Medicare
Improvements Needed to Address Improper Payments for Medical Equipment and Supplies Gao ID: GAO-07-59 January 31, 2007The Centers for Medicare & Medicaid Services (CMS)--the agency that administers Medicare--estimated that the program made about $700 million in improper payments for durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS) from April 1, 2005, through March 31, 2006. To protect Medicare from improper DMEPOS payments, CMS relies on three Program Safeguard Contractors (PSC), and four contractors that process Medicare claims, to conduct critical program integrity activities. GAO was requested to examine CMS's and CMS's contractors' activities to prevent and minimize improper payments for DMEPOS, and describe CMS's oversight of PSC program integrity activities. To do this, GAO analyzed DMEPOS claims data by supplier and item to identify atypical, or large, increases in billing; reviewed CMS documents; and conducted interviews with CMS and contractor officials. GAO focused its work on contractors' automated prepayment controls and described related claims analysis functions.
To prevent and minimize improper DMEPOS payments, CMS's contractors conduct program integrity activities, which include performing medical reviews of certain claims before they are paid to determine whether the items meet criteria for Medicare coverage. As part of their efforts, CMS's contractors responsible for medical review use automated prepayment controls to deny claims that should not be paid or identify claims that should be reviewed. However, GAO found three shortfalls in these automated prepayment controls that make the Medicare program vulnerable to improper payments. (1) Contractors responsible for medical review did not have automated prepayment controls in place to identify questionable claims that are part of an atypically rapid increase in billing. (2) In some instances, these contractors did not have automated prepayment controls in place to identify claims for items unlikely to be prescribed in the course of routine quality medical care. CMS has recently begun an initiative to add controls of this kind for some DMEPOS items. (3) CMS does not require these contractors to share information on the most effective automated prepayment controls of the other contractors or consider adopting them. For example, Medicare might have saved almost $71 million in less than 2 years if one effective automated prepayment control designed to prevent Medicare from paying for more than one home-use hospital bed per month for a beneficiary, which was used by one of these contractors, had been used by the others. CMS oversees the PSCs' program integrity activities by providing written manuals and contracts to guide their work. As part of its oversight, CMS is implementing an annual contractor performance evaluation process, based on three evaluation tools, to assess each PSC's performance. CMS officials said that the agency will use the results of these evaluations to determine two things: whether to renew a PSC's contract, and whether a PSC may earn award fees--a monetary reward for good performance--in addition to the regular payments it receives under its contract.
RecommendationsOur recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director: Team: Phone:GAO-07-59, Medicare: Improvements Needed to Address Improper Payments for Medical Equipment and Supplies
This is the accessible text file for GAO report number GAO-07-59
entitled 'Medicare: Improvements Needed to Address Improper Payments
for Medical Equipment and Supplies' which was released on March 6,
2007.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to the Ranking Minority Member, Committee on Finance, U.S.
Senate:
United States Government Accountability Office:
GAO:
January 2007:
Medicare:
Improvements Needed to Address Improper Payments for Medical Equipment
and Supplies:
Medicare Supplier Improper Billing:
GAO-07-59:
GAO Highlights:
Highlights of GAO-07-59, a report to the Ranking Minority Member,
Committee on Finance, U.S. Senate
Why GAO Did This Study:
The Centers for Medicare & Medicaid Services (CMS)”the agency that
administers Medicare”estimated that the program made about $700 million
in improper payments for durable medical equipment, prosthetics,
orthotics, and supplies (DMEPOS) from April 1, 2005, through March 31,
2006. To protect Medicare from improper DMEPOS payments, CMS relies on
three Program Safeguard Contractors (PSC), and four contractors that
process Medicare claims, to conduct critical program integrity
activities. GAO was requested to examine CMS‘s and CMS‘s contractors‘
activities to prevent and minimize improper payments for DMEPOS, and
describe CMS‘s oversight of PSC program integrity activities. To do
this, GAO analyzed DMEPOS claims data by supplier and item to identify
atypical, or large, increases in billing; reviewed CMS documents; and
conducted interviews with CMS and contractor officials. GAO focused its
work on contractors‘ automated prepayment controls and described
related claims analysis functions.
What GAO Found:
To prevent and minimize improper DMEPOS payments, CMS‘s contractors
conduct program integrity activities, which include performing medical
reviews of certain claims before they are paid to determine whether the
items meet criteria for Medicare coverage. As part of their efforts,
CMS‘s contractors responsible for medical review use automated
prepayment controls to deny claims that should not be paid or identify
claims that should be reviewed. However, GAO found three shortfalls in
these automated prepayment controls that make the Medicare program
vulnerable to improper payments.
* Contractors responsible for medical review did not have automated
prepayment controls in place to identify questionable claims that are
part of an atypically rapid increase in billing.
* In some instances, these contractors did not have automated
prepayment controls in place to identify claims for items unlikely to
be prescribed in the course of routine quality medical care. CMS has
recently begun an initiative to add controls of this kind for some
DMEPOS items.
* CMS does not require these contractors to share information on the
most effective automated prepayment controls of the other contractors
or consider adopting them. For example, Medicare might have saved
almost $71 million in less than 2 years if one effective automated
prepayment control designed to prevent Medicare from paying for more
than one home-use hospital bed per month for a beneficiary, which was
used by one of these contractors, had been used by the others.
CMS oversees the PSCs‘ program integrity activities by providing
written manuals and contracts to guide their work. As part of its
oversight, CMS is implementing an annual contractor performance
evaluation process, based on three evaluation tools, to assess each
PSC‘s performance. CMS officials said that the agency will use the
results of these evaluations to determine two things: whether to renew
a PSC‘s contract, and whether a PSC may earn award fees”a monetary
reward for good performance”in addition to the regular payments it
receives under its contract.
What GAO Recommends:
GAO recommends that CMS require its contractors to develop automated
prepayment controls to identify potentially improper claims when
supplier billing reaches atypical levels and consider adopting the most
cost-effective controls of other contractors. CMS concurred with the
recommendations.
[Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-59].
To view the full product, including the scope and methodology, click on
the link above. For more information, contact Leslie G. Aronovitz,
(312) 220-7600 or aronovitzl@gao.gov.
[End of section]
Contents:
Letter:
Results in Brief:
Background:
CMS's Program Integrity Activities Could Be Enhanced:
CMS Oversees PSCs through Various Means, and Is Implementing Annual
Evaluations of Program Integrity Activities:
Conclusions:
Recommendations for Executive Action:
Agency Comments:
Appendix I: DMEPOS Regions and Associated DME MACs and PSCs:
Appendix II: Scope and Methodology:
Appendix III: Agency Comments:
Appendix IV: GAO Contact and Staff Acknowledgments:
Related GAO Products:
Tables:
Table 1: DMEPOS Claims Processing and Program Integrity Activities and
Associated Regional Contractor Type, as of January 2007:
Table 2: Examples of Medically Improbable Claims and Possible Edits to
Address Them:
Abbreviations:
CMS: Centers for Medicare & Medicaid Services:
DME: durable medical equipment:
DME MAC: Durable Medical Equipment Medicare Administrative Contractor:
DMEPOS: durable medical equipment, prosthetics, orthotics, and
supplies:
DMERC: Durable Medical Equipment Regional Carrier:
DOJ: Department of Justice:
FBI: Federal Bureau of Investigation:
HHS: Department of Health and Human Services:
JOA: Joint Operating Agreement:
NSC: National Supplier Clearinghouse:
OIG: Office of Inspector General:
PIM: Medicare Program Integrity Manual:
PSC: Program Safeguard Contractor:
SADMERC: Statistical Analysis Durable Medical Equipment Regional
Carrier:
United States Government Accountability Office:
Washington, DC 20548:
January 31, 2007:
The Honorable Charles E. Grassley:
Ranking Minority Member:
Committee on Finance:
United States Senate:
Dear Senator Grassley:
According to the most recent estimate from the Centers for Medicare &
Medicaid Services (CMS), from April 1, 2005, through March 31, 2006,
Medicare made about $700 million in improper payments for durable
medical equipment, prosthetics, orthotics, and supplies
(DMEPOS).[Footnote 1] This represents about 7.5 percent of its payments
for these items. Improper payments result from mistakes on the part of
those who bill Medicare, fraudulent activities, and abuse. Mistakes are
often due to clerical errors or a misunderstanding of program rules,
while fraud involves an intentional act or representation to deceive
with knowledge that the action or representation could result in gain.
Abuse typically involves actions that are inconsistent with acceptable
business and medical practices and result in unnecessary cost.[Footnote
2] Improper Medicare payments drain vital program dollars, to the
detriment of beneficiaries and taxpayers. Due in part to Medicare's
vulnerability to making improper payments, we have designated it as a
high-risk program since 1990.[Footnote 3]
To prevent or minimize improper payments for DMEPOS, CMS relies on
contractors to conduct program integrity activities in four DMEPOS
regions. CMS has entered into new contracts with three Program
Safeguard Contractors (PSC) to conduct these activities, as of March 1,
2006.[Footnote 4] The PSCs' program integrity activities include
analyzing data on submitted and paid claims to identify patterns of
improper or atypical billing; establishing automated prepayment
controls to deny claims that should not be paid or route them for
further review; conducting medical reviews[Footnote 5] of specific
claims to determine if they should be, or should have been, paid; and
carrying out benefit integrity activities--such as identifying,
investigating, and referring to law enforcement any DMEPOS supplier
suspected of submitting fraudulent claims for Medicare
payment.[Footnote 6] CMS also relies on the efforts of a Durable
Medical Equipment Regional Carrier (DMERC) and Durable Medical
Equipment Medicare Administrative Contractors (DME MAC)[Footnote 7] to
ensure that all needed information is included on a claim and to
collect overpayments.
You asked us to review CMS and its contractors' activities to address
improper DMEPOS payments. In this report, we (1) discuss CMS's and its
contractors' program integrity activities intended to prevent and
minimize improper payments for DMEPOS and (2) describe CMS's oversight
of PSC program integrity efforts.
To discuss the program integrity activities of CMS and its
contractors[Footnote 8] to prevent and minimize improper payments for
DMEPOS, we reviewed the automated prepayment controls--also referred to
as edits--which contractors introduce into their payment systems to
deny claims or flag them for medical review, and contractors' benefit
integrity activities. At the beginning of our review, three DMERCs and
a PSC performed these functions and after March 1, 2006, three PSCs
performed them. We included automated prepayment controls because they
are generally the contractors' first line of defense for avoiding
payment of improper claims, and we included benefit integrity
activities because they allow contractors to enlist federal law
enforcement agencies to act against suppliers who have defrauded
Medicare. We did not evaluate other aspects of medical review, which
can include analysis or examination of claims after payment, but we
discuss these functions in relation to automated prepayment controls
and benefit integrity activities. To review the adequacy of automated
prepayment controls, we analyzed national Medicare DMEPOS claims data
on atypical billing trends--particularly large increases in billing--by
supplier and by item for the first quarter of 2003 through the first
quarter of 2005. These data were provided to us by CMS's Statistical
Analysis Durable Medical Equipment Regional Carrier (SADMERC)--which is
responsible for performing statistical analyses on DMEPOS billing data
to identify potential fraud. We further analyzed Medicare DMEPOS claims
data from five states--California, Florida, Illinois, New York, and
Texas[Footnote 9]--and examined national claims data for suppliers and
items with atypical billing trends. We assessed the reliability of the
data sets used for these analyses and determined that each one was
sufficiently reliable for the purposes of this report. Further, we
interviewed CMS officials responsible for safeguarding the program, and
contractor staff responsible for conducting program integrity
activities in Regions A, C, and D,[Footnote 10] including the outgoing
DMERCs for Regions C and D,[Footnote 11] and the PSCs for Regions A, C,
and D. To learn more about the contractor transitions, we interviewed
staff at the DME MAC for Region A, whose contract was the only DME MAC
contract awarded within our chosen regions at the time of our
interviews. We also interviewed officials from SADMERC, and law
enforcement officials--from the Department of Health and Human Services
(HHS) Office of Inspector General (OIG), the Federal Bureau of
Investigation (FBI), and U.S. Attorney's Offices--that are responsible
for investigating and prosecuting Medicare fraud and abuse
cases.[Footnote 12] We reviewed relevant CMS documents, such as CMS's
Medicare Program Integrity Manual (PIM), which provides guidance for
Medicare contractors.
To describe CMS's oversight of PSC program integrity efforts, we
reviewed the PSCs' statement of work and task orders outlining their
duties,[Footnote 13] the PIM, and the evaluation tools that CMS will
use to assess PSC performance. We also interviewed CMS officials about
their oversight activities and efforts to minimize DMEPOS improper
payments. Appendix II includes a more detailed discussion of our scope
and methodology. We performed our work from June 2005 through January
2007 in accordance with generally accepted government auditing
standards.
Results in Brief:
The contractors' activities to prevent and minimize improper DMEPOS
payments fell short in three ways. First, the DMERCs and PSCs did not
have edits with predesignated thresholds in place to identify claims
for medical review that were part of an atypical increase in billing.
This resulted in losses to Medicare. For example, we found that from
the first quarter of 2003 through the first quarter of 2005, due to an
absence of threshold edits, 225 suppliers increased their billing to
Medicare by $500,000 and 50 percent from at least one 3-month period to
the next. In November 2004, the U.S. government won a default civil
judgment against 16 of these suppliers for filing false claims against
Medicare for services not rendered--after being paid almost $40 million
from January 2003 through September 2004. Establishing edits for when
such claims meet thresholds for atypical billing would have allowed
contractors to examine the claims before paying them and decrease
improper payments. Second, we identified three instances where
contractors did not have edits in place to identify items, and paid
claims for items, that are not likely to be prescribed in the course of
routine quality medical care. For example, a Medicare beneficiary who
has a prosthetic foot due to an amputation should not need a brace for
the limb that no longer exists. However, Medicare paid over $2 million
from October 2002 through March 2005 for beneficiaries' braces after
the program had paid for prosthetics for the same beneficiaries' legs,
feet, or ankles. Third, contractors are not required by CMS to share
information on their effective edits with contractors in other regions.
They also do not have to adopt edits that have been effective in these
other regions and that could be effective in their own. For instance,
we found that one effective edit restricted payment for home-use
hospital beds to only one per beneficiary per month. However, this edit
was used in only one region. If it had been used in the other three
regions, it could have saved Medicare almost $71 million from January
2003 through June 2005. Not all regions would benefit equally from
introducing new edits into their systems. In this example, the edit
would be most effective in two of the four regions because they
received more claims from suppliers that billed for multiple hospital
beds per beneficiary in a given month. In addition to using medical
review edits, contractors also conduct benefit integrity activities to
support law enforcement's investigation of suppliers who are suspected
of fraudulent billing. Although CMS officials expressed satisfaction
with contractors' benefit integrity performance, law enforcement
officials in Miami and Southern California with whom we spoke told us
that the contractors could be more effective if their supplier case
referrals were based on more recent data.
CMS oversees the PSCs' program integrity efforts by providing each PSC
with a statement of work, a specific task order, the PIM, and through
its monitoring and evaluation of the PSCs' activities. The agency has
completed an initial abbreviated evaluation for the three PSCs and is
implementing a comprehensive, annual evaluation of each PSC. CMS's
plans are to assess each PSC's general, medical review, and benefit
integrity performance. CMS will use the results of the annual
evaluations to determine whether to renew the PSC contracts and whether
each PSC is eligible to earn incentive rewards--called award fees--for
good performance, in addition to the regular payments it receives under
its contract.
