Medicare: Improvements Needed to Address Improper Payments for
Medical Equipment and Supplies (31-JAN-07, GAO-07-59).
The Centers for Medicare & Medicaid Services (CMS)--the agency
that administers Medicare--estimated that the program made about
$700 million in improper payments for durable medical equipment,
prosthetics, orthotics, and supplies (DMEPOS) from April 1, 2005,
through March 31, 2006. To protect Medicare from improper DMEPOS
payments, CMS relies on three Program Safeguard Contractors
(PSC), and four contractors that process Medicare claims, to
conduct critical program integrity activities. GAO was requested
to examine CMS's and CMS's contractors' activities to prevent and
minimize improper payments for DMEPOS, and describe CMS's
oversight of PSC program integrity activities. To do this, GAO
analyzed DMEPOS claims data by supplier and item to identify
atypical, or large, increases in billing; reviewed CMS documents;
and conducted interviews with CMS and contractor officials. GAO
focused its work on contractors' automated prepayment controls
and described related claims analysis functions.
-------------------------Indexing Terms-------------------------
REPORTNUM: GAO-07-59
ACCNO: A65429
TITLE: Medicare: Improvements Needed to Address Improper
Payments for Medical Equipment and Supplies
DATE: 01/31/2007
SUBJECT: Claims
Claims processing
Contract oversight
Data integrity
Erroneous payments
Fraud
Health care programs
Internal controls
Medical equipment
Medicare
Program evaluation
Prosthetic devices
Systems integrity
Program goals or objectives
******************************************************************
** This file contains an ASCII representation of the text of a **
** GAO Product. **
** **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced. Tables are included, but **
** may not resemble those in the printed version. **
** **
** Please see the PDF (Portable Document Format) file, when **
** available, for a complete electronic file of the printed **
** document's contents. **
** **
******************************************************************
GAO-07-59
* [1]Results in Brief
* [2]Background
* [3]DMEPOS Claims Processing
* [4]DMEPOS Program Integrity
* [5]Medical Review
* [6]Benefit Integrity
* [7]CMS's Program Integrity Activities Could Be Enhanced
* [8]PSCs Identify Atypical Billing Patterns and Use Edits to Add
* [9]Gaps with Medical Review Edits Can Lead to Improper Payments
* [10]PSC Case Referrals to Law Enforcement Are a Key Aspect of Be
* [11]CMS Oversees PSCs through Various Means, and Is Implementing
* [12]Conclusions
* [13]Recommendations for Executive Action
* [14]Agency Comments
* [15]Appendix I: DMEPOS Regions and Associated DME MACs and PSCs
* [16]Appendix II: Scope and Methodology
* [17]Appendix III: Agency Comments
* [18]Appendix IV: GAO Contact and Staff Acknowledgments
* [19]GAO Contact
* [20]Acknowledgments
* [21]Related GAO Products
* [22]Order by Mail or Phone
Report to the Ranking Minority Member, Committee on Finance, U.S. Senate
United States Government Accountability Office
GAO
January 2007
MEDICARE
Improvements Needed to Address Improper Payments for Medical Equipment and
Supplies
GAO-07-59
Contents
Letter 1
Results in Brief 4
Background 6
CMS's Program Integrity Activities Could Be Enhanced 10
CMS Oversees PSCs through Various Means, and Is Implementing Annual
Evaluations of Program Integrity Activities 17
Conclusions 19
Recommendations for Executive Action 19
Agency Comments 20
Appendix I DMEPOS Regions and Associated DME MACs and PSCs 22
Appendix II Scope and Methodology 23
Appendix III Agency Comments 26
Appendix IV GAO Contact and Staff Acknowledgments 28
Related GAO Products 29
Tables
Table 1: DMEPOS Claims Processing and Program Integrity Activities and
Associated Regional Contractor Type, as of January 2007 9
Table 2: Examples of Medically Improbable Claims and Possible Edits to
Address Them 13
Abbreviations
CMS Centers for Medicare & Medicaid Services
DME durable medical equipment
DME MAC Durable Medical Equipment Medicare Administrative Contractor
DMEPOS durable medical equipment, prosthetics, orthotics, and supplies
DMERC Durable Medical Equipment Regional Carrier
DOJ Department of Justice
FBI Federal Bureau of Investigation
HHS Department of Health and Human Services
JOA Joint Operating Agreement
NSC National Supplier Clearinghouse
OIG Office of Inspector General
PIM Medicare Program Integrity Manual
PSC Program Safeguard Contractor
SADMERC Statistical Analysis Durable Medical Equipment Regional
Carrier
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.
United States Government Accountability Office
Washington, DC 20548
January 31, 2007 January 31, 2007
The Honorable Charles E. Grassley
Ranking Minority Member
Committee on Finance
United States Senate
The Honorable Charles E. Grassley
Ranking Minority Member
Committee on Finance
United States Senate
Dear Senator Grassley:
According to the most recent estimate from the Centers for Medicare &
Medicaid Services (CMS), from April 1, 2005, through March 31, 2006,
Medicare made about $700 million in improper payments for durable medical
equipment, prosthetics, orthotics, and supplies (DMEPOS).^1 This
represents about 7.5 percent of its payments for these items. Improper
payments result from mistakes on the part of those who bill Medicare,
fraudulent activities, and abuse. Mistakes are often due to clerical
errors or a misunderstanding of program rules, while fraud involves an
intentional act or representation to deceive with knowledge that the
action or representation could result in gain. Abuse typically involves
actions that are inconsistent with acceptable business and medical
practices and result in unnecessary cost.^2 Improper Medicare payments
drain vital program dollars, to the detriment of beneficiaries and
taxpayers. Due in part to Medicare's vulnerability to making improper
payments, we have designated it as a high-risk program since
1990.^3123According to the most recent estimate from the Centers for
Medicare & Medicaid Services (CMS), from April 1, 2005, through March 31,
2006, Medicare made about $700 million in improper payments for durable
medical equipment, prosthetics, orthotics, and supplies (DMEPOS). This
represents about 7.5 percent of its payments for these items. Improper
payments result from mistakes on the part of those who bill Medicare,
fraudulent activities, and abuse. Mistakes are often due to clerical
errors or a misunderstanding of program rules, while fraud involves an
intentional act or representation to deceive with knowledge that the
action or representation could result in gain. Abuse typically involves
actions that are inconsistent with acceptable business and medical
practices and result in unnecessary cost. Improper Medicare payments drain
vital program dollars, to the detriment of beneficiaries and taxpayers.
Due in part to Medicare's vulnerability to making improper payments, we
have designated it as a high-risk program since 1990.
^1Medicare defines durable medical equipment (DME) as equipment that
serves a medical purpose, can withstand repeated use, is generally not
useful in the absence of an illness or injury, and is appropriate for use
in the home. DME includes items such as wheelchairs, hospital beds, and
walkers. Medicare defines prosthetic devices (other than dental) as
devices that are needed to replace a body part or function. Prosthetic
devices include artificial limbs and eyes and cardiac pacemakers. Medicare
defines orthotic devices to include leg, arm, back, and neck braces that
provide rigid or semirigid support to weak or deformed body parts or
restrict or eliminate motion in a diseased or injured part of the body.
Medicare-reimbursed supplies are items that are used in conjunction with
DME and are consumed during the use of the equipment--such as drugs used
for inhalation therapy--or items that need to be replaced on a frequent,
usually daily, basis--such as surgical dressings.
^242 C.F.R. S 433.304 (2005).
^3GAO, High-Risk Series: An Update, [23]GAO-05-207 (Washington, D.C.: Jan.
2005).
To prevent or minimize improper payments for DMEPOS, CMS relies on
contractors to conduct program integrity activities in four DMEPOS
regions. CMS has entered into new contracts with three Program Safeguard
Contractors (PSC) to conduct these activities, as of March 1, 2006.^4 The
PSCs' program integrity activities include analyzing data on submitted and
paid claims to identify patterns of improper or atypical billing;
establishing automated prepayment controls to deny claims that should not
be paid or route them for further review; conducting medical reviews^5 of
specific claims to determine if they should be, or should have been, paid;
and carrying out benefit integrity activities--such as identifying,
investigating, and referring to law enforcement any DMEPOS supplier
suspected of submitting fraudulent claims for Medicare payment.^6 CMS also
relies on the efforts of a Durable Medical Equipment Regional Carrier
(DMERC) and Durable Medical Equipment Medicare Administrative Contractors
(DME MAC)^7 to ensure that all needed information is included on a claim
and to collect overpayments.
You asked us to review CMS and its contractors' activities to address
improper DMEPOS payments. In this report, we (1) discuss CMS's and its
contractors' program integrity activities intended to prevent and minimize
improper payments for DMEPOS and (2) describe CMS's oversight of PSC
program integrity efforts.
To discuss the program integrity activities of CMS and its contractors^8
to prevent and minimize improper payments for DMEPOS, we reviewed the
automated prepayment controls--also referred to as edits--which
contractors introduce into their payment systems to deny claims or flag
them for medical review, and contractors' benefit integrity activities. At
the beginning of our review, three DMERCs and a PSC performed these
functions and after March 1, 2006, three PSCs performed them. We included
automated prepayment controls because they are generally the contractors'
first line of defense for avoiding payment of improper claims, and we
included benefit integrity activities because they allow contractors to
enlist federal law enforcement agencies to act against suppliers who have
defrauded Medicare. We did not evaluate other aspects of medical review,
which can include analysis or examination of claims after payment, but we
discuss these functions in relation to automated prepayment controls and
benefit integrity activities. To review the adequacy of automated
prepayment controls, we analyzed national Medicare DMEPOS claims data on
atypical billing trends--particularly large increases in billing--by
supplier and by item for the first quarter of 2003 through the first
quarter of 2005. These data were provided to us by CMS's Statistical
Analysis Durable Medical Equipment Regional Carrier (SADMERC)--which is
responsible for performing statistical analyses on DMEPOS billing data to
identify potential fraud. We further analyzed Medicare DMEPOS claims data
from five states--California, Florida, Illinois, New York, and
Texas^9--and examined national claims data for suppliers and items with
atypical billing trends. We assessed the reliability of the data sets used
for these analyses and determined that each one was sufficiently reliable
for the purposes of this report. Further, we interviewed CMS officials
responsible for safeguarding the program, and contractor staff responsible
for conducting program integrity activities in Regions A, C, and D,^10
including the outgoing DMERCs for Regions C and D,^11 and the PSCs for
Regions A, C, and D. To learn more about the contractor transitions, we
interviewed staff at the DME MAC for Region A, whose contract was the only
DME MAC contract awarded within our chosen regions at the time of our
interviews. We also interviewed officials from SADMERC, and law
enforcement officials--from the Department of Health and Human Services
(HHS) Office of Inspector General (OIG), the Federal Bureau of
Investigation (FBI), and U.S. Attorney's Offices--that are responsible for
investigating and prosecuting Medicare fraud and abuse cases.^12 We
reviewed relevant CMS documents, such as CMS's Medicare Program Integrity
Manual (PIM), which provides guidance for Medicare contractors.
^4The same PSC was awarded contracts for Regions A and B, which means that
a total of three PSCs hold contracts for the four regions. Appendix I
depicts the boundaries of each region.
^5Medical reviews of submitted claims are conducted to determine if
beneficiaries' medical conditions meet Medicare coverage criteria. If
medical reviews identify a claim that should not have been paid, the
contractor that paid the claim is responsible for collecting the
overpayment.
^6Prior to March 1, 2006, three Durable Medical Equipment Regional
Carriers (DMERC) and one PSC were under contract to conduct program
integrity activities for DMEPOS benefits.
^7In 2006, CMS began implementing a plan to replace DMERCs with DME MACs
to process DMEPOS claims. As of January 2007, three DME MACs and a DMERC
were performing this activity. Each DMERC or DME MAC is responsible for
coordinating with the PSC that conducts program integrity activities in
its region.
^8In this report, unless otherwise specified, the term contractors refers
to PSCs, DMERCs, and DME MACs.
^9We obtained data from these states because they are each recognized by
CMS or law enforcement as having experienced Medicare fraud and abuse.
^10While DMERCs and DME MACs process claims in the four DMEPOS regions, we
chose to focus our work in Regions A, C, and D. We selected Region A
because it was the only DMEPOS region in which a PSC had previously been
contracted to conduct program integrity functions. We selected Regions C
and D because they each have one state--Florida and California,
respectively--which CMS and its contractors have identified as
experiencing a higher level of DMEPOS fraud and abuse than other states.
^11We did not interview DMERC staff for Region A because the
responsibility for program integrity activities in that region had already
been transferred to a PSC in 2001.
To describe CMS's oversight of PSC program integrity efforts, we reviewed
the PSCs' statement of work and task orders outlining their duties,^13 the
PIM, and the evaluation tools that CMS will use to assess PSC performance.
We also interviewed CMS officials about their oversight activities and
efforts to minimize DMEPOS improper payments. Appendix II includes a more
detailed discussion of our scope and methodology. We performed our work
from June 2005 through January 2007 in accordance with generally accepted
government auditing standards.
Results in Brief
The contractors' activities to prevent and minimize improper DMEPOS
payments fell short in three ways. First, the DMERCs and PSCs did not have
edits with predesignated thresholds in place to identify claims for
medical review that were part of an atypical increase in billing. This
resulted in losses to Medicare. For example, we found that from the first
quarter of 2003 through the first quarter of 2005, due to an absence of
threshold edits, 225 suppliers increased their billing to Medicare by
$500,000 and 50 percent from at least one 3-month period to the next. In
November 2004, the U.S. government won a default civil judgment against 16
of these suppliers for filing false claims against Medicare for services
not rendered--after being paid almost $40 million from January 2003
through September 2004. Establishing edits for when such claims meet
thresholds for atypical billing would have allowed contractors to examine
the claims before paying them and decrease improper payments. Second, we
identified three instances where contractors did not have edits in place
to identify items, and paid claims for items, that are not likely to be
prescribed in the course of routine quality medical care. For example, a
Medicare beneficiary who has a prosthetic foot due to an amputation should
not need a brace for the limb that no longer exists. However, Medicare
paid over $2 million from October 2002 through March 2005 for
beneficiaries' braces after the program had paid for prosthetics for the
same beneficiaries' legs, feet, or ankles. Third, contractors are not
required by CMS to share information on their effective edits with
contractors in other regions. They also do not have to adopt edits that
have been effective in these other regions and that could be effective in
their own. For instance, we found that one effective edit restricted
payment for home-use hospital beds to only one per beneficiary per month.
However, this edit was used in only one region. If it had been used in the
other three regions, it could have saved Medicare almost $71 million from
January 2003 through June 2005. Not all regions would benefit equally from
introducing new edits into their systems. In this example, the edit would
be most effective in two of the four regions because they received more
claims from suppliers that billed for multiple hospital beds per
beneficiary in a given month. In addition to using medical review edits,
contractors also conduct benefit integrity activities to support law
enforcement's investigation of suppliers who are suspected of fraudulent
billing. Although CMS officials expressed satisfaction with contractors'
benefit integrity performance, law enforcement officials in Miami and
Southern California with whom we spoke told us that the contractors could
be more effective if their supplier case referrals were based on more
recent data.
^12We interviewed headquarters officials from these organizations, in
addition to representatives from their local offices in Los Angeles,
California; Miami, Florida; and New York City, New York. The HHS OIG is
responsible for investigating Medicare fraud; the FBI may assist in the
investigation of Medicare fraud cases or open an independent investigation
on cases for which the HHS OIG has decided not to open an investigation;
and U.S. Attorney's Offices are responsible for prosecuting Medicare fraud
cases.
^13A statement of work is the portion of a contract that describes the
actual work to be carried out by the contractor by means of
specifications, performance dates, and quality requirements.
CMS oversees the PSCs' program integrity efforts by providing each PSC
with a statement of work, a specific task order, the PIM, and through its
monitoring and evaluation of the PSCs' activities. The agency has
completed an initial abbreviated evaluation for the three PSCs and is
implementing a comprehensive, annual evaluation of each PSC. CMS's plans
are to assess each PSC's general, medical review, and benefit integrity
performance. CMS will use the results of the annual evaluations to
determine whether to renew the PSC contracts and whether each PSC is
eligible to earn incentive rewards--called award fees--for good
performance, in addition to the regular payments it receives under its
contract.
To help prevent improper payments for DMEPOS, we recommend that the
Administrator of CMS take two actions. First, CMS should require the PSCs
to establish thresholds for, and develop automated prepayment controls to
address, unexplained increases in claims volume. Second, we recommend that
CMS require contractors to exchange information about, and consider
adopting, automated prepayment controls used by other DMEPOS contractors
that could reduce improper payments within their own regions. CMS
concurred with our recommendations and provided information on a related
initiative that it has begun. CMS also suggested another activity that it
plans to take as part of implementing our recommendations. The Department
of Justice (DOJ) provided technical comments, which we incorporated as
appropriate.
Background
Medicare, which is administered by CMS--an agency within HHS--is the
federal program that helps pay for a variety of health care services and
items on behalf of about 42 million elderly and certain disabled
beneficiaries. Most Medicare beneficiaries participate in Part B,^14 which
helps pay for certain physician, outpatient hospital, laboratory, and
other services; DMEPOS (such as oxygen, wheelchairs, hospital beds,
walkers, orthotics, prosthetics, and surgical dressings); and certain
outpatient drugs.^15 Medicare pays 80 percent of the cost of services and
items covered under Part B, and the beneficiary pays the balance.
Beneficiaries typically obtain DMEPOS items from suppliers, who submit
claims to Medicare on the beneficiaries' behalf. Suppliers include medical
equipment retail establishments, and also can include outpatient
providers, such as physicians and physical therapists.
DMEPOS suppliers are required by CMS to meet certain standards before they
are authorized to bill Medicare. These standards are intended to ensure
that suppliers engage in legitimate business practices and are licensed
and qualified to provide DMEPOS items and services in the states in which
they operate. CMS contracts with the National Supplier Clearinghouse (NSC)
to screen potential suppliers and enroll those that comply with CMS
standards into the Medicare program. In a previous report, we found that
NSC's efforts to verify compliance with the standards were insufficient to
ensure that only legitimate and qualified suppliers could bill
Medicare.^16
14Part B requires enrollees to pay a monthly premium for their Part B
coverage.
^15Outpatient drugs covered under Part B include self-administered drugs,
such as certain immunosuppressive and oral anticancer drugs, and drugs
administered in conjunction with DME.
DMEPOS Claims Processing
DMEPOS claims are handled by CMS contractors who are responsible for
processing and paying claims submitted to Medicare. To do this, they
ensure that all necessary information is included on a claim. Claims
processing contractors are responsible for paying DMEPOS claims and
recouping any payments that have been made in error. Prior to January
2006, CMS contracted with four DMERCs to handle DMEPOS claims processing
activities. Each DMERC was assigned to one of four geographic
regions--Region A, B, C, or D--and was responsible for processing the
DMEPOS claims of Medicare beneficiaries residing within its region.^17 The
Medicare Prescription Drug, Improvement, and Modernization Act of 2003
included provisions that required CMS to implement competitive procedures
to replace DMERCs with DME MACs.^18 In January 2006, CMS competitively
selected four DME MACs from a pool of applicants^19 and began to
transition DMEPOS claims administration activities from the DMERCs to DME
MACs. In Regions A and B, the transition of these claims processing
activities was completed by July 1, 2006,^20 but bid protests against the
selection of the Region C and D DME MACs delayed transitions in these
regions. As a result, claims processing activities did not transition in
Region D until September 30, 2006, and, as of January 2007, the DMERC in
Region C was continuing to process claims.^21
16For more information on NSC and DMEPOS supplier standards, see GAO,
Medicare: More Effective Screening and Stronger Enrollment Standards
Needed for Medical Equipment Suppliers, [24]GAO-05-656 (Washington, D.C.:
Sept. 22, 2005). See also Related GAO Products at the end of this report.
^17The four DMERCs were HealthNow New York, Inc. (Region A), AdminaStar
Federal, Inc. (Region B), Palmetto Government Benefits Administrators, LLC
(Region C), and CIGNA Government Services, LLC (Region D). DMERCs only
processed DMEPOS claims.
^18Pub. L. No. 108-173, sec. 302(b), S 1847, 117 Stat. 2066, 2224-30 (to
be codified at 42 U.S.C. S 1395w-3). For further information on this
contracting change, see GAO, Medicare Contracting Reform: CMS's Plan Has
Gaps and Its Anticipated Savings Are Uncertain, [25]GAO-05-873
(Washington, D.C.: Aug. 17, 2005).
^19This pool included DMERCs and other companies with experience
processing Medicare claims.
^20The Region A DME MAC contract was awarded to National Heritage
Insurance Company and the Region B contract was awarded to AdminaStar
Federal, Inc.
DMEPOS Program Integrity
DMEPOS program integrity activities are designed to protect the Medicare
program from improper payments. These program integrity activities include
medical reviews of claims and benefit integrity efforts.
Medical Review
Medical review is the examination of information on a DMEPOS claim, as
well as the examination of any supporting documentation associated with
the claim, to determine if a beneficiary's medical condition meets
Medicare's coverage criteria. Medical review can also include data
analyses of submitted and paid DMEPOS claims to identify billing patterns
that may be associated with improper Medicare payments. If medical review
reveals that an overpayment was made to a supplier, the claims processing
contractor that paid the claim is responsible for collecting the
overpayment from the supplier. Medical review findings also help CMS
contractors determine what instruction they may need to provide to DMEPOS
suppliers to inform them about Medicare program rules and proper DMEPOS
billing. Medical review often results from contractors' use of edits to
identify claims that require scrutiny, and it can be performed before or
after payment.
Benefit Integrity
Benefit integrity is the investigation of suspected fraud and the referral
of suppliers to law enforcement for further investigation and prosecution.
In addition, benefit integrity activities include data analysis of DMEPOS
claims to identify improper billing that may indicate fraud.
Prior to March 1, 2006, all medical review and benefit integrity
activities within Regions B, C, and D were conducted by each region's
DMERC. In Region A, these activities were conducted by a PSC. As of March
1, 2006, the PSC in Region A also became responsible for conducting the
medical review and benefit integrity activities for Region B. In Regions C
and D, CMS selected two other PSCs--one for each region--to conduct the
medical review and benefit integrity activities in each respective region.
The PSC for each region is responsible for partnering with its region's
claims processing contractor when conducting medical review and benefit
integrity activities. By March 1, 2006, the transition of medical review
and benefit integrity activities from the DMERCs to the PSCs was
completed.
