This is the accessible text file for GAO report number GAO-10-844T entitled 'Medicare Fraud, Waste, and Abuse: Challenges and Strategies for Preventing Improper Payments' which was released on June 15, 2010. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Testimony: Before the Subcommittees on Health and Oversight, Committee on Ways and Means, House of Representatives: United States Government Accountability Office: GAO: For Release on Delivery: Expected at 10:00 a.m. EDT: Tuesday, June 15, 2010: Medicare Fraud, Waste, and Abuse: Challenges and Strategies for Preventing Improper Payments: Statement of Kathleen M. King: Director, Health Care: GAO-10-844T: GAO Highlights: Highlights of GAO-10-844T, a testimony before the Subcommittees on Health and Oversight, Committee on Ways and Means, House of Representatives. Why GAO Did This Study: GAO has designated Medicare as a high-risk program since 1990, in part because the program’s size and complexity make it vulnerable to fraud, waste, and abuse. Fraud represents intentional acts of deception with knowledge that the action or representation could result in an inappropriate gain, while abuse represents actions inconsistent with acceptable business or medical practices. Waste, which includes inaccurate payments for services, also occurs in the Medicare program. Fraud, waste, and abuse all can lead to improper payments, overpayments and underpayments that should not have been made, or that were made in an incorrect amount. In 2009, the Centers for Medicare & Medicaid Services (CMS)—the agency that administers Medicare—estimated billions of dollars in improper payments in the Medicare program. This statement will focus on challenges facing CMS and selected key strategies that are particularly important to helping prevent fraud, waste, and abuse, and ultimately to reducing improper payments. It is based on nine GAO products issued from September 2005 through March 2010 using a variety of methodologies, including analysis of claims, review of relevant policies and procedures, stakeholder interviews, and site visits. GAO received updated information from CMS in June 2010. What GAO Found: GAO has identified challenges and strategies in five key areas important in preventing fraud, waste, and abuse, and ultimately to reducing improper payments. GAO has made recommendations in these areas. CMS has made progress in some of these areas, and recent legislation may provide the agency with enhanced authority. However, CMS faces continuing challenges. 1. Strengthening provider enrollment process and standards. Checking the background of providers at the time they apply to become Medicare providers is a crucial step to reduce the risk of enrolling providers intent on defrauding or abusing the program. In particular, GAO has recommended stricter scrutiny of providers identified as particularly vulnerable to improper payments to ensure they are legitimate businesses. 2. Improving pre-payment review of claims. Pre-payment reviews of claims are essential to helping ensure that Medicare pays correctly the first time. GAO has recommended that CMS further enhance its ability to identify improper claims through additional automated pre- payment claim review before they are paid. 3. Focusing post-payment claims review on most vulnerable areas. Post- payment reviews are critical to identifying payment errors and recouping overpayments. GAO has recommended that CMS better target claims for post payment review on the most vulnerable areas. 4. Improving oversight of contractors. Because Medicare is administered by contractors, overseeing their activities to address fraud, waste, and abuse is critical. GAO found that CMS’s oversight of prescription drug plan sponsors’ compliance programs has been limited. However, partly in response to GAO’s recommendation, CMS oversight of these programs is expanding. 5. Developing a robust process for addressing identified vulnerabilities. Having mechanisms in place to resolve vulnerabilities that lead to improper payment is vital to program management, but CMS has not developed a robust process to specifically address these. GAO has recommended that CMS establish an adequate process to ensure prompt resolution of identified improper payment vulnerabilities. View [hyperlink, http://www.gao.gov/products/GAO-10-844T] or key components. For more information, contact Kathleen M. King at (202) 512-7114 or kingk@gao.gov. [End of section] Mr. Chairman and Members of the Subcommittees: I am pleased to be here today to discuss our work regarding fraud, waste, and abuse in the Medicare program.[Footnote 1] We have designated Medicare as a high-risk program since 1990, in part because we found the program's size and complexity make it vulnerable to fraud, waste, and abuse.[Footnote 2] Fraud represents intentional acts of deception with knowledge that the action or representation could result in an inappropriate gain, while abuse represents actions inconsistent with acceptable business or medical practices. Waste, which includes inaccurate payments for services, such as unintentional duplicate payments, also occurs in the Medicare program. Fraud, waste, and abuse all can lead to improper payments, overpayments and underpayments that should not have been made or that were made in an incorrect amount. The Centers for Medicare & Medicaid Services (CMS)[Footnote 3]--the agency that administers Medicare--has estimated improper payments for Medicare fee-for-service (FFS) at $24.1 billion in calendar year 2009.[Footnote 4] Even this may not be a full picture of the risk for improper payments because some improper payments may not be detected and hence may not be reflected in the improper payment rate.[Footnote 5] Beginning in 1997, Congress has allocated funds specifically for CMS oversight activities designed to ensure that claims are paid correctly, both through dedicated funding and augmented more recently through annual appropriations. Further, the Patient Protection and Affordable Care Act (PPACA)[Footnote 6] and the Health Care and Education Reconciliation Act of 2010 (HCERA)[Footnote 7] have provisions that may help strengthen strategies CMS may take to reduce improper payments. For example, the legislation requires the Department of Health and Human Services (HHS) to undertake certain actions designed to strengthen the agency's processes of screening and enrolling Medicare providers in an effort to combat fraud, waste, and abuse. However, preventing improper payments in Medicare is a continuing challenge. Within Medicare FFS, CMS contractors are responsible for processing and paying approximately 4.5 million claims per day, enrolling providers, responding to beneficiary questions, and investigating potential Medicare fraud.[Footnote 8] For Medicare Advantage, Medicare's private health insurance program, and the Medicare prescription drug benefit, CMS contracts with private health plans and drug plan sponsors, respectively, that are responsible for administering Medicare benefits. Hence, CMS contractors have an important role in preventing improper payments.[Footnote 9] In the course of our work, we have identified challenges facing CMS and selected key strategies that are particularly important to helping prevent fraud, waste, and abuse, and ultimately to reducing improper payments. My testimony today will focus on our findings in these areas. This statement is based on nine products that we have issued regarding fraud, waste, abuse, and improper payments in the Medicare program. These products were issued from September 2005 through March 2010 using a variety of methodologies, including analysis of claims, review of relevant policies and procedures, stakeholder interviews, and site visits.[Footnote 10] For this statement we also received updated information from CMS in June 2010. Our work was performed in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. CMS Faces Challenges in Implementing Strategies to Prevent Fraud, Waste, and Abuse: GAO has identified key strategies to help CMS address challenges it faces in preventing fraud, waste, and abuse, and ultimately to reducing improper payments. These strategies are: (1) strengthening provider enrollment processes and standards, (2) improving pre-payment review of claims, (3) focusing post-payment claims review on most vulnerable areas, (4) improving oversight of contractors, and (5) developing a robust process for addressing identified vulnerabilities.[Footnote 11] In the course of our work, we have found that CMS has made progress in some of these areas, and recent legislation may provide it with enhanced authority. However, CMS has not implemented some of our recommendations and other challenges remain. Strengthening Provider Enrollment Processes and Standards to Reduce the Risk of Enrolling Providers Intent on Abusing the Program: Given the large number of providers filing claims with Medicare and the volume of payments the agency and its contractors handle, ensuring that providers are legitimate businesses before allowing them to bill Medicare is important. Checking the background of providers at the time they apply to become Medicare providers is a crucial step to reduce the risk of enrolling providers intent on defrauding or abusing the program. In particular, we have recommended stricter scrutiny of enrollment processes for two types of providers whose services and items CMS has identified as especially vulnerable to improper payments--home health agencies (HHA)[Footnote 12] and suppliers of durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS).[Footnote 13] CMS contractors are responsible for screening enrollment applications from prospective HHAs. We found that the screening process was not thorough. This may have contributed to a rapid increase in the number of HHAs that billed Medicare in certain states with unusually high rates of billing patterns indicative of fraud and abuse. For example, the contractors were not required to verify the criminal history of persons named on the application. We recommended that CMS assess the feasibility of such a criminal history verification of all key officials' names on an HHA enrollment application; to date, CMS has not implemented this recommendation. Regarding DMEPOS suppliers, we also found that CMS had not taken sufficient steps to prevent entities intent on defrauding Medicare from enrolling in the program. In 2005, we reported that more effective screening and stronger enrollment standards were needed.[Footnote 14] CMS implemented new supplier enrollment standards in January 2008, partly in response to our recommendation. However, in that same year, we exposed persistent weaknesses when we created two fictitious medical equipment companies that were enrolled by CMS's contractor and given permission to begin billing Medicare.[Footnote 15] As an enrollment requirement, suppliers are required to show that they have contracts for obtaining inventory--but the contracts provided with the applications of our fictitious companies would have been shown to be fabricated if they had been reviewed properly. Since January 2008, CMS has taken two additional steps to ensure that only legitimate DMEPOS suppliers can bill Medicare. First, it implemented a requirement for DMEPOS suppliers to post a surety bond to help ensure that the Medicare program recoups erroneous payments that result from fraudulent or abusive billing practices.[Footnote 16] Second, CMS required that all DMEPOS suppliers be accredited by a CMS- approved accrediting organization to ensure that they meet minimum standards. CMS told us that thousands of DMEPOS suppliers were removed as result of these requirements. In addition, Congress has directed CMS to implement a competitive bidding program for DME, which could also help reduce fraud, waste, and abuse because it authorizes CMS to select suppliers based in part on new scrutiny of their financial documents and other application materials. However, the program will not take effect until January 2011 and it will initially be implemented in only nine metropolitan areas. Implementation of additional authorities in PPACA and HCERA also may help the agency strengthen provider enrollment, including addressing vulnerabilities our work has identified. In particular, among other provisions, the legislation allows HHS to (1) add criminal and background checks to its enrollment screening processes, depending on the risks presented by the provider; and (2) impose a temporary moratorium on enrollment of providers, if the agency deems it necessary to prevent fraud and abuse.[Footnote 17] In addition, there are specific requirements for providers to disclose any current or previous affiliation with a provider or supplier that has uncollected debt, has been or is subject to a payment suspension under a federal health care program, has been excluded from participation under Medicare, Medicaid or the State Children's Health Insurance Program (CHIP) or has had its billing privileges denied or revoked. HHS may deny enrollment to any such provider whose previous affiliations pose an undue risk. However, the effectiveness of these authorities is unknown and will depend on CMS's implementation. CMS told us that the agency is in the process of implementing these authorities, including drafting regulations on criminal and background checks. Improving Pre-Payment Review of Claims: Pre-payment reviews of claims are essential to helping ensure that Medicare pays correctly the first time; however, these reviews are challenging due to the volume of claims. Overall, less than 1 percent of Medicare's claims are subject to a medical record review by trained personnel[Footnote 18]--so having robust automated payment controls called edits in place that can deny inappropriate claims or flag them for further review is critical. However, we have found weaknesses in these pre-payment controls. For example, in 2007, we found that contractors responsible for reviewing DMEPOS suppliers' claims did not have automated pre-payment controls in place to identify questionable claims that might connote fraud, such as those associated with atypically rapid increases in billing or for items unlikely to be prescribed in the course of routine quality medical care.[Footnote 19] As a result, we recommended in 2007 that CMS require its contractors to develop thresholds for unexplained increases in billing and use them to develop automated pre-payment controls. Although CMS has not implemented that recommendation specifically, it has added edits to flag claims for services that were unlikely to be provided in the normal course of medical care. This is a valuable addition to the program's safeguards, but additional pre-payment controls, such as using thresholds for unexplained increases in billing, could further enhance CMS's ability to identify improper claims before they are paid. Focusing Post-Payment Claims Review on Most Vulnerable Areas: Post-payment reviews are critical to identifying payment errors to recoup overpayments. CMS's contractors have conducted limited post- payment reviews--for example, we reported in 2009 that two contractors paying home health claims conducted post-payment reviews on fewer than 700 of the 8.7 million claims that they paid in fiscal year 2007.[Footnote 20] Further, we found that they were not using evidence, such as findings from pre-payment reviews, to target their post-payment review resources on providers with a demonstrated high risk of improper payments. We recommended that post-payment reviews be conducted on claims submitted by HHAs with high rates of improper billing identified through pre-payment review. In response, CMS commented that other types of post-payment review may already include claims from these HHAs. We continue to believe including this targeted post-payment review should be a priority. Cross-checking claims for home health services with the physicians who prescribed them can be a further safeguard against fraud, waste, and abuse, but we have found that this is not always done.[Footnote 21] For example, CMS does not routinely provide physicians responsible for authorizing home health care with information that would enable them to determine whether an HHA was billing for unauthorized care. In one instance, a CMS contractor identified overpayments in excess of $9 million after interviewing physicians who had referred beneficiaries with high home health costs. The physicians indicated that their signatures had been forged or that they had not realized the amount of care they had authorized. We recommended that CMS require that physicians receive a statement of services beneficiaries received based on the physicians' certification, but to date, the agency has not taken action. CMS's new national recovery audit contracting program, begun in March 2009, was intended to address post-payment efforts; however, we continue to have concerns about post-payment reviews of HHAs and DMEPOS. Congress authorized the national program after completion of a three-year recovery audit contracting demonstration program in 2008. [Footnote 22] The national program is designed to help the agency supplement the pre-and post-payment reviews of other contractors. Recovery audit contractors (RAC) review claims after payment, with reimbursement to them contingent on finding improper overpayments and underpayments. Because RACs are paid on a contingent fee based on the dollar value of the improper payments identified, during the demonstration RACs focused on claims from inpatient hospital stays, which are generally more costly services. Therefore, other contractors' post-payment review activities could be more valuable if CMS directed these contractors to focus on items and services where RACs are not expected to focus their reviews, and where improper payments are known to be high, specifically home health and durable medical equipment. Improving Oversight of Contractors: Because Medicare is administered by contractors, such as drug plan sponsors, overseeing their activities to address fraud, waste, and abuse and prevent improper payment is critical. All drug plan sponsors are required to have programs to safeguard the Medicare prescription drug program from fraud, waste, and abuse. CMS's oversight of these programs has been limited but is expanding. In March 2010, we testified that CMS had completed desk audits of selected sponsors' compliance plans.[Footnote 23] At that time, CMS was beginning to implement an expanded oversight strategy, including revising its audit protocol and piloting on-site audits,[Footnote 24] to assess the effectiveness of these programs more thoroughly.[Footnote 25] As of June 2010, the agency has conducted 5 on-site audits and plans to conduct a total of 30 on-site audits by the end of the fiscal year. These audits are in response to a recommendation we made in our 2008 study that found that the five sponsors we reviewed (covering more than one-third of total Medicare prescription drug plan enrollees) had not completely implemented all seven of CMS's required compliance plan elements and selected recommended measures for a Medicare prescription drug fraud, waste, and abuse program.[Footnote 26] In addition, CMS published a final rule in April 2010 to increase its oversight efforts and ensure that sponsors have effective compliance programs in place. [Footnote 27] In issuing the proposed rule, CMS noted that we requested that the agency take actions to evaluate and oversee fraud and abuse programs to ensure sponsors have effective programs in place.[Footnote 28] Developing a Robust Process for Addressing Identified Vulnerabilities: Having mechanisms in place to resolve vulnerabilities that lead to improper payment is critical to program management, but CMS has not developed a robust process to specifically address identified vulnerabilities that lead to improper payment. Our Standards for Internal Control in the Federal Government indicate that part of an agency's controls should include policies and procedures to ensure that (1) the findings of all audits and reviews are promptly evaluated, (2) decisions are made about the appropriate response to these findings, and (3) actions are taken to correct or otherwise resolve the issues promptly.[Footnote 29] Further, our Internal Control Management and Evaluation Tool affirms that in order to establish an effective internal control environment, the agency has to appropriately assign authority, including holding individuals accountable for achieving agency objectives.[Footnote 30] As we reported in March 2010, CMS did not establish an adequate process during its initial recovery audit contracting demonstration or in planning for the national program to ensure prompt resolution of identified improper payment vulnerabilities.[Footnote 31] During the demonstration, CMS did not assign responsibility for taking corrective action on these vulnerabilities to either agency officials, contractors, or a combination of both. According to CMS officials, the agency only takes corrective action for vulnerabilities with national implications, and leaves it up to the contractors that process and pay claims to decide whether to take action for vulnerabilities that may only be occurring in certain geographic areas. Additionally, during the demonstration CMS did not specify in a plan what type of corrective action was required or establish a timeframe for corrective action. The documented lack of assigned responsibilities impeded CMS's efforts to promptly resolve the vulnerabilities that had been identified during the demonstration. For the recovery audit contracting national program, CMS established a corrective action team that will compile, review, and categorize identified vulnerabilities and discuss corrective action recommendations. CMS has also appointed the Director of the Office of Financial Management as responsible for the day-to-day operations of the program, and the CMS Administrator as the responsible official for vulnerabilities that span agency components. However, the corrective action process still does not include any steps to either assess the effectiveness of the corrective actions taken or adjust them as necessary based on the results of the assessments. Further, the agency has not developed time frames for implementing corrective actions. We recommended that CMS develop and implement a process that includes policies and procedures to ensure that the agency promptly (1) evaluates findings of RAC audits, (2) decides on the appropriate response and a time frame for taking action based on established criteria, and (3) acts to correct the vulnerabilities identified. CMS concurred with this recommendation. Agency officials indicated that they intended to review vulnerabilities on a case-by-case basis and were considering assigning them to risk categories that would help them prioritize action. However, this recommendation has not been implemented. Mr. Chairman, this concludes my prepared statement. I would be happy to answer any questions you or other members of the subcommittees may have. For further information about this statement, please contact Kathleen M. King at (202) 512-7114 or kingk@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this statement. Sheila Avruch, Christine Brudevold, and Martin T. Gahart, Assistant Directors; Lori Achman; Jennie F. Apter; Thomas Han; Jennel Harvey; Amanda Pusey; and James R. Walker were key contributors to this statement. Related GAO Products: Medicare Recovery Audit Contracting: Weaknesses Remain in Addressing Vulnerabilities to Improper Payments, Although Improvements Made to Contractor Oversight. [hyperlink, http://www.gao.gov/products/GAO-10-143]. Washington, D.C.: March 31, 2010. Medicare Part D: CMS Oversight of Part D Sponsors' Fraud and Abuse Programs Has Been Limited, but CMS Plans Oversight Expansion. [hyperlink, http://www.gao.gov/products/GAO-10-481T]. Washington, D.C.: March 3, 2010. Medicare: CMS Working to Address Problems from Round 1 of the Durable Medical Equipment Competitive Bidding Program. [hyperlink, http://www.gao.gov/products/GAO-10-27]. Washington, D.C.: November 6, 2009. Medicare: Improvements Needed to Address Improper Payments in Home Health. [hyperlink, http://www.gao.gov/products/GAO-09-185]. Washington, D.C.: February 27, 2009. Medicare Part D: Some Plan Sponsors Have Not Completely Implemented Fraud and Abuse Programs, and CMS Oversight Has Been Limited. [hyperlink, http://www.gao.gov/products/GAO-08-760]. Washington, D.C.: July 21, 2008. Medicare: Covert Testing Exposes Weaknesses In The Durable Medical Equipment Supplier Screening Process. [hyperlink, http://www.gao.gov/products/GAO-08-955]. Washington, D.C.: July 3, 2008. Medicare: Competitive Bidding For Medical Equipment and Supplies Could Reduce Program Payments, but Adequate Oversight is Critical. [hyperlink, http://www.gao.gov/products/GAO-08-767T]. Washington, D.C.: May 6, 2008. Medicare: Improvements Needed to Address Improper Payments for Medical Equipment and Supplies. [hyperlink, http://www.gao.gov/products/GAO-07-59]. Washington, D.C.: January 31, 2007. Medicare: More Effective Screening and Stronger Enrollment Standards Needed for Medical Equipment Suppliers. [hyperlink, http://www.gao.gov/products/GAO-05-656]. Washington, D.C.: September 22, 2005. [End of section] Footnotes: [1] Medicare is the federally financed health insurance program for persons aged 65 or over, certain individuals with disabilities, and individuals with end-stage renal disease. The program consists of four parts. Medicare Part A covers hospital and other inpatient stays. Medicare Part B is optional insurance, and covers hospital outpatient, physician, and other services. Medicare Parts A and B are known as original Medicare or Medicare FFS. Medicare beneficiaries have the option of obtaining coverage for Medicare Part A and B services from private health plans that participate in Medicare Advantage-- Medicare's managed care program, also known as Medicare Part C. All Medicare beneficiaries may purchase coverage for outpatient prescription drugs under Medicare Part D. [2] In 1990, GAO began to report on government operations that it identified as "high risk" for serious weaknesses in areas that involve substantial resources and provide critical services to the public. See GAO, High-Risk Series: An Update, [hyperlink, http://www.gao.gov/products/GAO-09-271] (Washington, D.C.: January 2009). [hyperlink, http://www.gao.gov/highrisk/risks/insurance/medicare_program.php]. [3] CMS is an agency within the Department of Health and Human Services (HHS) to which HHS has delegated responsibility for administering the Medicare program. [4] "Improper Medicare FFS Payments Report" in HHS's Fiscal Year 2009 Agency Financial Report, November 2009. [5] HHS's Office of Inspector General has raised concerns that the improper payment rates for certain provider types may be understated based on its review of additional medical records and interviews with beneficiaries and providers. [6] Pub. L. No. 111-148, 124 Stat. 119. [7] Pub. L. No. 111-152, 124 Stat. 1029. [8] Providers enroll in Medicare by meeting a series of requirements. For example, home health agencies (HHA) must submit an enrollment application that is screened by a Medicare contractor. If the application meets CMS standards, the contractor recommends approval to the state and CMS. The state reviews the HHA to determine if it is compliant with federal conditions of participation including requirements related to organization structure, administration, patient rights, medical supervision, and patient assessment. The HHA can also be accredited by an approved accrediting organization. The HHA must also meet the statutory and regulatory requirements in the state in which it is located. [9] For the purposes of this statement, we refer to any organization that is funded by Medicare to administer any part of the Medicare program as a "contractor." [10] For more detailed information on the methodologies used in our work, please consult the reports listed in the "Related GAO Products" at the end of this testimony. [11] Vulnerabilities are service specific errors that result in improper overpayments and underpayments. An example of a vulnerability that leads to improper payments is providers being allowed to bill for more than one blood transfusion in a hospital outpatient setting for a Medicare beneficiary in a day, which Medicare policy does not allow. [12] See GAO, Medicare: Improvements Needed to Address Improper payments in Home Health, [hyperlink, http://www.gao.gov/products/GAO-09-185] (Washington, D.C.: Feb. 27, 2009). [13] See GAO, Medicare: More Effective Screening and Stronger Enrollment Standards Needed for Medical Equipment Suppliers, [hyperlink, http://www.gao.gov/products/GAO-05-656] (Washington, D.C.: Sept. 22, 2005). [14] See [hyperlink, http://www.gao.gov/products/GAO-05-656]. [15] See GAO, Medicare: Covert Testing Exposes Weaknesses in the Durable Medical Equipment Supplier Screening Process, [hyperlink, http://www.gao.gov/products/GAO-08-955] (Washington, D.C.: July 3, 2008). [16] See Social Security Act §1834(a)(16)(B). As of October 2009, DMEPOS suppliers were required to obtain and submit a surety bond in the amount of at least $50,000. A DMEPOS surety bond is a bond issued by an entity guaranteeing that a DMEPOS supplier will fulfill its obligation to the Medicare program. If the obligation is not met, Medicare will recover its losses via the surety bond. PPAC requires that the bond be commensurate with the supplier's billing volume. See PPACA, Pub. L. No. 111-148, §6402(g). [17] PPACA, Pub. L. No. 111-148, §§6401(a)(2) and 10603(b). [18] Medicare uses contractors to process and pay claims, including putting computerized edits into their portion of the claims-processing system to help ensure proper payment. [19] For example, we found that Medicare paid over $2 million for beneficiaries' braces after the program had paid for prosthetics for the same beneficiaries' legs, feet, or ankles. See GAO, Medicare: Improvements Needed to Address Improper Payments for Medical Equipment and Suppliers, [hyperlink, http://www.gao.gov/products/GAO-07-59] (Washington, D.C.: Jan. 31, 2007). [20] See [hyperlink, http://www.gao.gov/products/GAO-09-185]. [21] See [hyperlink, http://www.gao.gov/products/GAO-09-185]. [22] The Medicare Prescription Drug, Improvement and Modernization Act of 2003 directed CMS to conduct a project to demonstrate how effective the use of recovery audit contractors (RAC) would be in identifying underpayments and overpayments, and recouping overpayments in the Medicare program. Subsequently, in December 2006 the Tax Relief and Health Care Act of 2006 required CMS to implement a national RAC program by January 1, 2010. [23] A desk audit includes reviews of requested documents. [24] An on-site audit includes interviews. [25] See Medicare Part D: CMS Oversight of Part D Sponsors' Fraud and Abuse Programs Has Been Limited, but CMS Plans Oversight Expansion. [hyperlink, http://www.gao.gov/products/GAO-10-481T] (Washington, D.C.: March 3, 2010). [26] GAO, Medicare Part D: Some Plan Sponsors Have Not Completely Implemented Fraud and Abuse Programs, and CMS Oversight Has Been Limited, [hyperlink, http://www.gao.gov/products/GAO-08-760] (Washington, D.C.: July 21, 2008). [27] Policy and Technical Changes to the Medicare Advantage and the Medicare Prescription Drug Benefit Programs, 75 Fed. Reg. 19,678 (April 15, 2010). [28] See Policy and Technical Changes to the Medicare Advantage and the Medicare Prescription Drug Benefit Programs, 74 Fed. Reg. 54,634, 54,643 (proposed Oct. 22, 2009). [29] GAO, Internal Control: Standards for Internal Control in the Federal Government, [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.: November 1999). Internal control is the component of an organization's management that provides reasonable assurance that the organization achieves: effective and efficient operations, reliable financial reporting, and compliance with applicable laws and regulations. Internal control standards provide a framework for identifying and addressing major performance challenges and areas at greatest risk for mismanagement. [30] GAO, Internal Control Standards: Internal Control Management and Evaluation Tool [hyperlink, http://www.gao.gov/products/GAO-01-1008G] (Washington, D.C.: August 2001). [31] [hyperlink, http://www.gao.gov/products/GAO-10-143] Medicare Recovery Audit Contracting: Weaknesses Remain in Addressing Vulnerabilities to Improper Payments, Although Improvements Made to Contractor Oversight (Washington, D.C. March 31, 2010). [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s Web site, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Ralph Dawn, Managing Director, dawnr@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: