Fraud Detection Systems

Centers for Medicare and Medicaid Services Needs to Expand Efforts to Support Program Integrity Initiatives Gao ID: GAO-12-292T December 7, 2011

The Centers for Medicare and Medicaid Services (CMS) is responsible for administering and safeguarding its programs from loss of funds. As GAO reported in June 2011, CMS utilizes automated systems and tools to help improve the detection of improper payments for fraudulent, wasteful, and abusive claims. To integrate claims information and improve its ability to detect fraud, waste, and abuse in these programs, CMS initiated two information technology system programs: the Integrated Data Repository (IDR) and One Program Integrity (One PI). GAO was asked to testify on its earlier report that examined CMS's efforts to protect the integrity of the Medicare and Medicaid programs through the use of information technology. In that prior study, GAO assessed the extent to which IDR and One PI have been developed and implemented, and CMS's progress toward achieving its goals and objectives for using these systems to detect fraud, waste, and abuse.

GAO previously reported that CMS had developed and begun using both IDR and One PI, but had not incorporated into IDR all data as planned. IDR is intended to be the central repository of Medicare and Medicaid data needed to help CMS and states' program integrity staff and contractors prevent and detect improper payments. Program integrity analysts use these data to identify patterns of unusual activities or transactions that may indicate fraudulent charges or other types of improper payments. IDR has been operational and in use since September 2006 but did not include all the data that were planned to be incorporated by fiscal year 2010. For example, IDR included most types of Medicare claims data, but not the Medicaid data needed to help analysts detect improper payments of Medicaid claims. According to program officials, these data were not incorporated because of obstacles introduced by technical issues and delays in funding. Until the agency finalizes plans and develops reliable schedules for efforts to incorporate these data, CMS may face additional delays in making available all the data that are needed to support enhanced Medicare and Medicaid program integrity efforts. Additionally, CMS had not taken steps to ensure widespread use of One PI to enhance efforts to detect fraud, waste, and abuse. One PI is a web-based portal that is to provide CMS staff and contractors, and Medicaid analysts with a single source of access to data contained in IDR, as well as tools for analyzing those data. While One PI had been developed and deployed to users, no Medicaid analysts and only a few Medicare program integrity analysts were trained and using the system. Specifically, One PI program officials planned for 639 program integrity analysts, including 130 Medicaid analysts, to be using the system by the end of fiscal year 2010; however, as of October 2010, only 41--less than 7 percent--were actively using the portal and tools. According to program officials, the agency's initial training plans were insufficient and, as a result, they were not able to train the intended community of users. Until program officials finalize plans and develop reliable schedules for training users and expanding the use of One PI, the agency may continue to experience delays in reaching widespread use of the system. While CMS had made progress toward its goals to provide a single repository of data and enhanced analytical capabilities for program integrity efforts, the agency was not yet positioned to identify, measure, and track benefits realized from its efforts. As a result, it was unknown whether IDR and One PI as implemented had provided financial benefits. According to IDR officials, they did not measure benefits realized from increases in the detection rate for improper payments because they relied on business owners to do so; One PI officials stated that, because of the limited use of that system, there were not enough data to measure and gauge the program's success toward achieving the $21 billion in financial benefits that the agency projected. GAO is not making new recommendations at this time. GAO recommended in June 2011 that CMS take actions to finalize plans and schedules for achieving widespread use of IDR and One PI, and to define measurable benefits. CMS concurred with GAO's recommendations.

