Improper Payments

Reported Medicare Estimates and Key Remediation Strategies Gao ID: GAO-11-842T July 28, 2011

In Process

For fiscal year 2010, HHS reported an estimate of almost $48 billion in Medicare improper payments, representing about 38 percent of the total $125.4 billion estimate for the federal government. However, this Medicare improper payment estimate is incomplete because HHS has yet to develop a comprehensive estimate for the Medicare prescription drug benefit. The improper payment estimate includes both overpayments and underpayments. Causes cited include inadequate documentation, medically unnecessary services, coding errors, and payment calculation errors. It is important to recognize that the $48 billion is not an estimate of fraud in Medicare. Because the improper payment estimation process is not designed to detect or measure the amount of fraud that may exist, there may be fraud that is not reflected in HHS's reported estimate. CMS faces challenges in designing and implementing internal controls to effectively prevent or detect and recoup improper payments. In 2010, CMS established the Center for Program Integrity to serve as its focal point for all national Medicare program integrity issues. Based on past work, GAO identified five key strategies to help reduce fraud, waste, and abuse and improper payments in Medicare, which CMS has reported initiating actions to address. GAO has made recommendations to strengthen CMS's implementation of these strategies, some of which the agency has not implemented. (1) Strengthen provider enrollment standards and procedures. Strong standards and procedures can help reduce the risk of enrolling providers intent on defrauding the program. CMS has taken action to implement provisions of the Patient Protection and Affordable Care Act by screening providers by levels of risk and providing more stringent review of high-risk providers, but has yet to implement certain GAO recommendations in this area. (2) Improve prepayment reviews. Prepayment reviews of claims help ensure that Medicare pays correctly the first time. According to CMS, as of July 1, 2011, CMS has begun applying predictive modeling analysis to claims and plans to expand Medicare prepayment controls. CMS has not implemented GAO's recommendation to improve prepayment reviews. (3) Focus postpayment reviews on vulnerable areas. Postpayment reviews are critical to identifying payment errors and recouping overpayments. In March 2009, CMS began instituting a national recovery audit contractor (RAC) program to help the agency supplement its postpayment reviews. CMS has also developed information technology to help it better identify claims paid in error, but GAO recently reported that the systems are not being used to the extent originally planned and made several recommendations to address the issues. (4) Improve oversight of contractors. CMS has taken action to improve oversight of prescription drug plan sponsors' fraud and abuse programs, which addresses GAO's recommendation, but is still developing specific performance statistics. (5) Develop a robust process to address identified vulnerabilities. Having mechanisms in place to resolve vulnerabilities that lead to improper payments is critical. While CMS has begun actions in this area, it has not developed a robust corrective action process for vulnerabilities identified by Medicare RACs as GAO recommended.

GAO-11-842T, Improper Payments: Reported Medicare Estimates and Key Remediation Strategies This is the accessible text file for GAO report number GAO-11-842T entitled 'Improper Payments: Reported Medicare Estimates and Key Remediation Strategies' which was released on July 28, 2011. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Testimony before the Subcommittee on Government Organization, Efficiency and Financial Management, Committee on Oversight and Government Reform, House of Representatives: For Release on Delivery: Expected at 10:30 a.m. EDT: Thursday, July 28, 2011: Improper Payments: Reported Medicare Estimates and Key Remediation Strategies: Statement of Kay L. Daly: Director, Financial Management and Assurance: Kathleen M. King: Director, Health Care: GAO-11-842T: GAO Highlights: Highlights of GAO-11-842T, a testimony before the Subcommittee on Government Organization, Efficiency and Financial Management, Committee on Oversight and Government Reform, House of Representatives. Why GAO Did This Study: GAO has designated Medicare as a high-risk program because of its size, complexity, and susceptibility to improper payments. In 2010, Medicare covered 47 million elderly and disabled beneficiaries and had estimated outlays of $516 billion. The Centers for Medicare & Medicaid Services (CMS) is the agency in the Department of Health and Human Services (HHS) responsible for administering the Medicare program and leading efforts to reduce Medicare improper payments. This testimony focuses on estimated improper payments in the Medicare program for fiscal year 2010 and the status of CMS‘s efforts to implement key strategies to help reduce improper payments. This testimony is primarily based on previous GAO reporting related to governmentwide improper payments, Medicare high-risk challenges and program integrity efforts, and CMS‘s information technology systems intended to identify improper payments. GAO supplemented that prior work with additional information on the nature and extent of Medicare improper payments reported by HHS in its fiscal year 2010 agency financial report. GAO also received updated information from CMS in February 2011 and, in select cases, as of July 2011, on its actions related to relevant laws, regulations, guidance, and open recommendations pertaining to key remediation strategies. What GAO Found: For fiscal year 2010, HHS reported an estimate of almost $48 billion in Medicare improper payments, representing about 38 percent of the total $125.4 billion estimate for the federal government. However, this Medicare improper payment estimate is incomplete because HHS has yet to develop a comprehensive estimate for the Medicare prescription drug benefit. The improper payment estimate includes both overpayments and underpayments. Causes cited include inadequate documentation, medically unnecessary services, coding errors, and payment calculation errors. It is important to recognize that the $48 billion is not an estimate of fraud in Medicare. Because the improper payment estimation process is not designed to detect or measure the amount of fraud that may exist, there may be fraud that is not reflected in HHS‘s reported estimate. CMS faces challenges in designing and implementing internal controls to effectively prevent or detect and recoup improper payments. In 2010, CMS established the Center for Program Integrity to serve as its focal point for all national Medicare program integrity issues. Based on past work, GAO identified five key strategies to help reduce fraud, waste, and abuse and improper payments in Medicare, which CMS has reported initiating actions to address. GAO has made recommendations to strengthen CMS‘s implementation of these strategies, some of which the agency has not implemented. Strengthen provider enrollment standards and procedures. Strong standards and procedures can help reduce the risk of enrolling providers intent on defrauding the program. CMS has taken action to implement provisions of the Patient Protection and Affordable Care Act by screening providers by levels of risk and providing more stringent review of high-risk providers, but has yet to implement certain GAO recommendations in this area. Improve prepayment reviews. Prepayment reviews of claims help ensure that Medicare pays correctly the first time. According to CMS, as of July 1, 2011, CMS has begun applying predictive modeling analysis to claims and plans to expand Medicare prepayment controls. CMS has not implemented GAO‘s recommendation to improve prepayment reviews. Focus postpayment reviews on vulnerable areas. Postpayment reviews are critical to identifying payment errors and recouping overpayments. In March 2009, CMS began instituting a national recovery audit contractor (RAC) program to help the agency supplement its postpayment reviews. CMS has also developed information technology to help it better identify claims paid in error, but GAO recently reported that the systems are not being used to the extent originally planned and made several recommendations to address the issues. Improve oversight of contractors. CMS has taken action to improve oversight of prescription drug plan sponsors‘ fraud and abuse programs, which addresses GAO‘s recommendation, but is still developing specific performance statistics. Develop a robust process to address identified vulnerabilities. Having mechanisms in place to resolve vulnerabilities that lead to improper payments is critical. While CMS has begun actions in this area, it has not developed a robust corrective action process for vulnerabilities identified by Medicare RACs as GAO recommended. View [hyperlink, http://www.gao.gov/products/GAO-11-842T] or key components. For more information, contact Kay L. Daly at (202) 512- 9312 or dalykl@gao.gov or Kathleen M. King at (202) 512-7114 or kingk@gao.gov. [End of section] Chairman Platts, Ranking Member Towns, and Members of the Subcommittee: Thank you for the opportunity to be here today to discuss improper payments in the Medicare program, as well as the Centers for Medicare & Medicaid Services' (CMS) efforts to remediate them. In 2010, Medicare covered 47 million elderly and disabled beneficiaries and had estimated outlays of $516 billion, making it one of the largest federal programs. Medicare consists of four parts: A, B, C, and D. Medicare Parts A and B are known as Medicare fee-for-service. Part A covers hospital and other inpatient stays. Medicare Part B covers hospital outpatient, physician, and other services. Part C is Medicare Advantage, under which beneficiaries receive benefits through private health plans. Part D is the Medicare outpatient prescription drug benefit. CMS is the agency in the Department of Health and Human Services (HHS) responsible for administering the Medicare program and leading efforts to reduce Medicare improper payments. GAO has designated Medicare as a high-risk program because of its size, complexity, and susceptibility to improper payments.[Footnote 1] As defined by the Improper Payments Elimination and Recovery Act of 2010 (IPERA), an improper payment is any payment that should not have been made or that was made in an incorrect amount (including overpayments and underpayments) under statutory, contractual, administrative, or other legally applicable requirements.[Footnote 2] For fiscal year 2010, federal agencies reported an estimated $125.4 billion in improper payments, of which Medicare accounts for nearly $48 billion--the highest estimated amount of improper payments in a single program. The Medicare improper payment estimates do not reflect all of the program's risk because HHS did not report a total improper payment estimated amount for its Medicare prescription drug benefit program (Part D). Despite progress made by CMS, reducing improper payments in the program is a continuing challenge for CMS due to the size and scope of Medicare. Fiscal year 2010 marked the 7th year of implementation of the Improper Payments Information Act of 2002 (IPIA).[Footnote 3] IPIA requires executive branch agencies to annually review all programs and activities to identify those that are susceptible to significant improper payments, estimate the annual amount of improper payments for such programs and activities, and report these estimates along with actions taken to reduce improper payments for programs with estimates that exceed $10 million. IPERA, enacted July 22, 2010, amended IPIA by expanding the previous requirements for identifying, estimating, and reporting on programs and activities susceptible to significant improper payments and expanding requirements for recovering overpayments across a broad range of federal programs.[Footnote 4] IPERA provisions generally became effective in fiscal year 2011. The Office of Management and Budget (OMB) has since issued updated guidance for federal agencies on reporting, reducing, and recovering improper payments.[Footnote 5] In addition, the Patient Protection and Affordable Care Act (PPACA),[Footnote 6] as amended by the Health Care and Education Reconciliation Act of 2010,[Footnote 7] contains provisions designed to help reduce improper payments in the Medicare program. See appendix I for additional information about recent congressional and executive branch actions related to Medicare improper payments. Today, my testimony will focus on two areas: * HHS reported estimated improper payments in the Medicare program for fiscal year 2010, and: * the status of CMS's efforts to implement key strategies to help remediate improper payments in the Medicare program. My statement today is based primarily on previous GAO reporting related to governmentwide improper payments, Medicare high-risk challenges and program integrity efforts, and CMS's information technology systems intended to help identify improper payments. We supplemented that prior work with additional information on the nature and extent of Medicare improper payments reported by HHS in its fiscal year 2010 agency financial report (AFR). We also received updated information from CMS in February 2011 and, in select cases, as of July 2011, on its actions related to relevant laws, regulations, guidance, and open recommendations pertaining to the key remediation strategies discussed later in this statement. A list of related GAO products is included at the end of this statement. Our prior work was conducted in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Improper Payments in the Medicare Program: HHS annually reports on improper payments in its AFR. For fiscal year 2010, HHS reported improper payment estimates for several programs, including Medicare. Collectively, HHS reported an estimate of almost $48 billion in improper payments in Medicare.[Footnote 8] The $48 billion in estimated improper payments reported for fiscal year 2010 is attributable to Medicare fee-for-service and Medicare Advantage. [Footnote 9] As shown in figure 1, the Medicare program represents about 38 percent of the $125.4 billion improper payment estimated amount reported by 20 federal agencies covering 70 programs. Further, Medicare's estimated improper payment amount is the highest among all federal programs that reported an estimated amount. Figure 1: Fiscal Year 2010 Estimated Improper Payment Reported Amounts for Federal Programs: [Refer to PDF for image: pie-chart] Medicare Fee-for-Service: 27% ($34.3 billion); Medicare Advantage: 11% ($13.6 billion); Other federal programs: 62% ($77.5 billion). Source: GAO summary of agency data. [End of figure] HHS's estimated amount of improper payments for Medicare is incomplete because it has yet to report a comprehensive improper payment estimate for the Medicare prescription drug benefit program, which had reported outlays of about $59 billion in fiscal year 2010. However, HHS has taken some steps to develop a comprehensive improper payment error rate.[Footnote 10] Specifically, for fiscal year 2010, HHS calculated error rates for the four components of the Medicare prescription drug benefit program, with the estimates ranging from $45 million to $5.4 billion for each component. However, HHS reported that the four estimates overlap and consequently cannot be totaled. HHS reported that it expects to report a comprehensive estimate for the prescription drug benefit program in fiscal year 2011. It is important to recognize that the $48 billion in estimated improper payments reported by HHS in fiscal year 2010 is not an estimate of fraud in Medicare.