GAO-12-292T, Fraud Detection Systems: Centers for Medicare and Medicaid Services Needs to Expand Efforts to Support Program Integrity Initiatives


This is the accessible text file for GAO report number GAO-12-292T 
entitled 'Fraud Detection Systems: Centers for Medicare and Medicaid 
Services Needs to Expand Efforts to Support Program Integrity 
Initiatives' which was released on December 7, 2011. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

United States Government Accountability Office: 
GAO: 

Testimony before the Subcommittees on Government Organization, 
Efficiency and Financial Management; and Health Care, District of 
Columbia, Census and the National Archives; Committee on Oversight and 
Government Reform, House of Representatives: 

For Release on Delivery: 
Expected at 10:00 a.m. EST:
Wednesday, December 7, 2011: 

Fraud Detection Systems: 

Centers for Medicare and Medicaid Services Needs to Expand Efforts to 
Support Program Integrity Initiatives: 

Statement of Valerie C. Melvin, Director:
Information Management and Technology Resources Issues: 

GAO-12-292T: 

GAO Highlights: 

Highlights of GAO-12-292T, a testimony for Subcommittees of the 
Committee on Oversight and Government Reform, House of Representatives. 

Why GAO Did This Study: 

The Centers for Medicare and Medicaid Services (CMS) is responsible 
for administering and safeguarding its programs from loss of funds. As 
GAO reported in June 2011, CMS utilizes automated systems and tools to 
help improve the detection of improper payments for fraudulent, 
wasteful, and abusive claims. To integrate claims information and 
improve its ability to detect fraud, waste, and abuse in these 
programs, CMS initiated two information technology system programs: 
the Integrated Data Repository (IDR) and One Program Integrity (One 
PI). 

GAO was asked to testify on its earlier report that examined CMS’s 
efforts to protect the integrity of the Medicare and Medicaid programs 
through the use of information technology. In that prior study, GAO 
assessed the extent to which IDR and One PI have been developed and 
implemented, and CMS’s progress toward achieving its goals and 
objectives for using these systems to detect fraud, waste, and abuse. 

What GAO Found: 

GAO previously reported that CMS had developed and begun using both 
IDR and One PI, but had not incorporated into IDR all data as planned. 
IDR is intended to be the central repository of Medicare and Medicaid 
data needed to help CMS and states’ program integrity staff and 
contractors prevent and detect improper payments. Program integrity 
analysts use these data to identify patterns of unusual activities or 
transactions that may indicate fraudulent charges or other types of 
improper payments. IDR has been operational and in use since September 
2006 but did not include all the data that were planned to be 
incorporated by fiscal year 2010. For example, IDR included most types 
of Medicare claims data, but not the Medicaid data needed to help 
analysts detect improper payments of Medicaid claims. According to 
program officials, these data were not incorporated because of 
obstacles introduced by technical issues and delays in funding. Until 
the agency finalizes plans and develops reliable schedules for efforts 
to incorporate these data, CMS may face additional delays in making 
available all the data that are needed to support enhanced Medicare 
and Medicaid program integrity efforts. 

Additionally, CMS had not taken steps to ensure widespread use of One 
PI to enhance efforts to detect fraud, waste, and abuse. One PI is a 
web-based portal that is to provide CMS staff and contractors, and 
Medicaid analysts with a single source of access to data contained in 
IDR, as well as tools for analyzing those data. While One PI had been 
developed and deployed to users, no Medicaid analysts and only a few 
Medicare program integrity analysts were trained and using the system. 
Specifically, One PI program officials planned for 639 program 
integrity analysts, including 130 Medicaid analysts, to be using the 
system by the end of fiscal year 2010; however, as of October 2010, 
only 41-—less than 7 percent-—were actively using the portal and 
tools. According to program officials, the agency’s initial training 
plans were insufficient and, as a result, they were not able to train 
the intended community of users. Until program officials finalize 
plans and develop reliable schedules for training users and expanding 
the use of One PI, the agency may continue to experience delays in 
reaching widespread use of the system. 

While CMS had made progress toward its goals to provide a single 
repository of data and enhanced analytical capabilities for program 
integrity efforts, the agency was not yet positioned to identify, 
measure, and track benefits realized from its efforts. As a result, it 
was unknown whether IDR and One PI as implemented had provided 
financial benefits. According to IDR officials, they did not measure 
benefits realized from increases in the detection rate for improper 
payments because they relied on business owners to do so; One PI 
officials stated that, because of the limited use of that system, 
there were not enough data to measure and gauge the program’s success 
toward achieving the $21 billion in financial benefits that the agency 
projected. 

