In her testimony, King reported that the Centers for Medicare & Medicaid Services (CMS) has estimated improper payments for Medicare fee-for-service (FFS) at $24.1 billion in calendar year 2009 and that this may not be a full picture of the risk for improper payments because some improper payments may not be detected and hence may not be reflected in the improper payment rate.
Five Key Areas to Reduce Improper Payments
King said the GAO identified challenges and strategies in five key areas important in preventing fraud, waste, and abuse, and ultimately to reduce improper payments. CMS has made progress in some of these areas, and recent legislation may provide the agency with enhanced authority. However, CMS faces continuing challenges, noted King in her remarks. Among those recommendations from the GAO are the following:
1. Strengthening provider enrollment process and standards. Checking the background of providers at the time they apply to become Medicare providers is a crucial step to reduce the risk of enrolling providers intent on defrauding or abusing the program. In particular, GAO has recommended stricter scrutiny of providers identified as particularly vulnerable to improper payments to ensure they are legitimate businesses.
2. Improving pre-payment review of claims. Pre-payment reviews of claims are essential to helping ensure Medicare pays correctly the first time. GAO has recommended CMS further enhance its ability to identify improper claims through additional automated pre-payment claim review before they are paid.
3. Focusing post-payment claims review on the most vulnerable areas. Post- payment reviews are critical to identifying payment errors and recouping overpayments. GAO has recommended that CMS better target claims for post payment review on the most vulnerable areas.
4. Improving oversight of contractors. Because contractors administer Medicare, overseeing their activities to address fraud, waste, and abuse is critical. GAO found that CMS's oversight of prescription drug plan sponsors' compliance programs has been limited. However, partly in response to GAO's recommendation, CMS oversight of these programs is expanding.
5. Developing a robust process for addressing identified vulnerabilities. Having mechanisms in place to resolve vulnerabilities that lead to improper payment is vital to program management, but CMS has not developed a robust process to specifically address these. GAO has recommended that CMS establish an adequate process to ensure prompt resolution of identified improper payment vulnerabilities.
Noting that Congress allocated funds specifically for CMS oversight activities including the recently passed Patient Protection and Affordable Care Act (PPACA) and the Health Care and Education Reconciliation Act (HCERA) of 2010, King said both have provisions that may help strengthen strategies CMS could take to reduce improper payments.
Continuing Challenge for CMS
Preventing improper payments in Medicare is a continuing challenge, acknowledged King in her testimony. Within Medicare FFS, CMS contractors are responsible for processing and paying approximately 4.5 million claims per day, enrolling providers, responding to beneficiary questions and investigating potential Medicare fraud.
For Medicare Advantage, Medicare's private health insurance program, and the Medicare prescription drug benefit, CMS contracts with private health plans and drug plan sponsors respectively, that are responsible for administering Medicare benefits. Hence, CMS contractors have an important role in preventing improper payments.
Concerns Over Home Health and DMEPOS
CMS's national RAC program, begun in March 2009, was intended to address post-payment efforts; however, the GAO continues to have concerns about post-payment reviews of HHAs and DMEPOS.
The national program, noted King, was designed to help the agency supplement the pre- and post- payment reviews of other contractors. RACs review claims after payment, with reimbursement to them contingent on finding improper overpayments and underpayments. Because RACs are paid on a contingent fee based on the dollar value of the improper payments identified, during the demonstration RACs focused on claims from inpatient hospital stays, which are generally more costly services. Therefore, other contractors' post-payment review activities could be more valuable if CMS directed these contractors to focus on items and services where RACs are not expected to focus their reviews and where improper payments are known to be high, specifically home health and durable medical equipment.
Because Medicare is administered by contractors such as drug plan sponsors, overseeing their activities to address fraud, waste, and abuse and prevent improper payment is critical. All drug plan sponsors are required to have programs to safeguard the Medicare prescription drug program from fraud, waste, and abuse. CMS's oversight of these programs has been limited but is expanding, noted King. In March 2010, the GAO testified that CMS completed desk audits of selected sponsors' compliance plans. At that time, CMS was beginning to implement an expanded oversight strategy, including revising its audit protocol and piloting on-site audits, to assess the effectiveness of these programs more thoroughly.
As of June 2010, the agency has conducted five on-site audits and plans to conduct a total of 30 on-site audits by the end of the fiscal year. These audits are in response to a recommendation the GAO made in its 2008 study which found that the five sponsors the agency reviewed (covering more than one-third of total Medicare prescription drug plan enrollees) had not completely implemented all seven of CMS's required compliance plan elements and selected recommended measures for a Medicare prescription drug fraud, waste, and abuse program.
Lack of ‘Robust' Process
In addition, CMS published a final rule in April 2010 to increase its oversight efforts and ensure that sponsors have effective compliance programs in place. In issuing the proposed rule, CMS noted that the GAO requested the agency take actions to evaluate and oversee fraud and abuse programs to ensure sponsors have effective programs in place.
Having mechanisms in place to resolve vulnerabilities that lead to improper payment is critical to program management, noted King, but CMS has not developed a robust process to specifically address identified vulnerabilities that lead to improper payment, she said.
The GAO Standards for Internal Control in the Federal Government indicate that part of an agency's controls should include policies and procedures to ensure that (1) the findings of all audits and reviews are promptly evaluated, (2) decisions are made about the appropriate response to these findings, and (3) actions are taken to correct or otherwise resolve the issues promptly.
Further, noted King in her testimony, the GAO Internal Control Management and Evaluation Tool affirms that in order to establish an effective internal control environment, the agency has to appropriately assign authority, including holding individuals accountable for achieving agency objectives.
As the GAO reported in March 2010, CMS did not establish an adequate process during its initial recovery audit contracting demonstration or in planning for the national program to ensure prompt resolution of identified improper payment vulnerabilities.
Corrective Action Faulted
During the demonstration, CMS did not assign responsibility for taking corrective action on these vulnerabilities to agency officials, contractors, or a combination of both. According to CMS officials, the agency only takes corrective action for vulnerabilities with national implications, and leaves it up to the contractors that process and pay claims to decide whether to take action for vulnerabilities that may only be occurring in certain geographic areas.
Additionally, during the demonstration CMS did not specify in a plan what type of corrective action was required or establish a timeframe for corrective action, noted King. The documented lack of assigned responsibilities impeded CMS's efforts to promptly resolve the vulnerabilities that had been identified during the demonstration, she reported.
For the RAC national program, CMS established a corrective action team that will compile, review, and categorize identified vulnerabilities and discuss corrective action recommendations. CMS has also appointed the Director of the Office of Financial Management as responsible for the day-to-day operations of the program, and the CMS Administrator as the responsible official for vulnerabilities that span agency components.
However, noted King in her testimony, the corrective action process still does not include any steps to either assess the effectiveness of the corrective actions taken or adjust them as necessary based on the results of the assessments. Further, she noted, CMS has not developed time frames for implementing corrective actions. The GAO recommended that CMS develop and implement a process that includes policies and procedures to ensure that the agency promptly (1) evaluates findings of RAC audits, (2) decides on the appropriate response and a time frame for taking action based on established criteria, and (3) acts to correct the vulnerabilities identified. CMS concurred with this recommendation.
CMS officials indicated they intend to review vulnerabilities on a case-by-case basis and were considering assigning them to risk categories that would help them prioritize action, reported King. However, this recommendation has not been implemented, she concluded.
Medicare Fraud, Waste, and Abuse: Challenges and Strategies for Preventing Improper Payments. GAO-10-844T, June 15
Highlights - http://www.gao.gov/highlights/d10844thigh.pdf