To help prevent improper payments for DMEPOS, we recommend that the
Administrator of CMS take two actions. First, CMS should require the
PSCs to establish thresholds for, and develop automated prepayment
controls to address, unexplained increases in claims volume. Second, we
recommend that CMS require contractors to exchange information about,
and consider adopting, automated prepayment controls used by other
DMEPOS contractors that could reduce improper payments within their own
regions. CMS concurred with our recommendations and provided
information on a related initiative that it has begun. CMS also
suggested another activity that it plans to take as part of
implementing our recommendations. The Department of Justice (DOJ)
provided technical comments, which we incorporated as appropriate.
Background:
Medicare, which is administered by CMS--an agency within HHS--is the
federal program that helps pay for a variety of health care services
and items on behalf of about 42 million elderly and certain disabled
beneficiaries. Most Medicare beneficiaries participate in Part
B,[Footnote 14] which helps pay for certain physician, outpatient
hospital, laboratory, and other services; DMEPOS (such as oxygen,
wheelchairs, hospital beds, walkers, orthotics, prosthetics, and
surgical dressings); and certain outpatient drugs.[Footnote 15]
Medicare pays 80 percent of the cost of services and items covered
under Part B, and the beneficiary pays the balance. Beneficiaries
typically obtain DMEPOS items from suppliers, who submit claims to
Medicare on the beneficiaries' behalf. Suppliers include medical
equipment retail establishments, and also can include outpatient
providers, such as physicians and physical therapists.
DMEPOS suppliers are required by CMS to meet certain standards before
they are authorized to bill Medicare. These standards are intended to
ensure that suppliers engage in legitimate business practices and are
licensed and qualified to provide DMEPOS items and services in the
states in which they operate. CMS contracts with the National Supplier
Clearinghouse (NSC) to screen potential suppliers and enroll those that
comply with CMS standards into the Medicare program. In a previous
report, we found that NSC's efforts to verify compliance with the
standards were insufficient to ensure that only legitimate and
qualified suppliers could bill Medicare.[Footnote 16]
DMEPOS Claims Processing:
DMEPOS claims are handled by CMS contractors who are responsible for
processing and paying claims submitted to Medicare. To do this, they
ensure that all necessary information is included on a claim. Claims
processing contractors are responsible for paying DMEPOS claims and
recouping any payments that have been made in error. Prior to January
2006, CMS contracted with four DMERCs to handle DMEPOS claims
processing activities. Each DMERC was assigned to one of four
geographic regions--Region A, B, C, or D--and was responsible for
processing the DMEPOS claims of Medicare beneficiaries residing within
its region.[Footnote 17] The Medicare Prescription Drug, Improvement,
and Modernization Act of 2003 included provisions that required CMS to
implement competitive procedures to replace DMERCs with DME
MACs.[Footnote 18] In January 2006, CMS competitively selected four DME
MACs from a pool of applicants[Footnote 19] and began to transition
DMEPOS claims administration activities from the DMERCs to DME MACs. In
Regions A and B, the transition of these claims processing activities
was completed by July 1, 2006,[Footnote 20] but bid protests against
the selection of the Region C and D DME MACs delayed transitions in
these regions. As a result, claims processing activities did not
transition in Region D until September 30, 2006, and, as of January
2007, the DMERC in Region C was continuing to process claims.[Footnote
21]
DMEPOS Program Integrity:
DMEPOS program integrity activities are designed to protect the
Medicare program from improper payments. These program integrity
activities include medical reviews of claims and benefit integrity
efforts.
Medical Review:
Medical review is the examination of information on a DMEPOS claim, as
well as the examination of any supporting documentation associated with
the claim, to determine if a beneficiary's medical condition meets
Medicare's coverage criteria. Medical review can also include data
analyses of submitted and paid DMEPOS claims to identify billing
patterns that may be associated with improper Medicare payments. If
medical review reveals that an overpayment was made to a supplier, the
claims processing contractor that paid the claim is responsible for
collecting the overpayment from the supplier. Medical review findings
also help CMS contractors determine what instruction they may need to
provide to DMEPOS suppliers to inform them about Medicare program rules
and proper DMEPOS billing. Medical review often results from
contractors' use of edits to identify claims that require scrutiny, and
it can be performed before or after payment.
Benefit Integrity:
Benefit integrity is the investigation of suspected fraud and the
referral of suppliers to law enforcement for further investigation and
prosecution. In addition, benefit integrity activities include data
analysis of DMEPOS claims to identify improper billing that may
indicate fraud.
Prior to March 1, 2006, all medical review and benefit integrity
activities within Regions B, C, and D were conducted by each region's
DMERC. In Region A, these activities were conducted by a PSC. As of
March 1, 2006, the PSC in Region A also became responsible for
conducting the medical review and benefit integrity activities for
Region B. In Regions C and D, CMS selected two other PSCs--one for each
region--to conduct the medical review and benefit integrity activities
in each respective region. The PSC for each region is responsible for
partnering with its region's claims processing contractor when
conducting medical review and benefit integrity activities. By March 1,
2006, the transition of medical review and benefit integrity activities
from the DMERCs to the PSCs was completed.
Table 1 provides a summary of DMEPOS claims processing and program
integrity activities and the associated contractor types for these
activities, as of January 2007.
Table 1: DMEPOS Claims Processing and Program Integrity Activities and
Associated Regional Contractor Type, as of January 2007:
Type of contractor: Durable Medical Equipment Medicare Administrative
Contractor (DME MAC); Regions A, B, and D; [Empty];
Claims processing: Electronically processes claims; Pays suppliers and
recoups any overpayments;
Program integrity: Medical review: Not applicable;
Program integrity: Benefit integrity: Not applicable.
Type of contractor: Durable Medical Equipment Regional Carrier (DMERC);
Region C;
Claims processing: [Empty];
Program integrity: Medical review: [Empty];
Program integrity: Benefit integrity: [Empty].
Type of contractor: Program Safeguard Contractor (PSC); Regions A, B,
C, D;
Claims processing: Not applicable;
Program integrity: Medical review: Reviews submitted claims; Analyzes
regional claims data; Informs DME MAC or DMERC of overpayments;
Program integrity: Benefit integrity: Identifies and investigates
suspected fraud; Refers suspected fraud to law enforcement; Analyzes
regional claims data.
Source: GAO analysis of CMS Medicare Program Integrity Manual,
contractors' statements of work, and information from CMS contractors.
[End of table]
In addition to the contractors mentioned above, the SADMERC performs
analyses of national data on paid Medicare DMEPOS claims. The SADMERC
develops reports for CMS, CMS contractors, and law enforcement to
identify trends in payment and potential fraud. It often focuses its
analyses by examining a particular DMEPOS item, supplier, or referring
physician, or by analyzing claims in a specific region or other
geographic area.
CMS's Program Integrity Activities Could Be Enhanced:
Under CMS's direction, its contractors conduct program integrity
activities, such as developing the automated prepayment controls known
as edits that check claims before payment, and performing benefit
integrity tasks. However, the contractors' edits fell short in
preventing improper payments from being made. Specifically, the
contractors did not have edits that flagged atypical billing or
consistently identified claims that were medically improbable, and the
contractors also did not routinely share their successful edits with
the other contractors. Further, as a key aspect of the benefit
integrity activities, contractors provided case referrals about
suppliers to help law enforcement agencies investigate and prosecute
Medicare fraud. However, law enforcement officials stated that case
referrals would be more useful if they were based on more recent
information.
PSCs Identify Atypical Billing Patterns and Use Edits to Address
Improper Payments:
PSCs in each region analyze data on claims that have been paid in order
to identify potentially improper ones, which can be evidenced by
atypical billing patterns--such as a rapid growth in payments for a
particular DMEPOS item or provider. They also use results from CMS's
annual study of improperly paid claims[Footnote 22] to identify items
at risk of improper payment in their respective regions. The PSCs
decide on their approach to addressing potentially improper claims
based on the level of their resources and the scope of the identified
problems in their regions. Each PSC's approach is detailed in its
annual "medical review strategy," submitted to CMS for approval. Due to
the specific problems identified in each region, the PSCs' medical
review strategies can differ. As part of its strategy, each PSC is
required to design a comprehensive plan detailing how it will address
each problem it identifies, and reduce the rate of errors in claims
payment. PSCs continuously update their strategy as improper payment
problems are resolved and new ones are discovered.
To prevent and minimize improper payments for DMEPOS, PSCs rely on
automated prepayment controls--called edits. Edits automatically check
claims before payment to make sure that they appear to be valid. PSCs
are responsible for developing and implementing a specific type of
edit, called a medical review edit.[Footnote 23] Medical review edits
specifically allow a PSC to check that an item on a claim appears
medically necessary for the beneficiary under Medicare's coverage
criteria. Medical review edits can either lead to the automatic denial
of an improper claim, or subject a claim to a manual review. For
example, a medical review edit could be established to automatically
deny any claim submitted for specific items for a beneficiary if it had
been determined that the beneficiary's Medicare number was used
repeatedly on claims from different suppliers for DMEPOS items that the
beneficiary did not need. Alternatively, medical review edits can flag
claims for manual medical review before payment, which requires that a
PSC reviewer examine data on the claim, along with any related
supporting documentation.[Footnote 24] The reviewer determines whether
to allow the claim to continue through the payment process, obtain more
documentation, or deny the claim.
Gaps with Medical Review Edits Can Lead to Improper Payments:
We identified three gaps in medical review edits that could lead to
improper payments. First, DMERCs and the Region A PSC[Footnote 25]
generally did not have medical review edits in place to identify claims
associated with atypical billing patterns. Such billing patterns
involve rapid or dramatic increases in the billed amounts of claims.
Atypical billing patterns can involve legitimate claims, when, for
example, CMS expands the coverage rules for an item or service.
However, atypical billing patterns have often been associated with
improper claims and payments. Atypical billing patterns can appear with
claims (1) submitted by a particular supplier, (2) covering a
particular DMEPOS item, (3) based on referrals from the same
prescribing physician, (4) submitted on behalf of a particular
beneficiary, or (5) associated with atypical billing that is clustered
in a particular geographic area. The DMERC and PSC officials we
interviewed told us that they did not use medical review edits that
would routinely flag claims that had reached predesignated thresholds-
-such as ones that would signal an unusually large increase in payment
to a supplier. One contractor indicated that, depending on the
threshold set, introducing these types of edits could allow too many
claims to be flagged for medical review.
In the absence of threshold edits to avoid paying improper claims
associated with atypical billing patterns, the DMERCs paid claims that
represented large increases over historical billing amounts submitted.
For example, we found that from the first quarter of 2003 through the
first quarter of 2005, 225 suppliers increased their billing to
Medicare by $500,000 and 50 percent from at least one 3-month period to
the next.[Footnote 26] At least 38 of the 225 suppliers were under
criminal investigation during 2004. In November 2004, the U.S.
government won a default civil judgment of $366 million against 16 of
these suppliers.[Footnote 27] These suppliers had billed for services
not rendered and committed other offenses, and they had been paid
almost $40 million from January 2003 through September 2004. As of
December 2006, DOJ had collected about $738,000 from suppliers involved
in the case. HHS OIG investigators in Miami told us that it was not
uncommon for fraudulent suppliers to close up their businesses at the
first sign of an investigation or to quickly move their Medicare
payments out of their accounts in ways that are difficult to track. By
the time law enforcement can act against fraudulent suppliers, much of
the money gained from Medicare has disappeared and cannot be recouped.
We found that contractors paid claims that were medically improbable
because they did not have edits to flag them. Such claims represent
items unlikely to be prescribed, or unlikely to be prescribed in the
quantity billed, for a beneficiary as part of routine quality care. In
conjunction with the SADMERC, we identified three instances where
medically improbable claims were routinely being paid by Medicare for
more than a year. For example, if a Medicare beneficiary has a foot
amputated, that person would usually need a prosthetic foot for that
limb. As a result, the beneficiary should not also need a brace for a
limb that no longer exists. From October 2002 through March 2005,
Medicare paid over $2 million for beneficiaries' braces after the
program had paid for prosthetics within the last year for the same
beneficiaries' legs, feet or ankles. (See table 2 for two other
examples.) A SADMERC official told us that the contractors could
develop edits for medically improbable circumstances that could avoid
improper payments.
Table 2: Examples of Medically Improbable Claims and Possible Edits to
Address Them:
Type of claim: More than 500 glucose test strips per year for diabetics
who are not treated with insulin;
Why it is medically improbable: Clinical information and surveys of
beneficiaries indicate that noninsulin-treated diabetics generally do
not test their blood sugar level more than once per day;
Description of possible edit: A glucose test strip edit[A] would limit
diabetics who do not use insulin to 500 test strips per year (41 per
month)--a level which is more generous than the contractors' coverage
policies currently allow and would allow testing more than once a day.
If more than 500 test strips were billed in a year, the claims
processing system would deny the claims containing this code;
Payment amounts: CMS paid about $156 million for test strips in excess
of 500 per year for diabetic beneficiaries that were not treated with
insulin in 2003.[B].
Type of claim: Multiple claims for prosthetics provided for the same
body part;
Why it is medically improbable: According to the SADMERC medical
director, a beneficiary who receives a prosthesis for a specific body
part should not need multiple versions of the same prosthesis. On some
occasions, a beneficiary may need to be refitted, but no more than two
of the same prostheses per year should be necessary;
Description of possible edit: An edit for multiple prosthetics[C] would
limit the number of prostheses provided for the same body part for the
same beneficiary to two per year. If more than two occurrences were
billed in a year, the claims processing system would deny the claims
containing this code or flag the claims for prepayment manual medical
review;
Payment amounts: From October 2002 through March 2005, CMS paid almost
$500,000 to suppliers providing more than two of the same prostheses
for the same leg of the same beneficiary within a single year.
Source: GAO analysis of SADMERC data.
[A] The glucose test strip edit was developed by SADMERC and relies on
SADMERC data.
[B] SADMERC was able to determine whether beneficiaries were treated
with insulin based on the diagnosis information submitted on their
claims.
[C] The edit for multiple prosthetics was developed by GAO and relies
on SADMERC data.
[End of table]
In recognition of the value of edits to detect medically improbable
claims, CMS has begun a process to have its contractors implement such
edits. In January 2007, the agency plans to introduce 19 edits for
DMEPOS items, albeit not for the items described in table 2.[Footnote
28] These 19 edits will deny claims for DMEPOS items if a medically
improbable quantity of the item is listed on the claim for a single
beneficiary in one day. The agency plans to introduce additional edits
for more DMEPOS items and other services later in 2007.
Finally, CMS does not require its contractors to share information on
their edits with contractors in other regions or adopt edits that have
been effective in other contractors' regions. CMS requires each of its
contractors to develop and maintain its own edits. Contractors are free
to adopt or eliminate edits at their discretion based on such factors
as the effectiveness of an edit in reducing improper payments, the
added cost of implementing and maintaining an edit, and the presence or
absence of other, more costly, improper payments. CMS officials we
spoke with told us that CMS expects contractors to add edits at their
own discretion, based on their resources. CMS maintains a database
through which contractors provide information to the agency on the
effectiveness of their edits. At present, contractors do not have
access to other contractors' information in the database.
Our analysis found that if contractors were to adopt edits that have
been effective in other contractors' regions, they could likely reduce
their improper payments. For example, in 2005, the DMERC in Region C
had an edit in place to restrict payment for the same or similar types
of home-use hospital beds to one item per month per beneficiary, by
automatically denying any additional claims submitted for these items.
