This is the accessible text file for GAO report number GAO-13-522 entitled 'Medicare Program Integrity: Increasing Consistency of Contractor Requirements May Improve Administrative Efficiency' which was released on August 22, 2013. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Report to Congressional Requesters: July 2013: Medicare Program Integrity: Increasing Consistency of Contractor Requirements May Improve Administrative Efficiency: GAO-13-522: GAO Highlights: Highlights of GAO-13-522, a report to congressional requesters. Why GAO Did This Study: In fiscal year 2012, CMS estimated that $32.4 billion in Medicare FFS payments were improper. CMS uses several types of contractors to conduct postpayment claims reviews to identify improper payments. Recently, questions have been raised about the efficiency and effectiveness of these contractors’ efforts and the administrative burden on providers. This report (1) describes these contractors and (2) assesses the extent to which requirements for postpayment claims reviews differ across the contractors and whether differences, if any, could impede effective and efficient claims reviews. GAO reviewed CMS’s requirements for claims reviews in manuals and contracts, interviewed CMS officials and selected provider associations, and assessed the requirements against internal control standards and executive-agency guidance on streamlining service delivery. GAO also obtained data on numbers of claims reviewed, and appealed. What GAO Found: The Centers for Medicare & Medicaid Services’ (CMS) contractors that conduct postpayment reviews on Medicare fee-for-service (FFS) claims were established by different legislative actions; are managed by different offices within CMS; and serve different functions in the program. These contractors include (1) Medicare Administrative Contractors that process and pay claims and are responsible for taking actions to reduce payment errors in their jurisdictions; (2) Zone Program Integrity Contractors (ZPIC) that investigate potential fraud, which can result in referrals to law enforcement or administrative actions; (3) Recovery Auditors (RA) tasked to identify improper payments on a postpayment basis; and (4) the Comprehensive Error Rate Testing (CERT) contractor that reviews a sample of claims nationwide and related documentation to determine a national Medicare FFS improper payment rate. All four types of contractors conduct complex reviews, in which the contractor examines medical records and other documentation sent by providers to determine if the claims meet Medicare coverage and payment requirements. RAs are paid fees contingent on the amount of the claims that are found improper and recouped or adjusted, whereas the other contractors’ reimbursement is not dependent on the amount of their claims reviews. The RAs conducted almost five times as many reviews as the other three contractors combined. Overall, compared to over one 1 billion claims processed in 2012, all four types of contractors combined reviewed less than one 1 percent of claims, about 1.4 million reviews, for which providers might be contacted to send in medical records or other documentation. Although postpayment claims reviews involve the same general process regardless of which type of contractor conducts them, CMS has different requirements for many aspects of the process across these four contractor types. Some of these differences may impede efficiency and effectiveness of claims reviews by increasing administrative burden for providers. There are differences in oversight of claims selection, time frames for providers to send in documentation, communications to providers about the reviews, reviewer staffing, and processes to ensure the quality of claims reviews. For example, while the CERT contractor must give a provider 75 days to respond to a request for documentation before it can find the claim improper due to lack of documentation, the ZPIC is only required to give the provider 30 days. CMS places more limits on the RAs in its requirements for reviews conducted by them than by other contractors. For example, RAs must submit the criteria that they will use to determine if a service is paid improperly to CMS for approval. The additional requirements for RAs are due in part to CMS’s experience during an initial demonstration testing the use of RAs. CMS officials indicated that other requirement differences across contractors generally developed due to setting requirements at different times by staff in different parts of the agency. Providers indicated that some differences hindered their understanding of and compliance with the claims review process. Having inefficient processes that complicate compliance can reduce effectiveness of claims reviews, and is inconsistent with executive-agency guidelines to streamline service delivery and with having a strong internal control environment. CMS has begun to examine differences in requirements across contractors, but did not provide information on any specific changes being considered or a time frame for action. What GAO Recommends: GAO recommends that CMS (1) examine all contractor postpayment review requirements to determine those that could be made more consistent, (2) communicate its findings and time frame for taking action, and (3) reduce differences where it can be done without impeding efforts to reduce improper payments. In its comments, the Department of Health and Human Services concurred with these recommendations, agreed to reduce differences in postpayment review requirements where appropriate, and noted that CMS had begun examining these requirements. View [hyperlink, http://www.gao.gov/products/GAO-13-522]. For more information, contact Kathleen King at (202) 512-7114 or kingk@gao.gov. [End of section] Contents: Letter: Background: The Four Medicare FFS Contractor Types Were Established under Different Laws and Have Different Primary Functions and Characteristics: Many CMS Requirements for Postpayment Claims Review Differ across Contractor Types, Which Can Impede Effectiveness and Efficiency: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendix I: List of Provider Associations GAO Interviewed: Appendix II: Comments from the Department of Health and Human Services: Related GAO Products: Tables: Table 1: Applicable Legislation for Four Contractor Types That Conduct Medicare Postpayment Claims Reviews: Table 2: Characteristics of the Four Types of Contractors That Conduct Medicare Postpayment Claims Reviews: Table 3: Volume of Contractors' Postpayment Claims Reviews, by Type of Contractor 2011-2012: Table 4: CMS Requirements on Postpayment Reviews Unique to Recovery Auditors, Compared to Other Contractor Types, as of May 7, 2013: Table 5: Postpayment Claims Review--Requirements for Additional Documentation Requests, as of May 7, 2013: Table 6: Postpayment Claims Review--Submission Requirements by Contractor Type, as of May 7, 2013: Table 7: Postpayment Claims Review Staffing Requirements by Contractor Type, as of May 7, 2013: Table 8: Postpayment Claims Review--Quality Assurance Requirements by Contractor Type, as of May 7, 2013: Figure: Figure 1: Centers for Medicare & Medicaid Services' (CMS) Organizational Components That Oversee Medicare Fee-For-Service Contractors and Their Activities Related to Postpayment Claims Review, as of May 2013: Abbreviations: ADR: additional documentation request: CERT: Comprehensive Error Rate Testing: CM: Center for Medicare: CMS: Centers for Medicare & Medicaid Services: CPI: Center for Program Integrity: DME: durable medical equipment: DVD: digital video disc: esMD: electronic submission of medical documentation: FFS: fee-for-service: FTE: full-time equivalent: HHS: Department of Health and Human Services: HIPAA: Health Insurance Portability and Accountability Act of 1996: HPMP: Hospital Payment Monitoring Program: IPIA: Improper Payments Information Act of 2002: LCD: local coverage determination: LPN: licensed practical nurse: MAC: Medicare Administrative Contractor: MIP: Medicare Integrity Program: MMA: Medicare Prescription Drug, Improvement, and Modernization Act of 2003: OFM: Office of Financial Management: OMB: Office of Management and Budget: PSC: program safeguard contractor: PT: part-time: QA: quality assurance: RA: Recovery Auditor: RN: registered nurse: ZPIC: Zone Program Integrity Contractor: [End of section] GAO: United States Government Accountability Office: 441 G St. N.W. Washington, DC 20548: July 23, 2013: Congressional Requesters: In 2012, Medicare covered more than 49 million elderly and disabled beneficiaries and had estimated outlays of $555 billion.[Footnote 1] Because of its size, complexity, and susceptibility to mismanagement and improper payments, for 23 years we have designated Medicare as a high-risk program.[Footnote 2] Improper Medicare payments include payments made for treatments or services that were not covered by program rules, that were not medically necessary, or that were not provided to beneficiaries in the way that they were billed to Medicare.[Footnote 3] In fiscal year 2012, the Department of Health and Human Services (HHS) estimated the Centers for Medicare & Medicaid Services (CMS)--the agency that administers the Medicare program [Footnote 4]--made improper payments of $32.4 billion in the Medicare fee-for-service (FFS) program.[Footnote 5] CMS has a goal to reduce improper payments in the Medicare program and conducts a number of activities in order to protect the integrity of the program--that is, to ensure that payments are made correctly the first time and to identify, investigate, and recoup payments made in error. One such activity, reviewing claims to ensure that claims are paid properly, can be done before payment (prepayment claims reviews) or after payment (postpayment claims reviews). Claims reviews may be automated, relying on computer programming logic, or they may involve manually examining claims and related documentation, including medical records, to determine if the claim was billed and paid properly. Currently, CMS uses several different types of contractors to conduct claims reviews.[Footnote 6] Medicare Administrative Contractors (MAC), the contractors that process and pay claims, also conduct pre- and postpayment claims reviews and recoup overpayments or remediate underpayments. Zone Program Integrity Contractors (ZPIC) perform pre- and postpayment claims reviews as a part of investigating potential fraud.[Footnote 7] The Comprehensive Error Rate Testing (CERT) contractors estimate the Medicare FFS improper payment rate in part by conducting postpayment claims reviews on a random sample of claims processed by the MACs. Recovery Auditors (RA) conduct data analysis and postpayment claims reviews to identify improper payments. These four contractors conduct postpayment claims reviews using the same general process to examine whether the claims that have been paid adhere to Medicare's requirements and are for medically necessary services and apply the same Medicare coverage and payment requirements in their reviews.[Footnote 8] Recently, questions have been raised about whether CMS's coordination and oversight of the different types of Medicare FFS contractors that perform postpayment claims reviews are effective and efficient and whether the agency is maintaining an appropriate balance between detecting improper payments efficiently and adding unnecessary administrative burden to providers.[Footnote 9] You asked us to examine CMS's use of contractors to review Medicare FFS claims. This report (1) describes the establishment, functions, and characteristics of four different types of contractors that conduct postpayment reviews on Medicare FFS claims (MACs, ZPICs, CERT contractors, and RAs), and (2) assesses the extent to which CMS's requirements for postpayment claims reviews differ across these four contractor types, and whether any differences could impede effective and efficient postpayment claims reviews.[Footnote 10] To describe the contractors' establishment, functions, and characteristics, we reviewed each type of contractor's applicable authority, their most recent statement of work, and reports about each type of contractor prepared by CMS, the HHS Office of Inspector General, and others. We interviewed CMS officials and also obtained 2011 and 2012 data from CMS on the number of reviews done by each of these types of contractors. We also obtained data on the RA appeals from CMS. We assessed the data for reliability through interviews and found the data to be reliable for our purposes. To assess the extent of the differences in CMS's requirements for contractors' postpayment reviews and whether any differences could impede effective and efficient claims reviews, we examined the most recent statements of work for each contractor type and relevant chapters from the following CMS Medicare Manuals current as of May 7, 2013: General Information, Eligibility, and Entitlement Manual; Benefit Policy Manual; Claims Processing Manual; Financial Management Manual; Program Integrity Manual; and Contractor Beneficiary and Provider Communications Manual; along with other materials. We interviewed CMS officials responsible for management and oversight of the four contractor types and confirmed our analysis of the differences in requirements with agency staff. This included obtaining their opinions on the reasons for the differences, when the differences might be appropriate, or when they might be reduced. We assessed CMS's requirements using the standards outlined in our internal control documents, Standards for Internal Control in the Federal Government and Internal Control Management and Evaluation Tool.