Fraud Detection Systems:

Centers for Medicare and Medicaid Services Needs to Ensure More Widespread Use

GAO-11-475: Published: Jun 30, 2011. Publicly Released: Jul 12, 2011.

Additional Materials:

Contact:

Valerie C. Melvin
(202) 512-6304
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

GAO has designated Medicare and Medicaid as high-risk programs, in part due to their susceptibility to improper payments--estimated to be about $70 billion in fiscal year 2010. Improper payments have many causes, such as submissions of duplicate claims or fraud, waste, and abuse. As the administrator of these programs, the Centers for Medicare and Medicaid Services (CMS) is responsible for safeguarding them from loss. To integrate claims information and improve its ability to detect fraud, waste, and abuse in these programs, CMS initiated two information technology system programs: the Integrated Data Repository (IDR) and One Program Integrity (One PI). GAO was asked to (1) assess the extent to which IDR and One PI have been developed and implemented and (2) determine CMS's progress toward achieving its goals and objectives for using these systems to help detect fraud, waste, and abuse. To do so, GAO reviewed system and program management plans and other documents and compared them to key practices. GAO also interviewed program officials, analyzed system data, and reviewed reported costs and benefits.

CMS has developed and begun using both IDR and One PI, but has not incorporated into IDR all data as planned and has not taken steps to ensure widespread use of One PI to enhance efforts to detect fraud, waste, and abuse. IDR is intended to be the central repository of Medicare and Medicaid data needed to help CMS program integrity staff and contractors prevent and detect improper payments of Medicare and Medicaid claims. Program integrity analysts use these data to identify patterns of unusual activities or transactions that may indicate fraudulent charges or other types of improper payments. IDR has been operational and in use since September 2006. However, it does not include all the data that were planned to be incorporated by fiscal year 2010. For example, IDR includes most types of Medicare claims data, but not the Medicaid data needed to help analysts detect improper payments of Medicaid claims. IDR also does not include data from other CMS systems that are needed to help analysts prevent improper payments, such as information about claims at the time they are filed and being processed. According to program officials, these data were not incorporated because of obstacles introduced by technical issues and delays in funding. Further, the agency has not finalized plans or developed reliable schedules for efforts to incorporate these data. Until it does so, CMS may face additional delays in making available all the data that are needed to support enhanced program integrity efforts. One PI is a Web-based portal that is to provide CMS staff and contractors with a single source of access to data contained in IDR, as well as tools for analyzing those data. While One PI has been developed and deployed to users, few program integrity analysts were trained and using the system. Specifically, One PI program officials planned for 639 program integrity analysts to be using the system by the end of fiscal year 2010; however, as of October 2010, only 41--less than 7 percent--were actively using the portal and tools. According to program officials, the agency's initial training plans were insufficient and, as a result, they were not able to train the intended community of users. Until program officials finalize plans and develop reliable schedules for training users and expanding the use of One PI, the agency may continue to experience delays in reaching widespread use and determining additional needs for full implementation of the system. While CMS has made progress toward its goals to provide a single repository of data and enhanced analytical capabilities for program integrity efforts, the agency is not yet positioned to identify, measure, and track benefits realized from its efforts. As a result, it is unknown whether IDR and One PI as currently implemented have provided financial benefits. According to IDR officials, they do not measure benefits realized from increases in the detection rate for improper payments because they rely on business owners to do so, and One PI officials stated that, because of the limited use of the system, there are not enough data to measure and gauge the program's success toward achieving the $21 billion in financial benefits that the agency projected. GAO is recommending that CMS take steps to finalize plans and reliable schedules for fully implementing and expanding the use of the systems and to define measurable benefits. In its comments, CMS concurred with GAO's recommendations.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: Although CMS has not identified all elements needed to completely ensure the reliability of its schedule for developing and implementing IDR, agency officials have developed and updated a schedule for incorporating additional data into IDR that identifies certain key elements, as we recommended. Specifically, the schedule identifies resources and activities for adding Medicare Part A (insurance for hospital and other inpatient services), Medicare Part B (insurance for hospital outpatient, physician, and other services), and shared systems data to IDR. Additionally, CMS identified risks and obstacles that could impact plans for incorporating additional data into the repository. As a result of its actions, the agency is better positioned to ensure that the development and implementation of IDR are completed and successful in helping the agency meet the goals and objectives of its program integrity initiatives.

    Recommendation: To help ensure that the development and implementation of IDR and One PI are successful in helping the agency meet the goals and objectives of its program integrity initiatives, the Administrator of CMS should finalize plans and develop schedules for incorporating additional data into IDR that identify all resources and activities needed to complete tasks and that consider risks and obstacles to the IDR program.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  2. Status: Open

    Comments: While CMS has incorporated shared systems Medicare Part A (insurance for hospital and other inpatient services), Part B (insurance for hospital outpatient, physician, and other services), and three states' Medicaid data into IDR, it has not yet implemented and managed plans for incorporating all states' Medicaid data, as GAO recommended in June 2011. As a result, the repository does not yet include all the data that were planned to be incorporated by the end of 2012, and efforts to add the remaining states' Medicaid data to IDR continue to be behind schedule. As of September 2015, agency officials are working to develop plans to integrate all states' data into IDR as part of ongoing program integrity initiatives.

    Recommendation: To help ensure that the development and implementation of IDR and One PI are successful in helping the agency meet the goals and objectives of its program integrity initiatives, the Administrator of CMS should implement and manage plans for incorporating data in IDR to meet schedule milestones.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  3. Status: Closed - Implemented

    Comments: CMS has established plans and schedules for training all intended One PI users, as GAO recommended in June 2011. For example, in 2013, CMS officials developed training plans and also required the training contractor to ensure that all requests for existing and new users are accommodated. Further, CMS officials stated that the program is able to adjust training plans and schedules, as needed, to meet demand throughout the life of the project. By taking these steps, the agency has reduced the risks of continued delays in achieving widespread use of the system and in collecting data needed to determine whether the use of the system is providing expected financial benefits.

    Recommendation: To help ensure that the development and implementation of IDR and One PI are successful in helping the agency meet the goals and objectives of its program integrity initiatives, the Administrator of CMS should establish plans and reliable schedules for training all program integrity analysts intended to use One PI.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  4. Status: Open

    Comments: CMS has not yet established a deadline for program integrity contractors to begin using One PI, as GAO recommended, although agency officials have taken actions that indicate it intends to do so. Specifically, agency officials have made changes to contracts to document time frames for all program integrity contractors to be trained once CMS establishes the deadline for using the system, and have stated in a One PI transition document their plans to establish time frames for the contractors to begin using One PI. However, until CMS establishes and communicates a deadline, program integrity contractors will not be required to use the system. Thus, its use may remain limited to a much smaller group of users than the agency intended and CMS may fall short in realizing the benefits of One PI for program integrity purposes.

    Recommendation: To help ensure that the development and implementation of IDR and One PI are successful in helping the agency meet the goals and objectives of its program integrity initiatives, the Administrator of CMS should establish and communicate deadlines for program integrity contractors to complete training and use One PI in their work.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  5. Status: Closed - Implemented

    Comments: CMS conducted training for new users throughout fiscal year 2013 according to plans and deadlines and established timeframes for training all users throughout the life of One PI, as GAO recommended in June 2011. As a result of its efforts to enhance its training plans, the agency has reduced risks of continued delays in reaching widespread use of the system and in obtaining the data needed to measure benefits realized from the use of One PI.

    Recommendation: To help ensure that the development and implementation of IDR and One PI are successful in helping the agency meet the goals and objectives of its program integrity initiatives, the Administrator of CMS should conduct training in accordance with plans and established deadlines to ensure schedules are met and program integrity contractors are trained and able to meet requirements for using One PI.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  6. Status: Open

    Comments: CMS has not yet defined measurable financial benefits expected from the implementation of IDR and One PI, as GAO recommended in June 2011. However, agency officials stated in July 2015 that they were taking steps to define measures of quantifiable outcomes resulting from analysts' use of One PI and IDR by applying a methodology they are currently using with another program integrity system (the Fraud Prevention System). Once CMS does so, the agency should be better positioned to gauge progress toward meeting program integrity goals.

    Recommendation: To help ensure that the development and implementation of IDR and One PI are successful in helping the agency meet the goals and objectives of its program integrity initiatives, the Administrator of CMS should define any measurable financial benefits expected from the implementation of IDR and One PI.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  7. Status: Open

    Comments: CMS has taken initial steps, but has not yet completed the work required, to establish outcome-based performance measures, as GAO recommended. For example, according to program officials, representatives from stakeholder organizations, such as a program integrity data user group, meet monthly to determine whether the users are satisfied with the implementation of One PI. Additionally, CMS has developed measures related to system performance, such as system availability and utilization. However, CMS has not yet established measures for gauging the extent to which the use of One PI and IDR is helping the agency meet overall program integrity goals. Agency officials have continued to meet with stakeholders and, as of September 2015, are working to finalize an approach for defining such measures. Until the agency identifies outcome-based performance measures, it will lack an essential means for ensuring that the use of these systems contributes to improvements in CMS's ability to detect fraud, waste, and abuse in the Medicare and Medicaid programs, and to the recovery of billions of dollars lost to improper payments of claims.

    Recommendation: To help ensure that the development and implementation of IDR and One PI are successful in helping the agency meet the goals and objectives of its program integrity initiatives, the Administrator of CMS, with stakeholder input, should establish measurable, outcome-based performance measures for IDR and One PI that gauge progress toward meeting program goals.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

 

Explore the full database of GAO's Open Recommendations »

Apr 28, 2016

Apr 19, 2016

Apr 18, 2016

Apr 14, 2016

Apr 13, 2016

Mar 17, 2016

Mar 10, 2016

Looking for more? Browse all our products here