Print this page

Health > 46. Medicare and Medicaid Fraud Detection Systems

The Centers for Medicare & Medicaid Services needs to ensure widespread use of technology to help detect and recover billions of dollars of improper payments of claims and better position itself to determine and measure financial and other benefits of its systems.

Why This Area Is Important


GAO has designated Medicare and Medicaid as high-risk programs, in part due to their susceptibility to improper payments—estimated to be about $65 billion in fiscal year 2011.[1] As the administrator of these programs, the Centers for Medicare & Medicaid Services (CMS) is responsible for safeguarding them from loss and for performing functions intended to help ensure the integrity of the programs, such as reviewing paid claims to identify patterns that may indicate cases of fraud, waste, and abuse, or other payment errors. These and other program integrity functions are conducted by CMS staff and several types of contractors.

To integrate data about all types of Medicare and Medicaid claims and improve its ability to detect fraud, waste, and abuse in these programs, CMS initiated two information technology programs: the Integrated Data Repository (IDR) and One Program Integrity (One PI). IDR is intended to provide a centralized repository of claims data for all Medicare and Medicaid programs, and One PI is a set of tools that enables CMS’s program integrity contractors and staff to access and analyze data retrieved from IDR. The intent of these programs is to provide enhanced capabilities and support to help CMS achieve goals for improving outcomes of its program integrity initiatives. Among other things, these enhancements are intended to improve CMS’s ability to detect and recover funds lost to improper payments, and according to CMS officials, are expected to provide financial benefits of more than $21 billion by the end of fiscal year 2015.

[1]Improper payments may be made as a result of several causes, such as submissions of duplicate claims or fraud, waste, and abuse.

What GAO Found


As GAO reported in June 2011, CMS had developed and begun using both IDR and One PI, but was not yet positioned to identify, measure, or track benefits realized from these programs. Although IDR had been implemented and in use since 2006, it did not include all the data that were planned to be incorporated by fiscal year 2010. Specifically, while IDR included most types of Medicare claims data, it did not include the Medicaid data needed to help analysts detect improper payments of Medicaid claims. IDR also did not include data from other CMS systems that store and process data related to the entry, correction, and adjustment of claims prior to payment. These data are needed to help the agency’s program integrity analysts prevent improper payments. According to program officials, the data were not incorporated because of obstacles introduced by delays in funding and technical issues. Specifically, funding to support activities to incorporate data from the other CMS systems was not approved until summer 2010. In November 2011, program officials stated that they had begun incorporating these data in September 2011 and planned to make them available to program integrity analysts in spring 2012.

Regarding the Medicaid data, IDR officials stated that they did not account for difficulties and resulting delays associated with integrating into IDR the various types and formats of data stored in disparate state systems. Further, the agency did not finalize plans or develop reliable schedules for its efforts to incorporate these data. In particular, program officials did not consider certain risks and obstacles, such as technical challenges, as they developed schedules for implementing IDR. Until it does so, CMS may face additional delays in making available all the data that are needed to support enhanced program integrity efforts.

Additionally, CMS developed and deployed to users its One PI system—a web-based portal that is to provide CMS program integrity analysts a single point of access to data contained in IDR, along with tools for analyzing those data. Nonetheless, few program integrity analysts were using the system. Specifically, One PI program officials planned for 639 analysts to be using One PI by the end of fiscal year 2010; however, only 41—less than 7 percent—were actively using the portal and tools as of October 2010.

According to program officials, the agency had not trained its broad community of analysts to use the system because of delays introduced when they took time to redesign initial training plans, which were found to be insufficient. Specifically, the initial plan provided training for the use of the One PI system and IDR data in a 3-and-a-half-day course, whereas the redesigned plan includes courses on each of the components and allows trainees time to use them to reinforce learning before taking additional courses. Because of these delays, the initial use of the system was limited to a small number of CMS staff and contractors. In updating the status of the training efforts in November 2011, CMS officials reported that a total of 215 program integrity analysts had been trained and were using One PI.[1] However, until program officials finalize plans and schedules for training all intended users and expanding the use of One PI, the agency may continue to experience delays in reaching widespread use of the system and realizing expected financial benefits.

Further, while CMS made some progress toward its goals to provide a single repository of data and enhanced analytical capabilities for program integrity efforts, the agency was not positioned to identify, measure, or track financial benefits or progress toward meeting program goals as a result of its efforts. Specifically, although IDR program officials stated that they avoided technology costs as a result of implementing IDR, they did not identify financial benefits of using IDR based on the recovery of improper payments.

According to agency officials, CMS expected to realize more than $21 billion in benefits as a result of using One PI from 2006 through 2015. These benefits were expected to accrue as CMS’s broad community of program integrity analysts used the systems to identify increasing numbers of improper payments. However, these officials further stated that because the agency did not meet its goal for widespread use of One PI, there were not enough data available to quantify benefits attributable to the use of the system. In this regard, we found that CMS did not produce outcomes that positioned the agency to identify or measure financial benefits, or to gauge its progress toward achieving the $21 billion in benefits that it expected.

CMS officials also did not develop quantifiable measures that could be used to determine whether the agency was making progress toward meeting program goals through the use of One PI. For example, performance measures for one PI included increases in the detection of improper payments for Medicare Parts A and B claims. However, program integrity officials stated that measures were not quantified because they had not identified ways to determine the extent to which increases in the detection of errors could be attributed to the use of One PI. Additionally, the limited use of the system did not generate enough data to quantify the amount of funds recovered from improper payments.

[1]We did not validate the data provided in November 2011.

Actions Needed


To better position the agency to measure, gauge, and take actions to help ensure the program’s success toward achieving the $21 billion in financial benefits that program integrity officials projected, GAO recommended in June 2011 that the Administrator of CMS

  • finalize plans and schedules for incorporating additional data into IDR that consider risks and obstacles to the program;
  • implement and manage plans for incorporating data into IDR to meet schedule milestones;
  • establish plans and schedules for training all program integrity analysts who are intended to use One PI;
  • establish and communicate deadlines for program integrity contractors to complete training and use One PI in their work;
  • conduct training in accordance with plans and deadlines;
  • define any measurable financial benefits expected from the implementation of IDR and One PI; and
  • establish measures for IDR and One PI that gauge progress toward meeting program goals.

How GAO Conducted Its Work


The information contained in this analysis is based on findings from the products listed in the related GAO products section. GAO reviewed IDR and One PI system and program management plans and other documents and compared them to key practices. GAO also interviewed program officials, analyzed system data, and reviewed reported costs and benefits.

Agency Comments & GAO Contact


GAO provided a draft of its June 2011 report to CMS for review and comment. CMS agreed with all of GAO’s recommendations and identified steps agency officials were taking to implement them. GAO expects to conduct additional work to determine whether CMS has addressed its recommendations and identified financial benefits and progress toward meeting agency goals resulting from the implementation of IDR and One PI for program integrity purposes. As part of its routine audit work, GAO will track agency actions to address these recommendations and report to Congress.


For additional information about this area, contact Valerie C. Melvin at (202) 512-6304 or

Explore Other Areas

Jump to another area below related to this mission.