Fraud Detection Systems
Centers for Medicare and Medicaid Services Needs to Expand Efforts to Support Program Integrity Initiatives
Gao ID: GAO-12-292T December 7, 2011
The Centers for Medicare and Medicaid Services (CMS) is responsible for administering and safeguarding its programs from loss of funds. As GAO reported in June 2011, CMS utilizes automated systems and tools to help improve the detection of improper payments for fraudulent, wasteful, and abusive claims. To integrate claims information and improve its ability to detect fraud, waste, and abuse in these programs, CMS initiated two information technology system programs: the Integrated Data Repository (IDR) and One Program Integrity (One PI). GAO was asked to testify on its earlier report that examined CMS's efforts to protect the integrity of the Medicare and Medicaid programs through the use of information technology. In that prior study, GAO assessed the extent to which IDR and One PI have been developed and implemented, and CMS's progress toward achieving its goals and objectives for using these systems to detect fraud, waste, and abuse.
GAO previously reported that CMS had developed and begun using both IDR and One PI, but had not incorporated into IDR all data as planned. IDR is intended to be the central repository of Medicare and Medicaid data needed to help CMS and states' program integrity staff and contractors prevent and detect improper payments. Program integrity analysts use these data to identify patterns of unusual activities or transactions that may indicate fraudulent charges or other types of improper payments. IDR has been operational and in use since September 2006 but did not include all the data that were planned to be incorporated by fiscal year 2010. For example, IDR included most types of Medicare claims data, but not the Medicaid data needed to help analysts detect improper payments of Medicaid claims. According to program officials, these data were not incorporated because of obstacles introduced by technical issues and delays in funding. Until the agency finalizes plans and develops reliable schedules for efforts to incorporate these data, CMS may face additional delays in making available all the data that are needed to support enhanced Medicare and Medicaid program integrity efforts. Additionally, CMS had not taken steps to ensure widespread use of One PI to enhance efforts to detect fraud, waste, and abuse. One PI is a web-based portal that is to provide CMS staff and contractors, and Medicaid analysts with a single source of access to data contained in IDR, as well as tools for analyzing those data. While One PI had been developed and deployed to users, no Medicaid analysts and only a few Medicare program integrity analysts were trained and using the system. Specifically, One PI program officials planned for 639 program integrity analysts, including 130 Medicaid analysts, to be using the system by the end of fiscal year 2010; however, as of October 2010, only 41--less than 7 percent--were actively using the portal and tools. According to program officials, the agency's initial training plans were insufficient and, as a result, they were not able to train the intended community of users. Until program officials finalize plans and develop reliable schedules for training users and expanding the use of One PI, the agency may continue to experience delays in reaching widespread use of the system. While CMS had made progress toward its goals to provide a single repository of data and enhanced analytical capabilities for program integrity efforts, the agency was not yet positioned to identify, measure, and track benefits realized from its efforts. As a result, it was unknown whether IDR and One PI as implemented had provided financial benefits. According to IDR officials, they did not measure benefits realized from increases in the detection rate for improper payments because they relied on business owners to do so; One PI officials stated that, because of the limited use of that system, there were not enough data to measure and gauge the program's success toward achieving the $21 billion in financial benefits that the agency projected. GAO is not making new recommendations at this time. GAO recommended in June 2011 that CMS take actions to finalize plans and schedules for achieving widespread use of IDR and One PI, and to define measurable benefits. CMS concurred with GAO's recommendations.
GAO-12-292T, Fraud Detection Systems: Centers for Medicare and Medicaid Services Needs to Expand Efforts to Support Program Integrity Initiatives
This is the accessible text file for GAO report number GAO-12-292T
entitled 'Fraud Detection Systems: Centers for Medicare and Medicaid
Services Needs to Expand Efforts to Support Program Integrity
Initiatives' which was released on December 7, 2011.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as
part of a longer term project to improve GAO products' accessibility.
