Contents

• Introduction
• Medicare Background
• Medicare Administration and Program Management
• Center for Program Integrity
• Health Care Fraud and Abuse
• Medicare Program Integrity Overview
• Medicare Vulnerability to Fraud and Abuse
• Program Integrity Activities
• Provider Auditing
• Medical Review
• Benefit Integrity
• Medicare Secondary Payer
• Provider Outreach and Education
• Medicare-Medicaid (Medi-Medi) Data Match Program
• Program Integrity Contractors
• Medicare Administrative Contractors (MACs)
• Program Safeguard Contractors (PSCs) and Zone Program Integrity Contractors (ZPICs)
• Medicare Drug Integrity Contractors (MEDICs)
• Recovery Audit Contractors (RACs)
• Comprehensive Error Rate Testing (CERT) Contractor
• National Supplier Clearinghouse (NSC) Contractor
• Coordination of Benefits (COB) Contractor
• Program Integrity Partners
• Program Integrity Funding
• Health Care Fraud and Abuse Control (HCFAC) Program
• Medicare Integrity Program (MIP)
• Discretionary Funding for Program Integrity Activities
• Other Program Integrity Activity Funding Sources
• CMS's Medicare Program Integrity Oversight
• Improper Payment Rates
• FFS Improper Payment Error Rate
• Medicare Advantage (MA) Payment Error Rates
• Part D Payment Error Rate
• Health Care Fraud and Abuse Control (HCFAC) Annual Reports
• GAO Health Care Fraud and Abuse Control (HCFAC) Reports
• Other GAO Reports
• Office of the Inspector General (HHS/OIG) Audit and Evaluation Reports
• Recent Program Integrity Initiatives
• Congressional Action: Hearings
• Congressional Action, New Laws: Patient Protection and Affordable Care Act (PPACA, P.L. 111-148)
• Congressional Action, New Laws: Small Business and Jobs Act of 2010 (SBJA, P.L. 111-240)
• Congressional Action, Proposed Legislation: Budget Control Act of 2011 (BCA, P.L. 112-25)
• Administration Action: Executive Orders and Memorandums
• Administration Action: FY2012 Budget Request
• Concluding Observations

Summary

Since 1990, the Government Accountability Office (GAO) has identified the Medicare program as at risk for improper payments and fraud, and, since 2004, has issued 12 products documenting various program vulnerabilities. As noted by GAO and other public and private analysts, Medicare's vulnerability to fraud and abuse arises from the program's size, complexity, decentralization, and administrative requirements. Although a good estimate of the dollar amount lost to Medicare fraud and abuse is open to discussion, analysts agree that billions of dollars are lost. Administering the volume of claims (more than 4.5 million per work day) from Medicare's many providers and suppliers (over 1 million) is a daunting task. Requirements to process and pay provider reimbursement claims quickly have set up a "pay and chase" approach that complicates program integrity efforts.

In general, initiatives designed to fight fraud and abuse are considered program integrity activities. These include processes directed at reducing payment errors as well as activities to prevent, detect, investigate, and ultimately prosecute health care fraud. The Centers for Medicare & Medicaid Services (CMS), the agency within the Department of Health and Human Services (HHS) responsible for Medicare administration and program integrity, oversees private contractors that perform activities such as provider audits, reviewing claims for medical necessity, and conducting investigations. These contractors develop and refer suspected fraud cases to the HHS Office of the Inspector General (HHS/OIG) and the Department of Justice (DOJ) for further investigation and prosecution.

CMS has made considerable progress in improving program integrity oversight as well as in reporting on Medicare program integrity. With increased mandatory and discretionary funding, CMS's ability to wage a consistent, coordinated program integrity campaign has improved. Nonetheless, some issues remain, including the need to further improve the identification, monitoring, and reporting of fraud and abuse, and to provide more information on program integrity resource allocation decisions and results.

Medicare program integrity activities are funded in statute, largely through the Health Care Fraud and Abuse Control (HCFAC) and Medicare Integrity Programs (MIP), which were both established by the Health Insurance Portability and Accountability Act of 1996 (HIPAA, P.L. 104-191). HIPAA provided CMS and federal law enforcement agencies with dedicated funds to coordinate federal, state, and local activities to fight health care fraud. Beginning in FY2009, Congress approved additional discretionary funds to enhance these efforts. Further HCFAC funding was provided under health care reform—the Patient Protection and Affordable Care Act (PPACA, P.L. 111-148 as amended). PPACA increased HCFAC mandatory funding by $350 million over the period from FY2011 to FY2020. PPACA also strengthened and added a number of new tools for CMS to help bolster Medicare's program integrity activities.

This report provides an overview of Medicare program integrity. A description of key program integrity activities is presented as well as a discussion of the role that private contractors and law enforcement agencies play in maintaining Medicare's integrity. Detailed information on federal funding for program integrity efforts also is presented. The report concludes with a summary and analysis of Medicare's program integrity oversight and a discussion of recent initiatives, including program integrity provisions in the Budget Control Act of 2011 (BCA, P.L. 112-25), which became law on August 2, 2011.

---

Medicare Program Integrity: Activities to Protect Medicare from Payment Errors, Fraud, and Abuse

Introduction

According to the 2011 Medicare Trustees report, total Medicare expenditures were $523 billion in 2010 for 47.5 million beneficiaries.¹ The Centers for Medicare & Medicaid Services (CMS) Office of the Actuary projected overall Medicare spending will reach $557.4 billion in 2011.² Due to a number of factors such as advances in health care delivery and technology, an aging population, and overall increases in medical costs, Medicare spending has been projected to grow more quickly than spending in the overall U.S. economy. As expenditures continue to rise in the nation's largest health insurance program, efforts to preserve Medicare's program integrity have attracted increased attention.

As the agency responsible for administering Medicare, CMS contracts with a number of private entities to conduct program integrity activities. Program integrity includes the following six main activities:

• 1. Conducting provider audits.
• 2. Reviewing claims for medical necessity.
• 3. Identifying and investigating fraud.
• 4. Ensuring that Medicare pays only for services for which it has primary responsibility.
• 5. Educating providers on Medicare billing procedures.
• 6. Identifying improper billing practices that affect both Medicare and Medicaid.

Once these contractors identify suspected fraud, they refer the cases to Medicare administrative contractors (MACs) to recover overpayments and, where appropriate, to the Department of Health and Human Services Office of the Inspector General (HHS/OIG) and the Department of Justice (DOJ) for further investigation and prosecution.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA, P.L. 104-191) amended the Social Security Act (SSA) Section 1817(k) to establish an appropriation from the Medicare Trust Fund to an expenditure account, called the Health Care Fraud and Abuse Control Account (HCFAC Account). The amount transferred from the Medicare Trust Funds is jointly certified by the Secretary of the Department of Health and Human Services (the Secretary) and Attorney General as necessary to finance anti-fraud activities. The maximum amounts available for certification are specified in law.

HIPAA also established an additional annual Medicare Integrity Program (MIP) appropriation. Mandatory annual MIP appropriations are transferred from the Medicare Trust Funds to the HCFAC Account, and HIPAA specified the maximum amounts available for MIP. The maximum MIP appropriations are adjusted for inflation and are available until expended. HIPAA required that the HHS/OIG and the Attorney General submit an annual report to Congress on selected HCFAC activities, but not MIP activities. GAO submitted four biennial reports on HCFAC-funded activities (not MIP activities) as required by HIPAA. In FY2010 and FY2011 respectively, the HCFAC Account received mandatory appropriations of approximately $1.17 billion and approximately $1.4 billion.³ Beginning in FY2009, Congress approved additional discretionary investments of $198 million for FY2009, $311 million for FY2010, and $311 million for FY2011 to further enhance Medicare's program integrity efforts.

This report presents an overview of Medicare program integrity activities including the following major areas: an introduction to Medicare health care fraud; a description of CMS's program integrity activities; a discussion of the roles played by private contractors and federal law enforcement agencies in maintaining Medicare program integrity; details on federal anti-fraud funding; analysis of CMS's Medicare program integrity activities; and a summary of recent program integrity initiatives.

Medicare Background

Medicare is the nation's health insurance program for most people age 65 and older and certain disabled individuals.⁴ Of Medicare's 47.5 million enrollees in 2010, approximately 85% are over 65 and the remaining 15% are disabled.⁵ Medicare consists of the following four distinct parts—Parts A, B, C, and D:

• Part A (Hospital Insurance) covers inpatient hospital, skilled nursing facility, home health, and hospice services.
• Part B (Supplementary Medical Insurance) covers other medical services, such as physician visits, outpatient hospital care, laboratory services, and durable medical equipment (DME).⁶
• Part C refers to the option beneficiaries have to receive all Parts A and B services through a private Medicare Advantage (MA) health plan.
• Part D covers outpatient prescription drugs, which are provided by private prescription drug plans (PDPs). Many Medicare beneficiaries who enroll in private, Part C, health plans, choose MA-PD (Medicare Advantage – Prescription Drug) plans for combined Parts C and D coverage.

The majority of beneficiaries, nearly 75%, receive benefits through Medicare's fee-for-service (FFS) program, known as "original" or "traditional" Medicare. The remaining beneficiaries, approximately 25%, chose to enroll in private health care plans under Medicare Part C, the Medicare Advantage (MA) program. Approximately 73% (34.6 million beneficiaries) of Medicare beneficiaries chose to enroll in Part D, the outpatient prescription drug program.⁷

Medicare Administration and Program Management

CMS, one of the Department of Health and Human Services (HHS) operating divisions, has responsibility for oversight of all aspects of Medicare.⁸ In addition to Medicare oversight, CMS administers Medicare Parts A and B and operates Parts C and D through contracts with a number of private organizations. CMS funds Medicare administration through a discretionary budget request for program management, where program management includes activities such as paying Medicare Parts A and B claims processing contractors, quality reporting and incentive payments, health plan oversight, provider and beneficiary outreach, administrative simplification, and information technology infrastructure. Program management funds are transferred from the Medicare Trust Funds. Although some program management activities, such as provider enrollment and information technology infrastructure, can affect program integrity, in general program management does not include program integrity. CMS requests a separate annual discretionary appropriation for Program Management, which, like the program integrity appropriation, is transferred from the Medicare Trust Funds. This report focuses on CMS's main program integrity activities, not Medicare administration.

Center for Program Integrity

In April 2010, CMS consolidated responsibility for administering and monitoring program integrity activities, including contractor oversight, under a newly created organizational entity, the Center for Program Integrity (CPI).⁹ In creating CPI, CMS established an organizational entity intended to have authority to better integrate all program integrity activities across the agency. CPI was designed to consolidate, coordinate, and strengthen existing program integrity activities, carry out new responsibilities created by legislative authority, and better position CMS to respond to emerging program integrity issues. CMS identified CPI's overarching mission to be "protecting the Trust Funds and other public resources against losses from fraud and other improper payments and to improve the integrity of the health care system."¹⁰ To achieve this mission, CPI identified the following four program areas and classified all program integrity efforts into one or more of these areas:

• Prevention. Current prevention activities include payment system operation, medical review, and provider and beneficiary education. CPI plans to expand prevention by better engaging beneficiaries and other stakeholders in fraud identification; strengthening provider/supplier safeguards; improving payment system accuracy; and better coordination with law enforcement.¹¹
• Detection. CPI plans to implement additional analytical pilots to detect improper payment trends, such as using provider/supplier enrollment risk-based predictive modeling, and geographic "heat" mapping based on 1-800-MEDICARE tips. Heat mapping is a process used to identify geographic areas with increased potential of fraud activity. CMS contractors analyze complaints to Medicare toll free numbers and tips from providers and beneficiaries to target certain areas and potential fraud schemes.
• Recovery. CPI plans to collaborate with program integrity partners, such as the HHS/OIG, DOJ, state survey and certification agencies, and state Medicaid agencies, to increase overpayment recoveries through utilization of restitution, fines, penalties, damages, program suspensions, and exclusions. Additional overpayment recovery tools available to CPI include field investigations, more use of Recovery Audit Contractors (RACs), more use of Medicare Secondary Payer activities, and better coordination with Medicare's Office of Hearings and Appeals.
• Transparency and Accountability. CPI plans to develop performance measures that can be used to evaluate outcomes and better track, report, and disseminate program integrity information.

CPI launched an outreach initiative to build better relationships with other public and private partners and raise overall awareness of CMS's program integrity activities. The outreach effort included co-hosting a national health care fraud summit in Washington, DC (January 2010); local summits in other major cities—New York (November 2010), Detroit (March 2011), Los Angeles (August 2010), Boston (December 2010), Philadelphia (June 2011), and Miami (July 2010); and a fighting health care fraud industry day in Baltimore (October 2010).

Health Care Fraud and Abuse

Increasing health care costs, increases in the number of Medicare beneficiaries, and other factors are contributing to push the cost of Medicare to unsustainable levels. These increasing costs as well as concern about proper stewardship of public resources have helped fuel additional interest in finding ways to control rising Medicare costs. Program integrity, particularly initiatives to identify and reduce fraud and abuse, have received substantial emphasis as a potential source of restraining the growth in federal Medicare expenditures. Several recently enacted new laws have provided additional tools and resources to help federal officials improve upon Medicare program integrity activities. These initiatives are discussed in more detail below.

Estimates of fraud and abuse often are made separately from estimates of improper payments. Estimates of the dollar amount lost just to health care fraud vary. Fraud analysts and law enforcement officials estimate between 3% and 10% of health care expenditures (for all payers, including Medicare) are lost annually to fraud.¹² CMS estimated that Medicare's FY2010 FFS improper payment error rate was 10.5% and accounted for $34.3 billion in overpayments.¹³ Not only do fraud and abuse contribute to rising health care costs, they also can harm patients, particularly when medically necessary services are withheld, or when medically unnecessary services are provided.

Fraud and abuse often are integrated together into the discussion of program integrity or activities to protect the Medicare program from these threats. Abuse describes incidents or practices of providers, physicians, or suppliers of services and equipment which, although not usually fraudulent, are inconsistent with accepted sound medical, business, or fiscal practices. These practices may, directly or indirectly, increase Medicare costs, result in improper payment, payment for services below professionally recognized standards, or payment for services that were medically unnecessary. Fraud is intentional deception or misrepresentation that an individual makes, knowing it to be false and that it could result in some unauthorized benefit to them. Typically health care fraud most often is associated with financial misconduct, however, delivering poor or substandard quality care has received increased attention in recent years.¹⁴ For the purpose of this paper, the discussion of abuse focuses on improper payments and not the improper provision of health care services.

Although health care fraud encompasses many different types of erroneous behavior, the types of schemes committed today share certain characteristics. According to law enforcement officials, fraud perpetrators often target public health insurance programs (Medicare and Medicaid) and private health plans simultaneously. Fraud schemes can span multiple states and involve both providers of services, many with little health care experience, and beneficiaries. For example, in several recent cases, fraud perpetrators paid both providers and senior citizens kickbacks to obtain their billing numbers in order to submit fraudulent claims to Medicare. Other examples of recent fraudulent activity include billing for unnecessary services or tests provided to patients, submitting claims for services provided by unlicensed providers, and illegally marketing drugs or products for higher reimbursements.¹⁵ Further, recent fraud investigations revealed evidence of organized crime activity in health care. At a recent hearing before the House Committee on Oversight and Government Reform, the HHS/OIG Deputy Inspector General testified that health care fraud is attractive to organized crime because penalties are lower than for other organized crime-related offenses, there are low barriers to entry, fraud schemes are easily replicated, and a lack of data hampers detection efforts.¹⁶

Even though there is overlap, the types of fraud committed against Medicare's FFS program can differ from the types of fraud committed against Medicare's Parts C and D plans. These differences stem largely from differences in Medicare's payment structure. In FFS, Medicare pays providers directly for a specified unit of service delivered to a beneficiary (i.e., procedure, visit, test, or group of services). This can create provider incentives to overstate the health care services provided to patients or actually to provide more care to beneficiaries than is necessary in order to increase reimbursement. Examples of fraudulent overstatement and over-billing activities in Medicare's FFS program include the following:

• Billing for services not furnished and/or supplies not provided;
• Altering claim forms, electronic claim records, medical documentation, etc., to obtain a higher payment amount (i.e., upcoding);
• Billing for services already provided (i.e., duplicate payments);
• Soliciting, offering, or receiving a kickback, bribe, or rebate, for example, paying for a referral of patients in exchange for the ordering of diagnostic tests and other services or medical equipment;
• Billing for services provided to deceased beneficiaries or provided by deceased providers;
• Billing non-covered or non-chargeable services as covered items; and
• Billing separately for services or equipment included in global rates (i.e., unbundling).

In contrast, under Parts C and D, Medicare pays private health plans and prescription drug plans (PDPs) a fixed monthly payment amount per enrollee, otherwise known as a capitated payment. Capitated payments are made in advance for a pre-determined set of benefits either to an MA plan for Parts A and B benefits or to a PDP for prescription drug benefits. Under capitation, the monthly payment amount is fixed, regardless of the amount of services provided. Therefore, providers have incentives to limit health services or provide fewer services to beneficiaries to maximize their profit. In Medicare Parts C and D, types of fraudulent activities may include

• Engaging in fraudulent marketing practices (i.e., offering beneficiaries a cash payment to enroll, enrolling beneficiaries without their consent, conducting unsolicited door-to-door marketing, or using unlicensed agents);
• Selectively enrolling healthy beneficiaries ("cherry picking" beneficiaries who will need fewer health services);
• Failing to provide medically necessary services;
• Inappropriately overestimating or underestimating bid amounts for payment; and
• Collecting excessive beneficiary premiums.

Historically, Medicare program integrity has focused on combating FFS fraud in Medicare Parts A and B with less emphasis on Part C (Medicare Advantage) and Part D. However, as private Medicare plan enrollment increased and Medicare added an outpatient Part D drug benefit, there was a need to expand program integrity activities to address fraud in capitated payment systems as well as FFS.

Medicare Program Integrity Overview

In Medicare, program integrity typically encompasses two types of activities: (1) processes directed at reducing abuse, such as payment errors or improper payments; and (2) activities designed to prevent, detect, investigate, and ultimately prosecute fraud. Since 1990, the Government Accountability Office (GAO) has designated Medicare as a federal program at high risk for fraud and abuse due to its size, complexity, scope, and decentralized administrative structure.¹⁷ Since 2004, GAO has issued 12 products (including reports and testimony) that have identified strategies to reduce Medicare fraud and abuse.¹⁸

To protect the Medicare Trust Funds from improper payments, CMS contracts with private companies to review claims to determine whether the services provided are medically reasonable and necessary. In Medicare, improper payments include both provider under- and overpayments. Improper payments largely result from provider billing mistakes or inadvertent claims processing errors. Although Medicare's claim review strategies identify some instances of fraud, they are not specifically designed to do so. The majority of claims are screened and reviewed after payment has been made or post-payment.

CMS also contracts with private organizations that are directed to identify fraud. CMS typically classifies these anti-fraud functions as benefit integrity activities. Examples of benefit integrity include performing ongoing claims data analysis to identify aberrant billing patterns, conducting fraud investigations, auditing providers, contacting Medicare beneficiaries and providers to verify that medical services were actually provided, and referring suspected cases of fraud to law enforcement personnel for prosecution. When these activities reveal suspected fraudulent activity, CMS's contractors develop and refer cases to the HHS/OIG for further investigation and administrative sanctions. Fraud cases may then be referred to the DOJ for prosecution.

Medicare Vulnerability to Fraud and Abuse

As GAO and other analysts have noted, several Medicare characteristics make the program particularly vulnerable to fraud and abuse. The Medicare program's size makes management of the program complex, requiring automation and predictable rules and procedures to ensure efficient operation. Medicare's predictability and rules driven payment systems ensure that providers will receive prompt payment, but also provide opportunities for individuals to exploit the system. Medicare's prompt payment requirements contribute to a vulnerability that has been described as a "pay-and-chase" approach, whereby Medicare pays a claim and then has to recoup any improper payment.¹⁹

Prompt Payment

Medicare must pay most claims within 30 days, which leaves relatively little time to review provider reimbursement claims to ensure that they are submitted by legitimate providers and are accurate and complete. Under Medicare law, through its contractors, Medicare must (1) pay at least 95% of clean claims within 30 days of receipt, (2) calculate and pay interest on clean claims not paid within 30 days of receipt, and (3) pay or deny all claims within 60 days of receipt.²⁰ The vast majority of claims are paid quickly, within the 30-day prompt payment window, and as a result claims are subject to limited review before payment (prepayment review). Most prepayment review consists of coding validity checks and medical review conducted by computer edits. Medical record reviews by trained professionals are conducted on as few as 1% of all Medicare FFS claims.²¹

Pay and Chase

The need to pay a large number of claims quickly, sets up what has been described as a pay and chase dynamic. Once Medicare claims are paid, they are subject to additional reviews that are not possible during the 30-day requirement to process clean claims. The additional reviews verify accuracy of information (for the provider/supplier and beneficiary), appropriateness, medical necessity, and other characteristics. Under the pay and chase approach, unscrupulous individuals could enroll as Medicare providers/suppliers, receive payments, and CMS subsequently would detect, or chase, overpayments or fraudulent bills to seek recoveries. Fraudulent providers/ suppliers often bill large sums quickly, then disappear, but even for legitimate providers that have received an overpayment in error, it is expensive to identify and recover improper payments. Program integrity emphasis is shifting away from the pay and chase to an approach that attempts to prevent overpayments in the first place.

Program Integrity Activities

Within the four program areas identified under CPI, there are six main types of program integrity activities: provider auditing, medical review, benefit integrity, Medicare secondary payer (MSP), provider outreach and education, and a Medicare-Medicaid Data Match Project. These six functions are stipulated in law and are largely part of CMS's Medicare Integrity Program (MIP).²² However, CMS has expanded MIP activities to include more focus on preventive methods. CMS strives to use a more flexible approach that combines both traditional MIP tools with other approaches, such as the Health Care Fraud Prevention & Enforcement Action Team (HEAT), where a team that includes medical experts, law enforcement, data analysts, and policy staff collaborates to identify suspicious activity and quickly investigate and prosecute criminal behavior.²³ More information is presented in the remainder of this section on traditional program integrity activities.

Provider Auditing

Part A Medicare providers such as hospitals, nursing homes, home health agencies, and other institutional providers are required to submit annual cost reports to CMS.²⁴ Part A providers are initially paid, but are subject to an annual Medicare cost report settlement.²⁵ Cost reports contain information on providers' service cost allocations. CMS contractors initially analyze Part A provider cost reports to assess whether reported costs are adequate and accurate, and to determine whether more comprehensive, on-site audits might be necessary. If desk reviews reveal cost report anomalies, contractors may conduct on-site field audits. Field audits are designed to ensure compliance with Medicare regulations and reimbursement policies and instructions for such federal reimbursement policies relating to Graduate Medical Education, disproportionate share hospital, bad debt, and other cost reimbursed items.

Under Medicare Part C, CMS contracts with managed care organizations, called Medicare Advantage (MA) plans. These MA plans also are subject to audits, where CMS verifies the accuracy of monthly payments made to MA plans on behalf of Medicare beneficiaries. Although the law requires that CMS annually audit the financial records of at least one-third of Part C MA plans, a GAO report released in July 2007 found that CMS did not document its process for ensuring that it met this requirement for years 2001-2005.²⁶ CMS plans to evaluate provider audit performance on the basis of the ratio of Medicare recoveries to audit dollars spent.²⁷

Medical Review

Medical review activities are designed to identify and prevent payment errors and mistakes in billing. More specifically, medical review activities are conducted to ensure that a payment is appropriate for the service that is provided and meets professionally recognized care standards. The medical review process includes a claims review by Medicare contractors, largely through the use of automated computer edits.²⁸ When a medical review edit reveals a billing error or claim anomaly, contractors may conduct manual pre- or post-payment reviews, request additional medical documentation—additional documentation request (ADR)—from the provider/supplier, or contact beneficiaries to verify that the services actually were provided.²⁹

Benefit Integrity

Benefit integrity includes activities to identify and investigate potential fraud cases and refer these to law enforcement. CMS contracts with Program Safeguard Contractors (PSCs) and Zone Program Integrity Contractors (ZPICS) to conduct benefit integrity activities (see below for more information on PSCs and ZPICs). Benefit integrity activities include national and regional data analysis to identify aberrant billing patterns, medical documentation review to verify that services were delivered, investigation of fraud and related complaints submitted by beneficiaries and providers, and provider/suppler fraud detection and prevention education. When fraud is suspected, PSCs and ZPICs refer cases to the OIG or law enforcement for further investigation, prosecution, or both. Benefit integrity activities also may include recoupment³⁰ of overpayments and suspension of future payments when fraud is suspected.

Medicare Secondary Payer

Medicare secondary payer (MSP) activities ensure that Medicare pays only for those services where it has primary payment responsibility. Under MSP rules, Medicare is prohibited from making payments for any item or service when payment has been made or can reasonably expect to be made by other third-party payers. Statutorily, Medicare is the secondary payer to employer-based insurance plans, auto liability insurance, and workers compensation insurance. CMS maintains a comprehensive database of all Medicare beneficiaries' health insurance information and uses the database to conduct MSP investigations.

Provider Outreach and Education

The primary goal of provider outreach and education is to reduce the Comprehensive Error Rate Testing (CERT) by giving Medicare providers timely and accurate information on correct billing. To help prevent billing errors and keep providers abreast of Medicare billing and coding changes, Medicare FFS contractors—Parts A/B Medicare Administrative Contractors (A/B MACs)—are required to conduct regular outreach and educational activities. These activities include education and outreach to Medicare providers on national and local policies and procedures, new Medicare initiatives, significant changes to the Medicare program, and issues identified through analysis of provider inquiries, claim submission errors, medical review data, CERT data, and recovery audit contractor data. Examples of outreach and educational activities include seminars, workshops, articles and fact sheets, and other website publications. When billing irregularities or improper payments are identified, CMS contractors are required to work with Medicare providers directly to correct mistakes.

Medicare-Medicaid (Medi-Medi) Data Match Program

CMS initiated the Medicare-Medicaid Data Match Program as a pilot program in 2001.³¹ Medi-Medi was intended to help CMS and states to identify overpayments and fraud that affected both Medicare and Medicaid. Based on comparative Medicare and Medicaid data, CMS investigates atypical billing patterns that may not be evident when analyzing the data from each program separately. If irregularities are identified, CMS coordinates with states (for Medicaid) and providers (for Medicare) to recover federal overpayments.

The Medi-Medi pilot was funded mostly by CMS with some additional support from the Federal Bureau of Investigation (FBI). California was the only state in the original pilot in 2001. By 2005, CMS had been allocated $19 million from Health Care Fraud and Abuse Control funds to continue the California Medi-Medi pilot and expand it to eight other states.³² In 2006, Section 6034 of the Deficit Reduction Act of 2005 (DRA, P.L. 109-171) required the Secretary to expand the Medi-Medi program nationwide and established dedicated funding ($12 million in FY2006, rising to $60 million annually by FY2010 and every year thereafter). In FY2008, CMS had Medi-Medi projects in 10 states which had referred 30 cases to law enforcement and had identified over $27 million in overpayments.³³ The HHS/OIG plans to report on the Medi-Medi program in the future.³⁴ Although Medi-Medi was funded for a national expansion in 2006 when 10 states were in the program, only 14 states have agreed to participate in the program.³⁵

Program Integrity Contractors

To conduct Medicare program integrity activities, CMS contracts with a number of different contractors. Activities undertaken by these contractors varies depending on their Statements of Work (SOW). Some process and pay Medicare claims in addition to performing select program integrity functions (i.e., Medicare Administrative Contractors or MACs). Others specialize solely in program integrity activities such as Program Safeguard Contractors (PSCs) and Zone Program Integrity Contractors (ZPICs), Medicare Drug Integrity Contractors (MEDICs), Recovery Audit Contractors (RACs), the Comprehensive Error Rate Testing (CERT) contractor, the National Supplier Clearinghouse (NSC), and the Coordination of Benefits (COB) contractor. These contractors and their roles in Medicare program integrity are described below.

Medicare Administrative Contractors (MACs)

Congress, with the passage of the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA, P.L. 108-173), mandated that the Secretary contract with Medicare Administrative Contractors (MACs) to process and pay Medicare claims.³⁶ Historically, fiscal intermediaries (FIs) performed claims administration functions for Part A providers (i.e., hospitals and facilities) and carriers performed claims administration functions for Part B providers (i.e., physicians). MMA required CMS to replace the 40+ FIs and carriers with competitively selected MACs by October 2011.

In addition to processing and paying claims, MACs conduct selected program integrity functions, including medical review, identification and recovery of improper payments, provider audits, provider education on appropriate billing practices, and screening beneficiary complaints of alleged fraud. Under Medicare contractor reform, CMS established an initial goal to award contracts to 19 MACs—15 jurisdictions to process claims for Parts A and B providers (A/B MACs) and four to process claims for DME providers (DME MACs). In March 2011, all four DME MACs and nine A/B MACs were fully implemented. Requests for Proposals (RFPs) were withdrawn for three A/B MAC Jurisdictions (2, 6, and 7). A contract bid award protest was filed in January 2009 and remained unresolved in a fourth Jurisdiction (8). CMS was in the process of implementing the A/B MAC contracts in two other Jurisdictions (11 and 15).³⁷ Table 1 displays a summary of the Jurisdictions that will be consolidated and the approximate time frame for implementation of the second round of A/B MAC consolidation.

Program Safeguard Contractors (PSCs) and Zone Program Integrity Contractors (ZPICs)

Since 1997, Medicare has contracted with Program Safeguard Contractors (PSCs) to detect and investigate potential fraud and abuse in Medicare's FFS program. CMS is in the process of transitioning the PSC benefit integrity activities to zone program integrity contractors (ZPICs).³⁸ Once fully operational, ZPICs are expected to perform benefit integrity activities for Medicare Parts A, B, C, and D. Unlike CMS's contracting strategy for PSCs, there will not be separate ZPICs responsible for reviewing Medicare Parts A and B, durable medical equipment, and home health and hospice claims.³⁹ Program integrity activities for all claim types will be conducted under a single ZPIC contract for a geographic area. ZPICs and PSCs analyze data to identify improper billing patterns, perform provider audits, investigate fraud leads, refer cases to the HHS/OIG or DOJ for prosecution, and implement administrative actions to recover improper payments (i.e., pre-and post-payment claims review, payment suspension, payment denial, or recoupment of overpayments). PSCs and ZPICs do not collect overpayments, but refer suspected overpayments to claims processors, such as MACs, fiscal intermediaries and carriers for collection.

CMS plans to have one ZPIC serve each zone. Five of these zones will encompass states identified by CMS as having high fraud activity levels (California, Florida, Illinois, New York, and Texas). As of January 2010, CMS had awarded contracts for 4 ZPIC zones. ZPICs were fully operational in two zones. The remaining two ZPIC awards were protested by other bidders.⁴⁰ Currently, the two ZPICs that are operational are performing anti-fraud activities in two of the five high-risk states—Florida and Texas.

The transition from PSCs to ZPICs is incomplete, but it is unclear if that change will address some questions about where these contractors have placed the emphasis for fraud detection and deterrence and whether what appears to be uneven performance will improve. In addition, there might be a need for more transparency in the reporting of PSC/ZPIC results and how CMS evaluates these contractors. HHS/OIG issued a report in May 2010 that found that PSCs referred differing amounts of overpayment for collection which were not always related to the size of their oversight responsibility. For example, HHS/OIG found that the PSC that referred the most overpayments ($266 million) had the third smallest oversight responsibility ($5 billion) of all 18 PSCs. In addition, HHS/OIG found that two provider/supplier types, physicians and Durable Medical Equipment Prosthetics and Orthotics Supplies (DMEPOS) suppliers accounted for 80% of overpayments. Further, HHS/OIG indicated that even though Part B claims represented only 29% of PSCs oversight responsibilities, they accounted for nearly 90% of overpayments referred for collection.⁴¹

Medicare Drug Integrity Contractors (MEDICs)

Medicare contracts with MEDICs to conduct program integrity activities in the Medicare prescription drug benefit program.⁴² At the beginning of FY2009, CMS added fraud and abuse reviews for Medicare Part C to MEDIC SOWs. For Medicare Parts C and D, MEDICs perform similar functions as ZPICs for Medicare Parts A and B, including data analysis to identify patterns of erroneous billing, investigation, development of fraud and abuse cases, referral of cases to the HHS/OIG or DOJ for prosecution, and implementation of administrative actions. MEDICs also audit the Medicare Part D plans' fraud and abuse compliance programs. To participate in Part D, health plans must demonstrate that they operate a fraud and abuse compliance program.⁴³ There are currently two regional MEDICs that investigate fraud and abuse for Medicare Part D and some Medicare Part C components.⁴⁴

The HHS/OIG has found a number of vulnerabilities with CMS's and its partners' efforts to identify Part D fraud and abuse. One HHS/OIG report found that 25% of Part D sponsors did not report any instances of suspected fraud and abuse;⁴⁵ and another report found that CMS relied primarily on complaints from beneficiaries to identify fraud and abuse, rather than conducting data analysis to identify suspected cases. In addition, an October 2009 HHS/OIG report found that MEDICs relied on external sources, such as complaints, rather than proactive methods to identify fraud and abuse incidents to refer or investigate.⁴⁶ Some administrative barriers hindered MEDICs ability to fully engage in data analysis and other more proactive fraud and abuse monitoring methods.

CMS requested $166 million in additional discretionary funding in the FY2012 budget request to increase MEDIC data analysis, trending, benchmarking for Parts C and D, and to monitor Medicare plans fraud-fighting activities. The additional MEDIC funds also will be used to increase on-site audits of Parts C and D contractors (health plans) and implementation and oversight of corrective action plans, as well as to enable MEDICs to better coordinate with Parts A and B fraud and abuse contractors. Transparent and consistent access to data and information on MEDICs as well as other Medicare program integrity contractors performance might help to continue to refine and improve overall measures such as return on investment.

Recovery Audit Contractors (RACs)

In 2003, Congress authorized a three-year demonstration program in the MMA to test the use of a new type of administrative arrangement in Medicare called a RAC. RACs were charged with identifying improper payments made in Medicare Parts A and B and with recouping overpayments. RACs introduced a new concept to Medicare contracting in that they were paid on a contingency basis—they received a percentage of any overpayments they recovered. The initial results of the RAC demonstration were considered successful. In 2006, with passage of the Deficit Reduction Act of 2005 (DRA, P.L. 109-171) Congress mandated the RAC program be expanded nationwide and made permanent by 2010.⁴⁷

In February 2009, CMS awarded four national RAC contracts to the following companies: Diversified Collection Services, CGI Technologies and Solutions, Connolly Consulting Associates, and Health Data Insights. Each RAC is responsible for identifying and correcting improper payments in approximately one-fourth of the country. CMS completed implementation of the nationwide RAC on October 5, 2009, so that providers who receive Medicare Parts A or B payments can be subject to RAC audits.⁴⁸

CMS recently released updated RAC FFS statistics for the demonstration and the National Program.⁴⁹ Total FY2010-FY2011 RAC FFS corrections, including overpayment collections and underpayments returned, were $365.8 million, of which $313.2 million were for overpayment collections alone.⁵⁰ MMA did not authorize RACs to look for improper payments in Medicare Parts C and D, but by December 31, 2010, PPACA Section 6411 required the Secretary to extend RACs to look for overpayments in Medicare Parts C and D.

Although identifying potential fraud is not a RAC responsibility, RACs are required to refer claims they believe may be fraudulent to CMS for further investigation. In February 2010, the HHS/OIG released a report indicating that during the three year demonstration program (2005-2008) RACs referred only two potential fraud cases to CMS.⁵¹ CMS is implementing a system to track fraud referrals and to require RACs to receive mandatory fraud identification training.

Comprehensive Error Rate Testing (CERT) Contractor

CMS contracts with a CERT contractor to calculate improper payment rates for its FFS program.⁵² In 2002, the Improper Payments Information Act (IPIA, P.L. 107-300) was enacted, which requires federal agencies to estimate and report an annual amount of improper payments for all programs and activities. The CERT contractor calculates three types of improper payment rates: (1) contractor-specific improper payment rates, (2) improper payment rates by provider type, and (3) a national improper payment rate,. According to CMS, the contractor-specific improper payment rates are used to assess MAC performance in paying claims accurately. The provider-specific rates are used to assess how well providers are complying with Medicare's billing and coding requirements.⁵³ In FY2009, CMS initially reported a national Medicare FFS error rate of 7.8% or $24.1 billion in improper payments. Subsequently, CMS revised the FY2009 annual FFS rate to 12.4% or $35.4 billion.⁵⁴ CMS reported a FY2010 national improper payment rate of 10.5%, or $34.3 billion in improperly paid claims for FFS Medicare. The FY2010 rate is nearly two percentage points lower than the revised FY2009 rate of 12.4% and a $1.1 billion decrease in FFS improper payments.⁵⁵

CMS estimated that the Medicare Advantage (MA) CY2009 improper payment error rate was 15.4% or $12.0 billion in improper payments, which primarily reflects health plan errors in documenting beneficiary diagnoses. For Medicare Part D, CMS estimates four improper payment error rate components.⁵⁶ The CY2007-2008 (depending on the measure) rates for these components vary from 12.7% (prescription drug event data validation) to .1% (Medicare Advantage Drug System Payment Error). The Part C and Part D improper payment rates are discussed below in more detail.

National Supplier Clearinghouse (NSC) Contractor

The National Supplier Clearinghouse (NSC) is responsible for reviewing enrollment applications from suppliers of durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS) to Medicare beneficiaries. NSC's enrollment verification process includes the following activities: (1) conducting on-site visits to the prospective DMEPOS suppliers to determine that they meet required supplier standards; (2) verifying that DMEPOS suppliers have all applicable licenses; (3) checking that DMEPOS suppliers and their principals are eligible to participate in Medicare because they are not on General Service Administration (GSA) and/or OIG exclusion listings; and (4) confirming DMEPOS suppliers meet accreditation and surety bond requirements.⁵⁷ In addition, NSC coordinates fraud and abuse efforts with CMS satellite offices, ZPICs, and assists the HHS/OIG, DOJ, and law enforcement officials in fraud investigations.

DMEPOS suppliers are required to re-enroll in Medicare once every three years to maintain their billing privileges. NSC is required to conduct mandatory site visits for initial enrollment and re-enrollment applications. However, in a March 2007 report the HHS/OIG found that 45% of Medicare DMEPOS suppliers were out of compliance with some portion of five easily verified participation standards in a geographic area suspected of having a very high incidence of fraud and abuse.⁵⁸ This performance may have improved since 2007, but metrics to assess improvements in contractor performance, such as NSC, are not always readily available. NSC also may conduct random, unannounced site visits at other times if there is evidence that a supplier may be out of compliance.

In the May 2009 Compendium of Unimplemented Recommendations, HHS/OIG included a recommendation that CMS strengthen the DMEPOS enrollment process by, among other things, conducting more unannounced site visits.⁵⁹ The March 2011 Compendium of Unimplemented Recommendations noted that Section 6401(a) of the Patient Protection and Affordable Care Act (PPACA, P.L. 111-148) added additional provider and supplier screening requirements that will affect DMEPOS providers. These requirements became effective March 25, 2011.⁶⁰ In the 2011 Compendium, the HHS/OIG indicated it would continue to monitor CMS's implementation of the PPACA DMEPOS program safeguards, including the use of temporary supplier enrollment moratoriums.

Coordination of Benefits (COB) Contractor

The main purpose of the coordination of benefits (COB) contractor is to identify payments that are the responsibility of another or secondary payer. Statutorily, Medicare is the secondary payer to employer-based insurance plans, auto liability insurance, and workers compensation insurance. By using data match programs, the Medicare COB is responsible for the collection, management, and reporting of other health insurance coverage for Medicare beneficiaries. In January of 2001, the COB contractor assumed responsibility for researching and conducting all MSP claim investigations.⁶¹ There is one COB contractor that handles all program integrity functions related to MSP.

Program Integrity Partners

CMS shares responsibility for ensuring Medicare program integrity with the HHS/OIG, the Department of Justice (DOJ), and the Federal Bureau of Investigation (FBI). The HHS/OIG is an independent unit within HHS that has the primary responsibility for detecting health care fraud and abuse in all federal health care programs. Most of its work, however, relates to the Medicare and Medicaid programs. CMS conducts audits of health care programs, providers, and agencies, and it performs criminal and civil investigations related to specific instances of health care fraud or abuse. CMS contractors, upon detecting potential fraud, will develop and refer cases to the HHS/OIG for further investigation and possible administrative sanctions.

The HHS/OIG has authority to impose civil monetary penalties⁶² and program exclusions⁶³ on Medicare providers that have been convicted of certain fraudulent activities. The HHS/OIG does not have authority to prosecute offenders for violations of federal criminal law. In these instances, the OIG refers the case to the DOJ for prosecution. During FY2010, the OIG excluded a total of 3,340 individuals and entities from participating in Medicare, Medicaid, and other federal and state health care programs.⁶⁴

The FBI is the lead investigative agency in the fight against health care fraud. Unlike the HHS/OIG, which has the authority to investigate fraud only in federal programs, the FBI has jurisdiction over both federal and private sector insurance programs. Typically, the FBI investigates complex fraud schemes involving large-scale medical providers, such as hospitals and corporations. The FBI does not have the authority to impose sanctions. For the first three quarters of FY2010, 2,584 FBI-led investigations resulted in 648 criminal health care fraud convictions.⁶⁵

CMS contractors, the HHS/OIG, and the FBI all refer potential health care fraud cases to the DOJ for prosecution. Within the DOJ, the Civil and Criminal Divisions handle health care fraud. One of the enforcement tools for prosecuting health care fraud is the False Claims Act (FCA), which prohibits knowingly submitting false or fraudulent claims to the U.S. government.⁶⁶ Lawsuits may be brought by private plaintiffs, known as relators or whistleblowers, under the FCA.⁶⁷ There also are 93 U.S. Attorneys Offices nationwide, which prosecute civil and criminal health care fraud. During FY2010, prosecutors for the DOJ and U.S. Attorneys Offices opened 1,116 new criminal and 942 new civil health care fraud investigations. For comparison, DOJ prosecutors and U.S. Attorneys Offices opened 1,014 new criminal and 886 new civil health care fraud investigations in FY2009.⁶⁸

Medicare beneficiaries also are a source for detecting fraud. Beneficiaries who suspect fraud may call the HHS/OIG's National Fraud Hotline at 1-800-HHS-TIPS. To educate beneficiaries on how to detect and report fraud and abuse, the Administration on Aging oversees Senior Medicare Patrol Projects, which recruit retired professionals in all states to conduct one-on-one and group training sessions for Medicare beneficiaries.⁶⁹ Contractors investigating anomalies in billing patterns may also contact beneficiaries to verify that the services claimed actually were received by the beneficiary.

Program Integrity Funding

Medicare program integrity and anti-fraud activities are funded through the HCFAC and MIP programs. HCFAC and MIP were both established by HIPAA, which sought to increase and stabilize federal funding for health care anti-fraud activities. Specifically, HCFAC funds are directed to the enforcement and prosecution of health care fraud, whereas MIP funding supports the program integrity activities undertaken by CMS contractors. Prior to HIPAA, funding for Medicare's program integrity activities were taken from CMS's annual program management budget, which was subject to the appropriations process. This sometimes led to fluctuations in funding, as monies originally intended to support program integrity functions were redirected to fund ongoing Medicare operations, such as day-to-day claims processing functions. With the passage of HIPAA, HHS was assured of stable funding that it could commit to Medicare anti-fraud activities.

Health Care Fraud and Abuse Control (HCFAC) Program

The HCFAC program is jointly administered by the Secretary and the Attorney General and has the following purposes:

• 1. coordinate federal, state, and local law enforcement efforts directed at controlling health care fraud and abuse;
• 2. conduct investigations, audits, evaluations, and inspections related to health care delivery and payment;
• 3. facilitate the enforcement of criminal and civil monetary penalties applicable to health care fraud;
• 4. provide for the establishment of safe harbors, advisory opinions, and fraud alerts; and
• 5. support the reporting and disclosure of adverse actions against health care providers.

To fund the program, HIPAA established within the Hospital Insurance (HI) Trust Fund (Part A) an expenditure account called the HCFAC Account. The HCFAC account funds anti-fraud activities undertaken by HHS, DOJ, and the FBI. All money collected from HCFAC-funded investigations and enforcement efforts are deposited into the Medicare Hospital Insurance Trust Fund.⁷⁰

Medicare Integrity Program (MIP)

SSA Section 1893 authorized the Secretary to establish the Medicare Integrity Program (MIP) program. Specifically, MIP authorizing language requires the Secretary to enter into contracts with eligible entities to conduct six activities previously described under "Program Integrity Activities" section of this report: (audits, medical review, benefit integrity, MSP, provider outreach and education, and Medi-Medi). Table 2 shows HCFAC and MIP mandatory appropriations for selected fiscal years.

Discretionary Funding for Program Integrity Activities

Congress first approved HCFAC discretionary funding in 2009, although CMS had requested these funds since 2006 to supplement the mandatory HCFAC appropriation. These discretionary HCFAC funds were transferred from the HI Trust Fund. The FY2009 discretionary appropriation included $147 million for MIP, $19 million for DOJ, $19 million for OIG, and $13 million for CMS for a total of $198 million. For FY2010, Congress appropriated $311 million in discretionary funding for the HCFAC program, an increase of $113 million over the FY2009 appropriation. The President's budget request for FY2012 includes approximately $581 million for Medicare and Medicaid program integrity activities, an increase of $20 million over the FY2011 level. If approved, total HCFAC funding in FY2012 would total $1.9 billion for both mandatory and discretionary funding.

Table 3 displays HCFAC and MIP discretionary appropriations for FY2009-FY2012. In the FY2011 budget, the Obama Administration estimated that FY2011 additional discretionary program integrity investment would save approximately an additional $10 billion over 10 years (FY2011-FY2021).⁷¹ As shown in Table 3, the President's FY2012 budget request indicated that for FY2011 CMS planned to allocate $328.4 million of the $561 million of discretionary appropriations to Medicare anti-fraud activities, $47.7 million for program integrity activities throughout CMS (which could include Medicaid and CHIP), $90 million to DOJ, and $94.8 million to HHS/OIG. Approximately 50% of the $328.4 million for Medicare was proposed to be used to fund oversight activities in the MA and Part D programs. The remaining 50% would be allocated to expanding enforcement activities ($16.3 million), increasing program oversight ($20.8 million), implementing specific administrative and legislative proposals targeted towards fraudulent providers ($71.0 million), funding regional fraud hotlines ($19.3 million), conducting site visits to DMEPOS suppliers ($17.4 million), expanding data analysis activities ($14.5 million), and enhanced provider oversight efforts ($10.5 million).⁷²

Other Program Integrity Activity Funding Sources

In addition to HCFAC and MIP mandatory and discretionary funds, each year Congress appropriates other discretionary funds to support administration and oversight of Medicare, Medicaid, and the state Children's Health Insurance Program (CHIP). These monies are appropriated into CMS's program management account. For FY2010, Congress approved $3.5 billion for these activities, which included processing provider claims, paying the salaries of CMS staff, inspecting participating health care facilities, and conducting research and demonstrations. A portion of these funds is directed to program integrity functions.

CMS's Medicare Program Integrity Oversight

A limited number of performance statistics and reports are available to help policy makers evaluate Medicare's program integrity efforts, and these tend to be broad measures, such as return on investment. Some studies, to date, generally examined the performance of the HCFAC and MIP programs separately, but these also have been limited. The HCFAC and MIP programs authorize appropriations with relatively broad requirements for the program integrity activities to be conducted. Under HIPAA, the HHS/OIG and the Attorney General were required to jointly submit an annual report to Congress that identified the HCFAC amounts appropriated and recovered, including transfers to the Medicare trust funds resulting from criminal fines, civil monetary penalties, property forfeitures, and other penalties and damages. HIPAA also required GAO to issue four biennial reports on the appropriateness and adequacy of HCFAC appropriations for fraud control efforts as well as other savings to the trust funds and analysis of other aspects of the HCFAC Account as GAO considered appropriate.

However, Congress did not require HHS/OIG, the Attorney General, or GAO to evaluate the MIP activities and appropriations as part of these assessments. As a result, there is less empirical data available on MIP performance than on the results of the HCFAC appropriations for DOJ, HHS/OIG, and law enforcement. To date, the most comprehensive MIP evaluation was from a September 2006 GAO study, which identified weaknesses in CMS's methods to allocate funds across five MIP program integrity activities (provider audits, medical review, benefit integrity, MSP, and provider education). This section summarizes findings from reviews and studies conducted on selected HCFAC Account and MIP activities during the past decade.

Improper Payment Rates

Improper payments occur for a number of reasons, but there are three root causes for most improper payments: (1) documentation and administration errors, (2) authentication and medical necessity errors, and (3) verification errors. Documentation and administration errors occur when Medicare lacks the supporting documentation necessary to verify the accuracy of the provider or suppliers' claim for federal payment. Authentication and medical necessity errors occur when Medicare is unable to confirm that a provider or supplier met the criteria for payment, such as when a service was not medically necessary given a patient's condition. Verification errors happen when information is not checked to be sure that it is current and accurate, even though the information exists and is accessible.

FFS Improper Payment Error Rate

When assessing the MIP program performance, CMS relies on statistics that measure the percentage of improper payments Medicare made to providers each year. CMS reported a FY2010 Medicare FFS improper payment rate of 10.5% or $34.3 billion in improperly paid claims. As shown in Table 4, the FY2010 Medicare FFS improper payment rate can be compared to the FY2009 rate of 12.4%, or $35.4 billion in improperly paid claims. CMS attributes approximately $5.1 billion of the difference in improperly paid claims between FY2009 to FY2010 to clinical care and procedures provided in inpatient acute care hospital settings which should have been provided in outpatient hospital departments or other less intensive settings. These services were improperly paid at a higher inpatient hospital rate. In addition, CMS attributes the increase in the FFS error rate between FY2008 and FY2009 to the application of stricter claims review standards.⁷³

Despite its value as a tool for estimating payment accuracy and administrative efficiency in claims processing, the improper payment rate does not measure Medicare FFS fraud and abuse. It is mainly an administrative error measure. The main types of payment errors in FFS Medicare are incorrect coding by providers, claims for medically unnecessary services, and claims submitted with insufficient or no documentation. Even though CMS has not met its own target for reductions in FFS error rates since FY2008, the agency established a goal of reducing the Medicare FFS improper payment error rate by 50% between FY2009 (12.4%) and FY2012 (6.2%).⁷⁴

GAO and HHS/OIG have questioned the adequacy and accuracy of CMS's calculation of the Medicare FFS improper payment rate. In April 2006, GAO reported that the significant reduction in Medicare's national paid claims error rate after 2004 was due largely to CMS's efforts to educate providers about the importance of submitting adequate documentation to justify payments. When providers do not respond to additional documentation requests, CMS automatically counts the payments as erroneous. According to GAO, despite the success and importance of these educational efforts, they do not reflect payment safeguard or internal control improvements implemented by CMS.⁷⁵

In addition, HHS/OIG has questioned why CMS did not use error rate data to focus on error-prone providers. HHS/OIG found that over a four-year period (FY2005-FY2008), 186 providers with at least one claim in error in each year accounted for 25% of dollars in error for those providers. CMS reported that although its contractors do not use CERT data, it uses CERT data to target providers during audits. HHS/OIG recommended that CMS (1) use error rate data to identify error-prone providers, (2) require error-prone providers to identify the causes of claim errors and implement corrective action plans, (3) monitor provider-specific corrective action plans, and (4) share error rate data with program integrity contractors (i.e., RACs, PSCs, and ZPICs) to further assist in identifying improper payments and reducing future mistakes.⁷⁶

Medicare Advantage (MA) Payment Error Rates

CMS estimated the Medicare Advantage (MA) calendar year 2009 improper payment rate was 15.4% or $12.0 billion in improper payments. For comparison, the estimated MA improper payment rate was 10.6% or $6.8 billion in calendar year 2006. According to HHS's FY2010 Agency Financial Report, the MA payment error rate reflects primarily health plan errors in documenting beneficiaries' diagnoses.

Part D Payment Error Rate

HHS calculated the following four components for the FY2010 Medicare Part D payment error rate which includes the Part D benefit provided by Medicare Advantage plans:

• Medicare Advantage and Prescription Drug System (MARx) Payment Error (MPE)—reflects errors in Part D payments caused by transfer/interpretation of source data and errors in payment calculations in the MARx payment system;
• Payment Error relating to Low-Income Subsidy status (PELS)—measures errors in the Medicare Part D Low Income Cost-sharing Subsidy (LICS) payments;
• Payment Error related to Incorrect Medicaid Status (PEMS)—measurement reflects errors in LICS and two other LIS-related payments; the Low Income Premium Subsidy and Direct Subsidy amounts; and
• Payment Error Related to Prescription Drug Event Data Validation (PEPV)—identifies errors due to invalid and/or inaccurate Prescription Drug Event (PDE) records that affect Part D LICS and reinsurance payments.

Table 5 displays a summary of the estimated error rates and improper payments associated with the four Medicare Part D payment error rate components.

Health Care Fraud and Abuse Control (HCFAC) Annual Reports

HIPAA required HHS and the DOJ to issue a joint annual report to Congress on HCFAC results and accomplishments. These reports describe examples of enforcement actions and program accomplishments as well as summarize recoveries and amounts deposited into the HI Trust Fund as a result of health care fraud enforcement activities. Congress did not require that HHS and DOJ include expenditures or results for the MIP program in these reports. Therefore, the annual reports are only one indication of HCFAC successes and challenges in health care fraud enforcement, but do not cover the whole breadth of fraud activities. In addition, HCFAC reports do not separately identify funding and expenditures for specific enforcement actions related to Medicare, Medicaid, or other federal health care programs.⁷⁷ However, in the Consolidated Appropriations Act, 2010 (P.L. 111-117), approval of discretionary funding for program integrity and program administration was made contingent on the inclusion (in the annual HCFAC report to Congress) of measures of the operational efficiency and impact upon fraud, waste, and abuse in the Medicare, Medicaid, and CHIP programs of these appropriations.

Figure 1 displays a summary of HCFAC fraud recoveries and transfers to the HI Trust Fund for fiscal years 1998 through 2010. The difference between the amount collected in fraud recoveries and the amount transferred to the HI Trust Fund in any given year is attributable to the lag between identification of suspected fraud, development of a case, and prosecution or recovery of a judgment. Litigation can be a lengthy process that may take several or more years. As a result, some judgments, settlements, and administrative actions won in one year, may not result in funds being collected or transferred to the trust fund until one or more years later.

Figure 1. HCFAC Recoveries and Transfers to the Medicare HI Trust Fund, and HCFAC Expenditures FY1998-FY2010 (in $ billions)

Source: Health Care Fraud and Abuse Control (HCFAC) Program Annual Reports, FY1998-FY2010.

Also as shown in Figure 1, the federal government won or negotiated approximately $2.5 billion in judgments and settlements (fraud recoveries) during FY2010 and returned nearly $2.9 billion to the HI Trust Fund (transfers).⁷⁸ Total recoveries identified in the HCFAC annual reports for FYs 1998-2010 were approximately $17.01 billion. During the same time period, approximately $18.68 billion was transferred to the Medicare HI Trust Fund.

Recoveries are amounts won or negotiated by the OIG and DOJ in any given year. They include criminal fines, civil monetary penalties, forfeitures, civil settlements and judgments. Recoveries vary annually depending on the number and types of fraud cases that were prosecuted. Between 1999 and 2003, recoveries steadily increased from $0.5 to $1.8 billion. Recoveries then dropped over $1 billion between 2003 and 2004. Recoveries rose again from $0.6 billion in 2004 to $2.2 billion in FY2006. Recoveries have since dropped again to $1.0 billion in 2008 and increased to $2.5 billion in 2010. The considerable increase in recoveries in 2006 can be attributed to a large settlement negotiated with Tenet Healthcare Corporation, operator of the nation's second-largest hospital chain.⁷⁹ Tenet returned overpayments to the United States Treasury of more than $900 million over a four-year period for unlawful billing of Medicare, Medicaid, and TRICARE.⁸⁰

Transfers are amounts collected resulting from HCFAC enforcement efforts. Between fiscal years 1998 and 2002, Trust Fund transfers steadily increased from $0.3 billion in 1998 to $1.4 billion in 2002. After a drop to $0.7 billion in 2003, returns again increased between 2003, and from 2004 to 2006 held relatively steady at approximately $1.5 billion. Transfers again dropped in FY2007 to $0.8 billion only to jump over $1 billion in FY2008 to $1.94 billion. Transfers continued the pattern of rapid increases in FY2009 ($2.51 billion) and FY2010 ($2.86 billion). According to the FY2010 HCFAC report, federal health care fraud enforcement activities have returned over $18 billion to the Medicare Trust Funds since 1997. The HCFAC program return-on-investment (ROI) since 1997, is $4.90 returned to every $1.00 expended. The three-year average (2008-2010) ROI is $6.80 recovered to every $1.00 spent, which is $1.90 higher than the historical average. Due to ROI variations from year-to-year depending on the number of cases settled or adjudicated during that year, DOJ and HHS use a three-year rolling average to calculate ROI.⁸¹

Further, Figure 1 shows total HCFAC expenditures were relatively constant over the first 11 years of the program, increasing slowly from approximately $119.6 million in FY1998 to approximately $577.4 million in FY2010. In FY2009, Congress appropriated $198 million in additional discretionary funding to the HCFAC program, almost doubling HCFAC funding. The majority (approximately 80%) of these additional HCFAC funds were allocated to CMS. For FY2009, approximately 10% of the additional HCFAC discretionary funds were allocated to both the DOJ and the HHS/OIG. In FY2010, this percentage distribution for the additional HCFAC discretionary funds was the same with CMS receiving the majority of the funds (CMS received approximately 80% and DOJ and HHS/OIG received approximately 10% each).

Table 6 displays the number of enforcement actions, including new criminal and civil health care fraud investigations and program exclusions for fiscal years 1999 through 2010. The number of new civil and criminal investigations has accelerated over the past 10 years. However, there is debate as to whether this rise in enforcement actions is actually the result of more Medicare fraud and abuse. Some experts contend that the increase is the result of having more resources to fight and detect illegal behavior, as opposed to an actual increase in the amount of fraud. Others note that the definition of what constitutes health care fraud has expanded over the years, making it appear as though fraud has escalated when the actual level has remained relatively steady.⁸²

GAO Health Care Fraud and Abuse Control (HCFAC) Reports

HIPAA required GAO to submit a report to Congress every two years on HCFAC appropriations and deposits.⁸³ Starting in June 1998, GAO released four reports using data from the HCFAC annual reports for years 1997 through 2003. The most recent and final report, released in April 2005, reviewed HCFAC activities for years 2002 and 2003.⁸⁴ Similar to the HCFAC annual reports, the GAO studies do not include MIP in their analysis. In all four reports, GAO noted that while HCFAC deposit amounts reported to the HI Trust Fund were consistent with HIPAA, HHS included a measure of cost savings resulting from health care fraud enforcement efforts that could not entirely be attributed to the HCFAC program.⁸⁵ In addition, because fraud investigation and litigation can take several years, savings may not be realized until future years. Despite this weakness, GAO consistently found HHS and DOJ's accounting for HCFAC deposits and expenditures to be fiscally appropriate and accurate.

Other GAO Reports

Subsequent GAO reports released over the last few years have raised questions about how HCFAC and MIP funding are being used. An April 2005 report on HCFAC funding for the FBI found that CMS could not adequately demonstrate that its share of HCFAC expenditures for FY2000-FY2003 were used for health care investigations. The study showed that funds previously devoted to fighting health care fraud at the FBI had been shifted to counterterrorism activities.⁸⁶

In a report released in September 2006, GAO identified weaknesses in CMS's approach to allocating MIP funds across program integrity activities (cost report auditing, medical review, benefit integrity, Medicare secondary payer, and provider education)—another MIP activity, Medi-Medi receives statutory funding.⁸⁷ GAO noted that CMS based its MIP allocation decisions on historical funding levels, as opposed to examining the relative effectiveness of each activity in ensuring Medicare program integrity. GAO recommended that CMS develop additional methods for allocating MIP funds that take into account the effectiveness of MIP activities, as well as contractor performance, particularly in light of potential vulnerabilities arising from Medicare's Part D prescription drug benefit.

Office of the Inspector General (HHS/OIG) Audit and Evaluation Reports

Every year HHS/OIG audits, evaluates, and investigates HHS programs. The recommendations that result from these assessments help lawmakers determine policies to improve the management and operations of these programs. In addition to individual audit and evaluation reports, the HHS/OIG develops a number of annual reports synthesizing the outcomes of its work. For example, in its FY2011 Compendium of Unimplemented Recommendations, HHS/OIG made the following priority recommendations related to strengthening Medicare program integrity:

• Eliminate Medicare's vulnerability to fraudulent or excessive inhalation drug claims;
• Ensure medical equipment suppliers' compliance with Medicare enrollment standards;
• Reduce the rental period for Medicare home oxygen equipment;
• Ensure accuracy of prescription drug plan sponsors' bids and prospective payments;
• Implement safeguards to prevent and detect fraud and abuse in Medicare prescription drug plans; and
• Ensure the validity of prescriber identifiers on Medicare Part D drug claims.⁸⁸

HHS/OIG also prepares an annual work plan that describes the reviews and audits it plans to pursue in the coming year. In FY2011, HHS/OIG plans to conduct nearly 175 Medicare studies and audits, the majority of which are related to Medicare Parts A and B.⁸⁹

A June 2010 HHS/OIG report revealed that basic documentation safeguards challenge federal health care programs.⁹⁰ The HHS/OIG found that in 2007 Medicare Part D sponsors and beneficiaries paid pharmacies $1.2 billion for claims where the prescriber identification number did not correspond to a practicing physician identifier. Without a valid prescriber identifier, CMS and its contractors could not determine whether a physician actually prescribed a drug or whether the physician was validly licensed and had not been excluded from the Medicare program.

Recent Program Integrity Initiatives

Both Congress and the Administration have undertaken initiatives to increase Medicare program integrity activity. Congress has held a number of hearings and passed several laws with provisions that have provided new program integrity tools and resources. The Administration has issued several executive orders requiring agencies to address improper payments and has proposed a number of additional program integrity initiatives in its FY2012 budget proposal.

Congressional Action: Hearings

Congress has held a number of hearings addressing Medicare fraud and abuse and related issues. Table 7 displays a sample of some of the hearings that have been held over the last 12 months by committees/subcommittees related to Medicare, Medicaid, and CHIP fraud and abuse.

Congressional Action, New Laws: Patient Protection and Affordable Care Act (PPACA, P.L. 111-148)

The Patient Protection and Affordable Care Act (PPACA, P.L. 111-148, as amended by P.L. 111-152) provided CMS with a number of additional program integrity tools, such as enhanced provider/supplier screening requirements, pre-payment claims review for high-risk areas, additional DMEPOS and home health agency surety bond requirements, and new requirements for providers who order certain Medicare services. PPACA also required CMS contractors to track and report performance statistics, such as overpayments identified, fraud referrals, and return on investment. Similarly, PPACA requires the Secretary to evaluate program integrity contractors at least every three years. Further, PPACA required the RAC program to be expanded to Medicare Parts C and D (and Medicaid).

PPACA also requires better data sharing between program integrity entities to monitor and assess potential risks. CMS intends to expand an Integrated Data Repository (IDR) to include claims and payment data from other federal programs such as the Department of Veterans Affairs, the Department of Defense, the Social Security Administration, and the Indian Health Service. CMS expects that the new PPACA authorities will help CMS to migrate more quickly from a pay and chase approach to a deterrent approach.

As shown in Table 8, PPACA increased appropriations for HCFAC by a total of $350 million over the period FY2011-FY2020. Specifically, PPACA Section 6402 increased HCFAC funding by appropriating from the Medicare Part A Trust Fund $10 million for each FY2010-FY2020. In addition, PPACA Section 1128J (as amended by Section 1303 of P.L. 111-152) further increased HCFAC funding by appropriating $250 million to the HCFAC program.

Congressional Action, New Laws: Small Business and Jobs Act of 2010 (SBJA, P.L. 111-240)

In addition to PPACA, Section 4241 of the Small Business and Jobs Act of 2010 (SBJA, P.L. 111-240), appropriated $100 million for CMS to initiate predictive modeling and other analytics technologies ("predictive analytics technologies").⁹¹ Predictive analytics technologies have been compared to technologies used in private sector financial services industries, such as banking, insurance, and credit cards, to reduce fraudulent billing. Combining data and information from multiple sources, including Medicare FFS claims history (aberrant billing patterns), enrollment information, background checks, and other public and private information (links to questionable affiliations), complaints, predictive analytics technologies would help to determine if a claim was legitimate before it was paid. Among other advantages, predictive analytics technologies could reduce the Medicare FFS pay-and-chase dynamic where claims are quickly paid, only to later be reviewed to discover the providers were fraudulent or the claims should not have been paid for other reasons. With predictive analytics technologies, CMS can develop scoring models that would rate the potential that a claim is inappropriate based on past known fraudulent activity. Claims that had similar characteristics to past fraudulent claims could be denied pending further verification.

The SBJA required CMS to award predictive analytics technologies contracts by April 2011. CMS indicted that the schedule has encountered delays, but the predictive modeling contracts would be awarded soon.⁹²

Congressional Action, Proposed Legislation: Budget Control Act of 2011 (BCA, P.L. 112-25)

Congress and the Administration had been negotiating to increase the statutory federal debt limit.⁹³ In late July 2011, legislation that would address the debt limit was proposed in both the House and Senate (S.Amdt. 581), with each chamber considering a different version of the Budget Control Act of 2011 (BCA). ⁹⁴ The House passed an amended version of BCA (S. 365) on August 1, 2011. The Senate passed and the President signed BCA into law on August 2, 2011 (P.L. 112-25). The Congressional Budget Office (CBO) estimated that BCA initially would reduce federal deficits by $917 billion over the period FY2012-FY2021 (total reduced federal spending was estimated to be $2.1 trillion).⁹⁵ CBO estimated that other BCA provisions would further reduce federal spending by as much as $1.2 trillion between FY2012 and FY2021.⁹⁶

BCA achieves the initial $917 billion in federal spending reductions by capping federal discretionary appropriations from FY2012 to FY2021. However, BCA exempts certain specific programs from the discretionary funding caps, including Medicare program integrity. Starting in FY2012 and continuing through FY2021, BCA authorizes increased discretionary appropriations for Medicare program integrity activities funded through the Health Care Fraud and Abuse Control (HCFAC) account. BCA specifically identified the maximum amounts that appropriation committees could authorize for HCFAC program integrity activities. The maximum discretionary annual program integrity appropriations identified in BCA are in addition to current annual appropriation authority of $311 million. Table 9 displays a summary of the maximum program integrity appropriations authorized by BCA for the HCFAC account.

Administration Action: Executive Orders and Memorandums

On November 20, 2009, the Obama Administration issued Executive Order 13520—Reducing Improper Payments—directing federal agencies to reduce improper payments rates.⁹⁷ Among other things, under the direction of the Office of Management and Budget and Department of Treasury, the executive order required federal agencies to develop plans to reduce improper payments. Under this order, CMS is required to establish supplemental error rate measurements and to report improper payment rates on the Department of Treasury payment accuracy website.⁹⁸

The Obama Administration reiterated its program integrity commitment in a March 10, 2010, Memorandum for the Heads of Executive Departments and Agencies entitled, Finding and Recapturing Improper Payments.⁹⁹ The Memorandum directed government managers to utilize recapture auditors to reduce improper payments. Recapture auditors are considered the same as recovery audit contractors, similar to those used in Medicare FFS and expanded by PPACA to Medicare Parts C and D (and Medicaid). Also, on June 18, 2010, the Administration issued another Memorandum—Enhancing Payment Accuracy Through a Do Not Pay List. The June 18 Memorandum directed federal agency and executive department managers to establish a list of contractors, individuals, and other entities who are ineligible to be paid and ensure payments are not made.¹⁰⁰

Administration Action: FY2012 Budget Request

The Obama Administration's proposed FY2012 budget includes a number of new legislative proposals to strengthen Medicare's program integrity activities. The Administration estimates that these initiatives could reduce Medicare expenditures by approximately $8.6 billion over 10 years. A selection of the Administration's Medicare program integrity proposals, which would require new legislation, include the following initiatives:

• Recover Erroneous Payments from Insurers Participating in Medicare Advantage (MA)—recoup overpayments by extrapolating risk adjustment data validation (RADV) error rates found in audit samples to the entire MA contract payment.
• Report Sweep Accounts—require providers to report when sweep accounts are used that immediately transfer Medicare payment to investment accounts (often in other jurisdictions, where overpayment recovery might be difficult).
• Penalties for Outdated Enrollment Records—authorize CMS to impose civil monetary penalties or other intermediate sanctions when providers fail to update enrollment records.
• Universal Product Numbers (UPNs) on Claim Forms—study the potential to use UPNs on Medicare reimbursement claims to help monitor payment and fraud detection.
• Medicare Claims Ordering System—create a Medicare claims ordering system and require claims for high risk services, such as DMEPOS and home health, to be submitted electronically prior to payment so that the certification of the ordering professional could be validated.
• Review of Power Wheelchair Claims—require prepayment or early review of all power wheelchair claims to allow CMS to ensure they meet the existing criteria for coverage and to monitor fraud and abuse.
• Participation Exclusion for Affiliation With Sanctioned Entity—give the Secretary additional permissive authority to exclude providers if they are affiliated with a sanctioned entity.
• Provide Flexibility in Implementing Predictive Analytics—enable the Secretary to have more discretion in implementation of predictive analytics technologies in order to ensure that cost-effective tools are used appropriately.
• Fraud Debt in Bankruptcy Proceedings—limit the ability of providers/suppliers to discharge health care fraud debts in bankruptcy proceedings.
• Penalties for Illegal Distribution of Beneficiary Identification Numbers—strengthen penalties for knowingly distributing Medicare, Medicaid, or CHIP beneficiary identification numbers.

Concluding Observations

Program integrity activities encompass a broad set of strategies and processes intended to meet numerous objectives, including preventing improper payments, identifying and detecting fraud, investigating individuals suspected of committing Medicare fraud, recovering overpayments, and prosecuting offenders. To carry out the six main types of program integrity activities, CMS contracts with a number of private organizations. The effectiveness of these efforts depends on close collaboration and coordination between CMS, its contractors, OIG, and federal and state law enforcement agencies.

The implementation of HCFAC and MIP in 1996 provided CMS and Medicare enforcement agencies with dedicated funding to coordinate health care fraud-fighting activities. As documented in HCFAC reports, from 1999 through 2010, program integrity and anti-fraud resources increased from an estimated $0.8 billion in FY1999 to approximately $1.9 billion in FY2010, and the number of new civil and criminal fraud enforcement actions more than quadrupled (through FY2010). Furthermore, activities of health care fraud enforcement also have steadily increased recoveries transferred to the Medicare Trust Funds. GAO reports have raised questions about how MIP funding is used and have recommended CMS develop more quantitative measures to assess the impact of MIP-funded program integrity activities.

Protecting Medicare from fraud and abuse is a complex and challenging undertaking for a number of reasons. Reliable estimates of the amount lost to health care fraud are unavailable, making it difficult for policymakers to determine the extent of resources needed to respond to the issue and where best to direct resources. In addition, fraud perpetrators are quick to adapt to investigative techniques and continually devise new and more sophisticated Medicare fraud schemes. Therefore, to reduce Medicare's vulnerability, CMS and its partners need to utilize a diverse mix of preventive and investigative program integrity methods. CMS has migrated to more preventive program integrity techniques, such as increasing the volume of claims it reviews on a pre-payment basis, applying stricter standards when reviewing provider enrollment applications, and conducting background checks on providers prior to allowing them to bill the Medicare program.

Footnotes

1.	CMS Office of the Actuary, 2011 Medicare Board of Trustees Report, https://www.cms.gov/ReportsTrustFunds/downloads/tr2011.pdf.
2.	Ibid.
3.	Department of Health and Human Services, Fiscal Year 2012 Centers for Medicare and Medicaid Services, Justification of Estimates for Appropriations Committees.
4.	For more information, see CRS Report R40425, Medicare Primer, coordinated by [author name scrubbed] and [author name scrubbed].
5.	The disabled population includes people under age 65 who receive cash disability benefits from Social Security or the Railroad Retirement systems for at least 24 months, individuals under age 65 with end stage renal disease (ESRD), and individuals with amyotrophic lateral sclerosis (ALS).
6.	DME includes hospital beds, wheelchairs, respirators, walkers, artificial limbs, and other equipment and services specifically for home use.
7.	See Table III.A3.—Medicare Enrollment, page 51, 2011 Annual Report of the Boards of the Trustees of the Federal Hospital Insurance and Federal Supplemental Medical Insurance Trust Funds, May 2011, at http://www.cms.gov/ReportsTrustFunds/downloads/tr2011.pdf.
8.	For more information on the 18 operating divisions and the Department of Health and Human Services organizational structure, see http://www.hhs.gov/about/orgchart/.
9.	CMS's Center for Program Integrity (CPI) administers and monitors all agency program integrity activities, including those activities for Medicaid and the State Children's Health Insurance Program (CHIP). For more information on the CMS reorganization, see 75 Federal Register 14176, March 24, 2010. Previously, Medicare program integrity activities were monitored by several CMS groups including the Center for Drug and Health Plan Choice, the Center for Medicare Management, and the Office of Financial Management. Program integrity for Medicaid was supervised by Center for Medicaid and State Operations.
10.	Department of Health and Human Services, Fiscal Year 2012 Centers for Medicare and Medicaid Services, Justification of Estimates for Appropriations Committees.
11.	Program integrity stakeholders can include private payers, other federal programs, state Medicaid agencies, the CHIP, Medicare providers and suppliers, the DOJ, and the HHS/OIG.
12.	The National Health Care Anti-Fraud Association (NHCAA) estimates conservatively that 3% of all health care spending—or $68 billion—is lost to health care fraud. See NHCAA consumer alert available at http://64.211.220.122/eweb/DynamicPage.aspx?webcode=anti_fraud_resource_centr&wpscode=TheProblemOfHCFraud. The Federal Bureau of Investigation (FBI) refers to estimates of 3-10% of all health care billings as potentially fraudulent, see Annual Financial Crimes Report available at http://www.fbi.gov/publications/financial/fcs_report2008/financial_crime_2008.htm#health.
13.	For more information, see http://paymentaccuracy.gov/programs/medicare-fee-for-service.
14.	Alice G. Gosfield, Medicare and Medicaid Fraud and Abuse 2008 Edition, pp. 5-6.
15.	Department of Health and Human Services (HHS) and Department of Justice (DOJ) Annual Health Care Fraud and Abuse Control (HCFAC) Program Annual Report for FY2008, September 2009, http://oig.hhs.gov/publications/docs/hcfac/hcfacreport2008.pdf.
16.	U.S. Congress, House Committee on Oversight & Government Reform, Subcommittee on Health Care, District of Columbia, Census, and the National Archives, A Perspective on Fraud, Waste, and Abuse Within the Medicare and Medicaid Programs, Testimony of Gerald T. Roy, Deputy Inspector General for Investigations, HHS/OIG, 112th Cong., April 5, 2011.
17.	U.S. Government Accountability Office, High Risk Series: An Update, GAO-11-278, February 2011, http://www.gao.gov/products/GAO-11-278.
18.	U.S. Government Accountability Office, Medicare and Medicaid Fraud, Waste, and Abuse: Effective Implementation of Recent Laws and Agency Actions Could Help Reduce Improper Payments, GAO-11-409T, March 9, 2011.
19.	Detroit Fraud Prevention Summit, Remarks of Kathleen Sebelius, Secretary of the Department of Health & Human Services, March 15, 2011.
20.	Social Security Act (SSA) § 1816(c)(2)(A) and (B) [for Part A] and § 1842 (c)(2)(A) and (B) and Medicare Claims Processing Manual (Pub. 100-04, Ch.1, §80.2). Medicare contractors are prohibited from paying electronic claims within 13 days after they were received and, to encourage electronic claims submission, 28 days for all other claims.
21.	U.S. Government Accountability Office, Medicare and Medicaid Fraud, Waste, and Abuse: Effective Implementation of Recent Laws and Agency Actions Could Help Reduce Improper Payments, GAO-11-409T, March 9, 2011.
22.	The Medicare Integrity Program is established under Social Security Act (SSA) Section 1893, which identifies many program integrity activities. CMS also employs other program integrity activities not discussed in this report, such as scrutinizing provider enrollment applications, conducting in-person site visits to provider locations to verify that they meet certain standards, and inspecting provider facilities.
23.	In addition to traditional MIP activities, under HEAT and other initiatives, CMS is using new PPACA resources and authority for the following tasks: random provider/supplier site visits, more aggressive oversight of inactive provider numbers, implementation of a home health payment outlier policy, development of a data analysis system that will identify potential fraud, initiate service and geographic specific projects for vulnerable areas, establish a beneficiary reporting hotline, and issue identify theft protection guidance.
24.	Generally, Medicare Part A providers are paid under a prospective payment system (PPS). Under PPS, providers receive a pre-determined payment based on specified service units, such as hospital stays. When performing cost report audits, CMS reviews the few items that could affect provider PPS payments, such as bad debt, organ procurement costs, payments for indirect and direct medical education, and the numbers of low-income patients hospitals serve. GAO and MEDPAC studies have questioned the degree to which CMS's current audit process assesses the accuracy of Medicare costs for providers paid under PPS. See GAO-06-813, Medicare Integrity Program: Agency Approach for Allocating Funds Should be Revised, September 2006, http://www.gao.gov/new.items/d06813.pdf, and MEDPAC, Report to the Congress: Sources of Financial Data on Medicare Providers, June 2004, http://www.medpac.gov/publications/congressional_reports/june04_990_DataNeeds.pdf.
25.	Part B providers (physicians, outpatient hospital, durable medical equipment providers, and others) are not required to submit cost reports to CMS.
26.	See GAO-07-945, Medicare Advantage: Required Audits of Limited Value, July 2007, http://www.gao.gov/new.items/d07945.pdf.
27.	Department of Health and Human Services, Fiscal Year 2012, Centers for Medicare and Medicaid Services, Justification of Estimates for Appropriations Committees.
28.	Computerized edits also check for errors such as incomplete or duplicate claims, claims where diagnosis codes do not match procedure codes, and unallowable code combinations.
29.	Manual pre-payment and post-payment claims reviews are initiated only after billing issues have been identified with a provider. Under pre-payment review, contractors will conduct a manual medical review on a percentage of claims before payment is made. When conducting post payment review, contractors examine a statistically valid sample of paid claims from a provider. The majority of the reviews are conducted on a post-payment basis.
30.	Recoupment is recovering a Medicare overpayment by reducing present or future Medicare payments and applying the amount withheld against the debt.
31.	CMS founded the California Medicare and Medicaid Data Analysis Center (CMMDAC) on September 28, 2001, to show proof of concept for dual Medicare-Medicaid data analysis. CMMDAC was established to demonstrate the value of comparative Medicare-Medicaid claims data analysis for the detection, prosecution, and elimination of aberrant practices, Medicaid Alliance for Program Safeguards, May 2005.
32.	Texas, Illinois, Pennsylvania, North Carolina, New Jersey, Ohio, and Washington had agreed to participate in the Medi-Medi pilot in 2005.
33.	U.S. Congress, Senate Committee on the Judiciary, Effective Strategies for Preventing Health Care Fraud, Testimony of HHS Deputy Secretary William Corr, 111th Cong., October 28, 2009, http://www.hhs.gov/asl/testify/2009/10/t20091028a.html.
34.	In FY2011, the OIG plans to release a report on CMS's oversight and monitoring of the Medi-Medi program; see the Department of Health and Human Services Inspector General's FY2011Workplan available at http://oig.hhs.gov/publications/workplan/2011; 09-08-00370).
35.	The following 14 states participate in the Medi-Medi program: Arkansas, California, Colorado, Florida, Georgia, Mississippi, New Jersey, New York, North Carolina, Ohio, Oklahoma, Pennsylvania, Texas, Utah.
36.	A requirement that the Secretary contract with MACs was part of an overall legislative strategy to reform Medicare's administrative structure. Prior to the MMA, CMS was not authorized to select administrative contractors using a competitive selection process. Although the statute afforded the Secretary authority to choose carriers to process Part B claims, Medicare regulations still limited the Secretary's flexibility in contracting. For example, the Secretary was prohibited from terminating an agreement with an administrative contractor without cause or the opportunity for a public hearing. Additionally, contracts were renewed automatically from year-to-year and were required to be cost-based, not performance-based. One goal of implementing the MAC initiative was to make Medicare contracting more consistent with the standard federal government contracting procedures governed by the Federal Acquisition Regulation (FAR). SSA Section 1874A requires the Secretary to use competitive procedures, which take into account quality as well as price, when selecting claims processing contractors. The Secretary also is required to competitively select MACs at least once every five years and is authorized to include performance incentives in those contracts.
37.	Implementation started for Jurisdiction 11 in September 2010 and October 2010 for Jurisdiction 15.
38.	Similar to the term applied to the geographic areas for which A/B MACS are responsible for processing provider claims, zones refer to the geographic areas where ZPICs are responsible for conducting Medicare program integrity.
39.	Prior to the contracting reform, in FFS Medicare fiscal intermediaries and carriers processed claims for Medicare Parts A and B and some specific services, such as home health and hospice and durable medical equipment prostheses orthotics suppliers (DMEPOS).
40.	CMS issued an RFP for ZPICs on May 1, 2008. On October 8, 2008, CMS announced that it had awarded the first two ZPIC contracts to Health Integrity, LLC for Zone 4 (Texas, Oklahoma, Colorado, and New Mexico) and Safeguard Services, LLC for Zone 7 (Florida, Puerto Rico, and U.S. Virgin Islands). These two ZPICs are fully operational. In 2009, CMS awarded ZPIC contracts for Zone 5 (West Virginia, Virginia, North Carolina, South Carolina, Georgia, Alabama, Mississippi, Tennessee, Arkansas, and Louisiana) and Zone 2 (Alaska, Washington, Oregon, Montana, Idaho, Wyoming, Utah, Arizona, North Dakota, South Dakota, Nebraska, Kansas, Iowa, and Missouri) to AdvanceMed Corporation. Both of these awards to AdvanceMed were subsequently protested by other program integrity contractors. On January 25, 2010, GAO upheld the Zone 2 and Zone 5 ZPIC contract protests, so those contracts will be recompeted.
41.	HHS/OIG, Medicare Overpayments Identified by Program Safeguard Contractors, OEI-03-08-00031, May 2010.
42.	For additional information on oversight of the Part D benefit see CRS Report R40611, Medicare Part D Prescription Drug Benefit, by [author name scrubbed].
43.	According to a report released by the OIG, none of these audits were conducted by the MEDICs in FY2008. See OEI-03-08-00420, Medicare Drug Integrity Contractors' Identification of Potential Part D Fraud and Abuse, HHS OIG, October 2009, http://oig.hhs.gov/oei/reports/oei-03-08-00420.pdf. As a condition of participation in Medicare, both MA and PDP plans are required to have in place a compliance plan which should include, among other elements, measures for detecting, correcting, and preventing fraud, waste, and abuse. Required elements of the plan include designation of a compliance officer; training, education, and effective lines of communication between the compliance officer and the organization's employees; procedures for ensuring prompt response to detected offenses; and procedures to voluntarily self-report potential fraud or misconduct to CMS (42 C.F.R 423.503 & 42 C.F.R 423.504).
44.	CMS awarded contracts to three regional MEDICs in FY2007. The three MEDIC contracts were consolidated into two in the Fall of 2008 when CMS did not renew the contract for one of the original three MEDICs.
45.	HHS/OIG, Medicare Drug Integrity Contractors' Identification of Potential Part D Fraud and Abuse, October 2009, OEI-03-08-00420.
46.	Ibid.
47.	The Deficit Reduction Act of 2005 also provided CMS with the authority to pay RACs differently than other Medicare contractors, raising concerns among RAC opponents. Historically, Medicare has paid its administrative contractors using cost-based contracts. Under cost-based contracts, Medicare reimburses contracting organizations for all necessary and proper costs incurred during the year. In contrast, MMA required Medicare to pay RACs on a contingency basis. Under contingency-based contracts, Medicare reimburses contractors a portion, usually a percentage, of improper payment recoveries. For additional information on Medicare's RAC program see CRS Report R40592, Medicare's Recovery Audit Contractor (RAC) Program: Background and Issues, by [author name scrubbed].
48.	This includes inpatient hospitals, physicians, skilled nursing facilities, inpatient rehabilitation facilities, DME suppliers, home health agencies, and other Parts A or B providers.
49.	The RAC demonstration was concluded, but the program results have been revised as some recoveries were reversed on appeal.
50.	See RAC Fee-for-Service (FFS) Newsletter, March 30, 2011, at http://www.cms.gov/rac/downloads/ffsnewsletter.pdf.
51.	HHS OIG, Recovery Audit Contractors' Fraud Referrals , OEI-03-09-00130, February 2010, http://oig.hhs.gov/oei/reports/oei-03-09-00130.pdf.
52.	An improper payment is any payment that should not have been made or that was made in an incorrect amount. This includes duplicate payments, payments to ineligible recipients, payments for ineligible services, or payments for services not received. In Medicare, improper payments include both underpayments and overpayments to providers and largely result from provider billing mistakes and inadvertent claims processing errors.
53.	For more information on provider specific CERT, see https://www.cms.gov/CERT/05_Providers.asp#TopOfPage.
54.	In 2009, HHS modified the Medicare FFS improper payment review process based on recommendations from the Office of Inspector General and Agency staff. The initial Medicare FFS error rate of 7.8% or $24.1 billion in improper payments was applied to most claims, but utilized a less stringent medical necessity criteria. Appling the new medical necessity criteria for the remaining claims resulted in an overall blended improper payment rate for FY2009 of 12.4% or $35.4 billion. For the purpose of setting an estimated baseline for future goals, HHS used 12.4% for the FY2009 Medicare FFS improper payment rate (see http://paymentaccuracy.gov/programs/medicare-fee-for-service).
55.	https://www.cms.gov/apps/media/press/release.asp?Counter=3876&intNumPerPage=10&checkDate=&checkKey=2&srchType=2&numDays=0&srchOpt=0&srchData=error+rate&keywordType=All&chkNewsType=1%2C+2%2C+3%2C+4%2C+5&intPage=&showAll=1&pYear=&year=0&desc=&cboOrder=date.asp.
56.	The following four components comprise the Medicare Part D error rate: the Medicare Advantage and Prescription Drug System (MARx) Payment Error (MPE); the Payment Error relating to Low-Income Subsidy status (PELS); the Payment Error related to Incorrect Medicaid Status (PEMS); and Payment Error Related to Prescription Drug Event Data Validation (PEPV).
57.	NSC can verify the three DMEPOS standards through direct observation and desk review. The three standards include the following five requirements: (1) maintain a physical facility, (2) be accessible (open and staffed) during business hours, (3) have a visible sign, (4) have hours of operation posted, and (5) maintain a primary business telephone listed under the name of the business.
58.	HHS/OIG, South Florida Suppliers' Compliance with Medicare Standards, Results from Unannounced Visits, March 2007, OEI-03-07-00150.
59.	HHS/OIG, Compendium of Unimplemented Recommendations, May 2009, http://www.oig.hhs.gov/publications/docs/compendium/compendium2009.pdf. http://oig.hhs.gov/publications/docs/compendium/2011/CMP-01_Medicare_A+B.pdf.
60.	The Final Rule implementing PPACA provider/suppler screening requirements imposed temporary moratoriums on supplier enrollment, screening requirements for enhanced enrollment and reenrollment, application fees for providers and suppliers, and requirements for suspension of payments pending creditable allegations of fraud in both the Medicare and Medicaid programs (see Medicare, Medicaid, and Children's Health Insurance Programs, Additional Screening Requirements, Application Fees, Temporary Enrollment Moratoria, Payment Suspensions, and Compliance Plans for Providers and Suppliers, 76 Federal Register 5862, February 11, 2011).
61.	CMS consolidated COB activities under a single contractor entity, the Coordination of Benefits Contractor (COBC). The COBC is responsible for activities that support the collection, management, and reporting of other insurance coverage for Medicare beneficiaries. Its duties focus on activities to ensure that Medicare makes proper payments by identifying the correct payer before payments are made.
62.	Section 1128A of the SSA authorizes the Secretary to impose penalties and assessments on persons for engaging in certain activities. For example, a person who knowingly submits a false claim to a federal health care program is subject to a penalty of up to $11,000 for each item or service fraudulently claimed, an assessment of up to three times the amount fraudulently claimed, and possible exclusion.
63.	Section 1128 of the SSA authorizes the Secretary to exclude individuals and entities from participation in federal health care programs. Exclusions are authorized for convictions of criminal offenses related to the delivery of health care, including (1) Medicare or Medicaid fraud, (2) patient abuse or neglect, (3) felonies for other health care fraud, and (4) felonies for the illegal manufacture, distribution, prescription, or dispensing of controlled substances. The Secretary has discretionary authority to exclude individuals on other grounds, such as health care fraud offenses involving misdemeanors, license suspension or revocation, provision of unnecessary or substandard services, submission of false or fraudulent claims, and engaging in unlawful kickback arrangements.
64.	FY2010 Health Care Fraud and Abuse Control Annual Report, http://oig.hhs.gov/publications/docs/hcfac/hcfacreport2010.pdf.
65.	Ibid.
66.	For more information on the False Claims Act, see CRS Report RS22982, The False Claims Act, the Allison Engine Decision, and Possible Effects on Health Care Fraud Enforcement, by Jennifer Staman.
67.	Under the Federal False Claims Act, 31 U.S.C. §§ 3729-3733, private citizens and relators may file suit on behalf of the U.S. government. Relators are private persons with direct knowledge of health care fraud who file complaints on behalf of the federal government. They are entitled to a percentage of any fraud recoveries.
68.	FY2010 and FY2009 HCFAC Annual Reports.
69.	The HHS/OIG collects annual performance data on these projects and its most recent report can be accessed at http://www.smpresource.org/Content/NavigationMenu/ResourcesforSMPs/OIGReports/OIGPerformanceReport.pdf.
70.	As specified in SSA Section 1817(k)(C), the following amounts are to be deposited into the Federal Hospital Insurance Trust Fund: (1) amounts equaling unconditional gifts and bequests; (2) criminal fines recovered in cases involving a federal health care offense as defined in Title 18 U.S.C. §982(a)(6)(B); (3) civil monetary penalties and assessments imposed in health care cases, including amounts recovered under titles XI, XVIII, and XIX, of the SSA and Chapter 38 of Title 31 of the U.S.C.; (4) amounts resulting from the forfeiture of property by reason of a federal health care offense; and (5) penalties and damages obtained under the False Claims Act, 31 U.S.C. §§3729-3933.
71.	Department of Health and Human Services Budget in Brief for FY2011, p.2, http://www.hhs.gov/asrt/ob/docbudget/2011budgetinbrief.pdf.
72.	CMS Justification of Estimates for Appropriations Committees Fiscal Year 2011, pp. 161-178, http://www.cms.hhs.gov/PerformanceBudget/Downloads/CMSFY11CJ.pdf.
73.	See CMS Press Release dated November 18, 2009, available at http://www.cms.gov/apps/media/press/release.asp?Counter=3547&intNumPerPage=10&checkDate=&checkKey=2&srchType=2&numDays=0&srchOpt=0&srchData=error+rate&keywordType=All&chkNewsType=1%2C+2%2C+3%2C+4%2C+5&intPage=&showAll=1&pYear=&year=0&desc=&cboOrder=date. Prior to 2008, Medicare's Quality Improvement Organizations (QIO) were responsible for calculating the error rate for inpatient hospitals. The improper payment rate for all other FFS claims was calculated by CMS's CERT contractor. Beginning with FY2009, CMS transferred responsibility for calculating the inpatient hospital improper payment rate from QIOs to CERT contractors. CMS attributes the FFS error rate increase between FY2008 and FY2009 to QIOs reviewing inpatient hospital claims differently and using a different methodology to calculate improper payment amounts.
74.	See Department of Health & Human Services, Centers for Medicare & Medicaid Services (CMS), FY 2012 Online Performance Appendix, p. 89.
75.	GAO-06-581T, Challenges Continue in Meeting Requirements of the Improper Payments Information Act, April 2006, http://www.gao.gov/new.items/d06581t.pdf.
76.	See Department of Health & Human Services, Office of Inspector General, Centers for Medicare & Medicaid Services' Use of Medicare Fee-for-Service Error Rate Data to Identify and Focus Error-Prone Providers (A-05-08-00080), October 7, 2010.
77.	HIPAA did not require HHS or DOJ to separately track Medicare and non-Medicare expenditures. DOJ officials commented in a 2002 GAO Report on the HCFAC program that it was impractical to separate non-Medicare and Medicare expenditures because of the nature of health care fraud (GAO-02-731: Medicare, Health Care Fraud and Abuse Control Program for Fiscal Years 2000 and 2001, June 2002). Health care fraud cases can cross several health care programs, making it difficult to attribute expenses and recoveries to separate programs.
78.	For more information see the FY2010 Health Care Fraud and Abuse Control Annual Report at http://oig.hhs.gov/publications/docs/hcfac/hcfacreport2010.pdf.
79.	For more information on the Department of Justice settlement with Tenet Healthcare Corporation, see http://www.justice.gov/opa/pr/2006/June/06_civ_406.html.
80.	TRICARE is the health care program serving Uniformed Service members, retirees, and their families worldwide http://www.tricare.mil/.
81.	For more information on return on investment calculations, see the Appendix to the FY2010 HCFAC Annual Report.
82.	Health Care Fraud and Abuse: Practical Perspectives, Chapter 4, 2004.
83.	GAO reported on deposits made to the Medicare Trust Funds, whereas HHS/OIG and DOJ report in the HCFAC Annual Report on deposits and transfers. Transfers includes funds recovered and returned to other federal Agencies and CMS. Thus, the GAO reports different figures for HCFAC recoveries and deposits than the HCFAC Annual Reports.
84.	GAO-05-134, Health Care Fraud and Abuse Control Program: Results of Review of Annual Reports for Fiscal Years 2002 and 2003, April 2005, http://www.gao.gov/new.items/d05134.pdf.
85.	The OIG defines cost savings as funds put to better use as a result of implemented legislative or other program initiatives.
86.	GAO-05-388, Federal Bureau of Investigation: Accountability over the HIPAA Funding of Health Care Investigations is Inadequate, April 2005, http://www.gao.gov/new.items/d05388.pdf.
87.	GAO-06-813, Medicare Integrity Program, Agency Approach for Allocating Funds Should be Revised, September 2006, http://www.gao.gov/new.items/d06813.pdf.
88.	The 2011 OIG Compendium of Unimplemented Office of Inspector General Recommendations can be accessed at http://www.oig.hhs.gov/publications/docs/compendium/2011/index.asp.
89.	The annual OIG Work Plan can be accessed at http://www.oig.hhs.gov/publications/workplan/2011/.
90.	See Department of Health & Human Services, Office of Inspector General, Invalid Prescriber Identifiers on Medicare Part D Drug Claims, (OEI-03-09-00140), June 2010.
91.	Section 4241, "Use of Predictive Modeling and other Analytic Technologies to Identify and Prevent Waste, Fraud, and Abuse in the Medicare Fee-for-Service Program," of the Small Business and Jobs Act of 2010 (P.L. 111-240) authorized a one-time $100 million appropriation from the Medicare Trust Funds. The predictive modeling funding is available until expended. If certain interim objectives are not met by the predictive modeling program, the Secretary may impose moratoriums on further expansion, until refinements or improvements are made.
92.	Testimony of HHS Secretary, Kathleen Sebelius, before the Senate Committee on Appropriations subcommittee on Labor, Health and Human Services, Education, and Related Agencies, On the HHS FY2012 Budget Request, March 30, 2012.
93.	For more information on the federal debt limit, see CRS Report RL31967, The Debt Limit: History and Recent Increases, by [author name scrubbed] and [author name scrubbed], and CRS Report R41633, Reaching the Debt Limit: Background and Potential Effects on Government Operations, coordinated by [author name scrubbed].
94.	The proposed legislation had the same title in both chambers, the Budget Control Act of 2011 (BCA). BCA was introduced in the Senate as an amendment to S. 1323, a bill to express the sense of the Senate on shared sacrifice in resolving the budget deficit. BCA was introduced in the House as a proposed amendment in the nature of a substitute to S. 627, the Faster FOIA Act of 2011.
95.	Congressional Budget Office (CBO), Letter to Honorable John Boehner, Speaker of the House, August 1, 2011. CBO issued an initial BCA cost estimate letter on July 26, 2011, which was updated July 27, 2011, when BCA was first introduced in the House, then amended.
96.	BCA created a congressional Joint Select Committee (JSC) on Deficit Reduction to propose further deficit reduction (in addition to the $917 billion), with a goal of achieving at least at additional $1.5 trillion in budgetary savings over 10 years. If legislation originating from the new JSC fails to reduce federal spending by the stated $1.5 trillion goal, or succeeds, but fails to pass Congress or be approved by the President, then BCA provides automatic procedures to reduce spending by as much as $1.2 trillion more from FY2012 to FY2021.
97.	See 74 Federal Register 62209, November 25, 2009, at http://edocket.access.gpo.gov/2009/pdf/E9-28493.pdf.
98.	See http://paymentaccuracy.gov/programs/medicare-fee-for-service.
99.	See 75 Federal Register 12119, March 15, 2010, at http://edocket.access.gpo.gov/2010/pdf/2010-5685.pdf.
100.	See 75 Federal Register, 35953, June 23, 2010, at http://edocket.access.gpo.gov/2010/pdf/2010-15412.pdf.