What GAO Recommends: 

GAO is not making new recommendations at this time. GAO recommended in 
June 2011 that CMS take actions to finalize plans and schedules for 
achieving widespread use of IDR and One PI, and to define measurable 
benefits. CMS concurred with GAO’s recommendations. 

View [hyperlink, http://www.gao.gov/products/GAO-12-282T] or key 
components. For more information, contact Valerie Melvin at (202) 512-
6304 or melvinv@gao.gov. [End of section] 

Chairmen Platts and Gowdy, Ranking Members Towns and Davis, and 
Members of the Subcommittees: 

I am pleased to participate in today's hearing on fraud and improper 
payments in the Medicaid program. At your request, my testimony will 
focus on our report earlier this year that examined the Centers for 
Medicare and Medicaid Services' (CMS) efforts to protect the integrity 
of the Medicare and Medicaid programs through the use of information 
technology. Specifically, in June 2011 we reported on CMS's 
utilization of automated systems and tools to help improve the 
detection of fraudulent, wasteful, and abusive claims that contribute 
to the billions of taxpayers' dollars lost each year to improper 
payments within these programs.[Footnote 1] 

Operating within the Department of Health and Human Services, CMS 
conducts reviews to prevent improper payments before Medicare and 
Medicaid claims are paid and to detect claims that were paid in error. 
These activities are predominantly carried out by contractors who, 
along with CMS personnel, use various information technology solutions 
to consolidate and analyze data to help identify the improper payment 
of claims. For example, these program integrity analysts may use 
software tools to access data about claims and then use those data to 
identify patterns of unusual activities by attempting to match 
services with patients' diagnoses. 

In 2006, CMS initiated activities to centralize and make more 
accessible the data needed to conduct these analyses and to improve 
the analytical tools available to its own and contractor analysts. Our 
June 2011 report discussed two of these initiatives--the Integrated 
Data Repository (IDR), which is intended to provide a single source of 
data related to Medicare and Medicaid claims, and the One Program 
Integrity (One PI) system, a web-based portal[Footnote 2] and suite of 
analytical software tools used to extract data from IDR and enable 
complex analyses of these data. According to CMS officials responsible 
for developing and implementing IDR and One PI, the agency had spent 
approximately $161 million on these initiatives by the end of fiscal 
year 2010. 

My testimony summarizes the results of our prior study, which 
specifically assessed the extent to which IDR and One PI had been 
developed and implemented, and CMS’s progress toward achieving its 
goals and objectives for using these systems to detect fraud, waste, 
and abuse. The information presented is based primarily on our 
previous work at CMS. Additional information on our scope and 
methodology is available in the issued report.[Footnote 3] We also 
obtained and conducted a review of more recent documentation 
pertaining to the agency’s efforts to develop and implement the 
systems. We conducted this work in support of our testimony during 
November and December 2011 at CMS headquarters in Baltimore, 
Maryland. All work on which this testimony is based was conducted 
in accordance with generally accepted government auditing standards. 

Background: 

Like financial institutions, credit card companies, telecommunications 
firms, and other private sector companies that take steps to protect 
customers' accounts, CMS uses information technology to help predict 
or detect cases of improper claims and payments. For more than a 
decade, the agency and its contractors have used automated software 
tools to analyze data from various sources to detect patterns of 
unusual activities or financial transactions that indicate payments 
could be made for fraudulent charges or improper payments. For 
example, to identify unusual billing patterns and support 
investigations and referrals for prosecutions of cases, analysts and 
investigators access information about key actions taken to process 
claims as they are filed and the specific details about claims already 
paid. This would include accessing information on claims as they are 
billed, adjusted, and paid or denied; check numbers on payments of 
claims; and other specific information that could help establish 
provider intent. 

CMS uses many different means to store and manipulate data and, since 
the establishment of the agency's program integrity initiatives in the 
1990s, has built multiple disparate databases and analytical software 
tools to meet individual and unique needs of various programs within 
the agency. In addition, data on Medicaid claims are scattered among 
the states in multiple systems and data stores, and are not readily 
available to CMS. According to agency program documentation, these 
geographically distributed, regional approaches to storing and 
analyzing data result in duplicate data and limit the agency's ability 
to conduct analyses of data on a nationwide basis. 

CMS has been working for most of the past decade to consolidate its 
disparate data and analytical tools. The agency's efforts led to the 
IDR and One PI programs, which are intended to provide CMS and its 
program integrity contractors with a centralized source of Medicare 
and Medicaid data and a web-based portal and set of analytical tools 
by which these data can be accessed and analyzed to help detect cases 
of fraud, waste, and abuse. 

CMS's Initiative to Develop a Centralized Source of Medicare and 
Medicaid Data: 

In 2006, CMS officials expanded the scope of a 3-year-old data 
modernization strategy to not only modernize data storage technology, 
but also to integrate Medicare and Medicaid data into a centralized 
repository so that CMS and its partners could access the data from a 
single source. They called the expanded program IDR. 

According to program officials, the agency's vision was for IDR to 
become the single repository for CMS's data and enable data analysis 
within and across programs. Specifically, this repository was to 
establish the infrastructure for storing data related to Medicaid and 
Medicare Parts A, B, and D claims processing,[Footnote 4] as well as a 
variety of other agency functions, such as program management, 
research, analytics, and business intelligence. CMS envisioned an 
incremental approach to incorporating data into IDR. Specifically, it 
intended to incorporate data related to paid claims for Medicare Part 
D by the end of fiscal year 2006, and for Medicare Parts A and B by 
the end of fiscal year 2007. The agency also planned to begin to 
incrementally add all Medicaid data for the 50 states in fiscal year 
2009 and to complete this effort by the end of fiscal year 2012. 

Initial program plans and schedules also included the incorporation of 
additional data from legacy CMS claims-processing systems that store 
and process data related to the entry, correction, and adjustment of 
claims as they are being processed, along with detailed financial data 
related to paid claims. According to program officials, these data, 
called "shared systems" data, are needed to support the agency's plans 
to incorporate tools to conduct predictive analysis of claims as they 
are being processed, helping to prevent improper payments. Shared 
systems data, such as check numbers and amounts related to claims that 
have been paid, are also needed by law enforcement agencies to help 
with fraud investigations. CMS initially planned to have all the 
shared systems data included in IDR by July 2008. 

Table 1, presented in our prior report, summarized CMS's original 
planned dates and actual dates for incorporating the various types of 
data into IDR as of the end of fiscal year 2010. 

Table 1: Data Incorporated into IDR as of the End of Fiscal Year 2010: 

Type of data: Medicare Part D; 
Original planned date: January 2006; 
Actual date: January 2006. 

Type of data: Medicare Part B; 
Original planned date: September 2007; 
Actual date: May 2008. 

Type of data: Medicare Part A; 
Original planned date: September 2008; 
Actual date: May 2008. 

Type of data: Shared systems; 
Original planned date: July 2008; 
Actual date: Not incorporated (planned for November 2011). 

Type of data: Medicaid for 5 states; 
Original planned date: September 2009; 
Actual date: Not incorporated (planned for September 2014). 

Type of data: Medicaid for 20 states; 
Original planned date: September 2010; 
Actual date: Not incorporated (planned for September 2014). 

Type of data: Medicaid for 35 states; 
Original planned date: September 2011; 
Actual date: Not incorporated (planned for September 2014). 

Type of data: Medicaid for 50 states; 
Original planned date: September 2012; 
Actual date: Not incorporated (planned for September 2014). 

Source: GAO analysis of CMS data. 

[End of table] 

CMS's Initiative to Develop and Implement Analytical Tools for 
Detecting Fraud, Waste, and Abuse: 

Also in 2006, CMS initiated the One PI program with the intention of 
developing and implementing a portal and software tools that would 
enable access to and analysis of claims, provider, and beneficiary 
data from a centralized source. The agency's goal for One PI was to 
support the needs of a broad program integrity user community, 
including agency program integrity personnel and contractors who 
analyze Medicare claims data, along with state agencies that monitor 
Medicaid claims. To achieve its goal, CMS officials planned to 
implement a tool set that would provide a single source of information 
to enable consistent, reliable, and timely analyses and improve the 
agency's ability to detect fraud, waste, and abuse. These tools were 
to be used to gather data from IDR about beneficiaries, providers, and 
procedures and, combined with other data, find billing aberrancies or 
outliers. For example, an analyst could use software tools to identify 
potentially fraudulent trends in ambulance services by gathering the 
data about claims for ambulance services and medical treatments, and 
then use other software to determine associations between the two 
types of services. If the analyst found claims for ambulance travel 
costs but no corresponding claims for medical treatment, it might 
indicate that further investigation could prove that the billings for 
those services were fraudulent. 

According to agency program planning documentation, the One PI system 
was also to be developed incrementally to provide access to IDR data, 
analytical tools, and portal functionality. CMS planned to implement 
the One PI portal and two analytical tools for use by program 
integrity analysts on a widespread basis by the end of fiscal year 
2009. The agency engaged contractors to develop the system. 

IDR and One PI Were in Use, but Lacked Data and Functionality 
Essential to CMS's Program Integrity Efforts: 

IDR had been in use by CMS and its contractors who conduct Medicare 
program integrity analysis since September 2006 and incorporated data 
related to claims for reimbursement of services under Medicare Parts 
A, B, and D. According to program officials, the integration of these 
data into IDR established a centralized source of data previously 
accessed from multiple disparate system files. 

However, although the agency had been incorporating data from various 
data sources since 2006, our prior report noted that IDR did not 
include all the data that were planned to be incorporated by the end 
of 2010 and that are needed to support enhanced program integrity 
initiatives. For example, IDR did not include the Medicaid data that 
are critical to analysts' ability to detect fraud, waste, and abuse in 
this program. While program officials initially planned to incorporate 
20 states' Medicaid data into IDR by the end of fiscal year 2010, the 
agency had not incorporated any of these data into the repository. 
Program officials told us that the original plans and schedules for 
obtaining Medicaid data did not account for the lack of funding for 
states to provide Medicaid data to CMS, or the variations in the types 
and formats of data stored in disparate state Medicaid systems. 
Consequently, the officials were not able to collect the data from the 
states as easily as they expected and did not complete this activity 
as originally planned. 

In December 2009, CMS initiated another agencywide program intended 
to, among other things, identify ways to collect Medicaid data from 
the many disparate state systems and incorporate the data into a 
single data store. As envisioned by CMS, this program, the Medicaid 
and Children's Health Insurance Program Business Information and 
Solutions (MACBIS) program, was to include activities in addition to 
providing expedited access to current data from state Medicaid 
programs. According to agency planning documentation, as a result of 
efforts to be initiated under the MACBIS program, CMS would 
incorporate Medicaid data for all 50 states into IDR by the end of 
fiscal year 2014. 

However, program officials had not defined plans and reliable 
schedules for incorporating these data into IDR. Until the agency does 
so, it cannot ensure that current development, implementation, and 
deployment efforts will provide the data and technical capabilities 
needed to enhance efforts to detect potential cases of fraud, waste, 
and abuse. 

In addition to the Medicaid data, initial program integrity 
requirements included the incorporation of the shared systems data by 
July 2008; however, all of these data had not been added to IDR. 
According to IDR program officials, the shared systems data were not 
incorporated as planned because funding for the development of the 
software and acquisition of the hardware needed to meet this 
requirement was not approved until the summer of 2010. Subsequently, 
IDR program officials developed project plans and identified user 
requirements. In updating us on the status of this activity, the 
officials told us in November 2011 that they began incorporating 
shared systems data in September 2011 and plan to make them available 
to program integrity analysts in spring 2012. 

Beyond the IDR initiative, CMS program integrity officials had not 
taken appropriate actions to ensure the use of One PI on a widespread 
basis for program integrity purposes. According to program officials, 
the system was deployed to support Medicare program integrity goals in 
September 2009 as originally planned and consisted of a portal that 
provided web-based access to software tools used by CMS and contractor 
analysts to retrieve and analyze data stored in IDR. As implemented, 
the system provided access to two analytical tools--a commercial off-
the-shelf decision support tool that is used to perform data analysis 
to, for example, detect patterns of activities that may identify or 
confirm suspected cases of fraud, waste, or abuse, and another tool 
that provides users extended capabilities to perform more complex 
analyses of data. For example, it allows the user to customize and 
create ad hoc queries of claims data across the three Medicare plans. 

However, while program officials deployed the One PI portal and two 
analytical tools, the system was not being used as widely as planned 
because CMS and contractor analysts had not received the necessary 
training. In this regard, program planning documentation from August 
2009 indicated that One PI program officials had planned for 639 
analysts to be trained and using the system by the end of fiscal year 
2010, including 130 analysts who conduct reviews of Medicaid claims. 
[Footnote 5] However, CMS confirmed that by the end of October 2010, 
only 42 Medicare analysts who were intended to use One PI had been 
trained, with 41 actively using the portal and tools. These users 
represented fewer than 7 percent of the users originally intended for 
the program. 

Further, no Medicaid analysts had been trained to use the system. 
While the use of One PI cannot be fully optimized for Medicaid 
integrity purposes until the states' Medicaid claims data are 
incorporated into IDR, the tools provided by the system could be used 
to supplement data currently available to Medicaid program integrity 
analysts and to enhance their ability to detect payments of fraudulent 
claims. For example, with training, Medicaid analysts may be able to 
compare data from their state systems to Medicare claims data in IDR 
to identify duplicate claims for the same service. 

Program officials responsible for implementing the system acknowledged 
that their initial training plans and efforts had been insufficient 
and that they had consequently initiated activities and redirected 
resources to redesign the One PI training plan in April 2010; they 
began to implement the new training program in July of that year. 

As we reported in June, One PI officials stated that 62 additional 
analysts had signed up to be trained in 2011, and that the number of 
training classes for One PI had been increased from two to four per 
month. Agency officials, in commenting on our report, stated that 
since January 2011, 58 new users had been trained; however, they did 
not identify an increase in the number of actual users of the system. 
[Footnote 6] 

Nonetheless, while these activities indicated some progress toward 
increasing the number of One PI users, the number of users reported to 
be trained and using the system represented a fraction of the 
population of 639 intended users. Moreover, One PI program officials 
had not yet made detailed plans and developed schedules for completing 
training of all the intended users. Agency officials concurred with 
our conclusion that CMS needed to take more aggressive steps to ensure 
that its broad community of analysts is trained, including those who 
conduct analyses of Medicaid claims data. Until it does so, the use of 
One PI may remain limited to a much smaller group of users than the 
agency intended and CMS will continue to face obstacles in its efforts 
to deploy One PI for widespread use throughout its community of 
program integrity analysts. 

CMS Was Not Yet Positioned to Identify Financial Benefits or to Fully 
Meet Program Integrity Goals and Objectives through the Use of IDR and 
One PI: 

Because IDR and One PI were not being used as planned, CMS officials 
were not in a position to determine the extent to which the systems 
were providing financial benefits or supporting the agency's 
initiatives to meet program integrity goals and objectives. As we have 
reported, agencies should forecast expected benefits and then measure 
actual financial benefits accrued through the implementation of IT 
programs.[Footnote 7] Further, the Office of Management and Budget 
(OMB) requires agencies to report progress against performance 
measures and targets for meeting them that reflect the goals and 
objectives of the programs.[Footnote 8] To do this, performance 
measures should be outcome-based and developed with stakeholder input, 
and program performance must be monitored, measured, and compared to 
expected results so that agency officials are able to determine the 
extent to which goals and objectives are being met. In addition, 
industry experts describe the need for performance measures to be 
developed with stakeholders' input early in a project's planning 
process to provide a central management and planning tool and to 
monitor the performance of the project against plans and stakeholders' 
needs. 

While CMS had shown some progress toward meeting the programs' goals 
of providing a centralized data repository and enhanced analytical 
capabilities for detecting improper payments due to fraud, waste, and 
abuse, the implementation of IDR and One PI did not yet position the 
agency to identify, measure, and track financial benefits realized 
from reductions in improper payments as a result of the implementation 
of either system. For example, program officials stated that they had 
developed estimates of financial benefits expected to be realized 
through the use of IDR. Their projection of total financial benefits 
was reported to be $187 million, based on estimates of the amount of 
improper payments the agency expected to recover as a result of 
analyzing data provided by IDR. With estimated life cycle program 
costs of $90 million through fiscal year 2018, the resulting net 
benefit expected from implementing IDR was projected to be $97 
million. However, as of March 2011, program officials had not 
identified actual financial benefits of implementing IDR. 

Further, program officials' projection of financial benefits expected 
as a result of implementing One PI was reported to be approximately 
$21 billion. This estimate was increased from initial expectations 
based on assumptions that accelerated plans to integrate Medicare and 
Medicaid data into IDR would enable One PI users to identify 
increasing numbers of improper payments sooner than previously 
estimated, thus allowing the agency to recover more funds that have 
been lost due to payment errors. 

However, the implementation of One PI had not yet produced outcomes 
that positioned the agency to identify or measure financial benefits. 
CMS officials stated at the end of fiscal year 2010--more than a year 
after deploying One PI--that it was too early to determine whether the 
program had provided any financial benefits. They explained that, 
since the program had not met its goal for widespread use of One PI, 
there were not enough data available to quantify financial benefits 
attributable to the use of the system. These officials said that as 
the user community expanded, they expected to be able to begin to 
identify and measure financial and other benefits of using the system. 

In addition, program officials had not developed and tracked outcome-
based performance measures to help ensure that efforts to implement 
One PI and IDR would meet the agency's goals and objectives for 
improving the results of its program integrity initiatives. For 
example, outcome-based measures for the programs would indicate 
improvements to the agency's ability to recover funds lost because of 
improper payments of fraudulent claims. However, while program 
officials defined and reported to OMB performance targets for IDR 
related to some of the program's goals, they did not reflect the goal 
of the program to provide a single source of Medicare and Medicaid 
data that supports enhanced program integrity efforts. Additionally, 
CMS officials had not developed quantifiable measures for meeting the 
One PI program's goals. For example, performance measures and targets 
for One PI included increases in the detection of improper payments 
for Medicare Parts A and B claims. However, the limited use of the 
system had not generated enough data to quantify the amount of funds 
recovered from improper payments. 

Moreover, measures of One PI's program performance did not accurately 
reflect the existing state of the program. Specifically, indicators to 
be measured for the program included the number of states using One PI 
for Medicaid integrity purposes and decreases in the Medicaid payment 
error rate; however, One PI did not have access to those data because 
they were not yet incorporated into IDR. 

Because it lacked meaningful outcome-based performance measures and 
sufficient data for tracking progress toward meeting performance 
targets, CMS did not have the information needed to ensure that the 
systems were useful to the extent that benefits realized from their 
implementation could help the agency meet program integrity goals. 
Until the agency is better positioned to identify and measure 
financial benefits and establishes outcome-based performance measures 
to help gauge progress toward meeting program integrity goals, it 
cannot be assured that the systems will contribute to improvements in 
CMS's ability to detect and prevent fraud, waste, and abuse, and 
improper payments of Medicare and Medicaid claims. 

CMS Needs to Take Actions to Achieve Widespread Use of IDR and One PI: 

Given the critical need for CMS to reduce improper payments within the 
Medicare and Medicaid programs, we included in our June 2011 report a 
number of recommended actions that we consider vital to helping the 
agency achieve more widespread use of IDR and One PI for program 
integrity purposes. Specifically, we recommended that the 
Administrator of CMS: 

* finalize plans and develop schedules for incorporating additional 
data into IDR that identify all resources and activities needed to 
complete tasks and that consider risks and obstacles to the IDR 
program; 

* implement and manage plans for incorporating data in IDR to meet 
schedule milestones; 

* establish plans and reliable schedules for training all program 
integrity analysts intended to use One PI; 

* establish and communicate deadlines for program integrity 
contractors to complete training and use One PI in their work; 

* conduct training in accordance with plans and established deadlines 
to ensure schedules are met and program integrity contractors are 
trained and able to meet requirements for using One PI; 

* define any measurable financial benefits expected from the 
implementation of IDR and One PI; and: 

* with stakeholder input, establish measurable, outcome-based 
performance measures for IDR and One PI that gauge progress toward 
meeting program goals. 

* In commenting on a draft of our report, CMS agreed with the 
recommendations and indicated that it planned to take steps to address 
the challenges and problems that we identified during our study. 

In conclusion, CMS's success toward meeting goals to enhance program 
integrity efforts through the use of IDR and One PI depends upon the 
incorporation of all needed data into IDR, and effective use of the 
systems by the agency's broad community of Medicare and Medicaid 
program integrity analysts. It is also essential that the agency 
identify measurable financial benefits and performance goals expected 
to be attained through improvements in its ability to prevent and 
detect fraudulent, wasteful, and abusive claims and resulting improper 
payments. In taking these steps, the agency will better position 
itself to determine whether these systems are useful for enhancing 
CMS's ability to identify fraud, waste, and abuse and, consequently, 
reduce the loss of billions of dollars to improper payments of 
Medicare and Medicaid claims. 

Chairmen Platts and Gowdy, Ranking Members Towns and Davis, and 
Members of the Subcommittees, this concludes my prepared statement. I 
would be pleased to answer any questions that you may have. 

GAO Contact and Staff Acknowledgments: 

If you have questions concerning this statement, please contact 
Valerie C. Melvin, Director, Information Management and Technology 
Resources Issues, at (202) 512-6304 or melvinv@gao.gov. Other 
individuals who made key contributions include Teresa F. Tucker 
(Assistant Director), Amanda C. Gill, and Lee A. McCracken. 

[End of section] 

Footnotes: 

[1] GAO, Fraud Detection Systems: Centers for Medicare and Medicaid 
Services Needs to Ensure More Widespread Use, [hyperlink, 
http://www.gao.gov/products/GAO-11-475] (Washington, D.C.: June 30, 
2011). 

[2] The One PI portal is a web-based user interface that enables a 
single login through centralized, role-based access to the system. 

[3] hyperlink, http://www.gao.gov/products/GAO-11-475].

[4] Medicare Part A provides payment for inpatient hospital, skilled 
nursing facility, some home health, and hospice services, while Part B 
pays for hospital outpatient, physician, some home health, durable 
medical equipment, and preventive services. Further, all Medicare 
beneficiaries may purchase coverage for outpatient prescription drugs 
under Medicare Part D. 

[5] This group of analysts included state Medicaid program integrity 
personnel along with CMS analysts who implement the Medi-Medi data 
match program. This program was established in 2001 and was designed 
to identify improper billing and utilization patterns by matching 
Medicare and Medicaid claims information on providers and 
beneficiaries to reduce fraudulent schemes that cross program 
boundaries. 

[6] In further updating these data, on November 30, 2011, CMS 
officials reported to us that a total of 215 program integrity 
analysts had been trained and were using One PI, including 51 Medi-
Medi and state Medicaid analysts. However, we did not validate the 
data provided to us by program officials on November 30, 2011. 

[7] GAO, Secure Border Initiative: DHS Needs to Reconsider Its 
Proposed Investment in Key Technology Program, [hyperlink, 
http://www.gao.gov/products/GAO-10-340] (Washington, D.C.: May 5, 
2010) and DOD Business Systems Modernization: Planned Investment in 
Navy Program to Create Cashless Shipboard Environment Needs to be 
Justified and Better Managed, [hyperlink, 
http://www.gao.gov/products/GAO-08-922] (Washington, D.C.: Sept. 8, 
2008). 

[8] OMB, Guide to the Performance Assessment Rating Tool. 

[End of section] 

GAO’s Mission: 

The Government Accountability Office, the audit, evaluation, and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the 
performance and accountability of the federal government for the 
American people. GAO examines the use of public funds; evaluates 
federal programs and policies; and provides analyses, recommendations, 
and other assistance to help Congress make informed oversight, policy, 
and funding decisions. GAO’s commitment to good government is 
reflected in its core values of accountability, integrity, and 
reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO’s website [hyperlink, http://www.gao.gov]. Each 
weekday afternoon, GAO posts on its website newly released reports, 
testimony, and correspondence. To have GAO e mail you a list of newly 
posted products, go to [hyperlink, http://www.gao.gov] and select “E-
mail Updates.” 

Order by Phone: 

The price of each GAO publication reflects GAO’s actual cost of 
production and distribution and depends on the number of pages in the 
publication and whether the publication is printed in color or black 
and white. Pricing and ordering information is posted on GAO’s 
website, [hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or 
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card, 
MasterCard, Visa, check, or money order. Call for additional 
information. 

Connect with GAO: 

Connect with GAO on facebook, flickr, twitter, and YouTube.
Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts.
Visit GAO on the web at www.gao.gov. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 
Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; 
E-mail: fraudnet@gao.gov; 
Automated answering system: (800) 424-5454 or (202) 512-7470. 

Congressional Relations: 

Ralph Dawn, Managing Director, dawnr@gao.gov, (202) 512-4400
U.S. Government Accountability Office, 441 G Street NW, Room 7125
Washington, DC 20548. 

Public Affairs: 
Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149 
Washington, DC 20548.