Medicare Part D
CMS Conducted Fraud and Abuse Compliance Plan Audits, but All Audit Findings Are Not Yet Available Gao ID: GAO-11-269R February 18, 2011The Medicare Part D program, administered by the Department of Health and Human Services' (HHS) Centers for Medicare & Medicaid Services (CMS), provides a voluntary, outpatient prescription drug benefit for eligible individuals 65 years and older and eligible individuals with disabilities. CMS contracts with private companies--such as health insurance companies and companies that manage pharmacy benefits--to provide Part D prescription drug plans for Medicare beneficiaries. These companies are referred to as Part D sponsors. About 27 million individuals were enrolled in Medicare Part D as of December 2009, and estimated Medicare Part D spending was $51 billion in fiscal year 2009. Because of Medicare's vulnerability to fraud, waste, and abuse, GAO has designated Medicare as a high-risk program. We and HHS's Inspector General have previously reported that the size, nature, and complexity of the Part D program make it a particular risk for fraud, waste, and abuse. The Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA), which established the Part D program, requires all Part D sponsors to have programs to safeguard Part D from fraud, waste, and abuse. CMS is responsible for managing and overseeing the Part D program. CMS regulations require Part D sponsors to have compliance plans that must include measures that detect, correct, and prevent fraud, waste, and abuse. In April 2006, CMS issued guidance in chapter 9 of its Medicare Part D Prescription Drug Benefit Manual on the seven required elements of these plans. These compliance plans, which must be approved by CMS, articulate policies, processes, and procedures for Part D sponsors to detect, correct, and prevent fraud, waste, and abuse. Implementation of a compliance plan includes conducting the activities described in the plan and developing comprehensive written procedures for activities referenced in the plan. CMS oversees Part D sponsors' fraud and abuse programs and may conduct audits to ensure that sponsors are in compliance with program requirements. Specifically, the Center for Medicare, Program Compliance and Oversight Group (CM/PCOG)--the lead office for CMS's Part D audits (including compliance plan audits) and enforcement of program requirements--coordinates with the Center for Program Integrity (CPI)--the focal point for program integrity, fraud, and abuse issues--to oversee fraud and abuse program compliance. CMS has contracted with Medicare Drug Integrity Contractors (MEDICs) to support its Part D audit efforts. Congress asked us to examine the extent of CMS's implementation of planned oversight of Part D sponsors' compliance plans to ensure that sponsors have effective programs in place to protect Part D from fraud, waste, and abuse. Specifically, this report provides an update on the status of CMS's implementation of on-site audits of sponsors' compliance plans that the agency described in its March 2010 testimony.
CMS conducted its planned on-site compliance plan audits of 33 sponsors in 2010. Findings for all of these 2010 audits are not yet available; however, CMS anticipated finalizing them in early 2011. Consistent with the audit plans CMS officials reported to us in February 2010, the agency scheduled on-site compliance plan audits to assess more thoroughly the effectiveness of sponsors' fraud and abuse programs. CMS officials reported that the agency scheduled and conducted on-site compliance plan audits of 33 of the 290 Medicare Part D sponsors in 2010, the majority of which were conducted as part of wider risk-based on-site performance audits. Performance audits are also conducted by CM/PCOG and assess compliance with certain CMS program requirements, such as Part D formulary administration and compliance plans, that CMS considers to be at risk for deficiencies or compliance issues. In auditing sponsors' compliance plans, CM/PCOG audits sponsors' implementation of the compliance plan requirements, including a fraud and abuse program for Part D. CMS officials stated that although the performance audits conducted in 2010 assessed Part D sponsors' compliance plans, the audits did so as part of overall assessments of sponsors' compliance with all Medicare requirements. While performance audits are more expansive than the compliance-plan-only audits, CMS's completion of these on-site audits was consistent with their plans to complete compliance plan audits that they reported to us in February 2010. The audits were conducted by CMS central and regional staff as well as CMS contractors between January and September 2010. The 33 sponsors represented 11 percent of Part D sponsors, 56 percent of plans, and covered 62 percent of enrolled beneficiaries in 2010 according to agency officials. As of February 2011, CMS had not made all audit findings available but had taken formal enforcement actions against several sponsors resulting from the on-site audits according to agency officials. CMS officials reported that they anticipated finalizing all audit findings in early 2011. Potential oversight or enforcement actions resulting from the audits could include issuing audit report notices, giving sponsors an opportunity to correct deficiencies, or where appropriate for serious violations, imposing civil monetary penalties, imposing intermediate sanctions, or terminating a contract. As of December 2010, officials reported that the agency had issued five marketing and enrollment sanctions and one contract termination action based, in part, on the results of these audit findings noting failure to comply with CMS compliance plan requirements.
GAO-11-269R, Medicare Part D: CMS Conducted Fraud and Abuse Compliance Plan Audits, but All Audit Findings Are Not Yet Available
This is the accessible text file for GAO report number GAO-11-269R
entitled 'Medicare Part D: CMS Conducted Fraud and Abuse Compliance
Plan Audits, but All Audit Findings Are Not Yet Available' which was
released on March 21, 2011.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as
part of a longer term project to improve GAO products' accessibility.
Every attempt has been made to maintain the structural and data
integrity of the original printed product. Accessibility features,
such as text descriptions of tables, consecutively numbered footnotes
placed at the end of the file, and the text of agency comment letters,
are provided but may not exactly duplicate the presentation or format
of the printed version. The portable document format (PDF) file is an
exact electronic replica of the printed version. We welcome your
feedback. Please E-mail your comments regarding the contents or
accessibility features of this document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
GAO-11-269R:
United States Government Accountability Office:
Washington, DC 20548:
February 18, 2011:
The Honorable Thomas R. Carper:
Chairman:
Subcommittee on Federal Financial Management, Government Information,
Federal Services, and International Security:
Committee on Homeland Security and Governmental Affairs:
United States Senate:
The Honorable John McCain:
United States Senate:
Subject: Medicare Part D: CMS Conducted Fraud and Abuse Compliance
Plan Audits, but All Audit Findings Are Not Yet Available:
The Medicare Part D program, administered by the Department of Health
and Human Services' (HHS) Centers for Medicare & Medicaid Services
(CMS), provides a voluntary, outpatient prescription drug benefit for
eligible individuals 65 years and older and eligible individuals with
disabilities. CMS contracts with private companies--such as health
insurance companies and companies that manage pharmacy benefits--to
provide Part D prescription drug plans for Medicare beneficiaries.
These companies are referred to as Part D sponsors.[Footnote 1] About
27 million individuals were enrolled in Medicare Part D as of December
2009, and estimated Medicare Part D spending was $51 billion in fiscal
year 2009. Because of Medicare's vulnerability to fraud, waste, and
abuse, GAO has designated Medicare as a high-risk program.[Footnote 2]
We and HHS's Inspector General have previously reported that the size,
nature, and complexity of the Part D program make it a particular risk
for fraud, waste, and abuse.[Footnote 3]
The Medicare Prescription Drug, Improvement, and Modernization Act of
2003 (MMA), which established the Part D program, requires all Part D
sponsors to have programs to safeguard Part D from fraud, waste, and
abuse.[Footnote 4] CMS is responsible for managing and overseeing the
Part D program. CMS regulations require Part D sponsors to have
compliance plans that must include measures that detect, correct, and
prevent fraud, waste, and abuse.[Footnote 5] In April 2006, CMS issued
guidance in chapter 9 of its Medicare Part D Prescription Drug Benefit
Manual on the seven required elements of these plans.[Footnote 6] (See
table 1.) These compliance plans, which must be approved by CMS,
articulate policies, processes, and procedures for Part D sponsors to
detect, correct, and prevent fraud, waste, and abuse. Implementation
of a compliance plan includes conducting the activities described in
the plan and developing comprehensive written procedures for
activities referenced in the plan.
Table 1: Description of Required Medicare Part D Sponsors' Compliance
Plan Elements for Fraud and Abuse Programs:
Compliance Plan Elements: Written Policies, Procedures, and Standards
of Conduct;
Description: Include written policies, procedures, and standards of
conduct articulating the organization's commitment to comply with all
applicable federal and state standards.
Compliance Plan Elements: Compliance Officer and Compliance Committee;
Description: Designate a compliance officer and a compliance committee
that are accountable to senior management.
Compliance Plan Elements: Effective Training and Education;
Description: Include effective training and education pertaining to
fraud, waste, and abuse for the organization's employees and
contractors.
Compliance Plan Elements: Effective Lines of Communication;
Description: Include effective lines of communication among the
compliance officer and the organization's employees, contractors,
directors, and the members of the compliance committee.
Compliance Plan Elements: Enforcement of Disciplinary Standards;
Description: Have well-publicized disciplinary guidelines through
which sponsors enforce standards and encourage participation in the
compliance program.
Compliance Plan Elements: Internal Monitoring and Auditing;
Description: Establishing and implementing effective routine systems
for monitoring and identifying compliance risks.
Compliance Plan Elements: System to Promptly Respond and Investigate
Potential Compliance Issues;
Description: Include procedures for ensuring prompt responses to
detected offenses, developing corrective action initiatives, and
making timely inquiries into potential offenses.
Source: GAO summary of regulations.
[End of table]
CMS oversees Part D sponsors' fraud and abuse programs and may conduct
audits to ensure that sponsors are in compliance with program
requirements.[Footnote 7] Specifically, the Center for Medicare,
Program Compliance and Oversight Group (CM/PCOG)--the lead office for
CMS's Part D audits (including compliance plan audits) and enforcement
of program requirements--coordinates with the Center for Program
Integrity (CPI)--the focal point for program integrity, fraud, and
abuse issues--to oversee fraud and abuse program compliance. CMS has
contracted with Medicare Drug Integrity Contractors (MEDICs) to
support its Part D audit efforts.[Footnote 8]
In a March 2010 hearing, we and CMS described the extent of CMS's
oversight of Part D sponsors' programs to control fraud, waste, and
abuse, including its past efforts and planned oversight activities.
[Footnote 9] CMS's testimony detailed several of the agency's program
integrity activities, including its plans to conduct on-site
compliance plan audits using newly developed audit protocols focused
on evaluating and validating the effectiveness of sponsors' compliance
plans, including measures to detect, correct, and prevent fraud,
waste, and abuse.[Footnote 10] At that time, CMS reported that the
agency had completed 16 desk audits (reviews of requested documents
only) between October 2008 and April 2009 and two pilot on-site audits
(interviews and face-to-face evaluations in addition to document
reviews) of selected Part D sponsors' compliance plans and planned to
conduct additional on-site compliance plan audits by April 2010. Until
these were completed, however, we could not assess the effectiveness
of those audits in ensuring that Part D sponsors had compliance
programs in place. You asked us to examine the extent of CMS's
implementation of planned oversight of Part D sponsors' compliance
plans to ensure that sponsors have effective programs in place to
protect Part D from fraud, waste, and abuse. Specifically, this report
provides an update on the status of CMS's implementation of on-site
audits of sponsors' compliance plans that the agency described in its
March 2010 testimony.
To conduct our update of CMS's implementation of on-site audits of
Part D sponsors' compliance plans that CMS described in its March 2010
testimony, we examined recent CMS progress and relied on our 2008
report and our 2010 testimony.[Footnote 11] To update the status of
CMS's implementation of on-site audits, we interviewed officials from
CMS's CM/PCOG and CPI and reviewed agency documents that included
CMS's audit strategy and compliance plan audit protocols. We did not
evaluate the results or effectiveness of CMS's oversight activities
and audits. To describe the number of enrollees in audited plans, we
report CMS's published enrollment statistics as of April 2010. We
conducted this performance audit from November 2010 through February
2011 in accordance with generally accepted government auditing
standards. Those standards require that we plan and perform the audit
to obtain sufficient, appropriate evidence to provide a reasonable
basis for our findings and conclusions based on our audit objectives.
We believe that the evidence obtained provides a reasonable basis for
our findings and conclusions based on our audit objective.
CMS Conducted Planned 2010 On-Site Audits of Sponsors' Compliance
Plans; All Audit Findings Are Not Yet Available:
CMS conducted its planned on-site compliance plan audits of 33
sponsors in 2010. Findings for all of these 2010 audits are not yet
available; however, CMS anticipated finalizing them in early 2011.
CMS Conducted Planned On-Site Compliance Plan Audits of 33 Sponsors in
2010:
Consistent with the audit plans CMS officials reported to us in
February 2010, the agency scheduled on-site compliance plan audits to
assess more thoroughly the effectiveness of sponsors' fraud and abuse
programs. CMS officials reported that the agency scheduled and
conducted on-site compliance plan audits of 33 of the 290 Medicare
Part D sponsors in 2010, the majority of which were conducted as part
of wider risk-based on-site performance audits. Performance audits are
also conducted by CM/PCOG and assess compliance with certain CMS
program requirements, such as Part D formulary administration and
compliance plans, that CMS considers to be at risk for deficiencies or
compliance issues.[Footnote 12] In auditing sponsors' compliance
plans, CM/PCOG audits sponsors' implementation of the compliance plan
requirements, including a fraud and abuse program for Part D. CMS
officials stated that although the performance audits conducted in
2010 assessed Part D sponsors' compliance plans, the audits did so as
part of overall assessments of sponsors' compliance with all Medicare
requirements. While performance audits are more expansive than the
compliance-plan-only audits, CMS's completion of these on-site audits
was consistent with their plans to complete compliance plan audits
that they reported to us in February 2010. The audits were conducted
by CMS central and regional staff as well as CMS contractors between
January and September 2010.[Footnote 13] The 33 sponsors represented
11 percent of Part D sponsors, 56 percent of plans, and covered 62
percent of enrolled beneficiaries in 2010 according to agency
officials.[Footnote 14]
CMS used a 2010 risk assessment--which was informed by a focused
fraud, waste, and abuse evaluation--to choose sponsors for an on-site
audit: either a compliance-plan-only audit or a wider performance
audit that included an audit of the sponsor's compliance plan in
addition to other program compliance areas. Specifically, the
selection of sponsors subject to a compliance-plan-only audit was
based on certain sponsors' inclusion in previously conducted:
desk audits[Footnote 15] and other factors such as whether the sponsor
was identified in a fraud, waste, and abuse evaluation conducted by
one of the MEDICs.[Footnote 16] The selection criteria for sponsors
subject to a performance audit (including a compliance plan audit) was
based on CMS's 2010 risk assessment that included an evaluation of
sponsors' past performance and enrollment including
compliance/enforcement referrals as well as the MEDIC's focused fraud,
waste, and abuse evaluation. Moreover, CMS officials told us that they
used the risk assessment to schedule audits of sponsors that the
agency concluded posed the most risk--those that had past performance
problems, large enrollment,[Footnote 17] and/or were identified as
high risk by the MEDIC's evaluation--to be audited first. In total, 22
sponsors received a full on-site performance audit (that included a
compliance plan audit) and 11 sponsors received an on-site compliance-
plan-only audit. (See table 2.)
Table 2: On-Site Compliance Plan Audits Conducted in 2010:
Audit conducted: Performance (including compliance plan)[C];
Sponsors[A]: Number: 22[D];
Sponsors[A]: Percentage of sponsors[B]: 8;
Plans: Number: 2,227;
Plans: Percentage of plans[B]: 37;
Enrollees: Number: 10,863,791;
Enrollees: Percentage of enrollees[B]: 37.
Audit conducted: Compliance-plan-only performance;
Sponsors[A]: Number: 11[E];
Sponsors[A]: Percentage of sponsors[B]: 4;
Plans: Number: 1,122;
Plans: Percentage of plans[B]: 19;
Enrollees: Number: 7,203,639;
Enrollees: Percentage of enrollees[B]: 25.
Audit conducted: Total[F];
Sponsors[A]: Number: 33;
Sponsors[A]: Percentage of sponsors[B]: 11;
Plans: Number: 3,349;
Plans: Percentage of plans[B]: 56;
Enrollees: Number: 18,067,430;
Enrollees: Percentage of enrollees[B]: 62.
Source: GAO summary of CMS data.
[A] CMS selects the top, or parent, level of sponsor organizations for
performance audits, making all contracts and plans therein subject to
the audit.
[B] Calculated as percentage of total sponsors (N= 290), total plans
(N= 6020), and enrolled beneficiaries (N= 29,147,145) in April 2010
according to CMS.
[C] All sponsors that were chosen for an on-site performance audit
based on CMS's risk assessment also received an on-site compliance
plan audit.
[D] Nine of these sponsors received a compliance plan desk audit in
2009.
[E] Seven of these sponsors received a compliance plan desk audit in
2009.
[F] Due to rounding, percentages do not add up to 100 percent.
[End of table]
CMS officials reported that they piloted and developed new on-site
compliance plan audit protocols that included interviews and reviews
of documentation. Officials told us that they first conducted three on-
site performance audits between January and April 2010 as a result of
enforcement/compliance referrals for those sponsors and used these
audits as a testing ground for the on-site performance audit process,
including review of the seven fraud and abuse elements of compliance
plans. The agency then re-designed and tested the on-site performance
audit process and protocols, including on-site compliance plan audit
protocols, in a pilot audit before completing the remaining planned
audits. Officials reported that they revised the on-site audit process
and protocols throughout the audit process to incorporate lessons
learned, making changes as necessary. The on-site compliance plan
audit protocols included interviews with sponsor officials and on-site
review of compliance plan implementation documentation for each of the
seven fraud and abuse compliance plan elements.[Footnote 18] For
example, to test sponsors' implementation of the requirement to have a
Compliance Officer and Compliance Committee, auditors were to
interview the Compliance Officer and Committee members as well as
obtain relevant documentation.
Complete 2010 Audit Findings Are Not Yet Available but Anticipated in
Early 2011:
As of February 2011, CMS had not made all audit findings available but
had taken formal enforcement actions against several sponsors
resulting from the on-site audits according to agency officials. CMS
officials reported that they anticipated finalizing all audit findings
in early 2011.[Footnote 19] Potential oversight or enforcement actions
resulting from the audits could include issuing audit report notices,
giving sponsors an opportunity to correct deficiencies, or where
appropriate for serious violations, imposing civil monetary penalties,
imposing intermediate sanctions, or terminating a contract. As of
December 2010, officials reported that the agency had issued five
marketing and enrollment sanctions and one contract termination action
based, in part, on the results of these audit findings noting failure
to comply with CMS compliance plan requirements. CMS officials also
reported that they were deliberating about what, if any, additional
enforcement actions should be taken as a result of audit findings.
[Footnote 20] In addition, CMS officials told us they were reviewing
the findings and the on-site audit processes programmatically to
identify opportunities for improvements in its oversight mechanisms,
in addition to addressing specific sponsor problems.[Footnote 21]
Agency officials reported that although still in development, they
anticipate completing their 2011 audit and oversight plans early in
the year. Officials told us that they needed to finalize their audit
findings, re-assess risks in the program, and assess agency resources
before completing their audit strategy for 2011--which includes
determining the number of compliance plan audits CMS will complete.
The officials reported that, assuming CMS resources are available, any
future compliance plan audits would be on-site rather than desk
audits, as on-site audits provide a more thorough evaluation of
sponsors and had a positive effect on educating sponsors about the
importance of maintaining fraud and abuse programs. Officials we spoke
with said they planned to improve future on-site audits based on their
experience in 2010 as one monitoring tool they use to oversee
sponsors' performance on a day-to-day basis.
Agency Comments and Our Evaluation:
We received technical comments on a draft of this correspondence from
HHS, which we incorporated as appropriate.
As arranged with your offices, unless you publicly announce the
contents of this correspondence earlier, we plan no further
distribution until 30 days from the date of this report. At that time,
we will send copies of this correspondence to the Secretary of Health
and Human Services and other interested parties. In addition, the
report will be available at no charge on the GAO Web site at
[hyperlink, https://www.gao.gov]. If you or your staff have any
questions about this correspondence please contact me at (202) 512-
7114 or kingk@gao.gov.
Contact points for our Offices of Congressional Relations and Public
Affairs may be found on the last page of this report. GAO staff who
made major contributions to this report are listed in enclosure I.
Signed by:
Kathleen M. King:
Director, Health Care:
Enclosure - 2:
[End of section]
Enclosure I: GAO Contact and Staff Acknowledgments:
GAO Contact:
Kathleen M. King at (202) 512-7114 or kingk@gao.gov:
Acknowledgments:
Martin T. Gahart, Assistant Director; Rebecca Abela; Jennel Harvey;
Laurie Pachter; and Jennifer Whitworth were key contributors to this
report.
[End of section]
Enclosure II: Related GAO Products:
Medicare Fraud, Waste, and Abuse: Challenges and Strategies for
Preventing Improper Payments. [hyperlink,
http://www.gao.gov/products/GAO-10-844T]. Washington, D.C.: June 15,
2010.
Medicare Part D: CMS Oversight of Part D Sponsors' Fraud and Abuse
Programs Has Been Limited, but CMS Plans Oversight Expansion.
[hyperlink, http://www.gao.gov/products/GAO-10-481T]. Washington,
D.C.: March 3, 2010.
Improper Payments: Improper Payments: Responses to Posthearing
Questions Related to Eliminating Waste and Fraud in Medicare and
Medicaid. [hyperlink, http://www.gao.gov/products/GAO-09-838R].
Washington, D.C.: July 20, 2009.