[Footnote 11] Reported improper payment estimates include many types of overpayments, underpayments, and payments that were not adequately documented. In addition, because the improper payment estimation process is not designed to detect or measure the amount of fraud in Medicare, there may be fraud that exists in the Medicare program that is not included in the reported improper payment estimate. In addition to inadequate documentation, HHS cited a number of other causes for the estimated $48 billion in reported improper payments, including the provision of services that were found not to be medically necessary, coding errors, incorrect interpretation of data, and payment calculation errors. HHS reported that its analysis showed most Medicare fee-for-service improper payments were for medically unnecessary durable medical equipment and inpatient hospital services. For Medicare Advantage, HHS reported that the majority of the improper payment estimate resulted from insufficient documentation to support the diagnoses submitted by private health plans for payment. CMS's methodology for estimating improper payments has evolved. Beginning in 1996, HHS's Office of Inspector General (OIG) estimated improper payments in the Medicare fee-for-service program as part of its annual financial statement audit. In fiscal year 2003, CMS assumed responsibility for estimating Medicare fee-for-service improper payments and modified the methodology to improve error detection and provide more detailed information on the errors. During fiscal year 2009, HHS revised its methodology for calculating the Medicare fee-for- service improper payment error rate based on HHS OIG audit reports and input from CMS advisory medical staff. According to HHS, the revised methodology is more stringent. Using this revised methodology for a limited number of claims reviewed in fiscal year 2009, HHS reported estimated Medicare fee-for-service improper payments of $24.1 billion in its fiscal year 2009 AFR, representing an error rate of 7.8 percent. However, HHS subsequently restated the fiscal year 2009 improper payment estimate for Medicare fee-for-service by applying the results of the revised methodology to the entire year and reported a revised estimate of $35.4 billion and an error rate of 12.4 percent. CMS set key performance measures to reduce improper payments for Medicare fee-for-service and Medicare Advantage. For fiscal year 2010, HHS reported error rates of 10.5 percent and 14.1 percent for Medicare fee-for-service and Medicare Advantage, respectively. HHS reported that it met its improper payment error rate target for Medicare Advantage in fiscal year 2010 by achieving a 14.1 percent error rate, which was better than its goal of 14.3 percent. However, CMS was not able to demonstrate sustained progress in reducing its Medicare fee- for-service improper payment rate. As discussed previously, HHS reported that it made changes to improve the estimation methodology, which meant that previous estimates were not comparable to those HHS made in fiscal year 2010. For fiscal year 2012, CMS reported that it set improper payment reduction targets as part of the strategic plan prepared under the Government Performance and Results Act of 1993. [Footnote 12] The 2012 target error rates are 6.2 percent for Medicare fee-for-service and 13.2 percent for Medicare Advantage. Further, in response to Executive Order 13520,[Footnote 13] HHS designated the Assistant Secretary for Financial Resources and Deputy Administrator for Program Integrity at CMS as the accountable officials responsible for efforts to reduce improper payments and establish improper payment reduction targets for Medicare fee-for- service and Medicare Advantage as shown in figure 2. Figure 2: Reduction Targets for Medicare Fee-for-Service and Medicare Advantage Improper Payments: [Refer to PDF for image: vertical bar graph] FY 2011: Target rates for Medicare Fee-for-Service: 8.5%; Target rates for Medicare Advantage (Part C): 13.7%. FY 2012: Target rates for Medicare Fee-for-Service: 6.2%; Target rates for Medicare Advantage (Part C): 13.2%. FY 2013: Target rates for Medicare Fee-for-Service: 5.8%; Target rates for Medicare Advantage (Part C): 12.9%. Source: GAO analysis. Note: Data are from [hyperlink, http://www.PaymentAccuracy.gov] (accessed July 22, 2011). Executive Order 13520, Reducing Improper Payments, required that the Secretary of the Treasury in coordination with the Attorney General and OMB publish information regarding improper payments on the Internet. [End of figure] In 2010, CMS created the Center for Program Integrity (CPI) to serve as its focal point for all national Medicare program integrity issues. CPI is responsible for addressing program vulnerabilities leading to improper payments, including collaborating with other CMS components to develop and implement a comprehensive strategic plan, objectives, and measures to carry out the agency's program integrity mission and goals. According to CMS documentation describing the program, CPI was designed to promote Medicare integrity through the following activities: * conducting provider and contractor audits and policy reviews; * identifying and monitoring program vulnerabilities; * providing support and assistance to states; * collaborating on the development and advancement of new legislative initiatives and improvements to deter, reduce, and eliminate fraud, waste, and abuse; * overseeing all CMS interactions and collaboration with key stakeholders related to program integrity (e.g., the Department of Justice, HHS OIG, and state law enforcement agencies) for the purposes of detecting, deterring, monitoring, and combating fraud and abuse; and: * taking action against those who commit or participate in fraudulent or other unlawful activities. Status of CMS's Efforts to Implement Key Strategies to Help Remediate Improper Payments: CMS has begun a number of initiatives related to the five strategies identified in our previous reporting that are key to reducing Medicare improper payments. However, CMS still faces significant challenges in designing and implementing internal controls to effectively prevent or detect and recoup improper payments and to prevent fraud, waste, and abuse. In March 2011, we testified that effective implementation of GAO recommendations, provisions in recently enacted laws, and recent guidance related to five key strategies could help remediate fraud, waste, abuse, and improper payments in the Medicare program.[Footnote 14] Figure 3 provides an overview of those key strategies. Figure 3: Strategies to Help Reduce Improper Payments in the Medicare Program: [Refer to PDF for image: illustration] * Strengthen provider enrollment; * Improve prepayment reviews; * Focus postpayment reviews on vulnerable areas; * Improve oversight of contractors; * Develop a robust process to address identified vulnerabilities. Source: GAO. [End of figure] We testified in March 2011 that PPACA had a number of provisions that, if effectively addressed, could aid CMS in its efforts to minimize improper payments.[Footnote 15] Specifically, PPACA included provisions related to strengthening provider enrollment and improving contractor oversight. CMS had issued final rules implementing some of these provisions. In addition, in June 2011, we reported on challenges CMS has faced in implementing information technology systems to help it identify potentially fraudulent or abusive claims that had been paid.[Footnote 16] The following sections provide an overview of CMS reported actions related to each of the five strategies we identified in our prior reporting as key to helping reduce Medicare improper payments. GAO has made recommendations to strengthen CMS's actions to address these strategies, some of which have not been implemented. Strengthening provider enrollment standards and procedures. As discussed in our March 2011 testimony,[Footnote 17] strengthening the standards and procedures for provider enrollment could help reduce the risk of enrolling providers intent on defrauding or abusing the program. CMS has previously identified two types of providers whose services and items are especially vulnerable to improper payments-- home health agencies (HHA) and suppliers of durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS). In our 2009 report on HHAs, we found problems with the enrollment procedures--for example, CMS's contractors were not requiring HHAs to resubmit enrollment information (including information about key officials, operating capital, and practice location) for reverification every 5 years as required by CMS.[Footnote 18] CMS implemented one of the recommendations from that report but did not implement a recommendation to revoke billing privileges from HHAs engaged in a pattern of improper billing practices. In a 2005 report on DMEPOS suppliers, we found that CMS had not taken sufficient steps to prevent entities intent on defrauding Medicare from enrolling, and we reported that more effective screening and stronger enrollment standards were needed to ensure that new suppliers were legitimate businesses.[Footnote 19] Partly in response to our recommendation to improve the provider enrollment process, CMS took steps to implement new supplier quality standards as part of an accreditation rule issued in August 2006 and proposed new supplier enrollment standards in January 2008. It proposed that suppliers would be required to meet these new accreditation standards in 2009. However, the new supplier enrollment standards were not finalized until August 2010. Several requirements in PPACA focus on strengthening provider enrollment procedures, which could help prevent Medicare from making improper payments and address some of our previous concerns and recommendations. For example, PPACA requires the Secretary of HHS, in consultation with the HHS OIG, to establish procedures for screening providers enrolling in Medicare, including assessing the risk levels of fraud, waste, and abuse by categories of providers. At a minimum, PPACA requires all providers to be subject to licensure checks, which may include checks across state lines. Further, PPACA provides for enhanced oversight of new providers for specific periods of time and of initial claims of DMEPOS suppliers. On February 2, 2011, CMS and the HHS OIG published a final rule to implement these new screening procedures.[Footnote 20] In addition, PPACA imposes specific requirements for providers to disclose any current or previous affiliation with a provider that has uncollected debt; has been or is subject to a payment suspension under a federal health care program; has been excluded from participation under Medicare, Medicaid, or the Children's Health Insurance Program or has had its billing privileges denied or revoked. The law allows CMS to deny enrollment to any such provider whose previous affiliations pose an undue risk. In February 2011, CMS officials told us that they were drafting a proposed rule to implement this authority. Further, providers that order home health services must have a face-to-face encounter with the beneficiary before the services can be ordered. CMS issued a final rule regarding this requirement in November 2010. To reduce spending for durable medical equipment and related supplies, the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA) required that CMS phase in, with several rounds of bidding, a large scale competitive bidding program for certain DMEPOS.[Footnote 21] CMS began to implement a Medicare competitive bidding program for durable medical equipment and supplies with prices that took effect in January 2011 from the first round of bidding. This program has the potential to help reduce fraud, waste, and abuse because it requires CMS to select DMEPOS suppliers based in part on new scrutiny of their financial documents and other application materials, among other things. PPACA required CMS to expedite implementation of the competitive bidding program for durable medical equipment, expanding the number of areas to be included in the second round of bidding from 70 to 91 by the end of 2011. CMS told us that it was working on round 2 of the competitive bidding program, which is anticipated to be operational in summer 2013. Improving prepayment review of claims. Our prior reporting on Medicare found that prepayment reviews of claims are essential to help ensure that Medicare pays correctly the first time. Conducting these reviews is challenging due to the volume of claims. Overall, less than 1 percent of Medicare's claims are subject to a medical record review by trained contractor personnel. Therefore, having robust automated payment controls--called edits--in place to deny inappropriate claims or flag them for further review is critical. However, in our 2007 report, we identified weaknesses in these prepayment controls.[Footnote 22] For example, we found that contractors responsible for reviewing DMEPOS claims did not have automated prepayment controls in place to identify questionable claims, such as those associated with atypically rapid increases in billing or for items unlikely to be prescribed in the normal course of medical care. Since then, CMS has added computer edits to flag claims for services unlikely to be provided in the normal course of medical care, but has not implemented our recommendation to have edits in place based on thresholds for unexplained increases in billing. If implemented, several recent legislative requirements and administrative directives could help CMS with its prepayment review to prevent improper payments. First, the Small Business Jobs Act of 2010 requires CMS to use predictive modeling and other analytic techniques-- known as predictive analytic technologies--both to identify and to prevent improper payments under the Medicare fee-for-service program. [Footnote 23] These predictive analytic technologies will be used to analyze and identify Medicare provider networks, billing patterns, and beneficiary utilization patterns and detect those that represent a high risk of fraudulent activity. Through such analysis, unusual or suspicious patterns or abnormalities could be identified that could be used to prioritize additional review of suspicious transactions before payment is made. CMS published a solicitation in December 2010 for these technologies and a case management system to track findings. The legislation provides that the solicitation require contractors that are selected to begin using these technologies on July 1, 2011, in the 10 states identified by CMS as having the highest risk of fraud, waste, or abuse in Medicare fee-for-service payments. After the initial year, based on the results of the predictive analytic technologies, CMS reported that it plans to expand their use to other states beyond the 10 states identified as having the highest risk for fraud, waste, and abuse. According to CMS, as of July 1, 2011, initial predictive modeling has been used on claims prior to payment to identify their level of risk for being improper and to focus investigative efforts. Second, a June 2010 presidential memorandum directed agencies to check certain databases--known as the "Do Not Pay List"--before making payments, to ensure that payments do not go to individuals who were deceased or excluded from receiving federal payments or to entities that had been excluded from receiving federal payments. As of July 2011, this governmentwide database was still under development. However, CMS officials stated that, in response to the presidential memorandum, the agency reviewed selected databases that it and its Medicare contractors were using to determine payment eligibility for providers and took action to ensure that the agency's method of ensuring payment eligibility was consistent with the intent of the "Do Not Pay List." Focusing postpayment claims review on most vulnerable areas. We previously reported that postpayment reviews are critical to identifying payment errors to recoup overpayments in Medicare. CMS's claims administration contractors conduct limited postpayment reviews. Therefore, it is important that they target their postpayment review resources on providers with a demonstrated high risk of improper payments. Further, we previously reported that CMS could strengthen postpayment home health claims review by focusing postpayment claims review on the most vulnerable areas and increasing the amount of postpayment review by using recovery audit contractors (RAC) for the Medicare program. CMS has not acted to implement our recommendation about focusing postpayment home health claims review based on high rates of improper billing identified through prepayment reviews. CMS has had efforts focusing on postpayment review of claims, most recently its national RAC program, begun in March 2009, after completion of a 3-year demonstration program in 2008.[Footnote 24] The national program was designed to help the agency supplement the postpayment reviews conducted by contractors other than RACs. The RACs review fee-for-service claims after payment, but because RACs are paid a contingent fee based on the dollar value of the improper payments identified, they have focused on claims from inpatient hospital stays, which are generally more costly services. PPACA expanded Medicare's RAC program to Medicare Advantage and the prescription drug benefit program. CMS published a request for comments on the development of RACs for those programs in December 2010. CMS awarded a Medicare prescription drug benefit RAC task order for a 1-year base period that began January 2011 and included 4 option years. In June 2011, we reported that CMS has also developed information technology to help it better identify claims paid in error, but the systems are not being used to the extent originally planned, and CMS has not measured whether they have helped in reducing payment errors. [Footnote 25] To integrate claims information and improve its ability to identify fraud, waste, and abuse, CMS initiated two information technology system programs in 2006: the Integrated Data Repository (IDR)[Footnote 26] and One Program Integrity (One PI) to centralize and make more accessible the data needed to conduct these analyses. The IDR was intended to provide a central source of data related to Medicare and Medicaid claims, and the One PI system is a web-based portal and suite of analytical software tools to be used to extract data from IDR and enable complex analyses of these data. As we reported in June 2011, although CMS has developed and implemented IDR and One PI for use by its program integrity analysts, IDR did not include all the data the agency planned to have incorporated by the end of 2010.[Footnote 27] For example, IDR includes most types of Medicare claims data, but did not include data from other CMS systems that are needed to help analysts identify improper payments. According to IDR program officials, these data were not incorporated into IDR because funding for the development of the software and acquisition of the hardware needed to meet this requirement was not approved until the summer of 2010. Since then, IDR program officials have developed project plans and identified users' requirements, and plan to incorporate these additional data by November 2011. In addition, CMS has developed and deployed One PI, but the system has been used by a limited number of analysts--less than 7 percent of the intended user community--and did not yet provide as many tools as planned. According to agency officials, plans to train and deploy the system to a broad community of users were disrupted when resources dedicated to these activities were redirected to address a need to improve the user training program. Further, as of June 2011, plans and schedules for completing the remaining work had not been finalized, and CMS had not identified risks and obstacles to project schedules that may affect its ability to ensure broad use and full implementation of the systems. Consequently, the agency may miss an opportunity to effectively use these information technology solutions to enhance its ability to detect fraud, waste, and abuse in the Medicare program. In our June 2011 report, we made seven recommendations to help ensure that the development and implementation of IDR and One PI help CMS meet its program integrity goals and objectives.[Footnote 28] CMS concurred with GAO's recommendations and agreed to act upon them. Improving oversight of contractors. As called for in our Standards for Internal Control in the Federal Government,[Footnote 29] monitoring the activities used by an organization to address improper payments should be performed continually and should be ingrained in the entity's operations. Over the years, we have found areas where CMS's oversight of contractor activities that provide services to Medicare beneficiaries had been insufficient to ensure that required program control activities were conducted and working well. For example, all Part D drug-plan sponsors are required to have programs to prevent, detect, and correct fraud, waste, and abuse--also referred to as fraud and abuse programs. CMS is responsible for ensuring that sponsors are in compliance with this requirement. However, in 2008 we found that CMS's oversight of these programs was limited.[Footnote 30] We recommended that CMS conduct timely audits of sponsors' fraud and abuse programs. CMS agreed with this recommendation. In March 2010, we reported that CMS had completed desk audits of selected sponsors' programs and was beginning to implement an expanded oversight strategy, including on-site audits to assess the effectiveness of these programs more thoroughly.[Footnote 31] In November 2010, CMS officials reported that the agency had conducted on-site audits of 33 of the 290 sponsors in 2010 covering 62 percent of the enrolled beneficiaries in 2010, which addresses our recommendation. As a result of the on-site audits, CMS had taken formal enforcement actions against several sponsors. In addition, CMS published a final rule in April 2010 to increase its oversight efforts and ensure that sponsors have effective programs in place.[Footnote 32] PPACA included provisions for CMS to evaluate contractors receiving Medicare Integrity Program and Medicaid Integrity Program funding every 3 years. In addition, PPACA requires these contractors to provide performance statistics to HHS and its OIG upon request. In February 2011, CMS officials told us that they were taking action to implement these requirements for Medicare. At that time, officials told us that CMS was tracking performance statistics and adding to and refining these statistics and was also developing the specific performance statistics for its Part D integrity contractors and expected to finalize these statistics this year. Developing a robust process for addressing identified vulnerabilities. Having mechanisms in place to resolve vulnerabilities that lead to improper payments is key to effective program management. But our work has shown that CMS has not developed a robust process to specifically address identified vulnerabilities that lead to improper payments in Medicare. We have reported that an agency should have policies and procedures to ensure that (1) the findings of all audits and reviews are promptly evaluated, (2) decisions are made about the appropriate response to these findings, and (3) actions are taken to correct or resolve the issues promptly.