Our analysis identified a potential savings within Region C of $50.7
million from January 1, 2003, through June 30, 2005. Based on the
claims submitted over this time period in the other three regions, we
found that this edit could have generated an additional savings of up
to $70.6 million if it had been implemented in the other three
regions.[Footnote 29] Overall, our analysis of a sample of seven
edits[Footnote 30]--selected from a list of automated edits that was
provided in response to our request and included edits estimated to be
the most effective by the contractors that developed them--found that
each contractor had edits that could have denied up to an additional
$74.1 million in claims from January 2003 through June 2005, had all
seven edits been used by each contractor.[Footnote 31]
PSC Case Referrals to Law Enforcement Are a Key Aspect of Benefit
Integrity Activities:
Under their benefit integrity responsibilities, PSCs are expected to
identify and investigate cases of suspected fraud within their regions
and refer these cases to law enforcement for further investigation and
prosecution. A PSC's investigation can include examining medical and
other records associated with a particular claim or claims, questioning
beneficiaries about whether they received items that were billed, and
conducting site visits to suppliers' facilities. PSCs also use analysis
of claims data to look for atypical billing patterns and other factors
that may indicate fraud, such as the number of complaints against, or
prior investigations of, a supplier.
PSCs are required by CMS to refer cases of suspected fraud to the HHS
OIG for further investigation.[Footnote 32] PSCs are also required to
support law enforcement's investigation and prosecution of fraud by
providing supplier and beneficiary information and other relevant case-
related data, as requested by law enforcement entities. Along with
these tasks, the PSC statements of work outline other required
activities, including participating in regular case-related contact
with law enforcement, coordinating and participating in antifraud
conferences and related gatherings, updating a national database
maintained by CMS that tracks Medicare fraud, and providing educational
programs for law enforcement on contractor operations and Medicare
issues. Prior to the transfer of benefit integrity activities to PSCs
on March 1, 2006, DMERCs were responsible for these activities in three
of the four regions. In the fourth region--Region A--a PSC was
responsible for these activities prior to this date.
Our analysis of CMS contractor benefit integrity performance
evaluations from 2001 through 2005--the most recent years for which
these evaluations were available--generally found few serious problems.
According to these evaluations, the PSC in Region A and the DMERCs in
Regions B and C met most or all of CMS's benefit integrity requirements
in all years, with any problems identified by these evaluations labeled
as "minor." The DMERC in Region D--which no longer holds this
contract[Footnote 33]--met all benefit integrity requirements in two
recent evaluation periods (which covered October 1, 2003, through May
31, 2004, and October 1, 2004, through April 15, 2005). However, in
three earlier evaluation periods preceding October 1, 2003, CMS found
"major" problems relating to the DMERC's case referral activities, such
as less than timely development of cases and lack of documentation to
support case files.
Despite the PSC's and DMERCs' positive evaluations by CMS in recent
years, law enforcement officials we spoke with stated that the
contractors could have done more to support law enforcement activities.
For example, law enforcement officials we interviewed in Miami and
Southern California[Footnote 34] told us that, while they were
satisfied with the quality of information presented in the case
referrals, the case files often pertained to fraud that had occurred
too far in the past to be effectively investigated by the time the
referral was received. The Los Angeles FBI office as well as the U.S.
Attorney's office responsible for prosecuting Medicare fraud in the Los
Angeles area (Region D) told us that the typical case referral
submitted to the office for prosecution in 2005 related to suspect
suppliers whose peak billing activity occurred during 2003.[Footnote
35] The Miami FBI office and the U.S. Attorney's office responsible for
prosecuting Medicare fraud in the Miami area expressed similar concerns
on the timeliness of case referrals.
Law enforcement officials explained that when case referrals are made
after a supplier is no longer in business, investigating and
prosecuting the suspected fraud is difficult or even impossible because
law enforcement may not be able to locate the company's owners, its
records, or the Medicare funds it received. Law enforcement officials
we interviewed did not cite a single cause for the delays in contractor
referrals. Officials in Los Angeles attributed the delays to a lack of
on-site contractor presence in the Los Angeles area and on contractor
over-emphasis on producing polished referrals. Officials in Miami
attributed the delays to the referral process itself, citing too many
steps in the process, and some officials were uncertain as to the
cause. When we discussed these issues with CMS officials, however, they
did not raise concerns about the DMERCs' and PSC's effectiveness in
supporting law enforcement with comprehensive and timely referrals. On
the contrary, the officials we interviewed expressed satisfaction with
the DMERCs' and PSC's past performance.
CMS Oversees PSCs through Various Means, and Is Implementing Annual
Evaluations of Program Integrity Activities:
CMS has various means of overseeing PSCs' program integrity efforts. To
establish expectations and guidelines for the PSCs, and to monitor
their program integrity efforts, CMS relies on PSC statements of work,
the PIM, and PSCs' reports on their activities. The PSC statements of
work contain general information about the agency's expectations for
the PSCs, including a list of deliverables that each one is required to
provide to CMS. The PIM establishes the requirements and guidance that
the PSCs must follow when conducting their program integrity
activities. In addition, CMS staff monitor the PSCs' reports about
their activities. Examples of these reports include updated medical
review strategies and updates about the types of information requested
by law enforcement for its use in investigating and prosecuting
suppliers. After reviewing a contractor's reports, CMS may suggest
changes to a PSC, such as adjustments to its medical review strategy.
In addition, CMS has developed plans for annually evaluating the PSCs'
program integrity activities and is in the process of implementing
these evaluations. CMS has developed three evaluation tools to assess
each PSC's (1) general performance, (2) performance in conducting
medical review, and (3) performance in conducting benefit integrity
activities. The criteria used in each of the three evaluation tools
reflect the responsibilities described in the PIM and the PSCs'
statements of work. In May and June of 2006, CMS conducted an initial
evaluation of the first several months of the three PSCs'
work,[Footnote 36] using the general performance evaluation tool. In
May and June of 2007, CMS will conduct the first of a planned annual,
comprehensive, full-year evaluation of each PSC, including assessments
of its medical review and benefit integrity efforts. CMS officials said
that the agency will use the results to decide whether to renew a PSC's
contract.[Footnote 37] The officials also said that CMS will use these
results to determine whether a PSC may earn award fees--a monetary
performance reward for good performance--in addition to the regular
payments it receives under its contract.
The general performance evaluation tool is intended to assess the PSCs
in four overall areas: (1) the quality of their work and work products;
(2) their success in completing their work within an agreed upon
budget; (3) their ability to provide work products on time; and (4)
their ability to develop and maintain productive business relationships
with law enforcement and suppliers.
The medical review evaluation tool is intended to assess PSC
performance in reviewing claims before and after payment. For example,
the tool is designed to assess the degree to which a PSC reviewed
claims in accordance with the medical review strategy that the PSC
established for that year, and that had been approved by CMS. The tool
also is intended to verify the accuracy of medical review for each PSC
by using a sample of five claims that had received medical review from
the respective PSC. CMS officials told us that they are currently in
the process of determining whether a broader measure of a region's
improper payments will be reflected in the evaluations of PSC
performance in the future.
The benefit integrity evaluation tool is intended to assess a PSC's
investigations of suppliers suspected of fraud, development of supplier
case referrals for the HHS OIG, and assistance to law enforcement. For
instance, the benefit integrity evaluation tool requires evaluators to
assess whether a PSC maintains a documented audit trail of the actions
it has taken for each supplier investigation initiated. It also
requires an assessment of whether a PSC's case referrals to the HHS OIG
include all of the elements for law enforcement to pursue an
investigation.
Conclusions:
When CMS and its contractors fall short in protecting the Medicare
program, hundreds of millions of dollars can be lost to improper
payments for DMEPOS. The agency and its contractors conduct a number of
program integrity activities designed to prevent and minimize improper
payments for DMEPOS. However, we found that CMS's contractors did not
have sufficient automated prepayment controls to flag claims that are
part of unexplained increases in billing, or that were medically
improbable. Currently, the PSCs and DME MACs are not required to
exchange information about their successful automated prepayment
controls that could be effective in other regions. While PSCs have the
flexibility to implement prepayment controls that they consider to be
the most effective for their region, knowing about effective controls
in other regions could provide useful information when developing their
own. CMS's recent initiative to add automated prepayment controls that
would deny certain medically improbable claims is a positive step
towards reducing improper DMEPOS payments.