[Footnote 11] To assess whether differences in CMS requirements could impede the efficiency and effectiveness of claims reviews, we interviewed associations representing Medicare FFS providers who have experienced postpayment claims reviews to obtain information on the effect these differences have on providers. (See app. I for a list of the provider associations.) In addition, we reviewed white papers sent by health care stakeholders in response to the Senate Committee on Finance's May 2, 2012, letter requesting suggestions to improve efforts to address Medicare and Medicaid fraud, waste, and abuse. We also interviewed CMS staff working on an internal work group charged with reducing provider burden to gain better understanding of any proposed changes to the requirements. We assessed the requirements, information from provider associations and the white papers, and information from CMS's staff charged with reducing provider burden against guidance developed by the Office of Management and Budget (OMB) to help agencies implement Executive Order 13571--Streamlining Service Delivery and Improving Customer Services.[Footnote 12] We conducted this performance audit from October 2012 to July 2013 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Background: Contractors have a long-standing and essential role in the Medicare program. Program integrity activities--particularly postpayment claims reviews--have been a core component of contractors' roles. Postpayment Claims Reviews: When conducting postpayment claims reviews, contractors apply the same criteria--Medicare regulations, and coverage and coding policies--to determine whether or not a claim was paid properly. CMS outlines the general process and contractor requirements for conducting claims review in its manuals and contractor statements of work. Postpayment claims reviews may be automated, semiautomated, or complex.[Footnote 13] * Automated reviews use computer programming logic to check claims for evidence of improper coding or other mistakes.[Footnote 14] Contractors can use automated postpayment reviews to analyze paid claims and identify those that can be determined to be improper without examining any additional documentation, such as when a durable medical equipment (DME) supplier bills for items that should have been included as part of a bundled payment for a skilled nursing facility stay.[Footnote 15] * Semiautomated reviews use computer programming logic to check for possible improper payments, but allow providers to send in information to rebut the claim denial before it is implemented. Only the RAs conduct such reviews. If providers send in information, RA staff review it before making a final determination. * Complex reviews are conducted if additional documentation is needed to determine whether a payment was made in error. Complex reviews involve manual examinations of each claim and any related documentation requested and received from the provider, including paper files, to determine whether the service was billed properly, and was covered, reasonable, and necessary. Licensed clinical professionals, such as licensed practical nurses, and certified coders typically perform the reviews. Contractors have physician medical directors on staff who provide guidance about making payment determinations on the basis of medical records and other documentation and who may discuss such determinations with providers. The postpayment claims review process involves selection of the claims to be reviewed, the review itself, communicating with providers during and about the review, and a process for assuring quality of the contractor's reviews and decisions. Each contractor establishes its own claims selection criteria. A contractor may use data analyses, knowledge of Medicare billing requirements, and clinical expertise to develop its claims selection criteria to focus on claims with a high likelihood of being improper. As a part of the review, the contractor may notify the provider that a claim is under review, or ask for medical records or other documentation to substantiate the claim. The latter is called an additional documentation request (ADR).[Footnote 16] If the contractor requires additional documentation, the provider must submit the requested documents within a specified time frame. If the review has determined that the Medicare payment amount was improper, either the contractor or the MAC for that jurisdiction will notify the provider that an overpayment was made and will need to be recouped, or an underpayment was made and the remainder of the remittance will be paid to the provider.[Footnote 17] Providers may appeal any of the contractors' decisions. The contractors' quality assurance (QA) processes may include various steps to assure consistency, reliability, and quality in claims reviews. The QA process may include some type of examination of the work that has been done and may be performed internally, by the contractors themselves, or externally, by CMS or an independent third party. A contractor's QA process may include comparing multiple reviewers' decisions about the same claim to determine the extent of their agreement (known as interrater reliability testing) or reviews to validate the claims review decisions by others who are either internal or external to the reviewer's organization. The QA process may also include staff training, to ensure that the reviewers understand Medicare program and payment rules so that their determinations can be consistent. The QA processes followed may also be outlined in a QA plan. Providers' and CMS's Experience with the Recovery Audit Demonstration Program: The Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA) directed CMS to establish a demonstration program to test the use of RAs on a contingency fee basis in the Medicare program.[Footnote 18] Other contractors that review claims are given a set amount of funding to conduct reviews. In the demonstration project, RAs were paid contingency fees on claims that were identified as improper, including on claims for which the RA determinations were overturned on appeal at the second through fifth levels of review. [Footnote 19] Subsequently, the Tax Relief and Health Care Act of 2006 required CMS to implement a permanent and national Medicare recovery audit contractor program to increase efforts to identify and recoup improper payments.[Footnote 20] During the course of the RA demonstration program, providers reported several specific problems. In providers' views, the RA's contingency fee payment structure created an incentive for these contractors to be too aggressive in determining that claims were improper. Providers also faulted CMS for not penalizing RAs for inaccurate claim determinations, noting that contractor determinations resulted in thousands of provider appeals that were expensive and burdensome for providers. In addition, providers stated that during the demonstration project RAs did not have the necessary medical expertise to make their determinations, because they were not required to have a physician medical director on staff or coding experts conducting the claims reviews. We indicated in a previous report that CMS took a number of steps to address issues raised by providers about the RA demonstration program when it implemented the RA national program.[Footnote 21] For example, CMS put in place more rigorous staffing requirements and eliminated contingency fee payments when RAs' claims determinations are overturned on appeal. In addition, CMS took steps to improve oversight of the accuracy of RAs' claims review determinations and the quality of RA service to providers in the national program. CMS added processes to review the accuracy of RA determinations and established performance metrics to monitor RA accuracy and service to providers. Assessing Efficient and Effective Operations: Internal control is the component of an organization's management that provides reasonable assurance that the organization achieves effective and efficient operations, reliable financial reporting, and compliance with applicable laws and regulations.[Footnote 22] Internal controls, in this case postpayment claims reviews, should provide reasonable assurance that the Medicare program is appropriately reimbursing for services provided to beneficiaries, thereby protecting the integrity of the Medicare program. Ineffective or inefficient claims reviews present the risk of generating false findings of improper payments and an unnecessary administrative and financial burden related to provider appeals for Medicare-participating providers and the Medicare program. CMS requirements for contractors performing postpayment claims reviews help establish the control environment and control activities, such as monitoring. The manner in which the agency delegates authority and responsibility through these requirements establishes part of the control environment. Contractor requirements also establish the mechanisms that contractors use to communicate and interact with providers. In addition, Executive Order 13571--Streamlining Service Delivery and Improving Customer Services--was issued in April 2011 to improve government services to individuals and entities by requiring agencies to develop customer service plans in consultation with OMB.[Footnote 23] Subsequently, OMB issued implementation guidance for agencies for those services that the agencies plan to focus on improving.[Footnote 24] The guidance calls for improving the customer service experience through practices such as developing a process for ensuring consistency and coordinating with others to identify opportunities to use common processes. Among other things, the guidance also suggests analyzing customer preferences and redirecting resources from less preferred and more costly channels--like printed materials--to preferred, less costly and more widely accessible channels (such as internet communications) where appropriate. The Four Medicare FFS Contractor Types Were Established under Different Laws and Have Different Primary Functions and Characteristics: Over time, Congress provided for CMS to use contractors to carry out functions in connection with the FFS program, which has resulted in the use of more types of contractors to conduct postpayment claims reviews. These contractors also have different primary functions and characteristics, which affect their use of postpayment claims reviews. Changes in Medicare's Contracting Authority Resulted in Four Medicare FFS Contractor Types: Although contractors have been used for Medicare since the beginning of the program, several statutory changes since the 1990's increased CMS's resources and authority to use new types of contractors--MACs, RAs, ZPICs, and CERT contractors--to conduct postpayment claims reviews in order to help detect and recoup overpayments or repay underpayments, and to investigate potential fraud. * In 1965 when Medicare was established, Congress provided for two types of contractors that could be used to administer the program. From then until 1996, responsibility for processing and paying Medicare claims, as well as for the program integrity tasks of developing potential cases and coordinating with law enforcement regarding any investigations of suspected Medicare fraud, resided with contractors called fiscal intermediaries and carriers. * The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established the Medicare Integrity Program (MIP), which authorized CMS to contract separately for program safeguard contractors (PSC)--the precursor to the ZPICs--to conduct activities, such as identifying and investigating potential fraud, that had previously been conducted by fiscal intermediaries and carriers and provided funding for MIP.[Footnote 25] * In 2003, the MMA required CMS to replace the fiscal intermediaries and carriers with the MACs.[Footnote 26] (See table 1.) During the implementation of the MACs, CMS consolidated the number of contractors that process and pay Medicare FFS claims, enlarged their geographic jurisdictions compared to the previous contractors, and combined Part A and Part B claims processing within each jurisdiction.[Footnote 27] As part of changes made while implementing MACs, CMS also transitioned fraud investigation from PSCs to ZPICs in all but one zone.[Footnote 28] * The MMA also directed CMS to establish a demonstration project to test the use of recovery audit contractors in the Medicare program. [Footnote 29] Subsequently, the Tax Relief and Health Care Act of 2006 required CMS to implement a permanent and national Medicare recovery audit contractor program to increase efforts to identify and recoup improper payments.[Footnote 30] * Although HHS had begun estimating the extent of improper payments in Medicare FFS claims in 1996, the Improper Payments Information Act of 2002 (IPIA) requires executive-branch federal agencies to annually review all programs and activities to identify those that are susceptible to significant improper payments, estimate the annual amount of improper payments for these programs and activities, and report these estimates along with actions taken to reduce improper payments for programs with estimates that exceed $10 million.[Footnote 31] In fiscal year 2003 as part of its IPIA compliance efforts, CMS established the CERT program to measure improper payment rates for Medicare FFS claims, including one CERT contractor that is responsible for reviewing a random sample of claims nationwide, with their related medical records and other documentation to determine if they are proper.[Footnote 32] Table 1: Applicable Legislation for Four Contractor Types That Conduct Medicare Postpayment Claims Reviews: Medicare Administrative Contractors (MAC): First contract year: 2006[A]; Applicable legislation: The Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA)[D]. Zone Program Integrity Contractors (ZPIC): First contract year: 2008[B]; Applicable legislation: Health Insurance Portability and Accountability Act of 1996 (HIPAA)[E]; The Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA)[D]. Comprehensive Error Rate Testing (CERT) Contractors: First contract year: 2003; Applicable legislation: Chief Financial Officers Act of 1990[F]; Government Management Reform Act of 1994[G]; Improper Payments Information Act of 2002 (IPIA)[H]; Improper Payments Elimination and Recovery Act of 2010[I]; Improper Payment Elimination and Recovery Improvement Act of 2012[J]. Recovery Auditors (RA): First contract year: 2008[C]. Applicable legislation: The Medicare Prescription Drug, Improvement, and Modernization Act of 2003[D]; Tax Relief and Health Care Act of 2006[K]. Source: GAO analysis of CMS information. [A] Prior to 2003, fiscal intermediaries and carriers performed the activities currently conducted by the MACs. In 2013, the Centers for Medicare & Medicaid Services (CMS) will complete the transition of processing and paying Medicare fee-for-service (FFS) claims from three legacy contractors to the MACs. [B] HIPAA gave CMS the authority to contract separately for program safeguard contractors to perform integrity functions. CMS transitioned to MACs as required by the Medicare Prescription Drug, Improvement, and Modernization Act of 2003. CMS created the ZPICs' jurisdictions to align with the MACs' jurisdictions. [C] Before the enactment of the Tax Relief and Health Care Act of 2006, CMS began a demonstration of recovery audit contracting, which ended in March 2008. The national RA program began in 2008. [D] Pub. L. No. 108-173, § 911, 117 Stat. 2066, 2378-2386 (codified at 42 U.S.C. § 1395kk-1). [E] Pub. L. No. 104-191, § 202, 110 Stat. 1936, 1996-98 (codified at 42 U.S.C. § 1395ddd ). [F] Pub. L. No. 101-576, 104 Stat. 2838. [G] Pub. L. No. 103-356, 108 Stat. 3410. [H] Pub. L. No. 107-300, 116 Stat. 2350 (codified at 31 U.S.C. § 3321 note). [I] Pub. L. No. 111-204, § 2(e), 124 Stat. 2224, 2227 (codified at 31 U.S.C. § 3321 note). [J] Pub. L. No. 112-248, 126 Stat. 2390 (2013). [K] Pub. L. No. 109-432, §302, 120 Stat. 2922, 2991-92 (codified at 42 U.S.C. § 1395ddd(h). [End of table] CMS has established responsibility for overseeing these four types of contractors in different parts of its matrixed organization (see figure 1). Three different organizational components within CMS-- Center for Medicare (CM),[Footnote 33] Office of Financial Management (OFM), and Center for Program Integrity (CPI)--oversee these four different types of contractors. CM oversees the MACs, which conduct several program integrity activities, including postpayment claims review.[Footnote 34] CMS's Provider Compliance Group within OFM oversees the RAs and CERT contractors.[Footnote 35] The Provider Compliance Group has overall responsibility for the oversight of the claims review activity conducted by MACs, RAs, and CERT contractors and for measurement of the FFS improper payment rate.[Footnote 36] CPI oversees the ZPICs and has direct responsibility for program activities involved in investigating potential fraud.[Footnote 37] Figure 1: Centers for Medicare & Medicaid Services' (CMS) Organizational Components That Oversee Medicare Fee-For-Service Contractors and Their Activities Related to Postpayment Claims Review, as of May 2013: [Refer to PDF for image: Organizational chart] Top level: CMS Administrator: CMS Deputy Administrator/Chief Operating Officer. Second level, reporting to CMS Administrator; CMS Deputy Administrator/Chief Operating Officer: Office of Financial Management: * Provider Compliance Group: - Division of Error Rate Measurement; Comprehensive Error Rate Testing contractors[A]; - Division of Recovery Audit Operations; Recovery Auditors[A]; - Division of Medical Review and Education; Pre- and postpayment reviews for MACs and specialty contractors[A]. Center for Medicare: * Medicare Contractor Management Group: Medicare Administrative Contractors (MAC)[A]; * Provider Communications Group: - Division of Contractor Provider Communications; Contractor-provider communications[A]. Center for Program Integrity: * Medicare Program Integrity Group: - Division of Medicare Integrity Contractor Operations; Zone Program Integrity Contractors[A]. Source: GAO analysis. [A] Contractor or activity that the component oversees. [End of figure] Four Medicare FFS Contractor Types Have Different Primary Functions and Characteristics: Four types of CMS contractors conducting postpayment reviews have different primary functions and characteristics (see table 2.) Postpayment claims reviews are the main focus of the RA and CERT contractors' functions, but that is not the case for MACs and ZPICs. The contractors also vary in the number of states and size of their geographic jurisdictions and the volume of claims they review. [Footnote 38] Table 2: Characteristics of the Four Types of Contractors That Conduct Medicare Postpayment Claims Reviews: Medicare Administrative Contractors (MAC): Number of contractors: 16[A]; Primary contractor function: Process and pay Medicare claims as accurately as possible in their jurisdiction; Primary purpose of contractor claims reviews: To better ensure payment accuracy in their jurisdictions and better ensure that providers with a history of a sustained or high level of billing errors are compliant with Medicare billing requirements; Complex postpayment claims reviews[D] conducted in 2012[E]: 84,070[F]; Automated postpayment claims reviews[H] conducted in fiscal year 2012: n/a; Zone Program Integrity Contractors (ZPIC): Number of contractors: 6[B]; Primary contractor function: Identify and investigate potentially fraudulent claims and providers in their geographic jurisdiction; Primary purpose of contractor claims reviews: To identify and investigate patterns of billing that indicate potentially fraudulent claims and providers; Complex postpayment claims reviews[D] conducted in 2012[E]: 107,621[G]; Automated postpayment claims reviews[H] conducted in fiscal year 2012: n/a; Comprehensive Error Rate Testing (CERT) Contractors: Number of contractors: 4[C]; Primary contractor function: Estimate the national Medicare fee-for- service (FFS) improper payment rate and a rate for each MAC through postpayment claims reviews; Primary purpose of contractor claims reviews: To conduct claims review on a sample of claims to estimate the national Medicare FFS improper payment rate and a rate for each MAC; Complex postpayment claims reviews[D] conducted in 2012[E]: 41,396; Automated postpayment claims reviews[H] conducted in fiscal year 2012: n/a; Recovery Auditors (RA): Number of contractors: 4. Primary contractor function: Identify Medicare FFS claim underpayments and overpayments through postpayment claims reviews. Primary purpose of contractor claims reviews: To identify Medicare FFS claim underpayments and overpayments not previously identified through MAC claims processing or other contractor reviews; Complex postpayment claims reviews[D] conducted in 2012[E]: 1,121,509. Automated postpayment claims reviews[H] conducted in fiscal year 2012: 985,946. Legend: n/a = not applicable. Source: GAO analysis of CMS information. [A] There are 12 contractors for processing Part A and B claims and 4 contractors for durable medical equipment, including prosthetics, orthotics, and suppliers. The total of 16 does not include the two legacy fiscal intermediaries and one carrier continuing to provide claims administration services, as of June 2013. [B] In addition, as of June 2013, CMS holds contracts with four program safeguard contractors. [C] There are four CERT contractors. Unless otherwise noted, when used in this report, "the CERT contractor" will refer to the CERT review contractor. The other three contractors handle the design sampling strategy, manage the documentation provided, and maintain the confidential website. [D] Complex reviews are manual examinations of claim documentation including paper files to determine whether the service was billed properly and was covered, reasonable, and necessary. They typically are performed by licensed clinical professionals or certified coders. [E] MAC, ZPIC, and CERT contractor complex reviews were conducted in calendar year 2012. RA automated and complex reviews were conducted in fiscal year 2012. [F] Reviews completed by MACs do not include the reviews performed by the three legacy contractors that continue to provide claims administration services, as of June 2013. [G] Reviews listed in this table as completed by ZPICs also include those performed by the program safeguard contractors (PSC) including reviews of potentially abusive physical therapy claims in one geographic area. [H] Automated reviews use computer programming logic to check claims for evidence of improper coding or other mistakes. Only the RAs conducted automated postpayment reviews. [End of table] MACs. Our analysis of MACs' statement of work indicates that MACs have primary responsibility for processing and paying Medicare FFS claims in their geographic jurisdictions. In addition, MACs conduct several program integrity activities, including prepayment and postpayment claims review, audits of hospitals and other institutional providers to ensure the accuracy of payments paid based on institutions' reported costs and recoupment of overpayments. They also implement local coverage determinations (LCD) in their jurisdictions, as long as such determinations do not conflict with national coverage policy or other Medicare payment requirements.[Footnote 39] As of June 2013, there are 12 MACs that process part A and part B claims (A/B MAC), one for each of 12 jurisdictions, and 4 MACs that process DME claims (DME MAC), one for each of 4 jurisdictions.[Footnote 40] Jurisdictions of other contractors, such as ZPICs and RAs, were designed to align with MAC jurisdictions. MACs conduct postpayment reviews to help ensure accurate payment and specifically to identify payment errors. This includes identifying ways to address future payment errors--for example, through automated controls that can be added on a prepayment basis and educating providers with a history of a sustained or high level of billing errors to ensure that they comply with Medicare billing requirements. In 2012, MACs performed about 84,000 complex postpayment claims reviews. Because each jurisdiction has a MAC responsible for claims administration, if another contractor identifies an improper payment, the MAC for that jurisdiction is responsible for correcting any underpayments and recouping any overpayments, and, in some cases, for corresponding with providers whose claims are under review. ZPICs. The ZPICs' primary function is to identify and investigate potentially fraudulent FFS claims and providers in each of seven geographic jurisdictions, which are called zones.[Footnote 41] CMS established ZPICs in 2008 to investigate potential fraud through a jurisdiction-based approach similar to that of the MACs. CMS officials indicated that this approach consolidated responsibility with the ZPICs for investigating potential fraud for all types of claims and for all parts of Medicare in each geographic jurisdiction. ZPICs investigate potentially fraudulent claims and providers in various ways, including investigating referrals and complaints from other Medicare contractors and analyzing claims data. CMS uses its Fraud Prevention System to prioritize investigative leads on the basis of analysis and development of predictive models, including claims data to identify which providers' billing patterns are most aberrant.[Footnote 42] The Fraud Prevention System identifies suspect providers for the ZPICs to investigate before those providers generate large amounts of potentially fraudulent claims. ZPICs may also take additional steps beyond analysis and reviews of claims, such as investigations of company ownership or interviews of beneficiaries, to determine if services were provided as claimed in the medical records. ZPICs' analyses may result in: referrals to law enforcement; administrative actions such as recommending payment suspension or revocation to CMS; or requiring a provider's claims to be reviewed before payment in the future. ZPICs' postpayment claims reviews generally focus on providers whose billing patterns are unusual or aberrant in relation to similar providers in order to identify potential fraud or abuse. When ZPICs identify improper payments, they refer these to the MACs to be recouped or repaid. ZPICs performed about 108,000 complex postpayment claims reviews in 2012. CERT contractor. Our analysis of its statement of work indicates that the primary function of the CERT review contractor is to conduct postpayment claims reviews used as a basis to estimate the annual FFS Medicare improper payment rate--the percentage of claims paid improperly. HHS began to estimate the rate of improper payments in Medicare FFS in fiscal year 1996. CMS began estimating the FFS Medicare improper payment rate in fiscal year 2003.[Footnote 43] Since then, the CERT review contractor has had the responsibility of reviewing a sample of claims for the entire nation for this estimate. [Footnote 44] As a result, claims reviews are a central part of the CERT review contractor function. CERT reviews also help identify program integrity vulnerabilities by measuring the payment accuracy of each MAC, and the Medicare FFS improper payment rate by type of claim and service. To provide a basis for estimating the Medicare FFS improper payment rate, the CERT review contractor conducts complex claims reviews on a random sample of Medicare FFS claims selected nationwide from those that the MACs have processed to determine whether or not the claims were processed in error.[Footnote 45] If documentation is not provided to the CERT contractor by providers in the required time frame, the CERT contractor determines the claim to be improper. The CERT review contractor does not make recoupments or repayments. If the CERT contractor determines that an improper payment has been made, the CERT contractor is required to refer the claim to the appropriate MAC for recoupment of overpayments or repayment of underpayments. In fiscal year 2012, the CERT review contractor reviewed just over 41,000 postpayment claims. RAs. Our analysis of the RA statement of work indicates that conducting postpayment claims reviews is the RAs' primary function. Use of RAs was designed to be an addition to MACs' existing claims review processes, since the number of postpayment reviews conducted by the MACs and other contractors was small relative to the number of claims paid and amount of improper payments. To implement the national recovery audit program, CMS contracted with four RAs to conduct postpayment reviews of Medicare FFS claims to identify overpayments and underpayments within four geographic jurisdictions. In part because of issues that were raised during the RA demonstration program, CMS made changes in the RA's requirements to provide more oversight over their activities. As in the demonstration, under the national program the RAs are paid on a contingency fee basis, but CMS officials indicated that the percentage is smaller. For the national program, the fee ranges from 9 to 12.5 percent of the overpayments and underpayments collected. In contrast to the MACs, ZPICs, and CERT contractor, which are paid on the basis of the contractually negotiated costs for the tasks performed, RAs are compensated from the funds that are recouped. However, if an RA's overpayment determination is overturned on appeal, the RA is not paid for that claim. The RAs conducted nearly five times as many complex reviews in fiscal year 2012 as the other three contractors combined-- over 1.1 million complex postpayment claims reviews and nearly 1 million automated review denials. With an increased focus on measuring and reducing Medicare improper payments and the implementation of RAs, there has been a significant increase in the number of claims being reviewed postpayment (see table 3). Our analysis of data from CMS indicates that from 2011 to 2012, the RA's complex postpayment reviews increased 77 percent. Except for the CERT contractor, which reviews a randomly selected sample of claims each year to estimate the error rates, all contractors increased their postpayment claims reviews by 16 percent or more. However, the 2.3 million reviews performed by these contractors accounted for less than 1 percent of the over 1 billion FFS claims paid annually, and about 1.4 million were complex reviews. Table 3: Volume of Contractors' Postpayment Claims Reviews, by Type of Contractor 2011-2012: Type of contractor: Medicare Administrative Contractors (MAC)[A]; Type of review: Complex[B]; 2011: 10,518; 2012: 84,070; Percent change: 699%. Type of contractor: Zone Program Integrity Contractors (ZPIC)[C]; Type of review: Complex; 2011: 92,655; 2012: 107,621; Percent change: 16%. Type of contractor: Comprehensive Error Rate Test (CERT) contractor; Type of review: Complex; 2011: 47,877; 2012: 41,396; Percent change: -14%. Type of contractor: Recovery Auditors (RA)[D]; Type of review: Automated[E]; 2011: 723,484; 2012: 985,946; Percent change: 36%. Type of contractor: Recovery Auditors (RA)[D]; Type of review:Complex[F]; 2011: 634,613; 2012: 1,121,509; Percent change: 77%. Type of contractor: Recovery Auditors (RA)[D]; Type of review: Total; 2011: 1,358,097; 2012: 2,107,455; Percent change: 55%. Total: 2011: 1,509,147; 2012: 2,340,542; Percent change: 55%. Source: GAO analysis of CMS data. [A] Reviews completed by MACs do not include the reviews performed by the three legacy contractors that continue to provide claims administration services, as of June 2013. [B] Complex reviews are manual examinations of claim documentation including paper files, to determine whether the service was billed properly and was covered, reasonable, and necessary. They typically are performed by licensed clinical professionals or certified coders. [C] Reviews completed by ZPICs include those performed by the program safeguard contractors (PSC) and reflect PSCs' reviews of potentially abusive physical therapy claims in one geographic area. [D] RA data are reported for fiscal years 2011 and 2012, rather than calendar year. [E] Automated reviews use computer programming logic to check claims for evidence of improper coding or other mistakes. Only the RAs conducted automated postpayment reviews. [F] RA complex reviews are based on the number of additional documentation requests (ADR) received and also include semiautomated reviews. [End of table] Many CMS Requirements for Postpayment Claims Review Differ across Contractor Types, Which Can Impede Effectiveness and Efficiency: CMS has different requirements for postpayment claims reviews across different contractor types, and some of these differences can sometimes impede effectiveness and efficiency by increasing administrative burden on providers. Due in part to CMS's experience with the RA demonstration and issues raised by providers during the demonstration, CMS sets more limits through claims review requirements on RAs than on other contractors. CMS officials generally described some other differences as developing when different requirements were set by different groups within the agency at different times. CMS has begun an effort to examine whether its claims reviews activities add administrative burden for providers. CMS Sets More Limits on RAs through Review Requirements Than on Other Contractors Due to Experience in the Demonstration: As a result of lessons learned during the RA demonstration project and to establish tighter controls on RAs, CMS imposed certain postpayment requirements unique to the RAs when it implemented the national program (see table 4). For example, RAs are required to limit the number of ADRs made to a single provider during a given period, while the other contractors do not have such limits.[Footnote 46] Similarly, unlike the other contractors, RAs cannot make claim denials for lapses in documentation standards unrelated to reasonableness or medical necessity, such as illegible physician signatures or dates. Other requirements unique to the RAs include: * submitting to CMS for review and approval descriptions of the billing issues that they propose to review and the basis for assessing whether the claims for those services are proper prior to widespread use, * posting notice of billing issues targeted for postpayment review on their website, * reimbursing certain providers for the expense entailed in providing requested medical records,[Footnote 47] * making claims reviewers' credentials available upon provider request, * providing access to RA staff physicians for discussion of claim denials upon provider request, and: * giving providers 40 days to request an opportunity to provide additional documentation to the contractor and informally discuss any revision prior to having to file an appeal. Table 4: CMS Requirements on Postpayment Reviews Unique to Recovery Auditors, Compared to Other Contractor Types, as of May 7, 2013: Requirement: Selection of claims for postpayment review; CMS approval of criteria for selecting billing issues prior to widespread use; Contractor type: Medicare Administrative Contractors (MAC): No; Zone Program Integrity Contractors (ZPIC): No; Comprehensive Error Rate Testing (CERT) Contractor: n/a[A]; Recovery Auditors(RA): Yes. Requirement: Provider notice of issues targeted for review; Provider notice (on website) of billing issues targeted for postpayment review; Contractor type: Medicare Administrative Contractors (MAC): No[B]; Zone Program Integrity Contractors (ZPIC): No; Comprehensive Error Rate Testing (CERT) Contractor: n/a[A]; Contractor type: Recovery Auditors(RA): Yes. Requirement: Additional documentation requests (ADR); Provider reimbursement for copies of medical records; Contractor type: Medicare Administrative Contractors (MAC): No; Zone Program Integrity Contractors (ZPIC): No; Comprehensive Error Rate Testing (CERT) Contractor: No; Contractor type: Recovery Auditors(RA): In some cases[C]. Requirement: Additional documentation requests (ADR); Limits on number of ADRs contractor can request from provider; Contractor type: Medicare Administrative Contractors (MAC): No; Zone Program Integrity Contractors (ZPIC): No; Comprehensive Error Rate Testing (CERT) Contractor: No; Contractor type: Recovery Auditors(RA): Yes. Requirement: Reviews; Authority to deny claim for minor omissions; Contractor type: Medicare Administrative Contractors (MAC): Yes; Zone Program Integrity Contractors (ZPIC): Yes; Comprehensive Error Rate Testing (CERT) Contractor: Yes; Contractor type: Recovery Auditors(RA): No. Requirement: Provider communication; Provider notification regardless of review outcome; Contractor type: Medicare Administrative Contractors (MAC): No; Zone Program Integrity Contractors (ZPIC): No; Comprehensive Error Rate Testing (CERT) Contractor: No; Contractor type: Recovery Auditors(RA): Yes. Requirement: Provider communication; Reviewer's credentials available upon provider request; Contractor type: Medicare Administrative Contractors (MAC): No; Zone Program Integrity Contractors (ZPIC): No; Comprehensive Error Rate Testing (CERT) Contractor: No; Contractor type: Recovery Auditors(RA): Yes. Requirement: Provider communication; Access to contractor's medical director to discuss claim denials upon request; Contractor type: Medicare Administrative Contractors (MAC): No; Zone Program Integrity Contractors (ZPIC): No; Comprehensive Error Rate Testing (CERT) Contractor: No; Contractor type: Recovery Auditors(RA): Yes. Requirement: Provider communication; 40 days to discuss any revision to initial determination informally prior to having to file an appeal; Contractor type: Medicare Administrative Contractors (MAC): No[D]; Zone Program Integrity Contractors (ZPIC): No; Comprehensive Error Rate Testing (CERT) Contractor: No[D]; Contractor type: Recovery Auditors(RA): Yes. Requirement: Quality assurance; External validation of randomly selected claims by independent contractor; Contractor type: Medicare Administrative Contractors (MAC): No; Zone Program Integrity Contractors (ZPIC): No; Comprehensive Error Rate Testing (CERT) Contractor: No; Contractor type: Recovery Auditors(RA): Yes. Legend: n/a = Not applicable: Source: GAO analysis of CMS information on contractor requirements. [A] The CERT contractor does not select claims for review on the basis of billing issues but selects claims using stratified random sampling. [B] If a billing issue appears to be widespread and is affecting one type of service, the MACs may post a review description on its website or notify affected providers individually. [C] RAs performing postpayment reviews of hospital inpatient and long- term care facilities' claims are required to reimburse the providers for photocopying and submitting hard-copy documents regardless of the method used to submit the documents. [D] MACs or the CERT contractor may talk with providers following an adverse determination and agree to accept additional documentation, but they must determine that the information is new and material to the claim before they can revise a redetermination. [End of table] If the contractor sent the provider an ADR, and the claim is found to be proper, RAs are the only type of postpayment review contractor required to notify the provider. This means that providers who have sent in documentation do not routinely get a definitive answer that a MAC, ZPIC, or CERT contractor claim review has been concluded--unless an improper payment has been detected. Representatives of three provider associations indicated that it was important for financial management purposes for providers to be informed when a review was concluded and whether or not funds would be recouped. Representatives of three provider associations indicated if certain RA requirements were applied to the other contractors, this could reduce administrative burden and improve claims reviews efficiency. For example, representatives from one provider association indicated that it is valuable to discuss informally any revision to the contractor's initial claims determination prior to providers filing an appeal. When such discussion results in providers being able to properly explain their billing, it can lessen administrative burden by reducing the number of appeals filed. However, according to preliminary CMS data, nearly 20 percent of the 1.4 million RA claim overpayment determinations were appealed to the first level in 2012. Among the appealed overpayment determinations about 28 percent were overturned at the first level of appeal by MACs, which suggests that providers may not be having such discussions or the discussions are not succeeding in resolving issues prior to appeal. Three provider associations also indicated that having a limit on the number of medical records that could be requested in a given time period helped manage the burden of responding to the requests. However, adding such limits to contractors other than RAs might limit the number of claims reviews these other contractors could conduct. Other Differences in CMS Requirements across Contractors Can Impede Effectiveness and Efficiency by Complicating Providers' Responses to and Understanding of Claims Reviews: Many of the other requirements CMS developed for postpayment review activities, including documentation submission, staffing, and quality assurance, vary across the four contractor types. Some of the differences in the contractors' postpayment claims review requirements can impede effectiveness and efficiency of the claims reviews by complicating providers' responses to ADRs or their understanding of claims review decisions, according to representatives from three provider associations with whom we spoke. According to CMS officials, differences in requirements generally developed because the contracts or requirements were written at different times by staff within different parts of CMS, or the contractors' functions and activities have changed over time. However, some differences were due to other factors, such as cost. Additional Documentation Requests. Differences in contractors' requirements for sending ADRs and timelines for providers' responses to the contractors are illustrated in table 5. In some cases, in addition to reviewing documentation from the provider whose claim is under review, the contractor will also need to review documentation from a third party--such as the provider who referred the beneficiary for the service or item to the service provider whose claim is being reviewed. For example, while reviewing a claim for an X-ray, the contractor might want to review additional documentation from the referring physician, in order to determine the medical necessity of the X-ray service. The MACs, ZPICs, and RAs have the discretion to send a separate ADR to a third-party provider (in the example above, the referring physician) for additional documentation to support the medical necessity of the service or supply. If the service provider cannot obtain the necessary third-party documentation or if the contractor decides that the documentation is insufficient to support the claim, the claim will be denied, but not the third-party's claim. [Footnote 48] The CERT contractor is the only one that is required to directly contact the third party for an ADR if the provider being reviewed requests it and the claim exceeds $40.[Footnote 49] Four provider associations we interviewed indicated that it can sometimes be difficult for the providers whose claims were being reviewed to obtain the needed documentation from third parties in a timely manner. There is no financial incentive for the third parties to forward requested documentation to the service providers because the third parties' claims are not denied as improper if the documents are not submitted to the contractor. In the view of four provider associations, requiring providers to obtain documentation not directly under their own control can hinder their compliance with the ADR, because they are sometimes unable to provide the documentation. Table 5: Postpayment Claims Review--Requirements for Additional Documentation Requests, as of May 7, 2013: Requirements for additional documentation requests (ADR): If applicable, contact third party (provider who referred beneficiary for care) to obtain additional documentation; Contractor type: Medicare Administrative Contractors (MAC): Discretionary; Zone Program Integrity Contractors (ZPIC): Discretionary; Comprehensive Error Rate Testing (CERT) contractor: Yes[A]; Contractor type: Recovery Auditors (RA): Discretionary. Requirements for additional documentation requests (ADR): Minimum number of days contractor must give provider to respond to ADR before contractor has the authority to deny the claim; Contractor type: Medicare Administrative Contractors (MAC): 45; Zone Program Integrity Contractors (ZPIC): 30; Comprehensive Error Rate Testing (CERT) contractor: 75; Recovery Auditors (RA): 45. Requirements for additional documentation requests (ADR): Number of ADR extensions that must be granted to provider; Contractor type: Medicare Administrative Contractors (MAC): Discretionary; Zone Program Integrity Contractors (ZPIC): Discretionary; Comprehensive Error Rate Testing (CERT) contractor: Discretionary; Recovery Auditors (RA): 1. Requirements for additional documentation requests (ADR): Number of days for contractor to make determination after receiving documentation; Contractor type: Medicare Administrative Contractors (MAC): 60; Zone Program Integrity Contractors (ZPIC): Not specified; Comprehensive Error Rate Testing (CERT) contractor: Not specified; Recovery Auditors (RA): 60. Source: GAO analysis of CMS documentation of contractor requirements. [A] The CERT documentation contractor will send a notice to third parties whenever a claim involving third parties is selected for CERT review. At the billing provider's request, the CERT documentation contractor will send an ADR to the referring third party, for claims valued over $40. [End of table] Providers have 30 days to respond to an ADR sent by a ZPIC, 45 days to respond to an ADR sent by a MAC or RA, and 75 days to respond to an ADR sent by the CERT contractor. If the provider does not respond within the required time frame, the contractor may find the payment improper and refer the claim for recovery. MACs, ZPICs, and the CERT contractor also have discretion in setting the number of extensions, if any, whereas CMS requires RAs to give providers one extension.[Footnote 50] All of the contractors have discretion on setting the length of extensions. Representatives from two provider associations stated that having different timeframes makes responding to ADRs more challenging. In addition, ensuring consistency in common processes is consistent with OMB guidance on streamlining service delivery and a strong control environment. Submission Requirements. Different types of contractors are subject to different requirements regarding the formats in which they will accept providers' documentation, whether paper, fax, or electronic submission (see table 6). While RAs and the CERT contractor are required to accept submission of files stored electronically on compact discs or digital video discs (DVD), the other contractors are not. CMS has developed a system called electronic submission of medical documentation (esMD) for providers to transmit medical documentation electronically, which began to be adopted by contractors in 2011. [Footnote 51] Though its use is discretionary, most of the MACs, all of the RAs, the CERT contractor, and about one-third of ZPICs accept electronic submissions through esMD.[Footnote 52] One provider association indicated that having all contractors accept electronic submissions, such as submissions of e-documents on compact discs and DVDs could reduce the administrative burden on providers. Further, making electronic submission acceptable across all contractors would be consistent with OMB guidance on streamlining service delivery. Table 6: Postpayment Claims Review--Submission Requirements by Contractor Type, as of May 7, 2013: Requirements and contractor options for accepting provider-submitted documentation: Paper; Contractor type: Medicare Administrative Contractors (MAC): Time; Zone Program Integrity Contractors (ZPIC): Time; Comprehensive Error Rate Testing (CERT) contractor: Time; Recovery Auditors (RA): Time. Requirements and contractor options for accepting provider-submitted documentation: Fax; Contractor type: Medicare Administrative Contractors (MAC): Discretionary; Zone Program Integrity Contractors (ZPIC): Not specified; Comprehensive Error Rate Testing (CERT) contractor: Yes; Recovery Auditors (RA): Yes. Requirements and contractor options for accepting provider-submitted documentation: Compact disc/digital video disc (DVD); Contractor type: Medicare Administrative Contractors (MAC): Discretionary; Zone Program Integrity Contractors (ZPIC): Not specified; Comprehensive Error Rate Testing (CERT) contractor: Yes; Recovery Auditors (RA): Yes. Requirements and contractor options for accepting provider-submitted documentation: Electronic submission of medical documentation (esMD); Contractor type: Medicare Administrative Contractors (MAC): Discretionary; Zone Program Integrity Contractors (ZPIC): Discretionary; Comprehensive Error Rate Testing (CERT) contractor: Discretionary; Recovery Auditors (RA): Discretionary. Source: GAO analysis of CMS documentation of contractor requirements. [End of table] Staffing requirements. CMS requirements for staffing, including claims reviewers' qualifications, vary depending on the type of contractor (see table 7). CMS specifies the minimum number of physicians serving as medical directors that each contractor must have on staff. The minimum number of medical directors and their responsibilities vary for each of the four types of contractors. CMS requires that medical directors serve as a readily available source of medical expertise to provide guidance on claims reviews for all of the contractors, but their scopes of responsibility vary across contractors. This could lead to differences in the number of medical directors needed. For example, the MAC medical directors are also responsible for oversight of prepayment review, providing provider outreach and education, developing local coverage policy, and representing the contractor in appeals. In contrast, while the RA medical directors do not have some of the other responsibilities of the MAC medical directors, they have much larger geographic jurisdictions than MACs. Requirements for the minimum number of medical directors include the following: * A/B MACs must have at least three full-time equivalent (FTE) medical directors on staff, * RAs are required to have one FTE medical director on staff, * ZPICs are required to have at least one part-time medical director, and: * the CERT contractor is required to have two FTE medical directors. Given the variability of the medical directors' responsibilities and the differing sizes of their jurisdictions, direct comparisons cannot be made across the contractors to determine the number of medical directors needed. CMS officials acknowledged differences in staffing requirements across contractor types, and differences in expectations for the roles of medical directors. CMS officials also indicated that they have not required similar numbers of medical directors or required a certain number of medical directors to be responsible for oversight of a specific number of claims reviews because of cost issues.[Footnote 53] When asked about the differences, CMS officials indicated that they do not want to incur additional costs that could be involved in establishing consistent minimum staffing requirements for conducting claims reviews, if that would increase the number of medical directors that contractors would have to hire. Table 7: Postpayment Claims Review Staffing Requirements by Contractor Type, as of May 7, 2013: Staffing requirements: Number of medical directors; Contractor type: Medicare Administrative Contractors (MAC): 3 FTE[A]; Zone Program Integrity Contractors (ZPIC): 1 PT; Comprehensive Error Rate Testing (CERT) contractor: 2 FTE; Recovery Auditors (RA): 1 FTE. Staffing requirements: Minimum qualification to determine medical necessity; Contractor type: Medicare Administrative Contractors (MAC): LPN[B]; Zone Program Integrity Contractors (ZPIC): LPN; Comprehensive Error Rate Testing (CERT) contractor: LPN; Recovery Auditors (RA): RN or therapist[C]. Staffing requirements: Minimum qualification to determine compliance with coding; Contractor type: Medicare Administrative Contractors (MAC): No minimum specified[D]; Zone Program Integrity Contractors (ZPIC): No minimum specified; Comprehensive Error Rate Testing (CERT) contractor: Certified coder; Recovery Auditors (RA): Certified coder. Staffing requirements: Involvement of medical specialist when Medicare policy for a given service is not clearly articulated[E]; Contractor type: Medicare Administrative Contractors (MAC): No; Zone Program Integrity Contractors (ZPIC): Yes; Comprehensive Error Rate Testing (CERT) contractor: No; Recovery Auditors (RA): No. Legend: FTE = full-time equivalent; PT = part-time; LPN = licensed practical nurse; RN = registered nurse. Source: GAO analysis of CMS documentation of contractor requirements. [A] This requirement applies to A/B MAC medical directors, who also have other responsibilities such as establishing local coverage determinations and conducting provider education. [B] A/B MACs may use LPNs, but DME MACs are required to have RNs and therapists. [C] The statement of work does not specify what types of therapists are required. [D] The MACs are encouraged to hire certified coders but are not required to do so. [E] CMS defines such cases as "where coverage of an item or service is provided for specified indications or circumstances but is not explicitly excluded for others, or where the item or service is not mentioned at all in the CMS Manual System, the Medicare contractor is to make the coverage decision, in consultation with its medical staff, and with CMS when appropriate, based on the law, regulations, rulings and general program instructions." [End of table] Requirements for other staff conducting claims reviews also differ across contractors. Specifically, CMS requires RAs to use registered nurses or therapists in making determinations of medical necessity, but the others may use licensed practical nurses.[Footnote 54] CMS also requires RAs and the CERT contractor to employ certified coders to determine compliance with Medicare coding requirements, but does not require MACs or ZPICs to do so.[Footnote 55] CMS has a requirement for ZPICs, that when Medicare policy for a given service is not clearly articulated, the ZPICs must involve a medical specialist trained and experienced in providing the type of service being reviewed.[Footnote 56] There is no similar requirement for the other contractors.[Footnote 57] CMS officials indicated that making claims reviewers' staffing requirements more consistent could increase the cost of claims reviews--for example that requiring A/B MACs and ZPICs to hire RNs instead of LPNs to conduct claims reviews would likely increase the contract costs. Representatives from six provider associations indicated that on the basis of some of the claims review results, their members had questioned whether some reviewers were qualified to review claims, and several associations indicated that erroneous claims reviews led to appeals that would not have been needed had the determination been correct. Quality assurance requirements. While CMS requires QA processes to ensure the quality of claims reviews, the requirements differ by contractor type (see table 8). GAO's Internal Control Management and Evaluation Tool states that monitoring (such as the monitoring carried out with QA processes) should be conducted to assess performance and determine whether controls (such as claims reviews) continue to be effective.[Footnote 58] Providers have questioned the quality of contractors' decision making--specifically that the contractors are not consistently making proper determinations that appropriately apply Medicare coverage, coding, and payment rules in evaluating the claims. Having effective QA processes can help ensure that claims determinations are made properly and consistently--which is part of having strong internal controls. When asked about the reason for differences among specific requirements for QA processes for different contractors, CMS officials responded that different offices in CMS were responsible for the contract specifications and contractor management and the contracts were written at different times and therefore vary. Table 8: Postpayment Claims Review--Quality Assurance Requirements by Contractor Type, as of May 7, 2013: Quality assurance requirements: Interrater reliability testing of claims reviewers; Contractor type: Medicare Administrative Contractors (MAC): Yes; Zone Program Integrity Contractors (ZPIC): Yes; Comprehensive Error Rate Testing (CERT) contractor: Yes; Recovery Auditors (RA): No. Quality assurance requirements: Annual clinical judgment training; Contractor type: Medicare Administrative Contractors (MAC): Yes; Zone Program Integrity Contractors (ZPIC): Yes; Comprehensive Error Rate Testing (CERT) contractor: Yes; Recovery Auditors (RA): No. Quality assurance requirements: Internal secondary reviews prior to revising determination; Contractor type: Medicare Administrative Contractors (MAC): No; Zone Program Integrity Contractors (ZPIC): No; Comprehensive Error Rate Testing (CERT) contractor: Yes; Recovery Auditors (RA): No. Quality assurance requirements: External validation of revised claims; Contractor type: Medicare Administrative Contractors (MAC): No; Zone Program Integrity Contractors (ZPIC): No; Comprehensive Error Rate Testing (CERT) contractor: No; Recovery Auditors (RA): Yes. Source: GAO analysis of CMS documentation of contractor requirements. [End of table] With regard to internal QA processes, CMS requires that the MACs, ZPICs, and CERT contractor conduct interrater reliability testing and participate in annual clinical judgment training in support of postpayment claims review determinations. CMS also requires that the CERT contractor's QA process include internal secondary reviews of any claim that was determined improper and internal interrater reliability testing. CMS does not require the RAs to conduct interrater reliability testing or participate in clinical judgment training. Each contractor type is also required to have an internal QA plan, but CMS does not require any specific QA steps regarding consistency and quality of postpayment claims reviews' determinations in any of the contractors' plans. The different types of contractors also have different requirements for external QA review processes. While the RAs are not required to have some of the internal QA processes, CMS has established an external validation process conducted by a different contractor for the RAs' postpayment claims reviews. To validate the claims review determinations for each RA on a monthly basis, the RA validation contractor reviews a random sample of 400 claims proportional to the provider types that each RA determined had been paid improperly. Unlike the RAs, the MACs, ZPICs, and CERT contractor are not subject to external validation reviews of their postpayment claims reviews. [Footnote 59] CMS Has Begun an Effort to Examine Whether Its Activities Add Administrative Burden for Providers: In 2011, CMS established an internal work group known as the Provider Burden Reduction Work Group to inventory CMS and contractor activities that may create administrative burden for providers, to assess providers' complaints, and identify areas for improving efficiency of processes. As part of this effort, CMS officials indicated that they found differences in contractor requirements related to claims reviews. As an example, they indicated that contractors' form letters were not standardized; instead different types of contractors were required to include different information in their form letters. Representatives of two provider associations had indicated that having different contractors send out different versions of the same type of form letters seemed to be confusing to providers. As of November 2012, CMS officials told us that the work group had briefed CMS senior management about its work, but this effort was still in progress. CMS has not publicly announced the results of the work group's efforts, whether it would make any requirements more consistent, or a time frame for any changes. Having less variation in requirements for providers would be consistent with OMB guidance on streamlining service delivery. Further, internal control standards indicate the importance of deciding on corrective actions when needed and setting time frames for completing them. CMS officials told us that they have taken steps to increase provider awareness and reduce confusion about the different review contractors and their review processes to help providers in complying with review efforts. These steps include the following: * In July 2012, CMS published a 15-page booklet about Medicare claim review programs, including claims reviews by MACs, ZPICs, RAs, and the CERT review contractor on CMS's website, and the booklet was announced in an e-newsletter that providers can sign up to receive.[Footnote 60] * In August 2012, CMS published an interactive map on its website that allows the public and providers to identify the MACs, ZPICs, and RAs that perform claims reviews in each state.[Footnote 61] * In September 2012, CMS published an update to a chart, the original of which was first published in July 2011, to educate providers about the definitions and responsibilities of contractors and other entities involved in various aspects of Medicare and Medicaid claims determinations. The chart explains why providers may need to communicate with multiple entities as well as why multiple entities may contact the same provider.[Footnote 62] * In January 2013, CMS published a three-page description about the Medicare FFS Recovery Audit Program process that includes references to other information, such as appeals.[Footnote 63] In addition, CMS officials reported that they are developing web-based training about the audits done by its contractors. Conclusions: Differences in CMS's postpayment claims review requirements for the four types of contractors may reduce the efficiency and effectiveness of claims reviews by complicating providers' compliance with the requirements. Some of these differences may be appropriate given the different functions and responsibilities of the contractors. However, CMS officials explained that differences in some requirements came about because the contractors' requirements were developed at different times or the contractors' activities have changed over time. In addition, some of these differences could have come about because different types of contractors and associated requirements are managed by different parts of CMS. Greater consistency in the claims review requirements across contractors may improve the efficiency of postpayment reviews by strengthening the control environment, lessening providers' confusion, and reducing administrative burdens. In addition, improving consistency across the contractors would be consistent with the Executive Order 13571 on Streamlining Service Delivery and Improving Customer Services and OMB guidelines for implementing it. Greater consistency could make it easier for providers to comply with ADR requests and claims requirements. It could also help reduce claims payment error determinations based on providers' inability or failure to provide documentation in a timely manner. It might also reduce any inconsistencies in making determinations, which can lead to unneeded appeals, and might increase providers' confidence that reviews will also be consistent and correct. Recommendations for Executive Action: In order to improve the efficiency and effectiveness of Medicare program integrity efforts and simplify compliance for providers, we are making three recommendations. We recommend that the Administrator of CMS: 1. examine all postpayment review requirements for contractors to determine those that could be made more consistent without negative effects on program integrity, 2. communicate publicly CMS's findings and its time frame for taking further action, and: 3. reduce differences in postpayment review requirements where it can be done without impeding the efficiency of its efforts to reduce improper payments. Agency Comments and Our Evaluation: We provided a draft of this report to HHS for comment, and received written comments, which are reprinted in appendix II. In its comments, HHS concurred with our three recommendations and agreed to take steps to reduce differences in postpayment review requirements where appropriate. HHS noted that CMS had begun to examine its requirements for postpayment claims reviews as discussed in our report.HHS stated that it is currently examining requirements related to ADRs to see if the requirements could be standardized across contractor types. HHS indicated that standardizing the minimum number of days a contractor must give a provider to respond to an ADR before the contractor has the authority to deny the claim could help minimize provider confusion. HHS also agreed to publicly communicate its findings from the review of the requirements on CMS's website and include a timeframe for implementing agreed-upon changes in procedures. As agreed with your offices, unless you publicly announce the contents of this report earlier, we plan no further distribution until 30 days from the report date. At that time, we will send copies to the Secretary of Health and Human Services, the Acting Administrator of CMS, appropriate congressional committees, and other interested parties. In addition, the report will be available at no charge on the GAO website at [hyperlink, http://www.gao.gov]. If you or your staff has any questions about this report, please contact me at (202) 512-7114 or at kingk@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff that made key contributions to this report were: Sheila K. Avruch, Assistant Director; Carrie Davidson; Leslie V. Gordon; and Laurie Pachter. Signed by: Kathleen M. King: Director, Health Care: List of Requesters: The Honorable Max Baucus: Chairman: The Honorable Orrin G. Hatch: Ranking Member: Committee on Finance: United States Senate: The Honorable Tom Carper: Chairman: The Honorable Tom Coburn, M.D. Ranking Member: Committee on Homeland Security and Governmental Affairs: United States Senate: The Honorable Chuck Grassley: Ranking Member: Committee on the Judiciary: United States Senate: The Honorable Claire McCaskill: Chairman: Subcommittee on Financial and Contracting Oversight: Committee on Homeland Security and Governmental Affairs: United States Senate: The Honorable Bob Corker: United States Senate: The Honorable Fred Upton: Chairman: The Honorable Henry Waxman: Ranking Member: Committee on Energy and Commerce: House of Representatives: The Honorable Charles Boustany, M.D. Chairman: The Honorable John Lewis: Ranking Member: Subcommittee on Oversight: Committee on Ways and Means: House of Representatives: The Honorable Diana DeGette: Ranking Member: Subcommittee on Oversight and Investigations: Committee on Energy and Commerce: House of Representatives: [End of section] Appendix I: List of Provider Associations GAO Interviewed: American Association for Homecare; American College of Radiology and Radiology Business Management Association; American Health Care Association; American Hospital Association; American Medical Association; Association of Academic Health Centers; Association of American Medical Colleges; LeadingAge; Medical Group Management Association; National Association for Home Care & Hospice; National Association for Medical Direction of Respiratory Care; Orthotics and Prosthetics Alliance; Visiting Nurse Associations of America. [End of section] Appendix II: Comments from the Department of Health and Human Services: Department of Health and Human Services: Office of The Secretary: Assistant Secretary for Legislation: Washington, DC 20201: July 9, 2013: Kathleen King: Director, Health Care: U.S. Government Accountability Office: 441 G Street NW: Washington, DC 20548: Dear Ms. King: Attached are comments on the U.S. Government Accountability Office's (GAO) report entitled, entitled, "Medicare Program Integrity: Increasing Consistency of Contractor Requirements May Improve Administrative Efficiency" (GA0-13-522). The Department appreciates the opportunity to review this report prior to publication. Sincerely, Signed by: Jim R. Esquea: Assistant Secretary for Legislation: Attachment: General Comments Of The Department Of Health And Human Services (HHS) On The Government Accountability Office's (GAO) Draft Report Entitled, "Medicare Program Integrity: Increasing Consistency Of Contractor Requirements May Improve Administrative Efficiency" (GAO-13-522): The Department appreciates the opportunity to review and comment on this draft report. GAO Recommendation: Examine all postpayment review requirements for contractors to determine those that could be made more consistent without negative effects on program integrity. HHS Response: HHS concurs with this recommendation. As noted in the report, CMS had started examining many of the issues identified in the report before the GAO began its study. However, we agree that the requirements need to be examined for consistency, where appropriate. For example, we are currently examining if the requirements related to additional documentation requests (ADR) can be standardized across some contractor types. We believe standardizing the minimum number of days a contractor must give a provider to respond to an ADR before the contractor has the authority to deny the claim could help minimize provider confusion. GAO Recommendation: Communicate publicly its findings and its timeframe for taking further action. HHS Response: HHS concurs with this recommendation and will publish its findings on the CMS website and include a timeframe for implementing the agreed upon changes in procedures after completing a full review of the identified issues. GAO Recommendation: Reduce differences in postpayment review requirements where it can be done without impeding efficiency of its efforts to reduce improper payments. HHS Response: HHS concurs with this recommendation and will take steps to reduce differences in postpayment review requirements where appropriate. [End of section] Related GAO Products: GAO's 2013 High-Risk Update: Medicare and Medicaid. [hyperlink, http://www.gao.gov/products/GAO-13-433T]. Washington, D.C.: February 27, 2013. Medicare Program Integrity: Greater Prepayment Control Efforts Could Increase Savings and Better Ensure Proper Payment. [hyperlink, http://www.gao.gov/products/GAO-13-102]. Washington, D.C.: November 13, 2012. Medicare Fraud Prevention: CMS Has Implemented a Predictive Analytics System, but Needs to Define Measures to Determine Its Effectiveness. [hyperlink, http://www.gao.gov/products/GAO-13-104]. Washington, D.C.: October 15, 2012. Program Integrity: Further Action Needed to Address Vulnerabilities in Medicaid and Medicare Programs. [hyperlink, http://www.gao.gov/products/GAO-12-803T]. Washington, D.C.: June 7, 2012. Medicare Integrity Program: CMS Used Increased Funding for New Activities but Could Improve Measurement of Program Effectiveness. [hyperlink, http://www.gao.gov/products/GAO-11-592]. Washington, D.C.: July 29, 2011. Improper Payments: Reported Medicare Estimates and Key Remediation Strategies. [hyperlink, http://www.gao.gov/products/GAO-11-842T]. Washington, D.C.: July 28, 2011. Fraud Detection Systems: Centers for Medicare and Medicaid Services Needs to Ensure More Widespread Use. [hyperlink, http://www.gao.gov/products/GAO-11-475]. Washington, D.C.: June 30, 2011. Improper Payments: Recent Efforts to Address Improper Payments and Remaining Challenges. [hyperlink, http://www.gao.gov/products/GAO-11-575T]. Washington, D.C.: April 15, 2011. Status of Fiscal Year 2010 Federal Improper Payments Reporting. [hyperlink, http://www.gao.gov/products/GAO-11-443R]. Washington, D.C.: March 25, 2011. Medicare and Medicaid Fraud, Waste, and Abuse: Effective Implementation of Recent Laws and Agency Actions Could Help Reduce Improper Payments. [hyperlink, http://www.gao.gov/products/GAO-11-409T]. Washington, D.C.: March 9, 2011. Medicare: Program Remains at High Risk Because of Continuing Management Challenges. [hyperlink, http://www.gao.gov/products/GAO-11-430T]. Washington, D.C.: March 2, 2011. Medicare Recovery Audit Contracting: Weaknesses Remain in Addressing Vulnerabilities to Improper Payments, Although Improvements Made to Contractor Oversight. [hyperlink, http://www.gao.gov/products/GAO-10-143]. Washington, D.C.: March 31, 2010. Medicare Contracting Reform: Agency Has Made Progress with Implementation, but Contractors Have Not Met All Performance Standards. [hyperlink, http://www.gao.gov/products/GAO-10-71]. Washington, D.C.: March 25, 2010. [End of section] Footnotes: [1] Medicare is the federally financed health insurance program for persons aged 65 and over, certain individuals with disabilities, and individuals with end-stage renal disease. [2] See GAO, High-Risk Series: An Update, [hyperlink, http://www.gao.gov/products/GAO-13-283] (Washington, D.C.: February 2013). [3] An improper payment is any payment that should not have been made or that was made in an incorrect amount (including overpayments and underpayments) under statutory, contractual, administrative, or other legally applicable requirements. This definition includes any payment to an ineligible recipient, any payment for an ineligible good or service, any duplicate payment, any payment for a good or service not received (except where authorized by law), and any payment that does not account for credit for applicable discounts. Improper Payments Elimination and Recovery Act of 2010, Pub. L. No. 111-204, § 2(e), 124 Stat. 2224, 2227 (codified at 31 U.S.C. § 3321 note). [4] The Secretary of Health and Human Services delegated the authority under the Medicare provisions of the Social Security Act to the Administrator of CMS. [5] Medicare FFS, or original Medicare, consists of Medicare Parts A and B. Medicare Part A covers hospital and other inpatient stays. Medicare Part B is optional insurance, and covers physician, outpatient hospital, home health care, certain other services and the purchase of durable medical equipment (DME) including prosthetics, orthotics, and supplies. [6] This report discusses the four types of primary contractors that perform claims reviews. In addition, in 2012 CMS established the Supplemental Medicare Review Contractor type to perform national claims reviews of Medicare Part A, Part B, and DME providers and suppliers. This contractor conducts large-volume medical reviews nationwide for specific services, such as: Inpatient Psychiatric Facility Interrupted Stays, Epidural Injections, and Place-of-Service coding. We excluded this type of contractor from our study because it has not been in operation for 1 year. [7] Program Safeguard Contractors conducted activities to investigate fraud prior to the establishment of ZPICs, and are still doing so in one zone. [8] CMS and others sometimes refer to the claims reviews after payment as "audits" or "medical reviews." In this report we will use the term "claims review" to distinguish these reviews from other types of audits and reviews, such as financial audits of hospital cost reports. [9] In this report, the term provider includes entities such as hospitals or physicians as well as entities that supply Medicare beneficiaries with durable medical equipment (DME)--such items as wheelchairs; diabetic supplies; prosthetics; and orthotics-- laboratory, ambulance, home health, hospice, therapy, and skilled nursing services. [10] We have ongoing work reviewing CMS's oversight of its contractors that conduct postpayment reviews. [11] See GAO, Standards for Internal Control in the Federal Government, [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.: November 1999); and Internal Control Management and Evaluation Tool, [hyperlink, http://www.gao.gov/products/GAO-01-1008G] (Washington, D.C.: August 2001). [12] Office of Management and Budget, Implementing Executive Order 13571 on Streamlining Service Delivery and Improving Customer Service, Memorandum M-11-24 (June 13, 2011). [13] Contractors can also conduct routine reviews, which involve checking some claims for issues such as clerical errors. [14] Medicare's payment system relies on the coding of beneficiaries' diagnoses or the services, procedures, and devices provided to them to determine proper payment. Payment may be made on the basis of the diagnosis, or of the services, procedures, and devices claimed, depending on the payment method for that type of claim. Because MACs pay claims according to the codes assigned; if the code does not accurately reflect the diagnosis, service, procedure, or device provided, then the claim is considered improper. [15] If the DME claim is submitted prior to the bundled skilled nursing facility claim, the DME claim may not appear to be improper when made. [16] In many cases, the ADR serves as notification to the provider that a claim is under review. [17] MACs process and pay claims in specific jurisdictions. The MAC for a jurisdiction is responsible for recoupment or payment of the proper amount, whether or not it was the notifying contractor. [18] Recovery auditing has been used in various industries, including health care, to identify and collect overpayments for about 40 years. Typically, recovery auditing contractors are paid a contingency fee based on a percentage of the overpayments collected. The MMA directed CMS to establish the demonstration in at least two states from among the ones with the highest per capita Medicare utilization rates and to use at least three contractors. Pub. L. No. 108-173, § 306, 117 Stat. 2066, 2256-57. [19] The appeals process under Medicare FFS program includes five levels of review. [20] Pub. L. No. 109-432, §302, 120 Stat. 2922, 2991-92 (codified at 42 U.S.C. § 1395ddd(h)). [21] See GAO, Medicare Recovery Audit Contracting: Weaknesses Remain in Addressing Vulnerabilities to Improper Payments, Although Improvements Made to Contractor Oversight, [hyperlink, http://www.gao.gov/products/GAO-10-143] (Washington, D.C.: Mar. 31, 2010). [22] See [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1]. [23] Exec. Order No. 13571, 76 Red. Reg. 24.399 (May 2, 2011). [24] Office of Management and Budget, Implementing Executive Order 13571 on Streamlining Service Delivery and Improving Customer Service.) [25] Pub. L. No. 104-191, §§ 201, 202, 110 Stat. 1936, 1992-98 (codified at 42 U.S.C. §§ 1395j(k)(4), 1395ddd). [26] Pub. L. No. 108-173, § 911, 117 Stat. 2066, 2378-2386 (codified at 42 U.S.C. § 1395kk-1). CMS contracts with two kinds of MACs--A/B MACs and DME MACs. A/B MACs process claims for services under Part A and Part B, and a few A/B MACs also process home health and hospice claims. As of June 2013, in one jurisdiction, the A/B MAC has not replaced the carrier and fiscal intermediary. DME MACs process claims for DME, prosthetics, orthotics, and supplies. There are four different geographic jurisdictions for the DME MACs. In this report, the term MAC refers to all the MACs unless otherwise noted. [27] Previously, fiscal intermediaries were responsible for processing and paying claims submitted by institutional providers such as hospitals' Part A claims and any of these providers' Part B claims. Carriers were responsible for Part B claims submitted by physicians and other noninstitutional providers. [28] HIPAA gave CMS the authority to contract separately for program safeguard contractors to perform integrity functions. As part of CMS's transition to MACs as required by the MMA, CMS transitioned the work of investigating potential fraud to ZPICs. This transition is planned to be complete in 2013. [29] Pub. L. No. 108-173, § 306, 117 Stat. 2066, 2256-57. [30] Pub. L. No. 109-432, §302, 120 Stat. 2922, 2991-92 (codified at 42 U.S.C. § 1395ddd(h)). [31] Pub. L. No. 107-300, 116 Stat. 2350 (codified at 31 U.S.C. § 3321 note). The IPIA was subsequently amended by the Improper Payments Elimination and Recovery Act of 2010, Pub. L. No. 111-204, § 2(e), 124 Stat. 2224, 2227 (codified at 31 U.S.C. § 3321 note), and the Improper Payments Elimination and Recovery Improvement Act of 2012, Pub. L. No. 112-248, 126 Stat. 2390 (2013). [32] There are four contractors--statistical, claims review, documentation, and website--that support the CERT function and all four CERT contractors perform their tasks for the entire nation. In this report, "the CERT contractor" refers to the CERT review contractor responsible for conducting the claims reviews. [33] The Center for Medicare serves as CMS's focal point for the formulation, coordination, integration, implementation, and evaluation of national Medicare program policies and operations. [34] CM also manages provider outreach and education, which informs providers about proper billing practices. [35] CPI also oversees the PSCs. Another group in OFM manages other integrity activities, such as audits of hospitals and other institutional providers and identifying and managing situations where Medicare is the secondary, not primary, payer for health care services. [36] The FFS Medicare improper payment rate annually estimates the percentage and dollar amount of FFS claims paid improperly. [37] See GAO, Medicare Integrity Program: CMS Used Increased Funding for New Activities but Could Improve Measurement of Program Effectiveness, [hyperlink, http://www.gao.gov/products/GAO-11-592] (Washington, D.C.: July 29, 2011). [38] CMS officials use the terms zones and regions for ZPICs and RAs respectively, to refer to the contractors' geographic jurisdiction. In this report we will use the term geographic jurisdiction, regardless of the contractor. [39] LCDs are decisions about coverage and coding in the absence of specific statute, regulations, or national policy. They are established by the MACs and applied by MACs and other contractors to claims received for the geographic area to which the claims are assigned. [40] DME MACs also process claims for prosthetics, orthotics, and supplies, such as diabetic test strips. [41] CMS is in the process of replacing its legacy PSCs with seven ZPICs; one for each geographic jurisdiction. Currently there are only six ZPICs because one geographic jurisdiction has not had a contract put in place. The ZPIC geographic jurisdictions are designed to include one or more MAC jurisdictions. [42] The Fraud Prevention System is intended to analyze Medicare claims, provider, and beneficiary data before claims are paid to identify those that are potentially fraudulent. See GAO, Medicare Fraud Prevention: CMS Has Implemented a Predictive Analytics System, but Needs to Define Measures to Determine Its Effectiveness, [hyperlink, http://www.gao.gov/products/GAO-13-104] (Washington, D.C.: Oct. 15, 2012). [43] CMS originally established two programs to monitor the payment accuracy of the Medicare FFS program: the Hospital Payment Monitoring Program (HPMP) and the CERT program. The HPMP measured the improper payment rate only for Part A inpatient hospital claims, while the CERT program measured the improper payment rate for all other Part A and Part B Medicare FFS claim types. Beginning with the 2009 reporting period, the HPMP was dissolved and the CERT program became fully responsible for sampling and reviewing all Medicare FFS claim types for improper payments. [44] The four CERT contractors do not operate in different geographic jurisdictions; they work together to estimate the national error rate. This report focuses on the work of the CERT claims review contractor. [45] The CERT claims review sample is pulled semimonthly from MAC processed claims and encompass those that have been paid, denied, or selected for a MAC claims review. This report will refer to the CERT claims reviews as "postpayment;" because all of the claims were processed prior to CERT claims review even though not all were paid. [46] RAs' automated reviews do not count for the ADR limits. [47] RAs performing postpayment reviews of hospital inpatient and long- term care facilities' claims are required to reimburse the providers for photocopying and submitting hard-copy documents regardless of the method used to submit the documents. [48] This is because the third-party's claim is not under review. [49] Because claims with no documentation are considered improper and contribute to the Medicare program's error rate, the CERT program makes efforts to collect complete documentation. [50] CMS officials told us that, in practice, RAs give providers as much time as they need and the CERT contractor may also extend the time period so as not to unnecessarily deny the claim for lack of documentation. However, the CERT contractor is constrained by its schedule to estimate the annual Medicare improper payment rate. [51] CMS officials indicated that many of the contractors have web portals, some of which allow providers to submit documentation, but having such a portal is not a requirement. [52] As of April 17, 2013, the following providers cannot use esMD to respond to requests for additional documentation from their MACs or legacy fiscal intermediaries, carrier, or regional home health intermediaries: (1) home health agencies and hospice providers in all 50 states, and (2) Part A and B providers in California, Hawaii, Illinois, Minnesota, Nevada, and Wisconsin. In addition, all Medicare FFS providers in 46 states cannot use esMD to respond to requests for additional documentation from their ZPICs or PSCs; the exceptions are California, Hawaii, Nevada, and Florida. [53] Prior to transitioning to MACs, carriers and fiscal intermediaries had a physician medical director for each state in the jurisdiction. CMS reduced the number of medical directors required when it contracted with MACs. Reducing the number of medical directors required at MACs allowed CMS to reduce the funding that had to be budgeted for medical director positions. [54] Licensed practical nurses (LPN), sometimes also known as licensed vocational nurses have a 1-year degree and are licensed by the state. Registered nurses (RN) have at least a 2-year degree and are also licensed by the state. CMS officials stated that MACs and ZPICs often use RNs as claims reviewers, even if it is not required. [55] CMS officials told us that, in practice, most MACs and ZPICs use RNs certified coders to determine compliance with coding. Coders are certified by independent entities that designate that these individuals have received training on appropriate use of diagnostic and procedure codes. [56] CMS defines such cases as "where coverage of an item or service is provided for specified indications or circumstances but is not explicitly excluded for others, or where the item or service is not mentioned at all in the CMS Manual System, the Medicare contractor is to make the coverage decision, in consultation with its medical staff, and with CMS when appropriate, based on the law, regulations, rulings and general program instructions." [57] Although not a requirement, CMS officials also stated that MACs and RAs involved medical specialists when specialty knowledge is needed for a determination. [58] See [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] and [hyperlink, http://www.gao.gov/products/GAO-01-1008G]. [59] However as stated earlier, the CERT program annually measures each MAC's payment accuracy. [60] Centers for Medicare & Medicaid Services, "Medicare Claim Review Programs: MR, NCCI Edits, MUEs, CERT, and Recovery Audit Program," Medicare Learning Network (July 2012), accessed May 14, 2013, [hyperlink, http://cms.hhs.gov/Outreach-and-Education/Medicare- Learning-Network-MLN/MLNProducts/MLN-Publications- Items/CMS1243290.html]. [61] Centers for Medicare & Medicaid Services, Provider Compliance Group Interactive Map, accessed May 14, 2013, [hyperlink, http://www.cms.gov/Research-Statistics-Data-and-Systems/Monitoring- Programs/provider-compliance-interactive-map/index.html]. [62] Centers for Medicare & Medicaid Services, "Contractor Entities at a Glance: Who May Contact You about Specific Centers for Medicare & Medicaid Services (CMS) Activities," Medicare Learning Network (September 2012), accessed May 14, 2013, . [63] Centers for Medicare & Medicaid Services, "Medicare Fee-for- Service Recovery Audit Program Process," Medicare Learning Network [hyperlink, (January 2013), accessed May 14, 2013, http://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network- MLN/MLNProducts/MLN-Publications-Items/ICN908524.html]. [End of section] GAO’s Mission: The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO’s website [hyperlink, http://www.gao.gov]. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, go to [hyperlink, http://www.gao.gov] and select “E-mail Updates.” Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO: Connect with GAO on facebook, flickr, twitter, and YouTube. Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts. Visit GAO on the web at [hyperlink, http://www.gao.gov]. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; E-mail: fraudnet@gao.gov; Automated answering system: (800) 424-5454 or (202) 512-7470. Congressional Relations: Katherine Siggerud, Managing Director, siggerudk@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, DC 20548. Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, DC 20548. [End of document]