Every attempt has been made to maintain the structural and data
integrity of the original printed product. Accessibility features,
such as text descriptions of tables, consecutively numbered footnotes
placed at the end of the file, and the text of agency comment letters,
are provided but may not exactly duplicate the presentation or format
of the printed version. The portable document format (PDF) file is an
exact electronic replica of the printed version. We welcome your
feedback. Please E-mail your comments regarding the contents or
accessibility features of this document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
United States Government Accountability Office:
GAO:
Testimony before the Subcommittees on Government Organization,
Efficiency and Financial Management; and Health Care, District of
Columbia, Census and the National Archives; Committee on Oversight and
Government Reform, House of Representatives:
For Release on Delivery:
Expected at 10:00 a.m. EST:
Wednesday, December 7, 2011:
Fraud Detection Systems:
Centers for Medicare and Medicaid Services Needs to Expand Efforts to
Support Program Integrity Initiatives:
Statement of Valerie C. Melvin, Director:
Information Management and Technology Resources Issues:
GAO-12-292T:
GAO Highlights:
Highlights of GAO-12-292T, a testimony for Subcommittees of the
Committee on Oversight and Government Reform, House of Representatives.
Why GAO Did This Study:
The Centers for Medicare and Medicaid Services (CMS) is responsible
for administering and safeguarding its programs from loss of funds. As
GAO reported in June 2011, CMS utilizes automated systems and tools to
help improve the detection of improper payments for fraudulent,
wasteful, and abusive claims. To integrate claims information and
improve its ability to detect fraud, waste, and abuse in these
programs, CMS initiated two information technology system programs:
the Integrated Data Repository (IDR) and One Program Integrity (One
PI).
GAO was asked to testify on its earlier report that examined CMS‘s
efforts to protect the integrity of the Medicare and Medicaid programs
through the use of information technology. In that prior study, GAO
assessed the extent to which IDR and One PI have been developed and
implemented, and CMS‘s progress toward achieving its goals and
objectives for using these systems to detect fraud, waste, and abuse.
What GAO Found:
GAO previously reported that CMS had developed and begun using both
IDR and One PI, but had not incorporated into IDR all data as planned.
IDR is intended to be the central repository of Medicare and Medicaid
data needed to help CMS and states‘ program integrity staff and
contractors prevent and detect improper payments. Program integrity
analysts use these data to identify patterns of unusual activities or
transactions that may indicate fraudulent charges or other types of
improper payments. IDR has been operational and in use since September
2006 but did not include all the data that were planned to be
incorporated by fiscal year 2010. For example, IDR included most types
of Medicare claims data, but not the Medicaid data needed to help
analysts detect improper payments of Medicaid claims. According to
program officials, these data were not incorporated because of
obstacles introduced by technical issues and delays in funding. Until
the agency finalizes plans and develops reliable schedules for efforts
to incorporate these data, CMS may face additional delays in making
available all the data that are needed to support enhanced Medicare
and Medicaid program integrity efforts.
Additionally, CMS had not taken steps to ensure widespread use of One
PI to enhance efforts to detect fraud, waste, and abuse. One PI is a
web-based portal that is to provide CMS staff and contractors, and
Medicaid analysts with a single source of access to data contained in
IDR, as well as tools for analyzing those data. While One PI had been
developed and deployed to users, no Medicaid analysts and only a few
Medicare program integrity analysts were trained and using the system.
Specifically, One PI program officials planned for 639 program
integrity analysts, including 130 Medicaid analysts, to be using the
system by the end of fiscal year 2010; however, as of October 2010,
only 41-”less than 7 percent-”were actively using the portal and
tools. According to program officials, the agency‘s initial training
plans were insufficient and, as a result, they were not able to train
the intended community of users. Until program officials finalize
plans and develop reliable schedules for training users and expanding
the use of One PI, the agency may continue to experience delays in
reaching widespread use of the system.
While CMS had made progress toward its goals to provide a single
repository of data and enhanced analytical capabilities for program
integrity efforts, the agency was not yet positioned to identify,
measure, and track benefits realized from its efforts. As a result, it
was unknown whether IDR and One PI as implemented had provided
financial benefits. According to IDR officials, they did not measure
benefits realized from increases in the detection rate for improper
payments because they relied on business owners to do so; One PI
officials stated that, because of the limited use of that system,
there were not enough data to measure and gauge the program‘s success
toward achieving the $21 billion in financial benefits that the agency
projected.
What GAO Recommends:
GAO is not making new recommendations at this time. GAO recommended in
June 2011 that CMS take actions to finalize plans and schedules for
achieving widespread use of IDR and One PI, and to define measurable
benefits. CMS concurred with GAO‘s recommendations.
View [hyperlink, http://www.gao.gov/products/GAO-12-282T] or key
components. For more information, contact Valerie Melvin at (202) 512-
6304 or melvinv@gao.gov. [End of section]
Chairmen Platts and Gowdy, Ranking Members Towns and Davis, and
Members of the Subcommittees:
I am pleased to participate in today's hearing on fraud and improper
payments in the Medicaid program. At your request, my testimony will
focus on our report earlier this year that examined the Centers for
Medicare and Medicaid Services' (CMS) efforts to protect the integrity
of the Medicare and Medicaid programs through the use of information
technology. Specifically, in June 2011 we reported on CMS's
utilization of automated systems and tools to help improve the
detection of fraudulent, wasteful, and abusive claims that contribute
to the billions of taxpayers' dollars lost each year to improper
payments within these programs.[Footnote 1]
Operating within the Department of Health and Human Services, CMS
conducts reviews to prevent improper payments before Medicare and
Medicaid claims are paid and to detect claims that were paid in error.
These activities are predominantly carried out by contractors who,
along with CMS personnel, use various information technology solutions
to consolidate and analyze data to help identify the improper payment
of claims. For example, these program integrity analysts may use
software tools to access data about claims and then use those data to
identify patterns of unusual activities by attempting to match
services with patients' diagnoses.
In 2006, CMS initiated activities to centralize and make more
accessible the data needed to conduct these analyses and to improve
the analytical tools available to its own and contractor analysts. Our
June 2011 report discussed two of these initiatives--the Integrated
Data Repository (IDR), which is intended to provide a single source of
data related to Medicare and Medicaid claims, and the One Program
Integrity (One PI) system, a web-based portal[Footnote 2] and suite of
analytical software tools used to extract data from IDR and enable
complex analyses of these data. According to CMS officials responsible
for developing and implementing IDR and One PI, the agency had spent
approximately $161 million on these initiatives by the end of fiscal
year 2010.
My testimony summarizes the results of our prior study, which
specifically assessed the extent to which IDR and One PI had been
developed and implemented, and CMS‘s progress toward achieving its
goals and objectives for using these systems to detect fraud, waste,
and abuse. The information presented is based primarily on our
previous work at CMS. Additional information on our scope and
methodology is available in the issued report.[Footnote 3] We also
obtained and conducted a review of more recent documentation
pertaining to the agency‘s efforts to develop and implement the
systems. We conducted this work in support of our testimony during
November and December 2011 at CMS headquarters in Baltimore,
Maryland. All work on which this testimony is based was conducted
in accordance with generally accepted government auditing standards.
Background:
Like financial institutions, credit card companies, telecommunications
firms, and other private sector companies that take steps to protect
customers' accounts, CMS uses information technology to help predict
or detect cases of improper claims and payments. For more than a
decade, the agency and its contractors have used automated software
tools to analyze data from various sources to detect patterns of
unusual activities or financial transactions that indicate payments
could be made for fraudulent charges or improper payments. For
example, to identify unusual billing patterns and support
investigations and referrals for prosecutions of cases, analysts and
investigators access information about key actions taken to process
claims as they are filed and the specific details about claims already
paid. This would include accessing information on claims as they are
billed, adjusted, and paid or denied; check numbers on payments of
claims; and other specific information that could help establish
provider intent.
CMS uses many different means to store and manipulate data and, since
the establishment of the agency's program integrity initiatives in the
1990s, has built multiple disparate databases and analytical software
tools to meet individual and unique needs of various programs within
the agency. In addition, data on Medicaid claims are scattered among
the states in multiple systems and data stores, and are not readily
available to CMS. According to agency program documentation, these
geographically distributed, regional approaches to storing and
analyzing data result in duplicate data and limit the agency's ability
to conduct analyses of data on a nationwide basis.
CMS has been working for most of the past decade to consolidate its
disparate data and analytical tools. The agency's efforts led to the
IDR and One PI programs, which are intended to provide CMS and its
program integrity contractors with a centralized source of Medicare
and Medicaid data and a web-based portal and set of analytical tools
by which these data can be accessed and analyzed to help detect cases
of fraud, waste, and abuse.
CMS's Initiative to Develop a Centralized Source of Medicare and
Medicaid Data:
In 2006, CMS officials expanded the scope of a 3-year-old data
modernization strategy to not only modernize data storage technology,
but also to integrate Medicare and Medicaid data into a centralized
repository so that CMS and its partners could access the data from a
single source. They called the expanded program IDR.
According to program officials, the agency's vision was for IDR to
become the single repository for CMS's data and enable data analysis
within and across programs. Specifically, this repository was to
establish the infrastructure for storing data related to Medicaid and
Medicare Parts A, B, and D claims processing,[Footnote 4] as well as a
variety of other agency functions, such as program management,
research, analytics, and business intelligence. CMS envisioned an
incremental approach to incorporating data into IDR. Specifically, it
intended to incorporate data related to paid claims for Medicare Part
D by the end of fiscal year 2006, and for Medicare Parts A and B by
the end of fiscal year 2007. The agency also planned to begin to
incrementally add all Medicaid data for the 50 states in fiscal year
2009 and to complete this effort by the end of fiscal year 2012.
Initial program plans and schedules also included the incorporation of
additional data from legacy CMS claims-processing systems that store
and process data related to the entry, correction, and adjustment of
claims as they are being processed, along with detailed financial data
related to paid claims. According to program officials, these data,
called "shared systems" data, are needed to support the agency's plans
to incorporate tools to conduct predictive analysis of claims as they
are being processed, helping to prevent improper payments. Shared
systems data, such as check numbers and amounts related to claims that
have been paid, are also needed by law enforcement agencies to help
with fraud investigations. CMS initially planned to have all the
shared systems data included in IDR by July 2008.
Table 1, presented in our prior report, summarized CMS's original
planned dates and actual dates for incorporating the various types of
data into IDR as of the end of fiscal year 2010.
Table 1: Data Incorporated into IDR as of the End of Fiscal Year 2010:
Type of data: Medicare Part D;
Original planned date: January 2006;
Actual date: January 2006.
Type of data: Medicare Part B;
Original planned date: September 2007;
Actual date: May 2008.
Type of data: Medicare Part A;
Original planned date: September 2008;
Actual date: May 2008.
Type of data: Shared systems;
Original planned date: July 2008;
Actual date: Not incorporated (planned for November 2011).
Type of data: Medicaid for 5 states;
Original planned date: September 2009;
Actual date: Not incorporated (planned for September 2014).
Type of data: Medicaid for 20 states;
Original planned date: September 2010;
Actual date: Not incorporated (planned for September 2014).
Type of data: Medicaid for 35 states;
Original planned date: September 2011;
Actual date: Not incorporated (planned for September 2014).
Type of data: Medicaid for 50 states;
Original planned date: September 2012;
Actual date: Not incorporated (planned for September 2014).
Source: GAO analysis of CMS data.
[End of table]
CMS's Initiative to Develop and Implement Analytical Tools for
Detecting Fraud, Waste, and Abuse:
Also in 2006, CMS initiated the One PI program with the intention of
developing and implementing a portal and software tools that would
enable access to and analysis of claims, provider, and beneficiary
data from a centralized source. The agency's goal for One PI was to
support the needs of a broad program integrity user community,
including agency program integrity personnel and contractors who
analyze Medicare claims data, along with state agencies that monitor
Medicaid claims. To achieve its goal, CMS officials planned to
implement a tool set that would provide a single source of information
to enable consistent, reliable, and timely analyses and improve the
agency's ability to detect fraud, waste, and abuse. These tools were
to be used to gather data from IDR about beneficiaries, providers, and
procedures and, combined with other data, find billing aberrancies or
outliers. For example, an analyst could use software tools to identify
potentially fraudulent trends in ambulance services by gathering the
data about claims for ambulance services and medical treatments, and
then use other software to determine associations between the two
types of services. If the analyst found claims for ambulance travel
costs but no corresponding claims for medical treatment, it might
indicate that further investigation could prove that the billings for
those services were fraudulent.
According to agency program planning documentation, the One PI system
was also to be developed incrementally to provide access to IDR data,
analytical tools, and portal functionality. CMS planned to implement
the One PI portal and two analytical tools for use by program
integrity analysts on a widespread basis by the end of fiscal year
2009. The agency engaged contractors to develop the system.
IDR and One PI Were in Use, but Lacked Data and Functionality
Essential to CMS's Program Integrity Efforts:
IDR had been in use by CMS and its contractors who conduct Medicare
program integrity analysis since September 2006 and incorporated data
related to claims for reimbursement of services under Medicare Parts
A, B, and D. According to program officials, the integration of these
data into IDR established a centralized source of data previously
accessed from multiple disparate system files.
However, although the agency had been incorporating data from various
data sources since 2006, our prior report noted that IDR did not
include all the data that were planned to be incorporated by the end
of 2010 and that are needed to support enhanced program integrity
initiatives. For example, IDR did not include the Medicaid data that
are critical to analysts' ability to detect fraud, waste, and abuse in
this program. While program officials initially planned to incorporate
20 states' Medicaid data into IDR by the end of fiscal year 2010, the
agency had not incorporated any of these data into the repository.
Program officials told us that the original plans and schedules for
obtaining Medicaid data did not account for the lack of funding for
states to provide Medicaid data to CMS, or the variations in the types
and formats of data stored in disparate state Medicaid systems.
Consequently, the officials were not able to collect the data from the
states as easily as they expected and did not complete this activity
as originally planned.
In December 2009, CMS initiated another agencywide program intended
to, among other things, identify ways to collect Medicaid data from
the many disparate state systems and incorporate the data into a
single data store. As envisioned by CMS, this program, the Medicaid
and Children's Health Insurance Program Business Information and
Solutions (MACBIS) program, was to include activities in addition to
providing expedited access to current data from state Medicaid
programs. According to agency planning documentation, as a result of
efforts to be initiated under the MACBIS program, CMS would
incorporate Medicaid data for all 50 states into IDR by the end of
fiscal year 2014.
However, program officials had not defined plans and reliable
schedules for incorporating these data into IDR. Until the agency does
so, it cannot ensure that current development, implementation, and
deployment efforts will provide the data and technical capabilities
needed to enhance efforts to detect potential cases of fraud, waste,
and abuse.
In addition to the Medicaid data, initial program integrity
requirements included the incorporation of the shared systems data by
July 2008; however, all of these data had not been added to IDR.
According to IDR program officials, the shared systems data were not
incorporated as planned because funding for the development of the
software and acquisition of the hardware needed to meet this
requirement was not approved until the summer of 2010. Subsequently,
IDR program officials developed project plans and identified user
requirements. In updating us on the status of this activity, the
officials told us in November 2011 that they began incorporating
shared systems data in September 2011 and plan to make them available
to program integrity analysts in spring 2012.
Beyond the IDR initiative, CMS program integrity officials had not
taken appropriate actions to ensure the use of One PI on a widespread
basis for program integrity purposes. According to program officials,
the system was deployed to support Medicare program integrity goals in
September 2009 as originally planned and consisted of a portal that
provided web-based access to software tools used by CMS and contractor
analysts to retrieve and analyze data stored in IDR. As implemented,
the system provided access to two analytical tools--a commercial off-
the-shelf decision support tool that is used to perform data analysis
to, for example, detect patterns of activities that may identify or
confirm suspected cases of fraud, waste, or abuse, and another tool
that provides users extended capabilities to perform more complex
analyses of data. For example, it allows the user to customize and
create ad hoc queries of claims data across the three Medicare plans.
However, while program officials deployed the One PI portal and two
analytical tools, the system was not being used as widely as planned
because CMS and contractor analysts had not received the necessary
training. In this regard, program planning documentation from August
2009 indicated that One PI program officials had planned for 639
analysts to be trained and using the system by the end of fiscal year
2010, including 130 analysts who conduct reviews of Medicaid claims.
[Footnote 5] However, CMS confirmed that by the end of October 2010,
only 42 Medicare analysts who were intended to use One PI had been
trained, with 41 actively using the portal and tools. These users
represented fewer than 7 percent of the users originally intended for
the program.
Further, no Medicaid analysts had been trained to use the system.
While the use of One PI cannot be fully optimized for Medicaid
integrity purposes until the states' Medicaid claims data are
incorporated into IDR, the tools provided by the system could be used
to supplement data currently available to Medicaid program integrity
analysts and to enhance their ability to detect payments of fraudulent
claims. For example, with training, Medicaid analysts may be able to
compare data from their state systems to Medicare claims data in IDR
to identify duplicate claims for the same service.
Program officials responsible for implementing the system acknowledged
that their initial training plans and efforts had been insufficient
and that they had consequently initiated activities and redirected
resources to redesign the One PI training plan in April 2010; they
began to implement the new training program in July of that year.
As we reported in June, One PI officials stated that 62 additional
analysts had signed up to be trained in 2011, and that the number of
training classes for One PI had been increased from two to four per
month. Agency officials, in commenting on our report, stated that
since January 2011, 58 new users had been trained; however, they did
not identify an increase in the number of actual users of the system.
[Footnote 6]
Nonetheless, while these activities indicated some progress toward
increasing the number of One PI users, the number of users reported to
be trained and using the system represented a fraction of the
population of 639 intended users. Moreover, One PI program officials
had not yet made detailed plans and developed schedules for completing
training of all the intended users. Agency officials concurred with
our conclusion that CMS needed to take more aggressive steps to ensure
that its broad community of analysts is trained, including those who
conduct analyses of Medicaid claims data. Until it does so, the use of
One PI may remain limited to a much smaller group of users than the
agency intended and CMS will continue to face obstacles in its efforts
to deploy One PI for widespread use throughout its community of
program integrity analysts.
CMS Was Not Yet Positioned to Identify Financial Benefits or to Fully
Meet Program Integrity Goals and Objectives through the Use of IDR and
One PI:
Because IDR and One PI were not being used as planned, CMS officials
were not in a position to determine the extent to which the systems
were providing financial benefits or supporting the agency's
initiatives to meet program integrity goals and objectives. As we have
reported, agencies should forecast expected benefits and then measure
actual financial benefits accrued through the implementation of IT
programs.[Footnote 7] Further, the Office of Management and Budget
(OMB) requires agencies to report progress against performance
measures and targets for meeting them that reflect the goals and
objectives of the programs.[Footnote 8] To do this, performance
measures should be outcome-based and developed with stakeholder input,
and program performance must be monitored, measured, and compared to
expected results so that agency officials are able to determine the
extent to which goals and objectives are being met. In addition,
industry experts describe the need for performance measures to be
developed with stakeholders' input early in a project's planning
process to provide a central management and planning tool and to
monitor the performance of the project against plans and stakeholders'
needs.
While CMS had shown some progress toward meeting the programs' goals
of providing a centralized data repository and enhanced analytical
capabilities for detecting improper payments due to fraud, waste, and
abuse, the implementation of IDR and One PI did not yet position the
agency to identify, measure, and track financial benefits realized
from reductions in improper payments as a result of the implementation
of either system. For example, program officials stated that they had
developed estimates of financial benefits expected to be realized
through the use of IDR. Their projection of total financial benefits
was reported to be $187 million, based on estimates of the amount of
improper payments the agency expected to recover as a result of
analyzing data provided by IDR. With estimated life cycle program
costs of $90 million through fiscal year 2018, the resulting net
benefit expected from implementing IDR was projected to be $97
million. However, as of March 2011, program officials had not
identified actual financial benefits of implementing IDR.
Further, program officials' projection of financial benefits expected
as a result of implementing One PI was reported to be approximately
$21 billion. This estimate was increased from initial expectations
based on assumptions that accelerated plans to integrate Medicare and
Medicaid data into IDR would enable One PI users to identify
increasing numbers of improper payments sooner than previously
estimated, thus allowing the agency to recover more funds that have
been lost due to payment errors.
However, the implementation of One PI had not yet produced outcomes
that positioned the agency to identify or measure financial benefits.
CMS officials stated at the end of fiscal year 2010--more than a year
after deploying One PI--that it was too early to determine whether the
program had provided any financial benefits. They explained that,
since the program had not met its goal for widespread use of One PI,
there were not enough data available to quantify financial benefits
attributable to the use of the system. These officials said that as
the user community expanded, they expected to be able to begin to
identify and measure financial and other benefits of using the system.
In addition, program officials had not developed and tracked outcome-
based performance measures to help ensure that efforts to implement
One PI and IDR would meet the agency's goals and objectives for
improving the results of its program integrity initiatives. For
example, outcome-based measures for the programs would indicate
improvements to the agency's ability to recover funds lost because of
improper payments of fraudulent claims. However, while program
officials defined and reported to OMB performance targets for IDR
related to some of the program's goals, they did not reflect the goal
of the program to provide a single source of Medicare and Medicaid
data that supports enhanced program integrity efforts. Additionally,
CMS officials had not developed quantifiable measures for meeting the
One PI program's goals. For example, performance measures and targets
for One PI included increases in the detection of improper payments
for Medicare Parts A and B claims. However, the limited use of the
system had not generated enough data to quantify the amount of funds
recovered from improper payments.
Moreover, measures of One PI's program performance did not accurately
reflect the existing state of the program. Specifically, indicators to
be measured for the program included the number of states using One PI
for Medicaid integrity purposes and decreases in the Medicaid payment
error rate; however, One PI did not have access to those data because
they were not yet incorporated into IDR.
Because it lacked meaningful outcome-based performance measures and
sufficient data for tracking progress toward meeting performance
targets, CMS did not have the information needed to ensure that the
systems were useful to the extent that benefits realized from their
implementation could help the agency meet program integrity goals.
Until the agency is better positioned to identify and measure
financial benefits and establishes outcome-based performance measures
to help gauge progress toward meeting program integrity goals, it
cannot be assured that the systems will contribute to improvements in
CMS's ability to detect and prevent fraud, waste, and abuse, and
improper payments of Medicare and Medicaid claims.
CMS Needs to Take Actions to Achieve Widespread Use of IDR and One PI:
Given the critical need for CMS to reduce improper payments within the
Medicare and Medicaid programs, we included in our June 2011 report a
number of recommended actions that we consider vital to helping the
agency achieve more widespread use of IDR and One PI for program
integrity purposes. Specifically, we recommended that the
Administrator of CMS:
* finalize plans and develop schedules for incorporating additional
data into IDR that identify all resources and activities needed to
complete tasks and that consider risks and obstacles to the IDR
program;
* implement and manage plans for incorporating data in IDR to meet
schedule milestones;
* establish plans and reliable schedules for training all program
integrity analysts intended to use One PI;
* establish and communicate deadlines for program integrity
contractors to complete training and use One PI in their work;
* conduct training in accordance with plans and established deadlines
to ensure schedules are met and program integrity contractors are
trained and able to meet requirements for using One PI;
* define any measurable financial benefits expected from the
implementation of IDR and One PI; and:
* with stakeholder input, establish measurable, outcome-based
performance measures for IDR and One PI that gauge progress toward
meeting program goals.
* In commenting on a draft of our report, CMS agreed with the
recommendations and indicated that it planned to take steps to address
the challenges and problems that we identified during our study.
In conclusion, CMS's success toward meeting goals to enhance program
integrity efforts through the use of IDR and One PI depends upon the
incorporation of all needed data into IDR, and effective use of the
systems by the agency's broad community of Medicare and Medicaid
program integrity analysts. It is also essential that the agency
identify measurable financial benefits and performance goals expected
to be attained through improvements in its ability to prevent and
detect fraudulent, wasteful, and abusive claims and resulting improper
payments. In taking these steps, the agency will better position
itself to determine whether these systems are useful for enhancing
CMS's ability to identify fraud, waste, and abuse and, consequently,
reduce the loss of billions of dollars to improper payments of
Medicare and Medicaid claims.
Chairmen Platts and Gowdy, Ranking Members Towns and Davis, and
Members of the Subcommittees, this concludes my prepared statement. I
would be pleased to answer any questions that you may have.
GAO Contact and Staff Acknowledgments:
If you have questions concerning this statement, please contact
Valerie C. Melvin, Director, Information Management and Technology
Resources Issues, at (202) 512-6304 or melvinv@gao.gov. Other
individuals who made key contributions include Teresa F. Tucker
(Assistant Director), Amanda C. Gill, and Lee A. McCracken.
[End of section]
Footnotes:
[1] GAO, Fraud Detection Systems: Centers for Medicare and Medicaid
Services Needs to Ensure More Widespread Use, [hyperlink,
http://www.gao.gov/products/GAO-11-475] (Washington, D.C.: June 30,
2011).
[2] The One PI portal is a web-based user interface that enables a
single login through centralized, role-based access to the system.
[3] hyperlink, http://www.gao.gov/products/GAO-11-475].
[4] Medicare Part A provides payment for inpatient hospital, skilled
nursing facility, some home health, and hospice services, while Part B
pays for hospital outpatient, physician, some home health, durable
medical equipment, and preventive services. Further, all Medicare
beneficiaries may purchase coverage for outpatient prescription drugs
under Medicare Part D.
[5] This group of analysts included state Medicaid program integrity
personnel along with CMS analysts who implement the Medi-Medi data
match program. This program was established in 2001 and was designed
to identify improper billing and utilization patterns by matching
Medicare and Medicaid claims information on providers and
beneficiaries to reduce fraudulent schemes that cross program
boundaries.
[6] In further updating these data, on November 30, 2011, CMS
officials reported to us that a total of 215 program integrity
analysts had been trained and were using One PI, including 51 Medi-
Medi and state Medicaid analysts. However, we did not validate the
data provided to us by program officials on November 30, 2011.
[7] GAO, Secure Border Initiative: DHS Needs to Reconsider Its
Proposed Investment in Key Technology Program, [hyperlink,
http://www.gao.gov/products/GAO-10-340] (Washington, D.C.: May 5,
2010) and DOD Business Systems Modernization: Planned Investment in
Navy Program to Create Cashless Shipboard Environment Needs to be
Justified and Better Managed, [hyperlink,
http://www.gao.gov/products/GAO-08-922] (Washington, D.C.: Sept. 8,
2008).
[8] OMB, Guide to the Performance Assessment Rating Tool.
[End of section]
GAO‘s Mission:
The Government Accountability Office, the audit, evaluation, and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the
performance and accountability of the federal government for the
American people. GAO examines the use of public funds; evaluates
federal programs and policies; and provides analyses, recommendations,
and other assistance to help Congress make informed oversight, policy,
and funding decisions. GAO‘s commitment to good government is
reflected in its core values of accountability, integrity, and
reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO‘s website [hyperlink, http://www.gao.gov]. Each
weekday afternoon, GAO posts on its website newly released reports,
testimony, and correspondence. To have GAO e mail you a list of newly
posted products, go to [hyperlink, http://www.gao.gov] and select ’E-
mail Updates.“
Order by Phone:
The price of each GAO publication reflects GAO‘s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black
and white. Pricing and ordering information is posted on GAO‘s
website, [hyperlink, http://www.gao.gov/ordering.htm].
Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional
information.
Connect with GAO:
Connect with GAO on facebook, flickr, twitter, and YouTube.
Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts.
Visit GAO on the web at www.gao.gov.
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm];
E-mail: fraudnet@gao.gov;
Automated answering system: (800) 424-5454 or (202) 512-7470.
Congressional Relations:
Ralph Dawn, Managing Director, dawnr@gao.gov, (202) 512-4400
U.S. Government Accountability Office, 441 G Street NW, Room 7125
Washington, DC 20548.
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, DC 20548.