GAO-12-292T, Fraud Detection Systems: Centers for Medicare and Medicaid Services Needs to Expand Efforts to Support Program Integrity Initiatives This is the accessible text file for GAO report number GAO-12-292T entitled 'Fraud Detection Systems: Centers for Medicare and Medicaid Services Needs to Expand Efforts to Support Program Integrity Initiatives' which was released on December 7, 2011. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Testimony before the Subcommittees on Government Organization, Efficiency and Financial Management; and Health Care, District of Columbia, Census and the National Archives; Committee on Oversight and Government Reform, House of Representatives: For Release on Delivery: Expected at 10:00 a.m. EST: Wednesday, December 7, 2011: Fraud Detection Systems: Centers for Medicare and Medicaid Services Needs to Expand Efforts to Support Program Integrity Initiatives: Statement of Valerie C. Melvin, Director: Information Management and Technology Resources Issues: GAO-12-292T: GAO Highlights: Highlights of GAO-12-292T, a testimony for Subcommittees of the Committee on Oversight and Government Reform, House of Representatives. Why GAO Did This Study: The Centers for Medicare and Medicaid Services (CMS) is responsible for administering and safeguarding its programs from loss of funds. As GAO reported in June 2011, CMS utilizes automated systems and tools to help improve the detection of improper payments for fraudulent, wasteful, and abusive claims. To integrate claims information and improve its ability to detect fraud, waste, and abuse in these programs, CMS initiated two information technology system programs: the Integrated Data Repository (IDR) and One Program Integrity (One PI). GAO was asked to testify on its earlier report that examined CMS‘s efforts to protect the integrity of the Medicare and Medicaid programs through the use of information technology. In that prior study, GAO assessed the extent to which IDR and One PI have been developed and implemented, and CMS‘s progress toward achieving its goals and objectives for using these systems to detect fraud, waste, and abuse. What GAO Found: GAO previously reported that CMS had developed and begun using both IDR and One PI, but had not incorporated into IDR all data as planned. IDR is intended to be the central repository of Medicare and Medicaid data needed to help CMS and states‘ program integrity staff and contractors prevent and detect improper payments. Program integrity analysts use these data to identify patterns of unusual activities or transactions that may indicate fraudulent charges or other types of improper payments. IDR has been operational and in use since September 2006 but did not include all the data that were planned to be incorporated by fiscal year 2010. For example, IDR included most types of Medicare claims data, but not the Medicaid data needed to help analysts detect improper payments of Medicaid claims. According to program officials, these data were not incorporated because of obstacles introduced by technical issues and delays in funding. Until the agency finalizes plans and develops reliable schedules for efforts to incorporate these data, CMS may face additional delays in making available all the data that are needed to support enhanced Medicare and Medicaid program integrity efforts. Additionally, CMS had not taken steps to ensure widespread use of One PI to enhance efforts to detect fraud, waste, and abuse. One PI is a web-based portal that is to provide CMS staff and contractors, and Medicaid analysts with a single source of access to data contained in IDR, as well as tools for analyzing those data. While One PI had been developed and deployed to users, no Medicaid analysts and only a few Medicare program integrity analysts were trained and using the system. Specifically, One PI program officials planned for 639 program integrity analysts, including 130 Medicaid analysts, to be using the system by the end of fiscal year 2010; however, as of October 2010, only 41-”less than 7 percent-”were actively using the portal and tools. According to program officials, the agency‘s initial training plans were insufficient and, as a result, they were not able to train the intended community of users. Until program officials finalize plans and develop reliable schedules for training users and expanding the use of One PI, the agency may continue to experience delays in reaching widespread use of the system. While CMS had made progress toward its goals to provide a single repository of data and enhanced analytical capabilities for program integrity efforts, the agency was not yet positioned to identify, measure, and track benefits realized from its efforts. As a result, it was unknown whether IDR and One PI as implemented had provided financial benefits. According to IDR officials, they did not measure benefits realized from increases in the detection rate for improper payments because they relied on business owners to do so; One PI officials stated that, because of the limited use of that system, there were not enough data to measure and gauge the program‘s success toward achieving the $21 billion in financial benefits that the agency projected. What GAO Recommends: GAO is not making new recommendations at this time. GAO recommended in June 2011 that CMS take actions to finalize plans and schedules for achieving widespread use of IDR and One PI, and to define measurable benefits. CMS concurred with GAO‘s recommendations. View [hyperlink, http://www.gao.gov/products/GAO-12-282T] or key components. For more information, contact Valerie Melvin at (202) 512- 6304 or melvinv@gao.gov. [End of section] Chairmen Platts and Gowdy, Ranking Members Towns and Davis, and Members of the Subcommittees: I am pleased to participate in today's hearing on fraud and improper payments in the Medicaid program. At your request, my testimony will focus on our report earlier this year that examined the Centers for Medicare and Medicaid Services' (CMS) efforts to protect the integrity of the Medicare and Medicaid programs through the use of information technology. Specifically, in June 2011 we reported on CMS's utilization of automated systems and tools to help improve the detection of fraudulent, wasteful, and abusive claims that contribute to the billions of taxpayers' dollars lost each year to improper payments within these programs.