Medicare Program Integrity: Activities to
Protect Medicare from Payment Errors, Fraud,
and Abuse
Holly Stockdale
Analyst in Health Care Financing
March 15, 2010
Congressional Research Service
7-5700
www.crs.gov
RL34217
CRS Report for Congress
P
repared for Members and Committees of Congress
Medicare Program Integrity
Summary
According to the 2009 Medicare Trustees report, total Medicare expenditures were $468 billion
dollars in 2008 for 45 million beneficiaries. The Office of the Actuary projects overall Medicare
spending to reach $507.1 billion for 2009. Because of a number of factors, such as advances in
health care delivery and technology, an aging population, and overall increases in medical costs,
spending on Medicare services is expected to grow more quickly than spending in the U.S.
economy. As expenditures continue to rise in the nation’s largest health insurance program, efforts
to preserve the integrity of the program receive increased attention from policy makers.
In general, initiatives designed to fight fraud, waste, and abuse are considered program integrity
activities. This includes processes directed at reducing payment errors as well as activities to
prevent, detect, investigate, and ultimately prosecute health care fraud. As the agency responsible
for administering Medicare, the Centers for Medicare and Medicaid Services (CMS) oversees a
network of private contractors that perform various program integrity activities such as auditing
providers, reviewing claims for medical necessity, and conducting investigations. Contractors
develop and refer suspected cases of fraud to the Department of Health and Human Services
Office of the Inspector General (HHS OIG) and the Department of Justice (DOJ) for further
investigation and prosecution.
Medicare program integrity activities are funded in statute, largely through the Health Care Fraud
and Abuse Control (HCFAC) and Medicare Integrity Programs (MIP), which were both
established by the Health Insurance Portability and Accountability Act of 1996 (HIPAA, P.L. 104-
191). The HIPAA legislation provided CMS and federal law enforcement agencies with dedicated
funds to coordinate Federal, state, and local activities to fight health care fraud. Beginning in
FY2009, Congress approved additional discretionary funds to enhance these efforts.
This report provides an overview of Medicare’s program integrity efforts. A description of key
program integrity activities is presented as well as a discussion of the role that private contractors
and law enforcement agencies play in maintaining Medicare’s integrity. Detailed information on
federal funding for program integrity efforts is also presented. The report concludes with a
summary and analysis of recent efforts to oversee Medicare’s program integrity activities.
Congressional Research Service
Medicare Program Integrity
Contents
Introduction ................................................................................................................................ 1
Background on Medicare ............................................................................................................ 2
The Problem of Health Care Fraud.............................................................................................. 3
Overview of Medicare Program Integrity .................................................................................... 5
Types of Program Integrity Activities .......................................................................................... 5
Cost Report Auditing ............................................................................................................ 5
Medical Review .................................................................................................................... 6
Benefit Integrity.................................................................................................................... 6
Medicare Secondary Payer (MSP)......................................................................................... 7
Provider Education................................................................................................................ 7
Medicare-Medicaid Data Match Program .............................................................................. 7
Types of Program Integrity Contractors....................................................................................... 8
Medicare Administrative Contractors (MACs)....................................................................... 8
Program Safeguard Contractors (PSCs) and Zone Program Integrity Contractors
(ZPICs).............................................................................................................................. 8
Medicare Drug Integrity Contractors (MEDICs).................................................................... 9
Recovery Audit Contractors (RACs) ................................................................................... 10
Comprehensive Error Rate Testing (CERT) Contractor........................................................ 10
National Supplier Clearinghouse (NSC) Contractor............................................................. 11
Coordination of Benefits (COB) Contractor......................................................................... 11
Program Integrity Partners ........................................................................................................ 11
Funding for Program Integrity Activities ................................................................................... 12
HCFAC............................................................................................................................... 13
MIP .................................................................................................................................... 13
Discretionary Funding for Program Integrity Activities ....................................................... 14
Other Funding Sources for Program Integrity Activities ...................................................... 15
Oversight of Medicare’s Program Integrity Efforts .................................................................... 15
Improper Payment Rates ..................................................................................................... 16
HCFAC Annual Reports...................................................................................................... 17
GAO HCFAC Reports......................................................................................................... 19
OMB Program Assessment Rating Tool (PART).................................................................. 20
Other GAO Reports ............................................................................................................ 20
OIG Audit and Evaluation Reports ...................................................................................... 21
Concluding Observations .......................................................................................................... 21
Figures
Figure 1. HCFAC Fraud Recoveries and Transfers to the Medicare HI Trust Fund for
FY1998-FY2008.................................................................................................................... 18
Congressional Research Service
Medicare Program Integrity
Tables
Table 1. HCFAC and MIP Mandatory Appropriations for Selected Fiscal Years (1999-
2011) ..................................................................................................................................... 14
Table 2. HCFAC and MIP Discretionary Appropriations for FY2009 - FY2011 ......................... 14
Table 3. Medicare National Paid Claim Error Rates and Gross Improper Payments for
Selected Years Between 1996 and 2009.................................................................................. 16
Table 4. Summary of Health Care Fraud Enforcement Actions for FY1999-FY2008.................. 19
Contacts
Author Contact Information ...................................................................................................... 22
Congressional Research Service
Medicare Program Integrity
Introduction
According to the 2009 Medicare Trustees report, total Medicare expenditures were $468 billion
dollars in 2008 for 45 million beneficiaries.1 The Office of the Actuary projects overall Medicare
spending to reach $507.1 billion in 2009.2 Because of a number of factors, such as advances in
health care delivery and technology, an aging population, and overall increases in medical costs,
spending on Medicare services is expected to grow more quickly than spending in the U.S.
economy. As expenditures continue to rise in the nation’s largest health insurance program, efforts
to preserve the integrity of the program receive increased attention from policy makers.
As the agency responsible for administering Medicare, the Centers for Medicare and Medicaid
(CMS) oversees a network of private contractors that conduct various program integrity activities.
The six main types of activities are (1) conducting provider audits, (2) reviewing claims for
medical necessity, (3) identifying and investigating fraud, (4) ensuring that Medicare pays only
for services for which it has primary responsibility, (5) educating providers on Medicare billing
procedures, and (6) identifying improper billing practices that affect both Medicare and Medicaid.
Contractors refer suspected cases of fraud to the Department of Health and Human Services
Office of the Inspector General (HHS OIG) and the Department of Justice (DOJ) for further
investigation and prosecution.
Medicare program integrity activities are funded in statute, largely through the Health Care Fraud
and Abuse Control (HCFAC) and Medicare Integrity Programs (MIP), which were both
established by the Health Insurance Portability and Accountability Act of 1996 (HIPAA, P.L. 104-
191). The HIPAA legislation provided CMS and federal law enforcement agencies with dedicated
funds to safeguard federal monies and prevent health care fraud, waste, and abuse.3 Beginning in
FY2009, Congress approved an additional discretionary investment of $198 million for FY2009
and $311 million for FY2010 to further enhance Medicare’s program integrity efforts.
This report provides an overview of Medicare’s program integrity activities. The report begins
with an introduction to the problem of health care fraud in Medicare. The report continues with
descriptions of the types of program integrity activities undertaken by CMS to prevent fraud,
waste, and abuse, and a discussion of the role that private contractors and federal law
enforcement agencies play in maintaining Medicare’s integrity. Detailed information on federal
funding for anti-fraud efforts is also presented. The report concludes with a summary and analysis
of recent efforts to oversee Medicare’s program integrity activities.
Although this report addresses program integrity activities undertaken to prevent fraud in
Medicare’s private Part C and D programs, it is largely focused on Medicare’s approaches to
1 CMS Office of the Actuary, 2009 Medicare Board of Trustees Report,
http://www.cms.hhs.gov/ReportsTrustFunds/downloads/tr2009.pdf.
2 CMS Office of the Actuary, National Health Expenditures (NHE) Projections for 2009-2019,
http://www.cms.hhs.gov/NationalHealthExpendData/downloads/proj2009.pdf.
3 Section 1128C of the Social Security Act (SSA) governs the Health Care Fraud and Abuse Control (HCFAC)
program. Section 1893 of the SSA governs the Medicare Integrity Program (MIP).
Congressional Research Service
1
Medicare Program Integrity
ensure integrity in its FFS program (Parts A and B), which constitute the largest share of
Medicare spending.4
Background on Medicare
Medicare is the nation’s health insurance program for persons aged 65 and older and certain
disabled persons. Of the program’s 45 million enrollees, approximately 85% are aged and the
remaining 15% are disabled.5 The majority of Medicare spending, nearly 75%, is for benefits
provided by Parts A and B, the FFS portion of the program otherwise known as “original” or
“traditional” Medicare. The remaining 25% is spent on private health care plans that deliver
Medicare services to beneficiaries under Part C, the Medicare Advantage (MA) program, and Part
D, the new prescription drug benefit.
Medicare consists of four distinct parts: Parts A, B, C, and D. Medicare Part A (Hospital
Insurance) covers inpatient hospital, skilled nursing facility, home health, and hospice services.
Medicare Part B (Supplementary Medical Insurance) covers a variety of other medical services,
such as physician visits, outpatient hospital care, laboratory services, and durable medical
equipment (DME)6. Beneficiaries also have the option to enroll in a private MA plan to receive
all required Part A and B benefits, and a private Prescription Drug Plan (PDP) for prescription
drug benefits. Most beneficiaries who opt to enroll in a private plan choose a MA-PD (Medicare
Advantage Prescription Drug) plan for combined Part C and D coverage. Approximately 75% of
beneficiaries receive services through original Medicare, and 25% receive services through a MA
plan.
Medicare is administered by CMS within the Department of Health and Human Services. CMS
contracts with private entities to oversee day-to-day operations and conduct program integrity
activities for Parts A, B, C, and D. Each year, Medicare contractors process nearly 1.2 billion
claims for over 1 million providers enrolled in the Medicare program. In addition to processing
and paying claims, contractors conduct program integrity functions. Contractor activities are
overseen by two departments within CMS: the Program Integrity Group and the Center for Drug
and Health Plan Choice. The Program Integrity Group is responsible for oversight related to Parts
A and B and the Center for Drug and Health Plan Choice is responsible for oversight activities
related to Part C and D. On February 17, 2010, CMS announced the creation of a new Center for
Program Integrity to oversee both Medicare and Medicaid program integrity activities.7
4 For additional information on oversight of the Part D benefit see CRS Report R40611, Medicare Part D Prescription
Drug Benefit, by Patricia A. Davis.
5 The disabled population includes persons under age 65 who receive cash disability benefits from Social Security or
the Railroad Retirement systems for at least 24 months and persons under age 65 with end stage renal disease (ESRD).
6 DME includes items such as hospital beds, wheelchairs, respirators, walkers, and artificial limbs specifically for home
use.
7 Currently, the Program Integrity Group is overseen by the CMS Office of Financial Management and the Medicaid
Program Integrity Group by the Center for Medicare and Medicaid State Operations. For further information on the
recent CMS reorganization visit: http://thehill.com/blogs/blog-briefing-room/news/81439-medicare-agency-adds-ex-
va-official-plans-reorganization.
Congressional Research Service
2
Medicare Program Integrity
The Problem of Health Care Fraud
Renewed interest in health care reform has focused Congressional attention on the problem of
health care fraud, waste, and abuse. Although the actual dollar value lost to health care fraud is
unknown, fraud analysts and law enforcement officials estimate that anywhere between 3% and
10% of total health care expenditures are lost to fraud on an annual basis.8 Not only does fraud
and abuse contribute to the rising cost of health care, but it can also harm patients, particularly
when medically necessary services are not provided or are provided unnecessarily.
Generally, the term “fraud and abuse” refers to misconduct in the delivery and financing of health
care. Typically one thinks of financial misconduct when discussing health care fraud, however,
delivering poor or substandard quality care has received increased attention from fraud enforcers
in recent years.9 Federal regulations define fraud and abuse separately. Specifically, Medicaid
regulations define fraud as an intentional deception or misrepresentation made by a person with
the knowledge that the deception could result in some unauthorized benefit to himself or some
other person. Similarly, abuse is defined as provider practices that are inconsistent with sound
fiscal, business, or medical practices, and result in an unnecessary cost to the Medicaid program,
or in reimbursement for services that are not medically necessary or fail to meet professionally
recognized standards for health care.10 There is no corresponding definition of fraud and abuse in
Medicare regulations.
Although health care fraud encompasses many different types of erroneous behavior, the types of
fraud schemes being committed today share certain characteristics. According to law enforcement
officials, fraud perpetrators often target public health insurance programs (Medicare and
Medicaid) and private health plans simultaneously. Fraud schemes frequently span multiple states
and can involve both providers of services, many of whom have little or no experience in health
care, and beneficiaries. For example, in several recent cases, fraud perpetrators paid both
providers and senior citizens kickbacks to obtain their billing numbers in order to submit
fraudulent claims to Medicare. Other examples of recent fraudulent activity include billing for
unnecessary services or tests provided to patients, submitting claims for services provided by
unlicensed providers, and illegally marketing drugs or products for higher reimbursements.11
Further, recent fraud investigations have revealed evidence of an increase in organized crime in
health care. At a recent hearing before the House Energy and Commerce Health Subcommittee,
the Inspector General of the Department of Health and Human Services (HHS) testified that
health care fraud has become attractive to perpetrators of organized crime because the penalties
are lower than for other organized crime-related offenses, there are low barriers to entry, fraud
schemes are easily replicated, and a lack of data hampers detection efforts.12
8 The National Health Care Anti-Fraud Association (NHCAA) estimates conservatively that 3% of all health care
spending—or $68 billion—is lost to health care fraud. See NHCAA consumer alert available at:
http://64.211.220.122/eweb/DynamicPage.aspx?webcode=anti_fraud_resource_centr&wpscode=TheProblemOfHCFra
ud. Also see the Federal Bureau of Investigation (FBI) Annual Financial Crimes Report available at:
http://www.fbi.gov/publications/financial/fcs_report2008/financial_crime_2008.htm#health.
9 Alice G. Gosfield, Medicare and Medicaid Fraud and Abuse 2008 Edition, pp. 5-6.
10 42 C.F.R. 455.2.
11 Department of Health and Human Services (HHS) and Department of Justice (DOJ) Annual Health Care Fraud and
Abuse Control (HCFAC) Program Annual Report for FY2008, September 2009,
http://oig.hhs.gov/publications/docs/hcfac/hcfacreport2008.pdf.
12 U.S. Congress, House Committee on Energy and Commerce, Subcommittee on Health, Health Care Reform:
(continued...)
Congressional Research Service
3
Medicare Program Integrity
Although there is some overlap, the types of fraud committed against Medicare’s FFS program
can be different than the types of fraud committed against Medicare’s Part C and D plans. These
differences stem largely from differences in Medicare’s payment structure. In FFS, Medicare pays
providers directly for a specified unit of service delivered to a beneficiary (i.e. procedure, visit,
test, or group of services). This can create an incentive for providers to over-utilize health care
services or provide more care to beneficiaries in order to maximize reimbursement. Examples of
fraudulent activity in the FFS program include:
• Billing for services not furnished and/or supplies not provided.
• Altering claim forms, electronic claim records, medical documentation, etc., to
obtain a higher payment amount (i.e. upcoding).
• Billing for services already provided (i.e. duplicate payments).
• Soliciting, offering, or receiving a kickback, bribe, or rebate, e.g., paying for a
referral of patients in exchange for the ordering of diagnostic tests and other
services or medical equipment.
• Billing non-covered or non-chargeable services as covered items.
• Billing separately for services or equipment included in global rate (i.e.
unbundling).
In contrast, under Parts C and D, Medicare pays private health and PDP plans a fixed monthly
payment amount per enrollee, otherwise known as capitation. The payment amount is made in
advance for a pre-determined set of benefits, either Part A and B benefits administered by a MA
plan or prescription drug benefits administered by a PDP plan. Under capitation, the monthly
payment amount is fixed, regardless of the amount of services provided. Therefore, providers
have an incentive to limit health services or provide fewer services to beneficiaries in order to
maximize reimbursement. In Medicare Parts C and D, types of fraudulent activities may include:
• Engaging in fraudulent marketing practices (i.e. offering beneficiaries a cash
payment to enroll, enrolling beneficiaries without their consent, conducting
unsolicited door-to-door marketing, or using unlicensed agents).
• Selectively enrolling health enrollees (i.e. “cherry picking”).
• Failing to provide medically necessary services.
• Inappropriately overestimating or underestimating bid amounts for payment.
• Imposing excessive beneficiary premiums.
Historically, Medicare’s program integrity approaches have focused on combating fraud in the
FFS sector. However, with enrollment in private Medicare plans on the rise and the addition of
the new Part D drug benefit, program integrity approaches to fight fraud in capitated payment
systems has become increasingly important.
(...continued)
Opportunities to Address Fraud, Waste, and Abuse, Testimony of Daniel R. Levinson, HHS OIG, 111th Cong., June
25, 2009, http://oig.hhs.gov/testimony/docs/2009/06252009_testimony_health_reform.pdf.
Congressional Research Service
4
Medicare Program Integrity
Overview of Medicare Program Integrity
In Medicare, program integrity typically encompasses two types of activities: (1) processes
directed at reducing payment errors or improper payments and (2) activities designed to prevent,
detect, investigate, and ultimately prosecute fraud.
Since 1990, the Government Accountability Office (GAO) has declared Medicare at high risk for
improper payments and fraud due to its size, scope, and decentralized administrative structure.13
To protect the Medicare Trust Fund from improper payments, CMS contracts with private
organizations to review claims to determine whether the services provided are medically
reasonable and necessary. In Medicare, improper payments include both underpayments and
overpayments to providers and largely result from provider billing mistakes or inadvertent claims
processing errors. Although Medicare’s claims review strategies do identify some instances of
fraud, they are not specifically designed to do so. Of the claims that are reviewed, the majority are
reviewed on a post-payment basis.
To protect the Medicare Trust Fund from fraud and abuse, CMS contracts with private
organizations to conduct activities directed at identifying and detecting actual fraud. CMS
typically classifies these functions as benefit integrity activities. Examples of benefit integrity
methods include performing ongoing data analysis of claims to identify aberrant billing patterns,
conducting fraud investigations, auditing providers, contacting Medicare beneficiaries and
providers to verify that medical services were actually provided, and referring suspected cases of
fraud to law enforcement personnel for prosecution. When these activities reveal suspected
fraudulent activity, contractors develop and refer cases to the HHS OIG for further investigation
and administrative sanctions. Fraud cases may then be referred to the DOJ for prosecution.
Types of Program Integrity Activities
To protect Medicare from improper payments, as well as fraud, waste, and abuse, Medicare
contractors have historically conducted six main types of program integrity activities: cost report
auditing, medical review, benefit integrity, Medicare secondary payer, provider education, and
operating a Medicare-Medicaid Data Match Program. These six functions are stipulated in law
and are largely performed as part of CMS’s MIP program.14
Cost Report Auditing
Part A Medicare providers such as hospitals, nursing homes, home health agencies, and other
institutional providers are required to submit cost reports to CMS annually.15 Cost reports contain
13 U.S. Government Accountability Office, High Risk Series: An Update, GAO-09-271, January 2009,
http://www.gao.gov/new.items/d09271.pdf.
14 Section 1893 of the SSA governs the MIP program. Other program integrity methods employed by CMS not
discussed in this report include scrutinizing provider applications upon enrollment, conducting in-person site visits to
provider locations to verify that they meet certain standards, and conducting inspections of provider facilities.
15 Generally, Part A Medicare providers are paid under a prospective payment system (PPS). Under PPS, providers are
paid pre-determined payment amounts based on specified units of service, such as hospital stays. When performing cost
report audits, CMS reviews the few items that could affect a provider’s payment under PPS, such as bad debt, organ
(continued...)
Congressional Research Service
5
Medicare Program Integrity
information on the provider’s allocation of costs across services. CMS contractors analyze these
cost reports by conducting desk reviews. The objective of the desk review is to assess whether the
reported costs are adequate and accurate, and to determine whether a more comprehensive, on-
site audit is necessary. If the desk review reveals problems with the cost report, contractors may
conduct field audits at the provider’s place of business. Field audits are designed to ensure
compliance with Medicare regulations and reimbursement policies and to obtain reasonable
assurance that the cost report was prepared in accordance with Medicare laws, regulations, and
instructions. The cost report auditing activity also includes audits of MA plan cost reports.16 Part
B providers (physicians, outpatient hospital, durable medical equipment providers, and others) are
not required to submit cost reports to CMS.
Medical Review
Medical review activities are designed to identify and prevent payment errors and mistakes in
billing. More specifically, medical review activities are conducted to ensure that a payment is
appropriate for the service that is provided and meets professionally recognized standards of care.
As part of this process, Medicare contractors review claims, largely through the use of automated
computer edits, to verify that the services are (1) covered by Medicare, (2) provided by legitimate
providers, (3) delivered to eligible beneficiaries, and (4) reasonable and medically necessary.17
When an edit reveals a billing error or problem with a claim, contractors may conduct a manual
pre-payment or post-payment claims review, request additional medical documentation from the
provider, or contact beneficiaries to verify that the services were actually provided.18
Benefit Integrity
Benefit integrity involves the identification and investigation of potential fraud cases and referrals
to law enforcement. CMS contractors hired to perform benefit integrity work may conduct
national and regional data analysis to identify aberrant patterns of billing, request medical
documentation from providers to verify services delivered, investigate beneficiary complaints
related to fraud, and educate providers about fraud detection and prevention. When fraud is
suspected, contractors refer cases to the OIG or law enforcement for further investigation,
(...continued)
procurement costs, payments for indirect and direct medical education, and the numbers of low-income patients
hospitals serve. Recent studies conducted by GAO and MEDPAC have questioned the degree to which CMS’s current
audit process assesses the accuracy of Medicare costs for providers paid under PPS. See GAO-06-813, Medicare
Integrity Program: Agency Approach for Allocating Funds Should be Revised, September 2006, http://www.gao.gov/
new.items/d06813.pdf, and MEDPAC, Report to the Congress: Sources of Financial Data on Medicare Providers,
June 2004, http://www.medpac.gov/publications/congressional_reports/june04_990_DataNeeds.pdf.
16 Although the law requires that CMS annually audit the financial records of at least one-third of Part C MA plans, a
GAO report released in July 2007 found that CMS did not document its process for ensuring that it met this
requirement for years 2001-2005. See GAO-07-945, Medicare Advantage: Required Audits of Limited Value, July
2007, http://www.gao.gov/new.items/d07945.pdf.
17 Computerized edits also check for errors such as incomplete or duplicate claims, claims where diagnosis codes do
not match procedure codes, and unallowable code combinations.
18 Manual pre-payment and post-payment claims reviews are initiated only after billing problems have been identified
with a provider. Under pre-payment review, contractors will conduct a manual medical review on a percentage of
claims before payment is made. When conducting post payment review, contractors examine a statistically valid
sample of paid claims from a provider. The majority of the claims that are reviewed are reviewed on a post-payment
basis.
Congressional Research Service
6
Medicare Program Integrity
prosecution, or both. Benefit integrity activities may also include recoupment19 of overpayments
and suspension of future payments when fraud is suspected.
Medicare Secondary Payer (MSP)20
MSP activities ensure that Medicare pays only for those services where it has primary
responsibility for payment. Under MSP rules, Medicare is prohibited from making payments for
any item or service when payment has been made or can reasonably expect to be made by certain
third-party payers. Statutorily, Medicare is the secondary payer to employer-based insurance
plans, auto liability insurance, and workers compensation insurance. CMS maintains a
comprehensive database of all Medicare beneficiaries’ health insurance information and uses the
database to conduct investigations related to MSP.
Provider Education
To help prevent errors and keep providers abreast of any changes in Medicare billing and coding
procedures, contractors are required to conduct regular outreach and educational activities.
Examples of educational activities include seminars, workshops, articles and fact sheets, and
other website publications. Provider education activities also include developing resources for
providers to help them avoid and detect fraud, waste, and abuse. When billing problems or
improper payments are identified, CMS contractors are required to work with Medicare providers
directly to correct mistakes.
Medicare-Medicaid Data Match Program
Referred to as the Medi-Medi program, this activity is designed to identify fraudulent or improper
billing practices that affect both Medicare and Medicaid programs. By matching data across both
programs, CMS investigates atypical billing patterns that may not be evident when analyzing the
data from each program separately. When problems are identified, CMS works with the states to
initiate payment recovery actions. CMS currently has Medi-Medi projects operating in 10
states.21According to HHS, in FY2008, 30 Medi-Medi cases were referred to law enforcement
and over $27 million in overpayments were identified for collection.22
19 Recoupment is recovering a Medicare overpayment by reducing present or future Medicare payments and applying
the amount withheld against the debt.
20 For more information on Medicare Secondary Payer, see CRS Report RL33587, Medicare Secondary Payer -
Coordination of Benefits, by Hinda Chaikind.
21 The Medi-Medi program is currently operating in the following 10 states: California, Texas, Washington,
Pennsylvania, North Carolina, New Jersey, New York, Florida, Ohio, and Illinois. The Deficit Reduction Act of 2005
mandated the expansion of the Medi-Medi program nationwide. However, states receive no funding to participate in the
program. In FY2010, the OIG plans to release a report on CMS’s oversight and monitoring of the Medi-Medi program.
See the OIG’s FY2010 Workplan available at:
http://www.oig.hhs.gov/publications/docs/workplan/2010/Work_Plan_FY_2010.pdf.
22 U.S. Congress, Senate Committee on the Judiciary, Effective Strategies for Preventing Health Care Fraud,
Testimony of HHS Secretary William Corr, 111th Cong., October 28, 2009,
http://www.hhs.gov/asl/testify/2009/10/t20091028a.html.
Congressional Research Service
7
Medicare Program Integrity
Types of Program Integrity Contractors
To conduct program integrity activities, Medicare contracts with an array of different contractors.
The types of activities undertaken by these contractors vary depending on their Statement of
Work (SOW). Some process and pay Medicare claims in addition to performing program integrity
functions (i.e. Medicare Administrative Contractors or MACs). Others specialize solely in
program integrity and fraud prevention activities such as Zone Program Integrity Contractors
(ZPICs), Medicare Drug Integrity Contractors (MEDICs), Recovery Audit Contractors (RACs),
the Comprehensive Error Rate Testing (CERT) contractor, and the Coordination of Benefits
(COB) contractor. A brief description of each of these contractors and their scope of work are
described below. This list is not exhaustive.
Medicare Administrative Contractors (MACs)
Congress, with the passage of the Medicare Prescription Drug, Improvement, and Modernization
Act of 2003 (MMA, P.L. 108-173), mandated that the Secretary contract with MACs to process
and pay Medicare claims.23 Historically, fiscal intermediaries (FIs) performed claims
administration functions for Part A providers (i.e. hospitals and facilities) and carriers performed
claims administration functions for Part B providers (i.e. physicians). The MMA required that
CMS replace the 40+ FIs and carriers with competitively selected MACs. In addition to
processing and paying claims, these contractors perform select program integrity functions,
including medical review of claims, identifying and recovering improper payments, conducting
provider audits, educating providers on appropriate billing practices, and screening beneficiary
complaints related to alleged fraud. The MMA required that CMS replace all FIs and carriers with
MACs by October 2011. Currently, CMS has awarded all 19 MAC contracts – 15 to process
claims for Part A and B providers (A/B MACs) and 4 to process claims for DME providers (DME
MACs). As of January 2010, all 4 DME MACs and 9 A/B MACs were fully operational. The
remaining six A/B MAC contracts are under procurement corrective action.
Program Safeguard Contractors (PSCs) and Zone Program Integrity
Contractors (ZPICs)
Since 1997, Medicare has contracted with PSCs to detect and investigate potential fraud and
abuse in Medicare’s FFS program. CMS is in the process of transitioning these benefit integrity
23 Requiring the Secretary to contract with MACs was part of an overall legislative strategy to reform Medicare’s
administrative structure. Prior to the MMA, CMS was not authorized to select administrative contractors using a
competitive selection process. Due to concerns that the enactment of Medicare would result in a large Federal
intervention in the provision of health care, Section 1816 of the SSA authorized providers such as hospitals and nursing
facilities to nominate their own FIs. Although the statute did afford the Secretary the authority to choose carriers to
process Part B claims, Medicare regulations still limited the Secretary’s flexibility in contracting. For example, the
Secretary was prohibited from terminating an agreement with an administrative contractor without cause or the
opportunity for a public hearing. Additionally, contracts were renewed automatically from year to year and were
required to be cost-based and not performance-based. One goal of implementing the MAC initiative was to make
Medicare contracting more consistent with the standard federal government contracting procedures governed by the
Federal Acquisition Regulation (FAR). Today Section 1874A of the SSA requires that the Secretary use competitive
procedures, which take into account quality as well as price, when selecting its claims processing contractors. The
Secretary is also required to competitively select the MACs at a minimum once every 5 years and is authorized to
include performance incentives in its contracts.
Congressional Research Service
8
Medicare Program Integrity
activities from PSCs to ZPICs. Once fully operational, ZPICs are expected to perform benefit
integrity activities for Medicare Parts A, B, C, and D. Unlike CMS’s contracting strategy for
PSCs, there will not be separate ZPICs responsible for reviewing DME, home health, and hospice
claims. Program integrity activities for all claim types will be conducted under a single ZPIC
contract. ZPICs and PSCs conduct data analysis to identify improper billing patterns, perform
provider audits, investigate fraud leads, refer cases to the OIG or DOJ for prosecution, and
implement administrative actions to recover improper payments (i.e. pre-and post-payment claims
review, payment suspension, payment denial, or recoupment of overpayments).
To facilitate coordination and communication among contractors, CMS established 7 ZPIC zones
to align with the new MAC jurisdictions. The agency plans to have one ZPIC serving each zone.
Five of these zones will encompass states identified by CMS as having high levels of fraudulent
activity (California, Florida, Illinois, New York, and Texas). As of January 2010, CMS had
awarded contracts for 4 ZPIC zones. The ZPICs operating in two of these zones are fully
operational. The remaining two ZPIC awards were protested by other bidders.24 Currently, the
two ZPICs that are operational are performing anti-fraud activities in two of the five high-risk
states – Florida and Texas.
Medicare Drug Integrity Contractors (MEDICs)
Medicare contracts with MEDICs to conduct program integrity activities in the Medicare
prescription drug benefit program.25 At the beginning of FY2009, CMS added fighting fraud,
waste and abuse in Medicare Part C to the scope of work for the MEDICs. The MEDICs perform
many similar functions as the ZPICs, including data analysis to identify patterns of erroneous
billing, conducting investigations, referring cases to the OIG or DOJ for prosecution, and
implementing administrative actions to recover improper payments. MEDICs are also responsible
for auditing the fraud, waste, and abuse compliance programs that are a requirement for
participation as a Part D plan in the Medicare program.26 There are currently two regional
MEDICs under contract to investigate fraud in the prescription drug program nationwide.27
24 CMS issued an RFP for ZPICs on May 1, 2008. On October 8th, 2008 CMS announced that it had awarded the first
two ZPIC contracts to Health Integrity, LLC for Zone 4 (Texas, Oklahoma, Colorado, and New Mexico) and Safeguard
Services, LLC for Zone 7 (Florida, Puerto Rico, and U.S. Virgin Islands). These two ZPICs are fully operational. In
2009, the agency awarded ZPIC contracts for Zone 5 (West Virginia, Virginia, North Carolina, South Carolina,
Georgia, Alabama, Mississippi, Tennessee, Arkansas, and Louisiana) and Zone 2 (Alaska, Washington, Oregon,
Montana, Idaho, Wyoming, Utah, Arizona, North Dakota, South Dakota, Nebraska, Kansas, Iowa, and Missouri) to
AdvanceMed Corporation. Both of these awards to AdvanceMed were subsequently protested by other program
integrity contractors. On January 25, 2010, the GAO upheld the protests for the Zone 2 and Zone 5 ZPIC contracts.
25 For additional information on oversight of the Part D benefit see CRS Report R40611, Medicare Part D Prescription
Drug Benefit, by Patricia A. Davis.
26 According to a recent report released by the OIG, none of these audits were conducted by the MEDICs in FY2008.
See OEI-03-08-00420, Medicare Drug Integrity Contractors' Identification of Potential Part D Fraud and Abuse, HHS
OIG, October 2009, http://oig.hhs.gov/oei/reports/oei-03-08-00420.pdf. As a condition of participation in Medicare,
both MA and PDP plans are required to have in place a compliance plan which should include, among other elements,
measures for detecting, correcting, and preventing fraud, waste, and abuse. Required elements of the plan include
designation of a compliance officer; training, education, and effective lines of communication between the compliance
officer and the organization’s employees; procedures for ensuring prompt response to detected offenses; and
procedures to voluntarily self-report potential fraud or misconduct to CMS (42 C.F.R 423.503 & 42 C.F.R 423.504).
27 CMS awarded contracts to three regional MEDICs in FY2007. The three MEDIC contracts were consolidated into
two in the Fall of 2008 when CMS did not renew the contract for one of the original three MEDICs.
Congressional Research Service
9
Medicare Program Integrity
Recovery Audit Contractors (RACs)
In 2003, Congress authorized a three year demonstration program in the MMA to test the use of a
new type of administrative contractor in Medicare called a RAC. RACs are charged with
identifying improper payments made in Part A and B Medicare and recouping overpayments. In
2006, Congress made the RAC program permanent and mandated its expansion nationwide by the
year 2010.28 On October 6, 2008, CMS announced the names of the four national RACs:
Diversified Collection Services (DCS), CGI Technologies and Solutions (CGI), Connolly
Consulting Associates, and Health Data Insights (HDI). Each RAC is responsible for reviewing
claims for approximately one-fourth of the country. All providers who receive payment under
Parts A and B could be subject to a RAC audit.29 The statute does not authorize RACs to look for
improper payments in the MA or PDP programs.
Although identifying potential fraud is not a RAC responsibility, the RACs are required to refer
claims they believe may be fraudulent to CMS for further investigation. In February 2010, the
OIG released a report indicating that during the three year demonstration program (2005 – 2008)
RACs referred only two cases of potential fraud to CMS.30
Comprehensive Error Rate Testing (CERT) Contractor
CMS contracts with a CERT contractor to calculate improper payment rates for its FFS
program.31 In 2002, Congress enacted the Improper Payments Information Act (IPIA, P.L. 107-
300), which requires federal agencies to estimate and report an annual amount of improper
payments for all programs and activities. The CERT contractor calculates three types of improper
payment rates: 1) a national improper payment rate, 2) contractor-specific improper payment
rates, and 3) improper payment rates by provider type. According to the agency, the contractor-
specific improper payment rates are used to assess MACs, FIs, and carriers performance in
paying claims accurately. The provider-specific rates are to see how well providers’ are
complying with Medicare’s billing and coding requirements. On November 18, 2009, CMS
reported a FY2009 national improper payment rate of 7.8%, or $24.1 billion in paid claims for
original FFS Medicare. CMS produces midyear and annual improper payment reports, which can
be accessed publicly on the agency website.32
28 The legislation also provided CMS with the authority to pay RACs differently than other Medicare contractors,
raising concerns among opponents of the RAC program. Historically, Medicare has paid its administrative contractors
using cost-based contracts. Under a cost-based contract, Medicare reimburses contracting organizations for all
necessary and proper costs incurred during the year. In contrast, the MMA legislation required Medicare pay RACs on
a contingency basis. Under a contingency-based contract, contractors are reimbursed a portion, usually a percentage,
from amounts recovered in improper payments. For additional information on Medicare’s RAC program see CRS
Report R40592, Medicare’s Recovery Audit Contractor (RAC) Program: Background and Issues, by Holly Stockdale.
29 This includes inpatient hospitals, physicians, skilled nursing facilities, inpatient rehabilitation facilities, DME
suppliers, home health agencies, and other Part A or B providers.
30 HHS OIG, Recovery Audit Contractors' Fraud Referrals , OEI-03-09-00130, February 2010,
http://oig.hhs.gov/oei/reports/oei-03-09-00130.pdf.
31 An improper payment is any payment that should not have been made or that was made in an incorrect amount. This
includes duplicate payments, payments to ineligible recipients, payments for ineligible services, or payments for
services not received. In Medicare, improper payments include both underpayments and overpayments to providers and
largely result from provider billing mistakes and inadvertent claims processing errors.
32 To access CMS annual improper payment rate reports see: https://www.cms.hhs.gov/apps/er_report/index.asp.
Congressional Research Service
10
Medicare Program Integrity
National Supplier Clearinghouse (NSC) Contractor
The NSC is responsible for reviewing enrollment applications from DME suppliers and
conducting site visits to confirm their compliance with Medicare enrollment standards (i.e.
maintaining a physical facility and primary business telephone number). DME suppliers are
required to re-enroll in Medicare once every three years in order to continue billing the program.
The NSC conducts mandatory site visits upon initial enrollment and re-enrollment. The NSC may
conduct random, unannounced site visits at other times if there is evidence that a supplier may be
out of compliance. In the most recent (May 2009) Compendium of Unimplemented
Recommendations, the OIG included a recommendation that CMS strengthen the DME supplier
enrollment process by conducting more unannounced site visits.33
Coordination of Benefits (COB) Contractor
The main purpose of the COB contractor is to identify payments that are the responsibility of
another or secondary payer. Statutorily, Medicare is the secondary payer to employer-based
insurance plans, auto liability insurance, and workers compensation insurance. By using data
match programs, the Medicare COB is responsible for the collection, management, and reporting
of other health insurance coverage for Medicare beneficiaries. In January of 2001, the COB
contractor assumed responsibility for researching and conducting all MSP claim investigations.
There is one COB contractor that handles all program integrity functions related to MSP.
Program Integrity Partners
CMS shares responsibility for ensuring Medicare program integrity with the HHS OIG, the DOJ,
and the Federal Bureau of Investigation (FBI). The OIG is an independent unit within HHS that
has the primary responsibility for detecting health care fraud and abuse in all federal health care
programs.34 Most of its work, however, relates to the Medicare and Medicaid programs. The
agency conducts audits of health care programs, providers, and agencies, and it performs criminal
and civil investigations related to specific instances of health care fraud or abuse. CMS
contractors, upon detecting potential fraud, will develop and refer cases to the OIG for further
investigation and possible administrative sanctions.
The OIG has the authority to impose civil monetary penalties35 and program exclusions36 on
Medicare providers that have been convicted of certain fraudulent activities. The OIG does not
33 HHS OIG, Compendium of Unimplemented Recommendations, May 2009,
http://www.oig.hhs.gov/publications/docs/compendium/compendium2009.pdf.
34 For additional information on the authority, duties, and responsibilities of Inspectors General throughout the federal
government see CRS Report 98-379, Statutory Offices of Inspector General: Past and Present, by Frederick M. Kaiser.
35 Section 1128A of the SSA authorizes the Secretary to impose penalties and assessments on persons for engaging in
certain activities. For example, a person who knowingly submits a false claim to a federal health care program is
subject to a penalty of up to $11,000 for each item or service fraudulently claimed, an assessment of up to three times
the amount fraudulently claimed, and possible exclusion.
36 Section 1128 of the SSA authorizes the Secretary to exclude individuals and entities from participation in federal
health care programs. Exclusions are authorized for convictions of criminal offenses related to the delivery of health
care, including (1) Medicare or Medicaid fraud, (2) patient abuse or neglect, (3) felonies for other health care fraud, and
(4) felonies for the illegal manufacture, distribution, prescription, or dispensing of controlled substances. The Secretary
(continued...)
Congressional Research Service
11
Medicare Program Integrity
have the authority to prosecute offenders for violations of federal criminal law. In these instances,
the OIG refers the case to the DOJ for prosecution. During FY2008, the OIG excluded a total of
3,129 individuals and entities from participating in Medicare, Medicaid, and other federal and
state health care programs.37
The FBI is the lead investigative agency in the fight against health care fraud. Unlike the OIG,
which has the authority to investigate fraud only in federal programs, the FBI has jurisdiction
over both federal and private sector insurance programs. Typically, the agency investigates
complex fraud schemes involving large-scale medical providers, such as hospitals and
corporations. The FBI does not have the authority to impose sanctions. In FY2008, 2,434 FBI-led
investigations resulted in 696 criminal health care fraud convictions.38
CMS contractors, the OIG, and the FBI all refer potential health care fraud cases to the DOJ for
prosecution. Within the DOJ, the Civil and Criminal Divisions handle health care fraud. One of
the enforcement tools for prosecuting health care fraud is the False Claims Act (FCA), which
prohibits knowingly submitting false or fraudulent claims to the U.S. government. Lawsuits may
be brought by private plaintiffs, known as relators or whistleblowers, under the FCA.39 There are
also 93 U.S. Attorneys Offices nationwide, which prosecute civil and criminal health care fraud.
During FY2008, prosecutors for the DOJ and U.S. Attorneys Offices opened 957 new criminal
and 843 new civil health care fraud investigations. This is compared to 878 new criminal and 776
new civil health care fraud investigations in FY2007.40
Finally, Medicare beneficiaries are a source for detecting fraud. Beneficiaries who suspect fraud
can call the OIG’s National Fraud Hotline at 1-800-HHS-TIPS. To educate beneficiaries on how
to detect and report fraud and abuse, the Administration on Aging oversees Senior Medicare
Patrol Projects, which recruit retired professionals in all 50 states to conduct one-on-one and
group training sessions for Medicare beneficiaries.41 Contractors investigating anomalies in
billing patterns may also contact beneficiaries to verify that the services claimed were actually
received by the beneficiary.
Funding for Program Integrity Activities
Medicare program integrity and anti-fraud activities are funded through the HCFAC and MIP
programs. HCFAC and MIP were both established by HIPAA, which sought to increase and
(...continued)
has discretionary authority to exclude individuals on other grounds, such as health care fraud offenses involving
misdemeanors, license suspension or revocation, provision of unnecessary or substandard services, submission of false
or fraudulent claims, and engaging in unlawful kickback arrangements.
37 HCFAC Annual Report for 2008.
38 HCFAC Annual Report for 2008.
39 Under the Federal False Claims Act, 31 U.S.C. §§ 3729-3733, private citizens and relators may file suit on behalf of
the U.S. government. Relators are private persons with direct knowledge of health care fraud who file complaints on
behalf of the federal government. They are entitled to a percentage of any fraud recoveries.
40 HCFAC Annual Report for 2008.
41 The OIG collects annual performance data on these projects and its most recent report can be accessed at:
http://www.smpresource.org/Content/NavigationMenu/ResourcesforSMPs/OIGReports/May09OIGPerformanceReport
.pdf .
Congressional Research Service
12
Medicare Program Integrity
stabilize federal funding for health care anti-fraud activities. Specifically, HCFAC funds are
directed to the enforcement and prosecution of health care fraud, whereas MIP funding supports
the program integrity activities undertaken by CMS contractors. Prior to HIPAA, funding for
Medicare’s program integrity activities was taken from CMS’s annual program management
budget, which was subject to the appropriations process. This sometimes led to fluctuations in
funding, as monies originally intended to support program integrity functions were redirected to
fund ongoing Medicare operations, such as day-to-day claims processing functions. With the
passage of HIPAA, HHS was ensured a stable funding source that it could commit to Medicare
anti-fraud activities.42
HCFAC
Section 1128C of the SSA authorizes the establishment of the HCFAC program. The purpose of
the program, which is jointly administered by the Secretary of HHS and the Attorney General, is
to (1) coordinate federal, state, and local law enforcement efforts directed at controlling health
care fraud and abuse; (2) conduct investigations, audits, evaluations, and inspections related to
health care delivery and payment; (3) facilitate the enforcement of criminal and civil monetary
penalties applicable to health care fraud; (4) provide for the establishment of safe harbors,
advisory opinions, and fraud alerts; and (5) support the reporting and disclosure of adverse
actions against health care providers. To fund the program, HIPAA established within the
Hospital Insurance (HI) Trust Fund (Part A) an expenditure account called the HCFAC account.
The HCFAC account funds the anti-fraud activities undertaken by HHS, DOJ, and the FBI. All
amounts equal to monies collected from health care investigations and enforcement efforts are to
be deposited into the HI Trust fund.43
MIP
Section 1893 of the SSA authorizes the establishment of the MIP program. Specifically, the
authorizing language requires the Secretary to enter into contracts with eligible entities to conduct
the following six activities: (1) medical review, (2) audits of cost reports, (3) determinations as to
whether payment should not be, or should not have been, made by Medicare (otherwise known as
Medicare Secondary Payer determinations), (4) education of providers of services, beneficiaries,
and other persons with respect to payment integrity and benefit quality assurance issues, (5)
developing and updating a list of items of DME, which are subject to prior authorization, and (6)
the Medicare-Medicaid Data Match Program, or Medi-Medi program. Table 1 shows HCFAC
and MIP mandatory appropriations for selected fiscal years.
42 In addition, historically, Medicare relied heavily on “pay and chase” methods, which entailed paying claims and then
chasing after providers to recover inappropriate payments. Long-term financial support was intended to assist CMS in
developing more innovative and preventive strategies to combat fraud and abuse, such as reviewing claims prior to
payment as opposed to after payment.
43 As specified in Section 1817(k)(C) of the SSA, amounts equal to the following are to be deposited into the Federal
Hospital Insurance Trust Fund from the U.S. Treasury: (1) amounts equaling unconditional gifts and bequests; (2)
criminal fines recovered in cases involving a federal health care offense as defined in Title 18 U.S.C. § 982(a)(6)(B);
(3) civil monetary penalties and assessments imposed in health care cases, including amounts recovered under titles XI,
XVIII, and XIX, of the SSA and Chapter 38 of Title 31 of the U.S.C.; (4) amounts resulting from the forfeiture of
property by reason of a federal health care offense; and (5) penalties and damages obtained under the False Claims Act,
31 U.S.C. §§ 3729-3933.
Congressional Research Service
13
Medicare Program Integrity
Table 1. HCFAC and MIP Mandatory Appropriations for Selected Fiscal Years (1999-
2011)
(dollars in thousands)
1999
2001 2003 2005 2007 2009 2010
2011
(est)
HCFAC
HHS $8,273 $8,428
$31,143 $31,143 $31,746 $33,892 $33,892 $33,892
DOJ $30,740
$43,469
$49,415 $49,415 $51,793 $55,328 $55,328 $55,328
OIG $98,220
$130,000
$160,000 $160,000 $165,920 $177,205 $177,205 $177,205
FBI $66,000 $88,000
$114,000 $114,000 $118,218 $126,258 $126,258 $126,258
MIP $560,000
$680,000
$720,000 $720,000 $720,000 $720,000
$720,000 $720,000
Medi-
-
-
-
- $24,000 $48,000 $60,000 $60,000
Medi
TOTAL $763,233 $949,897 $1,074,558 $1,074,558 $1,111,677 $1,160,683 $1,172,683 $1,172,683
Source: HCFAC Annual Reports for FY1999-FY2008, CMS Justification of Estimates for Appropriations
Committees FY2003-FY2011, and GAO Reviews of HCFAC Reports.
Discretionary Funding for Program Integrity Activities
Although CMS has requested additional discretionary funds to supplement the mandatory
HCFAC appropriation since 2006, Congress didn’t actually approve the adjustment until 2009.
The FY2009 discretionary appropriation included $147 million for MIP, $19 million for the DOJ,
$19 million for the OIG, and $13 million for CMS for a total of $198 million. For FY2010
Congress approved an additional $311 million in discretionary funding for the HCFAC program,
an increase of $113 million over the FY2009 level. The President’s budget request for FY2011
includes $561 million for Medicare and Medicaid program integrity activities, an increase of
$250 million over the FY2010 level. If approved, total funding for HCFAC in FY2011 would
amount to $1.7 billion. Table 2 shows HCFAC and MIP discretionary appropriations for FY2009-
FY2011.
Table 2. HCFAC and MIP Discretionary Appropriations for FY2009 - FY2011
(dollars in thousands)
2009
2010
2011
(est)
HCFAC
DOJ
$18,967
$29,790
$90,003
OIG
$18,967
$29,790
$94,830
CMS
$13,028
$31,100
$47,744
MIP
$147,038
$220,320
$328,423
TOTAL $198,000
$311,000
$561,000
Source: CMS Justification of Estimates for Appropriations Committees FY2009-FY2011.
Congressional Research Service
14
Medicare Program Integrity
The President expects this additional discretionary investment for FY2011 to save approximately
$9.9 billion over ten years (FY2011 – FY2021).44 The budget request indicates that the agency
plans to allocate $328.4 million of the $561 million to fighting fraud in Medicare, $47.7 million
for program integrity activities in Medicaid, $90 million to the DOJ, and $94.8 million to the
OIG. Approximately 50% of the $328.4 million for Medicare would be used to fund oversight
activities in the MA and Part D programs. The remaining 50% would be directed towards
expanding enforcement activities ($16.3M), increasing program oversight ($20.8M),
implementing specific administrative and legislative proposals targeted towards fraudulent
providers ($71.0M), funding regional fraud hotlines ($19.3M), conducting site visits to DME
suppliers ($17.4M), expanding data analysis activities ($14.5M), and enhanced provider oversight
efforts ($10.5M).45
Other Funding Sources for Program Integrity Activities
In addition to HCFAC and MIP mandatory funds, each year Congress appropriates discretionary
funds to support overseeing and administering Medicare, Medicaid, and the Children’s Health
Insurance Program (CHIP). These monies are appropriated into CMS’s program management
account. For FY2010, Congress approved $3.5 billion for these activities, which include
processing provider claims, paying the salaries of CMS staff, inspecting participating health care
facilities, and conducting research and demonstrations. A portion of these funds are directed to
program integrity functions.
Oversight of Medicare’s Program Integrity Efforts
There are a limited number of performance statistics and reports available to help policy makers
evaluate the success of Medicare’s program integrity efforts. Studies to date have generally
examined the performance of the HCFAC and MIP programs separately. When the HIPAA
legislation was passed in 1996, Congress mandated that DOJ and HHS report annually the results
and accomplishments of its HCFAC efforts to the public. The legislation also requires that the
GAO biennially assess the appropriateness and adequacy of HCFAC expenditures for fraud
control efforts. However, Congress did not require that HHS, DOJ, or GAO evaluate the MIP
program as part of these assessments. As a result, there is less empirical data available on MIP
performance than on the results of the HCFAC program. To date, the most comprehensive
evaluation on MIP program integrity efforts was a study released by GAO in September of 2006,
which identified weaknesses in the methods CMS uses to allocate funds across five MIP program
integrity activities (cost report auditing, medical review, benefit integrity, Medicare secondary
payer, and provider education). This section summarizes findings from reviews and studies
conducted on the HCFAC and MIP programs during the past decade.
44 Department of Health and Human Services Budget in Brief for 2011, p.2,
http://www.hhs.gov/asrt/ob/docbudget/2011budgetinbrief.pdf.
45 CMS Justification of Estimates for Appropriations Committees Fiscal Year 2011, pp. 161-178,
http://www.cms.hhs.gov/PerformanceBudget/Downloads/CMSFY11CJ.pdf.
Congressional Research Service
15
Medicare Program Integrity
Improper Payment Rates
When assessing the performance of the MIP program, CMS relies on statistics measuring the
percentage of improper payments Medicare makes to providers each year. On November 18,
2009, CMS reported a FY2009 improper payment rate of 7.8%, or $24.1 billion in paid claims for
original FFS Medicare. This is compared to a rate of 3.6% or $10.4 billion for FY2008. The
agency attributes the increase between FY2008 and FY2009 to the application of stricter
standards for reviewing claims.46 At the same time CMS announced a calendar year 2007
improper payment rate of 15.4% or $12.0 billion for its MA program. This is compared to an
improper payment rate of 10.6% or $6.8 billion for MA in 2006. An improper payment rate for
Medicare Part D is under development.
Despite its value as a tool for estimating payment accuracy and administrative efficiency in
claims processing, the improper payment rate does not measure fraud and abuse in the Medicare
program. It is mainly a measure of administrative errors. The main types of payment errors in the
FFS program are incorrect coding by providers, claims for medically unnecessary services, and
claims submitted with insufficient or no documentation. According to the agency, the Part C
payment error rate primarily reflects health plan errors in documenting members' diagnoses.
Table 3 lists the national paid claims error rates and the total in gross improper payments for
selected years between 1996 and 2009.
Table 3. Medicare National Paid Claim Error Rates and Gross Improper Payments
for Selected Years Between 1996 and 2009
(dollars in billions)
Year
National Paid Claims Error Rate (as a % of FFS expenditures)
Gross Improper Paymentsa
1996 14.2%
$23.2
1998 8.4%
$14.9
2000 9.4%
$16.4
2002 8.0%
$17.1
2004b 10.1%
$21.7
2006 4.4%
$10.8
2008 3.6%
$10.4
2009 7.8%
$24.1
Source: CMS and OIG Improper Payment Rate Reports for years 1996-2009.
a. CMS arrives at a gross improper payment amount by adding underpayments to overpayments.
46 See CMS Press Release dated November 18, 2009, available at: [H:\CMS Administration\Improper Payments\HOW
NEW STANDARDS FOR TOUGHER ERROR RATE WERE APPLIED IN THIS YEARS 2009 IMPROPER
PAYMENTS REPORT.mht. Prior to 2008, Medicare’s Quality Improvement Organizations (QIO) were responsible for
calculating the error rate for inpatient hospitals. The improper payment rate for all other FFS claims was calculated by
the agency’s CERT contractor. Beginning in 2009, the agency transferred the responsibility for calculating the
improper payment rate for inpatient hospitals from the QIOs to the CERT contractor. According to the agency, at least
one reason for the increase in the FFS error rates between 2008 and 2009 was that the QIOs were using different claims
review processes and a different measurement methodology to calculate the amount of improper payments. Now that
the CERT contractor is responsible for reviewing all FFS claims, the review procedures for inpatient hospital claims are
consistent with the review procedures applied to all other FFS claims.
Congressional Research Service
16
Medicare Program Integrity
b. From 1996-2002, the OIG calculated an error rate based on approximately 6,000 claims. Beginning in 2003,
CMS took over the calculation of the error rate from OIG and expanded the sample of claims reviewed
from 6,000 to approximately 128,000.
Over the years the adequacy and accuracy of CMS’s calculation of the Medicare FFS improper
payment rate has been questioned by the GAO and the OIG. In April 2006, the GAO reported that
the significant reduction in Medicare’s national paid claims error rate after 2004 was largely due
to CMS’s efforts to educate providers about the importance of submitting documentation to
justify payments. When providers do not respond to requests for additional documentation, CMS
automatically counts the payments as erroneous. According to GAO, despite the success and
importance of these educational efforts, they do not reflect an improvement in payment
safeguards or internal controls implemented by CMS.47
HCFAC Annual Reports
HIPAA requires that every year HHS and the DOJ release a joint annual report to Congress on
HCFAC results and accomplishments. Typically, these reports are released late summer or early
fall and include numbers and examples of enforcement actions, program accomplishments, and
amounts deposited into the HI Trust Fund resulting from health care fraud enforcement activities.
Congress did not require that HHS and DOJ include expenditures or results for the MIP program
in these reports. Therefore, they are only an indication of HCFAC’s successes and challenges in
the area of health care fraud enforcement and prosecution and not fraud prevention, which is a
key objective of the MIP program. In addition, the authors do not separate out funding and
expenditures for specific enforcement actions related to Medicare, Medicaid, or other federal
health care programs.48 The most recent annual HCFAC report released in November 2009
indicates that the federal government won or negotiated approximately $1.0 billion in judgments
and settlements (fraud recoveries) during FY2008 and returned $1.94 billion to the HI Trust Fund
(transfers).49
Figure 1 summarizes HCFAC fraud recoveries and transfers to the HI Trust Fund for fiscal years
1998 through 2008. The difference between the amount collected in fraud recoveries and the
amount transferred to the HI Trust Fund in any given year can be attributed to the fact that fraud
litigation is a lengthy process that can sometimes take several years. As a result, some of the
judgments, settlements, and administrative actions won in one year may not result in monies
being transferred to the trust fund until one or more years later.
47 GAO-06-581T, Challenges Continue in Meeting Requirements of the Improper Payments Information Act, April
2006, http://www.gao.gov/new.items/d06581t.pdf.
48 The HIPAA legislation does not require that HHS or DOJ separately track Medicare and non-Medicare expenditures.
DOJ officials commented in a 2002 GAO Report on the HCFAC program that it is not practical to separate non-
Medicare and Medicare expenditures because of the nature of health care fraud (GAO-02-731: Medicare, Health Care
Fraud and Abuse Control Program for Fiscal Years 2000 and 2001, June 2002). Health care fraud cases typically cross
several health care programs, making it difficult to attribute expenses and recoveries to separate programs.
49 HCFAC Annual Report for 2008.
Congressional Research Service
17
Medicare Program Integrity
Figure 1. HCFAC Fraud Recoveries and Transfers to the Medicare HI Trust Fund for
FY1998-FY2008
Dollars in billions
$2.5
$2.0
$1.5
Fraud Recoveries
Transfers to the Trust Fund
$1.0
$0.5
$0.0
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
Source: HCFAC Annual Reports, FY1998-FY2008.
Recoveries are amounts won or negotiated by the OIG and DOJ in any given year. They include
criminal fines, civil monetary penalties, forfeitures, civil settlements and judgments. Recoveries
vary annually depending on the number and types of fraud cases that are prosecuted. Between
1999 and 2003, recoveries steadily increased from $0.5 to $1.8 billion. Recoveries then dropped
over $1 billion between 2003 and 2004. Recoveries rose again from $0.6 billion in 2004 to a high
of $2.2 billion in 2006. Recoveries have since dropped again to $1.0 billion in 2008. The
considerable increase in recoveries in 2006 can be attributed to a large settlement negotiated with
Tenet Healthcare Corporation, operator of the nation’s second largest hospital chain. Tenet agreed
to pay the United States more than $900 million over a four-year period for unlawful billing
practices impacting the Medicare, Medicaid, and TRICARE programs.
Transfers are amounts collected resulting from HCFAC enforcement efforts. Between fiscal years
1998 and 2002, transfers to the Trust Fund steadily increased from $0.3 billion dollars in 1998 to
$1.4 billion dollars in 2002. After a drop to $0.7 billion in 2003, returns again increased between
2004 and 2006, holding relatively steady at approximately $1.5 billion. Transfers again dropped
in FY2007 to $0.8 billion only to accelerate over $1 billion dollars in FY2008 to $1.94 billion –
the largest amount collected over the program’s ten year existence. According to the November
2009 HCFAC report, federal health care fraud enforcement activities have returned over $13.1
billion dollars to the Medicare Trust Funds since 1997.
Congressional Research Service
18
Medicare Program Integrity
Table 4 shows the number of enforcement actions, including new criminal and civil health care
fraud investigations and program exclusions for fiscal years 1999 through 2008. The number of
new civil and criminal investigations has accelerated over the past ten years. However, there is
debate as to whether this rise in enforcement actions is actually the result of more fraud and abuse
in Medicare. Some experts contend that the increase is the result of having more resources to
fight and detect illegal behavior, as opposed to an actual increase in the amount of fraud. Others
note that the definition of what constitutes health care fraud has expanded over the years, making
it appear as though fraud has escalated when the actual level has remained relatively steady.50
Table 4. Summary of Health Care Fraud Enforcement Actions for FY1999-FY2008
1999 2000 2001 2002 2003 2004 2005 2006 2007 2008
New
371 457 445 361 870
1,002 935 836 878 957
Criminal
Investigations
New Civil
91 233 188 221 231 868 778 915 776 843
Investigations
Program
2,976 3,350 3,746 3,448 3,275 3,293 3,804 3,422 3,308 3,129
Exclusions
Source: HCFAC Annual Reports, FY1999-FY2008.
GAO HCFAC Reports
HIPAA also required that GAO submit a report to Congress every two years on HCFAC
appropriations and deposits. Starting in June 1998, GAO released four reports using data from the
HCFAC annual reports for years 1997 through 2003. The most recent and final report, released in
April 2005, reviewed HCFAC activities for years 2002 and 2003.51 Similar to the HCFAC annual
reports, these studies do not include MIP in their analysis. In all four reports, GAO noted that
while HCFAC deposit amounts reported to the HI Trust Fund were consistent with the HIPAA
legislation, HHS included a measure of cost savings resulting from health care fraud enforcement
efforts that could not entirely be attributed to the HCFAC program.52 In addition, because fraud
investigation and litigation can take several years, savings may not be realized until future years.
The Office of Management and Budget (OMB) echoed a similar finding in its Program
Assessment Rating Tool (PART) evaluation of the HCFAC program in 2004 (see description
below). Despite this weakness, GAO consistently found HHS and DOJ’s accounting of HCFAC
deposits and expenditures to be fiscally appropriate and accurate.
50 Health Care Fraud and Abuse: Practical Perspectives, Chapter 4, 2004.
51 GAO-05-134, Health Care Fraud and Abuse Control Program: Results of Review of Annual Reports for Fiscal Years
2002 and 2003, April 2005, http://www.gao.gov/new.items/d05134.pdf.
52 The OIG defines cost savings as funds put to better use as a result of implemented legislative or other program
initiatives.
Congressional Research Service
19
Medicare Program Integrity
OMB Program Assessment Rating Tool (PART)53
In 2002, OMB evaluated the HCFAC and MIP programs separately using the PART, a 25-
question survey addressing federal agency management and performance. The agency noted
conflicting assessments for both programs. HCFAC received a “results not demonstrated” rating
and criticized the OIG for not having sufficient performance measures to assess the program’s
progress in reducing fraud, waste, and abuse. Specifically, OMB noted that savings is not a good
indicator of performance because it is too difficult to ascertain how much of the reported savings
is the direct result of HCFAC activities conducted during the previous year.
In contrast, the agency gave MIP an “effective” rating—the highest rating a program can receive.
OMB attributes this largely to the OIG and CMS’s measurement and reduction of the annual
Medicare improper payment rate. CMS often cites the improper payment rate as a measure of its
performance in protecting Medicare from fraud, waste, and abuse. In the PART report, OMB
notes that at the time MIP was created in 1996, OIG estimated the improper payment rate at
14.2%. By 2006, the rate had dropped to 4.4% and by 2008 to 3.6%. However, as noted in Table
3, the Medicare improper payment rate rose to 7.8% in 2009.
Other GAO Reports
Subsequent GAO reports released over the last few years have raised questions about how
HCFAC and MIP funding are being used. An April 2005 report on HCFAC funding for the FBI
found that the agency could not adequately demonstrate that its share of HCFAC expenditures for
FY2000-FY2003 were used for health care investigations. The study showed that funds
previously devoted to fighting health care fraud at the FBI had been shifted to counterterrorism
activities.54
In a report released in September 2006, the GAO identified weaknesses in CMS’s approach for
allocating MIP funds across the various program integrity activities (cost report auditing, medical
review, benefit integrity, Medicare secondary payer, and provider education).55 GAO noted that
CMS bases its MIP allocation decisions on historical funding levels, as opposed to examining the
relative effectiveness of one activity to another in ensuring Medicare program integrity. For
example, despite receiving the largest share of MIP funds in FY2005, CMS has not yet developed
a reliable quantitative measure to assess the impact of cost report audits of Part A providers on
preventing fraud, waste, and abuse. GAO recommended that CMS develop additional methods
for allocating MIP funds that take into account the effectiveness of MIP activities, as well as
contractor performance, particularly in light of new vulnerabilities related to the prescription drug
benefit.
53 See Office of Management and Budget Program Assessment Rating Tool website at
http://www.whitehouse.gov/omb/rewrite/part/index.html for PART assessments of the MIP and HCFAC programs.
54 GAO-05-388, Federal Bureau of Investigation: Accountability over the HIPAA Funding of Health Care
Investigations is Inadequate, April 2005, http://www.gao.gov/new.items/d05388.pdf.
55 GAO-06-813, Medicare Integrity Program, Agency Approach for Allocating Funds Should be Revised, September
2006, http://www.gao.gov/new.items/d06813.pdf.
Congressional Research Service
20
Medicare Program Integrity
OIG Audit and Evaluation Reports
Every year the OIG conducts audits, evaluations, and investigations of HHS programs. The
recommendations that result from these assessments help lawmakers determine policies to
improve the management and operations of these programs. In addition to individual audit and
evaluation reports, the agency develops a number of annual reports synthesizing the outcomes of
its work. For example, in its FY2009 Compendium of Unimplemented OIG recommendations,
the agency identified the following priority recommendations for HHS to strengthen Medicare
program integrity: implementing safeguards to prevent and detect fraud and abuse in Medicare
Part D, ensuring DME Suppliers’ compliance with Medicare standards, modifying payments to
managed care organizations, improving CMS’s performance evaluation process for PSCs, and
improving oversight of hospices.56 The OIG also produces an annual work plan describing the
reviews and audits it plans to pursue in the coming year. For FY2010, the agency plans to conduct
over 100 studies and audits related to Medicare, the majority of which are related to Medicare
Parts A and B.57
Concluding Observations
Program integrity activities encompass a broad set of strategies and processes designed to meet
numerous objectives, including preventing improper payments, identifying and detecting fraud,
investigating individuals suspected of committing Medicare fraud, and prosecuting offenders. To
carry out the six main types of program integrity activities, CMS contracts with a number of
different private organizations. The effectiveness of these efforts depends on close collaboration
and coordination between CMS, its contractors, the OIG, and federal and state law enforcement
agencies.
The implementation of HCFAC and MIP in 1996 provided CMS and Medicare enforcement
agencies with a dedicated funding source to coordinate Federal, state, and local activities to fight
health care fraud. From 1999 through 2009, resources available for program integrity and anti-
fraud efforts increased from an estimated $0.8 billion in FY1999 to approximately $1.4 billion in
FY2009, and the number of new civil and criminal fraud enforcement actions more than tripled.
Furthermore, the amount of money transferred to the Medicare Trust Funds as a result of health
care fraud enforcement activities has been steadily increasing. These statistics, however, do not
apply to MIP activities, which receive the largest share of HCFAC funding. Recent GAO reports
have raised questions about how MIP funding is being used and have recommended CMS
develop more quantitative measures to assess the impact of MIP program integrity activities in
the future.
Protecting Medicare from improper payments, fraud, and abuse is a complex and challenging
undertaking for a number of reasons. To begin with, there are no reliable estimates on the actual
amount of health care fraud, which makes it challenging for policy makers to determine the extent
of resources needed to respond to the problem. Furthermore, fraud perpetrators are quick to adapt
to investigative techniques and are continually devising more sophisticated schemes to defraud
the system. Therefore, policymakers and administrators need to invest in a diverse mix of
56 The OIG Compendium of Unimplemented Office of Inspector General Recommendations can be accessed at:
http://www.oig.hhs.gov/publications/compendium.asp.
57 The annual OIG Work Plan can be accessed at: http://www.oig.hhs.gov/publications/workplan.asp.
Congressional Research Service
21
Medicare Program Integrity
preventive and investigative program integrity methods to reduce Medicare’s vulnerability to
fraudulent activity. In recent years, fraud experts have urged CMS to adopt more preventive
techniques to protect the program, such as increasing the volume of claims it reviews on a pre-
payment basis, applying stricter standards when reviewing provider enrollment applications, and
conducting background checks on providers prior to allowing them to bill the Medicare program.
In its FY2011 budget request, the agency indicates that it plans to direct at least $10.5 million in
discretionary funding to conduct site visits and background checks of providers prior to
enrollment.
As Medicare continues to grow in size and complexity, developing innovative strategies to ensure
the integrity of the program become increasingly important. Both the House and Senate health
care reform bills contain numerous provisions designed to strengthen Medicare’s program
integrity activities. For example, both bills would increase funding for the HCFAC program,
introduce new penalties for fraudulent behavior, subject providers and suppliers to enhanced
screening before allowing them to participate in Medicare, and require providers to establish
compliance programs. The President’s health reform proposal also includes provisions directed at
reducing health care fraud, including requiring the establishment of a database to store
information on health care fraud sanctions and modifying statutory requirements related to the
pre-payment review of claims.
Author Contact Information
Holly Stockdale
Analyst in Health Care Financing
hstockdale@crs.loc.gov, 7-9553
Congressional Research Service
22