Medicare Recovery Audit Contracting: Weaknesses Remain in Addressing Vulnerabilities to Improper Payments, Although Improvements Made to Contractor Oversight
Highlights
The Centers for Medicare & Medicaid Services (CMS) conducted a mandated 3-year project from March 2005 through March 2008 to demonstrate the use of recovery audit contractors (RAC) in identifying Medicare improper payments and recouping overpayments. CMS implemented a mandated national RAC program, which began in March 2009. GAO was asked to examine specific issues that arose during the demonstration project and CMS's efforts to address them in the national RAC program. This report examines the extent to which CMS (1) developed a process and took corrective actions to address vulnerabilities identified by the RACs that led to improper payments, (2) resolved coordination issues between the RACs and the Medicare claims administration contractors, and (3) established methods to oversee RAC claim review accuracy and provider service during the national program. GAO reviewed CMS documents and interviewed officials from CMS and contractors and provider groups affected by the demonstration project.
CMS did not establish an adequate process in the 3-year demonstration project or in planning for the national program to address RAC-identified vulnerabilities that led to improper payments, such as paying duplicate claims for the same service. CMS stated that one purpose of the demonstration project was to obtain information to help prevent improper payments. However, CMS has not yet implemented corrective actions for 60 percent of the most significant RAC-identified vulnerabilities that led to improper payments, a situation that left 35 of 58 unaddressed. These were vulnerabilities for which RACs identified over $1 million in improper payments for medical services or $500,000 for durable medical equipment. CMS developed a spreadsheet, which listed the most significant improper payment vulnerabilities that were identified by the RACs during the demonstration project. However, the agency did not develop a plan to take corrective action or implement sufficient monitoring, oversight, and control activities to ensure these significant vulnerabilities were addressed. Thus, CMS did not address significant vulnerabilities representing $231 million in overpayments identified by the RACs during the demonstration project. For the RAC national program, CMS developed a process to compile identified vulnerabilities and recommend actions to prevent improper payments. However, this corrective action process lacks certain essential procedures and staff with the authority to ensure that these vulnerabilities are resolved promptly and adequately to prevent further improper payments. Based on lessons learned during the demonstration project, CMS took multiple steps in the national program to resolve coordination issues between the RACs and Medicare claims administration contractors. During the demonstration project, CMS learned that having regular communication with the claims administration contractors on improper payment vulnerabilities that the RACs were identifying was important. CMS also learned that the data warehouse used to store claims information for the RACs needed more capacity and utility, that manual claims adjustment by claims administration contractors to recoup improper payments was burdensome, and that sharing paper copies of medical records between RACs and claims administration contractors when claims denials were appealed was difficult to manage. As a result, CMS took steps to resolve these coordination issues in the national program, such as enhancing the existing data warehouse and automating the claims-adjustment process. CMS took steps to improve oversight of the accuracy of RACs' claims reviews and the quality of their service to providers for the national program. CMS added processes to review the accuracy of RAC determinations, including independent reviews by another CMS contractor. CMS also established requirements to address provider concerns about service, such as having the RACs establish Web sites that will allow providers to track the status of a claim being reviewed. In addition, CMS established performance metrics that the agency will use to monitor RAC accuracy and service to providers.
Recommendations
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Centers for Medicare & Medicaid Services | To help reduce future improper payments, the Administrator of CMS should develop and implement a process that includes policies and procedures to ensure that the agency promptly: (1) evaluates findings of RAC audits, (2) decides on the appropriate response and a time frame for taking action based on established criteria, and (3) acts to correct the vulnerabilities identified. |
Closed – Implemented
In March 2010, we reported that the Centers for Medicare & Medicaid Services (CMS), in conducting a mandated 3-year project to demonstrate the use of recovery audit contractors (RAC) in Medicare and in planning and implementing a mandated national RAC program, did not establish an adequate process to address RAC-identified vulnerabilities that led to improper payments. We reported that, to help reduce future improper payments, the Administrator of CMS should develop and implement a process that includes policies and procedures to ensure that the agency promptly evaluates the findings of RAC audits, decides on the appropriate response and a time frame for taking action based on established criteria, and acts to correct the identified vulnerabilities, along with designating key responsible personnel to carry out these activities,. In response to our recommendation, beginning after June 2013, CMS conducted various actions, including (1) creating a protocol to determine the effectiveness of certain corrective actions, (2) installing edits to monitor for issues that need correction, (3) repeating selected Comparative Billing Reports (CBRs) for effectiveness, and (4) reviewing responses to Quarterly Corrective Action Technical Direction Letters (TDL) from Medicare Administrative Contractors (MACs), on a quarterly basis, with CMS staff determining whether MAC actions have addressed the issue in its jurisdiction. RAC vulnerabilities are identified for the TDLs (as well as for inclusion in the Medicare Quarterly Provider Compliance Newsletters) based on dollar amount demanded and collected by RACs. CMS stated that it also established regular meetings that include staff from various components, such as those responsible for establishing edits and for the Fraud Prevention System, to discuss RAC issues. By taking these steps, CMS has established monitoring and control activities to help ensure that corrective actions are taken to help meet the overall goal of reducing improper payments in the Medicare program.
|
| Centers for Medicare & Medicaid Services | The Administrator of CMS should designate key personnel with appropriate authority to be responsible for ensuring that corrective actions are implemented and that the actions taken were effective. |
Closed – Implemented
CMS concurred with this recommendation and stated that the Administrator of CMS is the official responsible for assuring that vulnerabilities that cut across all agency components are addressed.
|