This is the accessible text file for GAO report number GAO-10-864T 
entitled 'Medicare Recovery Audit Contracting: Lessons Learned to 
Address Improper Payments and Improve Contractor Coordination and 
Oversight' which was released on July 15, 2010. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 


Before the Subcommittee on Federal Financial Management, Government 
Information, Federal Services, and International Security, Homeland 
Security and Governmental Affairs Committee, U.S. Senate: 

United States Government Accountability Office: 

For Release on Delivery: 
Expected at 10:00 a.m. EDT:
Thursday, July 15, 2010: 

Medicare Recovery Audit Contracting: 

Lessons Learned to Address Improper Payments and Improve Contractor 
Coordination and Oversight: 

Statement of Kathleen M. King, Director: 
Health Care: 

Statement of Kay L. Daly, Director:
Financial Management and Assurance: 


[End of section] 

Mr. Chairman and Members of the Subcommittee: 

We are pleased to be here today to discuss preventing and addressing 
government payment errors in the Medicare program.[Footnote 1] 
Medicare, which provides health insurance for those aged 65 and older 
and certain disabled persons, is susceptible to improper payments due 
to its size and complexity.[Footnote 2] Because the Medicare program 
has paid billions of dollars in error each year,[Footnote 3] the 
Centers for Medicare & Medicaid Services (CMS)--the agency that 
administers Medicare--conducts a number of activities to reduce 
improper payments. CMS administers the Medicare program with the help 
of Medicare claims administration contractors,[Footnote 4] which are 
not only responsible for processing and paying approximately 4.5 
million claims per day, but for also conducting pre-payment reviews of 
claims to prevent improper payments before claims are paid, as well as 
post-payment reviews of claims potentially paid in error. To 
supplement these and other program integrity efforts, the Medicare 
Prescription Drug, Improvement, and Modernization Act of 2003 directed 
CMS to conduct a 3-year demonstration project on the use of a new type 
of contractors---recovery audit contractors[Footnote 5] (RAC)---in 
identifying underpayments and overpayments, and recouping overpayments 
in the Medicare program.[Footnote 6] The RAC demonstration program 
began in 2005. Subsequently, the Tax Relief and Health Care Act of 
2006 required CMS to implement a national recovery audit contractor 
program by January 1, 2010.[Footnote 7] 

Since the conclusion of the demonstration project, CMS and we have 
reported on improvements needed for the RAC national program. For 
example, in a June 2008 report evaluating the demonstration project, 
CMS reported its intent to make a number of changes to the RAC 
national program to better address RAC-identified vulnerabilities, 
[Footnote 8] respond to provider concerns, and streamline operations. 
[Footnote 9] In March 2010, we reported on weaknesses in the agency's 
actions to address improper payments and CMS concurred with our 
recommendations.[Footnote 10] The findings in both reports are 
important in light of the administration's recent commitment to 
reducing payment errors in federal programs.[Footnote 11] In addition, 
the Patient Protection and Affordable Care Act mandates the use of 
RACs to identify overpayments and underpayments and to recoup 
overpayments made in Medicare Parts C and D and the Medicaid program. 
[Footnote 12] Not only can CMS's experience with RAC contractors 
benefit its other programs, but lessons learned from the RAC program 
may also assist other agencies' payment recapture audits, increase the 
funds recovered, and help prevent such improper payments from being 
made in the future. 

Our testimony today is based on our March 2010 report[Footnote 13] and 
will focus on the lessons that can be learned from the RAC 
demonstration about (1) developing an adequate process and taking 
corrective action to address RAC-identified vulnerabilities leading to 
improper payments, (2) resolving coordination issues between the RACs 
and the Medicare claims administration contractors, and (3) 
establishing methods to oversee RAC claim review accuracy and provider 
service during the national program. 

For our March 2010 report, we reviewed CMS documents and interviewed 
officials from CMS, as well as contractors and provider groups 
affected by the demonstration project. We conducted our work for this 
performance audit from March 2009 through March 2010. Our work was 
performed in accordance with generally accepted government auditing 
standards. Those standards require that we plan and perform the audit 
to obtain sufficient, appropriate evidence to provide a reasonable 
basis for our findings and conclusions based on our audit objectives. 
We believe that the evidence obtained provides a reasonable basis for 
our findings and conclusions based on our audit objectives. 


The RAC demonstration project was designed to supplement existing 
claims review processes and required the RACs to review claims 
previously paid by existing Medicare claims administration 
contractors. RACs were charged with identifying payment errors, such 
as whether a provider billed the correct number of units for a 
particular drug or service. Once a RAC identified a payment error, it 
informed the provider of the error and its amount. The Medicare claims 
administration contractor then adjusted the claim to the proper 
amount[Footnote 14] and collected the overpayment from, or reimbursed 
the underpayment to, the provider. CMS paid RACs contingency fees on 
overpayments collected and underpayments refunded.[Footnote 15] CMS 
and its Medicare claims administration contractors were responsible 
for taking corrective actions[Footnote 16] for vulnerabilities 
identified by the RACs, including identifying the causes of each type 
of vulnerability and addressing them, in order to reduce future 
improper payments. 

In a 2006 status report, CMS noted that the demonstration RACs 
identified $303.5 million in improper payments. However, this amount 
did not include the final results of any provider appeals filed 
afterwards or pending at that time.[Footnote 17] CMS concluded that 
"preliminary results indicate that the use of recovery auditors is a 
viable and useful tool for ensuring accurate payments" and that RACs 
would be a "value-added adjunct" to the agency's programs. Throughout 
the RAC demonstration, CMS stated its intention to use information on 
the vulnerabilities found by the RACs to help prevent future improper 
payments. In addition, the agency wanted to address concerns expressed 
by providers prior to the implementation of a national program, such 
as holding the RACs accountable for the accuracy of their decisions. 

Lessons Learned Highlight the Need to Develop Processes to Take 
Corrective Actions and to Improve Coordination and Oversight: 

Our March 2010 report pointed to three areas for lessons to be learned 
from the RAC demonstration that could be applicable as CMS expands 
recovery audits to Medicare Parts C and D and Medicaid and to other 
agencies' payment recapture efforts. Establishing an effective 
recovery audit program involves developing processes to take 
corrective action on underlying vulnerabilities that lead to improper 
payments; coordinating the activities of various parties that have 
responsibilities related to the payment process; and assuring recovery 
audit contractor accuracy and service through oversight. Specifically, 
agencies should: 

* Establish an adequate process to address RAC-identified 
vulnerabilities leading to improper payments. During the 
demonstration, we found that CMS did not develop a process to take 
corrective actions or implement sufficient monitoring, oversight, and 
control activities to ensure the "most significant" RAC-identified 
vulnerabilities were addressed.[Footnote 18] In addition, providers 
informed us that CMS did not take corrective actions on RAC-identified 
vulnerabilities such as conducting provider education or implementing 
computer system edits to help prevent future improper payments. We 
found that CMS and the Medicare claims administration contractors did 
not implement corrective actions for 35 of 58 (60 percent) of the most 
significant vulnerabilities that led to improper payments during the 
demonstration as shown in figure 1. We also found that the unaddressed 
corrective actions represented $231 million.[Footnote 19] 

Figure 1: Status of Corrective Actions for 58 Vulnerabilities with 
Improper Payments of Greater Than $1 Million, as of the End of the 
Recovery Audit Contractor Demonstration Project--March 2008: 

[Refer to PDF for image: pie-chart] 

Status of vulnerabilities: 

No corrective actions taken: 60% (35): 
- Unable to develop corrective actions[A]: 12% (7); 
- Corrective actions not taken: 48% (28). 

Corrective actions taken: 40% (23): 
- Edits implemented: 12% (7); 
- Education provided 10% (6); 
- Clarification of guidance/issuance of new regulations: 17% (10). 

Source: GAO analysis of CMS data. 

[A] According to CMS officials the agency was unable to develop 
corrective actions because it either lacked adequate information on 
the specific services involved or decided it was not cost effective to 
do so. 

Note: Potential corrective actions include implementing computer edits 
that deny improper claims or flag claims for further review, educating 
providers about Medicare rules and proper billing procedures and 
issuing clarification of guidance or a new regulation. 

Percentages in figure may not add to 100 due to rounding. 

[End of figure] 

For the four RAC contractors implementing the national program, CMS 
developed a process to compile identified vulnerabilities and 
recommend actions to prevent improper payments. However, we found that 
this new corrective action process lacked essential procedures, such 
as evaluating the effectiveness of corrective actions taken, and staff 
with the authority to ensure that these vulnerabilities are resolved 
promptly and adequately to prevent further improper payments. Our 
report recommended that the Administrator of CMS develop and implement 
a process that includes policies and procedures to ensure that the 
agency promptly evaluates findings of RAC audits, decides on the 
appropriate response and a time frame for taking action based on 
established criteria, and acts to correct the vulnerabilities 
identified. As part of this process, we recommended that the 
Administrator of CMS designate key personnel with appropriate 
authority to be responsible for ensuring that corrective actions are 
implemented and that the actions taken are effective. In commenting on 
a draft of the report, CMS concurred with our recommendations and 
stated that the Administrator of CMS is the official responsible for 
assuring that vulnerabilities that cut across all agency components 
are addressed. 

* Take steps to address coordination issues between contractors. The 
agency continued activities that worked well during the demonstration 
project, initiated a number of new actions, and is taking steps to 
address coordination challenges. According to CMS, once the RACs 
identify errors, Medicare claims administration contractors are 
responsible for re-processing the claims to repay underpayments or 
recoup overpayments, conducting the first level review for RAC-related 
appeals, and informing and training providers about lessons learned 
through the RAC reviews. During the demonstration project, providers 
noted that RAC determinations resulted in thousands of provider 
appeals to Medicare claims administration contractors. These appeals 
and re-processing of claims produced additional workload for the 
Medicare claims administration contractors, who are also responsible 
for adjudicating the first level of appeals. The appeals and 
adjustments workload led to coordination challenges for the Medicare 
claims administration contractors and RACs. As a result, CMS learned 
that regular communication between the RACs and the Medicare claims 
administration contractors regarding RAC-identified payment 
vulnerabilities was important due to their interdependence. In 
addition, CMS created a data warehouse for the demonstration that 
contained information on which claims were unavailable for RAC review 
to prevent the RACs from auditing claims previously reviewed by a 
claims administration contractor or other contractor investigating 
potential Medicare fraud. For the national program, CMS modified the 
data warehouse to include more capacity and utility. The agency also 
automated the manual claims adjustment process used by the Medicare 
claims administration contractors to recoup improper payments in order 
to reduce their administrative burden. Further, the volume of provider 
appeals made it difficult to manage all of the paper medical records 
that needed to be exchanged between the RACs and claims administration 
contractors in order to assess the RAC determinations. Provider 
association and hospital representatives noted the RACs sometimes 
requested duplicate medical records to evaluate the medical necessity 
or appropriateness claims as part of their reviews, thus increasing 
providers' administrative burden. As a result, CMS developed an 
electronic documentation sharing system to improve storage and 
transfer of medical records. 

* Oversee the accuracy of RACs' claims reviews and the quality of 
their service to providers. During the demonstration project, 
providers stated that the contingency fee payment structure CMS 
employed created an incentive for RACs to be aggressive in determining 
that paid claims were improper. RACs were paid contingency fees during 
the demonstration even if their findings were later overturned on 
appeal. For the national program, CMS changed its payment of 
contingency fees so that RACs will have to refund contingency fees 
received on a determination overturned at any level of the appeal 
process. CMS also established performance metrics that the agency will 
use to monitor RAC accuracy and service to providers. In addition, CMS 
added processes to review the accuracy of RAC determinations including 
independent reviews by a validation contractor. Prior to pursuing a 
wide-scale review of any vulnerability in the national program, the 
RAC must submit information and a small sample of reviewed claims and 
related findings to CMS to check for accuracy and to ensure the RAC's 
compliance with the rule, policy, or regulation against which the 
claims will be evaluated. CMS has also established a process for 
ongoing oversight of RAC accuracy through a regular independent 
assessment of a sample of RAC-reviewed claims and determinations by 
the validation contractor. This will lead to an annual accuracy score 
for each RAC, scores which CMS intends to publish. Further, CMS 
established requirements to address provider concerns about service. 
Specifically, CMS required RACs to establish Web sites that will allow 
providers to track the status of a claim being reviewed and include 
information on each vulnerability being audited by that RAC. However, 
because the agency does not have a standard system to track appeals 
through the entire five levels of the appeals process, CMS does not 
require RACs to provide information on the status of claims' appeals 
on their Web sites. 

In conclusion, the ultimate success of the government-wide effort to 
reduce improper payments hinges on each federal agency's diligence and 
commitment to identify, estimate, determine the causes of, take 
corrective actions on, and measure progress in reducing improper 
payments. CMS's experience provides useful lessons for the management 
of the Medicare and Medicaid programs, as well as other recovery 
auditing programs on the importance of addressing the root causes of 
vulnerabilities to improper payments and effectively coordinating and 
overseeing the accuracy of contractors. Such lessons may be useful as 
recovery auditing is incorporated more broadly in the federal 

Mr. Chairman, this concludes our prepared statement. We would be happy 
to answer any questions you or other members of the subcommittee may 

GAO Contacts and Staff Acknowledgments: 

For further information about this statement, please contact Kathleen 
M. King at (202) 512-7114 or or Kay L. Daly, (202) 512- 
9095 or 

Sheila Avruch and Carla Lewis, Assistant Directors; Jennie F. Apter; 
Anne Hopewell; Laurie Pachter; Nina M. Rostro; and James Walker were 
key contributors to this statement. 

[End of section] 


[1] Medicare consists of four parts. Medicare Fee for Service (FFS) 
includes two parts--Medicare Parts A and B whereby providers are paid 
for each service, unit or bundle of services provided. Medicare Part A 
covers inpatient hospital services, skilled nursing facility services, 
some home health, and hospice services. Medicare Part B covers 
hospital outpatient, physician services, some home health services and 
preventive services, among other things. Medicare beneficiaries have 
the option of obtaining coverage for Medicare Part A and B services 
from private health plans that participate in Medicare Advantage-- 
Medicare's managed care program, also known as Medicare Part C. All 
Medicare beneficiaries may purchase coverage for outpatient 
prescription drugs under Medicare Part D. 

[2] Improper payments may be due to errors, such as the inadvertent 
submission of duplicate claims for the same service, or misconduct, 
such as fraud and abuse. Fraud is an intentional act or representation 
to deceive with knowledge that the action or representation could 
result in an inappropriate gain. Abuse typically involves actions that 
are inconsistent with acceptable business or medical practices and 
result in unnecessary costs. 

[3] For example, in 2009 the Department of Health and Human Services 
(HHS) estimated that approximately $24.1 billion or 7.8 percent of 
Medicare FFS payments for claims from April 2008 through March 2009 
were improper. (November 2009 "Improper Medicare FFS Payments Report" 
in HHS's Fiscal Year 2009 Agency Financial Report.) Since 1990, 
Medicare has been included in our reporting of "high risk" areas, 
those government operations involving substantial resources and that 
provide critical services to the public that we find to contain 
serious weaknesses. See GAO, High-Risk Series: An Update, GAO-09-271 
(Washington, D.C.: January 2009) and [hyperlink,]. 

[4] CMS has historically used contractors, known as fiscal 
intermediaries and carriers, to process Medicare claims. CMS is in the 
process of transitioning to new contracting entities called Medicare 
Administrative Contractors. Because the transition is ongoing, we use 
the term Medicare claims administration contractors to refer to the 
contractors that historically have processed Medicare claims as well 
as the new Medicare Administrative Contractors. 

[5] Recovery auditing has been used in various industries, including 
health care, to identify and collect overpayments for about 40 years. 

[6] Pub. L. No. 108-173, § 306, 117 Stat. 2066, 2256-57. 

[7] Pub. L. No. 109-432, div B., title III, § 302, 120 Stat. 2922, 
2991-92 (codified at 42 U.S.C. § 1395 ddd(h)). 

[8] A vulnerability is an issue likely to lead to an improper payment 
such as billing the incorrect number of units for a particular drug or 
service or inpatient hospital claims not meeting CMS's criteria for 
inpatient admission. 

[9] See Department of Health and Human Services, Centers for Medicare 
and Medicaid Services, The Medicare Recovery Audit Contractor (RAC) 
Program: An Evaluation of the 3-Year Demonstration (Baltimore, Md.: 
June 2008). 

[10] See GAO, Medicare Recovery Audit Contracting: Weaknesses Remain 
in Addressing Vulnerabilities to Improper Payments, Although 
Improvements Made to Contractor Oversight, GAO-10-143 (Washington, 
D.C.: March 31, 2010). 

[11] Finding and Recapturing Improper Payments, 75 Fed. Reg. 12,119 
(March 15, 2010); See also Exec. Order No. 13,520, 74 Fed. Reg. 62,201 
(Nov. 25, 2009); & OMB Circular No. A-123, Appx. C, Requirements for 
Effective Measurement and Remediation of Improper Payments (Revised 
March 22, 2010). 

[12] Pub. L. No. 111-148, § 6411, 124 Stat. 119, codified at 42 U.S.C. 
§§ 1396a(a)(42)(B) and 1395ddd(h). 

[13] See [hyperlink,]. 

[14] During the demonstration project, the Medicare claims 
administration contractors processed hundreds of thousands of RAC 
claim adjustments--some manually--which created significant additional 

[15] During the demonstration, CMS paid the RACs a total of $187.2 
million in contingency fees. Initially, the RAC demonstration project 
did not include contingency fee payment to the RACs for identifying 
underpayments and refunding providers. Beginning on March 1, 2006, the 
RACs were paid an equivalent percentage contingency fee for the 
identification of underpayments. 

[16] Corrective actions that could be taken by CMS or its Medicare 
claims administration contractors include: conducting provider 
outreach and education; developing guidance or new regulations; 
reissuing instructions for coding a claim or initiating additional 
service-specific local or national prepayment computer edits to deny 
improper claims or flag them for additional review. 

[17] Providers could appeal unfavorable RAC determinations through the 
standard Medicare appeals process, which includes five levels of 
review. The Medicare claims administration contractors conduct the 
first level of appeal. 

[18] According to CMS, the most significant vulnerabilities were those 
for which RACs identified more than $1 million in improper payments 
for medical services or $500,000 for durable medical equipment. 

[19] These unaddressed vulnerabilities are a portion of 18 specific 
medical services CMS valued at $378 million. 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink,]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink,] 
and select "E-mail Updates." 

Order by Phone: 

The price of each GAO publication reflects GAO’s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO’s Web site, 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional 

To Report Fraud, Waste, and Abuse in Federal Programs: 


Web site: [hyperlink,]: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Ralph Dawn, Managing Director, 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Chuck Young, Managing Director, 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: