Skip to main content

Medicare Program Integrity: Increased Oversight and Guidance Could Improve Effectiveness and Efficiency of Postpayment Claims Reviews

GAO-14-474 Published: Jul 18, 2014. Publicly Released: Aug 13, 2014.
Jump To:
Skip to Highlights

Highlights

What GAO Found

The Centers for Medicare & Medicaid Services (CMS) within the Department of Health and Human Services (HHS) has taken steps to prevent its contractors from conducting certain duplicative postpayment claims reviews—reviews of the same claims that are not permitted by the agency—but CMS neither has reliable data nor provides sufficient oversight and guidance to measure and fully prevent duplication. The four types of contractors GAO reviewed that examine providers' documentation to determine whether Medicare's payment was proper included

Medicare Administrative Contractors (MAC), which process and pay claims;

Zone Program Integrity Contractors (ZPIC), which investigate potential fraud;

Recovery Auditors (RA), tasked with identifying on a postpayment basis improper payments not previously reviewed by other contractors; and

the Comprehensive Error Rate Testing (CERT) contractor, which reviews claims used to annually estimate Medicare's improper payment rate.

CMS implemented a database to track RA activities, designed in part to prevent RAs, which conducted most of the postpayment reviews, from duplicating other contractors' reviews. However, the database was not designed to provide information on all possible duplication, and its data are not reliable because other postpayment contractors did not consistently enter information about their reviews. CMS has not provided sufficient oversight of these data or issued complete guidance to contractors on avoiding duplicative claims reviews.

CMS requires its contractors to include certain content in postpayment review correspondence with providers, but some requirements vary across contractor types and are not always clear, and contractors vary in their compliance with their requirements. These factors can lead to providers receiving less information about the reviews and thus decrease effective communication with them. In addition, the extent of CMS's oversight of correspondence varies across contractors, which decreases assurance that contractors comply consistently with requirements. In the correspondence reviewed, GAO found high compliance rates for some requirements, such as citing the issues leading to an overpayment, but low compliance rates for requirements about communicating providers' rights, which could affect providers' ability to exercise their rights.

CMS has strategies to coordinate internally among relevant offices regarding requirements for contractors' claims review activities. The agency also has strategies to facilitate coordination among contractors, such as requiring joint operating agreements between contractors operating in the same geographic area. However, these strategies have not led to consistent requirements across contractor types or full coordination between ZPICs and RAs. GAO previously recommended that CMS increase the consistency of its requirements, where appropriate, and the HHS Office of Inspector General has recommended steps to improve coordination between ZPICs and RAs.

Why GAO Did This Study

Several types of Medicare contractors conduct postpayment claims reviews to help reduce improper payments. Questions have been raised about their effectiveness and efficiency, and the burden on providers. GAO was asked to assess aspects of the claims review process.

Building on GAO's July 2013 report on postpayment claims review requirements, this report examines, among other things, the extent to which CMS has (1) data to assess whether contractors conduct duplicative postpayment claims reviews, (2) requirements for contractor correspondence with providers to help ensure effective communication, and (3) strategies for coordination of claims review activities. GAO reviewed CMS's requirements for claims reviews; interviewed CMS officials, selected contractors, and provider associations; analyzed CMS data; assessed a nongeneralizable sample of 114 pieces of contractor correspondence for compliance with requirements; and assessed CMS's requirements and oversight against federal internal control standards and other guidance.

Recommendations

GAO recommends that CMS take actions to improve the efficiency and effectiveness of contractors' postpayment review efforts, which include providing additional oversight and guidance regarding data, duplicative reviews, and contractor correspondence. In its comments, the Department of Health and Human Services concurred with the recommendations and noted plans to improve CMS oversight and guidance.

Recommendations for Executive Action

Agency Affected Recommendation Status
Centers for Medicare & Medicaid Services
Priority Rec.
In order to improve the efficiency and effectiveness of Medicare postpayment claims review efforts and simplify compliance for providers, the Administrator of CMS should monitor the Recovery Audit Data Warehouse to ensure that all postpayment review contractors are submitting required data and that the data the database contains are accurate and complete.
Closed – Implemented
As of August 2018, CMS has taken steps to monitor the Recovery Audit Data Warehouse to ensure that all contractors are submitting required data, and that the data they submit are accurate and complete, as GAO recommended in July 2014. In April 2015, CMS issued guidance requiring a 60-day delay in Recovery Auditors beginning their claims reviews. This delay was intended to allow time for Medicare Administrative Contractors (MAC) to enter their claims review information into the Recovery Audit Data Warehouse so that claims they review would not be re-reviewed by a Recovery Auditor. In December 2016, CMS told GAO that it had implemented a new process to monitor the data that contractors enter into the Recovery Audit Data Warehouse. As part of the process, on a monthly basis, CMS reviews "exclusion upload compliance reports" that show the number of records that each contractor selected for claims review and then uploaded to the Warehouse to exclude those records from further review by other contractors. CMS follows up with contractors that do not upload any records in a given month. CMS's compliance reports also show whether the records entered were valid, including whether they met formatting requirements. In December 2017, CMS provided documentation that as part of the agency's periodic assessments of the MACs, it would now verify that MACs were submitting all of the required data to the Warehouse, in accordance with agency guidance. At that time, CMS did not indicate that it had implemented a similar verification process for Zone Program Integrity Contractors (ZPIC). CMS has transitioned ZPICs' responsibilities to new Unified Program Integrity Contractors (UPIC). In August 2018, CMS told GAO that as of June 2018, all five UPICs were fully operational. Therefore, this part of the recommendation is no longer relevant for ZPICs.
Centers for Medicare & Medicaid Services In order to improve the efficiency and effectiveness of Medicare postpayment claims review efforts and simplify compliance for providers, the Administrator of CMS should develop complete guidance to define contractors' responsibilities regarding duplicative claims reviews, including specifying whether and when MACs and ZPICs can duplicate other contractors' reviews.
Closed – Implemented
In September 2016, CMS updated its Medicare Program Integrity Manual to provide complete guidance regarding whether contractors, specifically Medicare Administrative Contractors (MAC) and Zone Program Integrity Contractors (ZPIC), may conduct duplicative reviews. According to CMS's updated guidance, as of November 4, 2016, MACs are not permitted to review any claim previously reviewed by another contractor. ZPICs are permitted to review a claim previously reviewed by another contractor in order to support their case development or other administrative action.
Centers for Medicare & Medicaid Services
Priority Rec.
In order to improve the efficiency and effectiveness of Medicare postpayment claims review efforts and simplify compliance for providers, the Administrator of CMS should assess regularly whether contractors are complying with CMS requirements for the content of correspondence sent to providers regarding claims reviews.
Closed – Implemented
In April 2017, CMS provided documentation that it had implemented processes to assess contractors' compliance with CMS requirements for the content of correspondence sent to providers regarding claims reviews. For example, as part of CMS's annual reviews of Medicare Administrative Contractors and Zone Program Integrity Contractors, CMS now assesses whether contractors' correspondence complies with requirements outlined in the Medicare Program Integrity Manual. In addition, both CMS and a separate contractor periodically assess whether Recovery Auditors' correspondence meets requirements in the Medicare Program Integrity Manual. Finally, CMS reviews correspondence sent by the Comprehensive Error Rate Testing contractor to ensure it aligns with CMS-approved templates for correspondence with providers.
Centers for Medicare & Medicaid Services
Priority Rec.
In order to improve the efficiency and effectiveness of Medicare postpayment claims review efforts and simplify compliance for providers, the Administrator of CMS should clarify the current requirements for the content of contractors' additional documentation requests and results letters and standardize the requirements and contents as much as possible to ensure greater consistency among postpayment claims review contractors' correspondence.
Closed – Implemented
In October 2016, CMS reported that it had examined Additional Documentation Requests (ADR) and review results letters for consistency and assessed the feasibility of standardizing requirements, where appropriate. In November 2014, CMS revised its postpayment ADR requirements in the Program Integrity Manual (PIM) for Medicare Administrative Contractors (MAC), Recovery Auditors, and Comprehensive Error Rate Testing contractor. These new requirements were made in consultation with the contractors, and were intended to increase uniformity among contractors' ADRs and improve clarity so that providers will better recognize and understand the purpose of the ADRs and the resulting action items. The revised PIM requires the contractors to include certain information in their ADRs, and includes sample ADR templates that show the elements and format that contractors must follow when developing their ADRs. Contractors must use the new "unified postpayment ADR letter format," though they have the discretion to insert information specific to the subject of the letter. In December 2016, CMS reported that the requirements for MAC, Recovery Auditor, and Zone Program Integrity Contractor review results letters in the PIM have been standardized to the maximum extent possible. CMS stated that it determined further standardization of the review results letters was not necessary because it wished to maintain contractors' flexibility to provide detailed information specific to their reviews.

Full Report

GAO Contacts

Office of Public Affairs

Topics

MedicareImproper paymentsInternal controlsErroneous paymentsOverpaymentsContractorsContract oversightClaims processingProgram integrityMedicare contractors