[Footnote 1] Operating within the Department of Health and Human Services, CMS conducts reviews to prevent improper payments before Medicare and Medicaid claims are paid and to detect claims that were paid in error. These activities are predominantly carried out by contractors who, along with CMS personnel, use various information technology solutions to consolidate and analyze data to help identify the improper payment of claims. For example, these program integrity analysts may use software tools to access data about claims and then use those data to identify patterns of unusual activities by attempting to match services with patients' diagnoses. In 2006, CMS initiated activities to centralize and make more accessible the data needed to conduct these analyses and to improve the analytical tools available to its own and contractor analysts. Our June 2011 report discussed two of these initiatives--the Integrated Data Repository (IDR), which is intended to provide a single source of data related to Medicare and Medicaid claims, and the One Program Integrity (One PI) system, a web-based portal[Footnote 2] and suite of analytical software tools used to extract data from IDR and enable complex analyses of these data. According to CMS officials responsible for developing and implementing IDR and One PI, the agency had spent approximately $161 million on these initiatives by the end of fiscal year 2010. My testimony summarizes the results of our prior study, which specifically assessed the extent to which IDR and One PI had been developed and implemented, and CMS‘s progress toward achieving its goals and objectives for using these systems to detect fraud, waste, and abuse. The information presented is based primarily on our previous work at CMS. Additional information on our scope and methodology is available in the issued report.[Footnote 3] We also obtained and conducted a review of more recent documentation pertaining to the agency‘s efforts to develop and implement the systems. We conducted this work in support of our testimony during November and December 2011 at CMS headquarters in Baltimore, Maryland. All work on which this testimony is based was conducted in accordance with generally accepted government auditing standards. Background: Like financial institutions, credit card companies, telecommunications firms, and other private sector companies that take steps to protect customers' accounts, CMS uses information technology to help predict or detect cases of improper claims and payments. For more than a decade, the agency and its contractors have used automated software tools to analyze data from various sources to detect patterns of unusual activities or financial transactions that indicate payments could be made for fraudulent charges or improper payments. For example, to identify unusual billing patterns and support investigations and referrals for prosecutions of cases, analysts and investigators access information about key actions taken to process claims as they are filed and the specific details about claims already paid. This would include accessing information on claims as they are billed, adjusted, and paid or denied; check numbers on payments of claims; and other specific information that could help establish provider intent. CMS uses many different means to store and manipulate data and, since the establishment of the agency's program integrity initiatives in the 1990s, has built multiple disparate databases and analytical software tools to meet individual and unique needs of various programs within the agency. In addition, data on Medicaid claims are scattered among the states in multiple systems and data stores, and are not readily available to CMS. According to agency program documentation, these geographically distributed, regional approaches to storing and analyzing data result in duplicate data and limit the agency's ability to conduct analyses of data on a nationwide basis. CMS has been working for most of the past decade to consolidate its disparate data and analytical tools. The agency's efforts led to the IDR and One PI programs, which are intended to provide CMS and its program integrity contractors with a centralized source of Medicare and Medicaid data and a web-based portal and set of analytical tools by which these data can be accessed and analyzed to help detect cases of fraud, waste, and abuse. CMS's Initiative to Develop a Centralized Source of Medicare and Medicaid Data: In 2006, CMS officials expanded the scope of a 3-year-old data modernization strategy to not only modernize data storage technology, but also to integrate Medicare and Medicaid data into a centralized repository so that CMS and its partners could access the data from a single source. They called the expanded program IDR. According to program officials, the agency's vision was for IDR to become the single repository for CMS's data and enable data analysis within and across programs. Specifically, this repository was to establish the infrastructure for storing data related to Medicaid and Medicare Parts A, B, and D claims processing,[Footnote 4] as well as a variety of other agency functions, such as program management, research, analytics, and business intelligence. CMS envisioned an incremental approach to incorporating data into IDR. Specifically, it intended to incorporate data related to paid claims for Medicare Part D by the end of fiscal year 2006, and for Medicare Parts A and B by the end of fiscal year 2007. The agency also planned to begin to incrementally add all Medicaid data for the 50 states in fiscal year 2009 and to complete this effort by the end of fiscal year 2012. Initial program plans and schedules also included the incorporation of additional data from legacy CMS claims-processing systems that store and process data related to the entry, correction, and adjustment of claims as they are being processed, along with detailed financial data related to paid claims. According to program officials, these data, called "shared systems" data, are needed to support the agency's plans to incorporate tools to conduct predictive analysis of claims as they are being processed, helping to prevent improper payments. Shared systems data, such as check numbers and amounts related to claims that have been paid, are also needed by law enforcement agencies to help with fraud investigations. CMS initially planned to have all the shared systems data included in IDR by July 2008. Table 1, presented in our prior report, summarized CMS's original planned dates and actual dates for incorporating the various types of data into IDR as of the end of fiscal year 2010. Table 1: Data Incorporated into IDR as of the End of Fiscal Year 2010: Type of data: Medicare Part D; Original planned date: January 2006; Actual date: January 2006. Type of data: Medicare Part B; Original planned date: September 2007; Actual date: May 2008. Type of data: Medicare Part A; Original planned date: September 2008; Actual date: May 2008. Type of data: Shared systems; Original planned date: July 2008; Actual date: Not incorporated (planned for November 2011). Type of data: Medicaid for 5 states; Original planned date: September 2009; Actual date: Not incorporated (planned for September 2014). Type of data: Medicaid for 20 states; Original planned date: September 2010; Actual date: Not incorporated (planned for September 2014). Type of data: Medicaid for 35 states; Original planned date: September 2011; Actual date: Not incorporated (planned for September 2014). Type of data: Medicaid for 50 states; Original planned date: September 2012; Actual date: Not incorporated (planned for September 2014). Source: GAO analysis of CMS data. [End of table] CMS's Initiative to Develop and Implement Analytical Tools for Detecting Fraud, Waste, and Abuse: Also in 2006, CMS initiated the One PI program with the intention of developing and implementing a portal and software tools that would enable access to and analysis of claims, provider, and beneficiary data from a centralized source. The agency's goal for One PI was to support the needs of a broad program integrity user community, including agency program integrity personnel and contractors who analyze Medicare claims data, along with state agencies that monitor Medicaid claims. To achieve its goal, CMS officials planned to implement a tool set that would provide a single source of information to enable consistent, reliable, and timely analyses and improve the agency's ability to detect fraud, waste, and abuse. These tools were to be used to gather data from IDR about beneficiaries, providers, and procedures and, combined with other data, find billing aberrancies or outliers. For example, an analyst could use software tools to identify potentially fraudulent trends in ambulance services by gathering the data about claims for ambulance services and medical treatments, and then use other software to determine associations between the two types of services. If the analyst found claims for ambulance travel costs but no corresponding claims for medical treatment, it might indicate that further investigation could prove that the billings for those services were fraudulent. According to agency program planning documentation, the One PI system was also to be developed incrementally to provide access to IDR data, analytical tools, and portal functionality. CMS planned to implement the One PI portal and two analytical tools for use by program integrity analysts on a widespread basis by the end of fiscal year 2009. The agency engaged contractors to develop the system. IDR and One PI Were in Use, but Lacked Data and Functionality Essential to CMS's Program Integrity Efforts: IDR had been in use by CMS and its contractors who conduct Medicare program integrity analysis since September 2006 and incorporated data related to claims for reimbursement of services under Medicare Parts A, B, and D. According to program officials, the integration of these data into IDR established a centralized source of data previously accessed from multiple disparate system files. However, although the agency had been incorporating data from various data sources since 2006, our prior report noted that IDR did not include all the data that were planned to be incorporated by the end of 2010 and that are needed to support enhanced program integrity initiatives. For example, IDR did not include the Medicaid data that are critical to analysts' ability to detect fraud, waste, and abuse in this program. While program officials initially planned to incorporate 20 states' Medicaid data into IDR by the end of fiscal year 2010, the agency had not incorporated any of these data into the repository. Program officials told us that the original plans and schedules for obtaining Medicaid data did not account for the lack of funding for states to provide Medicaid data to CMS, or the variations in the types and formats of data stored in disparate state Medicaid systems. Consequently, the officials were not able to collect the data from the states as easily as they expected and did not complete this activity as originally planned. In December 2009, CMS initiated another agencywide program intended to, among other things, identify ways to collect Medicaid data from the many disparate state systems and incorporate the data into a single data store. As envisioned by CMS, this program, the Medicaid and Children's Health Insurance Program Business Information and Solutions (MACBIS) program, was to include activities in addition to providing expedited access to current data from state Medicaid programs. According to agency planning documentation, as a result of efforts to be initiated under the MACBIS program, CMS would incorporate Medicaid data for all 50 states into IDR by the end of fiscal year 2014. However, program officials had not defined plans and reliable schedules for incorporating these data into IDR. Until the agency does so, it cannot ensure that current development, implementation, and deployment efforts will provide the data and technical capabilities needed to enhance efforts to detect potential cases of fraud, waste, and abuse. In addition to the Medicaid data, initial program integrity requirements included the incorporation of the shared systems data by July 2008; however, all of these data had not been added to IDR. According to IDR program officials, the shared systems data were not incorporated as planned because funding for the development of the software and acquisition of the hardware needed to meet this requirement was not approved until the summer of 2010. Subsequently, IDR program officials developed project plans and identified user requirements. In updating us on the status of this activity, the officials told us in November 2011 that they began incorporating shared systems data in September 2011 and plan to make them available to program integrity analysts in spring 2012. Beyond the IDR initiative, CMS program integrity officials had not taken appropriate actions to ensure the use of One PI on a widespread basis for program integrity purposes. According to program officials, the system was deployed to support Medicare program integrity goals in September 2009 as originally planned and consisted of a portal that provided web-based access to software tools used by CMS and contractor analysts to retrieve and analyze data stored in IDR. As implemented, the system provided access to two analytical tools--a commercial off- the-shelf decision support tool that is used to perform data analysis to, for example, detect patterns of activities that may identify or confirm suspected cases of fraud, waste, or abuse, and another tool that provides users extended capabilities to perform more complex analyses of data. For example, it allows the user to customize and create ad hoc queries of claims data across the three Medicare plans. However, while program officials deployed the One PI portal and two analytical tools, the system was not being used as widely as planned because CMS and contractor analysts had not received the necessary training. In this regard, program planning documentation from August 2009 indicated that One PI program officials had planned for 639 analysts to be trained and using the system by the end of fiscal year 2010, including 130 analysts who conduct reviews of Medicaid claims. [Footnote 5] However, CMS confirmed that by the end of October 2010, only 42 Medicare analysts who were intended to use One PI had been trained, with 41 actively using the portal and tools. These users represented fewer than 7 percent of the users originally intended for the program. Further, no Medicaid analysts had been trained to use the system. While the use of One PI cannot be fully optimized for Medicaid integrity purposes until the states' Medicaid claims data are incorporated into IDR, the tools provided by the system could be used to supplement data currently available to Medicaid program integrity analysts and to enhance their ability to detect payments of fraudulent claims. For example, with training, Medicaid analysts may be able to compare data from their state systems to Medicare claims data in IDR to identify duplicate claims for the same service. Program officials responsible for implementing the system acknowledged that their initial training plans and efforts had been insufficient and that they had consequently initiated activities and redirected resources to redesign the One PI training plan in April 2010; they began to implement the new training program in July of that year. As we reported in June, One PI officials stated that 62 additional analysts had signed up to be trained in 2011, and that the number of training classes for One PI had been increased from two to four per month. Agency officials, in commenting on our report, stated that since January 2011, 58 new users had been trained; however, they did not identify an increase in the number of actual users of the system. [Footnote 6] Nonetheless, while these activities indicated some progress toward increasing the number of One PI users, the number of users reported to be trained and using the system represented a fraction of the population of 639 intended users. Moreover, One PI program officials had not yet made detailed plans and developed schedules for completing training of all the intended users. Agency officials concurred with our conclusion that CMS needed to take more aggressive steps to ensure that its broad community of analysts is trained, including those who conduct analyses of Medicaid claims data. Until it does so, the use of One PI may remain limited to a much smaller group of users than the agency intended and CMS will continue to face obstacles in its efforts to deploy One PI for widespread use throughout its community of program integrity analysts. CMS Was Not Yet Positioned to Identify Financial Benefits or to Fully Meet Program Integrity Goals and Objectives through the Use of IDR and One PI: Because IDR and One PI were not being used as planned, CMS officials were not in a position to determine the extent to which the systems were providing financial benefits or supporting the agency's initiatives to meet program integrity goals and objectives. As we have reported, agencies should forecast expected benefits and then measure actual financial benefits accrued through the implementation of IT programs.[Footnote 7] Further, the Office of Management and Budget (OMB) requires agencies to report progress against performance measures and targets for meeting them that reflect the goals and objectives of the programs.[Footnote 8] To do this, performance measures should be outcome-based and developed with stakeholder input, and program performance must be monitored, measured, and compared to expected results so that agency officials are able to determine the extent to which goals and objectives are being met. In addition, industry experts describe the need for performance measures to be developed with stakeholders' input early in a project's planning process to provide a central management and planning tool and to monitor the performance of the project against plans and stakeholders' needs. While CMS had shown some progress toward meeting the programs' goals of providing a centralized data repository and enhanced analytical capabilities for detecting improper payments due to fraud, waste, and abuse, the implementation of IDR and One PI did not yet position the agency to identify, measure, and track financial benefits realized from reductions in improper payments as a result of the implementation of either system. For example, program officials stated that they had developed estimates of financial benefits expected to be realized through the use of IDR. Their projection of total financial benefits was reported to be $187 million, based on estimates of the amount of improper payments the agency expected to recover as a result of analyzing data provided by IDR. With estimated life cycle program costs of $90 million through fiscal year 2018, the resulting net benefit expected from implementing IDR was projected to be $97 million. However, as of March 2011, program officials had not identified actual financial benefits of implementing IDR. Further, program officials' projection of financial benefits expected as a result of implementing One PI was reported to be approximately $21 billion. This estimate was increased from initial expectations based on assumptions that accelerated plans to integrate Medicare and Medicaid data into IDR would enable One PI users to identify increasing numbers of improper payments sooner than previously estimated, thus allowing the agency to recover more funds that have been lost due to payment errors. However, the implementation of One PI had not yet produced outcomes that positioned the agency to identify or measure financial benefits. CMS officials stated at the end of fiscal year 2010--more than a year after deploying One PI--that it was too early to determine whether the program had provided any financial benefits. They explained that, since the program had not met its goal for widespread use of One PI, there were not enough data available to quantify financial benefits attributable to the use of the system. These officials said that as the user community expanded, they expected to be able to begin to identify and measure financial and other benefits of using the system. In addition, program officials had not developed and tracked outcome- based performance measures to help ensure that efforts to implement One PI and IDR would meet the agency's goals and objectives for improving the results of its program integrity initiatives. For example, outcome-based measures for the programs would indicate improvements to the agency's ability to recover funds lost because of improper payments of fraudulent claims. However, while program officials defined and reported to OMB performance targets for IDR related to some of the program's goals, they did not reflect the goal of the program to provide a single source of Medicare and Medicaid data that supports enhanced program integrity efforts. Additionally, CMS officials had not developed quantifiable measures for meeting the One PI program's goals. For example, performance measures and targets for One PI included increases in the detection of improper payments for Medicare Parts A and B claims. However, the limited use of the system had not generated enough data to quantify the amount of funds recovered from improper payments. Moreover, measures of One PI's program performance did not accurately reflect the existing state of the program. Specifically, indicators to be measured for the program included the number of states using One PI for Medicaid integrity purposes and decreases in the Medicaid payment error rate; however, One PI did not have access to those data because they were not yet incorporated into IDR. Because it lacked meaningful outcome-based performance measures and sufficient data for tracking progress toward meeting performance targets, CMS did not have the information needed to ensure that the systems were useful to the extent that benefits realized from their implementation could help the agency meet program integrity goals. Until the agency is better positioned to identify and measure financial benefits and establishes outcome-based performance measures to help gauge progress toward meeting program integrity goals, it cannot be assured that the systems will contribute to improvements in CMS's ability to detect and prevent fraud, waste, and abuse, and improper payments of Medicare and Medicaid claims. CMS Needs to Take Actions to Achieve Widespread Use of IDR and One PI: Given the critical need for CMS to reduce improper payments within the Medicare and Medicaid programs, we included in our June 2011 report a number of recommended actions that we consider vital to helping the agency achieve more widespread use of IDR and One PI for program integrity purposes. Specifically, we recommended that the Administrator of CMS: * finalize plans and develop schedules for incorporating additional data into IDR that identify all resources and activities needed to complete tasks and that consider risks and obstacles to the IDR program; * implement and manage plans for incorporating data in IDR to meet schedule milestones; * establish plans and reliable schedules for training all program integrity analysts intended to use One PI; * establish and communicate deadlines for program integrity contractors to complete training and use One PI in their work; * conduct training in accordance with plans and established deadlines to ensure schedules are met and program integrity contractors are trained and able to meet requirements for using One PI; * define any measurable financial benefits expected from the implementation of IDR and One PI; and: * with stakeholder input, establish measurable, outcome-based performance measures for IDR and One PI that gauge progress toward meeting program goals. * In commenting on a draft of our report, CMS agreed with the recommendations and indicated that it planned to take steps to address the challenges and problems that we identified during our study. In conclusion, CMS's success toward meeting goals to enhance program integrity efforts through the use of IDR and One PI depends upon the incorporation of all needed data into IDR, and effective use of the systems by the agency's broad community of Medicare and Medicaid program integrity analysts. It is also essential that the agency identify measurable financial benefits and performance goals expected to be attained through improvements in its ability to prevent and detect fraudulent, wasteful, and abusive claims and resulting improper payments. In taking these steps, the agency will better position itself to determine whether these systems are useful for enhancing CMS's ability to identify fraud, waste, and abuse and, consequently, reduce the loss of billions of dollars to improper payments of Medicare and Medicaid claims. Chairmen Platts and Gowdy, Ranking Members Towns and Davis, and Members of the Subcommittees, this concludes my prepared statement. I would be pleased to answer any questions that you may have. GAO Contact and Staff Acknowledgments: If you have questions concerning this statement, please contact Valerie C. Melvin, Director, Information Management and Technology Resources Issues, at (202) 512-6304 or melvinv@gao.gov. Other individuals who made key contributions include Teresa F. Tucker (Assistant Director), Amanda C. Gill, and Lee A. McCracken. [End of section] Footnotes: [1] GAO, Fraud Detection Systems: Centers for Medicare and Medicaid Services Needs to Ensure More Widespread Use, [hyperlink, http://www.gao.gov/products/GAO-11-475] (Washington, D.C.: June 30, 2011). [2] The One PI portal is a web-based user interface that enables a single login through centralized, role-based access to the system. [3] hyperlink, http://www.gao.gov/products/GAO-11-475]. [4] Medicare Part A provides payment for inpatient hospital, skilled nursing facility, some home health, and hospice services, while Part B pays for hospital outpatient, physician, some home health, durable medical equipment, and preventive services. Further, all Medicare beneficiaries may purchase coverage for outpatient prescription drugs under Medicare Part D. [5] This group of analysts included state Medicaid program integrity personnel along with CMS analysts who implement the Medi-Medi data match program. This program was established in 2001 and was designed to identify improper billing and utilization patterns by matching Medicare and Medicaid claims information on providers and beneficiaries to reduce fraudulent schemes that cross program boundaries. [6] In further updating these data, on November 30, 2011, CMS officials reported to us that a total of 215 program integrity analysts had been trained and were using One PI, including 51 Medi- Medi and state Medicaid analysts. However, we did not validate the data provided to us by program officials on November 30, 2011. [7] GAO, Secure Border Initiative: DHS Needs to Reconsider Its Proposed Investment in Key Technology Program, [hyperlink, http://www.gao.gov/products/GAO-10-340] (Washington, D.C.: May 5, 2010) and DOD Business Systems Modernization: Planned Investment in Navy Program to Create Cashless Shipboard Environment Needs to be Justified and Better Managed, [hyperlink, http://www.gao.gov/products/GAO-08-922] (Washington, D.C.: Sept. 8, 2008). [8] OMB, Guide to the Performance Assessment Rating Tool. [End of section] GAO‘s Mission: The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO‘s commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO‘s website [hyperlink, http://www.gao.gov]. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e mail you a list of newly posted products, go to [hyperlink, http://www.gao.gov] and select ’E- mail Updates.“ Order by Phone: The price of each GAO publication reflects GAO‘s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO‘s website, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO: Connect with GAO on facebook, flickr, twitter, and YouTube. Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts. Visit GAO on the web at www.gao.gov. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; E-mail: fraudnet@gao.gov; Automated answering system: (800) 424-5454 or (202) 512-7470. Congressional Relations: Ralph Dawn, Managing Director, dawnr@gao.gov, (202) 512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125 Washington, DC 20548. Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, DC 20548.