This is the accessible text file for GAO report number GAO-07-59 entitled 'Medicare: Improvements Needed to Address Improper Payments for Medical Equipment and Supplies' which was released on March 6, 2007. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to the Ranking Minority Member, Committee on Finance, U.S. Senate: United States Government Accountability Office: GAO: January 2007: Medicare: Improvements Needed to Address Improper Payments for Medical Equipment and Supplies: Medicare Supplier Improper Billing: GAO-07-59: GAO Highlights: Highlights of GAO-07-59, a report to the Ranking Minority Member, Committee on Finance, U.S. Senate Why GAO Did This Study: The Centers for Medicare & Medicaid Services (CMS)—the agency that administers Medicare—estimated that the program made about $700 million in improper payments for durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS) from April 1, 2005, through March 31, 2006. To protect Medicare from improper DMEPOS payments, CMS relies on three Program Safeguard Contractors (PSC), and four contractors that process Medicare claims, to conduct critical program integrity activities. GAO was requested to examine CMS’s and CMS’s contractors’ activities to prevent and minimize improper payments for DMEPOS, and describe CMS’s oversight of PSC program integrity activities. To do this, GAO analyzed DMEPOS claims data by supplier and item to identify atypical, or large, increases in billing; reviewed CMS documents; and conducted interviews with CMS and contractor officials. GAO focused its work on contractors’ automated prepayment controls and described related claims analysis functions. What GAO Found: To prevent and minimize improper DMEPOS payments, CMS’s contractors conduct program integrity activities, which include performing medical reviews of certain claims before they are paid to determine whether the items meet criteria for Medicare coverage. As part of their efforts, CMS’s contractors responsible for medical review use automated prepayment controls to deny claims that should not be paid or identify claims that should be reviewed. However, GAO found three shortfalls in these automated prepayment controls that make the Medicare program vulnerable to improper payments. * Contractors responsible for medical review did not have automated prepayment controls in place to identify questionable claims that are part of an atypically rapid increase in billing. * In some instances, these contractors did not have automated prepayment controls in place to identify claims for items unlikely to be prescribed in the course of routine quality medical care. CMS has recently begun an initiative to add controls of this kind for some DMEPOS items. * CMS does not require these contractors to share information on the most effective automated prepayment controls of the other contractors or consider adopting them. For example, Medicare might have saved almost $71 million in less than 2 years if one effective automated prepayment control designed to prevent Medicare from paying for more than one home-use hospital bed per month for a beneficiary, which was used by one of these contractors, had been used by the others. CMS oversees the PSCs’ program integrity activities by providing written manuals and contracts to guide their work. As part of its oversight, CMS is implementing an annual contractor performance evaluation process, based on three evaluation tools, to assess each PSC’s performance. CMS officials said that the agency will use the results of these evaluations to determine two things: whether to renew a PSC’s contract, and whether a PSC may earn award fees—a monetary reward for good performance—in addition to the regular payments it receives under its contract. What GAO Recommends: GAO recommends that CMS require its contractors to develop automated prepayment controls to identify potentially improper claims when supplier billing reaches atypical levels and consider adopting the most cost-effective controls of other contractors. CMS concurred with the recommendations. [Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-59]. To view the full product, including the scope and methodology, click on the link above. For more information, contact Leslie G. Aronovitz, (312) 220-7600 or aronovitzl@gao.gov. [End of section] Contents: Letter: Results in Brief: Background: CMS's Program Integrity Activities Could Be Enhanced: CMS Oversees PSCs through Various Means, and Is Implementing Annual Evaluations of Program Integrity Activities: Conclusions: Recommendations for Executive Action: Agency Comments: Appendix I: DMEPOS Regions and Associated DME MACs and PSCs: Appendix II: Scope and Methodology: Appendix III: Agency Comments: Appendix IV: GAO Contact and Staff Acknowledgments: Related GAO Products: Tables: Table 1: DMEPOS Claims Processing and Program Integrity Activities and Associated Regional Contractor Type, as of January 2007: Table 2: Examples of Medically Improbable Claims and Possible Edits to Address Them: Abbreviations: CMS: Centers for Medicare & Medicaid Services: DME: durable medical equipment: DME MAC: Durable Medical Equipment Medicare Administrative Contractor: DMEPOS: durable medical equipment, prosthetics, orthotics, and supplies: DMERC: Durable Medical Equipment Regional Carrier: DOJ: Department of Justice: FBI: Federal Bureau of Investigation: HHS: Department of Health and Human Services: JOA: Joint Operating Agreement: NSC: National Supplier Clearinghouse: OIG: Office of Inspector General: PIM: Medicare Program Integrity Manual: PSC: Program Safeguard Contractor: SADMERC: Statistical Analysis Durable Medical Equipment Regional Carrier: United States Government Accountability Office: Washington, DC 20548: January 31, 2007: The Honorable Charles E. Grassley: Ranking Minority Member: Committee on Finance: United States Senate: Dear Senator Grassley: According to the most recent estimate from the Centers for Medicare & Medicaid Services (CMS), from April 1, 2005, through March 31, 2006, Medicare made about $700 million in improper payments for durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS).[Footnote 1] This represents about 7.5 percent of its payments for these items. Improper payments result from mistakes on the part of those who bill Medicare, fraudulent activities, and abuse. Mistakes are often due to clerical errors or a misunderstanding of program rules, while fraud involves an intentional act or representation to deceive with knowledge that the action or representation could result in gain. Abuse typically involves actions that are inconsistent with acceptable business and medical practices and result in unnecessary cost.[Footnote 2] Improper Medicare payments drain vital program dollars, to the detriment of beneficiaries and taxpayers. Due in part to Medicare's vulnerability to making improper payments, we have designated it as a high-risk program since 1990.[Footnote 3] To prevent or minimize improper payments for DMEPOS, CMS relies on contractors to conduct program integrity activities in four DMEPOS regions. CMS has entered into new contracts with three Program Safeguard Contractors (PSC) to conduct these activities, as of March 1, 2006.[Footnote 4] The PSCs' program integrity activities include analyzing data on submitted and paid claims to identify patterns of improper or atypical billing; establishing automated prepayment controls to deny claims that should not be paid or route them for further review; conducting medical reviews[Footnote 5] of specific claims to determine if they should be, or should have been, paid; and carrying out benefit integrity activities--such as identifying, investigating, and referring to law enforcement any DMEPOS supplier suspected of submitting fraudulent claims for Medicare payment.[Footnote 6] CMS also relies on the efforts of a Durable Medical Equipment Regional Carrier (DMERC) and Durable Medical Equipment Medicare Administrative Contractors (DME MAC)[Footnote 7] to ensure that all needed information is included on a claim and to collect overpayments. You asked us to review CMS and its contractors' activities to address improper DMEPOS payments. In this report, we (1) discuss CMS's and its contractors' program integrity activities intended to prevent and minimize improper payments for DMEPOS and (2) describe CMS's oversight of PSC program integrity efforts. To discuss the program integrity activities of CMS and its contractors[Footnote 8] to prevent and minimize improper payments for DMEPOS, we reviewed the automated prepayment controls--also referred to as edits--which contractors introduce into their payment systems to deny claims or flag them for medical review, and contractors' benefit integrity activities. At the beginning of our review, three DMERCs and a PSC performed these functions and after March 1, 2006, three PSCs performed them. We included automated prepayment controls because they are generally the contractors' first line of defense for avoiding payment of improper claims, and we included benefit integrity activities because they allow contractors to enlist federal law enforcement agencies to act against suppliers who have defrauded Medicare. We did not evaluate other aspects of medical review, which can include analysis or examination of claims after payment, but we discuss these functions in relation to automated prepayment controls and benefit integrity activities. To review the adequacy of automated prepayment controls, we analyzed national Medicare DMEPOS claims data on atypical billing trends--particularly large increases in billing--by supplier and by item for the first quarter of 2003 through the first quarter of 2005. These data were provided to us by CMS's Statistical Analysis Durable Medical Equipment Regional Carrier (SADMERC)--which is responsible for performing statistical analyses on DMEPOS billing data to identify potential fraud. We further analyzed Medicare DMEPOS claims data from five states--California, Florida, Illinois, New York, and Texas[Footnote 9]--and examined national claims data for suppliers and items with atypical billing trends. We assessed the reliability of the data sets used for these analyses and determined that each one was sufficiently reliable for the purposes of this report. Further, we interviewed CMS officials responsible for safeguarding the program, and contractor staff responsible for conducting program integrity activities in Regions A, C, and D,[Footnote 10] including the outgoing DMERCs for Regions C and D,[Footnote 11] and the PSCs for Regions A, C, and D. To learn more about the contractor transitions, we interviewed staff at the DME MAC for Region A, whose contract was the only DME MAC contract awarded within our chosen regions at the time of our interviews. We also interviewed officials from SADMERC, and law enforcement officials--from the Department of Health and Human Services (HHS) Office of Inspector General (OIG), the Federal Bureau of Investigation (FBI), and U.S. Attorney's Offices--that are responsible for investigating and prosecuting Medicare fraud and abuse cases.[Footnote 12] We reviewed relevant CMS documents, such as CMS's Medicare Program Integrity Manual (PIM), which provides guidance for Medicare contractors. To describe CMS's oversight of PSC program integrity efforts, we reviewed the PSCs' statement of work and task orders outlining their duties,[Footnote 13] the PIM, and the evaluation tools that CMS will use to assess PSC performance. We also interviewed CMS officials about their oversight activities and efforts to minimize DMEPOS improper payments. Appendix II includes a more detailed discussion of our scope and methodology. We performed our work from June 2005 through January 2007 in accordance with generally accepted government auditing standards. Results in Brief: The contractors' activities to prevent and minimize improper DMEPOS payments fell short in three ways. First, the DMERCs and PSCs did not have edits with predesignated thresholds in place to identify claims for medical review that were part of an atypical increase in billing. This resulted in losses to Medicare. For example, we found that from the first quarter of 2003 through the first quarter of 2005, due to an absence of threshold edits, 225 suppliers increased their billing to Medicare by $500,000 and 50 percent from at least one 3-month period to the next. In November 2004, the U.S. government won a default civil judgment against 16 of these suppliers for filing false claims against Medicare for services not rendered--after being paid almost $40 million from January 2003 through September 2004. Establishing edits for when such claims meet thresholds for atypical billing would have allowed contractors to examine the claims before paying them and decrease improper payments. Second, we identified three instances where contractors did not have edits in place to identify items, and paid claims for items, that are not likely to be prescribed in the course of routine quality medical care. For example, a Medicare beneficiary who has a prosthetic foot due to an amputation should not need a brace for the limb that no longer exists. However, Medicare paid over $2 million from October 2002 through March 2005 for beneficiaries' braces after the program had paid for prosthetics for the same beneficiaries' legs, feet, or ankles. Third, contractors are not required by CMS to share information on their effective edits with contractors in other regions. They also do not have to adopt edits that have been effective in these other regions and that could be effective in their own. For instance, we found that one effective edit restricted payment for home-use hospital beds to only one per beneficiary per month. However, this edit was used in only one region. If it had been used in the other three regions, it could have saved Medicare almost $71 million from January 2003 through June 2005. Not all regions would benefit equally from introducing new edits into their systems. In this example, the edit would be most effective in two of the four regions because they received more claims from suppliers that billed for multiple hospital beds per beneficiary in a given month. In addition to using medical review edits, contractors also conduct benefit integrity activities to support law enforcement's investigation of suppliers who are suspected of fraudulent billing. Although CMS officials expressed satisfaction with contractors' benefit integrity performance, law enforcement officials in Miami and Southern California with whom we spoke told us that the contractors could be more effective if their supplier case referrals were based on more recent data. CMS oversees the PSCs' program integrity efforts by providing each PSC with a statement of work, a specific task order, the PIM, and through its monitoring and evaluation of the PSCs' activities. The agency has completed an initial abbreviated evaluation for the three PSCs and is implementing a comprehensive, annual evaluation of each PSC. CMS's plans are to assess each PSC's general, medical review, and benefit integrity performance. CMS will use the results of the annual evaluations to determine whether to renew the PSC contracts and whether each PSC is eligible to earn incentive rewards--called award fees--for good performance, in addition to the regular payments it receives under its contract. To help prevent improper payments for DMEPOS, we recommend that the Administrator of CMS take two actions. First, CMS should require the PSCs to establish thresholds for, and develop automated prepayment controls to address, unexplained increases in claims volume. Second, we recommend that CMS require contractors to exchange information about, and consider adopting, automated prepayment controls used by other DMEPOS contractors that could reduce improper payments within their own regions. CMS concurred with our recommendations and provided information on a related initiative that it has begun. CMS also suggested another activity that it plans to take as part of implementing our recommendations. The Department of Justice (DOJ) provided technical comments, which we incorporated as appropriate. Background: Medicare, which is administered by CMS--an agency within HHS--is the federal program that helps pay for a variety of health care services and items on behalf of about 42 million elderly and certain disabled beneficiaries. Most Medicare beneficiaries participate in Part B,[Footnote 14] which helps pay for certain physician, outpatient hospital, laboratory, and other services; DMEPOS (such as oxygen, wheelchairs, hospital beds, walkers, orthotics, prosthetics, and surgical dressings); and certain outpatient drugs.[Footnote 15] Medicare pays 80 percent of the cost of services and items covered under Part B, and the beneficiary pays the balance. Beneficiaries typically obtain DMEPOS items from suppliers, who submit claims to Medicare on the beneficiaries' behalf. Suppliers include medical equipment retail establishments, and also can include outpatient providers, such as physicians and physical therapists. DMEPOS suppliers are required by CMS to meet certain standards before they are authorized to bill Medicare. These standards are intended to ensure that suppliers engage in legitimate business practices and are licensed and qualified to provide DMEPOS items and services in the states in which they operate. CMS contracts with the National Supplier Clearinghouse (NSC) to screen potential suppliers and enroll those that comply with CMS standards into the Medicare program. In a previous report, we found that NSC's efforts to verify compliance with the standards were insufficient to ensure that only legitimate and qualified suppliers could bill Medicare.[Footnote 16] DMEPOS Claims Processing: DMEPOS claims are handled by CMS contractors who are responsible for processing and paying claims submitted to Medicare. To do this, they ensure that all necessary information is included on a claim. Claims processing contractors are responsible for paying DMEPOS claims and recouping any payments that have been made in error. Prior to January 2006, CMS contracted with four DMERCs to handle DMEPOS claims processing activities. Each DMERC was assigned to one of four geographic regions--Region A, B, C, or D--and was responsible for processing the DMEPOS claims of Medicare beneficiaries residing within its region.[Footnote 17] The Medicare Prescription Drug, Improvement, and Modernization Act of 2003 included provisions that required CMS to implement competitive procedures to replace DMERCs with DME MACs.[Footnote 18] In January 2006, CMS competitively selected four DME MACs from a pool of applicants[Footnote 19] and began to transition DMEPOS claims administration activities from the DMERCs to DME MACs. In Regions A and B, the transition of these claims processing activities was completed by July 1, 2006,[Footnote 20] but bid protests against the selection of the Region C and D DME MACs delayed transitions in these regions. As a result, claims processing activities did not transition in Region D until September 30, 2006, and, as of January 2007, the DMERC in Region C was continuing to process claims.[Footnote 21] DMEPOS Program Integrity: DMEPOS program integrity activities are designed to protect the Medicare program from improper payments. These program integrity activities include medical reviews of claims and benefit integrity efforts. Medical Review: Medical review is the examination of information on a DMEPOS claim, as well as the examination of any supporting documentation associated with the claim, to determine if a beneficiary's medical condition meets Medicare's coverage criteria. Medical review can also include data analyses of submitted and paid DMEPOS claims to identify billing patterns that may be associated with improper Medicare payments. If medical review reveals that an overpayment was made to a supplier, the claims processing contractor that paid the claim is responsible for collecting the overpayment from the supplier. Medical review findings also help CMS contractors determine what instruction they may need to provide to DMEPOS suppliers to inform them about Medicare program rules and proper DMEPOS billing. Medical review often results from contractors' use of edits to identify claims that require scrutiny, and it can be performed before or after payment. Benefit Integrity: Benefit integrity is the investigation of suspected fraud and the referral of suppliers to law enforcement for further investigation and prosecution. In addition, benefit integrity activities include data analysis of DMEPOS claims to identify improper billing that may indicate fraud. Prior to March 1, 2006, all medical review and benefit integrity activities within Regions B, C, and D were conducted by each region's DMERC. In Region A, these activities were conducted by a PSC. As of March 1, 2006, the PSC in Region A also became responsible for conducting the medical review and benefit integrity activities for Region B. In Regions C and D, CMS selected two other PSCs--one for each region--to conduct the medical review and benefit integrity activities in each respective region. The PSC for each region is responsible for partnering with its region's claims processing contractor when conducting medical review and benefit integrity activities. By March 1, 2006, the transition of medical review and benefit integrity activities from the DMERCs to the PSCs was completed. Table 1 provides a summary of DMEPOS claims processing and program integrity activities and the associated contractor types for these activities, as of January 2007. Table 1: DMEPOS Claims Processing and Program Integrity Activities and Associated Regional Contractor Type, as of January 2007: Type of contractor: Durable Medical Equipment Medicare Administrative Contractor (DME MAC); Regions A, B, and D; [Empty]; Claims processing: Electronically processes claims; Pays suppliers and recoups any overpayments; Program integrity: Medical review: Not applicable; Program integrity: Benefit integrity: Not applicable. Type of contractor: Durable Medical Equipment Regional Carrier (DMERC); Region C; Claims processing: [Empty]; Program integrity: Medical review: [Empty]; Program integrity: Benefit integrity: [Empty]. Type of contractor: Program Safeguard Contractor (PSC); Regions A, B, C, D; Claims processing: Not applicable; Program integrity: Medical review: Reviews submitted claims; Analyzes regional claims data; Informs DME MAC or DMERC of overpayments; Program integrity: Benefit integrity: Identifies and investigates suspected fraud; Refers suspected fraud to law enforcement; Analyzes regional claims data. Source: GAO analysis of CMS Medicare Program Integrity Manual, contractors' statements of work, and information from CMS contractors. [End of table] In addition to the contractors mentioned above, the SADMERC performs analyses of national data on paid Medicare DMEPOS claims. The SADMERC develops reports for CMS, CMS contractors, and law enforcement to identify trends in payment and potential fraud. It often focuses its analyses by examining a particular DMEPOS item, supplier, or referring physician, or by analyzing claims in a specific region or other geographic area. CMS's Program Integrity Activities Could Be Enhanced: Under CMS's direction, its contractors conduct program integrity activities, such as developing the automated prepayment controls known as edits that check claims before payment, and performing benefit integrity tasks. However, the contractors' edits fell short in preventing improper payments from being made. Specifically, the contractors did not have edits that flagged atypical billing or consistently identified claims that were medically improbable, and the contractors also did not routinely share their successful edits with the other contractors. Further, as a key aspect of the benefit integrity activities, contractors provided case referrals about suppliers to help law enforcement agencies investigate and prosecute Medicare fraud. However, law enforcement officials stated that case referrals would be more useful if they were based on more recent information. PSCs Identify Atypical Billing Patterns and Use Edits to Address Improper Payments: PSCs in each region analyze data on claims that have been paid in order to identify potentially improper ones, which can be evidenced by atypical billing patterns--such as a rapid growth in payments for a particular DMEPOS item or provider. They also use results from CMS's annual study of improperly paid claims[Footnote 22] to identify items at risk of improper payment in their respective regions. The PSCs decide on their approach to addressing potentially improper claims based on the level of their resources and the scope of the identified problems in their regions. Each PSC's approach is detailed in its annual "medical review strategy," submitted to CMS for approval. Due to the specific problems identified in each region, the PSCs' medical review strategies can differ. As part of its strategy, each PSC is required to design a comprehensive plan detailing how it will address each problem it identifies, and reduce the rate of errors in claims payment. PSCs continuously update their strategy as improper payment problems are resolved and new ones are discovered. To prevent and minimize improper payments for DMEPOS, PSCs rely on automated prepayment controls--called edits. Edits automatically check claims before payment to make sure that they appear to be valid. PSCs are responsible for developing and implementing a specific type of edit, called a medical review edit.[Footnote 23] Medical review edits specifically allow a PSC to check that an item on a claim appears medically necessary for the beneficiary under Medicare's coverage criteria. Medical review edits can either lead to the automatic denial of an improper claim, or subject a claim to a manual review. For example, a medical review edit could be established to automatically deny any claim submitted for specific items for a beneficiary if it had been determined that the beneficiary's Medicare number was used repeatedly on claims from different suppliers for DMEPOS items that the beneficiary did not need. Alternatively, medical review edits can flag claims for manual medical review before payment, which requires that a PSC reviewer examine data on the claim, along with any related supporting documentation.[Footnote 24] The reviewer determines whether to allow the claim to continue through the payment process, obtain more documentation, or deny the claim. Gaps with Medical Review Edits Can Lead to Improper Payments: We identified three gaps in medical review edits that could lead to improper payments. First, DMERCs and the Region A PSC[Footnote 25] generally did not have medical review edits in place to identify claims associated with atypical billing patterns. Such billing patterns involve rapid or dramatic increases in the billed amounts of claims. Atypical billing patterns can involve legitimate claims, when, for example, CMS expands the coverage rules for an item or service. However, atypical billing patterns have often been associated with improper claims and payments. Atypical billing patterns can appear with claims (1) submitted by a particular supplier, (2) covering a particular DMEPOS item, (3) based on referrals from the same prescribing physician, (4) submitted on behalf of a particular beneficiary, or (5) associated with atypical billing that is clustered in a particular geographic area. The DMERC and PSC officials we interviewed told us that they did not use medical review edits that would routinely flag claims that had reached predesignated thresholds- -such as ones that would signal an unusually large increase in payment to a supplier. One contractor indicated that, depending on the threshold set, introducing these types of edits could allow too many claims to be flagged for medical review. In the absence of threshold edits to avoid paying improper claims associated with atypical billing patterns, the DMERCs paid claims that represented large increases over historical billing amounts submitted. For example, we found that from the first quarter of 2003 through the first quarter of 2005, 225 suppliers increased their billing to Medicare by $500,000 and 50 percent from at least one 3-month period to the next.[Footnote 26] At least 38 of the 225 suppliers were under criminal investigation during 2004. In November 2004, the U.S. government won a default civil judgment of $366 million against 16 of these suppliers.[Footnote 27] These suppliers had billed for services not rendered and committed other offenses, and they had been paid almost $40 million from January 2003 through September 2004. As of December 2006, DOJ had collected about $738,000 from suppliers involved in the case. HHS OIG investigators in Miami told us that it was not uncommon for fraudulent suppliers to close up their businesses at the first sign of an investigation or to quickly move their Medicare payments out of their accounts in ways that are difficult to track. By the time law enforcement can act against fraudulent suppliers, much of the money gained from Medicare has disappeared and cannot be recouped. We found that contractors paid claims that were medically improbable because they did not have edits to flag them. Such claims represent items unlikely to be prescribed, or unlikely to be prescribed in the quantity billed, for a beneficiary as part of routine quality care. In conjunction with the SADMERC, we identified three instances where medically improbable claims were routinely being paid by Medicare for more than a year. For example, if a Medicare beneficiary has a foot amputated, that person would usually need a prosthetic foot for that limb. As a result, the beneficiary should not also need a brace for a limb that no longer exists. From October 2002 through March 2005, Medicare paid over $2 million for beneficiaries' braces after the program had paid for prosthetics within the last year for the same beneficiaries' legs, feet or ankles. (See table 2 for two other examples.) A SADMERC official told us that the contractors could develop edits for medically improbable circumstances that could avoid improper payments. Table 2: Examples of Medically Improbable Claims and Possible Edits to Address Them: Type of claim: More than 500 glucose test strips per year for diabetics who are not treated with insulin; Why it is medically improbable: Clinical information and surveys of beneficiaries indicate that noninsulin-treated diabetics generally do not test their blood sugar level more than once per day; Description of possible edit: A glucose test strip edit[A] would limit diabetics who do not use insulin to 500 test strips per year (41 per month)--a level which is more generous than the contractors' coverage policies currently allow and would allow testing more than once a day. If more than 500 test strips were billed in a year, the claims processing system would deny the claims containing this code; Payment amounts: CMS paid about $156 million for test strips in excess of 500 per year for diabetic beneficiaries that were not treated with insulin in 2003.[B]. Type of claim: Multiple claims for prosthetics provided for the same body part; Why it is medically improbable: According to the SADMERC medical director, a beneficiary who receives a prosthesis for a specific body part should not need multiple versions of the same prosthesis. On some occasions, a beneficiary may need to be refitted, but no more than two of the same prostheses per year should be necessary; Description of possible edit: An edit for multiple prosthetics[C] would limit the number of prostheses provided for the same body part for the same beneficiary to two per year. If more than two occurrences were billed in a year, the claims processing system would deny the claims containing this code or flag the claims for prepayment manual medical review; Payment amounts: From October 2002 through March 2005, CMS paid almost $500,000 to suppliers providing more than two of the same prostheses for the same leg of the same beneficiary within a single year. Source: GAO analysis of SADMERC data. [A] The glucose test strip edit was developed by SADMERC and relies on SADMERC data. [B] SADMERC was able to determine whether beneficiaries were treated with insulin based on the diagnosis information submitted on their claims. [C] The edit for multiple prosthetics was developed by GAO and relies on SADMERC data. [End of table] In recognition of the value of edits to detect medically improbable claims, CMS has begun a process to have its contractors implement such edits. In January 2007, the agency plans to introduce 19 edits for DMEPOS items, albeit not for the items described in table 2.[Footnote 28] These 19 edits will deny claims for DMEPOS items if a medically improbable quantity of the item is listed on the claim for a single beneficiary in one day. The agency plans to introduce additional edits for more DMEPOS items and other services later in 2007. Finally, CMS does not require its contractors to share information on their edits with contractors in other regions or adopt edits that have been effective in other contractors' regions. CMS requires each of its contractors to develop and maintain its own edits. Contractors are free to adopt or eliminate edits at their discretion based on such factors as the effectiveness of an edit in reducing improper payments, the added cost of implementing and maintaining an edit, and the presence or absence of other, more costly, improper payments. CMS officials we spoke with told us that CMS expects contractors to add edits at their own discretion, based on their resources. CMS maintains a database through which contractors provide information to the agency on the effectiveness of their edits. At present, contractors do not have access to other contractors' information in the database. Our analysis found that if contractors were to adopt edits that have been effective in other contractors' regions, they could likely reduce their improper payments. For example, in 2005, the DMERC in Region C had an edit in place to restrict payment for the same or similar types of home-use hospital beds to one item per month per beneficiary, by automatically denying any additional claims submitted for these items. Our analysis identified a potential savings within Region C of $50.7 million from January 1, 2003, through June 30, 2005. Based on the claims submitted over this time period in the other three regions, we found that this edit could have generated an additional savings of up to $70.6 million if it had been implemented in the other three regions.[Footnote 29] Overall, our analysis of a sample of seven edits[Footnote 30]--selected from a list of automated edits that was provided in response to our request and included edits estimated to be the most effective by the contractors that developed them--found that each contractor had edits that could have denied up to an additional $74.1 million in claims from January 2003 through June 2005, had all seven edits been used by each contractor.[Footnote 31] PSC Case Referrals to Law Enforcement Are a Key Aspect of Benefit Integrity Activities: Under their benefit integrity responsibilities, PSCs are expected to identify and investigate cases of suspected fraud within their regions and refer these cases to law enforcement for further investigation and prosecution. A PSC's investigation can include examining medical and other records associated with a particular claim or claims, questioning beneficiaries about whether they received items that were billed, and conducting site visits to suppliers' facilities. PSCs also use analysis of claims data to look for atypical billing patterns and other factors that may indicate fraud, such as the number of complaints against, or prior investigations of, a supplier. PSCs are required by CMS to refer cases of suspected fraud to the HHS OIG for further investigation.[Footnote 32] PSCs are also required to support law enforcement's investigation and prosecution of fraud by providing supplier and beneficiary information and other relevant case- related data, as requested by law enforcement entities. Along with these tasks, the PSC statements of work outline other required activities, including participating in regular case-related contact with law enforcement, coordinating and participating in antifraud conferences and related gatherings, updating a national database maintained by CMS that tracks Medicare fraud, and providing educational programs for law enforcement on contractor operations and Medicare issues. Prior to the transfer of benefit integrity activities to PSCs on March 1, 2006, DMERCs were responsible for these activities in three of the four regions. In the fourth region--Region A--a PSC was responsible for these activities prior to this date. Our analysis of CMS contractor benefit integrity performance evaluations from 2001 through 2005--the most recent years for which these evaluations were available--generally found few serious problems. According to these evaluations, the PSC in Region A and the DMERCs in Regions B and C met most or all of CMS's benefit integrity requirements in all years, with any problems identified by these evaluations labeled as "minor." The DMERC in Region D--which no longer holds this contract[Footnote 33]--met all benefit integrity requirements in two recent evaluation periods (which covered October 1, 2003, through May 31, 2004, and October 1, 2004, through April 15, 2005). However, in three earlier evaluation periods preceding October 1, 2003, CMS found "major" problems relating to the DMERC's case referral activities, such as less than timely development of cases and lack of documentation to support case files. Despite the PSC's and DMERCs' positive evaluations by CMS in recent years, law enforcement officials we spoke with stated that the contractors could have done more to support law enforcement activities. For example, law enforcement officials we interviewed in Miami and Southern California[Footnote 34] told us that, while they were satisfied with the quality of information presented in the case referrals, the case files often pertained to fraud that had occurred too far in the past to be effectively investigated by the time the referral was received. The Los Angeles FBI office as well as the U.S. Attorney's office responsible for prosecuting Medicare fraud in the Los Angeles area (Region D) told us that the typical case referral submitted to the office for prosecution in 2005 related to suspect suppliers whose peak billing activity occurred during 2003.[Footnote 35] The Miami FBI office and the U.S. Attorney's office responsible for prosecuting Medicare fraud in the Miami area expressed similar concerns on the timeliness of case referrals. Law enforcement officials explained that when case referrals are made after a supplier is no longer in business, investigating and prosecuting the suspected fraud is difficult or even impossible because law enforcement may not be able to locate the company's owners, its records, or the Medicare funds it received. Law enforcement officials we interviewed did not cite a single cause for the delays in contractor referrals. Officials in Los Angeles attributed the delays to a lack of on-site contractor presence in the Los Angeles area and on contractor over-emphasis on producing polished referrals. Officials in Miami attributed the delays to the referral process itself, citing too many steps in the process, and some officials were uncertain as to the cause. When we discussed these issues with CMS officials, however, they did not raise concerns about the DMERCs' and PSC's effectiveness in supporting law enforcement with comprehensive and timely referrals. On the contrary, the officials we interviewed expressed satisfaction with the DMERCs' and PSC's past performance. CMS Oversees PSCs through Various Means, and Is Implementing Annual Evaluations of Program Integrity Activities: CMS has various means of overseeing PSCs' program integrity efforts. To establish expectations and guidelines for the PSCs, and to monitor their program integrity efforts, CMS relies on PSC statements of work, the PIM, and PSCs' reports on their activities. The PSC statements of work contain general information about the agency's expectations for the PSCs, including a list of deliverables that each one is required to provide to CMS. The PIM establishes the requirements and guidance that the PSCs must follow when conducting their program integrity activities. In addition, CMS staff monitor the PSCs' reports about their activities. Examples of these reports include updated medical review strategies and updates about the types of information requested by law enforcement for its use in investigating and prosecuting suppliers. After reviewing a contractor's reports, CMS may suggest changes to a PSC, such as adjustments to its medical review strategy. In addition, CMS has developed plans for annually evaluating the PSCs' program integrity activities and is in the process of implementing these evaluations. CMS has developed three evaluation tools to assess each PSC's (1) general performance, (2) performance in conducting medical review, and (3) performance in conducting benefit integrity activities. The criteria used in each of the three evaluation tools reflect the responsibilities described in the PIM and the PSCs' statements of work. In May and June of 2006, CMS conducted an initial evaluation of the first several months of the three PSCs' work,[Footnote 36] using the general performance evaluation tool. In May and June of 2007, CMS will conduct the first of a planned annual, comprehensive, full-year evaluation of each PSC, including assessments of its medical review and benefit integrity efforts. CMS officials said that the agency will use the results to decide whether to renew a PSC's contract.[Footnote 37] The officials also said that CMS will use these results to determine whether a PSC may earn award fees--a monetary performance reward for good performance--in addition to the regular payments it receives under its contract. The general performance evaluation tool is intended to assess the PSCs in four overall areas: (1) the quality of their work and work products; (2) their success in completing their work within an agreed upon budget; (3) their ability to provide work products on time; and (4) their ability to develop and maintain productive business relationships with law enforcement and suppliers. The medical review evaluation tool is intended to assess PSC performance in reviewing claims before and after payment. For example, the tool is designed to assess the degree to which a PSC reviewed claims in accordance with the medical review strategy that the PSC established for that year, and that had been approved by CMS. The tool also is intended to verify the accuracy of medical review for each PSC by using a sample of five claims that had received medical review from the respective PSC. CMS officials told us that they are currently in the process of determining whether a broader measure of a region's improper payments will be reflected in the evaluations of PSC performance in the future. The benefit integrity evaluation tool is intended to assess a PSC's investigations of suppliers suspected of fraud, development of supplier case referrals for the HHS OIG, and assistance to law enforcement. For instance, the benefit integrity evaluation tool requires evaluators to assess whether a PSC maintains a documented audit trail of the actions it has taken for each supplier investigation initiated. It also requires an assessment of whether a PSC's case referrals to the HHS OIG include all of the elements for law enforcement to pursue an investigation. Conclusions: When CMS and its contractors fall short in protecting the Medicare program, hundreds of millions of dollars can be lost to improper payments for DMEPOS. The agency and its contractors conduct a number of program integrity activities designed to prevent and minimize improper payments for DMEPOS. However, we found that CMS's contractors did not have sufficient automated prepayment controls to flag claims that are part of unexplained increases in billing, or that were medically improbable. Currently, the PSCs and DME MACs are not required to exchange information about their successful automated prepayment controls that could be effective in other regions. While PSCs have the flexibility to implement prepayment controls that they consider to be the most effective for their region, knowing about effective controls in other regions could provide useful information when developing their own. CMS's recent initiative to add automated prepayment controls that would deny certain medically improbable claims is a positive step towards reducing improper DMEPOS payments. Recommendations for Executive Action: We recommend that the Administrator of CMS take two actions: * Require the PSCs to develop thresholds for unexplained increases in billing--and use them to develop automated prepayment controls as one component of their manual medical review strategies. * Require the DME MACs, DMERC, and PSCs to exchange information on their automated prepayment controls, and have each of these contractors consider whether the automated prepayment controls developed by the others could reduce their incidence of improper payments. Agency Comments: CMS provided comments on a draft of this report, agreed with both of our recommendations, and stated that it has begun efforts to address them. Specifically, CMS agreed with our recommendation to require PSCs to develop thresholds for unexplained increases in billing and use them in developing their automated prepayment controls. CMS responded that it would build upon existing PSC processes for identifying billing increases and would work to improve contractors' automated prepayment controls. CMS also discussed a related initiative it has begun to automatically deny or automatically suspend payment for services billed in excess of medically probable amounts. CMS stated that this initiative will address some of the issues that we raised in our report. We consider this initiative to be one important aspect of preventing improper payments for DMEPOS. CMS also agreed with our recommendation to require the DME MACs, DMERC, and PSCs to exchange information on their automated prepayment controls and to have each of these contractors consider whether the controls developed by the others could reduce their incidence of improper payments. CMS responded that these contractors' Joint Operating Agreements (JOA) provide a means through which information can be shared among them, and stated that it believes the contractors are currently coordinating their automated prepayment control processes. CMS also said it would review the JOAs to ensure that information- sharing requirements are clear and are being followed by the contractors. This would be a good first step towards ensuring that information sharing occurs and that the contractors are considering the prepayment controls of other contractors when developing their own prepayment controls. CMS's comments appear in appendix III. We provided DOJ with a draft of this report for its review. DOJ provided us with technical comments, which we incorporated as appropriate. As agreed with your office, unless you publicly announce its contents earlier, we plan no further distribution of this report until 30 days after its date. We will then send a copy of this report to the Secretary of HHS, the Administrator of CMS, and the Attorney General, appropriate congressional committees, and other interested parties. We will also make copies available to others upon request. This report also will be available at no charge on GAO's Web site at http://www.gao.gov. If you or your staff have any questions about this report, please contact me at (312) 220-7600 or aronovitzl@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff who made major contributions to this report are listed in appendix IV. Sincerely yours, Signed by: Leslie G. Aronovitz: Director, Health Care: [End of section] Appendix I: DMEPOS Regions and Associated DME MACs and PSCs: [See PDF for image] Source: CMS, Map Resources (map). [End of figure] [End of section] Appendix II: Scope and Methodology: To discuss the program integrity activities of the Centers for Medicare & Medicaid Services (CMS) and its contractors to prevent and minimize improper payments made for durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS), we reviewed aspects of the contractors' medical review and benefit integrity responsibilities. We reviewed the automated prepayment controls--called edits--that contractors introduce into their payment systems to deny claims or flag them for medical review, and contractors' benefit integrity activities. We included edits because they are generally the contractors' first line of defense for avoiding payment of improper claims. We did not evaluate other aspects of medical review, which can include analysis or examination of claims after payment, but we discuss these functions in relation to automated prepayment controls and benefit integrity activities. We also included benefit integrity efforts--such as referring potential cases to law enforcement--because these efforts allow contractors to enlist federal law enforcement agencies to act against suppliers who have defrauded Medicare. As part of our work, we reviewed related GAO reports and CMS's Medicare Program Integrity Manual (PIM), which establishes CMS's guidelines for contractors' program integrity activities. We also conducted interviews with CMS officials responsible for safeguarding Medicare, as well as contractor officials responsible for program integrity activities in three of the four DMEPOS regions--Regions A, C, and D.[Footnote 38] These contractor officials included staff at the outgoing Durable Medical Equipment Regional Carriers (DMERC) for Regions C and D,[Footnote 39] and the incoming Program Safeguard Contractors (PSC) for Regions A, C, and D. We interviewed staff at the incoming Durable Medical Equipment Medicare Administrative Contractor (DME MAC) for Region A, which had the only DME MAC contract within our selected regions that had been implemented at the time of our interviews. We also interviewed contractor staff at the Statistical Analysis Durable Medical Equipment Regional Carrier (SADMERC)--a contractor which is responsible for performing statistical analyses on national and regional DMEPOS billing data to identify potential fraud. In order to specifically review edits, we analyzed national Medicare DMEPOS claims data on atypical billing trends for suppliers and items for the first quarter of 2003 through the first quarter of 2005 generated by SADMERC. We performed further analyses on individual Medicare DMEPOS claims data from the first quarter of 2003 through the second quarter of 2005 from five states--California, Florida, Illinois, New York, and Texas.[Footnote 40] We also obtained data from the National Supplier Clearinghouse (NSC)--a contractor which is responsible for enrolling suppliers in Medicare and revoking the billing privileges of suppliers who do not comply with program guidelines. We used the NSC data to obtain information on the geographic location of the suppliers' companies, such as by zip code and state, and to inform us as to whether the Medicare billing privileges of certain suppliers were considered by the NSC to be active, inactive, or revoked, as of October 3, 2005. In addition, we used other analyses performed by SADMERC on national DMEPOS claims data to simulate how many dollars might have been saved for periods of time from 2002 through 2005 by adding certain edits into the payment system to identify potential improper payments. We assessed the reliability of the data sets used for these analyses by reviewing documentation related to each data set, and we determined that each was sufficiently reliable to address the issues in this report. In order to specifically describe contractors' benefit integrity efforts, we interviewed law enforcement officials on both the national and local levels who are responsible for investigating and prosecuting such cases, and for coordinating their efforts with the CMS contractors. The officials we interviewed included those from Department of Health and Human Services (HHS) Office of Inspector General (OIG), who receive suspected fraud cases from Medicare contractors and may opt to investigate the cases further; the Federal Bureau of Investigation (FBI), which may opt to assist in the investigation of Medicare fraud cases or open an independent investigation on cases for which the HHS OIG has decided not to open an investigation; and U.S. Attorney's offices, which are responsible for the prosecution of Medicare fraud cases. In addition to interviewing headquarters officials from these organizations, we also interviewed local law enforcement officials from these agencies in Los Angeles, California; Miami, Florida; and New York City, New York. To describe CMS's oversight of its PSCs' program integrity efforts, we reviewed the PIM, and the PSCs' statements of work, which describe the terms of the PSC contracts. We also read CMS's PSC performance evaluation tools, and interviewed CMS officials about PSC oversight. In addition, we interviewed PSC contractors about CMS's oversight of its PSCs. We performed our work from June 2005 through January 2007 in accordance with generally accepted government auditing standards. [End of section] Appendix III: Agency Comments: Department Of Health & Human Services: Centers for Medicare & Medicaid Services: Administrator: Washington, DC 20201: TO: Leslie G. Aronovitz: Director, Health Care: Government Accountability Office: From: Leslie V. Norwalk, Esq. Acting Administrator: Subject: Government Accountability Office (GAO) Draft Report: "Medicare: Improvements Needed to Address Improper Payments for Medical Equipment and Supplies" (GAO-07-59): Thank you for the opportunity to review and comment on the subject GAO report. The Centers for Medicare & Medicaid Services (CMS) appreciates the time the GAO has invested in this report on CMS and its contractors' activities to minimize improper payments for durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS). CMS is committed to improving the program integrity process to continually reduce the amount of improper payments in the DMEPOS program. CMS concurs with the GAO's recommendations and is already taking steps to further automate its claims payment systems to prevent improper payments. A Medically Unlikely Edit (MUE) is defined as an edit that tests lines for the same beneficiary, Health Care Common Procedure Code System code, dates of service, and billing provider against a criterion number of units of service. CMS' MUE initiative is being implemented in phases. CMS implemented Phase I of the MUEs on January 2 for carrier and Durable Medical Equipment Regional Carrier (DMERC) claims, and will implement MUE Phase I for fiscal intermediary (FI) claims on February 5. The MUEs for carrier and DMERC claims auto-deny or auto-suspend services with units of service billed in excess of the criterion number of units of service, and the MUEs for FI claims Return to Provider claims that contain lines that have units of service that exceed an MUE criterion number of units of service. Phase I of the MUE Initiative has installed edits to prevent anatomic medically unlikely events. For example, the MUE for cataract surgery would be two since there are only two eyes. The MUE for removal of a gall bladder would be one since there is only one gall bladder. The set of MUEs based on anatomical considerations addresses approximately 2,800 codes. Phase II consists of edits based on additional anatomic considerations, Current Procedural Terminology (CPT) code descriptors/CPT coding instructions, CMS policies, nature of procedure/service, nature of analytics, or nature of equipment and will be implemented in April 2007. For example, the MUE for wheelchairs under the nature of equipment category would be one since a beneficiary can only use one wheelchair per day. The set of edits included in Phase 11 will address approximately 1.300 codes. The July 2007 release of MUEs will implement durable medical equipment edits which will address some of the issues identified by GAO in this report. There are approximately 11,000 codes that MUEs will eventually address. Please note that CMS will provide a revised table of MUEs on a quarterly basis. GAO Recommendation: Require the Program Safeguard Contractors (PSCs) to develop thresholds for unexplained increases in billing and use them to develop automated pre-payment controls as one component of their payment manual medical review strategies. CMS Response: The CMS concurs with this recommendation and will build upon the Agency's MUE efforts and the PSCs current processes for identifying spike billings. We will consider ways to improve the contractor's automated pre-payment controls in order to further enhance and prioritize the contractor's medical review efforts. GAO Recommendation: Require the DME MACs, DMERC and PSCs to exchange information on their automated pre-payment controls and have each of these contractors consider whether the automated pre-payment controls developed by the others could reduce their incidence of improper payments. CMS Response: Currently, CMS requires these contractors to have Joint Operating Agreements (JOAs) attached to each of their contracts to specifically outline the contact people and coordination points for sharing information across contractors. We believe that contractors currently coordinate their edit processes but we will review the contractor's JOAs to ensure that this requirement is clear and that it is being adequately followed. Finally, the GAO report anecdotally mentions contractor support for law enforcement activity. CMS welcomes additional information on this suggestion, so that we may appropriately address any identified issues between the PSCs and the law enforcement community. The CMS thanks GAO for its efforts on this report. We look forward to working together with you in the future as we address the recommendations in this report. [End of section] Appendix IV: GAO Contact and Staff Acknowledgments: GAO Contact: Leslie G. Aronovitz, (312) 220-2600 or aronovitzl@gao.gov: Acknowledgments: In addition to the contact named above, Sheila K. Avruch, Assistant Director; Ramsey L. Asaly; Kevin Dietz; Krister P. Friday; Kelli A. Jones; Joy L. Kraybill; Suzanne M. Post; and Craig Winslow made key contributions to this report. [End of section] Related GAO Products: Medicare Integrity Program: Agency Approach for Allocating Funds Should Be Revised. GAO-06-813. Washington, D.C.: September 6, 2006. Medicare Payment: CMS Methodology Adequate to Estimate National Error Rate. GAO-06-300. Washington, D.C.: March 24, 2006. Medicare: More Effective Screening and Stronger Enrollment Standards Needed for Medical Equipment Suppliers. GAO-05-656. Washington, D.C.: September 22, 2005. Medicare Contracting Reform: CMS's Plan Has Gaps and Its Anticipated Savings Are Uncertain. GAO-05-873. Washington, D.C.: August 17, 2005. Health Care Fraud and Abuse Control Program: Results of Review of Annual Reports for Fiscal Years 2002 and 2003. GAO-05-134. Washington, D.C.: April 29, 2005. High-Risk Series: An Update. GAO-05-207. Washington, D.C.: January 2005. Medicare: CMS's Program Safeguards Did Not Deter Growth in Spending for Power Wheelchairs. GAO-05-43. Washington, D.C.: November 17, 2004. Medicare: CMS Did Not Control Rising Power Wheelchair Spending. GAO-04- 716T. Washington, D.C.: April 28, 2004. FOOTNOTES [1] Medicare defines durable medical equipment (DME) as equipment that serves a medical purpose, can withstand repeated use, is generally not useful in the absence of an illness or injury, and is appropriate for use in the home. DME includes items such as wheelchairs, hospital beds, and walkers. Medicare defines prosthetic devices (other than dental) as devices that are needed to replace a body part or function. Prosthetic devices include artificial limbs and eyes and cardiac pacemakers. Medicare defines orthotic devices to include leg, arm, back, and neck braces that provide rigid or semirigid support to weak or deformed body parts or restrict or eliminate motion in a diseased or injured part of the body. Medicare-reimbursed supplies are items that are used in conjunction with DME and are consumed during the use of the equipment- -such as drugs used for inhalation therapy--or items that need to be replaced on a frequent, usually daily, basis--such as surgical dressings. [2] 42 C.F.R. § 433.304 (2005). [3] GAO, High-Risk Series: An Update, GAO-05-207 (Washington, D.C.: Jan. 2005). [4] The same PSC was awarded contracts for Regions A and B, which means that a total of three PSCs hold contracts for the four regions. Appendix I depicts the boundaries of each region. [5] Medical reviews of submitted claims are conducted to determine if beneficiaries' medical conditions meet Medicare coverage criteria. If medical reviews identify a claim that should not have been paid, the contractor that paid the claim is responsible for collecting the overpayment. [6] Prior to March 1, 2006, three Durable Medical Equipment Regional Carriers (DMERC) and one PSC were under contract to conduct program integrity activities for DMEPOS benefits. [7] In 2006, CMS began implementing a plan to replace DMERCs with DME MACs to process DMEPOS claims. As of January 2007, three DME MACs and a DMERC were performing this activity. Each DMERC or DME MAC is responsible for coordinating with the PSC that conducts program integrity activities in its region. [8] In this report, unless otherwise specified, the term contractors refers to PSCs, DMERCs, and DME MACs. [9] We obtained data from these states because they are each recognized by CMS or law enforcement as having experienced Medicare fraud and abuse. [10] While DMERCs and DME MACs process claims in the four DMEPOS regions, we chose to focus our work in Regions A, C, and D. We selected Region A because it was the only DMEPOS region in which a PSC had previously been contracted to conduct program integrity functions. We selected Regions C and D because they each have one state--Florida and California, respectively--which CMS and its contractors have identified as experiencing a higher level of DMEPOS fraud and abuse than other states. [11] We did not interview DMERC staff for Region A because the responsibility for program integrity activities in that region had already been transferred to a PSC in 2001. [12] We interviewed headquarters officials from these organizations, in addition to representatives from their local offices in Los Angeles, California; Miami, Florida; and New York City, New York. The HHS OIG is responsible for investigating Medicare fraud; the FBI may assist in the investigation of Medicare fraud cases or open an independent investigation on cases for which the HHS OIG has decided not to open an investigation; and U.S. Attorney's Offices are responsible for prosecuting Medicare fraud cases. [13] A statement of work is the portion of a contract that describes the actual work to be carried out by the contractor by means of specifications, performance dates, and quality requirements. [14] Part B requires enrollees to pay a monthly premium for their Part B coverage. [15] Outpatient drugs covered under Part B include self-administered drugs, such as certain immunosuppressive and oral anticancer drugs, and drugs administered in conjunction with DME. [16] For more information on NSC and DMEPOS supplier standards, see GAO, Medicare: More Effective Screening and Stronger Enrollment Standards Needed for Medical Equipment Suppliers, GAO-05-656 (Washington, D.C.: Sept. 22, 2005). See also Related GAO Products at the end of this report. [17] The four DMERCs were HealthNow New York, Inc. (Region A), AdminaStar Federal, Inc. (Region B), Palmetto Government Benefits Administrators, LLC (Region C), and CIGNA Government Services, LLC (Region D). DMERCs only processed DMEPOS claims. [18] Pub. L. No. 108-173, sec. 302(b), § 1847, 117 Stat. 2066, 2224-30 (to be codified at 42 U.S.C. § 1395w-3). For further information on this contracting change, see GAO, Medicare Contracting Reform: CMS's Plan Has Gaps and Its Anticipated Savings Are Uncertain, GAO-05-873 (Washington, D.C.: Aug. 17, 2005). [19] This pool included DMERCs and other companies with experience processing Medicare claims. [20] The Region A DME MAC contract was awarded to National Heritage Insurance Company and the Region B contract was awarded to AdminaStar Federal, Inc. [21] In Region D, CMS's award of the DME MAC contract to Noridian Administrative Services, LLC, was upheld. CIGNA Gov't Servs., LLC, B- 297915, May 4, 2006. Transition of the Region D workload to the DME MAC was completed by September 30, 2006. In Region C, a bid protest was upheld and, as a result, CMS reopened discussions with parties under consideration for award of the DME MAC contract. CIGNA Gov't Servs., LLC, B-297915.2, May 4, 2006. On September 28, 2006, CMS once again awarded the contract, but this award was protested by the company that had not received the contract. The bid protest was decided on January 16, 2007. The company that did not receive the contract has options for further action, such as challenging the decision in the U.S. Court of Federal Claims. CMS has not yet finalized its transition schedule for Region C, as of January 2007. [22] CMS monitors the accuracy of Part B claims payments through its Comprehensive Error Rate Testing program. Beginning in 2003, CMS published yearly reports on the accuracy of claims payments. See Centers for Medicare & Medicaid Services, Improper Medicare FFS Payments Long Report (Web Version) for November 2006 (Baltimore, Md.: Nov. 2006) [Hyperlink, https://www4.cms.hhs.gov/apps/er_report/preview_er_report_print.asp?from =public&which=long&reportID=5 ](downloaded Nov. 16, 2006). See also GAO, Medicare Payment: CMS Methodology Adequate to Estimate National Error Rate, GAO-06-300 (Washington, D.C.: Mar. 24, 2006). [23] Another type of edit--the claims processing edit--is designed and put in place by DME MAC and DMERC staff to ensure that claims contain complete information that is consistent with certain previously submitted data and appear payable. The DME MACs and DMERC program the claims processing system with claims processing edits to determine whether to continue processing the claim for payment, deny it, or flag it for review. For example, a claims processing edit can flag a claim for review if it appears to be a duplicate of a previously processed claim. [24] Some DMEPOS items require that the supplier has a form signed by a physician to certify that an item is needed for the beneficiary. A reviewer can request this form be submitted to serve as proof that the item is considered medically necessary. [25] At the time our audit work on medical review edits was conducted, only Region A had a PSC conducting program integrity activities. [26] As a single example, in the fourth quarter of 2003, one Florida supplier had an increase in billing of over 51,000 percent from the prior quarter, from $4,486 to $2,307,236. In the next quarter, the supplier's billing for DMEPOS products increased to $14,611,458. Although many of the charges were denied, CMS paid the supplier over $5 million for DMEPOS claims from October 2003 through March 2004. [27] A default judgment is rendered as a result of a party's failure to appear in court or to answer a complaint. [28] CMS plans to implement a total of 2,776 edits for Part B items and services. These edits would automatically deny claims for Part B items and services if a medically improbable quantity of the item or service is billed for a single beneficiary as having been provided on the same day. [29] Our analysis also found that this edit did not lead to equal amounts of savings in all DMEPOS regions and therefore was of more potential value in some DMEPOS regions than in others. For example, Region D showed a potential savings of $36.6 million; Region A, $18.1 million; and Region B, $15.9 million. [30] Two of the seven edits examined wheelchair and commode seating items and were developed by the Region A PSC. Four of the seven edits examined oxygen delivery, respiratory assistance devices, nutrition to be provided through feeding tubes, and hospital beds, and were developed by the Region C DMERC. The final edit examined eyeglass lens coatings and was developed by the Region D DMERC. [31] These figures represent a maximum possible savings by assuming that none of the claims denials generated by these edits would be manually overridden. Further, if claims denials are subsequently appealed and payment made to suppliers, an edit could be less effective than a contractor's data would suggest. [32] When the HHS OIG accepts a case referral from a PSC or other source, it may investigate the case on its own or involve other federal and state law enforcement entities in its investigation. After completing its investigation, the HHS OIG refers each case to the U.S. Attorney's Office. The U.S. Attorney's Office decides whether the case should be prosecuted and is responsible for prosecution. If the HHS OIG declines a case, however, the PSC has the option to refer it directly to other federal or state law enforcement entities, such as the FBI or a State Office of Attorney General. [33] As noted earlier, the Region D contract was transitioned to Noridian Administrative Services, LLC, as of September 30, 2006. [34] These included officials from the Miami HHS OIG, U.S. Attorney's and FBI offices, as well as officials from the HHS OIG, U.S. Attorney's, and FBI offices responsible for the Los Angeles area. [35] The U.S. Attorneys do not typically receive case referrals directly from DMERCs, but rather from investigative agencies such as the HHS OIG or the FBI, who receive the case directly from the DMERCs and may further develop the case referral. [36] CMS evaluated each PSC's total workload, rather than its efforts in a particular region. Because one PSC holds the contracts for both Regions A and B, that PSC received a single evaluation. [37] The PSCs each have a 5-year contract. This includes an option for CMS to review the contract each year during its 5-year time frame and renew the contract for the next year. If CMS is satisfied with the PSC's performance, it can renew the contract for 1 year, up to four times, without having to open the contract to competition. [38] We selected Region A because it was the only DMEPOS region in which a program safeguard contractor (PSC) was already conducting program integrity functions when we began our work. We selected Regions C and D because they each have one state--Florida and California, respectively--which CMS and its contractors have identified as experiencing a higher level of DMEPOS fraud and abuse than other states. [39] We did not interview the DMERC for Region A because the program integrity activities in that region were already being conducted by a PSC. [40] We obtained data from these states because they are each recognized by CMS or law enforcement as states which have experienced Medicare fraud and abuse. GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to www.gao.gov and select "Subscribe to Updates." Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125 Washington, D.C. 20548: Public Affairs: Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: