Skip to main content

Fraud Detection Systems: Centers for Medicare and Medicaid Services Needs to Ensure More Widespread Use

GAO-11-475 Published: Jun 30, 2011. Publicly Released: Jul 12, 2011.
Jump To:
Skip to Highlights

Highlights

GAO has designated Medicare and Medicaid as high-risk programs, in part due to their susceptibility to improper payments--estimated to be about $70 billion in fiscal year 2010. Improper payments have many causes, such as submissions of duplicate claims or fraud, waste, and abuse. As the administrator of these programs, the Centers for Medicare and Medicaid Services (CMS) is responsible for safeguarding them from loss. To integrate claims information and improve its ability to detect fraud, waste, and abuse in these programs, CMS initiated two information technology system programs: the Integrated Data Repository (IDR) and One Program Integrity (One PI). GAO was asked to (1) assess the extent to which IDR and One PI have been developed and implemented and (2) determine CMS's progress toward achieving its goals and objectives for using these systems to help detect fraud, waste, and abuse. To do so, GAO reviewed system and program management plans and other documents and compared them to key practices. GAO also interviewed program officials, analyzed system data, and reviewed reported costs and benefits.

CMS has developed and begun using both IDR and One PI, but has not incorporated into IDR all data as planned and has not taken steps to ensure widespread use of One PI to enhance efforts to detect fraud, waste, and abuse. IDR is intended to be the central repository of Medicare and Medicaid data needed to help CMS program integrity staff and contractors prevent and detect improper payments of Medicare and Medicaid claims. Program integrity analysts use these data to identify patterns of unusual activities or transactions that may indicate fraudulent charges or other types of improper payments. IDR has been operational and in use since September 2006. However, it does not include all the data that were planned to be incorporated by fiscal year 2010. For example, IDR includes most types of Medicare claims data, but not the Medicaid data needed to help analysts detect improper payments of Medicaid claims. IDR also does not include data from other CMS systems that are needed to help analysts prevent improper payments, such as information about claims at the time they are filed and being processed. According to program officials, these data were not incorporated because of obstacles introduced by technical issues and delays in funding. Further, the agency has not finalized plans or developed reliable schedules for efforts to incorporate these data. Until it does so, CMS may face additional delays in making available all the data that are needed to support enhanced program integrity efforts. One PI is a Web-based portal that is to provide CMS staff and contractors with a single source of access to data contained in IDR, as well as tools for analyzing those data. While One PI has been developed and deployed to users, few program integrity analysts were trained and using the system. Specifically, One PI program officials planned for 639 program integrity analysts to be using the system by the end of fiscal year 2010; however, as of October 2010, only 41--less than 7 percent--were actively using the portal and tools. According to program officials, the agency's initial training plans were insufficient and, as a result, they were not able to train the intended community of users. Until program officials finalize plans and develop reliable schedules for training users and expanding the use of One PI, the agency may continue to experience delays in reaching widespread use and determining additional needs for full implementation of the system. While CMS has made progress toward its goals to provide a single repository of data and enhanced analytical capabilities for program integrity efforts, the agency is not yet positioned to identify, measure, and track benefits realized from its efforts. As a result, it is unknown whether IDR and One PI as currently implemented have provided financial benefits. According to IDR officials, they do not measure benefits realized from increases in the detection rate for improper payments because they rely on business owners to do so, and One PI officials stated that, because of the limited use of the system, there are not enough data to measure and gauge the program's success toward achieving the $21 billion in financial benefits that the agency projected. GAO is recommending that CMS take steps to finalize plans and reliable schedules for fully implementing and expanding the use of the systems and to define measurable benefits. In its comments, CMS concurred with GAO's recommendations.

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Centers for Medicare & Medicaid Services To help ensure that the development and implementation of IDR and One PI are successful in helping the agency meet the goals and objectives of its program integrity initiatives, the Administrator of CMS should finalize plans and develop schedules for incorporating additional data into IDR that identify all resources and activities needed to complete tasks and that consider risks and obstacles to the IDR program.
Closed – Implemented
Although CMS has not identified all elements needed to completely ensure the reliability of its schedule for developing and implementing IDR, agency officials have developed and updated a schedule for incorporating additional data into IDR that identifies certain key elements, as we recommended. Specifically, the schedule identifies resources and activities for adding Medicare Part A (insurance for hospital and other inpatient services), Medicare Part B (insurance for hospital outpatient, physician, and other services), and shared systems data to IDR. Additionally, CMS identified risks and obstacles that could impact plans for incorporating additional data into the repository. As a result of its actions, the agency is better positioned to ensure that the development and implementation of IDR are completed and successful in helping the agency meet the goals and objectives of its program integrity initiatives.
Centers for Medicare & Medicaid Services To help ensure that the development and implementation of IDR and One PI are successful in helping the agency meet the goals and objectives of its program integrity initiatives, the Administrator of CMS should implement and manage plans for incorporating data in IDR to meet schedule milestones.
Closed – Implemented
As of December 2017, CMS had incorporated data into IDR, as GAO recommended in June 2011. The data included shared systems Medicare Part A (insurance for hospital and other inpatient services), Part B (insurance for hospital outpatient, physician, and other services), and 48 states' Medicaid data. In addition, the agency implemented and is managing plans to incorporate the remaining eight states? and territories? Medicaid data by December 2018. The plans establish milestones for incorporating all states? and territories? data into IDR, as GAO recommended in June 2011. By defining and implementing plans for establishing and meeting milestones to incorporate states? data, CMS has made progress toward making available from IDR all of the data that are needed to support enhanced program integrity efforts. Consequently, the agency is better positioned to achieve financial benefits expected from the implementation of IDR.
Centers for Medicare & Medicaid Services To help ensure that the development and implementation of IDR and One PI are successful in helping the agency meet the goals and objectives of its program integrity initiatives, the Administrator of CMS should establish plans and reliable schedules for training all program integrity analysts intended to use One PI.
Closed – Implemented
CMS has established plans and schedules for training all intended One PI users, as GAO recommended in June 2011. For example, in 2013, CMS officials developed training plans and also required the training contractor to ensure that all requests for existing and new users are accommodated. Further, CMS officials stated that the program is able to adjust training plans and schedules, as needed, to meet demand throughout the life of the project. By taking these steps, the agency has reduced the risks of continued delays in achieving widespread use of the system and in collecting data needed to determine whether the use of the system is providing expected financial benefits.
Centers for Medicare & Medicaid Services To help ensure that the development and implementation of IDR and One PI are successful in helping the agency meet the goals and objectives of its program integrity initiatives, the Administrator of CMS should establish and communicate deadlines for program integrity contractors to complete training and use One PI in their work.
Closed – Implemented
CMS is awarding new contracts that establish deadlines for program integrity contractors to begin using One PI, as GAO recommended in June 2011. Further, the agency is awarding contracts to Unified Program Integrity Contractors who will become responsible for work currently done by various contractors. The statements of work require the contractors to conduct data analysis using One PI and the Integrated Data Repository rather than using their own data warehouses and analytical tools. As a result, CMS is better positioned to ensure more widespread use of One PI for program integrity purposes and achieving the $21 billion in financial benefits the agency projected.
Centers for Medicare & Medicaid Services To help ensure that the development and implementation of IDR and One PI are successful in helping the agency meet the goals and objectives of its program integrity initiatives, the Administrator of CMS should conduct training in accordance with plans and established deadlines to ensure schedules are met and program integrity contractors are trained and able to meet requirements for using One PI.
Closed – Implemented
CMS conducted training for new users throughout fiscal year 2013 according to plans and deadlines and established timeframes for training all users throughout the life of One PI, as GAO recommended in June 2011. As a result of its efforts to enhance its training plans, the agency has reduced risks of continued delays in reaching widespread use of the system and in obtaining the data needed to measure benefits realized from the use of One PI.
Centers for Medicare & Medicaid Services To help ensure that the development and implementation of IDR and One PI are successful in helping the agency meet the goals and objectives of its program integrity initiatives, the Administrator of CMS should define any measurable financial benefits expected from the implementation of IDR and One PI.
Closed – Not Implemented
CMS reported in July 2018 that, while they have attempted to determine financial benefits from implementing IDR and One PI, as GAO recommended in June 2011, they are unable to do so. According to officials, there are various systems and tools that play a role in identifying potentially fraudulent claims and, as a result, determining the amount of financial savings specifically attributable to IDR or One PI is not possible.
Centers for Medicare & Medicaid Services To help ensure that the development and implementation of IDR and One PI are successful in helping the agency meet the goals and objectives of its program integrity initiatives, the Administrator of CMS, with stakeholder input, should establish measurable, outcome-based performance measures for IDR and One PI that gauge progress toward meeting program goals.
Closed – Implemented
CMS has defined outcome-based performance measures for IDR and One PI that gauge progress toward meeting the programs goals, as GAO recommended in June 2011. For example, one of the program's goals is to improve the business intelligence tools needed to identify improper payments, including those that are potentially fraudulent, which is related to the overall agency goals of strengthening program integrity and reducing improper payments. To measure the progress of the systems toward meeting this goal, CMS established mechanisms for tracking the incorporation of additional data and analytical tools into IDR and One PI that have been shown to help identify improper payments. Specifically, CMS identified certain data sources to be incorporated into IDR that are needed for conducting analyses using One PI and it established a target date for incorporating them into the system. As a result of these actions, CMS is better positioned to ensure that these systems contribute to the agency's efforts to detect fraud, waste, and abuse in the Medicare and Medicaid programs and to the recovery of billions of dollars lost to improper payments of claims.

Full Report

GAO Contacts

Office of Public Affairs

Topics

Claims processingData integrityEmployee trainingErroneous paymentsInformation technologyLossesMedical expense claimsOverpaymentsPerformance measuresProgram abusesStrategic planningSystems analysisTraining utilizationWork measurementProgram goals or objectivesProgram implementationFraud, Waste and Abuse