Medicare Part D: Opportunities Exist for Improving Information Sent to
Enrollees and Scheduling the Annual Election Period. [hyperlink,
http://www.gao.gov/products/GAO-09-4]. Washington, D.C.: December 12,
2008.
Medicare Part D Prescription Drug Coverage: Federal Oversight of
Reported Price Concessions Data. [hyperlink,
http://www.gao.gov/products/GAO-08-1074R]. Washington, D.C.: September
30, 2008.
Medicare Part D Low-Income Subsidy: Assets and Income Are Both
Important in Subsidy Denials, and Access to State and Manufacturer
Drug Programs Is Uneven. [hyperlink,
http://www.gao.gov/products/GAO-08-824]. Washington, D.C.: September
5, 2008.
Medicare Part D: Some Plan Sponsors Have Not Completely Implemented
Fraud and Abuse Programs, and CMS Oversight Has Been Limited.
[hyperlink, http://www.gao.gov/products/GAO-08-760]. Washington, D.C.:
July 21, 2008.
Medicare Part D: Complaint Rates Are Declining, but Operational and
Oversight Challenges Remain. [hyperlink,
http://www.gao.gov/products/GAO-08-719]. Washington, D.C.: June 27,
2008.
Medicare Part D: Plan Sponsors' Processing and CMS Monitoring of Drug
Coverage Requests Could Be Improved. [hyperlink,
http://www.gao.gov/products/GAO-08-47]. Washington, D.C.: January 22,
2008.
[End of section]
Footnotes:
[1] Part D sponsors offer drug coverage either through stand-alone
prescription drug plans (PDP) or through Medicare Advantage
prescription drug (MA-PD) plans for beneficiaries enrolled in Medicare
Advantage, Medicare's managed care program.
[2] GAO's audits and evaluations identify federal programs and
operations that we determine are high risk due to their greater
vulnerabilities to fraud, waste, abuse, and mismanagement. See GAO,
High-Risk Series: An Update, [hyperlink,
http://www.gao.gov/products/GAO-11-278] (Washington, D.C.: February
2011).
[3] GAO, Prescription Drugs: Oversight of Drug Pricing in Federal
Programs, [hyperlink, http://www.gao.gov/products/GAO-07-481T]
(Washington, D.C.: Feb. 9, 2007). U.S. House of Representatives Ways
and Means Subcommittees on Health and Oversight, 110th Cong., March 8,
2007 (testimony of Daniel R. Levinson, HHS Inspector General) and U.S.
House of Representatives Oversight and Government Reform Committee,
110th Cong., February 9, 2007 (testimony of Lewis Morris, Chief
Counsel to the HHS Inspector General).
[4] Pub. L. No. 108-173 § 101, 117 Stat. 2066, 2086 (adding Social
Security Act §1860D-4(c)(1)(D)) (codified at 42 U.S.C. § 1395w-
104(c)(1)(D)). Hereafter, we refer to programs to control fraud,
waste, and abuse as fraud and abuse programs.
[5] 42 C.F.R. § 423.504(b)(4)(vi) (2010).
[6] The Prescription Drug Benefit Manual consists of multiple chapters
related to various Part D program areas and outlines Part D program
requirements and CMS guidance. The chapter in the manual entitled
"Chapter 9--Part D Program to Control Fraud, Waste and Abuse"
addresses fraud, waste, and abuse in Part D. In November 2010, CMS
officials told us that they were in the process of updating chapter 9
to reflect the final rule issued in 2010 that clarifies and codifies
the existing policies regarding the required compliance plan elements.
For example, CMS added language specifying the groups and individuals
among a sponsor's employees that are required to have compliance
training and education and that training should occur at least once a
year and be made part of orientation for new employees and specified
entities. 75 Fed. Reg. 19,678 (April 15, 2010)(amending 42 C.F.R. §
423. 504 (b)(4)).
[7] CMS is required to conduct financial audits for at least one-third
of Part D sponsors each year. 42 U.S.C. § 1395w-112(b)(3)(C). These
audits are outside the scope of this report.
[8] There are two MEDICs--SafeGuard Services, LLC, and Health
Integrity, LLC.
[9] GAO, Medicare Part D: CMS Oversight of Part D Sponsors' Fraud and
Abuse Programs Has Been Limited, but CMS Plans Oversight Expansion,
[hyperlink, http://www.gao.gov/products/GAO-10-481T] (Washington,
D.C.: Mar. 3, 2010). Our statement was based on a July 2008 report in
which we found that CMS's oversight of Part D sponsors fraud and abuse
programs was limited; specifically the agency had not conducted audits
of sponsors' fraud and abuse programs as detailed in its 2005 Part D
Oversight Strategy. Audits of fraud and abuse programs had not been
conducted in 2006, 2007, or 2008. In addition, we found that certain
sponsors had not completely implemented required elements for fraud
and abuse programs.
[10] Hearing on Oversight Challenges In The Medicare Prescription Drug
Program, Before U.S. Senate Committee on Homeland Security and
Government Affairs, Subcommittee on Federal Financial Management,
Government Information, Federal Services and International Security,
111th Cong. (Mar. 3, 2010) (Statement of Jonathan Blum, Director,
Center for Medicare Management).
[11] To conduct our evaluation of CMS's oversight for the July 2008
report, we reviewed relevant laws, regulations, and CMS guidance to
determine the elements of a comprehensive compliance plan including
fraud and abuse programs. We also interviewed officials from CMS and
the HHS's Office of the Inspector General (OIG). In addition, we
reviewed documentation from CMS, including CMS's Part D oversight
strategy, program audit strategies, contracts related to Part D
program integrity efforts, and technical assistance provided by CMS
specific to fraud and abuse programs. A detailed explanation of our
methodology is included in our July 2008 report. To prepare our March
2010 testimony statement, we interviewed officials from CMS and
reviewed agency documents to obtain selected updated information on
CMS oversight.
[12] Other areas include Part D grievances, coverage determinations,
redeterminations and appeals, enrollment and disenrollment, premium
billing, etc. CMS told us that they use a risk assessment to determine
which program area(s) represents risk for noncompliance, and then CMS
conducts a performance audit on these areas.
[13] MEDICs assisted CMS with completing its compliance plan audits
under separate contracts with CM/PCOG and CPI according to CMS
officials. CM/PCOG also contracted with an additional private
contractor to assist CMS with conducting performance audits for
requirements other than CMS's compliance plan requirements.
[14] CMS selects the top, or parent, level of sponsor organizations
for performance audits, making all contracts and plans therein subject
to the audit. Therefore, for the purposes of this report, "sponsor"
refers to the parent organization. Sponsors may have multiple
contracts with CMS with each contract offering one or more distinct
Part D plans.
[15] CMS officials told us they selected all sponsors that received a
compliance plan desk audit in 2009 for on-site compliance plan audit
in 2010. Of the 16 sponsors that received a 2009 compliance plan desk
audit, 9 were also selected for and received a wider performance audit
based on CMS's 2010 risk assessment or compliance/enforcement
referrals, and 7 received a compliance-plan-only audit.
[16] The evaluation identified plans at risk for having poorly
designed compliance plans through measures such as high complaint or
grievance rates, poor outcomes from previous audits, or problems
reporting required information to CMS.
[17] Six of the audited sponsors had enrollment of over one million
beneficiaries.
[18] CMS officials told us that although they were in the process of
updating guidance in chapter 9 of the Part D Prescription Drug Benefit
Manual related to the rule issued in April 2010, the 2010 compliance
plan audit protocols incorporated the changes made to CMS regulations
because many of these requirements were already reflected in existing
sub-regulatory guidance.
[19] As of February 2011, CMS officials reported that the agency had
issued compliance plan audit findings to the sponsors that were
subject to 2010 enforcement actions in CMS's notice of those actions.
Also, CMS had issued reports to sponsors for 11 of the compliance plan
audits conducted.
[20] In an additional effort to strengthen Part D oversight, CMS hired
a contractor to assess the MEDIC program. That study was completed in
April 2010. Officials told us that the agency made changes to its
MEDIC oversight strategy for Parts C and D as a result of the study.
Review of the MEDIC tasks are outside the scope of this report.
[21] For our March 2010 testimony, CMS officials told us that in
conducting the 16 desk and 2 pilot on-site audits they found that
sponsors had deficiencies in implementation of two of the required
compliance elements--internal auditing and monitoring and training and
education. These findings were similar to our July 2008 findings.
[End of section]
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "E-mail Updates."
Order by Phone:
The price of each GAO publication reflects GAO‘s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO‘s Web site,
[hyperlink, http://www.gao.gov/ordering.htm].
Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional
information.
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Ralph Dawn, Managing Director, dawnr@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548:
