What GAO Found

Opportunities exist for the Centers for Medicare & Medicaid Services (CMS) to recover about $1.3 million in potential overpayments to 16 out of 66 potentially ineligible providers with criminal backgrounds who were enrolled in Medicare before CMS implemented more extensive background-check processes in April 2014. These 16 providers had Medicare claims paid to them while they were potentially ineligible. CMS can recover outstanding potential overpayments made to potentially ineligible Medicare providers. Therefore, we are referring all 66 providers to CMS for further review. Before implementing new procedures in April 2014, CMS did not initially have, and therefore did not use, the original felony conviction/offense date that ultimately made the provider ineligible to participate in Medicare. As a result, CMS missed an opportunity to revoke these ineligible providers sooner. Instead, CMS officials used other information that it identified, such as reported dates of medical-license suspensions, Health and Human Services Office of Inspector General exclusion dates, and deactivation dates--which were subsequent to the original felony conviction/offense date--to determine the date to remove the providers from Medicare.

In April 2014, CMS implemented steps that provide more information on the criminal backgrounds of existing and prospective Medicare providers and suppliers than it obtained previously. As a result, CMS and its contractors obtain greater access to data about federal and state offenses and the ability to conduct a more comprehensive review of provider and supplier criminal backgrounds than in the past. GAO did not evaluate the effectiveness of the new process because the most recent data available to GAO were based on procedures in place in 2013. However, if CMS implements this process as designed, the new procedures should help to address the limitation that we identified in this correspondence.

Why GAO Did This Study

In June 2015 we issued a report on Medicare's provider and supplier enrollment screening procedures to determine the extent to which the Provider Enrollment, Chain and Ownership System (PECOS) is vulnerable to fraud. PECOS is a centralized database designed to contain providers' and suppliers' enrollment information. In our report, we found that two Centers for Medicare & Medicaid Services (CMS) procedures appear to be working to screen for providers and suppliers listed as deceased or excluded from participating in federal programs or health care-related programs. However, we identified weaknesses in two of CMS's procedures related to verifying provider practice locations and physician licensure status. We recommended that CMS incorporate flags into its software to help identify questionable addresses, revise its 2014 guidance for verifying practice locations, and collect additional license information.

This correspondence provides the results of our assessment of CMS's procedures to verify criminal-background information for providers and suppliers in PECOS, as well as a description of the steps that CMS has taken, in the interim, to update its criminal-background check process. We were not able to incorporate this assessment into our June 2015 report because of the length of time that it took to obtain the data, assess its reliability, and analyze the results. Our findings are based on data from 2013, the most current data available to GAO at the time of our review. CMS implemented new procedures in April 2014 to update its criminal-background check process.

For more information, contact Seto J. Bagdoyan at 202-512-6722 or bagdoyans@gao.gov.

• View Report (PDF)