GAO-15-404SP: Health: 7. Medicare Postpayment Claims Reviews

Health > 7. Medicare Postpayment Claims Reviews

To prevent inappropriate duplicative postpayment claims reviews by contractors, the Centers for Medicare & Medicaid Services should monitor the Recovery Audit Data Warehouse—the database developed in part to prevent duplicative reviews—and develop more complete guidance on contractors’ responsibilities.

Why This Area Is Important

GAO has designated Medicare as a high-risk program because of its size, complexity, and susceptibility to mismanagement and improper payments.[1] In fiscal year 2014, the Centers for Medicare & Medicaid Services (CMS)—the agency within the Department of Health and Human Services (HHS) that administers the Medicare program—estimated it made improper payments of $46 billion in the Medicare fee-for-service (FFS) program.[2] One activity CMS conducts to reduce improper Medicare payments is the review of paid FFS claims and related documentation from providers. CMS uses several different types of contractors to conduct postpayment claims reviews:

  • Medicare Administrative Contractors (MAC), which process and pay claims, and conduct postpayment claims reviews to help ensure payment accuracy and ensure that providers with a history of billing errors comply with Medicare billing requirements;
     
  • Zone Program Integrity Contractors (ZPIC), which investigate potential fraud;
     
  • Recovery Auditors (RA), tasked with identifying on a postpayment basis improper payments in claims not previously reviewed by other contractors;and
     
  •  the Comprehensive Error Rate Testing (CERT) contractor, which reviews claims used to annually estimate the Medicare FFS improper payment rate.

These types of contractors were established under different laws and for varying purposes, creating the potential for the same paid claim to be reviewed more than once by different contractors, which GAO defined in its July 2014 report as a duplicative claims review.[3] CMS officials indicated and GAO agrees that duplicative claims reviews may be appropriate under some circumstances; however, other duplicative claims reviews are inappropriate, which GAO reportedcould create an unnecessary burden on providers and contractors.[4]

In part to prevent RAs from duplicating other contractors’ claims reviews, CMS developed the Recovery Audit Data Warehouse. MACs, ZPICs, the CERT contractor, and other entities can enter the claims they reviewed into the Recovery Audit Data Warehouse, and the database stores them as permanently excluded claims (or exclusions). In addition, ZPICs and law enforcement entities can upload claims into the Recovery Audit Data Warehouse that they may, though not necessarily will, select for postpayment review as part of a fraud investigation. The database stores these claims as suppressions, which makes them temporarily unavailable for RA review. RAs enter the claims they are considering for review into the Recovery Audit Data Warehouse, and the database then checks to see if any of those claims match excluded or suppressed claims and are, therefore, not available for the RAs to review.



[1]See GAO, High-Risk Series: An Update, GAO-15-290 (Washington, D.C.: February 2015). Improper Medicare payments include payments made for treatments or services that were not covered by program rules, that were not medically necessary, or that were not provided to beneficiaries in the way that they were billed to Medicare. An improper payment is any payment that should not have been made or that was made in an incorrect amount (including overpayments and underpayments) under statutory, contractual, administrative, or other legally applicable requirements. This definition includes any payment to an ineligible recipient, any payment for an ineligible good or service, any duplicate payment, any payment for a good or service not received (except where authorized by law), and any payment that does not account for credit for applicable discounts. Improper Payments Elimination and Recovery Act of 2010, Pub. L. No. 111-204, § 2(e), 124 Stat. 2224, 2227, (2010) codified at 31 U.S.C. § 332. Note: Office of Management and Budget guidance also instructs agencies to report as improper payments any payments for which insufficient or no documentation was found.

[2]To meet the requirements of the Improper Payments Information Act of 2002 as amended, CMS uses its Comprehensive Error Rate Testing program to estimate Medicare FFS improper payments. Medicare FFS, or original Medicare, consists of Medicare Parts A and B. Medicare Part A covers hospital and other inpatient stays. Medicare Part B is optional insurance and covers physician, outpatient hospital, home health care, certain other services, and the rental or purchase of durable medical equipment (DME), including wheelchairs, prosthetics, orthotics, and supplies.

[3]In 2012, the RAs performed 83 percent of the roughly 1.4 million postpayment claims reviews conducted that year. GAO did not include the Supplemental Medicare Review Contractor in its study. This contractor type, established by CMS in 2012, conducts large-volume medical reviews nationwide for specific Medicare-covered services.

[4]For example, it is appropriate for the CERT contractor to review a claim that has already been reviewed by another contractor because it must select a random sample of claims to estimate the Medicare improper payment rate.

What GAO Found

In July 2014, GAO determined that CMS does not have sufficient information to determine whether its contractors are conducting inappropriate duplicative claims reviews and that CMS has conducted insufficient data monitoring to prevent the RAs from conducting inappropriate duplicative reviews. CMS does not have reliable data to estimate the total number of duplicative claims reviews by all four types of contractors, in part because CMS did not design the Recovery Audit Data Warehouse to capture this information. For example, the Recovery Audit Data Warehouse does not show whether contractors other than RAs, such as a MAC and a ZPIC, duplicated each others’ claims reviews.

GAO also found that not all of the four types of contractors consistently enter data into the database. For example, GAO found that, in 2012, five of the six ZPICs had not entered any claims into the Recovery Audit Data Warehouse as exclusions, although these ZPICs had performed postpayment claims reviews. CMS officials told us they do not monitor contractors’ entry of exclusions and suppressions to ensure this information is accurate or complete and that if ZPICs did not exclude claims they reviewed, the claims would be available for an RA to review, which could lead to inappropriate duplication.[1] Representatives from one RA reported that, in 2011, it had to halt reviews on 2,000 claims because the ZPIC had not informed the RA of an ongoing investigation either by suppressing affected claims in the Recovery Audit Data Warehouse or through any other methods of coordination. Checking the accuracy of data is part of a strong internal control environment and provides an agency with assurance that the data needed for operations are reliable and complete.[2]  If the Recovery Audit Data Warehouse information on excluded claims is inaccurate, as GAO found is sometimes the case, the Recovery Audit Data Warehouse’s effectiveness in preventing the RAs from conducting inappropriate duplicative claims reviews is limited.

In addition, GAO determined in July 2014 that CMS has issued guidance for some but not all contractors about when duplicative reviews are permitted. CMS has issued guidance for RAs and the CERT contractor about whether they may conduct duplicative claims reviews.  For example, CMS’s manual for the CERT contractor states that it should select and review a random sample of claims regardless of whether they have been reviewed by other contractors, in order to establish the Medicare improper payment rate accurately.[3]  However, GAO found that CMS has not developed complete guidance for ZPICs and MACs about whether they are permitted to duplicate other contractors’ claims reviews. CMS’s Medicare Program Integrity Manual states that ZPICs should work with other contractors to avoid duplication of efforts, but does not address whether reviewing a claim that another contractor had reviewed would be considered a duplication of efforts. Representatives from a ZPIC and some CMS officials stated that ZPICs are allowed to conduct duplicative claims reviews, but some CMS officials stated that ZPICs may not duplicate reviews conducted by RAs or MACs.  CMS’s Medicare Program Integrity Manual also states only that MACs are not permitted to duplicate the ZPICs’ claims reviews and does not address whether MACs are permitted to duplicate RA claims reviews. Although a CMS official stated that MACs are not permitted to conduct duplicative reviews, representatives from two of the three MACs we spoke with believed that CMS permitted them to duplicate some contractors’ reviews. Written guidance stating explicitly which contractors may conduct duplicative claims reviews is important to prevent inappropriate duplication among the contractors. It is also consistent with federal internal control standards, which call for agencies to establish control activities that enforce management’s directives.[4]



[1]CMS conducts a quarterly review of a random sample of claims that RAs entered into the Recovery Audit Data Warehouse to ensure the information is timely and accurate.

[3]Also, CMS’s Medicare Program Integrity Manual states that RAs are prohibited from reviewing claims that have been reviewed by other contractors.

[4]See GAO/AIMD‑00‑21.3.1 and GAO‑01‑1008G, sections related to control activities.

Actions Needed

In order to improve the efficiency and effectiveness of Medicare postpayment claims review efforts and to prevent inappropriate duplicative claims reviews among Medicare contractors, in July 2014 GAO recommended that the Administrator of CMS take the following two actions:

  • monitor the Recovery Audit Data Warehouse to ensure that all postpayment review contractors are submitting required data and that the data the database contains are accurate and complete; and
     
  • develop complete guidance to define contractors’ responsibilities regarding duplicative claims reviews, including specifying whether and when MACs and ZPICs can duplicate other contractors’ reviews.

Because GAO found that CMS does not have sufficient information to determine whether its contractors are conducting inappropriate duplicative claims reviews, the extent of any inappropriate duplication and the potential costs due to any resulting unnecessary burden on providers and contractors could not be determined. However, taking these actions should help ensure that Medicare contractors conduct efficient and effective postpayment claims reviews and avoid inappropriate duplication.

How GAO Conducted Its Work

The information contained in this analysis is based on findings from GAO’s July 2014 report listed in the related GAO products section.  To conduct this work, GAO reviewed CMS documents to identify requirements for contractors to prevent inappropriate duplicative claims reviews. To assess whether the Recovery Audit Data Warehouse could be used to estimate the number of times in 2012 that a contractor reviewed a claim for which an RA had also initiated a review, GAO reviewed relevant documentation and data from the Recovery Audit Data Warehouse, and interviewed CMS officials. GAO also interviewed CMS officials about what types of duplicative claims reviews the agency considers appropriate and inappropriate, the reliability of the data the agency had on duplication, and the agency’s efforts to limit inappropriate duplicative claims reviews.  GAO interviewed representatives from all 4 RAs, the CERT contractor, and a nongeneralizable sample of 3 of the 16 MACs and 3 of the 6 ZPICs to learn about any steps the contractors take to prevent duplication. GAO selected 2 of the 12 MACs that process Part A and B claims and 1 of the 4 MACs that process claims for DME. GAO selected those MACs because they had been in operation for at least 6 months, performed postpayment claims reviews in 2012, and were geographically diverse. GAO selected ZPICs that had been in operation for at least 1 year and whose service areas included some of the same states served by the 3 MACs in the sample.

Agency Comments & GAO Contact

In commenting on the July 2014 report on which this analysis is based, HHS agreed with GAO’s findings and concurred with GAO’s recommendations that CMS monitor the Recovery Audit Data Warehouse and develop complete guidance to define contractors’ responsibilities regarding duplicative claims reviews.  HHS also described steps it plans to take to remedy the issues GAO identified. For example, HHS stated it would update its guidance for contractors and would explore ways for HHS and contractors to be alerted when data are not entered into the Recovery Audit Data Warehouse within a certain time frame. 

GAO provided a draft of this report section to HHS for review and comment, and HHS had no comments.

For additional information about this area, contact Kathleen M. King at (202) 512-7114 or kingk@gao.gov.