Medicare: More Effective Screening and Stronger Enrollment Standards Needed for Medical Equipment Suppliers
Highlights
In fiscal year 2004, the Centers for Medicare & Medicaid Services (CMS) estimated that Medicare improperly paid $900 million for durable medical equipment, prosthetics, orthotics, and supplies--in part due to fraud by suppliers. To deter such fraud, CMS contracts with the National Supplier Clearinghouse (NSC) to verify that suppliers meet 21 standards before they can bill Medicare. NSC verifies adherence to the standards through on-site inspections and document reviews. Recent prosecutions of fraudulent suppliers suggest that there may be weaknesses in NSC's efforts to screen suppliers or in the standards. In this report, GAO evaluated: 1) NSC's efforts to verify suppliers' compliance with the 21 standards, 2) the adequacy of the standards to screen suppliers, and 3) CMS's oversight of NSC's efforts.
Recommendations
Matter for Congressional Consideration
Matter | Status | Comments |
---|---|---|
The Congress may wish to consider whether suppliers that have violated standards should have to wait a specified period of time from the date of revocation to have a billing number reissued. | Congress has not yet taken action to address this matter. |
Recommendations for Executive Action
Agency Affected | Recommendation | Status |
---|---|---|
Centers for Medicare & Medicaid Services | To improve the supplier enrollment process and oversight of NSC, the Administrator of CMS should, starting in states where licensure is mandatory, require NSC to routinely check suppliers' billing for oxygen, prosthetics, orthotics, and any other items requiring licensure, against the items the suppliers declared they are providing on applications. Where suppliers are billing for services not declared, take appropriate action to revoke the billing numbers of suppliers not complying with program requirements. |
The Centers for Medicare & Medicaid Services (CMS) issued instructions in 2005 to the durable medical equipment regional carriers (DMERC) claims processing area to institute edits of claims for prosthetics and certain custom-fabricated orthotics for suppliers located in a state requiring licensure. These instructions were scheduled for implementation on October 3, 2005. Beginning with FY 2006, an additional statement of work requirement for the National Supplier Clearinghouse (NSC) was to annually check for compliance with all applicable licensure and certification requirements, and confirm the comprehensive liability insurance policy remains in effect (that is, that it has not been canceled or allowed to lapse). This is currently being done every three years as part of the reenrollment process. Part of this check will include a comparison to a supplier's billing history. In 2008, CMS required NSC to assign an oxygen specialty code to all durable medical equipment, prosthetics, orthotics and supplies (DMEPOS) suppliers who have indicated they would be providing oxygen and/or oxygen related services to Medicare beneficiaries and thus would have had their licensure checked. CMS also required durable medical equipment Medicare Administrative Contractors (DME MAC) to establish pre-payment auto-denial edits which will ensure that Medicare will only pay for oxygen and/or oxygen related services from suppliers who been assigned the code and have obtained proper licensure and/or certification.
|
Centers for Medicare & Medicaid Services | To improve the supplier enrollment process and oversight of NSC, the Administrator of CMS should require NSC to provide information from suppliers' billing histories to inspectors before they conduct on-site inspections to help them collect information to assess whether suppliers' inventory or contracts to obtain inventory are congruent with the suppliers' Medicare payments. |
CMS concurred. With the start of FY 2006, the agency's requirements in the NSC SOW have been revised to include the provision of a DMEPOS supplier's billing history to on-site inspectors prior to inspectors conducting onsite inspections.
|
Centers for Medicare & Medicaid Services | To improve the supplier enrollment process and oversight of NSC, the Administrator of CMS should, when suppliers report having inventory that is primarily maintained off site or supplied through another company, require NSC to evaluate the legitimacy of the supply location or source and any related contracts. |
CMS concurred and in its FY 2006 SOW the agency required the NSC to make site visits to a suppliers off-site inventory storage location and to make site visits to businesses that sell the supplier inventory or fulfill orders through inventory-supply contracts.
|
Centers for Medicare & Medicaid Services | To improve the supplier enrollment process and oversight of NSC, the Administrator of CMS should, as part of the on-site inspections, require inspectors to review, and provide information to NSC analysts on the contents of, a minimum number of patient files to determine supplier adherence to standards for maintaining documentation of services and information provided to beneficiaries. |
CMS concurred and agency officials stated that by reviewing beneficiary files, inspectors can verify that suppliers are properly documenting services and information provided to beneficiaries. In 2008, CMS indicated that on January 25, 2008, the agency published a proposed rule titled, Medicare Program; Establishing Additional Medicare Durable Medical Equipment, Prosthetics, Orthotics, and Supplies (DMEPOS) Supplier Enrollment Safeguards (CMS-6036-P) in the Federal Register. One of the proposed requirements would, if adopted, require DMEPOS suppliers to maintain ordering and referring documentation received from a physician or other non-physician practitioner (i.e., nurse practitioner, physician assistant, clinical nurse mid-wife, or clinical nurse specialist) for seven years (424.57(c)(28)). In August 27 2010, CMS published the final rule (CMS-6036-F. In 2011, CMS revised NSC?s Statement of Work to require that NSC establish procedures to validate that DMEPOS suppliers are in compliance with a new requirement for suppliers to maintain certain ordering and referring documentation. Under the new requirement, which CMS adopted at 424.57(c)(28) and which became effective on September 27, 2010, DMEPOS suppliers are required to maintain ordering and referring documentation received from a physician, or other non-physician practitioner (i.e., nurse practitioner, physician assistant, clinical nurse mid-wife, or clinical nurse specialist) for seven years. CMS officials told us that, depending on the type of DMEPOS supplier, the site inspector will review between 5 and 10 random beneficiary files to ensure suppliers are compliant with the supplier standards. By reviewing beneficiary files, inspectors can verify that suppliers are properly documenting services and information provided to beneficiaries.
|
Centers for Medicare & Medicaid Services | To improve the supplier enrollment process and oversight of NSC, the Administrator of CMS should oversee NSC's activities to ensure that it conducts on-site inspections of suppliers as required by CMS and maintains accurate data on the on-site inspections it conducts. |
CMS concurred with this recommendation. In 2009 agency officials informed GAO that CMS have added this oversight function to the quarterly contractor performance evaluations. CMS also developed a mechanism to audit the workload figures reported by National Supplier Clearinghouse (NSC) to CMS as part of its ongoing workload reporting requirements. To strengthen its program integrity efforts, Beginning October 1, 2008, CMS had the NSC working under a revised Statement of Work (SOW), and the agency awarded a new contract for 2009. The 2009 SOW included increased site visits, the creation and implementation of fraud level indicators, ongoing insurance and license verification and revised workload standards aimed at strengthening CMS' program integrity efforts. New functions in the 2009 SOW include ongoing monitoring of the NSC by CMS and an approach which balances customer service with enhanced program integrity activities. The 2009 SOW requires the NSC to conduct an increased number of onsite inspections for enrolled suppliers and to develop an implement a fraud indicator for each enrolling or enrolled DMEPOS supplier. This indicator is based on on specific characteristics of each supplier, such as type of product supplied, location and size of business, and time in business. Based on the fraud level indicator of a supplier, ad hoc site visits will be completed targeting suppliers who traditionally are a higher risk to the Medicare program.
|
Centers for Medicare & Medicaid Services | To improve the supplier enrollment process and oversight of NSC, the Administrator of CMS should establish a minimum number of out-of-cycle on-site inspections in its contract that NSC must perform each year. |
CMS concurred with this recommendation. The NSC began conducting out-of-cycle inspections in FY 2005. Beginning in FY 2006, CMS added the requirement to perform out-of-cycle onsite inspections to its statement of work. The exact number of inspections that NSC shall perform will depend on NSC's workload and budgetary constraints, and will be monitored on a monthly basis by CMS.
|
Centers for Medicare & Medicaid Services | To improve the supplier enrollment process and oversight of NSC, the Administrator of CMS should develop standards that incorporate requirements for suppliers to demonstrate that they have the integrity and capability to perform their functions analogous to the standards for federal contractors. |
The agency concurred and indicated it would be doing so in the context of developing quality standards and implementing an accreditation process. In August 2006, CMS published a final rule establishing quality standards and an accreditation process for DMEPOS. The quality standards include general Business Services Standards, which are applicable to all suppliers. These focus on administration, financial management, human resources management, consumer services, performance management, product safety, and information management. In addition, CMS deemed ten accreditation organizations to process suppliers accreditation applications. Suppliers will have to be accredited by September 30, 2009 in order to participate in Medicare. The only exception is for eligible professionals and other persons, until CMS determines whether the quality standards are specifically designed to apply to them or whether they should be exempt based on their licensing, accreditation or other mandatory quality requirements that may apply.
|
Centers for Medicare & Medicaid Services | To improve the supplier enrollment process and oversight of NSC, the Administrator of CMS should revise current evaluation procedures to fully assess the outcomes expected from the Supplier Audit and Compliance Unit's activities and NSC's adherence to contract requirements. |
CMS concurred with this recommendation. Agency officials indicated that, beginning with the second quarter of FY 2005, CMS expanded its oversight and evaluation procedures to include quarterly reviews of National Supplier Clearinghouse (NSC) and its Statistical Analysis and Control Unit (SACU) enrollment functions. This effort was undertaken to better assess the outcomes expected from SACU's activities and NSC's adherence to contract requirements. The CMS continues to review and oversee the operations of the NSC. To strengthen its program integrity efforts, beginning October 1, 2008, the NSC is working under a revised SOW and CMS expects to award a new contract in the summer of 2008. As the Supplier Audit and Compliance Unit (SACU) is part of the NSC, the SACU is included in the revised SOW referenced above. CMS has expanded its oversight and evaluation procedures to include CMS NSC project officer review of weekly workload figures and monthly production reports submitted by the NSC. In addition, the CMS project officer reviews the SACU based on the provisions in the revised SOW, including periodic review of contractor records to determine if the requirements shown in the Key Performance Standards Summary are being met. Key Performance Standards include, but are not limited to, Fraud Prevention and Detection, Accuracy and Timeliness. In 2009, CMS indicated that it is developing a Quality Assurance Surveillance Plan evaluation protocol to include the activities of the SACU, to be implemented in contract year 2010.
|