[Footnote 33] We have also stressed the importance of holding individuals accountable for achieving agency objectives. However, as we reported in March 2010, CMS had not established an adequate process during its recovery audit contracting demonstration or in planning for the subsequent recovery audit national program to ensure prompt resolution of identified improper payment vulnerabilities in Medicare.[Footnote 34] During the demonstration, CMS did not assign responsibility to agency officials or contractors for taking corrective action. According to CMS officials, the agency took corrective action only for vulnerabilities with national implications, and let the contractors that processed and paid claims decide whether to take action for vulnerabilities that might occur only in certain geographic areas. Additionally, we reported that during the demonstration CMS did not specify in a plan what type of corrective action was required or establish a time frame for corrective action. We also found that the lack of documented responsibility assignments impeded CMS's efforts to promptly resolve the vulnerabilities identified during the demonstration. For the national Medicare RAC program, although CMS established a corrective action team to compile, review, and categorize identified vulnerabilities and discuss corrective action recommendations, the corrective action process was still incomplete. CMS appointed the Director of the Office of Financial Management to be responsible for the day-to-day operations of the program, and the CMS Administrator to be responsible for vulnerabilities that span agency components. However, the corrective action process did not include any steps to either assess the effectiveness of the corrective actions taken or adjust them as necessary based on the results of the assessments. Further, the agency had not developed time frames for implementing corrective actions. Because of these weaknesses, we recommended that CMS develop and implement a corrective action process that includes policies and procedures to ensure that the agency promptly (1) evaluates findings of RAC audits, (2) decides on the appropriate response and a time frame for taking action based on established criteria, and (3) acts to correct the vulnerabilities identified.[Footnote 35] CMS concurred with this recommendation. Agency officials said they intended to review vulnerabilities on a case-by-case basis and were considering assigning them to risk categories to help prioritize their actions. In February 2011, CMS reported that the agency was still working to address the vulnerabilities identified during the demonstration program. Specific to corrective actions, CMS officials told us that its contractors were required to consider and evaluate vulnerabilities identified by various entities, including the RACs. However, as of March 2011, CMS had not yet implemented this recommendation. We will continue to follow up with CMS on its progress in this area. Concluding Observations: With the amount of estimated improper payments and the unknown amounts of potential fraud, waste, and abuse in the Medicare program, it is critical for CMS to act quickly and decisively to reduce them. As it implements PPACA provisions concerning Medicare, CMS has an opportunity to use new tools to help address fraud, waste, abuse, and improper payments in the program. CMS has taken a number of actions related to rule making and issuing guidance to implement recent legislative and regulatory provisions, but because many efforts are in process, it is too early to gauge their effectiveness. These requirements will be critical in helping ensure integrity in Medicare operations, as will additional evaluation and oversight to determine whether they are implemented as intended and have the desired effect on ensuring that payments are made for intended and proper purposes. Notably, we are beginning new work to assess CMS's efforts to strengthen the standards and procedures for Medicare provider enrollment to reduce the risk of enrolling providers that are intent on defrauding or abusing the program. We are also examining the effectiveness of different types of prepayment edits in Medicare systems and of CMS's oversight of its contractors in implementing those edits to help ensure that Medicare pays claims correctly the first time. The level of importance CMS places on effectively implementing our recommendations and the requirements established by recent laws and guidance will be a key factor in reducing improper payments and potential fraud, waste, and abuse in the Medicare program and ensuring that federal funds are used efficiently and for their intended purposes. In this regard, we plan to continue monitoring these issues. Chairman Platts, Ranking Member Towns, this completes my prepared statement. I would be happy to respond to any questions you or other members of the subcommittee may have at this time. GAO Contacts and Staff Acknowledgments: For more information regarding this testimony, please contact, Kay L. Daly, Director, Financial Management and Assurance, at (202) 512-9312 or by e-mail at DalyKL@gao.gov or Kathleen M. King, Director, Health Care, at (202) 512-7114 or by e-mail at KingK@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this testimony. Individuals making key contributions to this testimony included Valerie Melvin, Director; Carla Lewis, Assistant Director; Sheila K. Avruch, Assistant Director; Teresa Tucker, Assistant Director; Jacquelyn Hamilton; Jim Healy; Jason S. Kirwan; Crystal Lazcano; and Chelsea Lounsbury. [End of section] Appendix I: Recent Key Legislative and Executive Branch Efforts: Over the past couple of years, Congress and the executive branch have taken a number of actions intended to heighten the attention given to the issue of improper payments and to promote corrective actions. The Centers for Medicare & Medicaid Services' (CMS) efforts to identify and remediate Medicare improper payments will be affected by these new initiatives. Table 1 summarizes the recent legislative and executive branch efforts intended to improve oversight and accountability over improper payments governmentwide, as well as key actions specific to Medicare. Table 1: Recent Key Legislative and Executive Efforts to Improve Oversight and Accountability over Improper Payments: Date: March 2009; Action: Medicare fee-for-service national recovery audit contractor program implementation begins: (as required by the Tax Relief and Health Care Act of 2006). Date: November 2009; Executive Order 13520, Reducing Improper Payments. Date: March 2010; Action: Presidential memorandum, Finding and Recapturing Improper Payments; Patient Protection and Affordable Care Act (PPACA), including expanding the national recovery audit contractor program to Medicare Advantage and Medicare prescription drug benefit program; Health Care and Education Reconciliation Act of 2010. Date: June 2010; Action: President announced an Administration goal that Medicare fee- for-service error rate would be cut in half by fiscal year 2012; Presidential memorandum, Enhancing Payment Accuracy Through a "Do Not Pay List". Date: July 2010; Action: Improper Payments Elimination and Recovery Act of 2010 (IPERA). Date: September 2010; Action: Small Business Jobs Act of 2010. Source: GAO: Note: The data are from GAO summary of key improper payment initiatives. [End of table] In November 2009, Executive Order 13520, Reducing Improper Payments, was intended to focus on increasing transparency and accountability for reducing improper payments and creating incentives for reducing improper payments.[Footnote 36] Under the Executive Order, the Office of Management and Budget (OMB) designated 14 programs as high-priority programs to focus attention on the programs that significantly contribute to the federal government's improper payments. Medicare fee- for-service, Medicare Advantage, and Medicare prescription drug programs have been designated as high-priority programs as part of the Executive Order.[Footnote 37] Additionally, OMB established a Web site (www.PaymentAccuracy.gov) on the 14 high-priority programs that provides information on (1) the programs' senior accountable officials responsible for efforts to reduce improper payments; (2) current, targeted, and historical estimated rates of improper payments; (3) why improper payments occur in the programs; and (4) what federal agencies are doing to reduce improper payments and recover overpayments. To supplement program integrity efforts, the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 directed CMS to conduct a 3-year demonstration project on the use of a new type of contractors--recovery audit contractors (RAC)--in identifying underpayments and overpayments, and recouping overpayments in the Medicare program.[Footnote 38] The RAC demonstration program began in 2005. Subsequently, the Tax Relief and Health Care Act of 2006 required CMS to implement a national RAC program by January 1, 2010. [Footnote 39] CMS began implementing it in March 2009. In March 2010, the President issued a memorandum intended to expand agency efforts to recapture improper overpayments using recapture audits.[Footnote 40] Also, the Patient Protection and Affordable Care Act (PPACA),[Footnote 41] as amended by the Health Care and Education Reconciliation Act of 2010,[Footnote 42] contains provisions intended to improve accountability over Medicare. These provisions include: * establishing procedures for screening providers enrolling in Medicare, including assessing the risk levels of fraud, waste, and abuse by categories of providers; * expanding the Medicare RAC program to Medicare Advantage and Medicare prescription drug benefit program; * adding requirements for providers to disclose any current or previous affiliation with a provider that has uncollected debt; has been or is subject to a payment suspension under a federal health care program; has been excluded from participation under Medicare, Medicaid, or the Children's Health Insurance Program or has had its billing privileges denied or revoked; * expanding the number of areas to be included in the competitive bidding program for durable medical equipment; and: * strengthening the Health Care Fraud and Abuse Control Program, a joint effort of the HHS Inspector General and the Department of Justice, which is designed to coordinate law enforcement activities regarding health care fraud and abuse, including that in Medicare. In June 2010, the President announced that the Administration would reduce the error rate for the Medicare fee-for-service program by half by fiscal year 2012. Also, the President directed agencies to check certain databases--known as the "Do Not Pay List"--before making payments to ensure payments did not go to individuals who were deceased or excluded from receiving federal payments or to entities that had been excluded from receiving federal payments. In addition to amending the Improper Payments Information Act of 2002 (IPIA)[Footnote 43] improper payment estimation requirements, the Improper Payments Elimination and Recovery Act of 2010 (IPERA) [Footnote 44] established additional requirements related to (1) federal agency management accountability; (2) recovery auditing aimed at identifying and reclaiming payments made in error; (3) compliance and noncompliance determinations based on an inspector general's assessment of an agency's adherence to IPERA requirements, and reporting that determination; and (4) an opinion on internal controls over improper payments. OMB issued IPERA implementing guidance on April 14, 2011.[Footnote 45] The Small Business Jobs Act of 2010 also contains a provision regarding claims review to prevent improper payments.[Footnote 46] It requires CMS to use predictive modeling and other analytic techniques-- known as predictive analytic technologies--both to identify and to prevent improper payments under the Medicare fee-for-service program. The law requires these predictive analytic technologies to be used to analyze and identify Medicare provider networks, billing patterns, and beneficiary utilization patterns and detect those that represent a high risk of fraudulent activity. Through such analysis, unusual or suspicious patterns or abnormalities could be identified that could be used to prioritize additional review of suspicious transactions before payment is made. [End of section] Related GAO Products: Fraud Detection Systems: Additional Actions Needed to Support Program Integrity Efforts at Centers for Medicare and Medicaid Services. [hyperlink, http://www.gao.gov/products/GAO-11-822T]. Washington, D.C.: July 12, 2011. Fraud Detection Systems: Centers for Medicare and Medicaid Services Needs to Ensure More Widespread Use. [hyperlink, http://www.gao.gov/products/GAO-11-475]. Washington, D.C.: June 30, 2011. Improper Payments: Recent Efforts to Address Improper Payments and Remaining Challenges. [hyperlink, http://www.gao.gov/products/GAO-11-575T]. Washington, D.C.: April 15, 2011. Status of Fiscal Year 2010 Federal Improper Payments Reporting. [hyperlink, http://www.gao.gov/products/GAO-11-443R]. Washington, D.C.: March 25, 2011. Medicare and Medicaid Fraud, Waste, and Abuse: Effective Implementation of Recent Laws and Agency Actions Could Help Reduce Improper Payments. [hyperlink, http://www.gao.gov/products/GAO-11-409T]. Washington, D.C.: March 9, 2011. Medicare: Program Remains at High Risk Because of Continuing Management Challenges. [hyperlink, http://www.gao.gov/products/GAO-11-430T]. Washington, D.C.: March 2, 2011. Opportunities to Reduce Potential Duplication in Government Programs, Save Tax Dollars, and Enhance Revenue. [hyperlink, http://www.gao.gov/products/GAO-11-318SP]. Washington, D.C.: March 1, 2011. High-Risk Series: An Update. [hyperlink, http://www.gao.gov/products/GAO-11-278]. Washington, D.C.: February 2011. Medicare Recovery Audit Contracting: Weaknesses Remain in Addressing Vulnerabilities to Improper Payments, Although Improvements Made to Contractor Oversight. [hyperlink, http://www.gao.gov/products/GAO-10-143]. Washington, D.C.: March 31, 2010. Medicare Part D: CMS Oversight of Part D Sponsors' Fraud and Abuse Programs Has Been Limited, but CMS Plans Oversight Expansion. [hyperlink, http://www.gao.gov/products/GAO-10-481T]. Washington, D.C.: March 3, 2010. Improper Payments: Progress Made but Challenges Remain in Estimating and Reducing Improper Payments. [hyperlink, http://www.gao.gov/products/GAO-09-628T]. Washington, D.C.: April 22, 2009. Medicare: Improvements Needed to Address Improper Payments in Home Health. [hyperlink, http://www.gao.gov/products/GAO-09-185]. Washington, D.C.: February 27, 2009. Medicare Part D: Some Plan Sponsors Have Not Completely Implemented Fraud and Abuse Programs, and CMS Oversight Has Been Limited. [hyperlink, http://www.gao.gov/products/GAO-08-760]. Washington, D.C.: July 21, 2008. Medicare: Improvements Needed to Address Improper Payments for Medical Equipment and Supplies. [hyperlink, http://www.gao.gov/products/GAO-07-59]. Washington, D.C.: January 31, 2007. Medicare: More Effective Screening and Stronger Enrollment Standards Needed for Medical Equipment Suppliers. [hyperlink, http://www.gao.gov/products/GAO-05-656]. Washington, D.C.: September 22, 2005. [End of section] Footnotes: [1] GAO, High-Risk Series: An Update, [hyperlink, http://www.gao.gov/products/GAO-11-278] (Washington, D.C.: February 2011). [2] Pub. L. No. 111-204, 124 Stat. 2224 (July 22, 2010). This definition includes any payment to an ineligible recipient, any payment for an ineligible good or service, any duplicate payment, any payment for a good or service not received (except where authorized by law), and any payment that does not account for credit for applicable discounts. Office of Management and Budget (OMB) guidance also instructs agencies to report payments for which insufficient or no documentation was found as improper payments. [3] Pub. L. No. 107-300, 116 Stat. 2350 (Nov. 26, 2002). [4] For fiscal year 2010, OMB defined the term "significant improper payments" under IPIA as exceeding both 2.5 percent of program payments and $10 million. IPERA sets forth specific criteria to define the term "significant" for future fiscal years. [5] OMB, Circular No. A-123, app. C, Requirements for Effective Measurement and Remediation of Improper Payments (Apr. 14, 2011); OMB Memorandum M-10-13, Issuance of Part III to OMB Circular A-123, app. C (Mar. 22, 2010); and OMB, Circular No. A-136 Revised, Financial Reporting Requirements (Sept. 29, 2010). [6] Pub. L. No. 111-148, 124 Stat. 119 (Mar. 23, 2010). [7] Pub. L. No. 111-152, 124 Stat. 1029 (Mar. 30, 2010). [8] Estimated improper payment amounts are based in part on prior years' claim data, as allowed by OMB's guidance. [9] For fiscal year 2010, HHS reported an estimate of improper payments of $34.3 billion for Medicare fee-for-service and $13.6 billion for Medicare Advantage. [10] Reported error rates reflect the estimated improper payments as a percentage of total program outlays. [11] Fraud consists of intentional acts of deception with knowledge that the action or representation could result in an inappropriate gain. [12] Pub. L. No. 103-62, 107 Stat. 285 (Aug. 3, 1993). [13] Exec. Order 13520, 74 Fed. Reg. 62201 (Nov. 20, 2009). [14] GAO, Medicare and Medicaid Fraud, Waste, and Abuse: Effective Implementation of Recent Laws and Agency Actions Could Help Reduce Improper Payments, GAO-11-409T (Washington, D.C.: Mar. 9, 2011). [15] [hyperlink, http://www.gao.gov/products/GAO-11-409T]. [16] GAO, Fraud Detection Systems: Centers for Medicare and Medicaid Services Needs to Ensure More Widespread Use, [hyperlink, http://www.gao.gov/products/GAO-11-475] (Washington, D.C.: June 30, 2011) and Fraud Detection Systems: Additional Actions Needed to Support Program Integrity Efforts at Centers for Medicare and Medicaid Services, [hyperlink, http://www.gao.gov/products/GAO-11-822T] (Washington, D.C.: July 12, 2011). [17] [hyperlink, http://www.gao.gov/products/GAO-11-409T]. [18] GAO, Medicare: Improvements Needed to Address Improper Payments in Home Health, [hyperlink, http://www.gao.gov/products/GAO-09-185] (Washington, D.C.: Feb. 27, 2009). [19] GAO, Medicare: More Effective Screening and Stronger Enrollment Standards Needed for Medical Equipment Suppliers, [hyperlink, http://www.gao.gov/products/GAO-05-656] (Washington, D.C.: Sept. 22, 2005). [20] By the end of 2011, CMS plans to further enhance provider enrollment processes by contracting for automated enrollment screening- -to automate initial screening tasks now generally conducted manually- -and for a national site-visit contractor to conduct unannounced site visits for certain providers. [21] Pub. L. No. 108-173, � 302(b), 117 Stat. 2066, 2224 (Dec. 8, 2003), codified, as amended, at 42 U.S.C. � 1395w-3. [22] GAO, Medicare: Improvements Needed to Address Improper Payments for Medical Equipment and Suppliers, [hyperlink, http://www.gao.gov/products/GAO-07-59] (Washington, D.C.: Jan. 31, 2007). [23] Pub. L. No. 111-240, � 4241, 124 Stat. 2504, 2599 (Sept. 27, 2010). [24] The Medicare Prescription Drug, Improvement and Modernization Act of 2003 directed CMS to conduct a project to demonstrate how effective the use of RACs would be in identifying underpayments and overpayments, and in recouping overpayments in Medicare. Pub. L. No. 108-173, � 306, 117 Stat. 2066, 2256 (Dec. 8, 2003). Subsequently, in December 2006 the Tax Relief and Health Care Act of 2006 required CMS to implement a national RAC program by January 1, 2010. Pub. L. No. 109-342, div. B, title III, � 302, 120 Stat. 2924, 2991 (Dec. 20, 2006), codified at 42 U.S.C. � 1395ddd(h). [25] [hyperlink, http://www.gao.gov/products/GAO-11-475]. [26] The initiative to develop a centralized data warehouse began in 2003 as an element of the agency's Enterprise Data Modernization strategy, and CMS initially planned for the data warehouse project to be complete by September 30, 2008. In 2006, CMS expanded the scope of the project to not only modernize data-storage technology but also to integrate Medicare and Medicaid data into a centralized repository and changed the name to IDR, to reflect the expanded scope. [27] [hyperlink, http://www.gao.gov/products/GAO-11-475]. [28] [hyperlink, http://www.gao.gov/products/GAO-11-475]. [29] GAO, Standards for Internal Control in the Federal Government, [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.: November 1999). [30] GAO, Medicare Part D: Some Plan Sponsors Have Not Completely Implemented Fraud and Abuse Programs, and CMS Oversight Has Been Limited, [hyperlink, http://www.gao.gov/products/GAO-08-760] (Washington, D.C.: July 21, 2008). [31] GAO, Medicare Part D: CMS Oversight of Part D Sponsors' Fraud and Abuse Programs Has Been Limited, but CMS Plans Oversight Expansion, [hyperlink, http://www.gao.gov/products/GAO-10-481T] (Washington, D.C.: Mar. 3, 2010). [32] Policy and Technical Changes to the Medicare Advantage and the Medicare Prescription Drug Benefit Programs, 75 Fed. Reg. 19,678 (Apr. 15, 2010). [33] These are all aspects of internal control, which is the component of an organization's management that provides reasonable assurance that the organization achieves effective and efficient operations, reliable financial reporting, and compliance with applicable laws and regulations. Internal control standards provide a framework for identifying and addressing major performance challenges and areas at greatest risk for mismanagement. GAO, Internal Control Standards: Internal Control Management and Evaluation Tool, GAO-01-1008G (Washington, D.C.: August 2001). [34] GAO, Medicare Recovery Audit Contracting: Weaknesses Remain in Addressing Vulnerabilities to Improper Payments, Although Improvements Made to Contractor Oversight, [hyperlink, http://www.gao.gov/products/GAO-10-143] (Washington, D.C.: Mar. 31, 2010). [35] [hyperlink, http://www.gao.gov/products/GAO-10-143]. [36] Exec. Order 13520, 74 Fed. Reg. 62201 (Nov. 20, 2009). [37] The 14 high-error programs designated by OMB for fiscal year 2010 include: Medicare Fee-for-Service; Medicaid; Unemployment Insurance; Medicare Advantage; Supplemental Security Income; Retirement, Survivors, and Disability Insurance; Supplemental Nutrition Assistance Program; National School Lunch Program; Rental Housing Assistance Programs; Federal-Aid Highway Program, Highway Planning and Construction; Children's Health Insurance Program; Earned Income Tax Credit; High Cost Program of the Universal Service Fund; and Medicare Prescription Drug Benefit. The Children's Health Insurance Program, High Cost Program of the Universal Service Fund, and Medicare Prescription Drug Benefit programs did not report improper payment error rates and amounts for fiscal year 2010. [38] Pub. L. No. 108-173, � 306, 117 Stat. 2066, 2256-57. [39] Pub. L. No. 109-432, div B., title III, � 302, 120 Stat. 2922, 2991-92, codified at 42 U.S.C. � 1395 ddd(h). [40] Finding and Recapturing Improper Payments, 75 Fed. Reg. 12119 (Mar. 15, 2010). [41] Pub. L. No. 111-148, � 6402(i), 124 Stat. 119, 760 (Mar. 23, 2010). [42] Pub. L. No. 111-152, � 1303(a), 124 Stat. 1029, 1057 (Mar. 30, 2010). [43] Pub. L. No. 107-300, 116 Stat. 2350 (Nov. 26, 2002). [44] Pub. L. No. 111-204, 124 Stat. 2224 (July 22, 2010). [45] OMB, Circular No. A-123, app. C, Requirements for Effective Measurement and Remediation of Improper Payments (Apr. 14, 2011). [46] Pub. L. No. 111-240, � 4241, 124 Stat. 2504, 2599 (Sept. 27, 2010). [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Phone: The price of each GAO publication reflects GAO‘s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO‘s Web site, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Ralph Dawn, Managing Director, dawnr@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: