State Comptroller Thomas DiNapoli accentuates the negative in a new audit of the state’s Medicaid managed care program, faulting two participating insurers for “wasting millions of state Medicaid dollars.” But he omits two important pieces of context.

First, the comptroller’s report lacks a sense of proportion. After combing Medicaid claims paid by UnitedHealthcare and Amerigroup over a four-year period, DiNapoli’s office said it found “at least $6.6 million in improper and questionable payments to ineligible providers .. including almost $60,000 in payments to pharmacies for medications that were prescribed by deceased doctors.”

Of course, any level of fraud is a bad thing. But the $6 million identified by the audit represents less than one-tenth of 1% of the claims paid by the two companies during the audit period. For comparison, the U.S. General Accounting Office estimates that improper payments accounted for 6.7 percent of nationwide Medicaid spending in 2014.

Are the managed care companies doing a better or worse job at catching fraud than traditional, fee-for-service Medicaid (in which the state directly reimburses providers)? It’s a relevant question the audit does not address. But when The New York Times analyzed traditional Medicaid spending in 2005 – using only a laptop computer and off-the-shelf software – it found evidence of rampant fraud, including $7 million in questionable claims from a single dentist.

Second, the audit fails to clearly explain who suffered the $6 million hit: It was the insurers, not the state.

A great virtue of Medicaid managed care is that it shifts risk and liability from taxpayers to the private sector. The state pays each managed care company a fixed premium per month per enrollee. The company then becomes responsible for paying claims. If the company fails to catch fraud, it eats the loss.

Since the state sets premiums based on how much companies have paid out in the past, the audit raises the concern that unidentified fraud could lead to inflated rates in future years. But that would be true of any fraud detection effort with a success rate less than 100 percent.

Meanwhile, there’s strong evidence that Medicaid managed care is saving taxpayers money overall. During the period covered by the audit, the share of New York Medicaid recipients enrolled in managed care jumped from 68 percent to 76 percent. Over that same period, the state’s per-enrollee spending declined from $10,432 to $8,630.

Despite the relatively small scale of the inappropriate payments – and the lack of direct harm to the state – DiNapoli urges a strong response from the state. His audit calls on the Health Department to require, as part of its contracts with managed care companies, that they hire a minimum number of staff dedicated to fraud recovery.

The audit notes that New Jersey requires plans to employ at least one full-time recovery person for every 60,000 Medicaid recipients enrolled, while the ratios at UnitedHealthcare and Amerigroup were several times lower than that. What the audit does not say is whether the New Jersey rule resulted in more recoveries.

This is one recommendation that the Health Department rejected outright:

“Plans need to have the flexibility to allocate resources to utilize various program integrity tools, including pre-payment and post-payment activities,” the department wrote in its response to the audit. “Plans and other payers have found that preventing inappropriate payments is more cost effective than attempting to recoup inappropriate payments.”