GAO-10-844T, Medicare Fraud, Waste, and Abuse: Challenges and Strategies for Preventing Improper Payments


This is the accessible text file for GAO report number GAO-10-844T 
entitled 'Medicare Fraud, Waste, and Abuse: Challenges and Strategies 
for Preventing Improper Payments' which was released on June 15, 2010. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Testimony: 

Before the Subcommittees on Health and Oversight, Committee on Ways 
and Means, House of Representatives: 

United States Government Accountability Office: 
GAO: 

For Release on Delivery: 
Expected at 10:00 a.m. EDT:
Tuesday, June 15, 2010: 

Medicare Fraud, Waste, and Abuse: 

Challenges and Strategies for Preventing Improper Payments: 

Statement of Kathleen M. King:
Director, Health Care: 

GAO-10-844T: 

GAO Highlights: 

Highlights of GAO-10-844T, a testimony before the Subcommittees on 
Health and Oversight, Committee on Ways and Means, House of 
Representatives. 

Why GAO Did This Study: 

GAO has designated Medicare as a high-risk program since 1990, in part 
because the program’s size and complexity make it vulnerable to fraud, 
waste, and abuse. Fraud represents intentional acts of deception with 
knowledge that the action or representation could result in an 
inappropriate gain, while abuse represents actions inconsistent with 
acceptable business or medical practices. Waste, which includes 
inaccurate payments for services, also occurs in the Medicare program. 

Fraud, waste, and abuse all can lead to improper payments, 
overpayments and underpayments that should not have been made, or that 
were made in an incorrect amount. In 2009, the Centers for Medicare & 
Medicaid Services (CMS)—the agency that administers Medicare—estimated 
billions of dollars in improper payments in the Medicare program. 

This statement will focus on challenges facing CMS and selected key 
strategies that are particularly important to helping prevent fraud, 
waste, and abuse, and ultimately to reducing improper payments. It is 
based on nine GAO products issued from September 2005 through March 
2010 using a variety of methodologies, including analysis of claims, 
review of relevant policies and procedures, stakeholder interviews, 
and site visits. GAO received updated information from CMS in June 
2010. 

What GAO Found: 

GAO has identified challenges and strategies in five key areas 
important in preventing fraud, waste, and abuse, and ultimately to 
reducing improper payments. GAO has made recommendations in these 
areas. CMS has made progress in some of these areas, and recent 
legislation may provide the agency with enhanced authority. However, 
CMS faces continuing challenges. 

1. Strengthening provider enrollment process and standards. Checking 
the background of providers at the time they apply to become Medicare 
providers is a crucial step to reduce the risk of enrolling providers 
intent on defrauding or abusing the program. In particular, GAO has 
recommended stricter scrutiny of providers identified as particularly 
vulnerable to improper payments to ensure they are legitimate 
businesses. 

2. Improving pre-payment review of claims. Pre-payment reviews of 
claims are essential to helping ensure that Medicare pays correctly 
the first time. GAO has recommended that CMS further enhance its 
ability to identify improper claims through additional automated pre-
payment claim review before they are paid. 

3. Focusing post-payment claims review on most vulnerable areas. Post- 
payment reviews are critical to identifying payment errors and 
recouping overpayments. GAO has recommended that CMS better target 
claims for post payment review on the most vulnerable areas. 

4. Improving oversight of contractors. Because Medicare is 
administered by contractors, overseeing their activities to address 
fraud, waste, and abuse is critical. GAO found that CMS’s oversight of 
prescription drug plan sponsors’ compliance programs has been limited. 
However, partly in response to GAO’s recommendation, CMS oversight of 
these programs is expanding. 

5. Developing a robust process for addressing identified 
vulnerabilities. Having mechanisms in place to resolve vulnerabilities 
that lead to improper payment is vital to program management, but CMS 
has not developed a robust process to specifically address these. GAO 
has recommended that CMS establish an adequate process to ensure 
prompt resolution of identified improper payment vulnerabilities. 

View [hyperlink, http://www.gao.gov/products/GAO-10-844T] or key 
components. For more information, contact Kathleen M. King at (202) 
512-7114 or kingk@gao.gov. 

