What GAO Found
The Centers for Medicare and Medicaid Services (CMS) implemented its Fraud Prevention System (FPS) in July 2011, as required by the Small Business Jobs Act, and the system is being used by CMS and its program integrity contractors who conduct investigations of potentially fraudulent claims. Specifically, FPS analyzes Medicare claims data using models of fraudulent behavior, which results in automatic alerts on specific claims and providers, which are then prioritized for program integrity analysts to review and investigate as appropriate. However, while the system draws on a host of existing Medicare data sources and has been integrated with existing systems that process claims, it has not yet been integrated with the agency's payment-processing system to allow for the prevention of payments until suspect claims can be determined to be valid. Program officials stated that this functionality has been delayed due to the time required to develop system requirements; they estimated that it will be implemented by January 2013 but had not yet developed reliable schedules for completing this activity.
FPS is intended by program integrity officials to help facilitate the agency's shift from focusing on recovering large amounts of fraudulent payments after they have been made, to taking actions to prevent payments as soon as aberrant billing patterns are identified. Specifically, CMS has directed its program integrity contractors to prioritize alerts generated by the system and to focus on administrative actions--such as revocations of suspect providers' Medicare billing privileges--that can stop payment of fraudulent claims. To this end, the system has been incorporated into the contractors' existing investigative processes. CMS has also taken steps to address challenges contractors initially faced in using FPS, such as shifting priorities, workload challenges, and issues with system functionality.
Program integrity analysts' use of FPS has generally been consistent with key practices for using predictive analytics identified by private insurers and state Medicaid programs. These include using a variety of data sources; collaborating among system developers, investigative staff, and external stakeholders; and publicizing the use of predictive analytics to deter fraud.
CMS has not yet defined or measured quantifiable benefits, or established appropriate performance goals. To ensure that investments in information technology deliver value, agencies should forecast expected financial benefits and measure benefits accrued. In addition, the Office of Management and Budget requires agencies to define performance measures for systems that reflect program goals and to conduct post-implementation reviews to determine whether objectives are being met. However, CMS had not defined an approach for quantifying benefits or measuring the performance of FPS. Further, agency officials had not conducted a post-implementation review to determine whether FPS is effective in supporting efforts to prevent payment of fraudulent claims. Until program officials review the effectiveness of the system based on quantifiable benefits and measurable performance targets, they will not be able to determine the extent to which FPS is enhancing CMS's ability to accomplish the goals of its fraud prevention program.
Why GAO Did This Study
GAO has designated Medicare as a high-risk program, in part because its complexity makes it particularly vulnerable to fraud. CMS, as the agency within the Department of Health and Human Services (HHS) responsible for administering Medicare and reducing fraud, uses a variety of systems that are intended to identity fraudulent payments. To enhance these efforts, the Small Business Jobs Act of 2010 provided funds for and required CMS to implement predictive analytics technologies--automated systems and tools that can help identify fraudulent claims before they are paid. In turn, CMS developed FPS.
GAO was asked to (1) determine the status of the implementation and use of FPS, (2) describe how the agency uses FPS to identify and investigate potentially fraudulent payments, (3) assess how the agency's use of FPS compares to private insurers' and Medicaid programs' practices, and (4) determine the extent to which CMS has defined and measured benefits and performance goals for the system. To do this, GAO reviewed program documentation, held discussions with state Medicaid officials and private insurers, and interviewed CMS officials and contractors.
GAO recommends that CMS develop schedules for completing integration with existing systems, define and report to Congress quantifiable benefits and measurable performance targets and milestones, and conduct a post-implementation review of FPS. In its comments, HHS agreed with and described actions CMS was taking to address the recommendations.
Recommendations for Executive Action
|Department of Health and Human Services||To help ensure that the implementation of FPS is successful in helping the agency meet the goals and objectives of its fraud prevention strategy, the Secretary of HHS should direct the Administrator of CMS to define quantifiable benefits expected as a result of using the system, along with mechanisms for measuring them.|
|Department of Health and Human Services||To help ensure that the implementation of FPS is successful in helping the agency meet the goals and objectives of its fraud prevention strategy, the Secretary of HHS should direct the Administrator of CMS to describe outcome-based performance targets and milestones that can be measured to gauge improvements to the agency's fraud prevention initiatives attributable to the implementation of FPS.|
|Department of Health and Human Services||The Secretary should direct the Administrator of CMS to develop schedules for completing plans to further integrate FPS with the claims payment processing systems that identify all resources and activities needed to complete tasks and that consider risks and obstacles to the program.|
|Department of Health and Human Services||The Secretary should direct the Administrator of CMS to conduct a post-implementation review of the system to determine whether it is effective in providing the expected financial benefits and supporting CMS's efforts to accomplish the goals of its fraud prevention program.|