Medicare Program Integrity: Activities to Protect Medicare from Payment Errors, Fraud, and Abuse

^Pr^ep^ar^{ed f}^o^r^M^e^m^b^ers^an^d^Com^mⁱ^t^t^ees^of^C^ong^r^e^ss

In FY2008, Medicare is expected to cover an estimated 44.6 million beneficiaries at a total cost of
$456 billion. With an average annual growth rate of 7.0%, the Congressional Budget Office
(CBO) projects Medicare costs to double over the next 10 years. Because of a number of factors,
such as an aging population, overall increases in medical costs, and the new Part D prescription
drug benefit, spending on Medicare services is expected to grow more than spending in the U.S.
economy. As expenditures continue to rise in the nation’s largest health insurance program, efforts
to preserve the integrity of the program receive increased attention from policy makers.
Program integrity is considered a component of the effective and efficient administration of
government programs, which are entrusted with ensuring that taxpayer dollars are spent wisely.
Efforts to ensure Medicare program integrity encompass a wide range of activities and require
coordination among multiple private and public entities. In general, initiatives designed to fight
fraud, waste, and abuse are considered program integrity activities. This includes processes
directed at reducing payment errors to Medicare providers, as well as activities to prevent, detect,
investigate, and ultimately prosecute health care fraud and abuse.
Because of the size and scope of the Medicare program, multiple government entities are
involved in protecting Medicare’s integrity. As the agency responsible for administering the
Medicare program, the Centers for Medicare and Medicaid Services (CMS) oversees a network of
private contractors that conduct various program integrity activities. The six main types of
activities are conducting audits, reviewing claims for medical necessity, identifying and
investigating potentially fraudulent behavior, ensuring that Medicare pays only for services for
which it has primary responsibility, educating providers on Medicare billing procedures, and
managing a Medicare-Medicaid data match program to identify fraud that may affect both federal
health insurance programs. Contractors refer suspected cases of fraud to the Department of Health
and Human Services (DHHS) Office of the Inspector General (OIG) and the Department of
Justice (DOJ) for further investigation and prosecution.
Medicare program integrity activities are funded in statute, largely through the Medicare Integrity
Program (MIP) and the Health Care Fraud and Abuse Control Program (HCFAC), which provide
CMS and other federal agencies with dedicated funds to prevent fraud, waste, and abuse in
Medicare.
This report provides an overview of Medicare’s program integrity efforts. A definition of program
integrity is presented, as well as descriptions of the types of activities, organizations, and agencies
involved in protecting Medicare’s integrity on a day-to-day basis. The report continues with a
history of federal funding for Medicare’s anti-fraud activities and a discussion of findings from
recent studies on program integrity efforts. The report concludes with a brief description of
current issues. This report will be updated to reflect legislative changes.

Introduc tion ..................................................................................................................................... 1
Background on Medicare................................................................................................................2
Program Integrity Defined...............................................................................................................3
Types of Program Integrity Activities.............................................................................................4
Cost Report Auditing..........................................................................................................5
Medical Review..................................................................................................................5
Benefit Integrity..................................................................................................................6
Medicare Secondary Payer (MSP)......................................................................................6
Provider Education..............................................................................................................6
Medicare-Medicaid Data Match Program...........................................................................7
Types of Program Integrity Contractors..........................................................................................7
Claims Administration Contractors.....................................................................................7
Program Safeguard Contractors (PSCs)..............................................................................8
Recovery Audit Contractors (RACs)..................................................................................8
Coordination of Benefits (COB) Contractor.......................................................................8
Medicare Managed Care Program Integrity Contractors (MMC-PICs).............................8
Medicare Drug Integrity Contractors (MEDICs)................................................................9
Quality Improvement Organizations (QIOs)......................................................................9
Other Contractors................................................................................................................9
Medicare Program Integrity Partners..............................................................................................9
History of Funding for Medicare Program Integrity Activities......................................................11
Current Funding for Medicare Program Integrity Activities.........................................................13
Assessment of Program Integrity Efforts......................................................................................14
Improper Payment Rates...................................................................................................14
HCFAC Annual Reports...................................................................................................16
GAO HCFAC Reports......................................................................................................17
OMB Program Assessment Rating Tool (PART)..............................................................18
Other GAO Reports..........................................................................................................18
Current Program Integrity Issues...................................................................................................19
Durable Medical Equipment.............................................................................................19
Recovery Audit Contractor Program................................................................................20
Program Safeguard Contractors........................................................................................21
Program Integrity Activities for Part D.............................................................................22
Concluding Observations..............................................................................................................23
Table 1. HCFAC and MIP Appropriations for Selected Fiscal Years............................................13
Table 2. Medicare National Paid Claim Error Rates and Gross Improper Payments for
Every Two Years Between 1996 and 2008.................................................................................15
Table 3. HCFAC Summary of Results and Accomplishments for Years 1998-2005.....................17

Author Contact Information..........................................................................................................24

According to the 2007 Medicare Trustees report, Medicare expenditures were $408 billion in ¹
FY2006 for 43.2 million beneficiaries. In FY2008, Medicare is expected to cover an estimated ²³
44.6 million beneficiaries at a total cost of $456.3 billion. The Congressional Budget Office
(CBO) projects these expenditures to double over the next 10 years. The majority of Medicare
spending, approximately 75%, is for benefits provided by Parts A and B, the fee-for-service
portion of the program. As one of the fastest growing sectors of the federal budget, challenges
exist in maintaining and ensuring the integrity of the nation’s largest health insurance program.
Ensuring program integrity is typically discussed in connection with program administration and
financial management issues. Its chief purpose is the effective and efficient use of taxpayer
dollars. In general, initiatives designed to fight fraud, waste, and abuse are considered program
integrity activities. This includes processes directed at reducing payment errors, as well as
activities to prevent, detect, investigate, and ultimately prosecute health care fraud and abuse.
More specifically, program integrity ensures that correct payments are paid to legitimate
providers for appropriate and reasonable services for eligible beneficiaries.
Because of the size and scope of the Medicare program, multiple government entities are
involved in preserving Medicare’s integrity. As the agency responsible for administering the
Medicare program, the Centers for Medicare and Medicaid Services (CMS) oversees a network of
private contractors that conduct a variety of program integrity activities as part of its Medicare
Integrity Program (MIP). Examples of such activities include auditing providers, reviewing
claims for medical necessity, and identifying and investigating alleged fraud. Contractors will
develop and refer suspected cases of fraud to the Department of Health and Human Services
(DHHS) Office of the Inspector General (OIG) and the Department of Justice (DOJ) for further
investigation and prosecution.
Medicare program integrity activities are funded in statute, largely through the Medicare Integrity
Program (MIP) and the Health Care Fraud and Abuse Control Program (HCFAC), which provide
CMS and federal law enforcement agencies with dedicated funds to safeguard federal monies and
prevent fraud, waste, and abuse in Medicare. The MIP and HCFAC programs were both
established by the Health Insurance Portability and Accountability Act of 1996 (HIPAA, P.L. 104-⁴

191) for the purpose of increasing and stabilizing federal funding for anti-fraud activities.

This report provides an overview of Medicare’s program integrity efforts. The report begins with
a definition of program integrity, followed by detailed information on typical program integrity
activities, a description of Medicare contractors and their role in ensuring Medicare integrity, and
a discussion of other government agencies involved in protecting Medicare from fraud, waste,
and abuse. A history of funding for Medicare’s program integrity and anti-fraud activities is

¹^C^e^nte^r^s^f^o^r^Me^dic^a^r^e^a^{nd Me}^dic^a^{id Se}^r^v^ic^e^s⁽^C^MS)^O^f^fⁱ^c^e^of^the^A^c^tua^r^y^,^{2007 Me}^dic^a^r^e^B^o^a^r^d^of^T^r^us^te^e^s^R^e^por^t,
^A^p^r^{il 23,}²⁰⁰⁷^{, a}^t^http:^//w^w^w^.cm^s^.hhs^.g^ov^/^R^e^por^ts^T^r^us^tFun^ds^/^d^o^w^nloa^ds^/tr²⁰⁰⁷^.p^df^.
²^D^e^pa^rtm^e^{nt of}^H^e^a^{lth a}^{nd H}^u^m^a^{n Se}^rv^ic^e^s^{, Budg}^e^tⁱⁿ^Brie^f^,²⁰^08,^a^t^htt^p^://w^w^w^.hhs^.g^ov^/budg^e^t^/⁰⁸^budg^e^t^/
²⁰⁰^8B^u^d^g^e^tI^nB^rⁱ^e^f^.pdf^.
³^C^ong^r^e^s^sⁱ^ona^{l B}^udg^e^t^O^f^fⁱ^ce⁽^C^B^O⁾^,^Me^dic^a^r^e^Ma^r^c^{h 2}⁰⁰⁷^Fa^c^t^She^e^t^{, a}^t^h^ttp:^//w^w^w^.c^bo.g^o^v^/^f^t^pdoc^s^/^78x^x^/
^doc⁷⁸⁶¹^/^m^_^m^_s^c^h^ip.pdf^.
⁴^S^ectⁱ^o^{n 18}⁹³^o^f^t^h^{e S}^o^ci^al^S^ecu^ri^t^y^Act^(S^S^A^{) go}^vern^{s t}^h^{e M}^e^dⁱ^{care In}^t^e^gri^t^y^P^r^o^g^ram^(M^IP^),^and^S^ectⁱ^oⁿ¹¹²⁸^C^o^f
^t^h^{e S}^o^ci^al^S^ecu^ri^t^y^Act^go^vern^{s t}^h^{e Heal}^t^h^{Care F}^r^au^{d an}^{d A}^b^u^s^{e Co}ⁿ^t^r^o^l^(HCF^A^C^{) p}^r^o^g^ram^.

presented, as well a discussion of findings from recent studies on program integrity activities. The
report concludes with a brief description of current issues. Although this report addresses program
integrity activities undertaken to combat fraud in Medicare’s private Part C and D programs, it is
largely focused on Medicare’s approaches to ensure integrity in its fee-for-service program (Parts
A and B), which constitute the largest share of Medicare spending.

Medicare is the nation’s health insurance program for persons aged 65 and older and certain
disabled persons. Of the program’s 43.2 million enrollees, approximately 85% are aged and the ⁵
remaining 15% are disabled. In 2006, spending on Medicare services accounted for an estimated ⁶
58% of total federal health expenditures and 20% of all national health expenditures. The
majority of Medicare spending, nearly 75%, is for benefits provided by Parts A and B, the fee-for-
service portion of the program otherwise known as “original” or “traditional” Medicare. The
remaining 25% is spent on private health care plans that deliver Medicare services to
beneficiaries under Part C, the Medicare Advantage (MA) program, and Part D, the new
prescription drug benefit.
Medicare consists of four distinct parts: Parts A, B, C, and D. Medicare Part A (Hospital
Insurance) covers inpatient hospital services, skilled nursing facility services, home health, and
hospice services. Medicare Part B (Supplementary Medical Insurance) covers a variety of other
medical services, such as physician services, outpatient hospital care, laboratory services, and
durable medical equipment. Beneficiaries also have the option to enroll in a private Medicare Part
C or MA plan to receive all required Part A and B benefits, and a private Medicare Part D or
Prescription Drug Plan (PDP) for prescription drug benefits. Most beneficiaries who opt to enroll
in a private plan choose a MA-PD (Medicare Advantage Prescription Drug) plan for combined
Part C and D coverage. Approximately 80% of beneficiaries receive services through the fee-for-
service portion of the program (original Medicare), and 20% of Medicare beneficiaries receive
services through a private Part C MA plan.
Medicare pays for services in Parts A and B, or traditional Medicare, differently than it does for
services under Parts C and D. Under the traditional fee-for-service program, Medicare pays
providers directly for each specified unit of service delivered to a beneficiary. The unit of service
may be a single procedure, visit, or test, or a group of services, such as a hospital stay. In contrast,
for Parts C and D, Medicare pays private health plans to deliver Medicare services to
beneficiaries. In addition, unlike Part A and B Medicare providers, private plans participating in
Medicare are paid on a capitated basis as opposed to a fee-for-service basis. Under capitation,
private plans receive a fixed monthly payment per enrollee regardless of the amount of services
provided. Payment is made in advance for a pre-determined set of benefits; either Part A and B
benefits administered by a Part C plan or prescription drug benefits administered by a Part D PDP
plan.

⁵^T^h^{e d}ⁱ^sab^l^ed^p^o^p^u^l^ati^oⁿⁱⁿ^cl^u^d^e^s^p^e^rsoⁿ^s^uⁿ^d^e^{r ag}^{e 6}⁵^w^h^o^receiv^e^cash^dⁱ^sab^ility^b^eⁿ^e^f^{its f}^r^o^m^So^{cial Secu}^rity^o^r
^the^R^a^ilr^oa^d^R^e^tir^e^m^eⁿ^{t sy}^s^t^em^s^f^o^r^a^t^le^a^s^{t 2}⁴^m^onths^a^nd^pe^r^s^ons^unde^r^a^g^e⁶⁵^w^{ith e}ⁿ^d^s^t^a^g^e^r^e^na^{l dis}^e^a^s^e⁽^E^SR^D⁾^.
⁶^Cen^t^{ers f}^o^{r M}^e^dⁱ^{care an}^d^M^e^dⁱ^c^aⁱ^d^S^e^rvi^ces,^Natⁱ^ona^{l H}^e^a^{lth Ex}^p^e^ndit^u^r^e^P^r^oje^c^tⁱ^ons²⁰^06-²⁰¹⁶^{, a}^t
^http:^//w^w^w^.cm^s^.hhs^.g^ov^/N^a^tiona^lH^e^a^lthEx^pe^ndD^a^t^a^/^dow^nloa^ds^/^p^r^o^j2⁰⁰^6.p^d^f^.

Each method of payment produces conflicting financial incentives for health plans and providers.
These conflicting incentives result in different forms of fraud and abuse unique to each payment
system. Under fee-for-service, providers may have an incentive to over-utilize health care
services or provide more care to beneficiaries in order to maximize reimbursement. The more
services providers deliver, the more money they receive. The opposite is true in capitated
payment systems. Under capitation, where the payment is a fixed monthly amount per enrollee,
providers may have an incentive to limit health services or provide less health care to
beneficiaries. A provider’s reimbursement amount does not vary with the number of services
delivered.
Medicare is administered by the Centers for Medicare and Medicaid Services (CMS) within the
Department of Health and Human Services (DHHS). CMS contracts with more than 40 private
entities to oversee day-to-day operations and conduct program integrity activities for Medicare
Parts A, B, C, and D. Each year, Medicare contractors process nearly 1 billion claims from over 1
million providers enrolled in the Medicare program. In addition to processing and paying claims,
contractors perform certain program integrity functions. Contractor activities are overseen by two
departments within CMS: the Program Integrity Group and the Center for Beneficiary Choices.
The Program Integrity Group is responsible for oversight related to Parts A and B. The Center for
Beneficiary Choices is responsible for oversight activities related to Part C—the MA program.
Both departments share oversight responsibility for Part D.

Program integrity is often discussed in connection with financial management and oversight
issues. It is considered an essential component of the efficient and effective administration of
government programs and integral to accomplishing a program’s social goals. In Medicare, one of
these social goals is to ensure access to high-quality care for all beneficiaries. To meet this
objective, Medicare implements activities designed to ensure that correct payments are made to
legitimate providers for appropriate and reasonable services for eligible beneficiaries. On a
practical level, program integrity activities are those directed at protecting the program from
payment errors, fraud, and abuse.
Broadly defined, Medicare program integrity functions encompass two types of activities
designed to safeguard program payments: (1) activities directed at reducing payment errors or
improper payments and (2) activities directed at protecting the Medicare program from fraud,
waste, and abuse. The first set of activities emphasizes prevention and relies largely on automated
processes to detect improper or potentially fraudulent claims before they are paid. The second set
of activities emphasizes the identification and detection of health care fraud through the analysis
of claims after they have been paid. An effective program integrity strategy incorporates elements
from both approaches.
To protect the Medicare Trust Fund from improper payments, CMS contracts with private
organizations that review claims to determine whether the services provided are medically
reasonable and necessary. Although program integrity activities directed at reducing improper
payments will identify some instances of fraud, they are not specifically designed to do so. In
Medicare, improper payments are largely the result of mistakes or inadvertent billing errors on
the part of Medicare providers submitting claims or Medicare contractors processing claims.

Improper payments pose a significant financial risk to the Medicare program.⁷ In November

2007, CMS reported a national paid claims error rate of 3.9%, which amounted to approximately ⁸

$10.8 billion in expenditures.
To protect the Medicare Trust Fund from fraud and abuse, CMS contracts with private
organizations to conduct program integrity activities directed at identifying and detecting actual
fraud. CMS typically classifies these activities as benefit integrity activities. Examples of benefit
integrity methods may include performing ongoing data analysis of claims to identify aberrant
billing patterns, developing fraud investigations, and referring suspected cases of fraud to law
enforcement personnel for prosecution. Although law enforcement personnel may point to a
deterrent effect associated with these types of activities, their focus is not on preventing fraud.
Their focus is on tracking down offenders and recovering improper payments after fraud has been
committed.
Although there is a certain level of overlap, program integrity approaches to address fraud and
abuse in Medicare’s fee-for-service program are generally different than those used to address
fraud in Medicare’s Part C and D private plans. These differences stem largely from differences in
Medicare’s payment structure. In fee-for-service, where providers have an incentive to provide
more services, examples of fraud may include billing for services not rendered, billing multiple
insurers for the same service, or accepting bribes or kickbacks for referring patients. In capitated
payment systems, where providers have an incentive to provide fewer services, types of
fraudulent activities may include employing misleading marketing tactics in an effort to
discourage utilization, “cherry picking” or selectively enrolling healthy enrollees, or failing to
provide medically necessary care. Historically, the government’s anti-fraud methods have focused
on combating fraud in the fee-for-service sector. However, with enrollment in private Medicare
plans on the rise, program integrity approaches to fight fraud in capitated payment systems are
becoming more important.
Ensuring Medicare program integrity is a coordinated effort involving CMS, Medicare
contractors, law enforcement agencies, providers, and beneficiaries. By analyzing billing data,
monitoring improper payments, and investigating potential fraud, Medicare contractors play a
significant role in the detection and prevention of health care fraud and abuse. When these
activities reveal suspected fraudulent activity, contractors develop and refer cases to the
Department of Health and Human Services (DHHS) Office of the Inspector General (OIG) for
further investigation and administrative sanctions. If the OIG suspects federal criminal law has
been violated, fraud cases are then referred to the Department of Justice (DOJ) for prosecution.

To protect the Medicare program from improper payments, as well as fraud, waste, and abuse,
CMS conducts six main types of program integrity activities: cost report auditing, medical
review, benefit integrity, Medicare secondary payer, provider education, and operating a
Medicare-Medicaid Data Match Program. These six functions are stipulated in law and are

⁷^Sinc^e¹⁹⁹⁰^{, G}^A^O^ha^{s de}^sigⁿ^a^t^e^d^Me^dic^a^r^e^a^hig^h^-risk^pr^og^ra^m^be^c^a^u^se^of^{its v}^u^lne^r^a^b^ility^{to im}^pro^p^e^r^pa^y^m^eⁿ^ts.
⁸^Se^e^C^M^{S a}ⁿ^nua^{l im}^pr^o^p^e^r^pa^y^m^eⁿ^{t r}^a^te^r^e^por^t^f^o^r^N^o^v^e^m^b^e^r²⁰⁰^{7: h}^ttps^:^/^/^w^w^w^.cm^s^.hhs^.g^ov^/a^pps^/^e^r^_^r^e^por^t/
^inde^x^.^a^s^p.

largely performed as part of CMS’s MIP program.⁹ CMS contracts with private organizations,
otherwise known as Medicare contractors, to conduct these activities, the bulk of which are
performed for Part A and B Medicare providers. Specific information on the types of private
organizations that perform these functions are described in the next section.
Part A Medicare providers such as hospitals, nursing homes, home health agencies, and other ¹⁰
institutional providers are required to submit cost reports to CMS annually. Cost reports contain
information on the provider’s allocation of costs across services. CMS contractors analyze these
cost reports by conducting desk reviews. The objective of the desk review is to assess whether the
reported costs are adequate and accurate, and to determine whether a more comprehensive, on-
site audit is necessary. If the desk review reveals problems with the cost report, contractors will
conduct field audits at the provider’s place of business. Field audits are designed to ensure
compliance with Medicare regulations and reimbursement policies and to obtain reasonable
assurance that the cost report was prepared in accordance with Medicare laws, regulations, and
instructions. The cost report auditing activity also includes audits of Medicare Part C or private ¹¹
MA plan cost reports. Part B Medicare providers (physicians, outpatient hospital, durable
medical equipment providers, and others) are not required to submit cost reports to CMS.
Medical review activities are designed to identify and prevent payment errors and mistakes in
billing. More specifically, medical review activities ensure that a payment is appropriate for the
service that is provided and meets professionally recognized standards of care. As part of this
process, Medicare contractors review claims, largely through the use of automated computer
edits, to verify that the services are (1) covered by Medicare, (2) provided by legitimate ¹²
providers, (3) delivered to eligible beneficiaries, and (4) reasonable and medically necessary.

⁹^T^h^e^H^e^a^{lth I}ⁿ^s^u^r^a^nc^e^Por^t^a^b^il^ity^a^{nd A}^c^c^ounta^b^il^ity^A^c^{t of}^{1996 (}^P^.L^{. 10}^4-¹⁹¹⁾^c^r^e^a^t^e^d^Se^c^tion¹⁸⁹³^of^the^Socⁱ^a^l
^Se^c^u^rity^A^c^t,^w^h^ic^{h e}^s^ta^blishe^d^t^h^e^Me^dic^a^r^e^Inte^g^r^ity^P^r^og^ra^m^{or MI}^P^.^A^s^pa^{rt of}^MI^{P, the}^le^gⁱ^sla^tion^ou^tline^s^t^h^e
^a^c^tiv^itie^{s tha}^t^a^r^e^{to be}^c^oⁿ^duc^te^d^{in c}^a^rry^ing^{out t}^h^e^pr^og^ra^m^.^Se^c^tion¹⁸⁹³^a^l^{so i}ⁿ^c^l^u^d^e^s^aⁿ^a^d^ditio^na^{l a}^c^tiv^ity^.^T^h^is
^actⁱ^vⁱ^t^yⁱ^s^d^e^vel^o^pⁱⁿ^g^{a l}ⁱ^s^t^o^fⁱ^t^e^{ms o}^f^d^u^r^ab^l^e^m^e^dⁱ^cal^eq^uⁱ^p^m^en^tⁱⁿ^acco^rd^an^{ce w}ⁱ^t^h^sectⁱ^o^{n 18}³⁴⁽^a⁾⁽¹⁵⁾^t^h^at^are
^su^b^j^ect^t^o^p^rⁱ^o^{r aut}^h^o^rⁱ^zatⁱ^o^n.^T^hⁱ^sⁱ^t^e^mⁱ^sⁿ^o^t^ad^d^r^essedⁱⁿ^t^hⁱ^s^repo^rt^b^ecau^{se CM}^S^do^{es n}^o^t^u^s^{e M}^I^P^f^unds^t^o^s^u^pp^or^t
^{this a}^c^tiv^ity^.
¹⁰^G^e^ne^ra^ll^y^,^P^a^{rt A}^Me^dic^a^r^e^prov^ide^r^s^a^r^e^pa^id^un^de^{r a}^pr^os^pe^c^tiv^e^pa^y^m^eⁿ^{t s}^y^s^t^e^m^(PP^S^).^W^ith^{PPS, pr}^ov^ide^r^s^a^r^e
^pa^id^pr^e^-^de^te^r^m^ine^d^pa^y^m^eⁿ^{t a}^m^oun^ts^ba^s^e^d^{on s}^p^e^cⁱ^fⁱ^e^d^units^of^s^e^r^v^ic^e^,^s^u^c^h^a^s^hos^pita^{l s}^t^a^y^s^.^Wheⁿ^pe^r^f^or^mⁱ^ng^c^o^s^t
^re^{port a}^u^dits^{, C}^M^{S re}^vⁱ^e^w^s^the^f^e^w^item^s^tha^t^c^{ould a}^f^f^e^c^t^a^prov^id^e^r’s^pa^y^m^eⁿ^{t unde}^r^PPS,^s^u^c^h^a^s^ba^{d de}^bt,^org^aⁿ
^pr^oc^ur^e^m^eⁿ^{t c}^o^s^t^s^,^pa^y^m^eⁿ^ts^f^o^rⁱ^ndir^e^c^t^aⁿ^{d d}ⁱ^r^e^c^t^m^e^dic^a^l^e^duc^a^{tion, a}^nd^the^num^be^r^of^low^-^inc^o^m^e^pa^tie^nts
^h^o^s^pⁱ^t^a^l^s^serve.^Recen^t^st^u^dⁱ^{es co}^nduc^te^{d by}^G^A^O^a^{nd MED}^P^A^C^ha^v^e^que^s^tione^{d t}^h^e^de^g^r^e^e^{to w}^h^ic^{h C}^M^S’^s^c^u^r^r^e^nt
^au^dⁱ^t^p^r^o^{cess assesses t}^h^{e accu}^rac^y^o^f^M^e^dⁱ^{care co}^st^{s f}^o^{r p}^r^o^vⁱ^d^ers^p^aⁱ^d^uⁿ^d^e^r^P^P^S^.^S^{ee G}^AO-0⁶^-⁸¹³^,^M^e^dⁱ^care
^Iⁿ^te^g^r^ity^P^r^og^r^a^m^:^A^g^eⁿ^cy^A^ppr^oa^c^h^f^o^r^A^lloc^a^ting^Funds^Sh^oul^d^be^R^e^vⁱ^s^e^{d, Se}^pte^m^be^r²⁰⁰^{6, a}^t
^http:^//w^w^w^.g^a^o^.g^ov^/ⁿ^e^w^.item^s^/^d⁰⁶⁸¹^3.^pdf^{, a}ⁿ^d^MED^P^A^C^{, R}^e^por^t^{to t}^h^e^C^ong^r^e^s^s^:^S^our^c^e^s^of^Finaⁿ^c^ia^{l D}^a^ta^on
^Me^dic^a^r^e^P^r^ov^ide^r^s^,^J^u^ne²⁰⁰⁴^{, a}^t^htt^p^://w^w^w^.^m^e^dpa^c^.^g^o^v^/^public^a^tions^/^c^ong^re^s^sⁱ^ona^l_re^ports^/
^j^uⁿ^e⁰⁴^_9⁹⁰^_^D^at^aNeed^s.^pd^f^.
¹¹^A^lthoug^{h t}^h^e^la^w^r^e^quir^e^s^tha^t^C^M^{S a}ⁿ^nua^lly^a^{udit t}^h^e^fⁱ^na^nc^ia^{l r}^e^c^o^r^d^s^of^a^t^le^a^s^{t one}^-^t^hir^d^of^P^a^r^t^C^MA^plaⁿ^s^,^a
^recen^t^GA^{O rep}^o^r^t^rel^easedⁱⁿ^Ju^l^y^{2007 f}^oun^{d t}^h^a^t^C^M^{S di}^d^not^d^o^c^u^m^e^{nt its}^pr^oc^e^s^s^f^o^r^eⁿ^s^u^rⁱ^ng^t^h^a^t^{it m}^e^{t this}
^r^e^quir^e^m^e^{nt f}^o^r^y^e^a^r^s²⁰⁰^1-²⁰⁰⁵^.^Se^e^G^A^O^-^07-^945,^Me^dic^a^r^e^A^d^v^a^nta^g^e^:^R^e^quir^e^{d A}^udits^of^Lⁱ^mⁱ^t^e^{d Va}^l^u^e^,^J^u^ly
²⁰⁰^{7, a}^t^htt^p^://w^ww^.ga^o^.g^ov^/ne^w^.ite^m^s^/^d07⁹⁴^5.^pdf^.
¹²^Co^m^p^u^t^eri^zed^edⁱ^t^s^al^{so ch}^{eck f}^o^{r erro}^{rs su}^ch^{as i}ⁿ^co^m^p^l^e^t^e^o^r^du^plⁱ^cat^{e cl}^ai^m^s^,^cl^ai^m^s^w^h^{ere d}ⁱ^agn^o^si^{s co}^d^e^{s do}
^{not m}^a^tc^{h pr}^oc^e^d^ur^e^c^ode^s^,^a^nd^uⁿ^a^llow^a^ble^c^ode^c^o^m^b^ina^tio^ns^.

Medical review methods also include issuing Local Coverage Determinations (LCDs) for
providers, which outline which items and services will be eligible for payment under the ¹³
Medicare statute. LCDs are used to develop and update computer edits on an ongoing basis.
When an edit reveals a billing error or problem with a claim, Medicare contractors may conduct a
manual pre-payment or post-payment claims review, request additional medical documentation ¹⁴
from the provider, or contact beneficiaries to verify that the services were actually provided.
Benefit integrity involves the identification and investigation of potential fraud cases and referrals
to law enforcement. CMS contractors hired to perform benefit integrity work may conduct
national and regional data analysis to identify aberrant patterns of billing, request medical
documentation from providers to verify services delivered, investigate beneficiary complaints
related to fraud, educate providers about fraud detection and prevention, and review and process
applications from certain Medicare providers. When fraud is suspected, contractors refer cases to
the OIG or law enforcement for further investigation, prosecution, or both. Benefit integrity
activities may also include recoupment of overpayments and suspension of future payments when
fraud is suspected.

MSP activities ensure that Medicare pays only for those services where it has primary
responsibility for payment. Under MSP rules, Medicare is prohibited from making payments for
any item or service when payment has been made or can reasonably expect to be made by certain
third-party payers. Statutorily, Medicare is the secondary payer to employer-based insurance
plans, auto liability insurance, and workers compensation insurance. CMS maintains a
comprehensive database of all Medicare beneficiaries health insurance information and uses the
database to conduct investigations related to MSP.
To help prevent errors and keep providers abreast of any changes in Medicare billing and coding
procedures, contractors are required to conduct regular outreach and educational activities.
Examples of educational activities include seminars, workshops, articles and fact sheets, and
other website publications. Provider education activities also include developing resources for
providers to help them avoid and detect fraud, waste, and abuse. When billing problems or
improper payments are identified, CMS contractors are required to work with Medicare providers
directly to correct mistakes.

¹³^A^L^o^ca^{l C}^o^v^e^r^a^ge^D^e^te^r^m^ina^{tion (}^L^C^D⁾^,^a^s^e^s^ta^blis^he^{d by}^Se^c^tion⁵²^{2 of}^the^B^e^ne^f^its^I^m^pr^ov^em^eⁿ^{t a}^nd^Pr^ote^c^tioⁿ
^A^c^t^o^f²⁰⁰⁰^(BI^P^A^,^P^.^L^.¹⁰⁶^-⁵^54),ⁱ^s^{a d}^eci^si^on^b^y^{a f}ⁱ^scalⁱⁿ^t^e^r^m^e^dⁱ^a^ry^o^r^carri^er^w^h^et^h^e^{r t}^o^co^ver^{a p}^a^rtⁱ^c^u^l^{ar servi}^ce
^oⁿ^{an i}ⁿ^t^e^rm^edⁱ^a^r^y^-^wⁱ^d^{e o}^r^carri^e^r-wⁱ^d^{e b}^a^si^{s i}ⁿ^acco^rd^an^{ce w}ⁱ^t^h^S^ectⁱ^oⁿ¹⁸⁶²^(a)(1^)(A^{) o}^f^t^h^{e S}^o^ci^al^S^ecu^ri^t^y^Act⁽ⁱ^.^e^.^,
^{a d}^e^t^e^rmⁱⁿ^atⁱ^oⁿ^{as t}^o^w^h^et^h^e^{r t}^h^e^servi^{ce i}^s^rea^s^oⁿ^a^b^l^{e an}^{d n}^ecessary^).
¹⁴^Ma^nua^l^pre^-^pa^y^m^eⁿ^{t a}^{nd p}^o^st-pa^y^m^e^{nt c}^l^aⁱ^m^s^re^vⁱ^e^w^{s a}^r^e^initia^te^{d o}ⁿ^ly^a^f^te^{r billing}^pr^ob^le^m^s^ha^ve^be^eⁿⁱ^d^eⁿ^tif^ie^d
^w^{ith a}^prov^ide^r^{. U}^nde^r^pre^-^pa^y^m^eⁿ^{t re}^vⁱ^e^w^{, c}^ontra^c^t^{ors w}^{ill c}^ond^uc^{t a}^m^a^nua^{l m}^e^dic^a^l^re^vⁱ^e^w^{on a}^p^e^rc^eⁿ^ta^g^e^o^f
^cl^ai^m^s^b^e^f^o^{re p}^a^ymen^tⁱ^s^m^a^d^e^.^W^h^en^coⁿ^d^u^c^tⁱⁿ^g^p^o^s^t^p^aymen^t^revi^e^w^,^coⁿ^t^ract^o^r^{s exa}^mⁱⁿ^{e a st}^atⁱ^s^tⁱ^cal^l^y^valⁱ^d^sa^m^p^l^e
^of^pa^{id c}^l^aⁱ^m^s^f^r^om^a^pr^ov^ide^r^.
¹⁵^For^m^o^r^e^inf^o^r^m^a^{tion o}ⁿ^Me^dic^a^r^e^Se^c^onda^r^y^P^a^y^e^r^,^s^e^e^C^R^S^R^e^por^{t R}^L³³⁵⁸^7,^Medⁱ^ca^{re S}^econ^d^a^r^{y P}^a^yer:
^Coordi^na^tio^{n o}^f^Be^ne^fits^{, by}^Hⁱ^nd^a^C^h^aⁱ^kⁱ^nd.

Referred to as the Medi-Medi program, this activity is designed to identify fraudulent or improper
billing practices that affect both Medicare and Medicaid programs. By matching data across both
programs, CMS investigates atypical billing patterns that may not be evident when analyzing the
data from each program separately. When problems are identified, CMS works with the states to
initiate payment recovery actions. CMS currently has Medi-Medi projects in 10 states and plans
to expand the program nationwide.

To conduct the six program integrity activities described in the previous section, CMS contracts
with a mix of different private organizations, called Medicare contractors. The types of program
integrity activities undertaken by the different contractors vary depending on their Statement of
Work (SOW). Some process and pay Medicare claims in addition to performing select program
integrity functions (Claims Administration Contractors). Program Safeguard Contractors (PSCs),
Recovery Audit Contractors (RACs), and the Coordination of Benefits (COB) contractor
specialize solely in program integrity and fraud prevention activities for Part A and B Medicare
providers. Medicare Managed Care Program Integrity Contractors (MMC-PICs) and Medicare
Drug Integrity Contractors (MEDICs) handle a wide variety of anti-fraud activities for Part C MA
plans and Part D PDPs. Finally, Quality Improvement Organizations (QIOs) are responsible for
safeguarding payments to inpatient hospitals. A brief description of each of these contractors and
their scope of work are described below. This list is not exhaustive.
Claims administration contractors include Fiscal Intermediaries (FIs), Carriers, and Medicare ¹⁶
Administrative Contractors (MACs). FIs process claims for Part A providers (hospital, home
health, and skilled nursing facilities), and Carriers process claims for Part B providers (physician, ¹⁷
laboratory, and durable medical equipment [DME] providers). MACs process claims for both
Part A and B providers. In addition to processing and paying claims, these contractors perform
certain program integrity tasks related to medical review, which includes reviewing claims to
ensure that Medicare pays for services that are reasonable and medically necessary. They also
perform other program integrity-related tasks, such as conducting provider audits, educating
providers on appropriate billing practices, and screening beneficiary complaints related to alleged
fraud.

¹⁶^Se^c^tion⁹¹¹^of^the^Me^dic^a^r^e^P^r^e^s^c^r^iptio^{n D}^r^ug^{, I}^m^pr^ov^e^m^eⁿ^{t, a}^nd^Mode^rⁿ^iz^a^tion^A^c^{t of}²⁰⁰³⁽^M^M^A^{, P}^.^L^.¹^08-¹⁷³⁾
^m^a^nda^te^{d tha}^t^the^Se^c^r^e^t^a^r^yⁱ^m^ple^m^eⁿ^{t Me}^dic^a^r^e^f^e^e^-^f^o^r-s^e^r^vⁱ^c^e⁽^{FFS) c}^o^ntra^c^ting^re^f^o^rm^{. Effe}^c^tive^O^c^tobe^{r 1,}²⁰⁰⁵^,
^t^h^{e S}^ecret^ar^y^h^a^{s t}^h^{e au}^t^h^o^rⁱ^t^y^t^o^rep^l^{ace t}^h^{e cu}^rren^t^cl^ai^m^s^ad^mⁱⁿⁱ^st^ratⁱ^oⁿ^con^t^ract^o^r^{s (}^F^{Is an}^{d Carri}^{ers) w}ⁱ^t^h
^pe^rf^or^m^a^nc^e^-^ba^s^e^{d Me}^dic^a^r^e^A^d^mⁱ^nis^t^ra^tiv^e^Contra^c^t^ors^,^ot^he^rw^is^e^k^now^{n a}^s^MA^Cs^{, b}^y²⁰¹¹^{. MA}^Cs^w^{ill proc}^e^s^s^a^nd
^pa^y^c^l^aⁱ^m^s^f^o^r^bot^h^P^a^r^t^A^a^{nd B}^Me^dic^a^r^e^pr^ov^ide^r^s^.^C^ontr^a^c^tⁱⁿ^g^r^e^f^o^r^m^is^e^x^pec^t^e^d^{to g}^e^ne^r^a^te^s^a^vⁱ^ng^s^{to t}^h^e
^go^vern^m^eⁿ^t^b^y^p^r^o^m^o^tⁱⁿ^{g great}^er^effⁱ^ci^en^c^yⁱⁿ^p^r^o^cessiⁿ^g^M^e^dⁱ^{care cl}^ai^m^s^.
¹⁷^DM^Eⁱⁿ^cl^u^d^e^{s i}^t^e^m^s^su^ch^{as h}^o^s^pⁱ^t^a^l^b^e^d^s^,^w^h^eel^ch^ai^rs,^resp^ira^t^or^{s, w}^a^lke^r^{s, a}^{nd a}^r^tif^ic^ia^{l lim}^{bs spe}^c^if^ic^a^l^l^y^f^o^r
^hom^e^us^e^.^A^c^c^o^r^d^ing^to^C^M^S^FY²⁰⁰^{8 B}^udg^e^t^J^u^s^tif^ic^a^tion,^the^r^e^a^r^e^c^u^r^r^e^ntly^{23 FI}^s^,¹⁷^C^a^r^rⁱ^e^r^s^,¹^A^/^B^M^A^C^,^a^{nd 3}
^{DME MA}^{Cs in o}^p^e^r^a^tion^.

PSCs specialize in benefit integrity functions, which focus on detecting and investigating
potential fraud and abuse in Parts A and B. By performing ongoing data analysis to identify
potentially fraudulent billing patterns and investigating leads from a variety of sources (law
enforcement agencies, CMS, beneficiaries, and Medicare supplemental insurers), PSCs identify
suspected cases of fraud and make appropriate referrals to the OIG for consideration of civil or
criminal prosecution. PSCs will also arrange Medicare training for law enforcement officials at
the Federal Bureau of Investigation (FBI) and Department of Justice (DOJ) when requested. PSCs
conducting benefit integrity work have the authority to suspend and deny payments and initiate
payment recoupment. Some PSCs also perform medical review functions. Separate PSCs detect ¹⁸
alleged Medicare fraud among durable medical equipment providers (DME PSCs).
RACs are responsible for reducing the rate of Medicare improper payments in Parts A and B by
identifying under- and overpayments made to providers, recovering overpayments, and working
with providers to prevent future improper payments. Section 306 of the Medicare Prescription
Drug, Improvement, and Modernization Act of 2003 (P.L. 108-173) authorized the Secretary to
contract with RACs as a three-year demonstration project. The RAC initiative was made
permanent with the Tax Relief and Health Care Act of 2006 (P.L. 109-432). There are currently
six RACs operating in three states: New York, California, and Florida. CMS expects to expand
the program nationwide by 2010. Additional information on RACs is included in the current
issues section.
The main purpose of the COB contractor is to identify payments that are the responsibility of
another or secondary payer. Statutorily, Medicare is the secondary payer to employer-based
insurance plans, auto liability insurance, and workers compensation insurance. By using data
match programs, the Medicare COB is responsible for the collection, management, and reporting
of other health insurance coverage for Medicare beneficiaries. In January of 2001, the COB
contractor assumed responsibility for researching and conducting all MSP claim investigations.
There is one COB contractor that handles all program integrity functions related to MSP.
CMS currently maintains eight MMC-PIC contracts, which are responsible for identifying and
detecting fraud, waste, and abuse in Medicare Part C MA plans. Among the services performed
by MMC-PICs are evaluating the marketing operations of Part C plans, auditing plan financial
and medical records, evaluating enrollment and encounter data from Part C plans, and completing
all retroactive payment adjustments and retroactive enrollments or disenrollments submitted by
MA organizations.

¹⁸^C^u^r^r^e^ntly^{, C}^M^S^ha^s¹⁸^a^c^tiv^e^be^ne^f^{it inte}^g^r^ity^P^S^C^ta^s^k^or^de^r^s^—¹^{5 f}^o^r^Me^dic^a^r^e^P^a^r^t^s^A^a^{nd B}^aⁿ^d^{3 f}^o^r^D^M^E.

As part of its Part D oversight program, CMS awarded four MEDIC contracts in FY2006. One
MEDIC was operational in FY2006, and the remaining three MEDICs began operations in
FY2007. MEDICs have responsibility for monitoring program integrity and potential fraud issues
that may arise with the new prescription drug benefit. The areas of oversight the MEDICs are
involved with include reviewing bids from prescription drug plans for participation in the
program, conducting audits of Part D participating organizations, investigating fraud complaints
from beneficiaries, and making referrals to law enforcement as necessary.
QIOs are responsible for providing technical assistance to Medicare providers on quality
improvement, conducting medical review activities, and investigating beneficiary complaints
related to inappropriate or medically unnecessary care. Although QIOs provide technical
assistance to all types of Medicare providers (physicians, hospitals, nursing homes, and home
health agencies), the majority of their medical review activities relate to care provided in inpatient
hospitals. As part of their medical review function, QIOs take measures to reduce the hospital
improper payment rate, ensure compliance with Medicare billing codes and procedures, and
assess whether the care provided to beneficiaries meets professionally recognized standards.
When a QIO determines, either through its medical review activities or beneficiary complaints,
that the care provided does not meet Medicare standards, it will work with the provider to rectify ¹⁹
deficiencies or refer the case to law enforcement for sanctions.
CMS contracts separately for program integrity activities related to suppliers of DME. These
include the National Supplier Clearinghouse (NSC), Data Analysis and Coding (DAC)
Contractor, and Durable Medical Equipment Program Safeguard Contractors (DME PSCs). The
NSC is responsible for enrolling DME suppliers in the Medicare program, conducting site visits
to DME facility locations, and issuing Medicare billing numbers to suppliers. The DAC performs
ongoing data analysis on supplier billing patterns, and the DME PSCs are responsible for
detecting and investigating alleged fraud among DME suppliers.

CMS shares responsibility for ensuring Medicare program integrity with three federal agencies:
the Department of Health and Human Services (DHHS) Office of the Inspector General (OIG),

¹⁹^Recen^{t stu}^dⁱ^{es an}^dⁿ^e^w^s^articles^oⁿ^t^h^{e activ}^{ities o}^f^QIOs^h^a^v^e^rai^s^ed^coⁿ^cern^s^related^t^o^t^h^{e QIOs’ ab}^ility^to
^e^ffe^c^tiv^e^l^y^m^{onitor the}^q^u^a^lity^of^c^a^r^e^prov^ide^d^t^o^Me^dⁱ^c^a^r^e^be^ne^fⁱ^cⁱ^a^r^ie^{s. For e}^x^a^m^ple^,^aⁿ^OIG^re^{port re}^le^a^s^e^d^{in Ma}^y
²⁰⁰^{7 re}^p^o^rte^d^tha^t^be^tw^e^eⁿ²⁰⁰³^a^{nd 2}⁰⁰⁶^,^the^{QIOs a}^ssigⁿ^e^d^m^o^re^thaⁿ^80%^of^c^onf^irm^e^{d qua}^lity^c^onc^e^r^{ns to}^tw^{o of}
^the^le^a^s^{t se}^rious^qua^lity^c^l^a^ssi^fⁱ^c^a^tions.^(Se^e^OEI-0^1-0⁶^-0⁰¹^70:^Qu^a^lity^Conc^e^r^{ns Ide}ⁿ^tif^ie^{d T}^h^roug^h^{QIO Me}^dic^a^l
^Re^c^o^{rd Re}^vⁱ^e^w^{, May}^{2007, a}^t^htt^p^://o^ig^.hhs^.g^ov^/^o^eⁱ^/^r^e^ports^/o^eⁱ^-0¹^-^06-⁰⁰¹⁷^0.p^d^f⁾^{. In Fe}^brua^ry²⁰⁰⁶^,^the^Iⁿ^s^titu^te^of
^Me^dicⁱ^ne⁽^I^O^M)^r^e^c^o^m^m^e^nde^{d i}ⁿ^a^c^ong^r^e^s^sⁱ^ona^lly^m^a^nda^te^{d r}^e^po^r^t^tha^t^C^M^{S c}^o^ns^ide^r^r^e^m^o^vⁱ^ng^m^e^dic^a^l^r^e^vⁱ^ew
^f^unc^tions^f^r^om^the^Q^I^O^s^re^s^ponsⁱ^b^ilitie^s^,^m^a^inly^b^ecau^{se th}^{e n}^u^m^b^e^{r o}^f^san^c^tioⁿ^s^issu^ed^to^p^r^o^v^id^{ers f}^o^{r q}^u^a^lity
^vⁱ^ola^tions^ha^{s de}^c^line^d^ov^e^r^tim^e^.^(Se^e^{IOM Re}^port^Me^dic^a^r^e^’^{s Qu}^a^lity^I^m^prov^e^m^eⁿ^{t Org}^a^niz^a^tion^P^r^og^ra^m^:
^Ma^xⁱ^mⁱ^zⁱ^ng^P^o^te^ntia^l,^Ma^rc^{h 2}⁰⁰⁶^{, a}^t^http^://w^w^w^.na^p^.e^du/c^a^t^a^l^og^.php?^re^c^o^r^d_i^d=¹¹⁶⁰^4).

the Department of Justice (DOJ), and the Federal Bureau of Investigation (FBI). The OIG is an
independent unit within DHHS that has the primary responsibility for detecting health care fraud
and abuse in all federal health care programs. Most of its work, however, relates to the Medicare
and Medicaid programs. The agency conducts audits of health care programs, providers, and
agencies, and it performs criminal and civil investigations related to specific instances of health
care fraud or abuse. CMS contractors, upon detecting potential fraud, will develop and refer cases
to the OIG for further investigation and possible administrative sanctions.
The OIG has the authority to impose civil monetary penalties²⁰ and program exclusions²¹ on
Medicare providers that have been convicted of certain fraudulent activities. The OIG does not
have the authority to prosecute offenders for violations of federal criminal law. In these instances,
the OIG would refer the case to the DOJ for prosecution. During FY2005, the OIG excluded ²²

3,804 individuals for health care fraud. The OIG receives referrals for potential fraud cases from ²³

Medicare contractors, beneficiaries, the DOJ, and private citizens.
Annually, OIG releases a work plan, which is available publicly, outlining its priorities for the
upcoming fiscal year. These areas represent vulnerabilities in the Medicare program. For FY2007,
vulnerabilities include oversight of DME suppliers, accuracy of payments to home health ²⁴
agencies, quality of care in nursing homes, and potential fraud in Medicare Part D.
The FBI is the lead investigative agency in the fight against health care fraud. Unlike the OIG,
which has the authority to investigate fraud only in federal programs, the FBI has jurisdiction
over both federal and private sector health care fraud. Typically, the agency investigates complex
fraud schemes involving large-scale medical providers, such as hospitals and corporations. The
FBI does not have the authority to impose sanctions. Currently, the FBI is participating in a
workgroup with CMS, DOJ, the OIG and others dedicated to investigating fraud in the Medicare
Part D program. In FY2006, FBI-led investigations resulted in 535 criminal health care fraud ²⁵
convictions.

²⁰^S^ectⁱ^o^{n 11}²⁸^A^o^f^t^h^{e S}^o^ci^al^S^ecu^ri^t^y^A^c^t^au^t^h^o^rⁱ^{zes t}^h^{e S}^ecret^{ary t}^oⁱ^m^p^o^s^{e p}^eⁿ^a^l^tⁱ^e^{s an}^d^assessmeⁿ^t^s^on^p^e^rson^s
^f^o^{r e}ⁿ^g^a^gⁱ^ng^{in c}^e^r^ta^{in a}^c^tiv^itie^{s. For e}^x^a^m^ple^,^a^pe^{rson w}^{ho k}^now^ing^l^y^sub^m^{its a}^fa^lse^c^l^aⁱ^m^{to a}^f^e^de^ra^{l he}^a^{lth c}^a^r^e
^p^r^o^g^ramⁱ^s^su^b^j^ect^t^o^a^p^eⁿ^a^l^t^y^o^f^u^p^t^o^$¹⁰^,⁰⁰^{0 f}^o^{r each}ⁱ^t^e^m^o^r^servi^ce^f^r^a^uduleⁿ^tly^c^l^aⁱ^m^e^{d, a}ⁿ^a^s^s^e^s^s^m^e^{nt of}^{up t}^o
^thr^e^e^tim^e^s^the^am^{ount f}^r^a^uduleⁿ^t^l^y^c^l^aⁱ^m^e^{d, a}^{nd p}^o^s^sⁱ^ble^e^x^c^l^us^io^n.
²¹^S^ectⁱ^o^{n 11}²⁸^o^f^t^h^{e S}^o^ci^al^S^ecu^ri^t^y^Act^au^t^h^o^rⁱ^{zes t}^h^{e S}^ecret^ar^y^t^o^excl^u^d^eⁱⁿ^dⁱ^vi^du^al^{s and}^en^tⁱ^tⁱ^e^{s f}^r^o^m
^pa^r^tic^ipa^tio^{n i}ⁿ^f^e^de^r^a^{l he}^a^{lth c}^a^r^e^pr^og^r^a^m^s^{. Ex}^c^l^us^ions^a^r^e^a^u^thor^iz^e^d^f^o^r^c^onv^ic^tio^ns^of^c^r^im^ina^l^of^f^e^ns^e^s^r^e^l^a^te^{d to}
^the^de^liv^e^r^y^of^he^a^{lth c}^a^r^e^,^inc^l^ud^ing⁽¹⁾^Me^dic^a^r^e^or^Me^dic^aⁱ^{d f}^r^a^ud,⁽²⁾^pa^tie^{nt a}^bus^e^or^ne^g^l^e^c^t^{, (}³⁾^f^e^lonie^s^f^o^r^ot^he^r
^he^a^{lth c}^a^r^e^f^r^a^{ud, a}ⁿ^d^{(4) f}^e^lonie^s^f^o^{r the}^ille^g^a^{l m}^a^nuf^a^c^tu^re^{, distri}^buti^oⁿ^,^pre^s^c^r^iptⁱ^oⁿ^,^{or dis}^p^eⁿ^sin^g^of^c^ontrolle^d
^s^ubs^ta^nc^e^s^{. T}^h^e^Se^c^r^e^t^a^r^y^ha^s^dis^c^r^e^tiona^r^y^a^u^thor^ity^{to e}^x^c^l^udeⁱⁿ^divⁱ^dua^ls^on^ot^he^r^g^r^ou^nds^{, s}^u^c^h^a^s^he^a^{lth c}^a^r^e^f^r^a^ud
^of^f^e^ns^e^s^inv^o^lv^ing^mⁱ^s^d^em^e^a^nor^s^,^lic^eⁿ^s^e^s^u^s^p^eⁿ^sⁱ^on^or^r^e^v^o^c^a^tioⁿ^,^pr^ov^is^ion^of^un^ne^c^e^s^s^a^r^y^or^s^ubs^ta^nda^r^d^s^e^r^v^ic^e^s^,
^s^ubm^is^sⁱ^{on of}^f^a^ls^e^or^f^r^a^uduleⁿ^t^c^l^aⁱ^m^s^{, a}^{nd e}ⁿ^g^a^gⁱ^ng^{in u}ⁿ^la^w^f^{ul k}ⁱ^c^k^ba^ck^a^r^r^a^ng^em^eⁿ^ts^.
²²^H^e^a^{lth C}^a^r^e^Fr^a^{ud a}^{nd A}^bus^e^C^o^ntr^o^l⁽^H^C^F^A^C⁾^A^nnua^{l R}^e^por^{t f}^o^r^FY²⁰⁰⁵^{, a}^t^h^ttp:^//oig^.^hhs^.g^ov^/^public^a^tⁱ^ons^/^doc^s^/
^hc^f^a^c^/^hc^f^a^c^r^e^por^t20⁰⁵^.^p^d^f^.
²³^U^nde^r^t^h^e^Fe^de^r^a^{l Fa}^ls^e^C^l^aⁱ^m^s^A^c^{t, 31 U}^.^S.C^.^§^§³⁷²⁹^-³⁷³^3,^prⁱ^v^a^t^e^c^itiz^eⁿ^s^a^{nd r}^e^la^tor^s^m^a^y^f^{ile s}^u^it^on^be^ha^lf^of
^the^U^.^{S. g}^o^v^e^rⁿ^m^e^{nt. R}^e^la^tor^s^a^r^e^pr^iv^a^t^e^pe^r^s^ons^w^ith^dir^e^c^t^k^now^le^dg^e^of^he^a^{lth c}^a^r^e^f^r^a^{ud w}^{ho f}^{ile c}^o^m^p^la^ints^on
^be^ha^lf^of^the^f^e^de^ra^{l g}^o^v^e^rn^m^e^nt.^T^h^e^y^a^r^e^eⁿ^title^{d to a}^pe^rc^eⁿ^ta^g^e^of^aⁿ^y^f^r^a^{ud re}^c^o^v^e^rie^s^.
²⁴^Se^e^htt^p^://o^ig^.hhs.g^ov^/^p^u^b^lic^a^tio^ns/doc^s/^w^o^rk^plaⁿ^/20^07/^W^o^rk^%²⁰^P^la^n%²⁰²⁰⁰⁷^.p^df^.
²⁵^T^a^ke^{n f}^r^o^m^te^s^tⁱ^m^ony^o^f^A^l^e^x^aⁿ^de^r^A^c^os^ta^{, U}ⁿ^ite^{d Sta}^t^e^s^A^ttorⁿ^e^y^f^o^r^the^Sou^t^he^rⁿ^Dⁱ^s^t^rⁱ^c^t^of^Fl^or^ida^,^Mia^m^{i, a}^t
^House^Com^m^itte^e^{on W}^a^y^s^a^{nd Me}^aⁿ^{s He}^a^{lth a}ⁿ^d^Ov^e^r^sig^h^{t Sub}^c^om^m^itte^e^He^a^r^ing^{on Me}^dic^a^r^e^P^r^og^ra^m^Inte^g^r^it^y^,
^Ma^rc^{h 8,}²⁰⁰⁷^{, a}^t^http^://w^ay^s^a^ndm^e^aⁿ^s^.^hous^e^.^g^o^v^/^he^a^r^ing^s^.a^s^p^?f^orm^m^ode^=v^iew^&^id=^5581.

CMS contractors, the OIG, and the FBI all refer potential health care fraud cases to the DOJ for
prosecution. Within the DOJ, the Civil and Criminal Divisions handle health care fraud. One of
the enforcement tools for prosecuting health care fraud is the False Claims Act (FCA), which ²⁶
prohibits knowingly submitting false or fraudulent claims to the U.S. government. Lawsuits
may be brought by private plaintiffs, known as relators or whistleblowers, under the FCA. There
are also 93 U.S. Attorneys Offices nationwide, which prosecute civil and criminal health care
fraud. During FY2006, prosecutors for the DOJ and U.S. Attorneys Offices opened 836 new ²⁷
criminal and 698 new civil health care fraud investigations.
Finally, Medicare beneficiaries are a source for detecting fraud. Beneficiaries who suspect fraud
can call the OIG’s National Fraud Hotline at 1-800-HHS-TIPS. To educate beneficiaries on how
to detect and report fraud and abuse, the Administration on Aging oversees Senior Medicare
Patrol Projects, which recruit retired professionals in all 50 states to conduct one-on-one and
group training sessions for Medicare beneficiaries. The OIG collects annual performance data on
these projects and in its most recent report (April 2007) reported that in 2006, Medicare patrol
projects received 11,830 fraud complaints from beneficiaries; of this amount, 4,123 were referred ²⁸
for further investigation. Contractors investigating anomalies in billing patterns may also
contact beneficiaries to verify that the services claimed were actually received by the beneficiary.

Medicare program integrity and anti-fraud activities are funded through the Medicare Integrity
Program (MIP) and Health Care Fraud and Abuse Control (HCFAC) program. The MIP and
HCFAC programs were both established by the Health Insurance Portability and Accountability
Act of 1996 (HIPAA), which sought to increase and stabilize federal funding for health care anti-
fraud activities. Specifically, HCFAC funds are directed to the enforcement and prosecution of all
health care fraud, whereas MIP funding supports the Medicare program integrity activities
undertaken by CMS contractors.
HIPAA authorized the creation of the HCFAC program, which was to be jointly administered by
the Secretary of HHS and the Attorney General. To fund the program, HIPAA established within
the Hospital Insurance (HI) Trust Fund an expenditure account called the HCFAC account. All
amounts equal to monies collected from health care investigations and enforcement efforts are to ²⁹
be deposited into the HI Trust fund.

²⁶^Unde^{r t}^h^e^Fe^de^ra^{l Fa}^lse^Claⁱ^m^s^A^c^{t, 31 U.S.C.}^§^§³⁷²⁹^-3⁷³^{3, a}^p^e^{rson or}^eⁿ^tity^{is lia}^ble^f^o^{r u}^p^t^o^t^r^e^b^le^da^m^a^g^e^s
^an^d^{a p}^eⁿ^a^l^t^y^b^e^t^w^een^$⁵^,⁵⁰^{0 an}^{d $}¹¹^,⁰⁰^{0 f}^o^{r each}^f^a^l^s^{e cl}^ai^mⁱ^t^know^ing^l^y^s^u^b^m^its^{or c}^a^u^s^e^s^{to be}^s^ubm^itte^{d to a}
^f^e^de^r^a^{l pr}^og^r^a^m^.
²⁷^T^a^ke^{n f}^r^o^m^te^s^tⁱ^m^ony^o^f^A^l^e^x^aⁿ^de^r^A^c^os^ta^{, U}ⁿ^ite^{d Sta}^t^e^s^A^ttorⁿ^e^y^f^o^r^the^Sou^t^he^rⁿ^Dⁱ^s^t^rⁱ^c^t^of^Fl^or^ida^,^Mia^m^{i, a}^t
^House^Com^m^itte^e^{on W}^a^y^s^a^{nd Me}^aⁿ^{s He}^a^{lth a}ⁿ^d^Ov^e^r^sig^h^{t Sub}^c^om^m^itte^e^He^a^r^ing^{on Me}^dic^a^r^e^P^r^og^ra^m^Inte^g^r^it^y^,
^Ma^rc^{h 8,}²⁰⁰⁷^{, a}^t^http^://w^ay^s^a^ndm^e^aⁿ^s^.^hous^e^.^g^o^v^/^he^a^r^ing^s^.a^s^p^?f^orm^m^ode^=v^iew^&^id=^5581.
²⁸^Se^e^O^E^I^-^02-^07-⁰⁰³⁶^0:^P^e^r^f^or^m^a^nc^e^D^a^ta^f^o^r^the^Se^nior^Me^dic^a^r^e^P^a^tr^ol^P^r^oje^c^t^s^,^A^p^r^{il 2}⁰⁰⁷^{, a}^t
^http:^//w^w^w^.oig^.hhs^.g^ov^/^o^e^i/r^e^por^t^s^/oeⁱ^-^02-^07-⁰⁰³⁶^0.^pdf
²⁹^A^s^s^p^e^cⁱ^fⁱ^e^d^{in Se}^c^tio^{n 1}⁸¹⁷⁽^k⁾⁽^C⁾^of^the^Socⁱ^a^l^Se^c^u^r^ity^A^c^{t (}^SSA⁾^,^am^ounts^e^qua^{l t}^o^t^h^e^f^o^llowⁱⁿ^g^a^r^e^{to be}
^de^pos^ite^{d in}^to^the^Fe^de^ra^{l H}^o^s^p^it^a^l^Ins^u^ra^nc^e^T^r^us^{t F}^uⁿ^d^f^r^om^the^U^.^{S. T}^r^e^a^s^ur^y^:^{(1) a}^m^ounts^e^qua^li^ng^unc^oⁿ^d^itio^na^l
^gⁱ^f^t^{s a}^{nd be}^que^{sts; (2)}^c^r^im^ina^l^fⁱ^ne^{s re}^c^o^v^e^re^{d in c}^a^s^e^s^inv^o^lv^ing^a^f^e^de^ra^{l he}^a^{lth c}^a^r^e^off^e^nse^a^s^de^fⁱ^ne^{d in T}^itle¹⁸
^U^.^S.C.^{§ 9}^82(a⁾⁽⁶^{)(B); (}³^{) c}ⁱ^v^{il m}^one^ta^ry^pe^na^ltie^s^a^{nd a}^s^s^e^s^s^m^e^nts^im^pos^e^dⁱⁿ^he^a^{lth c}^a^r^e^c^a^s^e^s^{, inc}^l^udi^ng^a^m^ounts
⁽^c^onti^nue^d.^..)

Within the HCFAC account, HIPAA authorized funding for health care anti-fraud activities
undertaken by HHS, DOJ, OIG, and the FBI for years 1997-2003. All HIPAA appropriations were ³⁰
capped at the FY2003 level and remained at the FY2003 level through FY2006. HIPAA
established that up to $104 million could be appropriated for health care anti-fraud and abuse
activities undertaken by the HHS, DOJ, and OIG in FY1997. For FY2003-FY2006, this amount
would increase to $240.6 million. Within these amounts, HIPAA earmarked specific funding
amounts for activities undertaken by the OIG. The annual OIG appropriation increased from $70
million in FY1997 to a maximum of $160 million for fiscal years 2003 through 2006. HIPAA
authorized a separate funding stream for the FBI. The annual FBI appropriation increased from
$47 million in FY1997 to $114 million for fiscal years 2003 through 2006.
The largest share of the HCFAC appropriation was dedicated to the MIP program, which
increased from $440 million in FY1997 to $720 million for fiscal years 2003 through 2005. Prior
to HIPAA and the establishment of the MIP program, funding for Medicare program integrity
activities was taken from Medicare’s program management budget, which was subject to the
annual appropriations process. This sometimes led to fluctuations in funding, as monies originally
intended to support program integrity functions were redirected to fund ongoing Medicare
operations, such as day-to-day claims processing functions. With the passage of this legislation,
HHS was ensured a stable funding source that it could commit to Medicare anti-fraud activities.
Prior to HIPAA, Medicare program integrity approaches relied heavily on “pay and chase”
methods, which entailed paying claims and then chasing after providers to recover inappropriate
payments. Long-term financial support was intended to assist CMS in developing more
innovative and preventive strategies to combat fraud and abuse, such as reviewing claims prior to
payment as opposed to after payment.
During years 1997 through 2005, total funding for program integrity and health care fraud and
abuse activities almost doubled, increasing from approximately $0.6 billion in FY1997 to $1.1
billion by FY2005. The Deficit Reduction Act (DRA) of 2005 raised funding for the MIP
program by $112 million for FY2006 to implement program integrity and oversight activities for
the Medicare prescription drug benefit. This increased the annual MIP allocation from $720
million in FY2005 to $832 million for FY2006 only. Twelve million of this additional
appropriation in FY2006 was earmarked for the Medi-Medi data matching program. The DRA ³¹
provided increasing amounts for the Medi-Medi program through year 2010. Table 1 shows the
allocation of HCFAC and MIP appropriation amounts for selected years between 1997 and 2007.

^(...c^on^tin^ue^d)
^re^c^o^v^e^re^{d unde}^{r ti}^tle^s^X^I^,^X^V^III,^a^nd^X^I^X^,^of^the^SSA^a^{nd C}^h^a^p^te^r³⁸^of^T^itle³¹^of^the^U^.^S.C.^{; (4)}^a^m^ounts^re^s^u^lting
^f^r^o^m^the^f^o^rfe^iture^of^prope^rty^by^re^a^s^{on of}^a^f^e^de^ra^{l he}^a^{lth c}^a^r^e^off^e^nse^;^a^{nd (5) pe}^na^ltie^{s a}ⁿ^d^da^m^a^g^e^{s obta}ⁱ^ne^d^un^de^r
^the^Fa^ls^e^C^l^aⁱ^m^s^A^c^{t, 31 U}^.^S.C^.^§^§³⁷²⁹^-³⁹³^3.
³⁰^T^h^e^one^e^x^c^e^p^tion^to^this^is^the^D^e^fⁱ^c^{it Re}^duc^tio^{n A}^c^t’s^inc^r^e^a^s^e^f^o^{r the}^MI^P^prog^ra^m^,^f^r^o^m^$720^m^{illion to}^$8³²
^m^{illion, f}^o^{r y}^e^a^r²⁰⁰⁶^only^.
³¹^T^h^e^D^R^A^a^ppr^op^rⁱ^a^t^e^d^$¹²^M^f^o^r^the^Me^dⁱ^-^M^e^dⁱ^pr^og^r^a^m^{in FY}²⁰^06,^$2^4Mⁱⁿ^FY²⁰⁰⁷^,^$3^{6M i}ⁿ^F^Y²⁰⁰^8,^$4^8Mⁱⁿ
^F^Y²⁰⁰⁹^,^an^{d $6}⁰^Mⁱⁿ^F^Y²⁰¹⁰^and^each^y^{ear t}^h^erea^f^t^er.

Table 1. HCFAC and MIP Appropriations for Selected Fiscal Years
^(doll^a^{rs in thousands)}
¹⁹⁹⁷²⁰⁰¹²⁰⁰³²⁰⁰⁵²⁰⁰⁶^a²⁰⁰^{7 (CR Level)}^b
^HCFAC
^HHS^$11,8⁰⁰^$8,42^{8 $31,1}⁴³^$31,1^{43 $31,1}⁴³^$32,2⁹⁶
^DOJ^$22,2⁰⁰^$43,4^{69 $49,4}¹⁵^$49,4^{15 $49,4}¹⁵^$51,2⁴³
^OIG^$70,0⁰⁰^$13^0,00^{0 $16}^0,00⁰^$16^0,00^{0 $16}^0,00⁰^$16^5,92⁰
^FBI^$47,0⁰⁰^$88,0^{00 $11}^4,00⁰^$11^4,00^{0 $11}^4,00⁰^$11^8,21⁸
^TOTAL^$151,⁰⁰⁰^$269,^{897 $354,}⁵⁵⁸^$354,^{558 $354,}⁵⁵⁸^$367,⁶⁷⁷
^MIP^$44^0,00⁰^$68^0,00^{0 $72}^0,00⁰^$72^0,00^{0 $82}^0,00⁰^$72^0,00⁰
^Medi-Medi^$12,0⁰⁰^$24,0⁰⁰
^TOTAL^$591,⁰⁰⁰^$949,^{897 $1,07}^4,5⁵⁸^$1,07^4,5^{58 $1,18}^6,5⁵⁸^$1,11^1,6⁷⁷
^Source:^{Data ext}^{racted from}¹⁹^{97, 2}⁰⁰^{1, 20}^{03, a}^{nd 2}⁰⁰⁵^HCFA^{C Ann}^{ual Reports and CMS}^Justif^{ication of}
^{Estimates for A}^pprop^{riations Committees FY200}^8.
^a.^{HIPAA cap}^{ped ap}^{propriations for}^{HCFAC and MIP at t}^{he FY2}⁰⁰^{3 level. Congress, with the pa}^ssage^{of the}
^{DRA in 200}^{5, increased t}^{he amo}^{unt for}^{MIP for FY2}⁰⁰^{6 only.}
^b.^{The 20}⁰⁷^{CR Level includes th}^e^perce^{ntage increa}^{se in th}^{e cons}^u^{mer price inde}^{x as ma}^{ndated by}^t^{he Tax}
^{Relief and Health Care Act (TRH}^{CA) of 199}^{6 for}^HCFAC.
In addition to HCFAC and MIP mandatory funds, each year Congress appropriates funds to
support CMS contractor operations as part of its annual program management request (not shown ³²
in Table). A portion of these funds are directed to the claims administration contractors to
conduct program integrity functions. According to the final rule on the MIP program published on
August 24, 2007, approximately one-third of the total contractor budget was dedicated to program
integrity activities in FY2004. The funding level for contractor activities that same year was $1.7
billion. In FY2007, funding for contractor operations had increased to $2.1 billion, an increase of ³³
approximately $420 million from FY2004.

In December 2006, Congress passed the Tax Relief and Health Care Act of 2006 (P.L. 109-432),
which extended the mandatory annual appropriation for HCFAC to 2010. For fiscal years 2007
through 2010, the mandatory annual appropriation would be the limit for the preceding year plus
the percentage increase in the consumer price index for urban consumers. For each fiscal year

³²^Fu^ndi^ng^f^o^{r prog}^ra^m^inte^g^r^it^y^a^c^tiv^itie^s^c^ond^uc^te^d^by^Me^dic^a^r^e^Q^I^O^s^c^o^m^e^s^f^r^o^m^a^s^e^pa^ra^te^Q^I^O^budg^e^t^{. Q}^I^O^s^a^r^e
^f^unde^{d v}ⁱ^a^a^thr^e^e^-^y^e^a^r^m^a^nda^tor^y^a^ppor^ti^onm^eⁿ^{t f}^r^om^the^Me^dic^a^r^e^T^r^us^{t Fun}^d^s^r^a^the^r^t^h^aⁿ^aⁿ^aⁿⁿ^u^a^l^dis^c^r^e^tio^na^r^y
^a^ppr^o^p^rⁱ^a^tio^{n. T}^h^e^t^h^r^e^e^-^y^e^a^r^bud^g^e^{t f}^o^r^the^Q^I^O^pr^og^r^a^m^,^w^h^ic^{h r}^uns^f^r^om^A^u^g^u^s^t²⁰^05-^A^u^g^u^s^t²⁰^08,^is
^a^ppr^ox^im^a^t^e^l^y^$1.25^bill^io^n.
³³^C^R^S^aⁿ^a^l^y^s^is^of^C^M^{S f}ⁱ^na^nc^ia^{l da}^ta^f^o^r^y^e^a^r^s²⁰⁰^{4 a}ⁿ^{d 2}⁰⁰⁷^:^htt^p^:^//w^w^w^.cm^s^.hhs^.g^ov^/C^a^p^Ma^r^k^e^t^U^pda^te^s^/
^D^o^wⁿ^loa^d^s^/²⁰^07W^a^lle^tC^a^r^d.^pdf^.

beyond 2010, the mandatory annual appropriation would be capped at the FY2010 level. Funding
for MIP, however, was not addressed with this legislation and will remain capped at the FY2003
level of $720 million plus the additional DRA appropriation for the Medicare-Medicaid data
matching program.
For FY2008, the President’s budget included a request of $183 million in discretionary funds to
augment the $1.1 billion in mandatory funding for the health care fraud and abuse control
program. The HCFAC account has not been funded using discretionary funds in prior years. Of
this $183 million, $138 million would have been allocated to MIP for oversight activities related
to the prescription drug program. The House and Senate proposed $383 million in discretionary
funds for the these activities. The amended version of the Consolidated Appropriations Act of
2008 (H.R. 2764), signed by the President on December 26, 2007, did not include funding for the
health care fraud and abuse control program.

There are a limited number of performance statistics and reports available to help policy makers
evaluate the success of Medicare’s program integrity efforts. Studies to date have generally
examined the performance of the HCFAC and MIP programs separately. When the HIPAA
legislation was passed in 1996, Congress mandated that DOJ and HHS report annually the results
and accomplishments of its HCFAC efforts to the public. The legislation also required that the
Government Accountability Office (GAO) biennially assess the appropriateness and adequacy of
HCFAC expenditures for fraud control efforts. However, Congress did not require that HHS,
DOJ, or GAO evaluate the MIP program as part of these assessments. As a result, there is less
empirical data available on MIP performance than on the results of the HCFAC program. To date,
the most comprehensive evaluation on MIP program integrity efforts was a study released by
GAO in September of 2006, which identified weaknesses in the methods CMS uses to allocate
funds across five MIP program integrity activities (cost report auditing, medical review, benefit
integrity, medicare secondary payer, and provider education). This section summarizes findings
from reviews and studies conducted on the HCFAC and MIP programs during the past decade.
When assessing the performance of the MIP program, CMS relies on statistics measuring the
percentage of improper payments the Medicare program makes to providers each year. CMS
produces midyear and annual improper payment reports, which can be accessed publicly on the ³⁴
agency website. To measure improper payments in fee-for-service Medicare, CMS calculates a
national paid claims error rate, contractor-specific improper payment rates, and provider-specific
improper payment rates. The national paid claims error rate consists of the Comprehensive Error
Rate Testing Program (CERT), which calculates error rates for all Medicare contractors that
process and pay Part A and B claims, and the Hospital Payment Monitoring Program (HPMP),
which calculates an error rate for Medicare’s QIOs, which are responsible for ensuring

³⁴^T^h^e^I^m^pr^ope^r^P^a^y^m^eⁿ^ts^Iⁿ^f^o^r^m^ation^A^c^{t of}²⁰⁰²^r^e^quir^e^s^f^e^de^r^a^{l a}^g^eⁿ^cⁱ^e^s^{to e}^s^ti^m^a^te^a^{nd r}^e^por^t^th^eⁱ^r^a^nnua^{l r}^a^te^of
^im^p^r^o^p^e^{r p}^a^y^m^en^{ts. T}^o^{access C}^M^{S an}ⁿ^u^a^{l im}^p^r^o^p^e^r^p^a^y^m^en^{t rat}^e^rep^o^r^{ts, v}ⁱ^sit^h^t^t^p^s://www^.c^m^s^.h^h^s^.g^o^v^/ap^p^s^/
^e^r^_r^e^por^t/^inde^x^.^a^s^p.

appropriate payments to inpatient hospitals. Improper payment rates have not yet been created for ³⁵
Medicare Parts C and D.
CMS uses the contractor-specific error rates to evaluate the performance of its MIP contractors:
FIs, Carriers, and QIOs. To keep their improper payment rates low, contractors are expected to
continually educate the provider community on Medicare coverage and coding policies. CMS
uses the provider-specific error rates to determine where they should target their provider
education efforts.
Despite its value as a tool for estimating payment accuracy and administrative efficiency in
claims processing, the improper payment rate does not measure fraud and abuse in the Medicare
program. It is mainly a measure of administrative errors. According to CMS’s most recent
improper payment rate report, the main types of payment errors are incorrect coding by providers,
claims for medically unnecessary services, and claims submitted with insufficient or no
documentation. In its November 2007 report, CMS reported a national claims error rate of 3.9%,
which amounted to approximately $10.8 billion in improper payments. This is down from 4.4%
in 2006, 5.2% in 2005, and 10.1% in 2004.
At the time the HIPAA legislation was passed in 1996, the OIG calculated a Medicare improper
payment rate of 14.2%, or approximately $23.2 billion in improper payments. CMS has set a goal
to reduce the error rate to 3.8% by the end of FY2008. Table 2 lists the national paid claims error
rates and the total in gross improper payments for every two years between 1996 and 2008. In
April 2006, the GAO reported that the significant reduction in Medicare’s national paid claims
error rate between years 2004 and 2005 was largely due to CMS’s efforts to educate providers
about the importance of submitting requested documentation to justify payments. When providers
do not respond to requests for additional documentation, CMS automatically counts the payments
as erroneous. According to GAO, despite the success and importance of these educational efforts,
they do not reflect an improvement in payment safeguards or internal controls implemented by ³⁶
CMS.
Table 2. Medicare National Paid Claim Error Rates and Gross Improper Payments
for Every Two Years Between 1996 and 2008
^(doll^a^{rs in bill}^ions)
^Year^{National Paid Claims Err}^or^{Rate (as a % o}^f^{FFS expendit}^ures)^{Gross Imp}^roper^Payments^a
¹⁹⁹^{6 14.2%}^$23.2
¹⁹⁹^{8 8.4%}^$14.9
²⁰⁰^{0 9.4%}^$16.4
²⁰⁰^{2 8.0%}^$17.1
²⁰⁰⁴^b^10.1%^$21.7

³⁵^A^c^c^o^rding^t^o^te^stim^ony^pre^p^a^r^e^d^by^Tⁱ^m^{Hill of}^the^Offⁱ^c^e^of^Fina^nc^ia^{l Ma}^na^g^e^m^e^{nt a}^t^{CMS, C}^M^S^{is in t}^h^e^pr^oc^e^ss
^of^de^v^e^loping^pa^y^m^eⁿ^{t e}^r^r^o^r^r^a^te^s^f^o^r^P^a^r^t^C^aⁿ^d^P^a^r^t^D^.^Me^dic^a^r^e^P^a^r^t^C^c^u^r^r^e^ntly^r^e^pr^e^s^eⁿ^ts^a^ppr^o^xⁱ^m^a^te^l^y^15%^of
^Me^dic^a^r^e^’^{s tota}^{l o}^u^tla^y^s^{. Ex}^c^e^r^{pt ta}^k^e^{n f}^r^o^m^he^a^r^ing^{on Me}^di^{care P}^r^o^g^ram^In^t^e^gri^t^y^f^o^{r t}^h^{e Heal}^t^h^an^d^Oversi^gh^t
^Subc^om^m^itte^e^,^H^ous^e^W^a^y^s^a^{nd Me}^aⁿ^s^Com^m^itte^e^,^Ma^rc^{h 8, 2}⁰⁰⁷^{, a}^t^http^://w^ay^s^a^ndm^e^aⁿ^s^.^hous^e^.^g^o^v^/
^he^a^r^ing^s^.a^s^p^?^f^or^m^m^ode⁼^v^iew^&^id=⁵⁵⁸^0.
³⁶^Se^e^G^A^O^-^06-^581T^{: C}^h^a^lle^ng^e^s^C^onti^nueⁱⁿ^Me^e^tⁱⁿ^g^R^e^quir^e^m^e^nts^of^the^I^m^pr^ope^r^P^a^y^m^eⁿ^ts^Iⁿ^f^o^r^m^a^{tion A}^c^{t, A}^p^r^il
²⁰⁰^{6, a}^t^htt^p^://w^ww^.ga^o^.g^ov^/ne^w^.ite^m^s^/^d06⁵⁸^1t.^pdf^.

^Year^{National Paid Claims Err}^or^{Rate (as a % o}^f^{FFS expendit}^ures)^{Gross Imp}^roper^Payments^a
²⁰⁰^{6 4.4%}^$10.8
²⁰⁰^{8 3.8%}^(est.)^—
^Source:^{CMS and}^OIG^Imp^rope^{r Payment Rate Report}^{s for yea}^r^s¹⁹^96-²⁰^07.
^a.^{CMS arrives at a gross im}^proper^payment^amount^{by adding}^under^payment^{s to overpaym}^ents.
^b.^{From 19}^96-2⁰⁰^{2, the}^OIG^{calculated an error}^{rate ba}^{sed on ap}^pro^{ximately 6,00}^{0 claims. Beginning in 2}⁰⁰^3,
^{CMS took over the calculation of the er}^{ror rate f}^{rom OI}^{G and e}^x^{panded the}^{sample of claims revi}^ewed
^{from 6,0}^{00 to ap}^proximately¹²⁸^,000.
HIPAA requires that every year DHHS and the DOJ release a joint annual report to Congress on
HCFAC results and accomplishments. Typically, these reports are released late summer or early
fall and contain the amounts deposited into the HI Trust Fund for health care fraud enforcement
and the justifications for these expenditures. Numbers and examples of enforcement actions,
program accomplishments, and total recoveries in health care fraud cases are also described.
The most recent annual HCFAC report indicates that the federal government won or negotiated
approximately $1.5 billion in judgements and settlements related to health care fraud in FY2005 ³⁷
and returned $1.6 billion to the HI Trust Fund as a result of these efforts. This is compared with
$.6 billion in judgements and settlements and $1.5 billion returned to the trust fund in FY2004.
Although the dollar value in fraud recoveries fluctuates from year to year, the amount of money
transferred to the HI Trust Fund as a result of health care fraud enforcement efforts has been
steadily increasing since 1998. Furthermore, the number of new civil and criminal investigations
has accelerated, particularly in recent years. There is debate as to whether the increase in
enforcement actions is actually the result of more fraud and abuse in Medicare. Some experts
contend that the increase is the result of having more resources to fight and detect health care
fraud, as opposed to an actual increase in the amount of fraud. Others indicate that the definition
of what constitutes health care fraud has expanded over the years, making it appear as though ³⁸
fraud has escalated when the actual level has remained relatively steady.
Table 3 provides a summary of HCFAC fraud recoveries, transfers to the HI Trust Fund, and
enforcement actions for years 1998 through 2005. Table 3 also highlights payment amounts
awarded to relators or whistleblowers. Relators are private persons with direct knowledge of
health care fraud who file complaints on behalf of the federal government under the False Claims
Act. Relators are entitled to a share of the recoveries in successful cases. As the table
demonstrates, these individuals are a significant referral source for health care fraud. In 1998, the
federal government paid relators $4.3 million in settlements. By 2002, this amount had increased
to $101.2 million. In 2005, relators payments had risen to $136.8 million.

³⁷^H^e^a^{lth C}^a^r^e^Fr^a^{ud a}^{nd A}^bus^e^C^o^ntr^o^l⁽^H^C^F^A^C⁾^A^nnua^{l R}^e^por^{t f}^o^r^FY²⁰⁰⁵^{, a}^t^h^ttp:^//oig^.^hhs^.g^ov^/^public^a^tⁱ^ons^/^doc^s^/
^hc^f^a^c^/^hc^f^a^c^r^e^por^t20⁰⁵^.^p^d^f^.^T^h^e^dif^f^e^r^eⁿ^c^e^be^t^w^ee^{n the}^a^m^{ount c}^o^l^l^e^c^t^e^d^{in f}^r^a^{ud r}^e^c^o^v^e^rⁱ^e^s^a^{nd t}^h^e^am^{ount tr}^aⁿ^s^f^e^r^r^e^d
^{to t}^h^e^{HI T}^r^{ust Fu}^nd^{in a}ⁿ^y^gⁱ^ve^{n y}^e^a^r^c^aⁿ^be^a^ttribute^d^t^o^the^f^a^c^t^tha^t^f^r^a^{ud litig}^a^tio^{n is a}^le^ng^thy^proc^e^{ss tha}^t^c^aⁿ
^som^e^ti^m^e^{s ta}^ke^se^ve^ra^l^y^e^a^r^{s. A}^s^a^re^{sult, som}^e^of^the^j^udg^e^m^eⁿ^{ts, se}^ttle^m^e^{nts, a}^{nd a}^d^mⁱ^nistra^tiv^e^a^c^tions^tha^t^oc^c^u^rre^d
^{in o}ⁿ^e^y^e^a^r^m^a^y^{not re}^{sult i}ⁿ^m^oⁿⁱ^e^s^be^ing^traⁿ^sf^e^rre^{d to t}^h^e^{trust f}^und^uⁿ^til^one^{or m}^o^re^y^e^a^r^{s la}^te^r.
³⁸^Heal^t^h^{Care F}^r^au^d^aⁿ^d^A^b^u^s^e:^P^r^actⁱ^cal^P^e^rsp^ectⁱ^v^es,^Ch^ap^t^e^{r 4,}²⁰⁰⁴^.

Table 3. HCFAC Summary of Results and Accomplishments for Years 1998-2005
¹⁹⁹⁸¹⁹⁹⁹²⁰⁰⁰²⁰⁰¹²⁰⁰²²⁰⁰³²⁰⁰^{4 200}⁵
^Monetary^Res^ults
^Fraud^Recoveries^a^$0.5B^{$0.5B $1.2B}^$1.7B^$1.8B^{$1.8B $0.6B}^$1.5B
^Transfers^{to the Tr}^ust
^Fund^$0.3B^{$0.4B $0.6B}^$1.0B^$1.4B^{$0.7B $1.5B}^$1.6B
^Enforce^ment^Actions
^{New Criminal Health Care}
^Fraud^Inve^stigations³²²³⁷¹⁴⁵⁷^{445 361}⁸⁷⁰^1,00^{2 935}
^{New Civil Health Care}
^Fraud^Inve^stigations^{107 91}²³³¹⁸⁸^{221 231}⁸⁶⁸⁷⁷⁸
^{FBI Health Care Fra}^ud
^{Investigations}^2,70⁰^3,02^{7 2,98}⁰^2,87⁰^2,41⁸^2,26^{2 2,46}⁸^2,54⁷
^Program^Exclu^sions^3,02¹^2,97^{6 3,35}⁰^3,74⁶^3,44⁸^3,27^{5 3,29}³^3,80⁴
^Relators^Payments^$4.3M^$44.4^M^$90.0^M^$83.3^M^$10^1.2M^$26^9.6M^$82.9^M^$13^6.8M
^Source:^{HCFAC Reports}^{from F}^Y199^8-20^05.
^a.^{The amount t}^{he fede}^{ral governm}^{ent won or}^{negotiated in judgements, settlements, and administrat}^ive
^{impositions in health care f}^{raud c}^ases.
Congress did not require that HHS and DOJ include expenditures or results for the MIP program
in these reports. Therefore, these reports are only an indication of HCFAC’s successes and
challenges in the area of health care fraud enforcement and prosecution and not fraud prevention,
which is a key objective of the MIP program. In addition, these reports do not separate out
funding and expenditures for specific enforcement actions related to Medicare, Medicaid, or other ³⁹
health care programs.
HIPAA also required that GAO submit a report to Congress every two years on HCFAC
appropriations and deposits. Starting in June 1998, GAO released four reports using data from the
HCFAC annual reports for years 1997 through 2003. The most recent and final report, released in
April 2005, reviewed HCFAC activities for years 2002 and 2003. Similar to the HCFAC annual
reports, these studies do not include MIP in their analysis. In all four reports, GAO noted that
while HCFAC deposit amounts reported to the HI Trust Fund were consistent with the HIPAA
legislation, HHS included a measure of cost savings resulting from health care fraud enforcement ⁴⁰
efforts that could not entirely be attributed to the HCFAC program. In addition, because fraud
investigation and litigation take several years, savings may not be realized until future years. The
Office of Management and Budget (OMB) echoed a similar finding in its Program Assessment

³⁹^T^h^e^H^I^P^A^A^legⁱ^s^l^a^{tion d}^o^e^s^no^t^r^e^quir^e^t^h^a^t^H^H^S^or^D^O^J^s^e^pa^r^a^te^ly^tr^a^c^k^Me^dic^a^r^e^a^{nd no}^n-^Me^dic^a^r^e^e^x^pe^nditur^e^s^.
^D^O^J^of^fⁱ^cⁱ^a^l^s^c^o^m^m^e^nte^d^{in a}²⁰^{02 G}^A^O^R^e^por^{t on}^the^H^C^FA^C^p^r^og^r^a^m^tha^t^{it is}^not^pr^a^c^tic^a^l^to^s^e^pa^r^a^te^non-
^M^e^dⁱ^{care an}^d^M^e^dⁱ^{care exp}^eⁿ^dⁱ^t^u^{res b}^ecau^{se o}^f^t^h^{e n}^a^t^u^re^o^f^h^eal^t^h^{care f}^r^au^d^(GA^O^-0²^-⁷³¹^:^M^e^dⁱ^care,^Heal^t^h^Care
^Fr^a^{ud a}ⁿ^{d A}^bus^e^C^o^ntr^o^l^P^r^og^r^a^m^f^o^r^Fis^c^a^l^Y^e^a^r^s^{2000 a}^nd²⁰⁰¹^{, J}^une²⁰⁰²⁾^{. H}^e^a^{lth c}^a^r^e^f^r^a^{ud c}^a^s^e^s^t^y^pic^a^l^l^y^c^r^os^s
^sever^a^l^h^eal^t^h^{care p}^r^o^g^ram^s^,^m^a^kiⁿ^gⁱ^t^dⁱ^f^fⁱ^cu^l^t^t^o^at^t^rⁱ^b^u^t^{e exp}^e^{nses an}^d^reco^veri^{es t}^o^sep^a^rat^e^p^r^ogra^m^s.
⁴⁰^T^h^e^O^I^G^defⁱ^ne^s^c^o^s^t^s^a^vⁱ^ng^s^a^s^f^unds^p^u^{t t}^o^be^tte^r^us^e^a^s^a^r^e^s^u^lt^of^im^plem^eⁿ^te^{d le}^gⁱ^s^l^a^tiv^e^or^oth^e^r^pr^og^r^a^m
^initia^tiv^e^s^.

Rating Tool (PART) evaluation of the HCFAC program in 2004 (see description below). Despite
this weakness, GAO consistently found HHS’s and DOJ’s accounting of HCFAC deposits and
expenditures to be fiscally appropriate and accurate.

In 2002, OMB evaluated the HCFAC and MIP programs separately using the PART, a 25-
question survey addressing federal agency management and performance. The agency noted
conflicting assessments for both programs. HCFAC received a “results not demonstrated” rating
and criticized the OIG for not having sufficient performance measures to assess the program’s
progress in reducing fraud, waste, and abuse. Specifically, OMB noted that savings is not a good
indicator of performance because it is too difficult to ascertain how much of the reported savings
is the direct result of HCFAC activities conducted during the previous year. In the 2005 HCFAC
annual report, the OIG estimates that health care fraud activities in 2005 (investigations, audits,
and evaluations) resulted in savings of approximately $30.0 billion, of which $22.9 billion could
be accrued to the Medicare program.
At the same time OMB gave HCFAC a “results not demonstrated” rating, the agency gave MIP
an “effective” rating—the highest rating a program can receive. OMB attributes this largely to the
OIG’s and CMS’s measurement and reduction of the annual Medicare improper payment rate.
CMS often cites the improper payment rate as a measure of its performance in protecting
Medicare from fraud, waste, and abuse. In the PART report, OMB notes that at the time MIP was
created in 1996, OIG estimated the improper payment rate at 14.2%. By 2006, the rate had
dropped to 4.4%.
Subsequent GAO reports released over the last few years have raised questions about how
HCFAC and MIP funding are being used. An April 2005 report on HCFAC funding for the FBI
found that the agency could not adequately demonstrate that its share of HCFAC expenditures for
FY2000-FY2003 were used for health care investigations. The study showed that funds
previously devoted to fighting health care fraud at the FBI had been shifted to counterterrorism ⁴²
activities.
In a report released in September 2006, the GAO identified weaknesses in CMS’s approach for
allocating MIP funds across the various program integrity activities (cost report auditing, medical ⁴³
review, benefit integrity, Medicare secondary payer, and provider education). GAO noted that
CMS bases its MIP allocation decisions on historical funding levels, as opposed to examining the
relative effectiveness of one activity to another in ensuring Medicare program integrity. For
example, despite receiving the largest share of MIP funds in FY2005, CMS has not yet developed
a reliable quantitative measure to assess the impact of cost report audits of Part A providers on

⁴¹^Se^e^Offⁱ^c^e^o^f^Ma^na^g^e^m^e^{nt a}^nd^Budg^e^t^P^r^og^ra^m^A^sse^ss^m^e^{nt Ra}^ting^T^{ool w}^e^bsite^a^t^http^://w^ww^.^w^hite^h^ouse^.^g^o^v^/
^om^b/pa^r^{t/ f}^o^r^P^A^R^T^as^s^e^s^s^m^e^nts^of^the^Me^dic^a^r^e^Iⁿ^te^g^r^ity^P^r^og^r^a^m^a^{nd the}^H^e^a^{lth C}^a^r^e^Fr^a^u^d^aⁿ^d^A^bus^e^C^ontr^o^l
^Pr^o^g^r^a^m^.
⁴²^G^A^O^-^05-³⁸⁸^{, Fe}^de^r^a^{l B}^u^r^e^a^u^of^Iⁿ^v^e^s^tig^a^{tion: A}^c^c^ounta^b^ili^ty^ov^er^the^H^I^P^A^A^Funding^of^H^e^a^{lth C}^a^r^e
^Iⁿ^v^e^s^tig^a^tions^is^Iⁿ^a^d^e^qua^te^{, A}^p^rⁱ^{l 20}⁰⁵^{, a}^t^http:^//w^w^w^.g^a^o^.g^ov^/ⁿ^e^w^.item^s^/^d05³⁸^8.p^d^f^.
⁴³^G^A^O^-^06-⁸¹³^{, Me}^dic^a^r^e^Iⁿ^te^g^r^ity^P^r^og^r^a^m^,^A^g^eⁿ^cy^A^ppr^oa^c^h^f^o^r^A^lloc^a^ting^Funds^Sh^oul^d^be^R^e^vⁱ^s^e^{d, Se}^pte^m^be^r
²⁰⁰^{6, a}^t^htt^p^://w^ww^.ga^o^.g^ov^/ne^w^.ite^m^s^/^d06⁸¹^3.^pdf^.

preventing fraud, waste, and abuse. GAO recommended that CMS develop additional methods
for allocating MIP funds that take into account the effectiveness of MIP activities, as well as
contractor performance, particularly in light of new vulnerabilities related to the prescription drug
benefit.

Between April 2006 and March 2007, Medicare paid $9.9 billion to DME suppliers. Of this ⁴⁴
amount, improper payments were estimated at $1.0 billion, or approximately 10.2%. Although
many improper payments are the result of honest billing mistakes by providers, others result from
fraud and abuse. DME fraud tends to be higher in South Florida and Los Angeles, where both the
number of Medicare beneficiaries and the number of DME suppliers are high. According to CMS,
the primary types of DME fraud committed in these areas include billing for services not ⁴⁵
rendered and billing for services that are not medically necessary for the beneficiary.
Before a DME supplier can bill Medicare, it must meet certain standards. CMS contracts with the
National Supplier Clearinghouse (NSC) to enroll and screen potential suppliers before they can
participate in the program. Once a supplier is found to be compliant with these standards, it can ⁴⁶
receive a Medicare supplier number and bill Medicare for services rendered. The NSC is
required to conduct site visits to DME physical locations upon initial enrollment and three years
later to ensure ongoing compliance.
In March 2007, the OIG released two reports indicating that compliance with DME enrollment
standards was lacking. One investigation found that 45% of Medicare participating DME
companies in South Florida failed to comply with at least one of five Medicare enrollment ⁴⁷
standards in CY05. The second investigation, which involved site-visits to 169 DME suppliers
in 10 states (excluding Florida), found 10 suppliers without an actual physical facility at their
address. These 10 suppliers subsequently billed Medicare almost $393,000 in the two months ⁴⁸
following the OIG’s visit.
Criticism surrounding the adequacy and enforcement of enrollment standards for DME suppliers
is not new. In 2001, the OIG recommended that CMS conduct random, unannounced site visits to
DME suppliers to help reduce the potential for fraudulent billing. A few years later, a 2005 GAO
report declared the standards inadequate and reported that many DME suppliers were able to
resume participation in Medicare after being suspended for enrollment violations. The GAO

⁴⁴^“^I^m^p^rope^{r Me}^dic^a^r^e^FFS^P^a^y^m^eⁿ^ts^Re^por^t,”^Ce^nte^r^s^f^o^{r Me}^dic^a^r^e^a^nd^Me^dic^aⁱ^{d Se}^rv^ic^e^s^{, N}^o^v^e^m^b^e^r²⁰⁰^7.
⁴⁵^HHS^P^r^{ess Rel}^ease,^“M^edⁱ^{care P}^r^o^vⁱ^d^{er E}ⁿ^r^o^l^l^m^en^t^Dem^oⁿ^s^t^r^atⁱ^oⁿ^In^vo^l^vⁱⁿ^{g S}^u^p^p^lⁱ^e^rs^o^f^Du^rab^l^e^M^e^dⁱ^cal
^Equi^pm^eⁿ^t,^P^r^os^t^h^e^tic^s^,^O^r^th^otic^s^,^a^nd^Su^ppl^ie^s⁽^D^ME^P^O^S)ⁱⁿ^Hⁱ^g^h^-^R^is^k^A^r^ea^s^,^”^J^u^l^y^{2, 2}⁰⁰⁷^.
⁴⁶^Se^e^{42 C}^F^R⁴²⁴^.⁵⁷⁽^c⁾^f^o^r^a^de^s^c^rⁱ^ptioⁿ^of^the²¹^s^t^aⁿ^da^r^d^s^.^S^o^m^e^of^the^s^t^a^nda^r^d^s^inc^l^u^d^e^beⁱⁿ^g^c^o^m^p^la^{int w}^ith
^f^e^de^ra^{l a}^{nd s}^t^a^t^e^lic^eⁿ^s^u^re^re^quire^m^e^nts^,^m^a^inta^ining^a^phy^sⁱ^c^a^l^fa^cility^,^m^a^inta^ining^a^prim^a^r^y^busⁱⁿ^e^s^s^te^le^phone^,^a^nd
^b^eⁱⁿ^{g accessi}^b^l^{e (o}^p^eⁿ^aⁿ^d^st^af^f^e^d⁾^du^riⁿ^g^b^u^sⁱⁿ^{ess h}^o^u^r^s.
⁴⁷^Se^e^O^E^I^-^03-^07-⁰⁰¹⁵^{0: S}^o^u^t^h^Flo^r^ida^Su^pp^lie^r^s^’^C^o^m^p^lia^nc^e^w^{ith Me}^dic^a^r^e^Sta^nda^r^d^s^:^R^e^s^u^lts^f^r^om^Uⁿ^aⁿⁿ^o^uⁿ^c^e^d
^Vis^its^,^Ma^r^c^{h 2}⁰⁰⁷^{, a}^t^htt^p^://^oig^.^h^h^s^.^g^o^v^/^oe^i/^r^e^por^ts^/^o^eⁱ^-^03-^07-⁰⁰¹^50.^pdf^.
⁴⁸^Se^e^O^E^I^-^04-^05-⁰⁰³⁸^{0: Me}^dic^a^l^Equi^pm^eⁿ^{t Sup}^p^lie^r^s^{: C}^o^m^p^lia^nc^e^w^{ith Me}^dic^a^r^e^Enr^o^llm^eⁿ^{t R}^e^qu^ir^e^m^eⁿ^ts^{, Ma}^r^c^h
²⁰⁰^{7, a}^t^htt^p^://^oig^.^h^h^s^.^g^o^v^/^oe^i/r^e^por^ts^/^o^eⁱ^-^04-^05-⁰⁰³⁸^0.p^d^f^.

echoed the OIG’s 2001 recommendation to conduct random site visits to DME supplier locations ⁴⁹
outside of the initial enrollment and re-enrollment periods.
On July 2, 2007, CMS announced a demonstration project requiring all DME suppliers in Los
Angeles and Miami to reapply to participate in the Medicare program. As part of the demo,
approximately 7,500 DME suppliers will be contacted by mail and requested to complete another
Medicare enrollment application. Those that fail to submit the new application within 30 days
will automatically lose Medicare billing privileges. The agency also plans to conduct random,
unannounced site visits to supplier locations in these areas.
In addition to meeting enrollment standards, CMS will also be requiring DME suppliers to meet ⁵⁰
new quality standards and become accredited by a CMS-approved Accreditation Organization.
For FY2008 and beyond, the NSC will be prohibited from issuing a Medicare billing number to
any supplier that is not accredited under the new rule.
Due to a growing concern that Medicare needed extra protection against improper payments,
Congress in Section 306 of the Medicare Modernization Act of 2003 (P.L. 108-173) authorized
the Secretary to contract with Recovery Audit Contractors (RACs) to identify over- and
underpayments in Medicare Parts A and B. The program started in March 2005 as a
demonstration project in three states (California, Florida, and New York). The Tax Relief and
Healthcare Act of 2006 (P.L. 109-432) made the RAC initiative permanent and mandated the
expansion of RAC contractors to all 50 states by 2010.
In November 2006, CMS released a status document on RAC performance for FY2006 which
found that the contractors had identified $303.5 million in improper payments in the three
demonstration states. Of this $303.5 million, $68.6 million had been collected in overpayments
from providers and $2.9 million had been identified as underpayments. The remaining $232.0
million is currently in the collection process. The majority of the overpayments were to inpatient ⁵¹
hospitals and skilled nursing facilities.
The RAC program is controversial because of how RAC contractors are paid. RACs are paid on a
contingency basis, which means that each RAC receives a percentage of what they collect in
overpayments from providers. In contrast, other CMS program integrity contractors are paid a
fixed annual amount based on their costs. This alternative payment mechanism for RACs has
certain provider groups concerned. For instance, providers claim that paying contractors on a
contingency basis creates incentives to aggressively audit and deny claims to receive higher ⁵²
payments from CMS. Providers that wish to dispute a denied claim must file an appeal and are

⁴⁹^Se^e^G^A^O^-^05-^656:^Mor^e^Ef^f^e^c^tive^Sc^r^e^eⁿ^ing^a^nd^Str^o^ng^e^r^Enr^o^llm^eⁿ^{t Sta}ⁿ^da^r^d^s^N^e^e^d^e^d^f^o^r^Me^dic^a^l^Eq^uipm^eⁿ^t
^Sup^p^lie^{rs, Se}^pte^m^be^{r 200}^{5, a}^t^htt^p^://w^ww^.^g^a^o^.g^ov^/ⁿ^e^w^.ite^m^s^/^d⁰⁵⁶^56.^pdf^.
⁵⁰^Se^c^tion³⁰²⁽^a⁾⁽¹⁾^of^the^Me^dⁱ^c^a^r^e^P^r^e^s^c^r^ipti^on^D^r^ug^{, I}^m^pr^ov^e^m^eⁿ^{t, a}ⁿ^d^Mo^de^rⁿ^iz^a^tⁱ^{on A}^c^{t of}²⁰⁰³⁽^P^L⁾^r^e^q^u^ir^e^s
^Me^dic^a^r^e^{to de}^v^e^lo^{p a}ⁿ^d^im^ple^m^eⁿ^{t q}^u^a^lity^sta^nda^{rds f}^o^{r DME su}^pplie^rs.
⁵¹^C^M^{S R}^A^C^Sta^t^us^D^o^c^u^m^e^{nt FY}²⁰⁰^{6, N}^o^v^e^m^b^e^r^2006,^a^t^ht^tp:/^/w^w^w^.cm^s^.hhs^.g^ov^/R^A^C^/^D^ow^nloa^d^s^/
^R^A^C^S^ta^tus^D^oc^um^eⁿ^t—^FY²⁰^06.^pdf
⁵²^{In Ma}^y²⁰⁰^7,³⁶^Ca^lif^ornia^Hous^e^Me^m^b^e^r^s^w^r^ote^{to CM}^{S re}^p^o^rtiⁿ^g^tha^t^I^npa^tie^nt^Re^ha^bil^ita^tio^{n F}^a^c^ilitie^{s (IRFs)}
^w^e^r^e^e^x^pe^rieⁿ^cⁱ^ng^hig^h^c^l^aⁱ^m^de^nia^l^ra^te^s^f^r^o^m^the^CA^R^A^{C: http:/}^/w^w^w^.hous^e^.^g^o^v^/lis^t/s^p^eech^/^ca2^3_^cap^p^s^/^m^o^r^en^e^w^s/
^pr^_⁰⁷⁰⁶^05m^e^d^ic^a^r^e^a^udits^.s^htm^l^.

obligated to pay the claim until a determination on the appeal is made. If the provider wins an
appeal at the first level, any associated contingency payments paid to the RAC must be returned
to CMS. However, if the provider wins an appeal at the second or higher level, the RAC retains
the contingency payment. In FY2006, providers in the three RAC demonstration states filed 2,596 ⁵³
appeals challenging RAC overpayment determinations.
In response to these concerns, CMS ceased RAC activity of Inpatient Rehabilitation Facilities
(IRFs) in California and made some changes to the permanent RAC program set to begin at the ⁵⁴
end of March 2008. Under the permanent program, if a RAC determination is overturned at any
level of appeal, the RACs will be required to refund all contingency fees to CMS. In addition, the
agency has placed nationwide limits on the number of medical records a RAC can request from a
provider and is requiring that all RACs hire a medical director to oversee the review process.
By 2010, CMS plans to have four RACs in place. Each RAC will be responsible for identifying
overpayment and underpayments in approximately one-fourth of the country. In 2007, the RAC
demonstration was expanded to three additional states: South Carolina, Massachusetts, and ⁵⁵
Arizona.
In addition to creating the HCFAC and MIP programs, the 1996 HIPAA legislation gave CMS the
authority to contract with specialized private organizations to conduct certain program integrity
activities. Program Safeguard Contractors (PSCs), which are responsible for reducing fraud and
abuse in the Medicare program, are one of these types of organizations. Among the tasks that
PSCs undertake are conducting fraud investigations, referring suspected cases to law
enforcement, and performing data analysis to identify trends and billing patterns that might
indicate fraudulent billing (otherwise referred to as benefit integrity work). CMS assesses the
performance of PSCs on an annual basis by examining monthly statistics related to contractor ⁵⁶
workload.
Since CMS awarded the first 12 contracts to PSCs in 1999, questions have been raised related to
their effectiveness and CMS’s oversight of PSC performance. Prior to creating PSCs, fraud and
abuse detection work was the responsibility of the Part A and B claims administration
contractors—FIs and carriers. Transferring these responsibilities to specialized entities was seen
as a strategy to improve Medicare’s program integrity capabilities. In 2001, two years after the
PSCs became operational, the GAO reported that CMS lacked clear and quantifiable measures to

⁵³^C^M^{S R}^A^C^Sta^t^us^D^o^c^u^m^e^{nt FY}²⁰⁰^{6, N}^o^v^e^m^b^e^r^2006,^a^t^ht^tp:/^/w^w^w^.cm^s^.hhs^.g^ov^/R^A^C^/^D^ow^nloa^d^s^/
^R^A^C^S^ta^tus^D^oc^um^eⁿ^t—^FY²⁰^06.^pdf
⁵⁴^A^f^te^r^c^onduc^ting^aⁿⁱⁿ^de^peⁿ^d^eⁿ^t^r^e^vⁱ^ew^of^a^sam^p^le^of^I^R^{F c}^l^aⁱ^m^s^pr^e^v^ious^ly^r^e^vⁱ^ew^e^d^by^the^C^a^lif^o^r^nia^R^A^C^,^C^M^S
^f^{ound t}^h^a^t^Me^dic^a^r^e^c^ontr^a^c^t^or^s^w^e^r^e^{not a}^p^plyⁱ^ng^c^o^v^e^r^a^g^e^a^{nd p}^a^y^m^eⁿ^{t polic}^ie^s^c^ons^is^te^nt^ly^f^o^r^I^R^{F s}^e^r^v^ic^e^s^{. I}ⁿ
^r^e^s^pons^e^,^C^M^S^ceased^RA^{C rev}ⁱ^e^w^o^f^{IRF clai}^m^sⁱⁿ^Calif^o^rⁿⁱ^{a. RA}^C^re^vⁱ^e^w^{s o}^f^th^ese^f^a^{cilities w}^ill^resu^m^e^{at th}^{e start}
^of^the^pe^r^m^aⁿ^eⁿ^{t R}^A^C^pr^og^r^a^mⁱⁿ^Ma^r^c^h²⁰^08.^L^e^tte^r^f^r^o^m^C^M^{S A}^d^mⁱ^nis^t^r^a^tor^K^e^r^r^y^N^.^W^e^em^s^{to R}^e^pr^e^s^eⁿ^ta^tiv^e
^L^oⁱ^s^Cap^p^s^.^Decem^b^e^{r 7}^,²⁰⁰⁷^.^A^v^ai^l^a^b^l^{e at}^h^t^t^p^:^/^/^www^.^a^h^a^.^o^rg/^a^h^a^/^l^e^t^t^e^r/²⁰⁰⁷^/⁰⁷¹²⁰⁷^-^l^e^t^-^cm^s-cap^p^s^.^p^d^f^.
⁵⁵^{CMS W}^e^bs^ite^,^Phy^s^ic^ia^{n Re}^g^u^la^t^o^ry^Is^s^u^e^s^T^e^a^m^(P^RIT⁾^{, A}^c^tiv^e^P^R^IT^Is^s^u^e^s^{, a}^c^c^e^s^s^e^{d on A}^u^g^u^s^t¹⁰^{, 2}⁰⁰⁷^{, a}^t
^http:^//www^.c^m^s^.hhs.g^ov^/P^RIT^/^P^R^IT^I^A^/^ite^m^d^e^t^a^il.a^s^p?^f^ilte^rTy^p^e⁼
^none^&^f^ilte^rBy^D^ID⁼⁰^&^s^ortB^y^D^I^D⁼¹^&^s^ortO^rde^r⁼^d^e^s^c^e^nding^&^ite^m^I^D⁼^CMS061⁹²^6&^intN^um^P^e^r^P^a^g^e⁼^10.
⁵⁶^A^t^pr^e^s^eⁿ^{t, C}^M^S^ha^s¹⁸^P^S^C^ta^s^k^or^de^r^s^{; 1}⁵^a^r^e^f^o^r^de^te^r^rⁱ^ng^f^r^a^{ud in}^Me^dic^a^r^e^P^a^r^t^s^A^a^{nd B}^,^a^nd^{3 a}^r^e^f^o^r
^de^te^rring^f^r^a^{ud in D}^M^E.^Spe^cⁱ^fⁱ^c^a^lly^{, CMS a}^sse^s^s^e^s^the^tim^e^line^s^s^of^{PSC pe}^rf^orm^a^nc^e^,^the^de^g^r^e^e^{to w}^h^ic^{h q}^u^a^lity
^{cases ar}^{e d}^e^vel^o^p^e^d^f^o^{r ref}^e^rral^t^o^t^h^{e OIG}^,^an^d^t^h^e^P^S^{Cs respo}ⁿ^sⁱ^v^en^{ess t}^o^l^a^w^en^f^o^rce^m^en^t^agen^ci^e^s^.

adequately assess PSC performance and recommended the agency develop specific criteria to ⁵⁷
better evaluate the contractors’ effectiveness at detecting and preventing fraud and abuse.
On July 20, 2007, the OIG released a report on the performance of PSCs. The OIG found
significant variation in the number of new investigations and case referrals initiated by the ⁵⁸
contractors. Neither the size of the PSC’s budget nor its oversight responsibility were correlated
with the number of new investigations or referrals to law enforcement. Also, PSCs are expected
to engage in pro-active data analysis to identify suspected patterns of fraud. However, only a
small percentage of new investigations resulted from this type of data-analysis.
An earlier OIG analysis of PSC evaluation reports from years 1999 through 2004 indicated that
the type of information collected by CMS in these reports was lacking. Many of the evaluation
reports contained limited quantitative and qualitative data related to PSCs activities and
achievements, and the majority of the reports were incomplete. According to CMS, quantifying
PSC results could create perverse incentives for the PSCs by rewarding them for the volume of ⁵⁹
cases they refer to law enforcement.
In FY2007, CMS awarded $119M to support 18 PSC task orders.
On January 1, 2006, Medicare began covering prescription drugs as part of the new Part D
benefit. Coverage is provided through private plans offered by MA-PDs or stand-alone PDPs. For
FY2008, outlays for Part D benefits are expected to total $52.2 billion. According to CBO, this ⁶⁰
amount is expected to triple to $141 billion by FY2017. CMS, the OIG, and the GAO have
stated that the new benefit is at risk for significant fraud and abuse. Potential areas of
vulnerability related to the Part D benefit are extensive and include eligibility and enrollment; the
bidding process; beneficiary, plan, and retail pharmacy fraud; incentives to reduce cost sharing;
formulary development; and many others.
To protect the integrity of Part D funds, CMS announced in October 2005 a plan to award
contracts to eight Medicare Drug Integrity Contractors (MEDICs). MEDICs responsibilities to
protect the Trust Fund from abuses may include reviewing bids from prescription drug plans for
participation in the program, performing audits of Part C MA-PD and Part D PDP plans,
investigating fraud complaints from beneficiaries, conducting data analysis to identify potentially
fraudulent billing patterns, and providing support to law enforcement agencies with fraud
investigations.

⁵⁷^Se^e^G^A^O^-^01-^616:^Me^dic^a^r^e^,^O^p^por^t^unitⁱ^e^s^a^{nd C}^h^a^lle^ng^e^s^{in C}^oⁿ^t^r^a^c^ting^f^o^r^P^r^og^r^a^m^Saf^e^g^u^a^r^ds^{, Ma}^y^{2001, a}^t
^http:^//w^w^w^.g^a^o^.g^ov^/ⁿ^e^w^.item^s^/^d⁰¹⁶¹^6.^pdf^.
⁵⁸^Iⁿ²⁰^05,^P^S^C^s^pr^o^duc^e^d^be^tw^e^eⁿ^{5 a}ⁿ^{d 4}⁷⁹^ne^w^P^a^r^t^A^inv^e^s^tig^a^tions^aⁿ^d^{18 a}ⁿ^d^3,7⁰⁷^ne^w^P^a^r^t^B^inv^e^s^tig^a^tions^.
^Ex^c^e^r^{pt ta}^k^e^{n f}^r^o^m^OI^G^Re^port:^Me^dic^a^r^e^’^{s P}^r^og^ra^m^Sa^f^e^g^u^a^r^{d Contra}^c^t^{ors: A}^c^tiv^itie^{s to De}^te^c^t^aⁿ^{d De}^te^{r Fra}^u^d^aⁿ^d
^A^bus^e^,^J^u^ly^2007,^a^t^htt^p^://^oig^.^h^h^s^.g^ov^/oe^i/r^e^por^ts^/^o^eⁱ^-⁰^3-⁰⁶^-⁰⁰⁰¹⁰^.p^df^.
⁵⁹^Se^e^O^E^I^-^03-^04-⁰⁰⁰⁵^{0: Me}^dic^a^r^e^P^r^og^r^a^m^Saf^e^g^u^a^r^{d C}^oⁿ^t^r^a^c^t^or^s^:^P^e^r^f^or^m^a^nc^e^Eva^l^ua^{tion R}^e^por^ts^,^Ma^r^c^{h 20}⁰⁶^{, a}^t
^http:^//oig^.^hhs^.g^ov^/^o^e^i/r^e^por^ts^/^o^eⁱ^-^03-^04-⁰⁰⁰⁵^0.p^d^f^.
⁶⁰^Cong^re^s^sⁱ^ona^{l B}^udg^e^t^O^f^fⁱ^ce^(CBO^{), Me}^dic^a^r^e²⁰⁰⁷^Fa^c^t^S^h^e^e^t^{, a}^t^htt^p^://w^w^w^.c^bo.g^o^v^/^f^t^pdoc^s^/^78x^x^/^doc⁷⁸⁶¹^/
^m^_^m^_^s^c^hip.pdf^.

Concerns have been raised related to CMS oversight of the MEDICs and the Part D benefit in
general. In April 2006, the Senate Finance Committee wrote a letter to CMS inquiring why CMS
had issued only one task order to a MEDIC organization after identifying numerous Part D fraud
vulnerabilities. In FY2006, the DRA provided $100 million in funds to address fraud associated
with the prescription drug program, a portion of which was to be allocated to the MEDICs. CMS
then awarded an additional four MEDIC contracts later that year. In addition, an OIG report
released in October 2007 found that by the end of FY2006, CMS had not yet commenced
financial audits of Part D plans and data analysis of billing trends to identify potential fraud—two
other key responsibilities of the MEDICs. Instead, CMS relied largely on beneficiary complaints
to detect abusive practices in FY2006. CMS expects to begin financial audits of Part D plans in ⁶¹
January 2008.
In a September 2006 report, GAO noted that CMS does not have an adequate method for
allocating program integrity funding to areas with the greatest risk, including risk associated with ⁶²
the Part D benefit. In light of an October 2007 announcement by CMS that the agency plans to
recover $4 billion in payments made to plans in 2006, this is worth noting. As part of the bidding
process, Part D plans must prospectively estimate how much it is going to cost to provide
prescription drug coverage to an average Medicare beneficiary. At the end of the year, CMS
compares actual costs with predicted costs as part of a payment reconciliation process. Because of
lower-than-expected drug costs for 2006, the predicted costs were $4 billion more than plans’
actual costs. Plans are required to return these extra payments to CMS. As Part D plans gain more
experience with the program, CMS predicts the difference between plans’ expected and actual
costs to decrease in future years.

As the Medicare program continues to grow in size and complexity, developing innovative
strategies to ensure the integrity of program will become increasingly important. Program
integrity activities encompass a broad set of strategies and processes designed to meet numerous
objectives, including preventing improper payments, identifying and detecting fraud,
investigating individuals suspected of committing Medicare fraud, and prosecuting offenders. To
carry out the six main types of program integrity activities for the Medicare Integrity Program
(MIP), the Center for Medicare and Medicaid Services (CMS) contracts with a diverse mix of
private organizations tasked with a variety of different oversight responsibilities. The
effectiveness of these efforts depends on close collaboration and coordination between these
organizations and federal enforcement agencies.
The implementation of the Health Care Fraud and Abuse (HCFAC) and MIP programs in 1996
provided CMS and Medicare enforcement agencies with a dedicated funding source to fight fraud
and abuse in health care programs. From 1997 through 2005, resources available to fight fraud
increased from $0.6 billion to $1.1 billion, and the number of new civil and criminal fraud
enforcement actions more than doubled. Furthermore, the amount of money transferred to the
Hospital Insurance (HI) Trust Fund as a result of health care fraud enforcement activities has been

⁶¹^Se^e^O^E^I^-^06-^06-⁰⁰²⁸^{0: C}^M^S’^s^I^m^plem^eⁿ^ta^tion^of^Sa^f^e^g^u^a^r^ds^D^u^rⁱ^ng^Fis^c^a^l^Y^e^a^r²⁰^{06 t}^o^P^r^e^v^eⁿ^{t a}^{nd D}^e^te^c^t^Fr^a^u^d
^a^{nd A}^bus^eⁱⁿ^Me^dic^a^r^e^P^r^e^s^c^r^ipti^{on D}^r^ug^P^l^aⁿ^s^,^O^c^t^obe^r²⁰⁰⁷^{, a}^t^http:^//oig^.^hhs^.g^ov^/^o^e^i/r^e^por^ts^/^o^eⁱ^-^06-^06-⁰⁰²⁸^0.p^d^f^.
⁶²^Se^e^G^A^O^-^06-^813:^Me^dic^a^r^e^Iⁿ^te^g^r^it^y^P^r^og^r^a^m^,^A^g^eⁿ^cy^A^ppr^oa^c^h^f^o^r^A^lloc^a^ting^Funds^Sh^oul^{d be}^R^e^vⁱ^s^e^d,
^Se^pte^m^be^{r 2006}^{, a}^t^http^://w^w^w^.^g^a^o^.g^ov^/ne^w^.item^s^/^d⁰⁶⁸^13.^pdf^.

steadily increasing. These statistics, however, do not apply to MIP activities, which receive the
largest share of HCFAC funding. Recent Government Accountability Office (GAO) reports have
raised questions about how MIP funding is being used and have recommended CMS develop
more quantitative measures to assess the impact of MIP program integrity activities in the future.
Outcomes and results from program integrity activities are difficult to assess for a number of
reasons. While perpetrators of fraud and abuse cost the Medicare program large amounts of
money annually, there are no reliable estimates on the size of the problem. The National Health
Care Anti-Fraud Association estimates that health care fraud accounts for at least 3% of total ⁶³
health care expenditures annually, but measuring the amount of true fraud is difficult. This
makes it challenging for policy makers to determine the extent of resources needed to effectively
combat the problem.
The implementation of the prescription drug benefit presents a new challenge for CMS and its
partners. In addition to increasing expenditures, contracting with private prescription drug plans
to deliver services to beneficiaries adds a new layer of complexity in administration. Since the
start of the prescription drug benefit on January 1, 2006, policy makers have expressed concerns
related to CMS oversight of the Part D MEDICs, which are responsible for ensuring Medicare
integrity in the Part D benefit. As payments to Part D plans continue to rise over the next several
years, it will be important to monitor the program integrity activities undertaken to safeguard
payments to Part D plans and providers.
Protecting the Medicare program from improper payment, fraud, and abuse is a complex and
challenging undertaking. With fraud perpetrators continually devising more sophisticated
schemes to defraud the system, administrators need to invest in a broad mix of preventive and
investigative techniques to uncover fraud and abuse. While the permanent authorization of
HCFAC and MIP funds have enhanced Medicare’s program integrity efforts, improvements in
oversight are needed to continue to ensure Medicare beneficiaries access to high quality and
appropriate care.
^Holl^y^Stoc^k^d^ale
^Aⁿ^a^l^ystⁱⁿ^H^e^a^l^t^h^Ca^r^e^Fi^na^ncⁱ^ng
^h^s^t^o^c^k^dal^e^@^c^rs^.l^oc.g^o^v^{, 7-}⁹⁵⁵³

⁶³^S^{ee “T}^h^e^P^r^ob^l^e^m^o^f^Heal^t^h^Car^e^F^r^au^d^,^{” t}^h^{e Nat}ⁱ^oⁿ^a^l^Heal^t^h^Car^e^Aⁿ^tⁱ^-^F^r^au^d^A^sso^ci^atⁱ^oⁿ^,^at
^h^t^t^p^:^/^/^www^.ⁿ^h^caa.^o^r^g/^eweb^/
^D^yⁿ^a^mⁱ^cP^age.^asp^x^?^w^eb^co^d^e=an^tⁱ^_^f^r^a^ud_r^e^s^our^c^e^_^c^eⁿ^tr^&^w^ps^c^ode⁼^T^he^P^r^ob^le^m^O^f^H^C^F^r^a^ud,^access^e^d^oⁿ^Oct^o^b^e^r²³^,
²⁰⁰^7.