Medicare Program Integrity: CMS Continues Efforts to Strengthen the Screening of Providers and Suppliers

What GAO Found

Medicare claims are screened against enrollment information, using automated enrollment-related prepayment edits, in an effort to prevent improper payments to ineligible providers and suppliers—such as those that are no longer active in the Medicare program or are not properly licensed to provide the services for which they have submitted claims. Officials with the contractors we interviewed described the use of several types of prepayment edits to ensure that claims data are valid. For example, verification edits are intended to check the provider’s National Provider Identifier (NPI), which indicates whether the claim was submitted by an active provider or supplier. However, factors such as the frequency with which contractors have updated provider and supplier enrollment information and limitations of the data used may affect the timeliness and accuracy of data used to screen claims—in turn limiting the ability of the edits to prevent improper payments from occurring. For example, to update information maintained in the Provider Enrollment, Chain and Ownership System (PECOS)—CMS’s centralized database for Medicare enrollment information—the contractors have relied on a variety of data sources that vary in the frequency with which they are updated and the ease with which the data can be accessed. We have previously reported concerns about the accuracy of the enrollment information in PECOS and recommended CMS increase its oversight of its contractors’ provider and supplier enrollment activities. CMS acknowledged these concerns and indicated that the agency is working to address these issues.

Since the enactment of PPACA, CMS has implemented some new provider and supplier enrollment screening procedures and other measures intended to strengthen the existing Medicare enrollment process. New screening procedures include the designation of three different levels of risk of fraud, waste, and abuse, with categories of providers and suppliers assigned to limited, moderate, and high-risk levels—and those in the highest level subject to the most rigorous screening. For example, providers and suppliers in all three risk levels must undergo licensure checks, while those in moderate- and high-risk levels are subject to unannounced site visits. In addition, CMS implemented new application fees for some providers and suppliers. CMS also added two new Medicare contractors, an automated screening contractor and a site visit contractor, to conduct enhanced enrollment screening and site visits. CMS officials said that they expect the new automated screening contractor to identify additional data sources against which to screen, such as financial, tax, and business data sources. CMS’s implementation of some additional enrollment screening procedures is still in progress. For example, by the end of 2012, CMS plans to contract with two Federal Bureau of Investigation-approved contractors to conduct fingerprint-based criminal background checks of high-risk providers and suppliers. In addition, the agency plans to extend the requirement for surety bonds to high-risk providers and suppliers beyond those already required of suppliers of durable medical equipment, orthotics and supplies. A surety bond guarantees that if a provider or supplier does not fulfill its obligation to Medicare, CMS can recover its losses via the surety bond.

HHS reviewed a draft of this report and in its written comments noted CMS’s ongoing efforts to improve provider and supplier enrollment procedures. HHS also provided technical comments, which were incorporated as appropriate.

Why GAO Did This Study

According to the Centers for Medicare & Medicaid Services (CMS)—the agency within the Department of Health and Human Services (HHS) that administers the Medicare program—more than 1.5 million health providers and suppliers of medical equipment were enrolled in the Medicare program in 2011, and 30,000 more enroll each month. CMS has established Medicare enrollment standards and procedures intended to ensure that only qualified providers and suppliers can enroll. While most providers and suppliers pose a limited risk to the Medicare program, our previous work found persistent weaknesses in CMS’s Medicare enrollment standards and procedures that increased the risk of enrolling entities intent on defrauding the program. In 2010, the Patient Protection and Affordable Care Act (PPACA) authorized CMS to implement procedures to strengthen the Medicare enrollment process.

GAO was asked to review CMS’s Medicare provider enrollment procedures. In this report, GAO describes (1) how CMS and its contractors use provider and supplier enrollment information to prevent improper payments and factors that may affect the usefulness of this information, and (2) the extent to which CMS has implemented new provider and supplier enrollment screening procedures since the enactment of PPACA. To do so, GAO reviewed relevant regulations and documents, and interviewed officials from CMS and a sample of four of the agency’s contractors based on the volume of claims they processed and the status of their contracts with CMS.

For more information, contact Kathleen M. King at (202) 512-7114 or kingk@gao.gov.