What GAO Found
The Centers for Medicare & Medicaid Services (CMS)—the agency within the Department of Health and Human Services (HHS) that oversees Medicare—has made progress in implementing several key strategies GAO identified in prior work as helpful in protecting Medicare from fraud; however, important actions that could help CMS and its program integrity contractors combat fraud remain incomplete.
Provider Enrollment : The Patient Protection and Affordable Care Act (PPACA) authorized, and CMS has implemented, actions to strengthen provider enrollment that address past weaknesses identified by GAO and HHS's Office of Inspector General. For example, CMS has hired contractors to determine whether providers and suppliers have valid licenses and are at legitimate locations. CMS also recently contracted for fingerprint-based criminal history checks for high-risk providers and suppliers. CMS could further strengthen provider enrollment by issuing a rule to require additional provider and supplier disclosures of information and establishing core elements for provider and supplier compliance programs, as authorized by PPACA.
Prepayment and Postpayment Claims Review : Medicare uses prepayment review to deny claims that should not be paid and postpayment review to recover improperly paid claims. GAO has found that increased use of prepayment edits could help prevent improper Medicare payments. For example, prior GAO work identified millions of dollars of payments inconsistent with selected coverage and payment policies and therefore improper. Postpayment reviews are also critical to identifying and recouping payments. GAO recommended better oversight of both the information systems analysts use to identify claims for postpayment review, in a 2011 report, and the contractors responsible for these reviews, in a 2013 report. CMS has addressed some of these recommendations.
Addressing Identified Vulnerabilities : Having mechanisms in place to resolve vulnerabilities that could lead to improper payments is critical to effective program management and could help address fraud. However, GAO work has shown weaknesses in CMS's processes to address such vulnerabilities, placing the Medicare program and its beneficiaries at risk. For example, GAO has made multiple recommendations to CMS to remove Social Security numbers from beneficiaries' Medicare cards to help prevent identity theft, and, while HHS agreed with these recommendations, the department also reported that CMS could not proceed with the changes for a variety of reasons, including funding limitations. Thus, to date, CMS has not taken action on these recommendations.
GAO has work underway addressing these key strategies, including assessing the potential use of electronic-card technologies to help reduce Medicare fraud. GAO is also examining the extent to which CMS's information system can prevent and detect the continued enrollment of ineligible or potentially fraudulent providers in Medicare. Additionally, GAO is studying CMS's oversight of program integrity efforts for prescription drugs and is examining CMS's oversight of some of the contractors that conduct reviews of claims after payment. These studies are focused on additional actions for CMS that could help the agency more systematically reduce potential fraud in the Medicare program.
Why GAO Did This Study
GAO has designated Medicare as a high-risk program, in part because the program's size and complexity make it vulnerable to fraud, waste, and abuse. In 2013, Medicare financed health care services for approximately 51 million individuals at a cost of about $604 billion. The deceptive nature of fraud makes its extent in the Medicare program difficult to measure in a reliable way, but it is clear that fraud contributes to Medicare's fiscal problems. More broadly, in fiscal year 2013, CMS estimated that improper payments—some of which may be fraudulent—were almost $50 billion.
This statement focuses on the progress made and important steps to be taken by CMS and its program integrity contractors to reduce fraud in Medicare. These contractors perform functions such as screening and enrolling providers, detecting and investigating potential fraud, and identifying improper payments and vulnerabilities that could lead to payment errors. This statement is based on relevant GAO products and recommendations issued from 2004 through 2014 using a variety of methodologies. In April 2014, GAO also received updated information from CMS on its actions related to the laws, regulations, and guidance discussed in this statement. Additionally, GAO updated information by examining public documents and relevant policies and procedures.
For more information, contact Kathleen M. King at (202) 512-7114 or firstname.lastname@example.org.