Medicare has failed to adequately track fraud in its massive prescription drug program, according to a new report today from the agency’s watchdog.

In particular, the inspector general of the U.S. Department of Health and Human Services found that fewer than half of the insurance companies paid to administer Medicare’s drug program reported data to the federal government about potential fraud and abuse cases between 2010 and 2012. Two large insurers with 4 million members collectively appear not to have reported a single incident of fraud in 2012.

Medicare didn’t follow up, the inspector general found, and officials did little with the data they did collect.

Medicare’s drug program, known as Part D, provides prescription coverage to more than 36 million seniors and disabled people. It pays for one of every four prescriptions dispensed in the country.

The inspector general’s findings echo a ProPublica investigation published in December, which found that the federal government does little to stop schemers from stealing from the drug program. We found that while credit card companies routinely scan their records for fraud and block suspicious charges in real time, Medicare’s process is so convoluted that fraud flourishes. Elaborate schemes quickly siphon away millions of dollars.

The inspector general’s findings show little change from 2008, when the federal watchdog found that most incidents of fraud and abuse were reported by a small number of Part D insurers.

Part of the problem stems from the fact that Medicare doesn’t require insurers to report data on fraud. In January 2010, the Centers for Medicare and Medicaid Services encouraged Part D plans to voluntarily report aggregate data on their anti-fraud activities each year. The agency said it would use the information to monitor the plans’ programs to control fraud, waste and abuse.

“Since this change,” the inspector general noted, “no more than 40 percent of sponsors reported any fraud and abuse data between 2010 and 2012….CMS does not have data on incidents of potential fraud and abuse for plans covering almost half of the beneficiaries enrolled in Part D.”

The inspector general didn’t identify the insurers that failed to report data to CMS, but ProPublica was able to find them by matching up publicly reported enrollment information from CMS with the same data in the report.

One of the largest plans that didn’t report any incidents in 2012 was Medco Containment Life Insurance Co, which had 1.1 million members in December 2012. It was acquired by Express Scripts in mid-2012, and company spokeswoman Riddhi Trivedi-St. Clair said the plan currently sends fraud cases to both CMS and its outside fraud contractor. “Through our predictive data-mining and evidence-based investigations, we routinely identify cases that would otherwise go undetected,” she said.

Another insurer that doesn’t appear to have reported incidents that year was Humana, with 2.9 million members in December 2012. So far, a company spokesman has not responded to questions from ProPublica.

Clare Krusing, a spokeswoman with America’s Health Insurance Plans, the insurance industry trade group, didn’t address why some insurers kept data on suspected fraud from CMS, but said that they are “aggressive about identifying and addressing fraud early to protect patients from harm. Medicare drug plans have developed and use sophisticated software to identify possible fraudulent claims and are diligent about selecting high-quality pharmacies for their preferred networks."

Among those plans that did report incidents of fraud to CMS, the variation was huge. The number ranged from zero to 13,919 per year. Nearly one-quarter of insurers identified just one incident per year. In 2012, three of the 217 plans that reported information accounted for more than two-thirds of all reported incidents.

The inspector general said that CMS knows little about the types of fraud cases being discovered or the actions being taken to remedy them. It didn’t even perform “simple checks” to test the accuracy of the data. “CMS did not perform any quality assurance checks on the data,” the inspector general wrote. “It also did not use the data for monitoring or oversight purposes,” nor did it share it with law enforcement.

The inspector general recommended that CMS mandate that insurers report cases of fraud to Medicare and use the data to oversee them. Medicare has resisted imposing such a requirement. The agency previously pushed back on a recommendation to require insurers to report cases of suspected fraud to Medicare’s outside fraud contractor, saying voluntary disclosure was adequate.

In a response included in the inspector general’s report, CMS administrator Marilyn Tavenner wrote that her agency is committed to reducing fraud by providing insurers and law enforcement with accurate information about health providers’ prescription patterns.

“However, we believe that requiring Part D sponsors [insurers] to report all potential fraud and abuse would have the potential to inundate the agency and our contractors with an unwieldy amount of information that would not necessarily yield a better outcome in terms of stopping Part D fraud,” she wrote.

U.S. Sen. Tom Carper, D-Del., whose committee monitors Part D fraud, said in a statement that the new report shows more work needs to be done.

“The Inspector General's findings show that we need to forge a stronger partnership between the federal government and the private sector if we want to curb waste and fraud in the Medicare prescription drug program,” said Carper, chairman of the Homeland Security and Governmental Affairs Committee. “We have to curb the drain of taxpayer dollars from these vital programs.”