Recommendations for Executive Action:
We recommend that the Administrator of CMS take two actions:
* Require the PSCs to develop thresholds for unexplained increases in
billing--and use them to develop automated prepayment controls as one
component of their manual medical review strategies.
* Require the DME MACs, DMERC, and PSCs to exchange information on
their automated prepayment controls, and have each of these contractors
consider whether the automated prepayment controls developed by the
others could reduce their incidence of improper payments.
Agency Comments:
CMS provided comments on a draft of this report, agreed with both of
our recommendations, and stated that it has begun efforts to address
them. Specifically, CMS agreed with our recommendation to require PSCs
to develop thresholds for unexplained increases in billing and use them
in developing their automated prepayment controls. CMS responded that
it would build upon existing PSC processes for identifying billing
increases and would work to improve contractors' automated prepayment
controls. CMS also discussed a related initiative it has begun to
automatically deny or automatically suspend payment for services billed
in excess of medically probable amounts. CMS stated that this
initiative will address some of the issues that we raised in our
report. We consider this initiative to be one important aspect of
preventing improper payments for DMEPOS.
CMS also agreed with our recommendation to require the DME MACs, DMERC,
and PSCs to exchange information on their automated prepayment controls
and to have each of these contractors consider whether the controls
developed by the others could reduce their incidence of improper
payments. CMS responded that these contractors' Joint Operating
Agreements (JOA) provide a means through which information can be
shared among them, and stated that it believes the contractors are
currently coordinating their automated prepayment control processes.
CMS also said it would review the JOAs to ensure that information-
sharing requirements are clear and are being followed by the
contractors. This would be a good first step towards ensuring that
information sharing occurs and that the contractors are considering the
prepayment controls of other contractors when developing their own
prepayment controls.
CMS's comments appear in appendix III.
We provided DOJ with a draft of this report for its review. DOJ
provided us with technical comments, which we incorporated as
appropriate.
As agreed with your office, unless you publicly announce its contents
earlier, we plan no further distribution of this report until 30 days
after its date. We will then send a copy of this report to the
Secretary of HHS, the Administrator of CMS, and the Attorney General,
appropriate congressional committees, and other interested parties. We
will also make copies available to others upon request. This report
also will be available at no charge on GAO's Web site at
http://www.gao.gov.
If you or your staff have any questions about this report, please
contact me at (312) 220-7600 or aronovitzl@gao.gov. Contact points for
our Offices of Congressional Relations and Public Affairs may be found
on the last page of this report. GAO staff who made major contributions
to this report are listed in appendix IV.
Sincerely yours,
Signed by:
Leslie G. Aronovitz:
Director, Health Care:
[End of section]
Appendix I: DMEPOS Regions and Associated DME MACs and PSCs:
[See PDF for image]
Source: CMS, Map Resources (map).
[End of figure]
[End of section]
Appendix II: Scope and Methodology:
To discuss the program integrity activities of the Centers for Medicare
& Medicaid Services (CMS) and its contractors to prevent and minimize
improper payments made for durable medical equipment, prosthetics,
orthotics, and supplies (DMEPOS), we reviewed aspects of the
contractors' medical review and benefit integrity responsibilities. We
reviewed the automated prepayment controls--called edits--that
contractors introduce into their payment systems to deny claims or flag
them for medical review, and contractors' benefit integrity activities.
We included edits because they are generally the contractors' first
line of defense for avoiding payment of improper claims. We did not
evaluate other aspects of medical review, which can include analysis or
examination of claims after payment, but we discuss these functions in
relation to automated prepayment controls and benefit integrity
activities. We also included benefit integrity efforts--such as
referring potential cases to law enforcement--because these efforts
allow contractors to enlist federal law enforcement agencies to act
against suppliers who have defrauded Medicare. As part of our work, we
reviewed related GAO reports and CMS's Medicare Program Integrity
Manual (PIM), which establishes CMS's guidelines for contractors'
program integrity activities. We also conducted interviews with CMS
officials responsible for safeguarding Medicare, as well as contractor
officials responsible for program integrity activities in three of the
four DMEPOS regions--Regions A, C, and D.[Footnote 38] These contractor
officials included staff at the outgoing Durable Medical Equipment
Regional Carriers (DMERC) for Regions C and D,[Footnote 39] and the
incoming Program Safeguard Contractors (PSC) for Regions A, C, and D.
We interviewed staff at the incoming Durable Medical Equipment Medicare
Administrative Contractor (DME MAC) for Region A, which had the only
DME MAC contract within our selected regions that had been implemented
at the time of our interviews. We also interviewed contractor staff at
the Statistical Analysis Durable Medical Equipment Regional Carrier
(SADMERC)--a contractor which is responsible for performing statistical
analyses on national and regional DMEPOS billing data to identify
potential fraud.
In order to specifically review edits, we analyzed national Medicare
DMEPOS claims data on atypical billing trends for suppliers and items
for the first quarter of 2003 through the first quarter of 2005
generated by SADMERC. We performed further analyses on individual
Medicare DMEPOS claims data from the first quarter of 2003 through the
second quarter of 2005 from five states--California, Florida, Illinois,
New York, and Texas.[Footnote 40] We also obtained data from the
National Supplier Clearinghouse (NSC)--a contractor which is
responsible for enrolling suppliers in Medicare and revoking the
billing privileges of suppliers who do not comply with program
guidelines. We used the NSC data to obtain information on the
geographic location of the suppliers' companies, such as by zip code
and state, and to inform us as to whether the Medicare billing
privileges of certain suppliers were considered by the NSC to be
active, inactive, or revoked, as of October 3, 2005. In addition, we
used other analyses performed by SADMERC on national DMEPOS claims data
to simulate how many dollars might have been saved for periods of time
from 2002 through 2005 by adding certain edits into the payment system
to identify potential improper payments. We assessed the reliability of
the data sets used for these analyses by reviewing documentation
related to each data set, and we determined that each was sufficiently
reliable to address the issues in this report.
In order to specifically describe contractors' benefit integrity
efforts, we interviewed law enforcement officials on both the national
and local levels who are responsible for investigating and prosecuting
such cases, and for coordinating their efforts with the CMS
contractors. The officials we interviewed included those from
Department of Health and Human Services (HHS) Office of Inspector
General (OIG), who receive suspected fraud cases from Medicare
contractors and may opt to investigate the cases further; the Federal
Bureau of Investigation (FBI), which may opt to assist in the
investigation of Medicare fraud cases or open an independent
investigation on cases for which the HHS OIG has decided not to open an
investigation; and U.S. Attorney's offices, which are responsible for
the prosecution of Medicare fraud cases. In addition to interviewing
headquarters officials from these organizations, we also interviewed
local law enforcement officials from these agencies in Los Angeles,
California; Miami, Florida; and New York City, New York.
To describe CMS's oversight of its PSCs' program integrity efforts, we
reviewed the PIM, and the PSCs' statements of work, which describe the
terms of the PSC contracts. We also read CMS's PSC performance
evaluation tools, and interviewed CMS officials about PSC oversight. In
addition, we interviewed PSC contractors about CMS's oversight of its
PSCs. We performed our work from June 2005 through January 2007 in
accordance with generally accepted government auditing standards.
[End of section]
Appendix III: Agency Comments:
Department Of Health & Human Services:
Centers for Medicare & Medicaid Services:
Administrator:
Washington, DC 20201:
TO: Leslie G. Aronovitz:
Director, Health Care:
Government Accountability Office:
From: Leslie V. Norwalk, Esq.
Acting Administrator:
Subject: Government Accountability Office (GAO) Draft Report:
"Medicare: Improvements Needed to Address Improper Payments for Medical
Equipment and Supplies" (GAO-07-59):
Thank you for the opportunity to review and comment on the subject GAO
report. The Centers for Medicare & Medicaid Services (CMS) appreciates
the time the GAO has invested in this report on CMS and its
contractors' activities to minimize improper payments for durable
medical equipment, prosthetics, orthotics, and supplies (DMEPOS). CMS
is committed to improving the program integrity process to continually
reduce the amount of improper payments in the DMEPOS program. CMS
concurs with the GAO's recommendations and is already taking steps to
further automate its claims payment systems to prevent improper
payments.
A Medically Unlikely Edit (MUE) is defined as an edit that tests lines
for the same beneficiary, Health Care Common Procedure Code System
code, dates of service, and billing provider against a criterion number
of units of service. CMS' MUE initiative is being implemented in
phases. CMS implemented Phase I of the MUEs on January 2 for carrier
and Durable Medical Equipment Regional Carrier (DMERC) claims, and will
implement MUE Phase I for fiscal intermediary (FI) claims on February
5. The MUEs for carrier and DMERC claims auto-deny or auto-suspend
services with units of service billed in excess of the criterion number
of units of service, and the MUEs for FI claims Return to Provider
claims that contain lines that have units of service that exceed an MUE
criterion number of units of service. Phase I of the MUE Initiative has
installed edits to prevent anatomic medically unlikely events. For
example, the MUE for cataract surgery would be two since there are only
two eyes. The MUE for removal of a gall bladder would be one since
there is only one gall bladder. The set of MUEs based on anatomical
considerations addresses approximately 2,800 codes.
Phase II consists of edits based on additional anatomic considerations,
Current Procedural Terminology (CPT) code descriptors/CPT coding
instructions, CMS policies, nature of procedure/service, nature of
analytics, or nature of equipment and will be implemented in April
2007. For example, the MUE for wheelchairs under the nature of
equipment category would be one since a beneficiary can only use one
wheelchair per day. The set of edits included in Phase 11 will address
approximately 1.300 codes. The July 2007 release of MUEs will implement
durable medical equipment edits which will address some of the issues
identified by GAO in this report. There are approximately 11,000 codes
that MUEs will eventually address. Please note that CMS will provide a
revised table of MUEs on a quarterly basis.
GAO Recommendation:
Require the Program Safeguard Contractors (PSCs) to develop thresholds
for unexplained increases in billing and use them to develop automated
pre-payment controls as one component of their payment manual medical
review strategies.
CMS Response:
The CMS concurs with this recommendation and will build upon the
Agency's MUE efforts and the PSCs current processes for identifying
spike billings. We will consider ways to improve the contractor's
automated pre-payment controls in order to further enhance and
prioritize the contractor's medical review efforts.
GAO Recommendation:
Require the DME MACs, DMERC and PSCs to exchange information on their
automated pre-payment controls and have each of these contractors
consider whether the automated pre-payment controls developed by the
others could reduce their incidence of improper payments.
CMS Response:
Currently, CMS requires these contractors to have Joint Operating
Agreements (JOAs) attached to each of their contracts to specifically
outline the contact people and coordination points for sharing
information across contractors. We believe that contractors currently
coordinate their edit processes but we will review the contractor's
JOAs to ensure that this requirement is clear and that it is being
adequately followed.
Finally, the GAO report anecdotally mentions contractor support for law
enforcement activity. CMS welcomes additional information on this
suggestion, so that we may appropriately address any identified issues
between the PSCs and the law enforcement community.
The CMS thanks GAO for its efforts on this report. We look forward to
working together with you in the future as we address the
recommendations in this report.
[End of section]
Appendix IV: GAO Contact and Staff Acknowledgments:
GAO Contact:
Leslie G. Aronovitz, (312) 220-2600 or aronovitzl@gao.gov:
Acknowledgments:
In addition to the contact named above, Sheila K. Avruch, Assistant
Director; Ramsey L. Asaly; Kevin Dietz; Krister P. Friday; Kelli A.
Jones; Joy L. Kraybill; Suzanne M. Post; and Craig Winslow made key
contributions to this report.
[End of section]
Related GAO Products:
Medicare Integrity Program: Agency Approach for Allocating Funds Should
Be Revised. GAO-06-813. Washington, D.C.: September 6, 2006.
Medicare Payment: CMS Methodology Adequate to Estimate National Error
Rate. GAO-06-300. Washington, D.C.: March 24, 2006.
Medicare: More Effective Screening and Stronger Enrollment Standards
Needed for Medical Equipment Suppliers. GAO-05-656. Washington, D.C.:
September 22, 2005.
Medicare Contracting Reform: CMS's Plan Has Gaps and Its Anticipated
Savings Are Uncertain. GAO-05-873. Washington, D.C.: August 17, 2005.
Health Care Fraud and Abuse Control Program: Results of Review of
Annual Reports for Fiscal Years 2002 and 2003. GAO-05-134. Washington,
D.C.: April 29, 2005.
High-Risk Series: An Update. GAO-05-207. Washington, D.C.: January
2005.
Medicare: CMS's Program Safeguards Did Not Deter Growth in Spending for
Power Wheelchairs. GAO-05-43. Washington, D.C.: November 17, 2004.
Medicare: CMS Did Not Control Rising Power Wheelchair Spending. GAO-04-
716T. Washington, D.C.: April 28, 2004.
FOOTNOTES
[1] Medicare defines durable medical equipment (DME) as equipment that
serves a medical purpose, can withstand repeated use, is generally not
useful in the absence of an illness or injury, and is appropriate for
use in the home. DME includes items such as wheelchairs, hospital beds,
and walkers. Medicare defines prosthetic devices (other than dental) as
devices that are needed to replace a body part or function. Prosthetic
devices include artificial limbs and eyes and cardiac pacemakers.
Medicare defines orthotic devices to include leg, arm, back, and neck
braces that provide rigid or semirigid support to weak or deformed body
parts or restrict or eliminate motion in a diseased or injured part of
the body. Medicare-reimbursed supplies are items that are used in
conjunction with DME and are consumed during the use of the equipment-
-such as drugs used for inhalation therapy--or items that need to be
replaced on a frequent, usually daily, basis--such as surgical
dressings.
[2] 42 C.F.R. § 433.304 (2005).
[3] GAO, High-Risk Series: An Update, GAO-05-207 (Washington, D.C.:
Jan. 2005).
[4] The same PSC was awarded contracts for Regions A and B, which means
that a total of three PSCs hold contracts for the four regions.
Appendix I depicts the boundaries of each region.
[5] Medical reviews of submitted claims are conducted to determine if
beneficiaries' medical conditions meet Medicare coverage criteria. If
medical reviews identify a claim that should not have been paid, the
contractor that paid the claim is responsible for collecting the
overpayment.
[6] Prior to March 1, 2006, three Durable Medical Equipment Regional
Carriers (DMERC) and one PSC were under contract to conduct program
integrity activities for DMEPOS benefits.
[7] In 2006, CMS began implementing a plan to replace DMERCs with DME
MACs to process DMEPOS claims. As of January 2007, three DME MACs and a
DMERC were performing this activity. Each DMERC or DME MAC is
responsible for coordinating with the PSC that conducts program
integrity activities in its region.
[8] In this report, unless otherwise specified, the term contractors
refers to PSCs, DMERCs, and DME MACs.
[9] We obtained data from these states because they are each recognized
by CMS or law enforcement as having experienced Medicare fraud and
abuse.
[10] While DMERCs and DME MACs process claims in the four DMEPOS
regions, we chose to focus our work in Regions A, C, and D. We selected
Region A because it was the only DMEPOS region in which a PSC had
previously been contracted to conduct program integrity functions. We
selected Regions C and D because they each have one state--Florida and
California, respectively--which CMS and its contractors have identified
as experiencing a higher level of DMEPOS fraud and abuse than other
states.
[11] We did not interview DMERC staff for Region A because the
responsibility for program integrity activities in that region had
already been transferred to a PSC in 2001.
[12] We interviewed headquarters officials from these organizations, in
addition to representatives from their local offices in Los Angeles,
California; Miami, Florida; and New York City, New York. The HHS OIG is
responsible for investigating Medicare fraud; the FBI may assist in the
investigation of Medicare fraud cases or open an independent
investigation on cases for which the HHS OIG has decided not to open an
investigation; and U.S. Attorney's Offices are responsible for
prosecuting Medicare fraud cases.
[13] A statement of work is the portion of a contract that describes
the actual work to be carried out by the contractor by means of
specifications, performance dates, and quality requirements.
[14] Part B requires enrollees to pay a monthly premium for their Part
B coverage.
[15] Outpatient drugs covered under Part B include self-administered
drugs, such as certain immunosuppressive and oral anticancer drugs, and
drugs administered in conjunction with DME.
[16] For more information on NSC and DMEPOS supplier standards, see
GAO, Medicare: More Effective Screening and Stronger Enrollment
Standards Needed for Medical Equipment Suppliers, GAO-05-656
(Washington, D.C.: Sept. 22, 2005). See also Related GAO Products at
the end of this report.
[17] The four DMERCs were HealthNow New York, Inc. (Region A),
AdminaStar Federal, Inc. (Region B), Palmetto Government Benefits
Administrators, LLC (Region C), and CIGNA Government Services, LLC
(Region D). DMERCs only processed DMEPOS claims.
[18] Pub. L. No. 108-173, sec. 302(b), § 1847, 117 Stat. 2066, 2224-30
(to be codified at 42 U.S.C. § 1395w-3). For further information on
this contracting change, see GAO, Medicare Contracting Reform: CMS's
Plan Has Gaps and Its Anticipated Savings Are Uncertain, GAO-05-873
(Washington, D.C.: Aug. 17, 2005).
[19] This pool included DMERCs and other companies with experience
processing Medicare claims.
[20] The Region A DME MAC contract was awarded to National Heritage
Insurance Company and the Region B contract was awarded to AdminaStar
Federal, Inc.
[21] In Region D, CMS's award of the DME MAC contract to Noridian
Administrative Services, LLC, was upheld. CIGNA Gov't Servs., LLC, B-
297915, May 4, 2006. Transition of the Region D workload to the DME MAC
was completed by September 30, 2006. In Region C, a bid protest was
upheld and, as a result, CMS reopened discussions with parties under
consideration for award of the DME MAC contract. CIGNA Gov't Servs.,
LLC, B-297915.2, May 4, 2006. On September 28, 2006, CMS once again
awarded the contract, but this award was protested by the company that
had not received the contract. The bid protest was decided on January
16, 2007. The company that did not receive the contract has options for
further action, such as challenging the decision in the U.S. Court of
Federal Claims. CMS has not yet finalized its transition schedule for
Region C, as of January 2007.
[22] CMS monitors the accuracy of Part B claims payments through its
Comprehensive Error Rate Testing program. Beginning in 2003, CMS
published yearly reports on the accuracy of claims payments. See
Centers for Medicare & Medicaid Services, Improper Medicare FFS
Payments Long Report (Web Version) for November 2006 (Baltimore, Md.:
Nov. 2006) [Hyperlink,
https://www4.cms.hhs.gov/apps/er_report/preview_er_report_print.asp?from
=public&which=long&reportID=5 ](downloaded Nov. 16, 2006). See also
GAO, Medicare Payment: CMS Methodology Adequate to Estimate National
Error Rate, GAO-06-300 (Washington, D.C.: Mar. 24, 2006).
[23] Another type of edit--the claims processing edit--is designed and
put in place by DME MAC and DMERC staff to ensure that claims contain
complete information that is consistent with certain previously
submitted data and appear payable. The DME MACs and DMERC program the
claims processing system with claims processing edits to determine
whether to continue processing the claim for payment, deny it, or flag
it for review. For example, a claims processing edit can flag a claim
for review if it appears to be a duplicate of a previously processed
claim.
[24] Some DMEPOS items require that the supplier has a form signed by a
physician to certify that an item is needed for the beneficiary. A
reviewer can request this form be submitted to serve as proof that the
item is considered medically necessary.
[25] At the time our audit work on medical review edits was conducted,
only Region A had a PSC conducting program integrity activities.
[26] As a single example, in the fourth quarter of 2003, one Florida
supplier had an increase in billing of over 51,000 percent from the
prior quarter, from $4,486 to $2,307,236. In the next quarter, the
supplier's billing for DMEPOS products increased to $14,611,458.
Although many of the charges were denied, CMS paid the supplier over $5
million for DMEPOS claims from October 2003 through March 2004.
[27] A default judgment is rendered as a result of a party's failure to
appear in court or to answer a complaint.
[28] CMS plans to implement a total of 2,776 edits for Part B items and
services. These edits would automatically deny claims for Part B items
and services if a medically improbable quantity of the item or service
is billed for a single beneficiary as having been provided on the same
day.
[29] Our analysis also found that this edit did not lead to equal
amounts of savings in all DMEPOS regions and therefore was of more
potential value in some DMEPOS regions than in others. For example,
Region D showed a potential savings of $36.6 million; Region A, $18.1
million; and Region B, $15.9 million.
[30] Two of the seven edits examined wheelchair and commode seating
items and were developed by the Region A PSC. Four of the seven edits
examined oxygen delivery, respiratory assistance devices, nutrition to
be provided through feeding tubes, and hospital beds, and were
developed by the Region C DMERC. The final edit examined eyeglass lens
coatings and was developed by the Region D DMERC.
[31] These figures represent a maximum possible savings by assuming
that none of the claims denials generated by these edits would be
manually overridden. Further, if claims denials are subsequently
appealed and payment made to suppliers, an edit could be less effective
than a contractor's data would suggest.
[32] When the HHS OIG accepts a case referral from a PSC or other
source, it may investigate the case on its own or involve other federal
and state law enforcement entities in its investigation. After
completing its investigation, the HHS OIG refers each case to the U.S.
Attorney's Office. The U.S. Attorney's Office decides whether the case
should be prosecuted and is responsible for prosecution. If the HHS OIG
declines a case, however, the PSC has the option to refer it directly
to other federal or state law enforcement entities, such as the FBI or
a State Office of Attorney General.
[33] As noted earlier, the Region D contract was transitioned to
Noridian Administrative Services, LLC, as of September 30, 2006.
[34] These included officials from the Miami HHS OIG, U.S. Attorney's
and FBI offices, as well as officials from the HHS OIG, U.S.
Attorney's, and FBI offices responsible for the Los Angeles area.
[35] The U.S. Attorneys do not typically receive case referrals
directly from DMERCs, but rather from investigative agencies such as
the HHS OIG or the FBI, who receive the case directly from the DMERCs
and may further develop the case referral.
[36] CMS evaluated each PSC's total workload, rather than its efforts
in a particular region. Because one PSC holds the contracts for both
Regions A and B, that PSC received a single evaluation.
[37] The PSCs each have a 5-year contract. This includes an option for
CMS to review the contract each year during its 5-year time frame and
renew the contract for the next year. If CMS is satisfied with the
PSC's performance, it can renew the contract for 1 year, up to four
times, without having to open the contract to competition.
[38] We selected Region A because it was the only DMEPOS region in
which a program safeguard contractor (PSC) was already conducting
program integrity functions when we began our work. We selected Regions
C and D because they each have one state--Florida and California,
respectively--which CMS and its contractors have identified as
experiencing a higher level of DMEPOS fraud and abuse than other
states.
[39] We did not interview the DMERC for Region A because the program
integrity activities in that region were already being conducted by a
PSC.
[40] We obtained data from these states because they are each
recognized by CMS or law enforcement as states which have experienced
Medicare fraud and abuse.
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site.
To have GAO e-mail you a list of newly posted products every afternoon,
go to www.gao.gov and select "Subscribe to Updates."
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office 441 G Street NW, Room LM
Washington, D.C. 20548:
To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125
Washington, D.C. 20548:
Public Affairs:
Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548:
