Improvements Needed to Address Improper Payments for Medical Equipment and Supplies

GAO-07-59: Published: Jan 31, 2007. Publicly Released: Mar 6, 2007.

Additional Materials:


Leslie G. Aronovitz
(312) 220-7767


Office of Public Affairs
(202) 512-4800

The Centers for Medicare & Medicaid Services (CMS)--the agency that administers Medicare--estimated that the program made about $700 million in improper payments for durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS) from April 1, 2005, through March 31, 2006. To protect Medicare from improper DMEPOS payments, CMS relies on three Program Safeguard Contractors (PSC), and four contractors that process Medicare claims, to conduct critical program integrity activities. GAO was requested to examine CMS's and CMS's contractors' activities to prevent and minimize improper payments for DMEPOS, and describe CMS's oversight of PSC program integrity activities. To do this, GAO analyzed DMEPOS claims data by supplier and item to identify atypical, or large, increases in billing; reviewed CMS documents; and conducted interviews with CMS and contractor officials. GAO focused its work on contractors' automated prepayment controls and described related claims analysis functions.

To prevent and minimize improper DMEPOS payments, CMS's contractors conduct program integrity activities, which include performing medical reviews of certain claims before they are paid to determine whether the items meet criteria for Medicare coverage. As part of their efforts, CMS's contractors responsible for medical review use automated prepayment controls to deny claims that should not be paid or identify claims that should be reviewed. However, GAO found three shortfalls in these automated prepayment controls that make the Medicare program vulnerable to improper payments. (1) Contractors responsible for medical review did not have automated prepayment controls in place to identify questionable claims that are part of an atypically rapid increase in billing. (2) In some instances, these contractors did not have automated prepayment controls in place to identify claims for items unlikely to be prescribed in the course of routine quality medical care. CMS has recently begun an initiative to add controls of this kind for some DMEPOS items. (3) CMS does not require these contractors to share information on the most effective automated prepayment controls of the other contractors or consider adopting them. For example, Medicare might have saved almost $71 million in less than 2 years if one effective automated prepayment control designed to prevent Medicare from paying for more than one home-use hospital bed per month for a beneficiary, which was used by one of these contractors, had been used by the others. CMS oversees the PSCs' program integrity activities by providing written manuals and contracts to guide their work. As part of its oversight, CMS is implementing an annual contractor performance evaluation process, based on three evaluation tools, to assess each PSC's performance. CMS officials said that the agency will use the results of these evaluations to determine two things: whether to renew a PSC's contract, and whether a PSC may earn award fees--a monetary reward for good performance--in addition to the regular payments it receives under its contract.

Recommendations for Executive Action

  1. Status: Open

    Comments: Despite progress in identifying potentially improper groups of claims by provider, CMS has not developed thresholds for unexplained increases in billing by providers and used them to develop automated prepayment controls, as GAO recommended in January 2007. CMS took action in July 2011 to improve Medicare payment accuracy by introducing predictive analytics to help identify patterns of potentially improper claims and has some other prepayment controls in place. Specifically, the Small Business Jobs Act of 2010 requires CMS to use predictive modeling and other analytic techniques?known as predictive analytic technologies?to identify improper claims and prevent improper payments under the Medicare fee-for-service program. CMS is streaming every Medicare fee-for-service claim through a predictive modeling technology system, known as the Fraud Prevention System (FPS), prior to payment. The FPS uses a series of algorithms to identify potentially fraudulent claims. As each claim streams through the FPS, the system builds profiles of providers, networks, and billing patterns. Using these profiles, CMS estimates a claim's likelihood of being fraudulent and prioritizes providers with the most suspicious groups of claims for further investigation. CMS also has other prepayment controls in place, for example, to identify duplicate billing. As of December 2015, CMS did have algorithms in FPS to flag providers with unexpected increases in billings for investigation. CMS also instituted prepayment controls that can deny a claim before payment, however these controls are related to Medicare coverage requirements and do not address the issue of large increases in provider billing. Prepayment controls can suspend claims processing or deny claims before claims are paid, which would provide a greater assurance that Medicare funds are not going to potentially fraudulent providers. As of August 2016, HHS officials reported that they have not implemented this recommendation. GAO considers it to be open. We will update the status of this recommendation when we receive additional information.

    Recommendation: The Administrator of CMS should require the PSCs to develop thresholds for unexplained increases in billing--and use them to develop automated prepayment controls as one component of their manual medical review strategies.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services

  2. Status: Closed - Implemented

    Comments: The Centers for Medicare & Medicaid Services (CMS) agreed with this recommendation in its comments on the report and responded that the contractors' Joint Operating Agreements (JOA) provide a means through which information could be shared. CMS currently requires these contractors to have Joint Operating Agreements attached to each of their contracts to outline specifically the contact people and coordination points for sharing information across contractors. In 2007, CMS reviewed the JOAs and confirmed that contractors are required to exchange information and coordinate on program edits including auto-deny and other prepayment edits. These opportunities for communication include meetings between the DME PSCs, DME MACs and other relevant contractor groups. The DME PSCs develop and share the information to determine if actions, including automated prepayment edits, would be appropriate for their jurisdiction and to refer such actions to the appropriate DME MAC. CMS also implemented a workgroup that will enhance the sharing of edits across DME MACs and DME PSCs to further address the GAO's recommendation. In addition, on October 6, 2008, CMS implemented a fraud module that allowed the DME MACs to share edits that were developed locally, but could be shared nationally.

    Recommendation: The Administrator of CMS should require the Durable Medical Equipment Medicare Administrative Contractors, Durable Medical Equipment Regional Carrier, and PSCs to exchange information on their automated prepayment controls, and have each of these contractors consider whether the automated prepayment controls developed by the others could reduce their incidence of improper payments.

    Agency Affected: Department of Health and Human Services: Centers for Medicare and Medicaid Services


Explore the full database of GAO's Open Recommendations »

Feb 20, 2018

Feb 8, 2018

Feb 5, 2018

Jan 30, 2018

Jan 23, 2018

Jan 17, 2018

Jan 16, 2018

Looking for more? Browse all our products here