Order Code RL34217
Medicare Program Integrity: Activities to Protect
Medicare from Payment Errors, Fraud, and Abuse
October 24, 2007
Holly Stockdale
Analyst in Medicare
Domestic Social Policy Division

Medicare Program Integrity: Activities to Protect
Medicare from Payment Errors, Fraud, and Abuse
Summary
In FY2008, Medicare is expected to cover an estimated 44.6 million
beneficiaries at a total cost of $456 billion. With an average annual growth rate of
7.0%, the Congressional Budget Office (CBO) projects Medicare costs to double
over the next 10 years. Because of a number of factors, such as an aging population,
overall increases in medical costs, and the new Part D prescription drug benefit,
spending on Medicare services is expected to grow more than spending in the U.S.
economy. As expenditures continue to rise in the nation’s largest health insurance
program, efforts to preserve the integrity of the program receive increased attention
from policy makers.
Program integrity is considered a component of the effective and efficient
administration of government programs, which are entrusted with ensuring that
taxpayer dollars are spent wisely. Efforts to ensure Medicare program integrity
encompass a wide range of activities and require coordination among multiple private
and public entities. In general, initiatives designed to fight fraud, waste, and abuse
are considered program integrity activities. This includes processes directed at
reducing payment errors to Medicare providers, as well as activities to prevent,
detect, investigate, and ultimately prosecute health care fraud and abuse.
Because of the size and scope of the Medicare program, multiple government
entities are involved in protecting Medicare’s integrity. As the agency responsible
for administering the Medicare program, the Centers for Medicare and Medicaid
Services (CMS) oversees a network of private contractors that conduct various
program integrity activities. The six main types of activities are conducting audits,
reviewing claims for medical necessity, identifying and investigating potentially
fraudulent behavior, ensuring that Medicare pays only for services for which it has
primary responsibility, educating providers on Medicare billing procedures, and
managing a Medicare-Medicaid data match program to identify fraud that may affect
both federal health insurance programs. Contractors refer suspected cases of fraud
to the Department of Health and Human Services (DHHS) Office of the Inspector
General (OIG) and the Department of Justice (DOJ) for further investigation and
prosecution.
Medicare program integrity activities are funded in statute, largely through the
Medicare Integrity Program (MIP) and the Health Care Fraud and Abuse Control
Program (HCFAC), which provide CMS and other federal agencies with dedicated
funds to prevent fraud, waste, and abuse in Medicare.
This report provides an overview of Medicare’s program integrity efforts. A
definition of program integrity is presented, as well as descriptions of the types of
activities, organizations, and agencies involved in protecting Medicare’s integrity on
a day-to-day basis. The report continues with a history of federal funding for
Medicare’s anti-fraud activities and a discussion of findings from recent studies on
program integrity efforts. The report concludes with a brief description of current
issues. This report will be updated to reflect legislative changes.

Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Background on Medicare . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Program Integrity Defined . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Types of Program Integrity Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Cost Report Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Medical Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Benefit Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Medicare Secondary Payer (MSP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Provider Education . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Medicare-Medicaid Data Match Program . . . . . . . . . . . . . . . . . . . . . . . 8
Types of Program Integrity Contractors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Claims Administration Contractors . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Program Safeguard Contractors (PSCs) . . . . . . . . . . . . . . . . . . . . . . . . . 9
Recovery Audit Contractors (RACs) . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Coordination of Benefits (COB) Contractor . . . . . . . . . . . . . . . . . . . . . 9
Medicare Managed Care Program Integrity Contractors
(MMC-PICs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Medicare Drug Integrity Contractors (MEDICs) . . . . . . . . . . . . . . . . . 10
Quality Improvement Organizations (QIOs) . . . . . . . . . . . . . . . . . . . . 10
Other Contractors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Medicare Program Integrity Partners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
History of Funding for Medicare Program Integrity Activities . . . . . . . . . . . . . . 13
Current Funding for Medicare Program Integrity Activities . . . . . . . . . . . . . . . . 16
Assessment of Program Integrity Efforts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Improper Payment Rates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
HCFAC Annual Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
GAO HCFAC Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
OMB Program Assessment Rating Tool (PART) . . . . . . . . . . . . . . . . 21
Other GAO Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Current Program Integrity Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Durable Medical Equipment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Recovery Audit Contractor Program . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Program Safeguard Contractors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Program Integrity Activities for Part D . . . . . . . . . . . . . . . . . . . . . . . . 26
Concluding Observations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

List of Tables
Table 1. HCFAC and MIP Appropriations for Selected Fiscal Years . . . . . . . . . 15
Table 2. Medicare National Paid Claim Error Rates and Gross Improper
Payments for Every Two Years Between 1996 and 2008 . . . . . . . . . . . . . . 18
Table 3. HCFAC Summary of Results and Accomplishments for Years
1998-2005 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Medicare Program Integrity: Activities to
Protect Medicare from Payment Errors,
Fraud, and Abuse
Introduction
According to the 2007 Medicare Trustees report, Medicare expenditures were
$408 billion in FY2006 for 43.2 million beneficiaries.1 In FY2008, Medicare is
expected to cover an estimated 44.6 million beneficiaries2 at a total cost of $456.3
billion.3 The Congressional Budget Office (CBO) projects these expenditures to
double over the next 10 years. The majority of Medicare spending, approximately
75%, is for benefits provided by Parts A and B, the fee-for-service portion of the
program. As one of the fastest growing sectors of the federal budget, challenges exist
in maintaining and ensuring the integrity of the nation’s largest health insurance
program.
Ensuring program integrity is typically discussed in connection with program
administration and financial management issues. Its chief purpose is the effective
and efficient use of taxpayer dollars. In general, initiatives designed to fight fraud,
waste, and abuse are considered program integrity activities. This includes processes
directed at reducing payment errors, as well as activities to prevent, detect,
investigate, and ultimately prosecute health care fraud and abuse. More specifically,
program integrity ensures that correct payments are paid to legitimate providers for
appropriate and reasonable services for eligible beneficiaries.
Because of the size and scope of the Medicare program, multiple government
entities are involved in preserving Medicare’s integrity. As the agency responsible
for administering the Medicare program, the Centers for Medicare and Medicaid
Services (CMS) oversees a network of private contractors that conduct a variety of
program integrity activities as part of its Medicare Integrity Program (MIP).
Examples of such activities include auditing providers, reviewing claims for medical
necessity, and identifying and investigating alleged fraud. Contractors will develop
and refer suspected cases of fraud to the Department of Health and Human Services
1 Centers for Medicare and Medicaid Services (CMS) Office of the Actuary, 2007 Medicare
Board of Trustees Report, April 23, 2007, at [http://www.cms.hhs.gov/ReportsTrustFunds/
downloads/tr2007.pdf].
2 Department of Health and Human Services, Budget in Brief, 2008, at [http://www.hhs.gov/
budget/08budget/2008BudgetInBrief.pdf].
3 Congressional Budget Office (CBO), Medicare March 2007 Fact Sheet, at
[http://www.cbo.gov/ftpdocs/78xx/doc7861/m_m_schip.pdf].

CRS-2
(DHHS) Office of the Inspector General (OIG) and the Department of Justice (DOJ)
for further investigation and prosecution.
Medicare program integrity activities are funded in statute, largely through the
Medicare Integrity Program (MIP) and the Health Care Fraud and Abuse Control
Program (HCFAC), which provide CMS and federal law enforcement agencies with
dedicated funds to safeguard federal monies and prevent fraud, waste, and abuse in
Medicare. The MIP and HCFAC programs were both established by the Health
Insurance Portability and Accountability Act of 1996 (HIPAA, P.L. 104-191) for the
purpose of increasing and stabilizing federal funding for anti-fraud activities.4
This report provides an overview of Medicare’s program integrity efforts. The
report begins with a definition of program integrity, followed by detailed information
on typical program integrity activities, a description of Medicare contractors and their
role in ensuring Medicare integrity, and a discussion of other government agencies
involved in protecting Medicare from fraud, waste, and abuse. A history of funding
for Medicare’s program integrity and anti-fraud activities is presented, as well a
discussion of findings from recent studies on program integrity activities. The report
concludes with a brief description of current issues. Although this report addresses
program integrity activities undertaken to combat fraud in Medicare’s private Part C
and D programs, it is largely focused on Medicare’s approaches to ensure integrity
in its fee-for-service program (Parts A and B), which constitute the largest share of
Medicare spending.
Background on Medicare
Medicare is the nation’s health insurance program for persons aged 65 and older
and certain disabled persons. Of the program’s 43.2 million enrollees, approximately
85% are aged and the remaining 15% are disabled.5 In 2006, spending on Medicare
services accounted for an estimated 58% of total federal health expenditures and 20%
of all national health expenditures.6 The majority of Medicare spending, nearly 75%,
is for benefits provided by Parts A and B, the fee-for-service portion of the program
otherwise known as “original” or “traditional” Medicare. The remaining 25% is
spent on private health care plans that deliver Medicare services to beneficiaries
under Part C, the Medicare Advantage (MA) program, and Part D, the new
prescription drug benefit.
4 Section 1893 of the Social Security Act (SSA) governs the Medicare Integrity Program
(MIP), and Section 1128C of the Social Security Act governs the Health Care Fraud and
Abuse Control (HCFAC) program.
5 The disabled population includes persons under age 65 who receive cash disability benefits
from Social Security or the Railroad Retirement systems for at least 24 months and persons
under age 65 with end stage renal disease (ESRD).
6 Centers for Medicare and Medicaid Services, National Health Expenditure Projections
2006-2016, at [http://www.cms.hhs.gov/NationalHealthExpendData/downloads/proj2006.
pdf].

CRS-3
Medicare consists of four distinct parts: Parts A, B, C, and D. Medicare Part A
(Hospital Insurance) covers inpatient hospital services, skilled nursing facility
services, home health, and hospice services. Medicare Part B (Supplementary
Medical Insurance) covers a variety of other medical services, such as physician
services, outpatient hospital care, laboratory services, and durable medical
equipment. Beneficiaries also have the option to enroll in a private Medicare Part C
or MA plan to receive all required Part A and B benefits, and a private Medicare Part
D or Prescription Drug Plan (PDP) for prescription drug benefits. Most beneficiaries
who opt to enroll in a private plan choose a MA-PD (Medicare Advantage
Prescription Drug) plan for combined Part C and D coverage. Approximately 81%
of beneficiaries receive services through the fee-for-service portion of the program
(original Medicare), and 19% of Medicare beneficiaries receive services through a
private Part C MA plan.
Medicare pays for services in Parts A and B, or traditional Medicare, differently
than it does for services under Parts C and D. Under the traditional fee-for-service
program, Medicare pays providers directly for each specified unit of service delivered
to a beneficiary. The unit of service may be a single procedure, visit, or test, or a
group of services, such as a hospital stay. In contrast, for Parts C and D, Medicare
pays private health plans to deliver Medicare services to beneficiaries. In addition,
unlike Part A and B Medicare providers, private plans participating in Medicare are
paid on a capitated basis as opposed to a fee-for-service basis. Under capitation,
private plans receive a fixed monthly payment per enrollee regardless of the amount
of services provided. Payment is made in advance for a pre-determined set of
benefits; either Part A and B benefits administered by a Part C plan or prescription
drug benefits administered by a Part D PDP plan.
Each method of payment produces conflicting financial incentives for health
plans and providers. These conflicting incentives result in different forms of fraud
and abuse unique to each payment system. Under fee-for-service, providers may have
an incentive to over- utilize health care services or provide more care to beneficiaries
in order to maximize reimbursement. The more services providers deliver, the more
money they receive. The opposite is true in capitated payment systems. Under
capitation, where the payment is a fixed monthly amount per enrollee, providers may
have an incentive to limit health services or provide less health care to beneficiaries.
A provider’s reimbursement amount does not vary with the number of services
delivered.
Medicare is administered by the Centers for Medicare and Medicaid Services
(CMS) within the Department of Health and Human Services (DHHS). CMS
contracts with more than 40 private entities to oversee day-to-day operations and
conduct program integrity activities for Medicare Parts A, B, C, and D. Each year,
Medicare contractors process nearly 1 billion claims from over 1 million providers
enrolled in the Medicare program. In addition to processing and paying claims,
contractors perform certain program integrity functions. Contractor activities are
overseen by two departments within CMS: the Program Integrity Group and the
Center for Beneficiary Choices. The Program Integrity Group is responsible for
oversight related to Parts A and B. The Center for Beneficiary Choices is responsible
for oversight activities related to Part C — the MA program. Both departments share
oversight responsibility for Part D.

CRS-4
Program Integrity Defined
Program integrity is often discussed in connection with financial management
and oversight issues. It is considered an essential component of the efficient and
effective administration of government programs and integral to accomplishing a
program’s social goals. In Medicare, one of these social goals is to ensure access to
high-quality care for all beneficiaries. To meet this objective, Medicare implements
activities designed to ensure that correct payments are made to legitimate providers
for appropriate and reasonable services for eligible beneficiaries. On a practical
level, program integrity activities are those directed at protecting the program from
payment errors, fraud, and abuse.
Broadly defined, Medicare program integrity functions encompass two types of
activities designed to safeguard program payments: (1) activities directed at reducing
payment errors or improper payments and (2) activities directed at protecting the
Medicare program from fraud, waste, and abuse. The first set of activities
emphasizes prevention and relies largely on automated processes to detect improper
or potentially fraudulent claims before they are paid. The second set of activities
emphasizes the identification and detection of health care fraud through the analysis
of claims after they have been paid. An effective program integrity strategy
incorporates elements from both approaches.
To protect the Medicare Trust Fund from improper payments, CMS contracts
with private organizations that review claims to determine whether the services
provided are medically reasonable and necessary. Although program integrity
activities directed at reducing improper payments will identify some instances of
fraud, they are not specifically designed to do so. In Medicare, improper payments
are largely the result of mistakes or inadvertent billing errors on the part of Medicare
providers submitting claims or Medicare contractors processing claims. Despite
these limitations, improper payments pose a significant financial risk to the Medicare
program. In November 2006, CMS reported a national paid claims error rate of
4.4%, which amounted to approximately $10.8 billion in expenditures.7 Therefore,
activities directed at reducing payment errors are an important component of program
integrity.8
To protect the Medicare Trust Fund from fraud and abuse, CMS contracts with
private organizations to conduct program integrity activities directed at identifying
and detecting actual fraud. CMS typically classifies these activities as benefit
integrity activities. Examples of benefit integrity methods may include performing
ongoing data analysis of claims to identify aberrant billing patterns, developing fraud
investigations, and referring suspected cases of fraud to law enforcement personnel
for prosecution. Although law enforcement personnel may point to a deterrent effect
associated with these types of activities, their focus is not on preventing fraud. Their
7 See CMS annual improper payment rate report for November 2006:
[https://www.cms.hhs.gov/apps/er_report/edit_report_1.asp?from=public&reportID=6].
8 Since 1990, GAO has designated Medicare a high-risk program because of its
vulnerability to improper payments.

CRS-5
focus is on tracking down offenders and recovering improper payments after fraud
has been committed.
Although there is a certain level of overlap, program integrity approaches to
address fraud and abuse in Medicare’s fee-for-service program are generally different
than those used to address fraud in Medicare’s Part C and D private plans. These
differences stem largely from differences in Medicare’s payment structure. In fee-
for-service, where providers have an incentive to provide more services, examples
of fraud may include billing for services not rendered, billing multiple insurers for
the same service, or accepting bribes or kickbacks for referring patients. In capitated
payment systems, where providers have an incentive to provide fewer services, types
of fraudulent activities may include employing misleading marketing tactics in an
effort to discourage utilization, “cherry picking” or selectively enrolling healthy
enrollees, or failing to provide medically necessary care. Historically, the
government’s anti-fraud methods have focused on combating fraud in the fee-for-
service sector. However, with enrollment in private Medicare plans on the rise,
program integrity approaches to fight fraud in capitated payment systems are
becoming more important.
Ensuring Medicare program integrity is a coordinated effort involving CMS,
Medicare contractors, law enforcement agencies, providers, and beneficiaries. By
analyzing billing data, monitoring improper payments, and investigating potential
fraud, Medicare contractors play a significant role in the detection and prevention of
health care fraud and abuse. When these activities reveal suspected fraudulent
activity, contractors develop and refer cases to the Department of Health and Human
Services (DHHS) Office of the Inspector General (OIG) for further investigation and
administrative sanctions. If the OIG suspects federal criminal law has been violated,
fraud cases are then referred to the Department of Justice (DOJ) for prosecution.
Types of Program Integrity Activities
To protect the Medicare program from improper payments, as well as fraud,
waste, and abuse, CMS conducts six main types of program integrity activities: cost
report auditing, medical review, benefit integrity, Medicare secondary payer, provider
education, and operating a Medicare-Medicaid Data Match Program. These six
functions are stipulated in law and are largely performed as part of CMS’s MIP
program.9 CMS contracts with private organizations, otherwise known as Medicare
contractors, to conduct these activities, the bulk of which are performed for Part A
9 The Health Insurance Portability and Accountability Act of 1996 (PL104-191) created
Section 1893 of the Social Security Act, which established the Medicare Integrity Program
or MIP. As part of MIP, the legislation outlines the activities that are to be conducted in
carrying out the program. Section 1893 also includes an additional activity, which is not
addressed in this report. This activity is developing a list of items of durable medical
equipment in accordance with section 1834(a)(15) that are subject to prior authorization.
This item is not addressed in this report because CMS does not use MIP funds to support
this activity.

CRS-6
and B Medicare providers. Specific information on the types of private organizations
that perform these functions are described in the next section.
Cost Report Auditing. Part A Medicare providers such as hospitals, nursing
homes, home health agencies, and other institutional providers are required to submit
cost reports to CMS annually.10 Cost reports contain information on the provider’s
allocation of costs across services. CMS contractors analyze these cost reports by
conducting desk reviews. The objective of the desk review is to assess whether the
reported costs are adequate and accurate, and to determine whether a more
comprehensive, on-site audit is necessary. If the desk review reveals problems with
the cost report, contractors will conduct field audits at the provider’s place of
business. Field audits are designed to ensure compliance with Medicare regulations
and reimbursement policies and to obtain reasonable assurance that the cost report
was prepared in accordance with Medicare laws, regulations, and instructions. The
cost report auditing activity also includes audits of Medicare Part C or private MA
plan cost reports.11 Part B Medicare providers (physicians, outpatient hospital,
durable medical equipment providers, and others) are not required to submit cost
reports to CMS.
Medical Review. Medical review activities are designed to identify and
prevent payment errors and mistakes in billing. More specifically, medical review
activities ensure that a payment is appropriate for the service that is provided and
meets professionally recognized standards of care. As part of this process, Medicare
contractors review claims, largely through the use of automated computer edits, to
verify that the services are (1) covered by Medicare, (2) provided by legitimate
providers, (3) delivered to eligible beneficiaries, and (4) reasonable and medically
necessary.12 Medical review methods also include issuing Local Coverage
Determinations (LCDs) for providers, which outline which items and services will
10 Generally, Part A Medicare providers are paid under a prospective payment system (PPS).
With PPS, providers are paid pre-determined payment amounts based on specified units of
service, such as hospital stays. When performing cost report audits, CMS reviews the few
items that could affect a provider’s payment under PPS, such as bad debt, organ
procurement costs, payments for indirect and direct medical education, and the number of
low-income patients hospitals serve. Recent studies conducted by GAO and MEDPAC have
questioned the degree to which CMS’s current audit process assesses the accuracy of
Medicare costs for providers paid under PPS. See GAO-06-813, Medicare Integrity
Program: Agency Approach for Allocating Funds Should be Revised, September 2006, at
[http://www.gao.gov/new.items/d06813.pdf], and MEDPAC, Report to the Congress:
Sources of Financial Data on Medicare Providers, June 2004, at [http://www.medpac.gov/
publications/congressional_reports/june04_990_DataNeeds.pdf].
11 Although the law requires that CMS annually audit the financial records of at least one-
third of Part C MA plans, a recent GAO report released in July 2007 found that CMS did
not document its process for ensuring that it met this requirement for years 2001-2005. See
GAO-07-945, Medicare Advantage: Required Audits of Limited Value, July 2007, at
[http://www.gao.gov/new.items/d07945.pdf].
12 Computerized edits also check for errors such as incomplete or duplicate claims, claims
where diagnosis codes do not match procedure codes, and unallowable code combinations.

CRS-7
be eligible for payment under the Medicare statute.13 LCDs are used to develop and
update computer edits on an ongoing basis. When an edit reveals a billing error or
problem with a claim, Medicare contractors may conduct a manual pre-payment or
post-payment claims review, request additional medical documentation from the
provider, or contact beneficiaries to verify that the services were actually provided.14
Benefit Integrity. Benefit integrity involves the identification and
investigation of potential fraud cases and referrals to law enforcement. CMS
contractors hired to perform benefit integrity work may conduct national and regional
data analysis to identify aberrant patterns of billing, request medical documentation
from providers to verify services delivered, investigate beneficiary complaints related
to fraud, educate providers about fraud detection and prevention, and review and
process applications from certain Medicare providers. When fraud is suspected,
contractors refer cases to the OIG or law enforcement for further investigation,
prosecution, or both. Benefit integrity activities may also include recoupment of
overpayments and suspension of future payments when fraud is suspected.
Medicare Secondary Payer (MSP).15 MSP activities ensure that Medicare
pays only for those services where it has primary responsibility for payment. Under
MSP rules, Medicare is prohibited from making payments for any item or service
when payment has been made or can reasonably expect to be made by certain third-
party payers. Statutorily, Medicare is the secondary payer to employer-based
insurance plans, auto liability insurance, and workers compensation insurance. CMS
maintains a comprehensive database of all Medicare beneficiaries health insurance
information and uses the database to conduct investigations related to MSP.
Provider Education. To help prevent errors and keep providers abreast of
any changes in Medicare billing and coding procedures, contractors are required to
conduct regular outreach and educational activities. Examples of educational
activities include seminars, workshops, articles and fact sheets, and other website
publications. Provider education activities also include developing resources for
providers to help them avoid and detect fraud, waste, and abuse. When billing
problems or improper payments are identified, CMS contractors are required to work
with Medicare providers directly to correct mistakes.
13 A Local Coverage Determination (LCD), as established by Section 522 of the Benefits
Improvement and Protection Act of 2000 (BIPA, P.L. 106-554), is a decision by a fiscal
intermediary or carrier whether to cover a particular service on an intermediary-wide or
carrier-wide basis in accordance with Section 1862(a)(1)(A) of the Social Security Act (i.e.,
a determination as to whether the service is reasonable and necessary).
14 Manual pre-payment and post-payment claims reviews are initiated only after billing
problems have been identified with a provider. Under pre-payment review, contractors will
conduct a manual medical review on a percentage of claims before payment is made. When
conducting postpayment review, contractors examine a statistically valid sample of paid
claims from a provider.
15 For more information on Medicare Secondary Payer, see CRS Report RL33587, Medicare
Secondary Payer — Coordination of Benefits
, by Hinda Chaikind.

CRS-8
Medicare-Medicaid Data Match Program. Referred to as the Medi-Medi
program, this activity is designed to identify fraudulent or improper billing practices
that affect both Medicare and Medicaid programs. By matching data across both
programs, CMS investigates atypical billing patterns that may not be evident when
analyzing the data from each program separately. When problems are identified,
CMS works with the states to initiate payment recovery actions. CMS currently has
Medi-Medi projects in 10 states and plans to expand the program nationwide.
Types of Program Integrity Contractors
To conduct the six program integrity activities described in the previous section,
CMS contracts with a mix of different private organizations, called Medicare
contractors. The types of program integrity activities undertaken by the different
contractors vary depending on their Statement of Work (SOW). Some process and
pay Medicare claims in addition to performing select program integrity functions
(Claims Administration Contractors). Program Safeguard Contractors (PSCs),
Recovery Audit Contractors (RACs), and the Coordination of Benefits (COB)
contractor specialize solely in program integrity and fraud prevention activities for
Part A and B Medicare providers. Medicare Managed Care Program Integrity
Contractors (MMC-PICs) and Medicare Drug Integrity Contractors (MEDICs) handle
a wide variety of anti-fraud activities for Part C MA plans and Part D PDPs. Finally,
Quality Improvement Organizations (QIOs) are responsible for safeguarding
payments to inpatient hospitals. A brief description of each of these contractors and
their scope of work are described below. This list is not exhaustive.
Claims Administration Contractors. Claims administration contractors
include Fiscal Intermediaries (FIs), Carriers, and Medicare Administrative
Contractors (MACs).16 FIs process claims for Part A providers (hospital, home
health, and skilled nursing facilities), and Carriers process claims for Part B providers
(physician, laboratory, and durable medical equipment [DME] providers).17 MACs
process claims for both Part A and B providers. In addition to processing and paying
claims, these contractors perform certain program integrity tasks related to medical
review, which includes reviewing claims to ensure that Medicare pays for services
that are reasonable and medically necessary. They also perform other program
integrity-related tasks, such as conducting provider audits, educating providers on
16 Section 911 of the Medicare Prescription Drug, Improvement, and Modernization Act of
2003 (MMA, P.L. 108-173) mandated that the Secretary implement Medicare fee-for-service
(FFS) contracting reform. Effective October 1, 2005, the Secretary has the authority to
replace the current claims administration contractors (FIs and Carriers) with 15
performance-based Medicare Administrative Contractors, otherwise known as MACs, by
2011. MACs will process and pay claims for both Part A and B Medicare providers.
Contracting reform is expected to generate savings to the government by promoting greater
efficiency in processing Medicare claims.
17 DME includes items such as hospital beds, wheelchairs, respirators, walkers, and artificial
limbs specifically for home use. According to CMS FY2008 Budget Justification, there are
currently 23 FIs, 17 Carriers, 1 A/B MAC, and 3 DME MACs in operation.

CRS-9
appropriate billing practices, and screening beneficiary complaints related to alleged
fraud.
Program Safeguard Contractors (PSCs). PSCs specialize in benefit
integrity functions, which focus on detecting and investigating potential fraud and
abuse in Parts A and B. By performing ongoing data analysis to identify potentially
fraudulent billing patterns and investigating leads from a variety of sources (law
enforcement agencies, CMS, beneficiaries, and Medicare supplemental insurers),
PSCs identify suspected cases of fraud and make appropriate referrals to the OIG for
consideration of civil or criminal prosecution. PSCs will also arrange Medicare
training for law enforcement officials at the Federal Bureau of Investigation (FBI)
and Department of Justice (DOJ) when requested. PSCs conducting benefit integrity
work have the authority to suspend and deny payments and initiate payment
recoupment. Some PSCs also perform medical review functions. Separate PSCs
detect alleged Medicare fraud among durable medical equipment providers (DME
PSCs).18
Recovery Audit Contractors (RACs). RACs are responsible for reducing
the rate of Medicare improper payments in Parts A and B by identifying under- and
overpayments made to providers, recovering overpayments, and working with
providers to prevent future improper payments. Section 306 of the Medicare
Prescription Drug, Improvement, and Modernization Act of 2003 (P.L. 108-173)
authorized the Secretary to contract with RACs as a three-year demonstration project.
The RAC initiative was made permanent with the Tax Relief and Health Care Act
of 2006 (P.L. 109-432). There are currently six RACs operating in three states: New
York, California, and Florida. CMS expects to expand the program nationwide by
2010. Additional information on RACs is included in the current issues section.
Coordination of Benefits (COB) Contractor. The main purpose of the
COB contractor is to identify payments that are the responsibility of another or
secondary payer. Statutorily, Medicare is the secondary payer to employer-based
insurance plans, auto liability insurance, and workers compensation insurance. By
using data match programs, the Medicare COB is responsible for the collection,
management, and reporting of other health insurance coverage for Medicare
beneficiaries. In January of 2001, the COB contractor assumed responsibility for
researching and conducting all MSP claim investigations. There is one COB
contractor that handles all program integrity functions related to MSP.
Medicare Managed Care Program Integrity Contractors (MMC-PICs).
CMS currently maintains eight MMC-PIC contracts, which are responsible for
identifying and detecting fraud, waste, and abuse in Medicare Part C MA plans.
Among the services performed by MMC-PICs are evaluating the marketing
operations of Part C plans, auditing plan financial and medical records, evaluating
enrollment and encounter data from Part C plans, and completing all retroactive
payment adjustments and retroactive enrollments or disenrollments submitted by MA
organizations.
18 Currently, CMS has 18 active benefit integrity PSC task orders — 15 for Medicare Parts
A and B and 3 for DME.

CRS-10
Medicare Drug Integrity Contractors (MEDICs). As part of its Part D
oversight program, CMS awarded four MEDIC contracts in FY2006. One MEDIC
was operational in FY2006, and the remaining three MEDICs began operations in
FY2007. MEDICs have responsibility for monitoring program integrity and potential
fraud issues that may arise with the new prescription drug benefit. The areas of
oversight the MEDICs are involved with include reviewing bids from prescription
drug plans for participation in the program, conducting audits of Part D participating
organizations, investigating fraud complaints from beneficiaries, and making
referrals to law enforcement as necessary.
Quality Improvement Organizations (QIOs). QIOs are responsible for
providing technical assistance to Medicare providers on quality improvement,
conducting medical review activities, and investigating beneficiary complaints
related to inappropriate or medically unnecessary care. Although QIOs provide
technical assistance to all types of Medicare providers (physicians, hospitals, nursing
homes, and home health agencies), the majority of their medical review activities
relate to care provided in inpatient hospitals. As part of their medical review
function, QIOs take measures to reduce the hospital improper payment rate, ensure
compliance with Medicare billing codes and procedures, and assess whether the care
provided to beneficiaries meets professionally recognized standards. When a QIO
determines, either through its medical review activities or beneficiary complaints,
that the care provided does not meet Medicare standards, it will work with the
provider to rectify deficiencies or refer the case to law enforcement for sanctions.19
Other Contractors. CMS contracts separately for program integrity activities
related to suppliers of DME. These include the National Supplier Clearinghouse
(NSC), Data Analysis and Coding (DAC) Contractor, and Durable Medical
Equipment Program Safeguard Contractors (DME PSCs). The NSC is responsible
for enrolling DME suppliers in the Medicare program, conducting site visits to DME
facility locations, and issuing Medicare billing numbers to suppliers. The DAC
performs ongoing data analysis on supplier billing patterns, and the DME PSCs are
responsible for detecting and investigating alleged fraud among DME suppliers.
19 Recent studies and news articles on the activities of QIOs have raised concerns related to
the QIOs’ ability to effectively monitor the quality of care provided to Medicare
beneficiaries. For example, an OIG report released in May 2007 reported that between 2003
and 2006, the QIOs assigned more than 80% of confirmed quality concerns to two of the
least serious quality classifications. (See OEI-01-06-00170: Quality Concerns Identified
Through QIO Medical Record Review, May 2007, at [http://oig.hhs.gov/oei/reports/oei-01-
06-00170.pdf]). In February 2006, the Institute of Medicine (IOM) recommended in a
congressionally mandated report that CMS consider removing medical review functions
from the QIOs responsibilities, mainly because the number of sanctions issued to providers
for quality violations has declined over time. (See IOM Report Medicare’s Quality
Improvement Organization Program: Maximizing Potential, March 2006, at
[http://www.nap.edu/catalog.php?record_id=11604)].

CRS-11
Medicare Program Integrity Partners
CMS shares responsibility for ensuring Medicare program integrity with three
federal agencies: the Department of Health and Human Services (DHHS) Office of
the Inspector General (OIG), the Department of Justice (DOJ), and the Federal
Bureau of Investigation (FBI). The OIG is an independent unit within DHHS that has
the primary responsibility for detecting health care fraud and abuse in all federal
health care programs. Most of its work, however, relates to the Medicare and
Medicaid programs. The agency conducts audits of health care programs, providers,
and agencies, and it performs criminal and civil investigations related to specific
instances of health care fraud or abuse. CMS contractors, upon detecting potential
fraud, will develop and refer cases to the OIG for further investigation and possible
administrative sanctions.
The OIG has the authority to impose civil monetary penalties20 and program
exclusions21 on Medicare providers that have been convicted of certain fraudulent
activities. The OIG does not have the authority to prosecute offenders for violations
of federal criminal law. In these instances, the OIG would refer the case to the DOJ
for prosecution. During FY2005, the OIG excluded 3,804 individuals for health care
fraud.22 The OIG receives referrals for potential fraud cases from Medicare
contractors, beneficiaries, the DOJ, and private citizens.23
Annually, OIG releases a work plan, which is available publicly, outlining its
priorities for the upcoming fiscal year. These areas represent vulnerabilities in the
Medicare program. For FY2007, vulnerabilities include oversight of DME suppliers,
20 Section 1128A of the Social Security Act authorizes the Secretary to impose penalties and
assessments on persons for engaging in certain activities. For example, a person who
knowingly submits a false claim to a federal health care program is subject to a penalty of
up to $10,000 for each item or service fraudulently claimed, an assessment of up to three
times the amount fraudulently claimed, and possible exclusion.
21 Section 1128 of the Social Security Act authorizes the Secretary to exclude individuals
and entities from participation in federal health care programs. Exclusions are authorized
for convictions of criminal offenses related to the delivery of health care, including (1)
Medicare or Medicaid fraud, (2) patient abuse or neglect, (3) felonies for other health care
fraud, and (4) felonies for the illegal manufacture, distribution, prescription, or dispensing
of controlled substances. The Secretary has discretionary authority to exclude individuals
on other grounds, such as health care fraud offenses involving misdemeanors, license
suspension or revocation, provision of unnecessary or substandard services, submission of
false or fraudulent claims, and engaging in unlawful kickback arrangements.
22 Health Care Fraud and Abuse Control (HCFAC) Annual Report for FY2005, at
[http://oig.hhs.gov/publications/docs/hcfac/hcfacreport2005.pdf].
23 Under the Federal False Claims Act, 31 U.S.C. §§ 3729-3733, private citizens and relators
may file suit on behalf of the U.S. government. Relators are private persons with direct
knowledge of health care fraud who file complaints on behalf of the federal government.
They are entitled to a percentage of any fraud recoveries.

CRS-12
accuracy of payments to home health agencies, quality of care in nursing homes, and
potential fraud in Medicare Part D.24
The FBI is the lead investigative agency in the fight against health care fraud.
Unlike the OIG, which has the authority to investigate fraud only in federal programs,
the FBI has jurisdiction over both federal and private sector health care fraud.
Typically, the agency investigates complex fraud schemes involving large-scale
medical providers, such as hospitals and corporations. The FBI does not have the
authority to impose sanctions. Currently, the FBI is participating in a workgroup
with CMS, DOJ, the OIG and others dedicated to investigating fraud in the Medicare
Part D program. In FY2006, FBI-led investigations resulted in 535 criminal health
care fraud convictions.25
CMS contractors, the OIG, and the FBI all refer potential health care fraud cases
to the DOJ for prosecution. Within the DOJ, the Civil and Criminal Divisions handle
health care fraud. One of the enforcement tools for prosecuting health care fraud is
the False Claims Act (FCA), which prohibits knowingly submitting false or
fraudulent claims to the U.S. government.26 Lawsuits may be brought by private
plaintiffs, known as relators or whistleblowers, under the FCA. There are also 93
U.S. Attorneys Offices nationwide, which prosecute civil and criminal health care
fraud. During FY2006, prosecutors for the DOJ and U.S. Attorneys Offices opened
836 new criminal and 698 new civil health care fraud investigations.27
Finally, Medicare beneficiaries are a source for detecting fraud. Beneficiaries
who suspect fraud can call the OIG’s National Fraud Hotline at 1-800-HHS-TIPS.
To educate beneficiaries on how to detect and report fraud and abuse, the
Administration on Aging oversees Senior Medicare Patrol Projects, which recruit
retired professionals in all 50 states to conduct one-on-one and group training
sessions for Medicare beneficiaries. The OIG collects annual performance data on
these projects and in its most recent report (April 2007) reported that in 2006,
Medicare patrol projects received 11,830 fraud complaints from beneficiaries; of this
amount, 4,123 were referred for further investigation.28 Contractors investigating
24 See [http://oig.hhs.gov/publications/docs/workplan/2007/Work%20Plan%202007.pdf].
25 Taken from testimony of Alexander Acosta, United States Attorney for the Southern
District of Florida, Miami, at House Committee on Ways and Means Health and Oversight
Subcommittee Hearing on Medicare Program Integrity, March 8, 2007, at
[http://waysandmeans.house.gov/hearings.asp?formmode=view&id=5581].
26 Under the Federal False Claims Act, 31 U.S.C. §§ 3729-3733, a person or entity is liable
for up to treble damages and a penalty between $5,500 and $11,000 for each false claim it
knowingly submits or causes to be submitted to a federal program.
27 Taken from testimony of Alexander Acosta, United States Attorney for the Southern
District of Florida, Miami, at House Committee on Ways and Means Health and Oversight
Subcommittee Hearing on Medicare Program Integrity, March 8, 2007, at
[http://waysandmeans.house.gov/hearings.asp?formmode=view&id=5581].
28 See OEI-02-07-00360: Performance Data for the Senior Medicare Patrol Projects, April
2007, at [http://www.oig.hhs.gov/oei/reports/oei-02-07-00360.pdf]

CRS-13
anomalies in billing patterns may also contact beneficiaries to verify that the services
claimed were actually received by the beneficiary.
History of Funding for Medicare Program
Integrity Activities
Medicare program integrity and anti-fraud activities are funded through the
Medicare Integrity Program (MIP) and Health Care Fraud and Abuse Control
(HCFAC) program. The MIP and HCFAC programs were both established by the
Health Insurance Portability and Accountability Act of 1996 (HIPAA), which sought
to increase and stabilize federal funding for health care anti-fraud activities.
Specifically, HCFAC funds are directed to the enforcement and prosecution of all
health care fraud, whereas MIP funding supports the Medicare program integrity
activities undertaken by CMS contractors.
HIPAA authorized the creation of the HCFAC program, which was to be jointly
administered by the Secretary of HHS and the Attorney General. To fund the
program, HIPAA established within the Hospital Insurance (HI) Trust Fund an
expenditure account called the HCFAC account. All amounts equal to monies
collected from health care investigations and enforcement efforts are to be deposited
into the HI Trust fund.29
Within the HCFAC account, HIPAA authorized funding for health care anti-
fraud activities undertaken by HHS, DOJ, OIG, and the FBI for years 1997-2003. All
HIPAA appropriations were capped at the FY2003 level and remained at the FY2003
level through FY2006.30 HIPAA established that up to $104 million could be
appropriated for health care anti-fraud and abuse activities undertaken by the HHS,
DOJ, and OIG in FY1997. For FY2003-FY2006, this amount would increase to
$240.6 million. Within these amounts, HIPAA earmarked specific funding amounts
for activities undertaken by the OIG. The annual OIG appropriation increased from
$70 million in FY1997 to a maximum of $160 million for fiscal years 2003 through
2006. HIPAA authorized a separate funding stream for the FBI. The annual FBI
appropriation increased from $47 million in FY1997 to $114 million for fiscal years
2003 through 2006.
29 As specified in Section 1817(k)(C) of the Social Security Act (SSA), amounts equal to the
following are to be deposited into the Federal Hospital Insurance Trust Fund from the U.S.
Treasury: (1) amounts equaling unconditional gifts and bequests; (2) criminal fines
recovered in cases involving a federal health care offense as defined in Title 18 U.S.C. §
982(a)(6)(B); (3) civil monetary penalties and assessments imposed in health care cases,
including amounts recovered under titles XI, XVIII, and XIX, of the SSA and Chapter 38
of Title 31 of the U.S.C.; (4) amounts resulting from the forfeiture of property by reason of
a federal health care offense; and (5) penalties and damages obtained under the False Claims
Act, 31 U.S.C. §§ 3729-3933.
30 The one exception to this is the Deficit Reduction Act’s increase for the MIP program,
from $720 million to $832 million, for year 2006 only.

CRS-14
The largest share of the HCFAC appropriation was dedicated to the MIP
program, which increased from $440 million in FY1997 to $720 million for fiscal
years 2003 through 2005. Prior to HIPAA and the establishment of the MIP
program, funding for Medicare program integrity activities was taken from
Medicare’s program management budget, which was subject to the annual
appropriations process. This sometimes led to fluctuations in funding, as monies
originally intended to support program integrity functions were redirected to fund
ongoing Medicare operations, such as day-to-day claims processing functions. With
the passage of this legislation, HHS was ensured a stable funding source that it could
commit to Medicare anti-fraud activities. Prior to HIPAA, Medicare program
integrity approaches relied heavily on “pay and chase” methods, which entailed
paying claims and then chasing after providers to recover inappropriate payments.
Long-term financial support was intended to assist CMS in developing more
innovative and preventive strategies to combat fraud and abuse, such as reviewing
claims prior to payment as opposed to after payment.
During years 1997 through 2005, total funding for program integrity and health
care fraud and abuse activities almost doubled, increasing from approximately $0.6
billion in FY1997 to $1.1 billion by FY2005. The Deficit Reduction Act (DRA) of
2005 raised funding for the MIP program by $112 million for FY2006 to implement
program integrity and oversight activities for the Medicare prescription drug benefit.
This increased the annual MIP allocation from $720 million in FY2005 to $832
million for FY2006 only. Twelve million of this additional appropriation in FY2006
was earmarked for the Medi-Medi data matching program. The DRA provided
increasing amounts for the Medi-Medi program through year 2010.31 Table 1 shows
the allocation of HCFAC and MIP appropriation amounts for selected years between
1997 and 2007.
31 The DRA appropriated $12M for the Medi-Medi program in FY2006, $24M in FY2007,
$36M in FY2008, $48M in FY2009, and $60M in FY2010 and each year thereafter.

CRS-15
Table 1. HCFAC and MIP Appropriations for Selected
Fiscal Years
(dollars in thousands)
2007
(CR
1997
2001
2003
2005 2006a
Level)b
HCFAC
HHS
$11,800
$8,428
$31,143
$31,143
$31,143
$32,296
DOJ
$22,200
$43,469
$49,415
$49,415
$49,415
$51,243
OIG
$70,000
$130,000
$160,000
$160,000
$160,000
$165,920
FBI
$47,000
$88,000
$114,000
$114,000
$114,000
$118,218
TOTAL
$151,000
$269,897
$354,558
$354,558
$354,558
$367,677
MIP
$440,000
$680,000
$720,000
$720,000
$820,000
$720,000
Medi-
Medi
$12,000
$24,000
TOTAL
$591,000
$949,897
$1,074,558 $1,074,558 $1,186,558 $1,111,677
Source: Data extracted from 1997, 2001, 2003, and 2005 HCFAC Annual Reports and CMS
Justification of Estimates for Appropriations Committees FY2008.
a. HIPAA capped appropriations for HCFAC and MIP at the FY2003 level. Congress, with the
passage of the DRA in 2005, increased the amount for MIP for FY2006 only.
b. The 2007 CR Level includes the percentage increase in the consumer price index as mandated by
the Tax Relief and Health Care Act (TRHCA) of 1996 for HCFAC.
In addition to HCFAC and MIP mandatory funds, each year Congress
appropriates funds to support CMS contractor operations as part of its annual
program management request (not shown in Table).32 A portion of these funds are
directed to the claims administration contractors to conduct program integrity
functions. According to the final rule on the MIP program published on August 24,
2007, approximately one-third of the total contractor budget was dedicated to
program integrity activities in FY2004. The funding level for contractor activities
that same year was $1.7 billion. In FY2007, funding for contractor operations had
increased to $2.1 billion, an increase of approximately $420 million from FY2004.33
32 Funding for program integrity activities conducted by Medicare QIOs comes from a
separate QIO budget. QIOs are funded via a three-year mandatory apportionment from the
Medicare Trust Funds rather than an annual discretionary appropriation. The three-year
budget for the QIO program, which runs from August 2005-August 2008, is approximately
$1.25 billion.
33 CRS analysis of CMS financial data for years 2004 and 2007: [http://www.cms.hhs.gov/
CapMarketUpdates/Downloads/2007WalletCard.pdf].

CRS-16
Current Funding for Medicare Program
Integrity Activities
In December 2006, Congress passed the Tax Relief and Health Care Act of 2006
(P.L.109-432), which extended the annual appropriation for HCFAC to 2010. For
fiscal years 2007 through 2010, the annual appropriation would be the limit for the
preceding year plus the percentage increase in the consumer price index for urban
consumers. For each fiscal year beyond 2010, the annual appropriation would be
capped at the FY2010 level. Funding for MIP, however, was not addressed with this
legislation and will remain capped at the FY2003 level of $720 million plus the
additional DRA appropriation for the Medicare-Medicaid data matching program.
For FY2008, the President’s budget includes a request of $183 million in
discretionary funds to augment the $1.1 billion in mandatory funding for the health
care fraud and abuse control program. The HCFAC account has not been funded
using discretionary funds in prior years. Of this $183 million, $138 million would
be allocated to MIP and the remaining $45 million to health care fraud activities
undertaken by DHHS and the DOJ. The $138 million in MIP funds would be used
to expand CMS’s oversight activities related to the Medicare prescription drug
benefit and MA plans. If this were to pass, total mandatory and discretionary funding
for health care fraud activities would be $1.3 billion in FY2008, an increase of $202
million over the FY2007 continuing resolution level. This number does not include
any additional program management funds that CMS may budget for CMS
contractors to conduct program integrity functions.
Assessment of Program Integrity Efforts
There are a limited number of performance statistics and reports available to
help policy makers evaluate the success of Medicare’s program integrity efforts.
Studies to date have generally examined the performance of the HCFAC and MIP
programs separately. When the HIPAA legislation was passed in 1996, Congress
mandated that DOJ and HHS report annually the results and accomplishments of its
HCFAC efforts to the public. The legislation also required that the Government
Accountability Office (GAO) biennially assess the appropriateness and adequacy of
HCFAC expenditures for fraud control efforts. However, Congress did not require
that HHS, DOJ, or GAO evaluate the MIP program as part of these assessments. As
a result, there is less empirical data available on MIP performance than on the results
of the HCFAC program. To date, the most comprehensive evaluation on MIP
program integrity efforts was a study released by GAO in September of 2006, which
identified weaknesses in the methods CMS uses to allocate funds across five MIP
program integrity activities (cost report auditing, medical review, benefit integrity,
medicare secondary payer, and provider education). This section summarizes
findings from reviews and studies conducted on the HCFAC and MIP programs
during the past decade.
Improper Payment Rates. When assessing the performance of the MIP
program, CMS relies on statistics measuring the percentage of improper payments
the Medicare program makes to providers each year. CMS produces midyear and

CRS-17
annual improper payment reports, which can be accessed publicly on the agency
website.34 To measure improper payments in fee-for-service Medicare, CMS
calculates a national paid claims error rate, contractor-specific improper payment
rates, and provider-specific improper payment rates. The national paid claims error
rate consists of the Comprehensive Error Rate Testing Program (CERT), which
calculates error rates for all Medicare contractors that process and pay Part A and B
claims, and the Hospital Payment Monitoring Program (HPMP), which calculates an
error rate for Medicare’s QIOs, which are responsible for ensuring appropriate
payments to inpatient hospitals. Improper payment rates have not yet been created
for Medicare Parts C and D.35
CMS uses the contractor-specific error rates to evaluate the performance of its
MIP contractors: FIs, Carriers, and QIOs. To keep their improper payment rates low,
contractors are expected to continually educate the provider community on Medicare
coverage and coding policies. CMS uses the provider-specific error rates to
determine where they should target their provider education efforts.
Despite its value as a tool for estimating payment accuracy and administrative
efficiency in claims processing, the improper payment rate does not measure fraud
and abuse in the Medicare program. It is mainly a measure of administrative errors.
According to CMS’s most recent improper payment rate report, the main types of
payment errors are incorrect coding by providers, claims for medically unnecessary
services, and claims submitted with insufficient or no documentation.
The national claims error rate for 2006 was 4.4%, which amounted to
approximately $10.8 billion in improper payments. This is down from 5.2% in 2005
and 10.1% in 2004. At the time the HIPAA legislation was passed in 1996, the OIG
calculated a Medicare improper payment rate of 14.2%, or approximately $23.2
billion in improper payments. CMS has set a goal to reduce the error rate to 4.2% by
the end of FY2008. Table 2 lists the national paid claims error rates and the total in
gross improper payments for every two years between 1996 and 2008. In April 2006,
the GAO reported that the significant reduction in Medicare’s national paid claims
error rate between years 2004 and 2005 was largely due to CMS’s efforts to educate
providers about the importance of submitting requested documentation to justify
payments. When providers do not respond to requests for additional documentation,
CMS automatically counts the payments as erroneous. According to GAO, despite
34 The Improper Payments Information Act of 2002 requires federal agencies to estimate
and report their annual rate of improper payments. To access CMS annual improper
payment rate reports, visit [https://www.cms.hhs.gov/apps/er_report/edit_report_1.asp?from
=public&reportID=6].
35 According to testimony prepared by Tim Hill of the Office of Financial Management at
CMS, CMS is in the process of developing payment error rates for Part C and Part D.
Medicare Part C currently represents approximately 15% of Medicare’s total outlays.
Excerpt taken from hearing on Medicare Program Integrity for the Health and Oversight
Subcommittee, House Ways and Means Committee, March 8, 2007, at
[http://waysandmeans.house.gov/hearings.asp?formmode=view&id=5580].

CRS-18
the success and importance of these educational efforts, they do not reflect an
improvement in payment safeguards or internal controls implemented by CMS.36
Table 2. Medicare National Paid Claim Error Rates and Gross
Improper Payments for Every Two Years Between
1996 and 2008
(dollars in billions)
National Paid Claims
Error Rate
(as a % of FFS
Gross Improper
Year
expenditures)
Paymentsa
1996
14.2%
$23.2
1998
8.4%
$14.9
2000
9.4%
$16.4
2002
8.0%
$17.1
2004b
10.1%
$21.7
2006
4.4%
$10.8
2008
4.2% (est.)

Source: CMS and OIG Improper Payment Rate Reports for years 1996-2006.
a. CMS arrives at a gross improper payment amount by adding underpayments to overpayments.
b. From 1996-2002, the OIG calculated an error rate based on approximately 6,000 claims. Beginning
in 2003, CMS took over the calculation of the error rate from OIG and expanded the sample of
claims reviewed from 6,000 to approximately 128,000.
HCFAC Annual Reports. HIPAA requires that every year DHHS and the
DOJ release a joint annual report to Congress on HCFAC results and
accomplishments. Typically, these reports are released late summer or early fall and
contain the amounts deposited into the HI Trust Fund for health care fraud
enforcement and the justifications for these expenditures. Numbers and examples
of enforcement actions, program accomplishments, and total recoveries in health care
fraud cases are also described.
The most recent annual HCFAC report indicates that the federal government
won or negotiated approximately $1.5 billion in judgements and settlements related
to health care fraud in FY2005 and returned $1.6 billion to the HI Trust Fund as a
result of these efforts.37 This is compared with $.6 billion in judgements and
36 See GAO-06-581T: Challenges Continue in Meeting Requirements of the Improper
Payments Information Act, April 2006, at [http://www.gao.gov/new.items/d06581t.pdf].
37 Health Care Fraud and Abuse Control (HCFAC) Annual Report for FY2005, at
[http://oig.hhs.gov/publications/docs/hcfac/hcfacreport2005.pdf]. The difference between
the amount collected in fraud recoveries and the amount transferred to the HI Trust Fund in
(continued...)

CRS-19
settlements and $1.5 billion returned to the trust fund in FY2004. Although the
dollar value in fraud recoveries fluctuates from year to year, the amount of money
transferred to the HI Trust Fund as a result of health care fraud enforcement efforts
has been steadily increasing since 1998. Furthermore, the number of new civil and
criminal investigations has accelerated, particularly in recent years. There is debate
as to whether the increase in enforcement actions is actually the result of more fraud
and abuse in Medicare. Some experts contend that the increase is the result of having
more resources to fight and detect health care fraud, as opposed to an actual increase
in the amount of fraud. Others indicate that the definition of what constitutes health
care fraud has expanded over the years, making it appear as though fraud has
escalated when the actual level has remained relatively steady.38
Table 3 provides a summary of HCFAC fraud recoveries, transfers to the HI
Trust Fund, and enforcement actions for years 1998 through 2005. Table 3 also
highlights payment amounts awarded to relators or whistleblowers. Relators are
private persons with direct knowledge of health care fraud who file complaints on
behalf of the federal government under the False Claims Act. Relators are entitled
to a share of the recoveries in successful cases. As the table demonstrates, these
individuals are a significant referral source for health care fraud. In 1998, the federal
government paid relators $4.3 million in settlements. By 2002, this amount had
increased to $101.2 million. In 2005, relators payments had risen to $136.8 million.
37 (...continued)
any given year can be attributed to the fact that fraud litigation is a lengthy process that can
sometimes take several years. As a result, some of the judgements, settlements, and
administrative actions that occurred in one year may not result in monies being transferred
to the trust fund until one or more years later.
38 Health Care Fraud and Abuse: Practical Perspectives, Chapter 4, 2004.

CRS-20
Table 3. HCFAC Summary of Results and Accomplishments for
Years 1998-2005
1998
1999
2000
2001
2002
2003
2004
2005
Monetary Results
Fraud
Recoveriesa
$0.5B
$0.5B
$1.2B
$1.7B
$1.8B
$1.8B
$0.6B
$1.5B
Transfers to
the Trust
Fund
$0.3B
$0.4B
$0.6B
$1.0B
$1.4B
$0.7B
$1.5B
$1.6B
Enforcement
Actions
New Criminal
Health Care
Fraud
Investigations
322
371
457
445
361
870
1,002
935
New Civil
Health Care
Fraud
Investigations
107
91
233
188
221
231
868
778
FBI Health
Care Fraud
Investigations
2,700
3,027
2,980
2,870
2,418
2,262
2,468
2,547
Program
Exclusions
3,021
2,976
3,350
3,746
3,448
3,275
3,293
3,804
Relators
Payments
$4.3M $44.4M
$90.0M $83.3M $101.2M $269.6M
$82.9M $136.8M
Source: HCFAC Reports from FY1998-2005.
a. The amount the federal government won or negotiated in judgements, settlements, and
administrative impositions in health care fraud cases.
Congress did not require that HHS and DOJ include expenditures or results for
the MIP program in these reports. Therefore, these reports are only an indication of
HCFAC’s successes and challenges in the area of health care fraud enforcement and
prosecution and not fraud prevention, which is a key objective of the MIP program.
In addition, these reports do not separate out funding and expenditures for specific
enforcement actions related to Medicare, Medicaid, or other health care programs.39
39 The HIPAA legislation does not require that HHS or DOJ separately track Medicare and
non-Medicare expenditures. DOJ officials commented in a 2002 GAO Report on the
HCFAC program that it is not practical to separate non-Medicare and Medicare expenditures
because of the nature of health care fraud (GAO-02-731: Medicare, Health Care Fraud and
Abuse Control Program for Fiscal Years 2000 and 2001, June 2002). Health care fraud
cases typically cross several health care programs, making it difficult to attribute expenses
and recoveries to separate programs.

CRS-21
GAO HCFAC Reports. HIPAA also required that GAO submit a report to
Congress every two years on HCFAC appropriations and deposits. Starting in June
1998, GAO released four reports using data from the HCFAC annual reports for
years 1997 through 2003. The most recent and final report, released in April 2005,
reviewed HCFAC activities for years 2002 and 2003. Similar to the HCFAC annual
reports, these studies do not include MIP in their analysis. In all four reports, GAO
noted that while HCFAC deposit amounts reported to the HI Trust Fund were
consistent with the HIPAA legislation, HHS included a measure of cost savings
resulting from health care fraud enforcement efforts that could not entirely be
attributed to the HCFAC program.40 In addition, because fraud investigation and
litigation take several years, savings may not be realized until future years. The
Office of Management and Budget (OMB) echoed a similar finding in its Program
Assessment Rating Tool (PART) evaluation of the HCFAC program in 2004 (see
description below). Despite this weakness, GAO consistently found HHS’s and
DOJ’s accounting of HCFAC deposits and expenditures to be fiscally appropriate and
accurate.
OMB Program Assessment Rating Tool (PART).41 In 2002, OMB
evaluated the HCFAC and MIP programs separately using the PART, a 25-question
survey addressing federal agency management and performance. The agency noted
conflicting assessments for both programs. HCFAC received a “results not
demonstrated” rating and criticized the OIG for not having sufficient performance
measures to assess the program’s progress in reducing fraud, waste, and abuse.
Specifically, OMB noted that savings is not a good indicator of performance because
it is too difficult to ascertain how much of the reported savings is the direct result of
HCFAC activities conducted during the previous year. In the 2005 HCFAC annual
report, the OIG estimates that health care fraud activities in 2005 (investigations,
audits, and evaluations) resulted in savings of approximately $30.0 billion, of which
$22.9 billion could be accrued to the Medicare program.
At the same time OMB gave HCFAC a “results not demonstrated” rating, the
agency gave MIP an “effective” rating — the highest rating a program can receive.
OMB attributes this largely to the OIG’s and CMS’s measurement and reduction of
the annual Medicare improper payment rate. CMS often cites the improper payment
rate as a measure of its performance in protecting Medicare from fraud, waste, and
abuse. In the PART report, OMB notes that at the time MIP was created in 1996,
OIG estimated the improper payment rate at 14.2%. By 2006, the rate had dropped
to 4.4%.
Other GAO Reports. Subsequent GAO reports released over the last few
years have raised questions about how HCFAC and MIP funding are being used. An
April 2005 report on HCFAC funding for the FBI found that the agency could not
adequately demonstrate that its share of HCFAC expenditures for FY2000-FY2003
40 The OIG defines cost savings as funds put to better use as a result of implemented
legislative or other program initiatives.
41 See Office of Management and Budget Program Assessment Rating Tool website at
[http://www.whitehouse.gov/omb/part/] for PART assessments of the Medicare Integrity
Program and the Health Care Fraud and Abuse Control Program.

CRS-22
were used for health care investigations. The study showed that funds previously
devoted to fighting health care fraud at the FBI had been shifted to counterterrorism
activities.42
In a report released in September 2006, the GAO identified weaknesses in
CMS’s approach for allocating MIP funds across the various program integrity
activities (cost report auditing, medical review, benefit integrity, Medicare secondary
payer, and provider education).43 GAO noted that CMS bases its MIP allocation
decisions on historical funding levels, as opposed to examining the relative
effectiveness of one activity to another in ensuring Medicare program integrity. For
example, despite receiving the largest share of MIP funds in FY2005, CMS has not
yet developed a reliable quantitative measure to assess the impact of cost report
audits of Part A providers on preventing fraud, waste, and abuse. GAO
recommended that CMS develop additional methods for allocating MIP funds that
take into account the effectiveness of MIP activities, as well as contractor
performance, particularly in light of new vulnerabilities related to the prescription
drug benefit.
Current Program Integrity Issues
Durable Medical Equipment. Improper payments in the DME area costs
the Medicare program millions of dollars annually. Between October 2005 and
September 2006, Medicare paid $9.2 billion to DME suppliers. Of this amount,
improper payments were estimated at $900 million.44 Although many improper
payments are the result of honest billing mistakes by providers, others result from
fraud and abuse. DME fraud tends to be higher in South Florida and Los Angeles,
where both the number of Medicare beneficiaries and the number of DME suppliers
are high. According to CMS, the primary types of DME fraud committed in these
areas include billing for services not rendered and billing for services that are not
medically necessary for the beneficiary.45
Before a DME supplier can bill Medicare, it must meet certain standards. CMS
contracts with the National Supplier Clearinghouse (NSC) to enroll and screen
potential suppliers before they can participate in the program. Once a supplier is
found to be compliant with these standards, it can receive a Medicare supplier
42 GAO-05-388, Federal Bureau of Investigation: Accountability over the HIPAA Funding
of Health Care Investigations is Inadequate, April 2005, at [http://www.gao.gov/new.items/
d05388.pdf].
43 GAO-06-813, Medicare Integrity Program, Agency Approach for Allocating Funds Should
be Revised, September 2006, at [http://www.gao.gov/new.items/d06813.pdf].
44 “Improper Medicare FFS Payments Report,” Centers for Medicare and Medicaid Services,
May 2007.
45 HHS Press Release, “Medicare Provider Enrollment Demonstration Involving Suppliers
of Durable Medical Equipment, Prosthetics, Orthotics, and Supplies (DMEPOS) in High-
Risk Areas,” July 2, 2007.

CRS-23
number and bill Medicare for services rendered.46 The NSC is required to conduct
site visits to DME physical locations upon initial enrollment and three years later to
ensure ongoing compliance.
In March 2007, the OIG released two reports indicating that compliance with
DME enrollment standards was lacking. One investigation found that 45% of
Medicare participating DME companies in South Florida failed to comply with at
least one of five Medicare enrollment standards in CY05.47 The second investigation,
which involved site-visits to 169 DME suppliers in 10 states (excluding Florida),
found 10 suppliers without an actual physical facility at their address. These 10
suppliers subsequently billed Medicare almost $393,000 in the two months following
the OIG’s visit.48
Criticism surrounding the adequacy and enforcement of enrollment standards
for DME suppliers is not new. In 2001, the OIG recommended that CMS conduct
random, unannounced site visits to DME suppliers to help reduce the potential for
fraudulent billing. A few years later, a 2005 GAO report declared the standards
inadequate and reported that many DME suppliers were able to resume participation
in Medicare after being suspended for enrollment violations. The GAO echoed the
OIG’s 2001 recommendation to conduct random site visits to DME supplier locations
outside of the initial enrollment and re-enrollment periods.49
On July 2, 2007, CMS announced a demonstration project requiring all DME
suppliers in Los Angeles and Miami to reapply to participate in the Medicare
program. As part of the demo, approximately 7,500 DME suppliers will be contacted
by mail and requested to complete another Medicare enrollment application. Those
that fail to submit the new application within 30 days will automatically lose
Medicare billing privileges. The agency also plans to conduct random, unannounced
site visits to supplier locations in these areas.
In addition to meeting enrollment standards, CMS will also be requiring DME
suppliers to meet new quality standards and become accredited by a CMS-approved
46 See 42 CFR 424.57(c) for a description of the 21 standards. Some of the standards
include being complaint with federal and state licensure requirements, maintaining a
physical facility, maintaining a primary business telephone, and being accessible (open and
staffed) during business hours.
47 See OEI-03-07-00150: South Florida Suppliers’ Compliance with Medicare Standards:
Results from Unannounced Visits, March 2007, at [http://oig.hhs.gov/oei/reports/
oei-03-07-00150.pdf].
48 See OEI-04-05-00380: Medical Equipment Suppliers: Compliance with Medicare
Enrollment Requirements, March 2007, at [http://oig.hhs.gov/oei/reports/
oei-04-05-00380.pdf].
49 See GAO-05-656: More Effective Screening and Stronger Enrollment Standards Needed
for Medical Equipment Suppliers, September 2005, at [http://www.gao.gov/new.items/
d05656.pdf].

CRS-24
Accreditation Organization.50 For FY2008 and beyond, the NSC will be prohibited
from issuing a Medicare billing number to any supplier that is not accredited under
the new rule.
Recovery Audit Contractor Program. Section 306 of the Medicare
Modernization Act of 2003 (PL108-173) authorized the Secretary to contract with
Recovery Audit Contractors (RACs) to identify and recoup over and underpayments
in Medicare Parts A and B. The contractors would keep a percentage of the
identified overpayments. The program started in March 2005 as a demonstration
project in three states (California, Florida, and New York) because of growing
concern that Medicare needed extra protection against improper payments. The Tax
Relief and Healthcare Act of 2006 (PL109-432) made the RAC initiative permanent
and mandated the expansion of RAC contractors to all 50 states by 2010.
In November 2006, CMS released a status document on RAC performance for
FY2006 which found that the contractors had identified $303.5 million in improper
payments in the three demonstration states. Of this $303.5 million, $68.6 million had
been collected in overpayments from providers and $2.9 million had been identified
as underpayments. The remaining $203.2 million is currently in the collection
process. The majority of the overpayments were to inpatient hospitals and skilled
nursing facilities.51
The RAC program is controversial because of how RAC contractors are paid.
RACs are paid on a contingency basis, which means that each RAC receives a
percentage of what they collect in overpayments from providers. In contrast, other
CMS program integrity contractors are paid an annual amount based on their costs,
with some contractors receiving additional performance-based award payments.
Paying RACs on the amount of overpayments they identify and collect has
certain provider and industry groups concerned. For instance, some providers
indicate that paying contractors on a contingency basis creates incentives to
aggressively audit and deny provider claims to receive a higher payment from CMS.52
Providers report receiving multiple demand letters from RACs requesting additional
information to support payment of a claim. Those who wish to dispute an alleged
overpayment must file an appeal. In the meantime, providers are obligated to pay the
amount of the overpayment until a determination on the appeal is made.
50 Section 302(a)(1) of the Medicare Prescription Drug, Improvement, and Modernization
Act of 2003 (PL ) requires Medicare to develop and implement quality standards for DME
suppliers.
51 CMS RAC Status Document FY2006, November 2006, at [http://www.cms.hhs.gov/
RAC/Downloads/RACStatusDocument — FY2006.pdf]
52 In May 2007, 36 California House Members wrote to CMS reporting that Inpatient
Rehabilitation Facilities (IRFs) were experiencing high claim denial rates from the CA
RAC: [http://www.house.gov/list/speech/ca23_capps/morenews/pr_070605medicareaudits.
shtml].

CRS-25
In FY2006, providers in the three RAC demonstration states filed 2,596 appeals
challenging RAC overpayment determinations.53 According to CMS, future status
documents will describe the outcome of these appeals. Under the demonstration
program, RACs must return the overpayment and contingency payments if the
provider wins the appeal at the first level. If the provider wins the appeal at the
second or higher appeal level, the RAC retains the contingency payment. This will
change under the permanent RAC program set to begin in March 2008, when RACs
will be required to return all contingency payments if a provider wins at any appeal
level.
By 2010, CMS plans to have four RACs in place. Each RAC will be
responsible for identifying overpayment and underpayments in approximately one-
fourth of the country. In 2007, the RAC demonstration will be expanded to three
additional states: South Carolina, Massachusetts, and Arizona.54
Program Safeguard Contractors. In addition to creating the HCFAC and
MIP programs, the 1996 HIPAA legislation gave CMS the authority to contract with
specialized private organizations to conduct certain program integrity activities.
Program Safeguard Contractors (PSCs), which are responsible for reducing fraud and
abuse in the Medicare program, are one of these types of organizations. Among the
tasks that PSCs undertake are conducting fraud investigations, referring suspected
cases to law enforcement, and performing data analysis to identify trends and billing
patterns that might indicate fraudulent billing (otherwise referred to as benefit
integrity work). CMS assesses the performance of PSCs on an annual basis by
examining monthly statistics related to contractor workload.55
Since CMS awarded the first 12 contracts to PSCs in 1999, questions have been
raised related to their effectiveness and CMS’s oversight of PSC performance. Prior
to creating PSCs, fraud and abuse detection work was the responsibility of the Part
A and B claims administration contractors — FIs and carriers. Transferring these
responsibilities to specialized entities was seen as a strategy to improve Medicare’s
program integrity capabilities. In 2001, two years after the PSCs became operational,
the GAO reported that CMS lacked clear and quantifiable measures to adequately
assess PSC performance and recommended the agency develop specific criteria to
better evaluate the contractors’ effectiveness at detecting and preventing fraud and
abuse.56
53 CMS RAC Status Document FY2006, November 2006, at [http://www.cms.hhs.gov/RAC/
Downloads/RACStatusDocument — FY2006.pdf]
54 CMS Website, Physician Regulatory Issues Team (PRIT), Active PRIT Issues, accessed
on August 10, 2007, at [http://www.cms.hhs.gov/PRIT/PRITIA/itemdetail.asp?filterType=
none&filterByDID=0&sortByDID=1&sortOrder=descending&itemID=CMS061926&
intNumPerPage=10].
55 At present, CMS has 18 PSC task orders; 15 are for deterring fraud in Medicare Parts A
and B, and 3 are for deterring fraud in DME. Specifically, CMS assesses the timeliness of
PSC performance, the degree to which quality cases are developed for referral to the OIG,
and the PSCs responsiveness to law enforcement agencies.
56 See GAO-01-616: Medicare, Opportunities and Challenges in Contracting for Program
(continued...)

CRS-26
On July 20, 2007, the OIG released a report on the performance of PSCs. The
OIG found significant variation in the number of new investigations and case
referrals initiated by the contractors.57 Neither the size of the PSC’s budget nor its
oversight responsibility were correlated with the number of new investigations or
referrals to law enforcement. Also, PSCs are expected to engage in pro-active data
analysis to identify suspected patterns of fraud. However, only a small percentage
of new investigations resulted from this type of data-analysis.
An earlier OIG analysis of PSC evaluation reports from years 1999 through
2004 indicated that the type of information collected by CMS in these reports was
lacking. Many of the evaluation reports contained limited quantitative and
qualitative data related to PSCs activities and achievements, and the majority of the
reports were incomplete. According to CMS, quantifying PSC results could create
perverse incentives for the PSCs by rewarding them for the volume of cases they
refer to law enforcement.58
In FY2007, CMS awarded $119M to support 18 PSC task orders.
Program Integrity Activities for Part D. On January 1, 2006, Medicare
began covering prescription drugs as part of the new Part D benefit. Coverage is
provided through private plans offered by MA-PDs or stand-alone PDPs. For
FY2007, outlays for Part D benefits are expected to total $47 billion. According to
CBO, this amount is expected to triple to $141 billion by FY2017.59 CMS, the OIG,
and the GAO have stated that the new benefit is at risk for significant fraud and
abuse. Potential areas of vulnerability related to the Part D benefit are extensive and
include eligibility and enrollment; the bidding process; beneficiary, plan, and retail
pharmacy fraud; incentives to reduce cost sharing; formulary development; and many
others.
To protect the integrity of Part D funds, CMS announced in October 2005 a plan
to award contracts to eight Medicare Drug Integrity Contractors (MEDICs). MEDICs
responsibilities to protect the Trust Fund from abuses may include reviewing bids
from prescription drug plans for participation in the program, performing audits of
Part C MA-PD and Part D PDP plans, investigating fraud complaints from
beneficiaries, conducting data analysis to identify potentially fraudulent billing
patterns, and providing support to law enforcement agencies with fraud
investigations.
56 (...continued)
Safeguards, May 2001, at [http://www.gao.gov/new.items/d01616.pdf].
57 In 2005, PSCs produced between 5 and 479 new Part A investigations and 18 and 3,707
new Part B investigations. Excerpt taken from OIG Report: Medicare’s Program Safeguard
Contractors: Activities to Detect and Deter Fraud and Abuse, July 2007, at
[http://oig.hhs.gov/oei/reports/oei-03-06-00010.pdf].
58 See OEI-03-04-00050: Medicare Program Safeguard Contractors: Performance Evaluation
Reports, March 2006, at [http://oig.hhs.gov/oei/reports/oei-03-04-00050.pdf].
59 Congressional Budget Office (CBO), Medicare 2007 Fact Sheet, at
[http://www.cbo.gov/ftpdocs/78xx/doc7861/m_m_schip.pdf].

CRS-27
Concerns have been raised related to CMS oversight of the MEDICs and the
Part D benefit in general. In April 2006, the Senate Finance Committee wrote a letter
to CMS inquiring why CMS had issued only one task order to a MEDIC organization
after identifying numerous Part D fraud vulnerabilities. In FY2006, the DRA
provided $100 million in funds to address fraud associated with the prescription drug
program, a portion of which was to be allocated to the MEDICs. CMS then awarded
an additional four MEDIC contracts later that year. In addition, an OIG report
released in October 2007 found that by the end of FY2006, CMS had not yet
commenced financial audits of Part D plans and data analysis of billing trends to
identify potential fraud — two other key responsibilities of the MEDICs. Instead,
CMS relied largely on beneficiary complaints to detect abusive practices in FY2006.
CMS expects to begin financial audits of Part D plans in January 2008.60
In a September 2006 report, GAO noted that CMS does not have an adequate
method for allocating program integrity funding to areas with the greatest risk,
including risk associated with the Part D benefit.61 In light of an October 2007
announcement by CMS that the agency plans to recover $4 billion in payments made
to plans in 2006, this is worth noting. As part of the bidding process, Part D plans
must prospectively estimate how much it is going to cost to provide prescription drug
coverage to an average Medicare beneficiary. At the end of the year, CMS compares
actual costs with predicted costs as part of a payment reconciliation process. Because
of lower-than-expected drug costs for 2006, the predicted costs were $4 billion more
than plans’ actual costs. Plans are required to return these extra payments to CMS.
As Part D plans gain more experience with the program, CMS predicts the difference
between plans’ expected and actual costs to decrease in future years.
For FY2008, the President is requesting $138M in discretionary funds to support
Medicare program integrity activities related to part D.
Concluding Observations
As the Medicare program continues to grow in size and complexity, developing
innovative strategies to ensure the integrity of program will become increasingly
important. Program integrity activities encompass a broad set of strategies and
processes designed to meet numerous objectives, including preventing improper
payments, identifying and detecting fraud, investigating individuals suspected of
committing Medicare fraud, and prosecuting offenders. To carry out the six main
types of program integrity activities for the Medicare Integrity Program (MIP), the
Center for Medicare and Medicaid Services (CMS) contracts with a diverse mix of
private organizations tasked with a variety of different oversight responsibilities. The
effectiveness of these efforts depends on close collaboration and coordination
between these organizations and federal enforcement agencies.
60 See OEI-06-06-00280: CMS’s Implementation of Safeguards During Fiscal Year 2006 to
Prevent and Detect Fraud and Abuse in Medicare Prescription Drug Plans, October 2007,
at [http://oig.hhs.gov/oei/reports/oei-06-06-00280.pdf].
61 See GAO-06-813: Medicare Integrity Program, Agency Approach for Allocating Funds
Should be Revised, September 2006, at [http://www.gao.gov/new.items/d06813.pdf].

CRS-28
The implementation of the Health Care Fraud and Abuse (HCFAC) and MIP
programs in 1996 provided CMS and Medicare enforcement agencies with a
dedicated funding source to fight fraud and abuse in health care programs. From
1997 through 2005, resources available to fight fraud increased from $0.6 billion to
$1.1 billion, and the number of new civil and criminal fraud enforcement actions
more than doubled. Furthermore, the amount of money transferred to the Hospital
Insurance (HI) Trust Fund as a result of health care fraud enforcement activities has
been steadily increasing. These statistics, however, do not apply to MIP activities,
which receive the largest share of HCFAC funding. Recent Government
Accountability Office (GAO) reports have raised questions about how MIP funding
is being used and have recommended CMS develop more quantitative measures to
assess the impact of MIP program integrity activities in the future.
Outcomes and results from program integrity activities are difficult to assess for
a number of reasons. While perpetrators of fraud and abuse cost the Medicare
program large amounts of money annually, there are no reliable estimates on the size
of the problem. The National Health Care Anti-Fraud Association estimates that
health care fraud accounts for at least 3% of total health care expenditures annually,
but measuring the amount of true fraud is difficult.62 This makes it challenging for
policy makers to determine the extent of resources needed to effectively combat the
problem.
The implementation of the prescription drug benefit presents a new challenge
for CMS and its partners. In addition to increasing expenditures, contracting with
private prescription drug plans to deliver services to beneficiaries adds a new layer
of complexity in administration. Since the start of the prescription drug benefit on
January 1, 2006, policy makers have expressed concerns related to CMS oversight
of the Part D MEDICs, which are responsible for ensuring Medicare integrity in the
Part D benefit. As payments to Part D plans continue to rise over the next several
years, it will be important to monitor the program integrity activities undertaken to
safeguard payments to Part D plans and providers.
Protecting the Medicare program from improper payment, fraud, and abuse is
a complex and challenging undertaking. With fraud perpetrators continually devising
more sophisticated schemes to defraud the system, administrators need to invest in
a broad mix of preventive and investigative techniques to uncover fraud and abuse.
While the permanent authorization of HCFAC and MIP funds have enhanced
Medicare’s program integrity efforts, improvements in oversight are needed to
continue to ensure Medicare beneficiaries access to high quality and appropriate care.
62 See “The Problem of Health Care Fraud,” the National Health Care Anti-Fraud
Association, at [http://www.nhcaa.org/eweb/DynamicPage.aspx?webcode=anti_fraud_
resource_centr&wpscode=TheProblemOfHCFraud], accessed on October 23, 2007.