Fraud Detection Systems:

Centers for Medicare and Medicaid Services Needs to Ensure More Widespread Use

GAO-11-475: Published: Jun 30, 2011. Publicly Released: Jul 12, 2011.

Additional Materials:

Contact:

Valerie C. Melvin
(202) 512-6304
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

GAO has designated Medicare and Medicaid as high-risk programs, in part due to their susceptibility to improper payments--estimated to be about $70 billion in fiscal year 2010. Improper payments have many causes, such as submissions of duplicate claims or fraud, waste, and abuse. As the administrator of these programs, the Centers for Medicare and Medicaid Services (CMS) is responsible for safeguarding them from loss. To integrate claims information and improve its ability to detect fraud, waste, and abuse in these programs, CMS initiated two information technology system programs: the Integrated Data Repository (IDR) and One Program Integrity (One PI). GAO was asked to (1) assess the extent to which IDR and One PI have been developed and implemented and (2) determine CMS's progress toward achieving its goals and objectives for using these systems to help detect fraud, waste, and abuse. To do so, GAO reviewed system and program management plans and other documents and compared them to key practices. GAO also interviewed program officials, analyzed system data, and reviewed reported costs and benefits.

CMS has developed and begun using both IDR and One PI, but has not incorporated into IDR all data as planned and has not taken steps to ensure widespread use of One PI to enhance efforts to detect fraud, waste, and abuse. IDR is intended to be the central repository of Medicare and Medicaid data needed to help CMS program integrity staff and contractors prevent and detect improper payments of Medicare and Medicaid claims. Program integrity analysts use these data to identify patterns of unusual activities or transactions that may indicate fraudulent charges or other types of improper payments. IDR has been operational and in use since September 2006. However, it does not include all the data that were planned to be incorporated by fiscal year 2010. For example, IDR includes most types of Medicare claims data, but not the Medicaid data needed to help analysts detect improper payments of Medicaid claims. IDR also does not include data from other CMS systems that are needed to help analysts prevent improper payments, such as information about claims at the time they are filed and being processed. According to program officials, these data were not incorporated because of obstacles introduced by technical issues and delays in funding. Further, the agency has not finalized plans or developed reliable schedules for efforts to incorporate these data. Until it does so, CMS may face additional delays in making available all the data that are needed to support enhanced program integrity efforts. One PI is a Web-based portal that is to provide CMS staff and contractors with a single source of access to data contained in IDR, as well as tools for analyzing those data. While One PI has been developed and deployed to users, few program integrity analysts were trained and using the system. Specifically, One PI program officials planned for 639 program integrity analysts to be using the system by the end of fiscal year 2010; however, as of October 2010, only 41--less than 7 percent--were actively using the portal and tools. According to program officials, the agency's initial training plans were insufficient and, as a result, they were not able to train the intended community of users. Until program officials finalize plans and develop reliable schedules for training users and expanding the use of One PI, the agency may continue to experience delays in reaching widespread use and determining additional needs for full implementation of the system. While CMS has made progress toward its goals to provide a single repository of data and enhanced analytical capabilities for program integrity efforts, the agency is not yet positioned to identify, measure, and track benefits realized from its efforts. As a result, it is unknown whether IDR and One PI as currently implemented have provided financial benefits. According to IDR officials, they do not measure benefits realized from increases in the detection rate for improper payments because they rely on business owners to do so, and One PI officials stated that, because of the limited use of the system, there are not enough data to measure and gauge the program's success toward achieving the $21 billion in financial benefits that the agency projected. GAO is recommending that CMS take steps to finalize plans and reliable schedules for fully implementing and expanding the use of the systems and to define measurable benefits. In its comments, CMS concurred with GAO's recommendations.

Recommendations for Executive Action

  1. Status: Open

    Comments: CMS has made progress toward developing plans and schedules for incorporating data into IDR, but has not taken all actions GAO recommended in June 2011. For example, agency officials developed and updated an integrated master schedule for managing the IDR project that identifies resources and activities for adding Medicare Part A (insurance for hospital and other inpatient services), Medicare Part B (insurance for hospital outpatient, physician, and other services), and shared systems data to IDR. Additionally, CMS identified risks and obstacles that could impact plans for incorporating additional data into the repository. However, the schedule itself is not reliable. For example, it does not completely identify dependencies between activities, and it includes large amounts of float time between tasks (i.e., the amount of time that the completion of a task can be delayed before it affects another). Deficiencies such as these call into question the accuracy of projected completion dates and, consequently, CMS's ability to address risks and obstacles. Without a reliable schedule for implementing IDR, CMS risks continued delays in making available all of the data that are needed to support enhanced program integrity efforts and achieve financial benefits expected from the program.

    Recommendation: To help ensure that the development and implementation of IDR and One PI are successful in helping the agency meet the goals and objectives of its program integrity initiatives, the Administrator of CMS should finalize plans and develop schedules for incorporating additional data into IDR that identify all resources and activities needed to complete tasks and that consider risks and obstacles to the IDR program.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  2. Status: Open

    Comments: While CMS has incorporated shared systems Medicare Part A (insurance for hospital and other inpatient services), Part B (insurance for hospital outpatient, physician, and other services), and two states' Medicaid data into IDR, it has not implemented and managed plans for incorporating all states' Medicaid data, as GAO recommended in June 2011. As a result, the repository does not include all the data that were planned to be incorporated by the end of 2012, and efforts to add the remaining states' Medicaid data to the IDR continue to be behind schedule. Until the agency defines, implements, and manages plans for establishing and meeting milestones to incorporate these data, CMS may face additional delays in making available from IDR all of the data that are needed to support enhanced program integrity efforts. Consequently, the agency risks missing an opportunity to achieve financial benefits expected from the implementation of IDR.

    Recommendation: To help ensure that the development and implementation of IDR and One PI are successful in helping the agency meet the goals and objectives of its program integrity initiatives, the Administrator of CMS should implement and manage plans for incorporating data in IDR to meet schedule milestones.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  3. Status: Closed - Implemented

    Comments: CMS has established plans and schedules for training all intended One PI users, as GAO recommended in June 2011. For example, in 2013, CMS officials developed training plans and also required the training contractor to ensure that all requests for existing and new users are accommodated. Further, CMS officials stated that the program is able to adjust training plans and schedules, as needed, to meet demand throughout the life of the project. By taking these steps, the agency has reduced the risks of continued delays in achieving widespread use of the system and in collecting data needed to determine whether the use of the system is providing expected financial benefits.

    Recommendation: To help ensure that the development and implementation of IDR and One PI are successful in helping the agency meet the goals and objectives of its program integrity initiatives, the Administrator of CMS should establish plans and reliable schedules for training all program integrity analysts intended to use One PI.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  4. Status: Open

    Comments: CMS has not established deadlines for program integrity contractors to begin using One PI, as GAO recommended in June 2011. While agency officials implemented changes to contracts that document time frames for all program integrity contractors to be trained once a deadline is determined, CMS has not yet established such a deadline or notified contractors that they are to begin using One PI. Until the agency does so, program integrity contractors will not be required to use the system, and the use of One PI may remain limited to a much smaller group of users than the agency intended. As a result, CMS may fall short in its efforts to ensure the widespread use and measure the benefits of One PI for program integrity purposes.

    Recommendation: To help ensure that the development and implementation of IDR and One PI are successful in helping the agency meet the goals and objectives of its program integrity initiatives, the Administrator of CMS should establish and communicate deadlines for program integrity contractors to complete training and use One PI in their work.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  5. Status: Closed - Implemented

    Comments: CMS conducted training for new users throughout fiscal year 2013 according to plans and deadlines and established timeframes for training all users throughout the life of One PI, as GAO recommended in June 2011. As a result of its efforts to enhance its training plans, the agency has reduced risks of continued delays in reaching widespread use of the system and in obtaining the data needed to measure benefits realized from the use of One PI.

    Recommendation: To help ensure that the development and implementation of IDR and One PI are successful in helping the agency meet the goals and objectives of its program integrity initiatives, the Administrator of CMS should conduct training in accordance with plans and established deadlines to ensure schedules are met and program integrity contractors are trained and able to meet requirements for using One PI.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  6. Status: Open

    Comments: No executive action has yet been taken on this recommendation. CMS has not defined measurable financial benefits expected from the implementation of IDR and One PI, as GAO recommended in June 2011. Agency officials stated in October 2014 that, while CMS had continued to search for a methodology for defining measures of quantifiable outcomes resulting from analysts' use of One PI and IDR, they are not able to do so because the interactions between multiple programs, contractors, and the sources that prompt investigations prevent them from crediting results of program integrity activities to a single source. However, unless CMS measures financial benefits resulting from the use of IDR and One PI, the agency cannot gauge progress toward meeting program integrity goals. Additionally, CMS cannot have reasonable assurance that the use of the systems will contribute to improvements in CMS' ability to detect fraud, waste, and abuse in the Medicare and Medicaid programs, and to achieve the $21 billion in financial benefits program officials projected.

    Recommendation: To help ensure that the development and implementation of IDR and One PI are successful in helping the agency meet the goals and objectives of its program integrity initiatives, the Administrator of CMS should define any measurable financial benefits expected from the implementation of IDR and One PI.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  7. Status: Open

    Comments: CMS has taken initial steps but has not completed the work required to establish outcome-based performance measures, as GAO recommended in June 2011. For example, according to program officials, representatives from stakeholder organizations, such as a program integrity data user group, meet monthly to determine whether the users are satisfied with the implementation of One PI. Additionally, CMS has developed measures related to system performance, such as system availability and utilization. However, it has not yet established measures useful for gauging the extent to which the use of One PI and IDR help the agency meet overall program integrity goals. Until the agency identifies outcome-based performance measures, it cannot have reasonable assurance that the use of these systems contributes to improvements in CMS's ability to detect fraud, waste, and abuse in the Medicare and Medicaid programs, and to the recovery of billions of dollars lost to improper payments of claims.

    Recommendation: To help ensure that the development and implementation of IDR and One PI are successful in helping the agency meet the goals and objectives of its program integrity initiatives, the Administrator of CMS, with stakeholder input, should establish measurable, outcome-based performance measures for IDR and One PI that gauge progress toward meeting program goals.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

 

Explore the full database of GAO's Open Recommendations »

Jul 30, 2015

Jul 28, 2015

Jul 27, 2015

Jul 23, 2015

Jul 22, 2015

Jul 21, 2015

Jul 20, 2015

Jul 16, 2015

Looking for more? Browse all our products here