Medicare Program Integrity:

Increased Oversight and Guidance Could Improve Effectiveness and Efficiency of Postpayment Claims Reviews

GAO-14-474: Published: Jul 18, 2014. Publicly Released: Aug 13, 2014.

Additional Materials:

Contact:

Kathleen M. King
(202) 512-7114
kingk@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

The Centers for Medicare & Medicaid Services (CMS) within the Department of Health and Human Services (HHS) has taken steps to prevent its contractors from conducting certain duplicative postpayment claims reviews—reviews of the same claims that are not permitted by the agency—but CMS neither has reliable data nor provides sufficient oversight and guidance to measure and fully prevent duplication. The four types of contractors GAO reviewed that examine providers' documentation to determine whether Medicare's payment was proper included

Medicare Administrative Contractors (MAC), which process and pay claims;

Zone Program Integrity Contractors (ZPIC), which investigate potential fraud;

Recovery Auditors (RA), tasked with identifying on a postpayment basis improper payments not previously reviewed by other contractors; and

the Comprehensive Error Rate Testing (CERT) contractor, which reviews claims used to annually estimate Medicare's improper payment rate.

CMS implemented a database to track RA activities, designed in part to prevent RAs, which conducted most of the postpayment reviews, from duplicating other contractors' reviews. However, the database was not designed to provide information on all possible duplication, and its data are not reliable because other postpayment contractors did not consistently enter information about their reviews. CMS has not provided sufficient oversight of these data or issued complete guidance to contractors on avoiding duplicative claims reviews.

CMS requires its contractors to include certain content in postpayment review correspondence with providers, but some requirements vary across contractor types and are not always clear, and contractors vary in their compliance with their requirements. These factors can lead to providers receiving less information about the reviews and thus decrease effective communication with them. In addition, the extent of CMS's oversight of correspondence varies across contractors, which decreases assurance that contractors comply consistently with requirements. In the correspondence reviewed, GAO found high compliance rates for some requirements, such as citing the issues leading to an overpayment, but low compliance rates for requirements about communicating providers' rights, which could affect providers' ability to exercise their rights.

CMS has strategies to coordinate internally among relevant offices regarding requirements for contractors' claims review activities. The agency also has strategies to facilitate coordination among contractors, such as requiring joint operating agreements between contractors operating in the same geographic area. However, these strategies have not led to consistent requirements across contractor types or full coordination between ZPICs and RAs. GAO previously recommended that CMS increase the consistency of its requirements, where appropriate, and the HHS Office of Inspector General has recommended steps to improve coordination between ZPICs and RAs.

Why GAO Did This Study

Several types of Medicare contractors conduct postpayment claims reviews to help reduce improper payments. Questions have been raised about their effectiveness and efficiency, and the burden on providers. GAO was asked to assess aspects of the claims review process.

Building on GAO's July 2013 report on postpayment claims review requirements, this report examines, among other things, the extent to which CMS has (1) data to assess whether contractors conduct duplicative postpayment claims reviews, (2) requirements for contractor correspondence with providers to help ensure effective communication, and (3) strategies for coordination of claims review activities. GAO reviewed CMS's requirements for claims reviews; interviewed CMS officials, selected contractors, and provider associations; analyzed CMS data; assessed a nongeneralizable sample of 114 pieces of contractor correspondence for compliance with requirements; and assessed CMS's requirements and oversight against federal internal control standards and other guidance.

What GAO Recommends

GAO recommends that CMS take actions to improve the efficiency and effectiveness of contractors' postpayment review efforts, which include providing additional oversight and guidance regarding data, duplicative reviews, and contractor correspondence. In its comments, the Department of Health and Human Services concurred with the recommendations and noted plans to improve CMS oversight and guidance.

For more information, contact Kathleen M. King at (202) 512-7114 or kingk@gao.gov.

Recommendations for Executive Action

  1. Status: Open

    Comments: As of July 2016, HHS officials reported that they have not implemented this recommendation, and GAO considers it to be open. However, the agency has taken some steps to address this recommendation. In May 2015, CMS issued guidance requiring a 60-day delay in Recovery Auditors beginning their claims reviews. This delay was intended to allow time for Medicare Administrative Contractors to enter their claims review information into the Recovery Audit Data Warehouse, so that claims they review would not be re-reviewed by a Recovery Auditor. CMS also created contractor-specific reports so it could monitor when and how many claims a contractor has entered into the Recovery Audit Data Warehouse. In July 2015, HHS reported that CMS was revising its Medicare Program Integrity Manual to provide direction to all contractors that enter claims information into the Recovery Audit Data Warehouse. In February 2016, HHS reported that CMS was continuing to add validation requirements to the data that contractors enter into the Recovery Audit Data Warehouse, and planned to implement database changes to prevent duplicative claims reviews. CMS was also exploring increasing the frequency with which contractors enter claims review information into the Recovery Audit Data Warehouse. We will continue to update the status of this recommendation when we receive additional information.

    Recommendation: In order to improve the efficiency and effectiveness of Medicare postpayment claims review efforts and simplify compliance for providers, the Administrator of CMS should monitor the Recovery Audit Data Warehouse to ensure that all postpayment review contractors are submitting required data and that the data the database contains are accurate and complete.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  2. Status: Closed - Implemented

    Comments: In September 2016, CMS updated its Medicare Program Integrity Manual to provide complete guidance regarding whether contractors, specifically Medicare Administrative Contractors (MAC) and Zone Program Integrity Contractors (ZPIC), may conduct duplicative reviews. According to CMS's updated guidance, as of November 4, 2016, MACs are not permitted to review any claim previously reviewed by another contractor. ZPICs are permitted to review a claim previously reviewed by another contractor in order to support their case development or other administrative action.

    Recommendation: In order to improve the efficiency and effectiveness of Medicare postpayment claims review efforts and simplify compliance for providers, the Administrator of CMS should develop complete guidance to define contractors' responsibilities regarding duplicative claims reviews, including specifying whether and when MACs and ZPICs can duplicate other contractors' reviews.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  3. Status: Open

    Comments: As of July 2016, HHS officials reported that they have not implemented this recommendation, and GAO considers it to be open. In July 2015, HHS reported that CMS was conducting an analysis that would be considered in developing a plan to assess Medicare Administrative Contractor (MAC), Zone Program Integrity Contractor, Recover Auditor, and Comprehensive Error Rate Testing contractor compliance with CMS requirements for the two types of correspondence we reviewed: additional documentation requests (ADR) and results letters. In addition, CMS was also reviewing documentation of CMS's quarterly performance reviews of Recovery Auditors, which include a review of their postpayment claims review correspondence and updated information about their use of inter-rater reliability assessments. CMS was also planning to revise its Program Integrity Manual and elements of the MAC Quality Assurance Surveillance Plan to include reviews of ADRs and results letters. We will continue to update the status of this recommendation when we receive additional information.

    Recommendation: In order to improve the efficiency and effectiveness of Medicare postpayment claims review efforts and simplify compliance for providers, the Administrator of CMS should assess regularly whether contractors are complying with CMS requirements for the content of correspondence sent to providers regarding claims reviews.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  4. Status: Open

    Comments: In July 2016, HHS reported that they have not implemented this recommendation, and GAO considers it to be open. In July 2015, HHS reported to GAO that CMS was examining Additional Documentation Requests (ADR) and review results letters for consistency and assessing the feasibility of standardizing requirements, where appropriate. In November 2014, CMS revised its Program Integrity Manual to change the requirements for the content of Medicare Administrative Contractor (MAC), Recovery Auditor, and Comprehensive Error Rate Testing contractor postpayment ADRs. These new requirements - made in consultation with the contractors - were intended to increase uniformity among contractors' ADRs and improve clarity so that providers will better recognize and understand the purpose of the ADRs and the resulting action items. The revised Manual requires all three types of contractors to include certain information in their ADRs, and includes sample ADR templates that show the elements and format that contractors must follow when developing their ADRs. Contractors must use the new "unified postpayment ADR letter format," though they have the discretion to insert information specific to the subject of the letter. CMS's revisions to the Program Integrity Manual did not change the requirements for Zone Program Integrity Contractors' (ZPIC) ADRs, and HHS did not indicate whether CMS is considering requiring ZPICs' ADRs to align with other contractors' ADRs. HHS reported that, in addition to the changes for ADRs, CMS was working on revisions to requirements for contractors' results letters. HHS did not provide estimated dates for when these steps would be completed, and as of August 2016, CMS had not revised the Program Integrity Manual to increase uniformity among contractors' results letters. We will continue to update the status of this recommendation when we receive additional information.

    Recommendation: In order to improve the efficiency and effectiveness of Medicare postpayment claims review efforts and simplify compliance for providers, the Administrator of CMS should clarify the current requirements for the content of contractors' additional documentation requests and results letters and standardize the requirements and contents as much as possible to ensure greater consistency among postpayment claims review contractors' correspondence.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

 

Explore the full database of GAO's Open Recommendations »

Sep 28, 2016

Sep 15, 2016

Sep 14, 2016

Sep 12, 2016

Sep 9, 2016

Sep 6, 2016

Aug 31, 2016

Looking for more? Browse all our products here