[End of section] 

Mr. Chairman and Members of the Subcommittees: 

I am pleased to be here today to discuss our work regarding fraud, 
waste, and abuse in the Medicare program.[Footnote 1] We have 
designated Medicare as a high-risk program since 1990, in part because 
we found the program's size and complexity make it vulnerable to 
fraud, waste, and abuse.[Footnote 2] Fraud represents intentional acts 
of deception with knowledge that the action or representation could 
result in an inappropriate gain, while abuse represents actions 
inconsistent with acceptable business or medical practices. Waste, 
which includes inaccurate payments for services, such as unintentional 
duplicate payments, also occurs in the Medicare program. 

Fraud, waste, and abuse all can lead to improper payments, 
overpayments and underpayments that should not have been made or that 
were made in an incorrect amount. The Centers for Medicare & Medicaid 
Services (CMS)[Footnote 3]--the agency that administers Medicare--has 
estimated improper payments for Medicare fee-for-service (FFS) at 
$24.1 billion in calendar year 2009.[Footnote 4] Even this may not be 
a full picture of the risk for improper payments because some improper 
payments may not be detected and hence may not be reflected in the 
improper payment rate.[Footnote 5] 

Beginning in 1997, Congress has allocated funds specifically for CMS 
oversight activities designed to ensure that claims are paid 
correctly, both through dedicated funding and augmented more recently 
through annual appropriations. Further, the Patient Protection and 
Affordable Care Act (PPACA)[Footnote 6] and the Health Care and 
Education Reconciliation Act of 2010 (HCERA)[Footnote 7] have 
provisions that may help strengthen strategies CMS may take to reduce 
improper payments. For example, the legislation requires the 
Department of Health and Human Services (HHS) to undertake certain 
actions designed to strengthen the agency's processes of screening and 
enrolling Medicare providers in an effort to combat fraud, waste, and 
abuse. 

However, preventing improper payments in Medicare is a continuing 
challenge. Within Medicare FFS, CMS contractors are responsible for 
processing and paying approximately 4.5 million claims per day, 
enrolling providers, responding to beneficiary questions, and 
investigating potential Medicare fraud.[Footnote 8] For Medicare 
Advantage, Medicare's private health insurance program, and the 
Medicare prescription drug benefit, CMS contracts with private health 
plans and drug plan sponsors, respectively, that are responsible for 
administering Medicare benefits. Hence, CMS contractors have an 
important role in preventing improper payments.[Footnote 9] In the 
course of our work, we have identified challenges facing CMS and 
selected key strategies that are particularly important to helping 
prevent fraud, waste, and abuse, and ultimately to reducing improper 
payments. My testimony today will focus on our findings in these areas. 

This statement is based on nine products that we have issued regarding 
fraud, waste, abuse, and improper payments in the Medicare program. 
These products were issued from September 2005 through March 2010 
using a variety of methodologies, including analysis of claims, review 
of relevant policies and procedures, stakeholder interviews, and site 
visits.[Footnote 10] For this statement we also received updated 
information from CMS in June 2010. Our work was performed in 
accordance with generally accepted government auditing standards. 
Those standards require that we plan and perform the audit to obtain 
sufficient, appropriate evidence to provide a reasonable basis for our 
findings and conclusions based on our audit objectives. We believe 
that the evidence obtained provides a reasonable basis for our 
findings and conclusions based on our audit objectives. 

CMS Faces Challenges in Implementing Strategies to Prevent Fraud, 
Waste, and Abuse: 

GAO has identified key strategies to help CMS address challenges it 
faces in preventing fraud, waste, and abuse, and ultimately to 
reducing improper payments. These strategies are: (1) strengthening 
provider enrollment processes and standards, (2) improving pre-payment 
review of claims, (3) focusing post-payment claims review on most 
vulnerable areas, (4) improving oversight of contractors, and (5) 
developing a robust process for addressing identified 
vulnerabilities.[Footnote 11] In the course of our work, we have found 
that CMS has made progress in some of these areas, and recent 
legislation may provide it with enhanced authority. However, CMS has 
not implemented some of our recommendations and other challenges 
remain. 

