, and all requirements are met, the claim will be automatically approved without manual review.[35]

We provided VTP with a sample of claims we identified as having possible ineligible departure addresses. In its review of those claims, VTP confirmed that it had also flagged some of those claims for potential address concerns, or concerns related to the distance traveled.[36] According to VTP officials, system information states that BT Program staff verified the addresses and then overrode the address- or distance-related concern that had been flagged.

Payments made to nonresidential addresses against BT Program rules could indicate that a fraud risk exists. Without information on the beneficiaries’ actual residential addresses, however, we could not determine whether claims identified as having nonresidential departure addresses resulted in overpayments or underpayments. Therefore, it is not clear whether additional controls to mitigate the risk of nonresidential addresses would result in cost savings and could negatively affect other BT Program goals. However, the results of our analysis indicate that existing controls may not be implemented effectively to mitigate the risk of improper payments to potentially ineligible addresses, because claims with nonresidential addresses could be improperly approved by BT Program staff.

Specifically, we found that BT Program staff lack guidance on how to confirm an address when they conduct their additional review. Prior BT Program guidance provided examples of acceptable documentation that the VA may request from the beneficiary to confirm an address. The guidance explicitly stated that a driver’s license or other identification card is not valid documentation for verifying an address, as it may not be current or include a post office box address.[37]

According to program officials, when VHA implemented BTSSS, part of the prior guidance transitioned to the user guide for BTSSS. However, the BTSSS user guide and a participant guide for new training implemented in 2025 for BT Program staff do not include information on acceptable documentation for verifying residential addresses. Without additional guidance to communicate to BT Program staff acceptable documentation for verifying residential addresses when claims do not meet BTSSS rules related to addresses or distance traveled, VA is at risk of overpaying or underpaying claims using potentially ineligible addresses.

VA Potentially Made Duplicate Payments to Special Mode Transportation Vendors

VA and FSC have processes in place to identify potentially duplicate SMT invoices within IPPS, across IPPS and eCAMS, and within eCAMS.[38]

·         Potential duplicate invoices within IPPS. According to program officials, controls in IPPS are intended to automatically archive invoices as duplicates, if information in certain fields exactly matches invoices that have already been paid. Invoices that are potential duplicates of invoices that have already been paid are submitted for further manual review. Invoices submitted in IPPS can be hundreds of pages and may contain hundreds of individual transports.

·         Potential duplicate invoices and claims across IPPS and eCAMS. According to FSC officials, IPPS and eCAMS do not integrate directly to identify potential duplicates, but VA has processes to mitigate the risk of duplicate payments between the systems. Specifically, FSC generates a daily report comparing new and historical transactions to identify potentially duplicate invoices.[39] If VHA determines that the invoice has already been paid through IPPS, the corresponding claim should be denied in eCAMS.[40]

·         Potential duplicate claims within eCAMS. According to officials, eCAMS has an automated process to check for exact and potential duplicates. Specifically, if a claim is identified as having certain information that all matches a claim that has already been paid—an exact duplicate—the system will deny the claim, and system users cannot override the denial. If a claim appears like a claim that has already been paid, but some information is not an exact match, the system prevents payment of the claim, pending further manual review.

We tested three areas to determine whether potentially duplicate SMT payments existed within IPPS, across IPPS and eCAMS, and within eCAMS. Based on our analysis, we identified claims and invoices that were potentially duplicative of each other. Specifically, we found the following potentially duplicate invoices and claims:

·         365 IPPS invoices, totaling $1.7 million;[41]

·         2,616 invoices and claims shared between IPPS and eCAMS, totaling $5.8 million;[42] and

·         675 eCAMS claims, totaling $1.3 million.

While potentially duplicate payments we identified may have been inadvertent, potentially duplicate payments indicate a risk that vendors could fraudulently submit duplicate invoices and claims within each system, or across both systems. We provided VA officials with a sample of potential duplicates we identified. After reviewing the sample, VA officials confirmed that some duplicate payments occurred within IPPS, due to inadequate review.

To help address known limitations and mitigate risks with IPPS, VA began transitioning transportation processed through IPPS to another system—VetRide.[43] VetRide is a transportation platform that was already used by VA to manage transportation, such as VA-provided vans, for veterans to and from VA health care appointments. Unlike IPPS, according to program officials, VetRide itemizes invoices by transport and is planned to allow for individual instances of travel to be attached to specific appointments. According to these officials, this will help prevent claims from being paid for travel to the same appointment and will allow integration to systems of record to verify medical eligibility and other information more easily.

In November 2024, VA first started transitioning contract SMT invoices from IPPS to VetRide. According to program officials, VA had to establish new contracts with vendors that included a requirement that the vendor submit invoices through VetRide before they could fully transition processing contract SMT invoices from IPPS to VetRide.[44] As of February 2026, the majority of VA medical facilities, but not all, had transitioned to VetRide. The remaining VA medical facilities plan to transition to VetRide when new contracts are solicited, according to program officials. VA is also working to transition other VA-initiated transportation processed through IPPS to VetRide. Specifically, according to program officials, VA plans to complete the transition for VA-initiated noncontract SMT by the end of September 2026 and for rideshare services by the end of December 2026.

VA officials also confirmed a potential duplicate payment we identified between IPPS and eCAMS. According to VA officials, FSC Data Analytics Services runs a report that compares transactions between the two systems, and the report may have not identified the duplicate transactions, due to variations in how data are stored between the two systems.[45] Further, in reviewing a sample of potentially duplicative payments we identified, FSC officials confirmed that some duplicate payments also occurred within eCAMS and that they were not previously aware of some of these duplicates.[46] For example, according to FSC officials, two of the duplicate claims we identified were likely paid because of variations in how provider information was entered on the original and duplicate claims.

These duplicate payments indicate that processes to check for exact and potential duplicates between IPPS and eCAMS, and within eCAMS, may not be operating effectively. FSC officials did not identify additional controls to ensure that processes to check for potentially duplicative claims are operating effectively.

According to VA’s Financial Policy, the certifying official is responsible for reviewing invoices to ensure their accuracy, that they are not duplicates, or have not been paid previously.[47] While VetRide has the potential to mitigate risks associated with IPPS, until the transition to VetRide is complete and IPPS is fully decommissioned for BT invoices, communicating to staff responsible for processing invoices in IPPS the importance of adequately reviewing invoices could help VA mitigate the risk of potentially duplicate IPPS payments.

Further, the Fraud Risk Framework calls for monitoring and evaluating the effectiveness of controls to prevent and detect fraud and using the results of monitoring and evaluations to improve the design and implementation of fraud risk management activities. Without regularly monitoring and evaluating whether its controls to prevent and detect duplicate payments between systems are operating as intended, and revising its controls if not operating effectively, VA remains at continued risk of paying duplicate invoices and claims to SMT vendors through IPPS and eCAMS until the transition to VetRide is complete, and within eCAMS.

VA Potentially Made Overpayments to Beneficiaries and Vendors Where Manually Entered Payment Amounts Exceeded Claim Amounts

When claims are submitted through BTSSS and eCAMS, the claims are automatically reviewed against preset rules to determine if they can be automatically approved. These systems automatically review and approve claims that meet certain requirements without relying on manual intervention but require further manual review for claims that do not meet those requirements. At the time the claims in the data we analyzed were submitted, both systems allowed staff conducting the manual review to revise information on the claim, such as the amount to be paid.

We identified almost 20,000 GHCT mileage claims, totaling approximately $966,000, out of 12 million claims where the mileage amount paid exceeded the expected mileage reimbursement amount we calculated.[48] After we provided VA with the largest claims we identified, VA officials confirmed that some were improperly overpaid, because the amount was manually overridden by BT Program staff to the incorrect amount. The amounts were manually overridden after the claims were flagged for not meeting preset rules that would allow automatic approval. According to VA officials, these instances had been previously identified, prior to our review.

In November 2024, according to program officials and VA documentation, VTP implemented a new rule in BTSSS that prevents BT Program staff from automatically approving or manually overriding claims over $150. Such claims now require additional supervisory review before approval. According to VA documentation, the additional supervisory review before payment is made will help reduce the risk of fraudulent or erroneous processing of high-dollar claims.

Within eCAMS, we identified 615 SMT claims out of over 1 million claims that were potentially overpaid, because the amount submitted for payment exceeded the amount billed by the vendor, totaling over $900,000 in potential overpayments. VA reviewed the highest claims we identified and confirmed that all were improperly overpaid and that most were manually priced. At the time the claims were potentially overpaid, the amount to be paid was entered manually by staff when conducting a manual review. VA also stated that these instances had been identified prior to our review. In some cases, the provider notified VA of the overpayment.

To reduce the risk of overpayments, as in the claims we identified, VA and FSC have made changes to controls in eCAMS since the time frame of our analysis. In May 2024, eCAMS required the paid amount for BT claims to be automatically set to the billed amount. According to FSC officials, this change would reduce the need for manual review, manual pricing, and risk of administrative error. In fiscal year 2025, VHA officials worked with FSC to reduce the dollar threshold at which certain SMT claims are automatically flagged for further manual review, from $50,000 to $10,000.

The Fraud Risk Framework states that automated control activities tend to be more reliable than manual control activities, because they are less susceptible to human error. Further, an overreliance on manual checks could introduce human error, as we identified in our data analysis. If implemented as intended, new controls in both BTSSS and eCAMS since the time the claims we analyzed were processed could help reduce the risk of manual errors resulting in paid amounts exceeding the claimed or billed amount. The Fraud Risk Framework also calls for monitoring and evaluating the effectiveness of controls to prevent and detect fraud and using the results of monitoring and evaluations to improve the design and implementation of fraud risk management activities.

However, VA’s current processes may not provide reasonable assurance that the new controls are implemented as intended and are operating effectively. While VA has efforts in place to monitor and evaluate BT claims, such as annual financial quality assurance reviews, it generally does not specifically select claims at increased risk of overpayments—such as those that were manually reviewed or that are a higher dollar value. In addition, according to FSC officials, no data analytics or continuous monitoring are performed on payments in eCAMS, such as to prevent or detect claims where the amount paid is higher than the amount billed.[49]

Without regularly monitoring and evaluating its controls to mitigate the risk of potential overpayments, VA does not have reasonable assurance that these controls are implemented as intended and are operating effectively. This includes controls to validate payment amounts that are manually overridden in BTSSS and that automatically set the paid amount to the billed amount in eCAMS. Additionally, by regularly monitoring and evaluating its controls, VA would be better positioned to make changes to these controls, if necessary, to ensure they are effective.

VA’s Efforts to Manage Fraud Risks Related to the BT Program Do Not Fully Align with Leading Practices

VA Has Identified a Dedicated Entity to Lead Fraud Risk Management Activities for the BT Program but Has Not Clearly Designated Responsibilities

Leading practices in the Fraud Risk Framework call for program managers to designate an antifraud entity with defined responsibilities and necessary authority for leading and overseeing fraud risk management activities. The Fraud Risk Framework provides that the designated entity can be an individual or a team, depending on the needs of the agency or program, and that the designated entity’s roles and responsibilities should be clearly defined and documented.

VHA’s Member Services and VTP jointly carry out fraud risk management activities for the BT Program, such as identifying fraud risks. Specifically, through a process led by the VA Office of Business Oversight (OBO), VTP senior leaders—including the VTP Director—collaborate with VHA Member Services’ compliance function to complete an annual fraud risk assessment for the BT Program.[50] As the national program office for BT and the operations and support office, respectively, VTP and Member Services understand the BT Program and its operations and are responsible for managing risk and overseeing the implementation of fraud controls for the BT Program. This arrangement is consistent with the Fraud Risk Framework.

Leading Practices for Creating a Structure to Lead Fraud Risk Management Activities Leading practices in GAO’s Fraud Risk Framework include creating a structure with a dedicated entity to lead fraud risk management activities. Specifically, the leading practices call for designating a dedicated entity to design and oversee fraud risk management activities that ·       understands the program and its operations, as well as the fraud risks and controls throughout the program; ·       has defined responsibilities and the necessary authority across the program; ·       has a direct reporting line to senior-level managers within the agency; and ·       is located within the agency and not the Office of Inspector General, so the latter can retain independence to serve its oversight role. In carrying out this role, the antifraud entity, among other things, ·       serves as the repository of knowledge on fraud risks and controls, ·       manages the fraud risk assessment process, ·       leads or assists with trainings and other fraud awareness activities, and ·       coordinates antifraud initiatives across the program. Source: GAO.  |  GAO‑26‑107596

However, VA documents do not clearly define the Director of VTP and VHA Member Services jointly as the responsible and the necessary authority for leading fraud risk management activities for the BT Program. Specifically, the BT Program directive assigns to the Director of VTP responsibility for oversight and managing risks but does not mention fraud risks.[51] Further, the directive assigns to the Executive Director of Member Services the responsibility for providing risk assessments generally but does not mention fraud risk assessments.

Similarly, VHA-wide directives do not clearly designate responsibilities for fraud risk management. For example, a VHA directive on the roles of Operating Units designates responsibility for oversight, including managing risks, to program offices, such as VTP.[52] However, it does not specifically designate managing fraud risk activities as part of those responsibilities.

Separately, a VHA Integrity and Compliance Program directive assigns to program office heads responsibility for preventing, detecting, and mitigating fraud, waste, and abuse.[53] However, the VHA Directive 1030 Guidebook, which provides supporting guidance for the directive, does not establish a role for program office heads in managing fraud risks.[54] In addition, the VHA Integrity and Compliance Program directive and VHA Directive 1030 Guidebook assign responsibilities for identifying, assessing, and reviewing fraud risks and implementing corresponding risk mitigation activities to integrity and compliance officers—which would include Member Services’ compliance office.

According to officials from VHA’s Office of Integrity and Compliance (OIC), OIC is updating its Integrity and Compliance Program directive to provide additional clarity regarding fraud.[55] Specifically, among other things, planned updates include adding a requirement for principal program offices to have a designee for fraud, waste, and abuse for all subunits they operate. OIC officials initially intended to complete the revisions and make the revised directive available by the end of calendar year 2025. As of January 2026, planned revisions to the directive and supporting guidance were on hold, pending finalization of VA’s reorganization efforts, according to OIC officials.

Revising the BT Program directive to clarify the BT Program’s designee for leading fraud risk management activities, and completing and implementing the revisions to VHA-wide guidance to include a requirement for program offices to have a designee for fraud risk management activities, could help clarify the responsible and the necessary authority for leading fraud risk management activities for the BT Program. Clearly defining the responsible and the necessary authority for leading fraud risk management activities would better position VA to strategically manage its fraud risks to the BT Program.

VA Identified and Assessed Some BT Program Fraud Risks, but Its Fraud Risk Assessment Does Not Include All Known Fraud Risks or Specify Fraud Risk Tolerances

Leading practices in our Fraud Risk Framework call for agencies to plan regular fraud risk assessments that are then used to develop a fraud risk profile. A fraud risk profile is a documented analysis that identifies internal and external fraud risks, their perceived likelihood and impact, managers’ risk tolerance, and the prioritization of risks. It is an essential piece of an overall antifraud strategy and can inform the specific control activities that managers design and implement.

Leading Practices for Regular Fraud Risk Assessments That Are Tailored to the Program Leading practices in GAO’s Fraud Risk Framework include planning regular fraud risk assessments that are tailored to the program. Specifically, the leading practices call for ·       tailoring fraud risk assessments to its programs; ·       planning to conduct fraud risk assessments at regular intervals; ·       identifying tools, methods, and sources for gathering information on fraud risks; and ·       involving relevant stakeholders in the assessment process. Source: GAO.  |  GAO‑26‑107596

The Fraud Risk Framework includes five key elements for assessing fraud risks in federal programs. These key elements include (1) identifying inherent fraud risks affecting the program, (2) assessing the likelihood and impact of inherent fraud risks, (3) determining a fraud risk tolerance, (4) examining the suitability of existing fraud controls and prioritizing residual fraud risks, and (5) documenting the program’s fraud risk profile.

Since fiscal year 2018, the BT Program has been designated high risk for fraud through an annual risk survey led by VA’s OBO. VA has, therefore, completed a fraud risk assessment for the BT Program each year. Specifically, VTP and the Member Services compliance office collaborate to complete the risk survey and update the fraud risk assessment each year, with guidance from OBO. OBO and program officials stated that to complete fraud risk assessments, they consider cases of fraud that have occurred involving the program and risk information gathered through agency processes, including integrity and compliance efforts.

Further, program officials told us that in developing the fraud risk assessment, they consider their knowledge of claims processing systems, improper payment and VA OIG findings, and prior interactions with medical facilities implementing the BT Program. According to program officials, the fraud risk assessment includes the highest risks that they have identified, and they believe that the list is comprehensive with respect to their risks.

We reviewed the fraud risk assessments for the BT Program from fiscal years 2018 through 2024 and found that they aligned with some leading practices.[56] Specifically, VA conducted the assessments annually since fiscal year 2018 and generally identified and assessed some fraud risks, developed risk responses, described existing controls and risk mitigation activities, and documented the results in a fraud risk profile—consistent with leading practices. VA also made several updates to the risk assessments since fiscal year 2018. For example, VA updated its definitions of actions to be taken to mitigate identified fraud risks. In addition, in its fiscal year 2024 fraud risk assessment, VA lowered its rating of the likelihood of some fraud risks it had identified in previous years to reflect its assessment that changes implemented in BTSSS and eCAMS would decrease the likelihood that these fraud risks would occur.

The fraud risks assessments completed from fiscal years 2018 through 2024 included between three and five fraud risks, depending on the fiscal year. However, we identified several known fraud risks to the BT Program that were not included in the fraud risk assessments. For example, fraud risk assessments from fiscal years 2019 through 2024 we reviewed included the risk that a beneficiary may falsify a claim and provided as an example a beneficiary indicating they traveled hundreds of miles per day when living much closer to the medical facility. However, the risk assessments did not include other fraud risks involving false claims from beneficiaries that we identified during interviews with VHA officials, such as veterans traveling together and each submitting a separate claim for reimbursement. In addition, the risk assessments did not include risks identified by the VA OIG, such as SMT vendors billing against contract terms or submitting duplicate invoices.

The fraud risks assessments did not comprehensively identify known fraud risks because VA did not directly engage with relevant stakeholders in the assessment process or fully consider relevant sources of information on fraud risks to the BT Program—two leading practices for planning a fraud risk assessment. According to program officials, they do not conduct outreach to VISNs or VA medical facilities directly as part of the fraud risk assessment. Of the 18 VISNs we obtained information from, three indicated that OBO or VTP sought their input on risk surveys or assessments, or that they provided input into such surveys and assessments. An additional seven VISNs noted other efforts at the national level, in which VISNs could provide information on fraud risks or compliance issues, such as integrity and compliance risk assessments or risk tracking and national calls held by VTP. Other VISNs stated that they did not provide any input, or were unaware of the risk survey and fraud risk assessment.

In addition, it is not clear the extent to which OBO or program officials reviewed other sources of information on fraud risks in developing the fraud risk assessments. We previously reported that in July 2024, OIC officials told us that they found over 1,300 different ways that entities across the various levels of VHA’s health care system may identify and document risks.[57] For example, OIC maintains a risk portal, as well as a portal for tracking inquiries and allegations and findings, recommendations, and corrective actions from compliance audits and reviews. Both portals include information that indicates fraud risks to the BT Program. Program officials told us they consider VTP and Member Services’ compliance officials’ knowledge of BT claims processing systems, improper payment findings, and OIG findings, among other sources, during the annual risk assessment process, but they did not indicate these risk portals as sources of information they review.

Stakeholders responsible for implementing the BT Program, including its antifraud controls, and other agency risk information are important sources of information about BT fraud risks. Without involving relevant stakeholders in the process or reviewing information from other relevant sources in alignment with leading practices, VA cannot comprehensively identify and assess fraud risks to the BT Program. Without a comprehensive fraud risk assessment that includes known fraud risks, VA cannot fully determine whether, or to what extent, existing controls mitigate these risks and whether additional controls may be needed.

Additionally, we found that VA’s fraud risk assessments for the BT Program do not specify fraud risk tolerance. Fraud risk tolerance is a key element of a fraud risk assessment, according to the Fraud Risk Framework. In the context of fraud risk management, if the objective is to mitigate fraud risks—in general, to have a very low level of fraud—the risk tolerance reflects managers’ willingness to accept a higher level of fraud risks. According to program officials, subject-matter experts rely on knowledge of the current strategic, reputational, political, and operational environment when determining risk responses. However, these officials stated that VTP has not formalized a general or specific fraud risk tolerance for the BT Program.

Managers may perceive a conflict between their priorities to fulfill the program’s mission, such as efficiently disbursing funds or providing services to beneficiaries, and taking actions to safeguard taxpayer dollars from improper use. However, the purpose of proactively managing fraud risks is to facilitate, not hinder, the program’s mission and strategic goals. Establishing fraud risk tolerance helps ensure that controls are designed effectively, taking into consideration program-specific factors, such as other objectives beyond mitigation of fraud risks.

Implementing additional controls for the BT Program could help further mitigate fraud risks but may also create additional barriers for legitimate beneficiaries by further reducing the timeliness of claims and may not be cost effective. We have previously reported that some veterans may not understand aspects of the BT Program, and existing BT Program requirements may be a barrier to accessing benefits.[58] In addition, the VA OIG reported that it has received complaints regarding the timeliness of claims processing. Further, officials from Veterans Service Organizations we spoke with confirmed that submitting BT claims was already challenging for some veterans. Without establishing fraud risk tolerance, VA is not fully able to assess whether identified fraud risks need further mitigation, or determine whether controls appropriately balance fraud risk reduction with BT Program goals.

VA Has Not Consistently Required Training Specifically on BT Program Fraud Risks for Claims Staff

According to the Fraud Risk Framework, a leading practice for managing fraud risks is to require all employees to attend fraud-awareness training upon hiring and on an ongoing basis thereafter. The Fraud Risk Framework states that fraud-awareness initiatives should convey fraud-specific information that is tailored to the program and its fraud risk profile, including information on fraud risks, employees’ responsibilities, and the effect of fraud. Increasing fraud awareness through training can enable management and other personnel to better detect potential fraud. Additionally, training and education can serve a preventive purpose by helping create a culture of integrity and compliance within the program.

VHA developed and implemented general fraud awareness training as part of overall integrity and compliance training for all employees—including staff handling BT claims.[59] The training is mandatory for all staff. In addition, VA has multiple efforts throughout the agency that communicate fraud-related information. For example, VHA offers additional training on best practices in antifraud, waste, and abuse. According to VHA officials, that training is optional. VHA’s other efforts include an annual compliance and ethics week and fraud, waste, and abuse campaigns. These efforts provide general fraud-awareness information and communicate the importance of antifraud efforts, as well as the roles of key stakeholders and options for employees to report noncompliance and fraud.

At the program level, VTP provides program-specific training for VA staff handling BT claims and is implementing additional required training for such staff.[60] For example, VTP provides role-specific training for mobility managers.[61] The training includes information on various aspects of the BT Program, such as

·         eligibility requirements and using BTSSS and eCAMS to process BT claims;

·         identifying, evaluating, remediating, and reporting improper payments, as required by the Payment Integrity Information Act of 2019;

·         responsibilities that could mitigate fraud risks, such as responsibilities for reviewing contracts; and

·         results from a recent fact-finding case involving SMT contracts.

VTP is developing and implementing training courses specific to BT Program staff that process claims through specific systems—BTSSS, eCAMS, and VetRide. For example, VTP began implementing, in March 2025, a program-specific training course for staff processing claims through BTSSS.[62] According to VTP officials, the purpose of the course is to train staff on BTSSS, including how to manually review claims that cannot be approved automatically based on system rules. As VHA continues to consider centralizing BT claims review, VTP plans to require that staff members reassigned to the centralized VTP team from the facility level, as well as new staff, complete the courses applicable to their role to access these systems, according to program officials.

Illustrative Example of Fraud Training Implemented for Beneficiary Travel (BT) Program Staff to Address Identified Risks in One Veterans Integrated Service Network (VISN) In fiscal year 2024, the transportation program manager in one VISN implemented a fraud training pilot program after the VISN identified several evolving fraud and abuse patterns in fiscal years 2023 and 2024 related to both general health care travel (GHCT) and special mode transportation (SMT) claims, according to VISN officials. Specifically, according to these officials, the VISN identified patterns of recurring travel misuse, such as frequent reimbursements for care when the beneficiary did not attend the appointments, inflated GHCT mileage claims and SMT invoices, duplicate claims, and beneficiaries using secondary addresses to increase reimbursement amounts. According to VISN officials, the pilot program included fraud training sessions for Department of Veterans Affairs (VA) facility-level mobility managers that discussed how BT Program staff could better use system reporting tools to identify and address potential fraud. For example, facility managers were encouraged to review generated reports for red flags, such as unexpected changes in a beneficiary’s banking details or payments directed to accounts in different states without corresponding updates to the beneficiary’s address, which could indicate attempts to redirect funds or fraudulent activities. Source: GAO review of VA information.  |  GAO‑26‑107596

According to VTP officials, information on fraud risks, such as the risk that veterans could travel together and both claim GHCT mileage reimbursement, as well as information pertaining to the VA OIG hotline and the importance of communicating risks, is generally discussed as part of these trainings. However, in our review of the materials for the courses available—BTSSS and VetRide—we found that they do not specifically mention fraud, waste, or abuse.[63] Program officials agreed that such information is not documented in training materials. According to program officials, this reflects VTP’s approach to mitigating risks of improper payments generally by ensuring that eligible veterans are paid in the correct amount for travel claims, rather than distinguishing between fraud and other types of risks.

In addition to role- and systems-specific trainings, VTP has developed and implemented trainings and communications to address specific risks after they have been identified. For example, to address the risk of claims not paid according to contract terms identified through fiscal year 2020 improper payments testing, VTP provided training through its monthly VTP forum. While these efforts are intended to address causes of improper payments, not fraud specifically, strengthening controls generally can help reduce vulnerabilities to fraud, since some improper payments may be the result of fraud.

Individual VISNs and VA medical facilities may also provide BT Program-specific fraud training or communications to staff. For example, some VISNs told us they provide training covering fraud indicators or other areas of concern, such as those identified by audits or other periodic reviews. A few other VISNs told us that BT Program-specific fraud-related communications may occur generally, for example, during recurring meetings. Overall, we did not find that VISNs required BT Program-specific fraud training for staff handing BT claims.

According to VTP officials, efforts to improve and standardize training for staff that handle BT claims have played a role in mitigating improper payments. However, according to VTP officials, there is no fraud training specific to BT claims. While there is no designated fraud training for the BT Program specifically, according to VTP officials, the program’s focus on identifying risks and adjusting controls to mitigate improper payments and issue timely and accurate payments for BT claims to veterans will minimize fraud within the BT Program.

However, the deceptive nature of fraud makes it harder to detect than nonfraudulent errors. By requiring program-specific training on an initial and ongoing basis that includes information on the highest fraud risks to the BT Program—including both GHCT and SMT—VHA can help ensure staff who handle BT claims are better able to detect indicators of potential fraud. Further, without fraud-specific training, VHA’s efforts to improve its controls to mitigate fraud and improper payments—including continued enhancements to its data systems—may not be as effective as they might otherwise be.

Conclusions

VA has consistently identified the BT Program as high risk for improper payments and fraud and has taken steps to prevent improper payments and mitigate fraud risks. From fiscal year 2018 through fiscal year 2024, VA reported approximately $1 billion in improper payments in the BT Program, with the amounts and rates generally decreasing. Over the same period, 10 cases involving the BT Program were adjudicated as fraudulent. However, VA has opportunities to enhance its efforts to prevent fraudulent and other improper payments in the BT Program.

Since fiscal year 2018, VA has implemented data systems—including BTSSS and eCAMS—in part to mitigate fraud risks in the BT Program. These systems automate aspects of claims processing by automatically reviewing claims against preset rules to verify eligibility and other information. However, our data analyses identified weaknesses in the controls within these and other systems used to process BT claims that resulted in potential improper and duplicate payments. For example, we found that VA potentially made improper payments to beneficiaries using nonresidential addresses. Developing guidance for BT Program staff on acceptable documentation for verifying residential addresses when claims are flagged for address-related issues could help VA ensure that claims are not improperly underpaid or overpaid to nonresidential addresses and reduce VA’s risk of fraud involving invalid addresses.

In addition, we found that VA potentially made duplicate payments to vendors and overpayments to both beneficiaries and vendors when claim amounts were manually overridden by staff reviewing claims. VA had previously identified some of these potential improper payments and, since the time of our data analyses, has taken steps to address related risks. For example, VA’s transition to VetRide for processing all VA-initiated transportation—including contract and noncontract SMT—could mitigate known risks with IPPS. Until the transition is complete, communicating to staff responsible for processing invoices in IPPS the importance of adequately reviewing BT invoices could help mitigate the risk of duplicate payments. Further, while VA’s controls have the potential to reduce the risks we identified, VA does not have reasonable assurance that these controls are being implemented as intended and are operating effectively. Monitoring and evaluating existing and newly implemented controls provide an opportunity for VA to decrease its improper payment risk.

VTP and the Member Services’ compliance office have conducted a fraud risk assessment for the BT Program annually since fiscal year 2018. However, we found that VA’s efforts are consistent with some, but not all, relevant leading practices for fraud risk management. Given that VA has identified the BT Program as high risk for fraud every year, VA would benefit from implementing applicable fraud risk management leading practices. Specifically,

·         clearly defining and documenting the responsible and necessary authority to lead fraud risk management activities to the BT Program,

·         updating and enhancing its fraud risk assessment to comprehensively identify and assess known fraud risks to the BT Program, and

·         establishing fraud risk tolerance are pivotal steps in ensuring that VA’s efforts mitigate known fraud risks to an acceptable level and are appropriately balanced with other BT Program goals.

As part of its integrity and compliance training, VHA has general fraud awareness training for all employees—including staff handling BT claims. However, VHA has not consistently required training specifically on known fraud risks to the BT Program, instead focusing required BT Program-specific training on eligibility and other issues. Requiring fraud-specific training could help ensure that VHA’s efforts to improve its controls to mitigate fraud and improper payments—including continued enhancements to its data systems—are operating effectively.

Recommendations for Executive Action

We are making the following nine recommendations to VA:

The Under Secretary for Health should develop guidance for BT Program staff on acceptable documentation for verifying residential addresses when claims do not meet BTSSS rules related to addresses or distance traveled. (Recommendation 1)

The Under Secretary for Health should communicate to staff responsible for processing invoices in IPPS the importance of adequately reviewing BT invoices to ensure they are not duplicates before certifying the invoices for payment. (Recommendation 2)

The Under Secretary for Health should regularly monitor and evaluate whether existing controls for preventing payment of potentially duplicate BT SMT claims and invoices between IPPS and eCAMS and within eCAMS are implemented as intended and are operating effectively to prevent payment of potentially duplicate SMT claims and, if necessary, revise controls. (Recommendation 3)

The Under Secretary for Health should regularly monitor and evaluate whether controls used to validate payment amounts that are manually overridden in BTSSS are implemented and operating as intended to prevent potential overpayments. (Recommendation 4)

The Under Secretary for Health should regularly monitor and evaluate whether controls to prevent potential BT overpayments resulting from staff manually pricing claims in eCAMS, including controls that automatically set the paid amount to the billed amount, are implemented as intended and are operating effectively and, if necessary, revise controls. (Recommendation 5)

The Under Secretary for Health should clearly define and document the responsible and necessary authority to lead fraud risk management activities in the BT Program. This could include revising the BT Program directive to clarify the BT Program’s designee for leading fraud risk management activities and completing and implementing revisions to VHA-wide guidance to include a requirement for program offices to have a designee for fraud risk management activities. (Recommendation 6)

The Under Secretary for Health should update and enhance its fraud risk assessment for the BT Program to comprehensively identify and assess known fraud risks to the BT Program. This process should involve relevant stakeholders and sources of information on fraud risks. (Recommendation 7)

The Under Secretary for Health should establish fraud risk tolerance as part of its BT fraud risk assessment and consider risk tolerance in assessing whether controls sufficiently address known risks, or whether VA needs to implement additional mitigating actions to address known risks. (Recommendation 8)

The Under Secretary for Health should implement required initial and ongoing fraud-awareness training relevant to risks facing the BT Program for VA employees and contractors that handle BT claims. For example, information on known fraud risks could be incorporated into required training for BT Program staff that process claims through specific systems. This training should include information on the highest fraud risks to the BT Program, including both GHCT and SMT, such as risks related to eligibility, duplicate claims, and other risks that VHA identifies through fraud risk assessments. (Recommendation 9)

Agency Comments and Our Evaluation

We provided a draft of this report to VA for review and comment. In its comments, reproduced in appendix I, VA concurred with all recommendations and indicated that it will take actions to implement them. In addition, VA provided technical comments, which we incorporated in the report, as appropriate.

We are sending copies of this report to the appropriate congressional committees, the Secretary of Veterans Affairs, and other interested parties. In addition, the report is available at no charge on the GAO website at http://www.gao.gov.

If you or your staff have any questions about this report, please contact me at (202) 512-6722 or BagdoyanS@gao.gov. Contact points for our Offices of Congressional Relations and Media Relations are on the last page of this report. GAO staff who made key contributions to this report are listed in appendix II.

Seto J. Bagdoyan

Director, Forensic Audits and Investigative Service

GAO Contact

Seto J. Bagdoyan, BagdoyanS@gao.gov

Staff Acknowledgments

In addition to the contact named above, Erica Varner (Assistant Director), Mariana Calderon (Assistant Director), Erin McLaughlin Villas (Analyst in Charge), Daniel Adorno, Carla Craddock, Steph O. Landeros, Nicole Mackowski, and Craig Rossett made key contributions to this report. Other contributors include James Ashley, Sara Daleski, David Dornisch, Colin Fallon, Barbara Lewis, James Murphy, Joseph Rini, Jared Smith, and Matthew Valenta.

GAO’s Mission

The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony

The fastest and easiest way to obtain copies of GAO documents at no cost is through our website. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. You can also subscribe to GAO’s email updates to receive notification of newly posted products.

Order by Phone

The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, https://www.gao.gov/ordering.htm.

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.

Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information.

Connect with GAO

Connect with GAO on X, LinkedIn, Instagram, and YouTube.
Subscribe to our Email Updates. Listen to our Podcasts.
Visit GAO on the web at https://www.gao.gov.

To Report Fraud, Waste, and Abuse in Federal Programs

Contact FraudNet:

Website: https://www.gao.gov/about/what-gao-does/fraudnet

Automated answering system: (800) 424-5454

Media Relations

Sarah Kaczmarek, Managing Director, Media@gao.gov

Congressional Relations

David A. Powner, Acting Managing Director, CongRel@gao.gov

General Inquiries

https://www.gao.gov/about/contact-us