^21In Region D, CMS's award of the DME MAC contract to Noridian
Administrative Services, LLC, was upheld. CIGNA Gov't Servs., LLC,
B-297915, May 4, 2006. Transition of the Region D workload to the DME MAC
was completed by September 30, 2006. In Region C, a bid protest was upheld
and, as a result, CMS reopened discussions with parties under
consideration for award of the DME MAC contract. CIGNA Gov't Servs., LLC,
B-297915.2, May 4, 2006. On September 28, 2006, CMS once again awarded the
contract, but this award was protested by the company that had not
received the contract. The bid protest was decided on January 16, 2007.
The company that did not receive the contract has options for further
action, such as challenging the decision in the U.S. Court of Federal
Claims. CMS has not yet finalized its transition schedule for Region C, as
of January 2007.
Table 1 provides a summary of DMEPOS claims processing and program
integrity activities and the associated contractor types for these
activities, as of January 2007.
Table 1: DMEPOS Claims Processing and Program Integrity Activities and
Associated Regional Contractor Type, as of January 2007
Program
integrity
Benefit
Type of contractor Claims processing Medical review integrity
Durable Medical Electronically Not applicable Not applicable
Equipment Medicare processes claims
Administrative
Contractor (DME MAC) Pays suppliers and
recoups any
Regions A, B, and D overpayments
Durable Medical
Equipment Regional
Carrier (DMERC)
Region C
Program Safeguard Not applicable Reviews Identifies and
Contractor (PSC) submitted investigates
claims suspected fraud
Regions A, B, C, D
Analyzes Refers suspected
regional claims fraud to law
data enforcement
Informs DME MAC Analyzes
or DMERC of regional claims
overpayments data
Source: GAO analysis of CMS Medicare Program Integrity Manual,
contractors' statements of work, and information from CMS contractors.
In addition to the contractors mentioned above, the SADMERC performs
analyses of national data on paid Medicare DMEPOS claims. The SADMERC
develops reports for CMS, CMS contractors, and law enforcement to identify
trends in payment and potential fraud. It often focuses its analyses by
examining a particular DMEPOS item, supplier, or referring physician, or
by analyzing claims in a specific region or other geographic area.
CMS's Program Integrity Activities Could Be Enhanced
Under CMS's direction, its contractors conduct program integrity
activities, such as developing the automated prepayment controls known as
edits that check claims before payment, and performing benefit integrity
tasks. However, the contractors' edits fell short in preventing improper
payments from being made. Specifically, the contractors did not have edits
that flagged atypical billing or consistently identified claims that were
medically improbable, and the contractors also did not routinely share
their successful edits with the other contractors. Further, as a key
aspect of the benefit integrity activities, contractors provided case
referrals about suppliers to help law enforcement agencies investigate and
prosecute Medicare fraud. However, law enforcement officials stated that
case referrals would be more useful if they were based on more recent
information.
PSCs Identify Atypical Billing Patterns and Use Edits to Address Improper
Payments
PSCs in each region analyze data on claims that have been paid in order to
identify potentially improper ones, which can be evidenced by atypical
billing patterns--such as a rapid growth in payments for a particular
DMEPOS item or provider. They also use results from CMS's annual study of
improperly paid claims^22 to identify items at risk of improper payment in
their respective regions. The PSCs decide on their approach to addressing
potentially improper claims based on the level of their resources and the
scope of the identified problems in their regions. Each PSC's approach is
detailed in its annual "medical review strategy," submitted to CMS for
approval. Due to the specific problems identified in each region, the
PSCs' medical review strategies can differ. As part of its strategy, each
PSC is required to design a comprehensive plan detailing how it will
address each problem it identifies, and reduce the rate of errors in
claims payment. PSCs continuously update their strategy as improper
payment problems are resolved and new ones are discovered.
To prevent and minimize improper payments for DMEPOS, PSCs rely on
automated prepayment controls--called edits. Edits automatically check
claims before payment to make sure that they appear to be valid. PSCs are
responsible for developing and implementing a specific type of edit,
called a medical review edit.^23 Medical review edits specifically allow a
PSC to check that an item on a claim appears medically necessary for the
beneficiary under Medicare's coverage criteria. Medical review edits can
either lead to the automatic denial of an improper claim, or subject a
claim to a manual review. For example, a medical review edit could be
established to automatically deny any claim submitted for specific items
for a beneficiary if it had been determined that the beneficiary's
Medicare number was used repeatedly on claims from different suppliers for
DMEPOS items that the beneficiary did not need. Alternatively, medical
review edits can flag claims for manual medical review before payment,
which requires that a PSC reviewer examine data on the claim, along with
any related supporting documentation.^24 The reviewer determines whether
to allow the claim to continue through the payment process, obtain more
documentation, or deny the claim.
^22CMS monitors the accuracy of Part B claims payments through its
Comprehensive Error Rate Testing program. Beginning in 2003, CMS published
yearly reports on the accuracy of claims payments. See Centers for
Medicare & Medicaid Services, Improper Medicare FFS Payments Long Report
(Web Version) for November 2006 (Baltimore, Md.: Nov. 2006)
[26]https://www4.cms.hhs.gov/apps/er_report/preview_er_report_print.asp?from=public&
which=long&reportID=5 (downloaded Nov. 16, 2006). See also GAO, Medicare
Payment: CMS Methodology Adequate to Estimate National Error Rate,
[27]GAO-06-300 (Washington, D.C.: Mar. 24, 2006).
Gaps with Medical Review Edits Can Lead to Improper Payments
We identified three gaps in medical review edits that could lead to
improper payments. First, DMERCs and the Region A PSC^25 generally did not
have medical review edits in place to identify claims associated with
atypical billing patterns. Such billing patterns involve rapid or dramatic
increases in the billed amounts of claims. Atypical billing patterns can
involve legitimate claims, when, for example, CMS expands the coverage
rules for an item or service. However, atypical billing patterns have
often been associated with improper claims and payments. Atypical billing
patterns can appear with claims (1) submitted by a particular supplier,
(2) covering a particular DMEPOS item, (3) based on referrals from the
same prescribing physician, (4) submitted on behalf of a particular
beneficiary, or (5) associated with atypical billing that is clustered in
a particular geographic area. The DMERC and PSC officials we interviewed
told us that they did not use medical review edits that would routinely
flag claims that had reached predesignated thresholds--such as ones that
would signal an unusually large increase in payment to a supplier. One
contractor indicated that, depending on the threshold set, introducing
these types of edits could allow too many claims to be flagged for medical
review.
^23Another type of edit--the claims processing edit--is designed and put
in place by DME MAC and DMERC staff to ensure that claims contain complete
information that is consistent with certain previously submitted data and
appear payable. The DME MACs and DMERC program the claims processing
system with claims processing edits to determine whether to continue
processing the claim for payment, deny it, or flag it for review. For
example, a claims processing edit can flag a claim for review if it
appears to be a duplicate of a previously processed claim.
^24Some DMEPOS items require that the supplier has a form signed by a
physician to certify that an item is needed for the beneficiary. A
reviewer can request this form be submitted to serve as proof that the
item is considered medically necessary.
^25At the time our audit work on medical review edits was conducted, only
Region A had a PSC conducting program integrity activities.
In the absence of threshold edits to avoid paying improper claims
associated with atypical billing patterns, the DMERCs paid claims that
represented large increases over historical billing amounts submitted. For
example, we found that from the first quarter of 2003 through the first
quarter of 2005, 225 suppliers increased their billing to Medicare by
$500,000 and 50 percent from at least one 3-month period to the next.^26
At least 38 of the 225 suppliers were under criminal investigation during
2004. In November 2004, the U.S. government won a default civil judgment
of $366 million against 16 of these suppliers.^27 These suppliers had
billed for services not rendered and committed other offenses, and they
had been paid almost $40 million from January 2003 through September 2004.
As of December 2006, DOJ had collected about $738,000 from suppliers
involved in the case. HHS OIG investigators in Miami told us that it was
not uncommon for fraudulent suppliers to close up their businesses at the
first sign of an investigation or to quickly move their Medicare payments
out of their accounts in ways that are difficult to track. By the time law
enforcement can act against fraudulent suppliers, much of the money gained
from Medicare has disappeared and cannot be recouped.
We found that contractors paid claims that were medically improbable
because they did not have edits to flag them. Such claims represent items
unlikely to be prescribed, or unlikely to be prescribed in the quantity
billed, for a beneficiary as part of routine quality care. In conjunction
with the SADMERC, we identified three instances where medically improbable
claims were routinely being paid by Medicare for more than a year. For
example, if a Medicare beneficiary has a foot amputated, that person would
usually need a prosthetic foot for that limb. As a result, the beneficiary
should not also need a brace for a limb that no longer exists. From
October 2002 through March 2005, Medicare paid over $2 million for
beneficiaries' braces after the program had paid for prosthetics within
the last year for the same beneficiaries' legs, feet or ankles. (See table
2 for two other examples.) A SADMERC official told us that the contractors
could develop edits for medically improbable circumstances that could
avoid improper payments.
^26As a single example, in the fourth quarter of 2003, one Florida
supplier had an increase in billing of over 51,000 percent from the prior
quarter, from $4,486 to $2,307,236. In the next quarter, the supplier's
billing for DMEPOS products increased to $14,611,458. Although many of the
charges were denied, CMS paid the supplier over $5 million for DMEPOS
claims from October 2003 through March 2004.
^27A default judgment is rendered as a result of a party's failure to
appear in court or to answer a complaint.
Table 2: Examples of Medically Improbable Claims and Possible Edits to
Address Them
Why it is medically Description of
Type of claim improbable possible edit Payment amounts
More than 500 Clinical information A glucose test CMS paid about
glucose test and surveys of strip edit^a would $156 million for
strips per beneficiaries indicate limit diabetics who test strips in
year for that noninsulin-treated do not use insulin excess of 500
diabetics who diabetics generally do to 500 test strips per year for
are not not test their blood per year (41 per diabetic
treated with sugar level more than month)--a level beneficiaries
insulin once per day. which is more that were not
generous than the treated with
contractors' insulin in
coverage policies 2003.^b
currently allow and
would allow testing
more than once a
day. If more than
500 test strips
were billed in a
year, the claims
processing system
would deny the
claims containing
this code.
Multiple According to the An edit for From October
claims for SADMERC medical multiple 2002 through
prosthetics director, a beneficiary prosthetics^c would March 2005, CMS
provided for who receives a limit the number of paid almost
the same body prosthesis for a prostheses provided $500,000 to
part specific body part for the same body suppliers
should not need part for the same providing more
multiple versions of beneficiary to two than two of the
the same prosthesis. On per year. If more same prostheses
some occasions, a than two for the same leg
beneficiary may need to occurrences were of the same
be refitted, but no billed in a year, beneficiary
more than two of the the claims within a single
same prostheses per processing system year.
year should be would deny the
necessary. claims containing
this code or flag
the claims for
prepayment manual
medical review.
Source: GAO analysis of SADMERC data.
aThe glucose test strip edit was developed by SADMERC and relies on
SADMERC data.
bSADMERC was able to determine whether beneficiaries were treated with
insulin based on the diagnosis information submitted on their claims.
cThe edit for multiple prosthetics was developed by GAO and relies on
SADMERC data.
In recognition of the value of edits to detect medically improbable
claims, CMS has begun a process to have its contractors implement such
edits. In January 2007, the agency plans to introduce 19 edits for DMEPOS
items, albeit not for the items described in table 2.^28 These 19 edits
will deny claims for DMEPOS items if a medically improbable quantity of
the item is listed on the claim for a single beneficiary in one day. The
agency plans to introduce additional edits for more DMEPOS items and other
services later in 2007.
Finally, CMS does not require its contractors to share information on
their edits with contractors in other regions or adopt edits that have
been effective in other contractors' regions. CMS requires each of its
contractors to develop and maintain its own edits. Contractors are free to
adopt or eliminate edits at their discretion based on such factors as the
effectiveness of an edit in reducing improper payments, the added cost of
implementing and maintaining an edit, and the presence or absence of
other, more costly, improper payments. CMS officials we spoke with told us
that CMS expects contractors to add edits at their own discretion, based
on their resources. CMS maintains a database through which contractors
provide information to the agency on the effectiveness of their edits. At
present, contractors do not have access to other contractors' information
in the database.
Our analysis found that if contractors were to adopt edits that have been
effective in other contractors' regions, they could likely reduce their
improper payments. For example, in 2005, the DMERC in Region C had an edit
in place to restrict payment for the same or similar types of home-use
hospital beds to one item per month per beneficiary, by automatically
denying any additional claims submitted for these items. Our analysis
identified a potential savings within Region C of $50.7 million from
January 1, 2003, through June 30, 2005. Based on the claims submitted over
this time period in the other three regions, we found that this edit could
have generated an additional savings of up to $70.6 million if it had been
implemented in the other three regions.^29 Overall, our analysis of a
sample of seven edits^30--selected from a list of automated edits that was
provided in response to our request and included edits estimated to be the
most effective by the contractors that developed them--found that each
contractor had edits that could have denied up to an additional $74.1
million in claims from January 2003 through June 2005, had all seven edits
been used by each contractor.^31
28CMS plans to implement a total of 2,776 edits for Part B items and
services. These edits would automatically deny claims for Part B items and
services if a medically improbable quantity of the item or service is
billed for a single beneficiary as having been provided on the same day.
^29Our analysis also found that this edit did not lead to equal amounts of
savings in all DMEPOS regions and therefore was of more potential value in
some DMEPOS regions than in others. For example, Region D showed a
potential savings of $36.6 million; Region A, $18.1 million; and Region B,
$15.9 million.
PSC Case Referrals to Law Enforcement Are a Key Aspect of Benefit Integrity
Activities
Under their benefit integrity responsibilities, PSCs are expected to
identify and investigate cases of suspected fraud within their regions and
refer these cases to law enforcement for further investigation and
prosecution. A PSC's investigation can include examining medical and other
records associated with a particular claim or claims, questioning
beneficiaries about whether they received items that were billed, and
conducting site visits to suppliers' facilities. PSCs also use analysis of
claims data to look for atypical billing patterns and other factors that
may indicate fraud, such as the number of complaints against, or prior
investigations of, a supplier.
PSCs are required by CMS to refer cases of suspected fraud to the HHS OIG
for further investigation.^32 PSCs are also required to support law
enforcement's investigation and prosecution of fraud by providing supplier
and beneficiary information and other relevant case-related data, as
requested by law enforcement entities. Along with these tasks, the PSC
statements of work outline other required activities, including
participating in regular case-related contact with law enforcement,
coordinating and participating in antifraud conferences and related
gatherings, updating a national database maintained by CMS that tracks
Medicare fraud, and providing educational programs for law enforcement on
contractor operations and Medicare issues. Prior to the transfer of
benefit integrity activities to PSCs on March 1, 2006, DMERCs were
responsible for these activities in three of the four regions. In the
fourth region--Region A--a PSC was responsible for these activities prior
to this date.
^30Two of the seven edits examined wheelchair and commode seating items
and were developed by the Region A PSC. Four of the seven edits examined
oxygen delivery, respiratory assistance devices, nutrition to be provided
through feeding tubes, and hospital beds, and were developed by the Region
C DMERC. The final edit examined eyeglass lens coatings and was developed
by the Region D DMERC.
^31These figures represent a maximum possible savings by assuming that
none of the claims denials generated by these edits would be manually
overridden. Further, if claims denials are subsequently appealed and
payment made to suppliers, an edit could be less effective than a
contractor's data would suggest.
^32When the HHS OIG accepts a case referral from a PSC or other source, it
may investigate the case on its own or involve other federal and state law
enforcement entities in its investigation. After completing its
investigation, the HHS OIG refers each case to the U.S. Attorney's Office.
The U.S. Attorney's Office decides whether the case should be prosecuted
and is responsible for prosecution. If the HHS OIG declines a case,
however, the PSC has the option to refer it directly to other federal or
state law enforcement entities, such as the FBI or a State Office of
Attorney General.
Our analysis of CMS contractor benefit integrity performance evaluations
from 2001 through 2005--the most recent years for which these evaluations
were available--generally found few serious problems. According to these
evaluations, the PSC in Region A and the DMERCs in Regions B and C met
most or all of CMS's benefit integrity requirements in all years, with any
problems identified by these evaluations labeled as "minor." The DMERC in
Region D--which no longer holds this contract^33--met all benefit
integrity requirements in two recent evaluation periods (which covered
October 1, 2003, through May 31, 2004, and October 1, 2004, through April
15, 2005). However, in three earlier evaluation periods preceding October
1, 2003, CMS found "major" problems relating to the DMERC's case referral
activities, such as less than timely development of cases and lack of
documentation to support case files.
Despite the PSC's and DMERCs' positive evaluations by CMS in recent years,
law enforcement officials we spoke with stated that the contractors could
have done more to support law enforcement activities. For example, law
enforcement officials we interviewed in Miami and Southern California^34
told us that, while they were satisfied with the quality of information
presented in the case referrals, the case files often pertained to fraud
that had occurred too far in the past to be effectively investigated by
the time the referral was received. The Los Angeles FBI office as well as
the U.S. Attorney's office responsible for prosecuting Medicare fraud in
the Los Angeles area (Region D) told us that the typical case referral
submitted to the office for prosecution in 2005 related to suspect
suppliers whose peak billing activity occurred during 2003.^35 The Miami
FBI office and the U.S. Attorney's office responsible for prosecuting
Medicare fraud in the Miami area expressed similar concerns on the
timeliness of case referrals.
^33As noted earlier, the Region D contract was transitioned to Noridian
Administrative Services, LLC, as of September 30, 2006.
^34These included officials from the Miami HHS OIG, U.S. Attorney's and
FBI offices, as well as officials from the HHS OIG, U.S. Attorney's, and
FBI offices responsible for the Los Angeles area.
Law enforcement officials explained that when case referrals are made
after a supplier is no longer in business, investigating and prosecuting
the suspected fraud is difficult or even impossible because law
enforcement may not be able to locate the company's owners, its records,
or the Medicare funds it received. Law enforcement officials we
interviewed did not cite a single cause for the delays in contractor
referrals. Officials in Los Angeles attributed the delays to a lack of
on-site contractor presence in the Los Angeles area and on contractor
over-emphasis on producing polished referrals. Officials in Miami
attributed the delays to the referral process itself, citing too many
steps in the process, and some officials were uncertain as to the cause.
When we discussed these issues with CMS officials, however, they did not
raise concerns about the DMERCs' and PSC's effectiveness in supporting law
enforcement with comprehensive and timely referrals. On the contrary, the
officials we interviewed expressed satisfaction with the DMERCs' and PSC's
past performance.
CMS Oversees PSCs through Various Means, and Is Implementing Annual Evaluations
of Program Integrity Activities
CMS has various means of overseeing PSCs' program integrity efforts. To
establish expectations and guidelines for the PSCs, and to monitor their
program integrity efforts, CMS relies on PSC statements of work, the PIM,
and PSCs' reports on their activities. The PSC statements of work contain
general information about the agency's expectations for the PSCs,
including a list of deliverables that each one is required to provide to
CMS. The PIM establishes the requirements and guidance that the PSCs must
follow when conducting their program integrity activities. In addition,
CMS staff monitor the PSCs' reports about their activities. Examples of
these reports include updated medical review strategies and updates about
the types of information requested by law enforcement for its use in
investigating and prosecuting suppliers. After reviewing a contractor's
reports, CMS may suggest changes to a PSC, such as adjustments to its
medical review strategy.
^35The U.S. Attorneys do not typically receive case referrals directly
from DMERCs, but rather from investigative agencies such as the HHS OIG or
the FBI, who receive the case directly from the DMERCs and may further
develop the case referral.
In addition, CMS has developed plans for annually evaluating the PSCs'
program integrity activities and is in the process of implementing these
evaluations. CMS has developed three evaluation tools to assess each PSC's
(1) general performance, (2) performance in conducting medical review, and
(3) performance in conducting benefit integrity activities. The criteria
used in each of the three evaluation tools reflect the responsibilities
described in the PIM and the PSCs' statements of work. In May and June of
2006, CMS conducted an initial evaluation of the first several months of
the three PSCs' work,^36 using the general performance evaluation tool. In
May and June of 2007, CMS will conduct the first of a planned annual,
comprehensive, full-year evaluation of each PSC, including assessments of
its medical review and benefit integrity efforts. CMS officials said that
the agency will use the results to decide whether to renew a PSC's
contract.^37 The officials also said that CMS will use these results to
determine whether a PSC may earn award fees--a monetary performance reward
for good performance--in addition to the regular payments it receives
under its contract.
The general performance evaluation tool is intended to assess the PSCs in
four overall areas: (1) the quality of their work and work products; (2)
their success in completing their work within an agreed upon budget; (3)
their ability to provide work products on time; and (4) their ability to
develop and maintain productive business relationships with law
enforcement and suppliers.
The medical review evaluation tool is intended to assess PSC performance
in reviewing claims before and after payment. For example, the tool is
designed to assess the degree to which a PSC reviewed claims in accordance
with the medical review strategy that the PSC established for that year,
and that had been approved by CMS. The tool also is intended to verify the
accuracy of medical review for each PSC by using a sample of five claims
that had received medical review from the respective PSC. CMS officials
told us that they are currently in the process of determining whether a
broader measure of a region's improper payments will be reflected in the
evaluations of PSC performance in the future.
^36CMS evaluated each PSC's total workload, rather than its efforts in a
particular region. Because one PSC holds the contracts for both Regions A
and B, that PSC received a single evaluation.
^37The PSCs each have a 5-year contract. This includes an option for CMS
to review the contract each year during its 5-year time frame and renew
the contract for the next year. If CMS is satisfied with the PSC's
performance, it can renew the contract for 1 year, up to four times,
without having to open the contract to competition.
The benefit integrity evaluation tool is intended to assess a PSC's
investigations of suppliers suspected of fraud, development of supplier
case referrals for the HHS OIG, and assistance to law enforcement. For
instance, the benefit integrity evaluation tool requires evaluators to
assess whether a PSC maintains a documented audit trail of the actions it
has taken for each supplier investigation initiated. It also requires an
assessment of whether a PSC's case referrals to the HHS OIG include all of
the elements for law enforcement to pursue an investigation.
Conclusions
When CMS and its contractors fall short in protecting the Medicare
program, hundreds of millions of dollars can be lost to improper payments
for DMEPOS. The agency and its contractors conduct a number of program
integrity activities designed to prevent and minimize improper payments
for DMEPOS. However, we found that CMS's contractors did not have
sufficient automated prepayment controls to flag claims that are part of
unexplained increases in billing, or that were medically improbable.
Currently, the PSCs and DME MACs are not required to exchange information
about their successful automated prepayment controls that could be
effective in other regions. While PSCs have the flexibility to implement
prepayment controls that they consider to be the most effective for their
region, knowing about effective controls in other regions could provide
useful information when developing their own. CMS's recent initiative to
add automated prepayment controls that would deny certain medically
improbable claims is a positive step towards reducing improper DMEPOS
payments.
Recommendations for Executive Action
We recommend that the Administrator of CMS take two actions:
o Require the PSCs to develop thresholds for unexplained increases
in billing--and use them to develop automated prepayment controls
as one component of their manual medical review strategies.
o Require the DME MACs, DMERC, and PSCs to exchange information on
their automated prepayment controls, and have each of these
contractors consider whether the automated prepayment controls
developed by the others could reduce their incidence of improper
payments.
Agency Comments
CMS provided comments on a draft of this report, agreed with both
of our recommendations, and stated that it has begun efforts to
address them. Specifically, CMS agreed with our recommendation to
require PSCs to develop thresholds for unexplained increases in
billing and use them in developing their automated prepayment
controls. CMS responded that it would build upon existing PSC
processes for identifying billing increases and would work to
improve contractors' automated prepayment controls. CMS also
discussed a related initiative it has begun to automatically deny
or automatically suspend payment for services billed in excess of
medically probable amounts. CMS stated that this initiative will
address some of the issues that we raised in our report. We
consider this initiative to be one important aspect of preventing
improper payments for DMEPOS.
CMS also agreed with our recommendation to require the DME MACs,
DMERC, and PSCs to exchange information on their automated
prepayment controls and to have each of these contractors consider
whether the controls developed by the others could reduce their
incidence of improper payments. CMS responded that these
contractors' Joint Operating Agreements (JOA) provide a means
through which information can be shared among them, and stated
that it believes the contractors are currently coordinating their
automated prepayment control processes. CMS also said it would
review the JOAs to ensure that information-sharing requirements
are clear and are being followed by the contractors. This would be
a good first step towards ensuring that information sharing occurs
and that the contractors are considering the prepayment controls
of other contractors when developing their own prepayment
controls.
CMS's comments appear in appendix III.
We provided DOJ with a draft of this report for its review. DOJ
provided us with technical comments, which we incorporated as
appropriate.
As agreed with your office, unless you publicly announce its
contents earlier, we plan no further distribution of this report
until 30 days after its date. We will then send a copy of this
report to the Secretary of HHS, the Administrator of CMS, and the
Attorney General, appropriate congressional committees, and other
interested parties. We will also make copies available to others
upon request. This report also will be available at no charge on
GAO's Web site at http://www.gao.gov .
If you or your staff have any questions about this report, please
contact me at (312) 220-7600 or [email protected] . Contact
points for our Offices of Congressional Relations and Public
Affairs may be found on the last page of this report. GAO staff
who made major contributions to this report are listed in appendix
IV.
Sincerely yours,
Leslie G. Aronovitz
Director, Health Care
Appendix I: DMEPOS Regions and Associated DME MACs and PSCs
Appendix II: Scope and Methodology
To discuss the program integrity activities of the Centers for
Medicare & Medicaid Services (CMS) and its contractors to prevent
and minimize improper payments made for durable medical equipment,
prosthetics, orthotics, and supplies (DMEPOS), we reviewed aspects
of the contractors' medical review and benefit integrity
responsibilities. We reviewed the automated prepayment
controls--called edits--that contractors introduce into their
payment systems to deny claims or flag them for medical review,
and contractors' benefit integrity activities. We included edits
because they are generally the contractors' first line of defense
for avoiding payment of improper claims. We did not evaluate other
aspects of medical review, which can include analysis or
examination of claims after payment, but we discuss these
functions in relation to automated prepayment controls and benefit
integrity activities. We also included benefit integrity
efforts--such as referring potential cases to law
enforcement--because these efforts allow contractors to enlist
federal law enforcement agencies to act against suppliers who have
defrauded Medicare. As part of our work, we reviewed related GAO
reports and CMS's Medicare Program Integrity Manual (PIM), which
establishes CMS's guidelines for contractors' program integrity
activities. We also conducted interviews with CMS officials
responsible for safeguarding Medicare, as well as contractor
officials responsible for program integrity activities in three of
the four DMEPOS regions-- Regions A, C, and D.^1 These contractor
officials included staff at the outgoing Durable Medical Equipment
Regional Carriers (DMERC) for Regions C and D,^2 and the incoming
Program Safeguard Contractors (PSC) for Regions A, C, and D. We
interviewed staff at the incoming Durable Medical Equipment
Medicare Administrative Contractor (DME MAC) for Region A, which
had the only DME MAC contract within our selected regions that had
been implemented at the time of our interviews. We also
interviewed contractor staff at the Statistical Analysis Durable
Medical Equipment Regional Carrier (SADMERC)--a contractor which
is responsible for performing statistical analyses on national and
regional DMEPOS billing data to identify potential fraud.
In order to specifically review edits, we analyzed national
Medicare DMEPOS claims data on atypical billing trends for
suppliers and items for the first quarter of 2003 through the
first quarter of 2005 generated by SADMERC. We performed further
analyses on individual Medicare DMEPOS claims data from the first
quarter of 2003 through the second quarter of 2005 from five
states--California, Florida, Illinois, New York, and Texas.^3 We
also obtained data from the National Supplier Clearinghouse
(NSC)--a contractor which is responsible for enrolling suppliers
in Medicare and revoking the billing privileges of suppliers who
do not comply with program guidelines. We used the NSC data to
obtain information on the geographic location of the suppliers'
companies, such as by zip code and state, and to inform us as to
whether the Medicare billing privileges of certain suppliers were
considered by the NSC to be active, inactive, or revoked, as of
October 3, 2005. In addition, we used other analyses performed by
SADMERC on national DMEPOS claims data to simulate how many
dollars might have been saved for periods of time from 2002
through 2005 by adding certain edits into the payment system to
identify potential improper payments. We assessed the reliability
of the data sets used for these analyses by reviewing
documentation related to each data set, and we determined that
each was sufficiently reliable to address the issues in this
report.
In order to specifically describe contractors' benefit integrity
efforts, we interviewed law enforcement officials on both the
national and local levels who are responsible for investigating
and prosecuting such cases, and for coordinating their efforts
with the CMS contractors. The officials we interviewed included
those from Department of Health and Human Services (HHS) Office of
Inspector General (OIG), who receive suspected fraud cases from
Medicare contractors and may opt to investigate the cases further;
the Federal Bureau of Investigation (FBI), which may opt to assist
in the investigation of Medicare fraud cases or open an
independent investigation on cases for which the HHS OIG has
decided not to open an investigation; and U.S. Attorney's offices,
which are responsible for the prosecution of Medicare fraud cases.
In addition to interviewing headquarters officials from these
organizations, we also interviewed local law enforcement officials
from these agencies in Los Angeles, California; Miami, Florida;
and New York City, New York.
To describe CMS's oversight of its PSCs' program integrity
efforts, we reviewed the PIM, and the PSCs' statements of work,
which describe the terms of the PSC contracts. We also read CMS's
PSC performance evaluation tools, and interviewed CMS officials
about PSC oversight. In addition, we interviewed PSC contractors
about CMS's oversight of its PSCs. We performed our work from June
2005 through January 2007 in accordance with generally accepted
government auditing standards.
^1We selected Region A because it was the only DMEPOS region in which a
program safeguard contractor (PSC) was already conducting program
integrity functions when we began our work. We selected Regions C and D
because they each have one state--Florida and California,
respectively--which CMS and its contractors have identified as
experiencing a higher level of DMEPOS fraud and abuse than other states.
^2We did not interview the DMERC for Region A because the program
integrity activities in that region were already being conducted by a PSC.
^3We obtained data from these states because they are each recognized by
CMS or law enforcement as states which have experienced Medicare fraud and
abuse.
Appendix III: Agency Comments
Appendix IV: GAO Contact and Staff Acknowledgments
GAO Contact
Leslie G. Aronovitz, (312) 220-2600 or [email protected]
Acknowledgments
In addition to the contact named above, Sheila K. Avruch,
Assistant Director; Ramsey L. Asaly; Kevin Dietz; Krister P.
Friday; Kelli A. Jones; Joy L. Kraybill; Suzanne M. Post; and
Craig Winslow made key contributions to this report.
Related GAO Products
Medicare Integrity Program: Agency Approach for Allocating Funds
Should Be Revised. [30]GAO-06-813 . Washington, D.C.: September 6,
2006.
Medicare Payment: CMS Methodology Adequate to Estimate National
Error Rate. [31]GAO-06-300 . Washington, D.C.: March 24, 2006.
Medicare: More Effective Screening and Stronger Enrollment
Standards Needed for Medical Equipment Suppliers. [32]GAO-05-656 .
Washington, D.C.: September 22, 2005.
Medicare Contracting Reform: CMS's Plan Has Gaps and Its
Anticipated Savings Are Uncertain. [33]GAO-05-873 . Washington,
D.C.: August 17, 2005.
Health Care Fraud and Abuse Control Program: Results of Review of
Annual Reports for Fiscal Years 2002 and 2003. [34]GAO-05-134 .
Washington, D.C.: April 29, 2005.
High-Risk Series: An Update. [35]GAO-05-207 . Washington, D.C.:
January 2005.
Medicare: CMS's Program Safeguards Did Not Deter Growth in
Spending for Power Wheelchairs. [36]GAO-05-43 . Washington, D.C.:
November 17, 2004.
Medicare: CMS Did Not Control Rising Power Wheelchair Spending.
[37]GAO-04-716T . Washington, D.C.: April 28, 2004.
GAO’s Mission
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in
meeting its constitutional responsibilities and to help improve
the performance and accountability of the federal government for
the American people. GAO examines the use of public funds;
evaluates federal programs and policies; and provides analyses,
recommendations, and other assistance to help Congress make
informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony
The fastest and easiest way to obtain copies of GAO documents at
no cost is through GAO's Web site ( www.gao.gov ). Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of
newly posted products every afternoon, go to www.gao.gov and
select "Subscribe to Updates."
Order by Mail or Phone
The first copy of each printed report is free. Additional copies
are $2 each. A check or money order should be made out to the
Superintendent of Documents. GAO also accepts VISA and Mastercard.
Orders for 100 or more copies mailed to a single address are
discounted 25 percent. Orders should be sent to:
U.S. Government Accountability Office 441 G Street NW, Room LM
Washington, D.C. 20548
To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax:
(202) 512-6061
To Report Fraud, Waste, and Abuse in Federal Programs
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail:
[email protected] Automated answering system: (800) 424-5454 or
(202) 512-7470
Congressional Relations
Gloria Jarmon, Managing Director, [email protected] (202)
512-4400 U.S. Government Accountability Office, 441 G Street NW,
Room 7125 Washington, D.C. 20548
Public Affairs
Paul Anderson, Managing Director, [email protected] (202)
512-4800 U.S. Government Accountability Office, 441 G Street NW,
Room 7149 Washington, D.C. 20548
(290464)
www.gao.gov/cgi-bin/getrpt?GAO-07-59 .
To view the full product, including the scope
and methodology, click on the link above.
For more information, contact Leslie G. Aronovitz, (312) 220-7600 or
[email protected].
Highlights of [45]GAO-07-59 , a report to the Ranking Minority Member,
Committee on Finance, U.S. Senate
January 2007
MEDICARE
Improvements Needed to Address Improper Payments for Medical Equipment and
Supplies
The Centers for Medicare & Medicaid Services (CMS)--the agency that
administers Medicare--estimated that the program made about $700 million
in improper payments for durable medical equipment, prosthetics,
orthotics, and supplies (DMEPOS) from April 1, 2005, through March 31,
2006. To protect Medicare from improper DMEPOS payments, CMS relies on
three Program Safeguard Contractors (PSC), and four contractors that
process Medicare claims, to conduct critical program integrity activities.
GAO was requested to examine CMS's and CMS's contractors' activities to
prevent and minimize improper payments for DMEPOS, and describe CMS's
oversight of PSC program integrity activities. To do this, GAO analyzed
DMEPOS claims data by supplier and item to identify atypical, or large,
increases in billing; reviewed CMS documents; and conducted interviews
with CMS and contractor officials. GAO focused its work on contractors'
automated prepayment controls and described related claims analysis
functions.
[46]What GAO Recommends
GAO recommends that CMS require its contractors to develop automated
prepayment controls to identify potentially improper claims when supplier
billing reaches atypical levels and consider adopting the most
cost-effective controls of other contractors. CMS concurred with the
recommendations.
To prevent and minimize improper DMEPOS payments, CMS's contractors
conduct program integrity activities, which include performing medical
reviews of certain claims before they are paid to determine whether the
items meet criteria for Medicare coverage. As part of their efforts, CMS's
contractors responsible for medical review use automated prepayment
controls to deny claims that should not be paid or identify claims that
should be reviewed. However, GAO found three shortfalls in these automated
prepayment controls that make the Medicare program vulnerable to improper
payments.
o Contractors responsible for medical review did not have
automated prepayment controls in place to identify questionable
claims that are part of an atypically rapid increase in billing.
o In some instances, these contractors did not have automated
prepayment controls in place to identify claims for items unlikely
to be prescribed in the course of routine quality medical care.
CMS has recently begun an initiative to add controls of this kind
for some DMEPOS items.
o CMS does not require these contractors to share information on
the most effective automated prepayment controls of the other
contractors or consider adopting them. For example, Medicare might
have saved almost $71 million in less than 2 years if one
effective automated prepayment control designed to prevent
Medicare from paying for more than one home-use hospital bed per
month for a beneficiary, which was used by one of these
contractors, had been used by the others.
CMS oversees the PSCs' program integrity activities by providing written
manuals and contracts to guide their work. As part of its oversight, CMS
is implementing an annual contractor performance evaluation process, based
on three evaluation tools, to assess each PSC's performance. CMS officials
said that the agency will use the results of these evaluations to
determine two things: whether to renew a PSC's contract, and whether a PSC
may earn award fees--a monetary reward for good performance--in addition
to the regular payments it receives under its contract.
References
Visible links
23. http://www.gao.gov/cgi-bin/getrpt?GAO-05-207
24. http://www.gao.gov/cgi-bin/getrpt?GAO-05-656
25. http://www.gao.gov/cgi-bin/getrpt?GAO-05-873
26. https://www4.cms.hhs.gov/apps/er_report/preview_er_report_print.sap?from=public&�which=long&reportID=5
27. http://www.gao.gov/cgi-bin/getrpt?GAO-06-300
28. http://www.gao.gov/
30. http://www.gao.gov/cgi-bin/getrpt?GAO-06-813
31. http://www.gao.gov/cgi-bin/getrpt?GAO-06-300
32. http://www.gao.gov/cgi-bin/getrpt?GAO-05-656
33. http://www.gao.gov/cgi-bin/getrpt?GAO-05-873
34. http://www.gao.gov/cgi-bin/getrpt?GAO-05-134
35. http://www.gao.gov/cgi-bin/getrpt?GAO-05-207
36. http://www.gao.gov/cgi-bin/getrpt?GAO-05-43
37. http://www.gao.gov/cgi-bin/getrpt?GAO-04-716T
45. http://www.gao.gov/cgi-bin/getrpt?GAO-07-59
*** End of document. ***