Strengthening Provider Enrollment Processes and Standards to Reduce 
the Risk of Enrolling Providers Intent on Abusing the Program: 

Given the large number of providers filing claims with Medicare and 
the volume of payments the agency and its contractors handle, ensuring 
that providers are legitimate businesses before allowing them to bill 
Medicare is important. Checking the background of providers at the 
time they apply to become Medicare providers is a crucial step to 
reduce the risk of enrolling providers intent on defrauding or abusing 
the program. In particular, we have recommended stricter scrutiny of 
enrollment processes for two types of providers whose services and 
items CMS has identified as especially vulnerable to improper 
payments--home health agencies (HHA)[Footnote 12] and suppliers of 
durable medical equipment, prosthetics, orthotics, and supplies 
(DMEPOS).[Footnote 13] 

CMS contractors are responsible for screening enrollment applications 
from prospective HHAs. We found that the screening process was not 
thorough. This may have contributed to a rapid increase in the number 
of HHAs that billed Medicare in certain states with unusually high 
rates of billing patterns indicative of fraud and abuse. For example, 
the contractors were not required to verify the criminal history of 
persons named on the application. We recommended that CMS assess the 
feasibility of such a criminal history verification of all key 
officials' names on an HHA enrollment application; to date, CMS has 
not implemented this recommendation. 

Regarding DMEPOS suppliers, we also found that CMS had not taken 
sufficient steps to prevent entities intent on defrauding Medicare 
from enrolling in the program. In 2005, we reported that more 
effective screening and stronger enrollment standards were 
needed.[Footnote 14] CMS implemented new supplier enrollment standards 
in January 2008, partly in response to our recommendation. However, in 
that same year, we exposed persistent weaknesses when we created two 
fictitious medical equipment companies that were enrolled by CMS's 
contractor and given permission to begin billing Medicare.[Footnote 
15] As an enrollment requirement, suppliers are required to show that 
they have contracts for obtaining inventory--but the contracts 
provided with the applications of our fictitious companies would have 
been shown to be fabricated if they had been reviewed properly. 

Since January 2008, CMS has taken two additional steps to ensure that 
only legitimate DMEPOS suppliers can bill Medicare. First, it 
implemented a requirement for DMEPOS suppliers to post a surety bond 
to help ensure that the Medicare program recoups erroneous payments 
that result from fraudulent or abusive billing practices.[Footnote 16] 
Second, CMS required that all DMEPOS suppliers be accredited by a CMS- 
approved accrediting organization to ensure that they meet minimum 
standards. CMS told us that thousands of DMEPOS suppliers were removed 
as result of these requirements. 

In addition, Congress has directed CMS to implement a competitive 
bidding program for DME, which could also help reduce fraud, waste, 
and abuse because it authorizes CMS to select suppliers based in part 
on new scrutiny of their financial documents and other application 
materials. However, the program will not take effect until January 
2011 and it will initially be implemented in only nine metropolitan 
areas. 

Implementation of additional authorities in PPACA and HCERA also may 
help the agency strengthen provider enrollment, including addressing 
vulnerabilities our work has identified. In particular, among other 
provisions, the legislation allows HHS to (1) add criminal and 
background checks to its enrollment screening processes, depending on 
the risks presented by the provider; and (2) impose a temporary 
moratorium on enrollment of providers, if the agency deems it 
necessary to prevent fraud and abuse.[Footnote 17] In addition, there 
are specific requirements for providers to disclose any current or 
previous affiliation with a provider or supplier that has uncollected 
debt, has been or is subject to a payment suspension under a federal 
health care program, has been excluded from participation under 
Medicare, Medicaid or the State Children's Health Insurance Program 
(CHIP) or has had its billing privileges denied or revoked. HHS may 
deny enrollment to any such provider whose previous affiliations pose 
an undue risk. However, the effectiveness of these authorities is 
unknown and will depend on CMS's implementation. CMS told us that the 
agency is in the process of implementing these authorities, including 
drafting regulations on criminal and background checks. 

Improving Pre-Payment Review of Claims: 

Pre-payment reviews of claims are essential to helping ensure that 
Medicare pays correctly the first time; however, these reviews are 
challenging due to the volume of claims. Overall, less than 1 percent 
of Medicare's claims are subject to a medical record review by trained 
personnel[Footnote 18]--so having robust automated payment controls 
called edits in place that can deny inappropriate claims or flag them 
for further review is critical. However, we have found weaknesses in 
these pre-payment controls. For example, in 2007, we found that 
contractors responsible for reviewing DMEPOS suppliers' claims did not 
have automated pre-payment controls in place to identify questionable 
claims that might connote fraud, such as those associated with 
atypically rapid increases in billing or for items unlikely to be 
prescribed in the course of routine quality medical care.[Footnote 19] 
As a result, we recommended in 2007 that CMS require its contractors 
to develop thresholds for unexplained increases in billing and use 
them to develop automated pre-payment controls. Although CMS has not 
implemented that recommendation specifically, it has added edits to 
flag claims for services that were unlikely to be provided in the 
normal course of medical care. This is a valuable addition to the 
program's safeguards, but additional pre-payment controls, such as 
using thresholds for unexplained increases in billing, could further 
enhance CMS's ability to identify improper claims before they are paid. 

Focusing Post-Payment Claims Review on Most Vulnerable Areas: 

Post-payment reviews are critical to identifying payment errors to 
recoup overpayments. CMS's contractors have conducted limited post- 
payment reviews--for example, we reported in 2009 that two contractors 
paying home health claims conducted post-payment reviews on fewer than 
700 of the 8.7 million claims that they paid in fiscal year 
2007.[Footnote 20] Further, we found that they were not using 
evidence, such as findings from pre-payment reviews, to target their 
post-payment review resources on providers with a demonstrated high 
risk of improper payments. We recommended that post-payment reviews be 
conducted on claims submitted by HHAs with high rates of improper 
billing identified through pre-payment review. In response, CMS 
commented that other types of post-payment review may already include 
claims from these HHAs. We continue to believe including this targeted 
post-payment review should be a priority. 

Cross-checking claims for home health services with the physicians who 
prescribed them can be a further safeguard against fraud, waste, and 
abuse, but we have found that this is not always done.[Footnote 21] 
For example, CMS does not routinely provide physicians responsible for 
authorizing home health care with information that would enable them 
to determine whether an HHA was billing for unauthorized care. In one 
instance, a CMS contractor identified overpayments in excess of $9 
million after interviewing physicians who had referred beneficiaries 
with high home health costs. The physicians indicated that their 
signatures had been forged or that they had not realized the amount of 
care they had authorized. We recommended that CMS require that 
physicians receive a statement of services beneficiaries received 
based on the physicians' certification, but to date, the agency has 
not taken action. 

CMS's new national recovery audit contracting program, begun in March 
2009, was intended to address post-payment efforts; however, we 
continue to have concerns about post-payment reviews of HHAs and 
DMEPOS. Congress authorized the national program after completion of a 
three-year recovery audit contracting demonstration program in 2008. 
[Footnote 22] The national program is designed to help the agency 
supplement the pre-and post-payment reviews of other contractors. 
Recovery audit contractors (RAC) review claims after payment, with 
reimbursement to them contingent on finding improper overpayments and 
underpayments. Because RACs are paid on a contingent fee based on the 
dollar value of the improper payments identified, during the 
demonstration RACs focused on claims from inpatient hospital stays, 
which are generally more costly services. Therefore, other 
contractors' post-payment review activities could be more valuable if 
CMS directed these contractors to focus on items and services where 
RACs are not expected to focus their reviews, and where improper 
payments are known to be high, specifically home health and durable 
medical equipment. 

Improving Oversight of Contractors: 

Because Medicare is administered by contractors, such as drug plan 
sponsors, overseeing their activities to address fraud, waste, and 
abuse and prevent improper payment is critical. All drug plan sponsors 
are required to have programs to safeguard the Medicare prescription 
drug program from fraud, waste, and abuse. CMS's oversight of these 
programs has been limited but is expanding. In March 2010, we 
testified that CMS had completed desk audits of selected sponsors' 
compliance plans.[Footnote 23] At that time, CMS was beginning to 
implement an expanded oversight strategy, including revising its audit 
protocol and piloting on-site audits,[Footnote 24] to assess the 
effectiveness of these programs more thoroughly.[Footnote 25] As of 
June 2010, the agency has conducted 5 on-site audits and plans to 
conduct a total of 30 on-site audits by the end of the fiscal year. 
These audits are in response to a recommendation we made in our 2008 
study that found that the five sponsors we reviewed (covering more 
than one-third of total Medicare prescription drug plan enrollees) had 
not completely implemented all seven of CMS's required compliance plan 
elements and selected recommended measures for a Medicare prescription 
drug fraud, waste, and abuse program.[Footnote 26] In addition, CMS 
published a final rule in April 2010 to increase its oversight efforts 
and ensure that sponsors have effective compliance programs in place. 
[Footnote 27] In issuing the proposed rule, CMS noted that we 
requested that the agency take actions to evaluate and oversee fraud 
and abuse programs to ensure sponsors have effective programs in 
place.[Footnote 28] 

Developing a Robust Process for Addressing Identified Vulnerabilities: 

Having mechanisms in place to resolve vulnerabilities that lead to 
improper payment is critical to program management, but CMS has not 
developed a robust process to specifically address identified 
vulnerabilities that lead to improper payment. Our Standards for 
Internal Control in the Federal Government indicate that part of an 
agency's controls should include policies and procedures to ensure 
that (1) the findings of all audits and reviews are promptly 
evaluated, (2) decisions are made about the appropriate response to 
these findings, and (3) actions are taken to correct or otherwise 
resolve the issues promptly.[Footnote 29] Further, our Internal 
Control Management and Evaluation Tool affirms that in order to 
establish an effective internal control environment, the agency has to 
appropriately assign authority, including holding individuals 
accountable for achieving agency objectives.[Footnote 30] 

As we reported in March 2010, CMS did not establish an adequate 
process during its initial recovery audit contracting demonstration or 
in planning for the national program to ensure prompt resolution of 
identified improper payment vulnerabilities.[Footnote 31] During the 
demonstration, CMS did not assign responsibility for taking corrective 
action on these vulnerabilities to either agency officials, 
contractors, or a combination of both. According to CMS officials, the 
agency only takes corrective action for vulnerabilities with national 
implications, and leaves it up to the contractors that process and pay 
claims to decide whether to take action for vulnerabilities that may 
only be occurring in certain geographic areas. Additionally, during 
the demonstration CMS did not specify in a plan what type of 
corrective action was required or establish a timeframe for corrective 
action. The documented lack of assigned responsibilities impeded CMS's 
efforts to promptly resolve the vulnerabilities that had been 
identified during the demonstration. 

For the recovery audit contracting national program, CMS established a 
corrective action team that will compile, review, and categorize 
identified vulnerabilities and discuss corrective action 
recommendations. CMS has also appointed the Director of the Office of 
Financial Management as responsible for the day-to-day operations of 
the program, and the CMS Administrator as the responsible official for 
vulnerabilities that span agency components. However, the corrective 
action process still does not include any steps to either assess the 
effectiveness of the corrective actions taken or adjust them as 
necessary based on the results of the assessments. Further, the agency 
has not developed time frames for implementing corrective actions. We 
recommended that CMS develop and implement a process that includes 
policies and procedures to ensure that the agency promptly (1) 
evaluates findings of RAC audits, (2) decides on the appropriate 
response and a time frame for taking action based on established 
criteria, and (3) acts to correct the vulnerabilities identified. CMS 
concurred with this recommendation. Agency officials indicated that 
they intended to review vulnerabilities on a case-by-case basis and 
were considering assigning them to risk categories that would help 
them prioritize action. However, this recommendation has not been 
implemented. 

Mr. Chairman, this concludes my prepared statement. I would be happy 
to answer any questions you or other members of the subcommittees may 
have. 

For further information about this statement, please contact Kathleen 
M. King at (202) 512-7114 or kingk@gao.gov. Contact points for our 
Offices of Congressional Relations and Public Affairs may be found on 
the last page of this statement. Sheila Avruch, Christine Brudevold, 
and Martin T. Gahart, Assistant Directors; Lori Achman; Jennie F. 
Apter; Thomas Han; Jennel Harvey; Amanda Pusey; and James R. Walker 
were key contributors to this statement. 

Related GAO Products: 

Medicare Recovery Audit Contracting: Weaknesses Remain in Addressing 
Vulnerabilities to Improper Payments, Although Improvements Made to 
Contractor Oversight. [hyperlink, 
http://www.gao.gov/products/GAO-10-143]. Washington, D.C.: March 31, 
2010. 

Medicare Part D: CMS Oversight of Part D Sponsors' Fraud and Abuse 
Programs Has Been Limited, but CMS Plans Oversight Expansion. 
[hyperlink, http://www.gao.gov/products/GAO-10-481T]. Washington, 
D.C.: March 3, 2010. 

Medicare: CMS Working to Address Problems from Round 1 of the Durable 
Medical Equipment Competitive Bidding Program. [hyperlink, 
http://www.gao.gov/products/GAO-10-27]. Washington, D.C.: November 6, 
2009. 

Medicare: Improvements Needed to Address Improper Payments in Home 
Health. [hyperlink, http://www.gao.gov/products/GAO-09-185]. 
Washington, D.C.: February 27, 2009. 

Medicare Part D: Some Plan Sponsors Have Not Completely Implemented 
Fraud and Abuse Programs, and CMS Oversight Has Been Limited. 
[hyperlink, http://www.gao.gov/products/GAO-08-760]. Washington, D.C.: 
July 21, 2008. 

Medicare: Covert Testing Exposes Weaknesses In The Durable Medical 
Equipment Supplier Screening Process. [hyperlink, 
http://www.gao.gov/products/GAO-08-955]. Washington, D.C.: July 3, 
2008. 

Medicare: Competitive Bidding For Medical Equipment and Supplies Could 
Reduce Program Payments, but Adequate Oversight is Critical. 
[hyperlink, http://www.gao.gov/products/GAO-08-767T]. Washington, 
D.C.: May 6, 2008. 

Medicare: Improvements Needed to Address Improper Payments for Medical 
Equipment and Supplies. [hyperlink, 
http://www.gao.gov/products/GAO-07-59]. Washington, D.C.: January 31, 
2007. 

Medicare: More Effective Screening and Stronger Enrollment Standards 
Needed for Medical Equipment Suppliers. [hyperlink, 
http://www.gao.gov/products/GAO-05-656]. Washington, D.C.: September 
22, 2005. 

[End of section] 

Footnotes: 

[1] Medicare is the federally financed health insurance program for 
persons aged 65 or over, certain individuals with disabilities, and 
individuals with end-stage renal disease. The program consists of four 
parts. Medicare Part A covers hospital and other inpatient stays. 
Medicare Part B is optional insurance, and covers hospital outpatient, 
physician, and other services. Medicare Parts A and B are known as 
original Medicare or Medicare FFS. Medicare beneficiaries have the 
option of obtaining coverage for Medicare Part A and B services from 
private health plans that participate in Medicare Advantage--
Medicare's managed care program, also known as Medicare Part C. All 
Medicare beneficiaries may purchase coverage for outpatient 
prescription drugs under Medicare Part D. 

[2] In 1990, GAO began to report on government operations that it 
identified as "high risk" for serious weaknesses in areas that involve 
substantial resources and provide critical services to the public. See 
GAO, High-Risk Series: An Update, [hyperlink, 
http://www.gao.gov/products/GAO-09-271] (Washington, D.C.: January 
2009). [hyperlink, 
http://www.gao.gov/highrisk/risks/insurance/medicare_program.php]. 

[3] CMS is an agency within the Department of Health and Human 
Services (HHS) to which HHS has delegated responsibility for 
administering the Medicare program. 

[4] "Improper Medicare FFS Payments Report" in HHS's Fiscal Year 2009 
Agency Financial Report, November 2009. 

[5] HHS's Office of Inspector General has raised concerns that the 
improper payment rates for certain provider types may be understated 
based on its review of additional medical records and interviews with 
beneficiaries and providers. 

[6] Pub. L. No. 111-148, 124 Stat. 119. 

[7] Pub. L. No. 111-152, 124 Stat. 1029. 

[8] Providers enroll in Medicare by meeting a series of requirements. 
For example, home health agencies (HHA) must submit an enrollment 
application that is screened by a Medicare contractor. If the 
application meets CMS standards, the contractor recommends approval to 
the state and CMS. The state reviews the HHA to determine if it is 
compliant with federal conditions of participation including 
requirements related to organization structure, administration, 
patient rights, medical supervision, and patient assessment. The HHA 
can also be accredited by an approved accrediting organization. The 
HHA must also meet the statutory and regulatory requirements in the 
state in which it is located. 

[9] For the purposes of this statement, we refer to any organization 
that is funded by Medicare to administer any part of the Medicare 
program as a "contractor." 

[10] For more detailed information on the methodologies used in our 
work, please consult the reports listed in the "Related GAO Products" 
at the end of this testimony. 

[11] Vulnerabilities are service specific errors that result in 
improper overpayments and underpayments. An example of a vulnerability 
that leads to improper payments is providers being allowed to bill for 
more than one blood transfusion in a hospital outpatient setting for a 
Medicare beneficiary in a day, which Medicare policy does not allow. 

[12] See GAO, Medicare: Improvements Needed to Address Improper 
payments in Home Health, [hyperlink, 
http://www.gao.gov/products/GAO-09-185] (Washington, D.C.: Feb. 27, 
2009). 

[13] See GAO, Medicare: More Effective Screening and Stronger 
Enrollment Standards Needed for Medical Equipment Suppliers, 
[hyperlink, http://www.gao.gov/products/GAO-05-656] (Washington, D.C.: 
Sept. 22, 2005). 

[14] See [hyperlink, http://www.gao.gov/products/GAO-05-656]. 

[15] See GAO, Medicare: Covert Testing Exposes Weaknesses in the 
Durable Medical Equipment Supplier Screening Process, [hyperlink, 
http://www.gao.gov/products/GAO-08-955] (Washington, D.C.: July 3, 
2008). 

[16] See Social Security Act §1834(a)(16)(B). As of October 2009, 
DMEPOS suppliers were required to obtain and submit a surety bond in 
the amount of at least $50,000. A DMEPOS surety bond is a bond issued 
by an entity guaranteeing that a DMEPOS supplier will fulfill its 
obligation to the Medicare program. If the obligation is not met, 
Medicare will recover its losses via the surety bond. PPAC requires 
that the bond be commensurate with the supplier's billing volume. See 
PPACA, Pub. L. No. 111-148, §6402(g). 

[17] PPACA, Pub. L. No. 111-148, §§6401(a)(2) and 10603(b). 

[18] Medicare uses contractors to process and pay claims, including 
putting computerized edits into their portion of the claims-processing 
system to help ensure proper payment. 

[19] For example, we found that Medicare paid over $2 million for 
beneficiaries' braces after the program had paid for prosthetics for 
the same beneficiaries' legs, feet, or ankles. See GAO, Medicare: 
Improvements Needed to Address Improper Payments for Medical Equipment 
and Suppliers, [hyperlink, http://www.gao.gov/products/GAO-07-59] 
(Washington, D.C.: Jan. 31, 2007). 

[20] See [hyperlink, http://www.gao.gov/products/GAO-09-185]. 

[21] See [hyperlink, http://www.gao.gov/products/GAO-09-185]. 

[22] The Medicare Prescription Drug, Improvement and Modernization Act 
of 2003 directed CMS to conduct a project to demonstrate how effective 
the use of recovery audit contractors (RAC) would be in identifying 
underpayments and overpayments, and recouping overpayments in the 
Medicare program. Subsequently, in December 2006 the Tax Relief and 
Health Care Act of 2006 required CMS to implement a national RAC 
program by January 1, 2010. 

[23] A desk audit includes reviews of requested documents. 

[24] An on-site audit includes interviews. 

[25] See Medicare Part D: CMS Oversight of Part D Sponsors' Fraud and 
Abuse Programs Has Been Limited, but CMS Plans Oversight Expansion. 
[hyperlink, http://www.gao.gov/products/GAO-10-481T] (Washington, 
D.C.: March 3, 2010). 

[26] GAO, Medicare Part D: Some Plan Sponsors Have Not Completely 
Implemented Fraud and Abuse Programs, and CMS Oversight Has Been 
Limited, [hyperlink, http://www.gao.gov/products/GAO-08-760] 
(Washington, D.C.: July 21, 2008). 

[27] Policy and Technical Changes to the Medicare Advantage and the 
Medicare Prescription Drug Benefit Programs, 75 Fed. Reg. 19,678 
(April 15, 2010). 

[28] See Policy and Technical Changes to the Medicare Advantage and 
the Medicare Prescription Drug Benefit Programs, 74 Fed. Reg. 54,634, 
54,643 (proposed Oct. 22, 2009). 

[29] GAO, Internal Control: Standards for Internal Control in the 
Federal Government, [hyperlink, 
http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.: 
November 1999). Internal control is the component of an organization's 
management that provides reasonable assurance that the organization 
achieves: effective and efficient operations, reliable financial 
reporting, and compliance with applicable laws and regulations. 
Internal control standards provide a framework for identifying and 
addressing major performance challenges and areas at greatest risk for 
mismanagement. 

[30] GAO, Internal Control Standards: Internal Control Management and 
Evaluation Tool [hyperlink, http://www.gao.gov/products/GAO-01-1008G] 
(Washington, D.C.: August 2001). 

[31] [hyperlink, http://www.gao.gov/products/GAO-10-143] Medicare 
Recovery Audit Contracting: Weaknesses Remain in Addressing 
Vulnerabilities to Improper Payments, Although Improvements Made to 
Contractor Oversight (Washington, D.C. March 31, 2010). 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Phone: 

The price of each GAO publication reflects GAO’s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO’s Web site, 
[hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional 
information. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Ralph Dawn, Managing Director, dawnr@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: