Dr. Peter Budetti, JD
Deputy Administrator and Director, Center for Program Integrity
Centers for Medicare & Medicaid Services
U.S. Department of Health and Human Services (HHS)
Assessing Medicare and Medicaid Program Integrity
Committee on Oversight and Government Reform
Subcommittee on Government Organization, Efficiency, and Financial Management
United States House of Representatives
Thursday June 7, 2012
Chairman Platts, Ranking Member Towns, and Members of the Subcommittee, thank you for the invitation to discuss the Centers for Medicare & Medicaid Services’ (CMS) program integrity efforts for the Medicare and Medicaid programs.
The Administration has made important strides in reducing fraud, waste and improper payments across the government. Over the last two years, CMS has implemented powerful new anti-fraud tools provided by Congress, as well as designed and implemented large-scale, innovative improvements to our Medicare and Medicaid program integrity strategy to shift beyond a “pay and chase” approach by focusing new attention on preventing fraud. Simultaneously, CMS is using the same innovative tools to further enhance our collaboration with our law enforcement partners in detecting and preventing fraud.
Preventing and Detecting Fraud in Medicare
CMS directly administers Medicare through contracts with private companies that process claims for Medicare benefits. Every workday, Medicare pays out more than $1 billion from some 4.5 million claims, and is statutorily required to pay claims quickly, usually within 14 to 30 days. Preventing fraud in Medicare involves striking an important balance: protecting beneficiary access to necessary health care services and reducing the administrative burden on legitimate providers, while ensuring that taxpayer dollars are not lost to fraud, waste, and abuse.
CMS is using many of the new anti-fraud authorities provided in the Affordable Care Act (P.L. 111-148 and P.L. 111-152) and the Small Business Jobs Act of 2010 (P.L.111-240) to strategically combat fraud, waste, and abuse, and is integrating additional tools into our current program integrity efforts. These new tools and authorities support our comprehensive strategy to prevent and detect fraud and abuse. These tools and authorities also require CMS to work closely with States, our law enforcement partners, the private sector, and health care providers. These efforts to date have resulted in record monetary recoveries of health care fraud and a more than 75 percent increase in defendants charged in criminal fraud cases, increasing from 797 individuals in 2008 to 1,430 last year. I am confident that the improvements we have put in place over the past two years will provide increasingly greater protections to Medicare and Medicaid for a long time to come.
The New “Twin Pillar” Strategy
Building upon our traditional program integrity efforts that focus on detecting and prosecuting fraud, CMS has implemented a twin pillar approach to fraud prevention in Medicare. The first pillar is the new Fraud Prevention System (FPS), which applies predictive analytic technology on claims prior to payment to identify aberrant and suspicious billing patterns. The second pillar is the Automated Provider Screening (APS) system, which identifies ineligible providers or suppliers prior to their enrollment or revalidation. Together these innovative new systems, the FPS and APS, are growing in their capacity to protect patients and taxpayers from those intent on defrauding our programs. These pillars represent an integrated approach to program integrity – preventing fraud before payments are made, keeping bad providers and suppliers out of Medicare in the first place, and quickly removing wrongdoers from the program once they are detected.
The First Pillar: The Fraud Prevention System
The FPS is the predictive analytic technology required under the Small Business Jobs Act. Since June 30, 2011, the FPS has been running predictive algorithms and other sophisticated analytics nationwide against all Medicare fee-for-service and durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS) claims prior to payment. CMS is well ahead of the statutory implementation schedule, which called for phasing in the technology in the 10 highest fraud States in the Medicare fee-for-service program by July 1, 2011. Nationwide implementation of the technology maximizes the benefits of the FPS and permitted CMS to efficiently integrate the technology into the Medicare fee-for-service program and train our anti-fraud contractors.
CMS uses the FPS to target investigative resources to suspect claims and providers, and swiftly impose administrative action when warranted. The system generates alerts in priority order, allowing program integrity analysts to further investigate the most egregious, suspect, or aberrant activity. CMS and our program integrity contractors use the FPS to stop, prevent, and identify improper payments using a variety of administrative tools and actions, including claim denials, payment suspensions, revocation of Medicare billing privileges, and referrals to law enforcement. Under the direction of CMS’ Center for Program Integrity (CPI), Zone Program Integrity Contractors (ZPICs):
- Develop investigative leads generated by the FPS and perform data analysis to identify cases of suspected fraud, waste, and abuse;
- Make recommendations to CMS for appropriate administrative actions to protect Medicare Trust Fund dollars;
- Make referrals to law enforcement for potential prosecution and provide support for ongoing investigations; and
- Identify improper payments to be recovered.
In the first ten months of implementation of the FPS, 1010 active ZPIC investigations have been supported by leads generated by the FPS. Specifically, the FPS directly resulted in 591 new investigations, while also supporting 419 pre-existing investigations. CMS is currently identifying the range of performance metrics that will fully capture the success of the FPS, and this fall, a report to Congress about the first implementation year of the FPS will describe these metrics.
Additionally, the FPS has led to 550 direct interviews with providers suspected of participating in fraudulent activity, and over 1,541 interviews with beneficiaries to confirm whether they received services for which the Medicare program had been billed. These numbers are increasing every day. The beneficiary interviews are similar to the inquiries credit card companies make to cardholders when a suspicious purchase is flagged. CMS uses the information learned from these beneficiary interviews along with historical claims data to identify the characteristics of potentially bad actors and then builds that information into the FPS’s predictive algorithms and other sophisticated analytics. Additionally, CMS incorporates beneficiary complaints about potential fraudulent providers submitted via 1-800-MEDICARE directly into the FPS to further refine our analytics.
For the first time in the history of the program, CMS is using a system to apply advanced analytics against Medicare fee-for-service claims on a streaming, national basis. This has enabled CMS to identify schemes operating across Medicare Parts A and B claims and across the country. The FPS aggregates Parts A and B claims in near-real time, and this comprehensive view of claims is revolutionizing our program integrity work. For example, ZPIC investigators formerly had to check multiple systems to determine whether a beneficiary ever visited the doctor who billed Medicare for services and supplies. The FPS has consolidated the dispersed pieces of claims data – beneficiary visits with a doctor or orders for DMEPOS billed under Part B, and hospital and other provider services billed under Part A – enabling ZPICs to automatically see the full picture. Equally important, the FPS organizes the data to quickly show when two providers on opposite ends of the country are billing Medicare on behalf of the same beneficiary, rooting out potential compromised beneficiary numbers and other fraudulent activity.
The Second Pillar: Enhanced Provider Enrollment and Automated Provider Screening
The second pillar of CMS’ program integrity strategy is enhanced enrollment and screening requirements for providers and suppliers seeking to enroll or revalidate their enrollment in Medicare. This innovative approach is designed to leverage the increased scrutiny applied to bad actors while simultaneously making it easier and more efficient for legitimate providers and suppliers to enroll or re-enroll in the Medicare program. CMS launched the APS technology on December 31, 2011. Medicare Administrative Contractors (MACs) and the National Supplier Clearinghouse (NSC) for DMEPOS enrollment are responsible for provider and supplier enrollment. Historically, the MACs and the NSC have processed paper applications and crosschecked information manually against various databases to verify provider and supplier enrollment requirements such as licensure status. Today, CMS is using the new APS technology to conduct routine and automated screening checks of providers and suppliers against thousands of private and public databases to more efficiently identify and remove ineligible providers and suppliers from Medicare. CMS anticipates that the new process will decrease the application processing time for providers and suppliers, while enabling CMS to continuously monitor the accuracy of its enrollment data and to assess applicants’ risk to the program using standard analyses of provider and supplier data.
Provider enrollment is the gateway to the Medicare program, and CMS has made significant improvements that have begun to change the way providers and suppliers interact with CMS. The Provider Enrollment, Chain, and Ownership System (PECOS) maintains the official record of information for all providers, suppliers, and associated groups enrolled in Medicare. Provider enrollment data is used for claims payment, fraud prevention initiatives, and law enforcement activities. A key strategy for improving the process for honest providers, while clamping down on bad actors, is the creation of an all-digital process for web-based PECOS. CMS has already implemented the web-based payment of the application fee and now permits the use of electronic signatures on applications. The availability of the electronic signature option eliminates the requirement that providers and suppliers mail a paper signature at the end of the application process. As a result, CMS has seen a significant increase in the submission of web applications, especially for institutional providers, group practices, and DMEPOS suppliers.
The APS technology complements our approach to implementing the enhanced screening requirements enacted in the Affordable Care Act. This new screening strategy is tailored to both categorical and individual provider risk, rather than a one-size-fits-all approach. Categories of providers and suppliers in the “moderate” level of risk are now required to undergo an on-site visit prior to enrolling or upon revalidation of their Medicare billing privileges. This new requirement expanded on-site visits to many providers and suppliers that were previously not subject to such site visits as a requirement for enrolling in the Medicare program. In addition to announced and unannounced site visits, providers and suppliers who are designated in the “high” level of risk will be subject to fingerprint-based criminal background checks. As a result of the new Affordable Care Act screening requirements, CMS estimates that approximately 50,000 additional site visits will be conducted between March 2011 and March 2015 to ensure providers and suppliers are operational and meet certain enrollment requirements.
CMS completed the procurement of a national site visit contractor to increase efficiency and standardization of the site visits and the contractor recently started performing these site visits. The National Site Visit Contractor (NSVC) began performing site visits in late January 2012. As of April 30, 2012 the NSVC completed 6,871 site visits; of those completed, the NSVC determined 223 sites to be nonoperational; those enrollments were either denied or revoked as deemed appropriate.
CMS has embarked on an ambitious project to revalidate the enrollments of all existing 1.5 million Medicare suppliers and providers by 2015 under the new Affordable Care Act screening requirements. Since March 25, 2011, CMS enrolled or revalidated enrollment information for approximately 275,439 Medicare providers and suppliers under the enhanced screening requirements of the Affordable Care Act. These efforts will ensure that only qualified and legitimate providers and suppliers can provide health care items and services to Medicare beneficiaries.
The FPS, APS, and other enrollment enhancements promote synergy in CMS program integrity activities. For example, based on FPS leads, CMS identified specific providers and suppliers as top priorities for revalidation. As a result of screening providers and suppliers that pose an elevated risk as identified by the FPS, CMS has moved to revoke and deactivate the billing privileges and enrollment records of providers and suppliers that do not meet current Medicare enrollment requirements. The first phase of revalidation led to 13,066 deactivations of provider practice locations for non-response to the revalidation request, as of March 1, 2012. The second phase of revalidation has resulted in the deactivation of 6,278 provider enrollments records for non-response and 4,319 revocations after it was determined the providers were not properly licensed in the state in which they were enrolled, as of May 1, 2012. These initiatives complement the traditional program integrity work and additional provider enrollment enhancements that CMS continues to implement.
Preventing and Detecting Fraud in Medicaid
As a State-based program, Medicaid is administered very differently than Medicare. However many of the tools CMS is applying in Medicare are being evaluated for use in Medicaid. CMS is collaborating with our State partners to ensure that those caught defrauding Medicare will not be able to defraud Medicaid, and those identified as fraudsters in one State will not be able to replicate their scams in another State’s Medicaid program. Specifically, the Affordable Care Act and CMS’ implementing regulations require States to terminate from Medicaid providers or suppliers who have been revoked by Medicare, or terminated for cause by another State’s Medicaid program or the Children’s Health Insurance Program (CHIP). Similarly, under current authority, Medicare may also revoke providers or suppliers that have been terminated by State Medicaid agencies or CHIP.
To support State efforts to share such information, CMS implemented a web-based application that allows States to share information regarding terminated providers and to view information on Medicare providers and suppliers that have had their billing privileges revoked for cause. We are confident that this interactive tool for States is the beginning of a smarter, more efficient Federal-State partnership, integrating technology solutions to routinely share relevant program information in a collaborative effort.
CMS is also actively pursuing ways to apply advanced data analytics technology, including predictive analytics, to the Medicaid program. CMS is required, under the Small Business Jobs Act of 2010, to complete an analysis of the cost-effectiveness and feasibility of expanding predictive analytics technology to Medicaid and CHIP after the third implementation year of the FPS. Based on this analysis, the law requires CMS to expand predictive analytics to Medicaid and CHIP by April 1, 2015. Although Medicaid is administered and organized in a distinctly different way than Medicare, we believe there are opportunities to transfer the knowledge and lessons learned through the FPS and APS in Medicare to States for use in Medicaid. For example, we are currently working to identify specific FPS algorithms that are relevant to Medicaid and will be performing an analysis of one State’s Medicaid claims data using the identified algorithms. Once the analysis is complete, we will share the results back with the State. We anticipate the analysis being complete before the end of the year. As another example, we are partnering with the same State to screen all of the State’s Medicaid providers using the APS. Once the analysis is complete, we will provide the results back to the State for their action as appropriate. The goal of this test project is to demonstrate the utility of using an automated screening application to screen Medicaid providers, and we expect results later this year. While both of the initiatives described above involve only a few States, once we test the effectiveness of these types of solutions in Medicaid, our goal is to expand these capabilities to more States. CMS is also supporting States’ use of predictive analytics through technical assistance and education, including specific coursework focused on predictive analytics at the Medicaid Integrity Institute.
CMS Collaboration with States on Medicaid Program Integrity
States have primary responsibility for policing fraud, waste, and abuse in their Medicaid programs, and they have significant financial interest in doing so as they pay, on average, 43 percent of the cost of the program. However, CMS also has a significant role to play, providing technical assistance, guidance, and oversight in the State-based efforts. Section 1936 of the Social Security Act provides CMS with the authorities to fight fraud and abuse by Medicaid providers by requiring CMS to contract with private sector entities to review provider claims data, audit providers, identify overpayments, and educate providers and other individuals about payment integrity and quality of care. CMS works with partner agencies at the Federal and State levels to enhance these efforts, including preventing the enrollment of individuals and organizations that would abuse or defraud the Medicaid program and removing fraudulent or abusive providers when detected.
Because of Medicaid’s structure as a Federal-State partnership, CMS has developed initiatives that are specifically designed to assist States in strengthening their own efforts to combat fraud, waste, and abuse. One of CMS’ most significant achievements is the Medicaid Integrity Institute (MII), which provides for the continuing education of State program integrity employees. At the MII, CMS has a unique opportunity to offer substantive training, technical assistance, and support to States in a structured learning environment. From its inception in 2008 through May 2012, CMS has continually offered MII courses and trained more than 3,000 State employees at no cost to the States. These State employees are able to learn and share information with program integrity staff from other States on topics such as emerging trends in Medicaid Fraud, data collection, and fraud detection skills, along with other helpful topics. In 2012, CMS has already held several events at the MII and plans to host a Data Expert Symposium this summer to bring together State Medicaid data experts to exchange ideas about predictive analytics, including algorithm development and trend analysis.
Just recently, CMS announced another initiative to assist States in their program integrity efforts. On May 30th, we launched the “CMS Provider Screening Innovator Challenge.” This Challenge addresses our goals of improving our abilities to streamline operations, screen providers, and reduce fraud and abuse. Specifically, the Challenge is an innovation competition to develop a multi-State, multi-program provider screening software application which would be capable of risk scoring, credentialing validation, identity authentication, and sanction checks, while lowering burden on providers and reducing administrative and infrastructure expenses for States and Federal programs. Further information about the Challenge is available at www.medicaid.gov.
CMS also provides States assistance with “boots on the ground” for targeted special investigative activities. Since October 2007, CMS has participated in 12 projects in three States, with the majority occurring in Florida. CMS assisted States in the review of 654 providers, 43 home health agencies and DMEPOS suppliers, 52 group homes, and 192 assisted living facilities. During those reviews, CMS and States interviewed 1,150 beneficiaries and States took more than 540 actions against non-compliant providers (including, but not limited to fines, suspensions, licensing referrals, and State Medicaid Fraud Control Unit (MFCU) referrals). States reported these reviews have resulted in $40 million in savings through cost avoidance.
CMS Redesign of the Medicaid National Audit Program
Since the Medicaid Integrity Program is a fairly new program, we have had the opportunity to learn important lessons during the initial program years. Beginning in early 2010, CMS determined through internal analysis, environmental assessments, parallel discussions with stakeholders, and reviews of contractor performance that the initial auditing model of the Medicaid Integrity Program required fundamental changes in how it conducts its work in order to effectively support States in their efforts to combat fraud, waste, and abuse in their Medicaid programs. The 2010 Annual Report to Congress on the Medicaid Integrity Program contained a section entitled “Redesign of the National Audit Program” that described how CMS was approaching improvements to Medicaid program integrity. An integral change in that redesign was the new focus on collaborative auditing projects with the States, which moved away from traditional stand-alone Federal audits that relied on post-pay data intended largely for research purposes and moved to using more timely claims data residing with each state’s Medicaid Management Information System (MMIS).
As the Department of Health and Human Services' Office of Inspector General (HHS-OIG), Government Accountability Office (GAO), and our own internal assessments have identified, audits based solely on post-payment data with little input from States have had mixed results. As such, since February 2011, CMS has focused on developing collaborative audits, which allows CMS to work alongside the States in identifying areas that warrant further investigation and deserve auditing. Through this process CMS can come alongside to support a State’s program integrity efforts, and in most cases, use or supplement data from a State’s MMIS. The number of collaborative audits have progressively increased and since February 2011. CMS no longer assigns audits to contractors based on the results of algorithms that were developed solely using CMS Medicaid Statistical Information System (MSIS) data.
Since the earliest collaborative audits were assigned to Medicaid Integrity Contractors (MICs) in January 2010, CMS has worked with States to develop and assign 137 collaborative audits in 15 States that collectively represent approximately 53 percent of all Medicaid expenditures in FY 2011. To continue towards expanding collaborative audit projects to a broader number of States, CMS is in discussions with 15 additional States that make up approximately 26 percent of FY 2011 Medicaid expenditures. For these collaborative audits, CMS and its contractors are working with each State to develop the audit targets. In addition, the corresponding data for the collaborative audits is in many cases provided or supplemented by the States, making the data more complete and thus, increasing the accuracy of any audit findings.
CMS has continued to identify additional opportunities for program changes and improvement. CMS’ redesign plan for Medicaid program integrity recognizes the significant emergence of Medicaid managed care penetration, anticipated growth in enrollment in the Medicaid program, the influence of new State Medicaid recovery audit contractors, as well as the need to eliminate certain redundant, ineffective, and inefficient practices. We are working within CMS and with our State partners to develop and test best practice approaches to managed care program integrity oversight that considers both the growth in enrollment and alternative funding arrangements.
As noted earlier, in addition to our own internal analysis, others came to many of the same conclusions for the need for changes to strengthen Medicaid program integrity. Recently, the HHS OIG, the Medicaid and CHIP Payment and Access Commission (MACPAC), the National Association of Medicaid Directors (NAMD), and GAO have identified many of these same factors and have made recommendations for changes to the Medicaid Integrity Program that parallel CMS’ internal assessments and plans for restructuring the program. We appreciate the work of our partners and have taken their recommendations into consideration as we make ongoing changes to improve the program integrity efforts in our programs.
CMS is implementing the program redesign as a phased approach that involves piloting new concepts and sharing best practices with States, as well as total or supplementary use of direct State data for Medicaid Integrity Program audits. Meanwhile, CMS is working vigorously to reconfigure how to best review and audit Medicaid providers through our contractors. This reconfiguration includes expanding that review to include improving oversight of managed care entities, improving identification of audit targets like high-risk providers serving both Medicare and Medicaid beneficiaries, overhauling CMS’ contractor structure, and enhancing support to States in their recovery of overpayments.
We are poised to expand the focus of our program integrity and oversight efforts. Specifically, we are expanding our program integrity efforts to address the growth of managed care in the States and the anticipated enrollment increase that will occur in 2014. In addition, as payment and service delivery reform methods are designed and implemented, we will work closely with our State partners to incorporate program integrity from the beginning. We are also working with our State partners on strategies to share information across programs and States about predicative analytics findings, terminated providers, and best practices.
Improving Data to Fight Fraud in Medicare and Medicaid
CMS has made significant improvements to our databases and analytical systems in recent years. However, we acknowledge that more can be done. CMS is committed to enhancing the quality and availability of our data to States as the agency and law enforcement continue to coordinate efforts, identify criminals, and prevent fraud on a system-wide basis. These efforts are being conducted in accordance with Affordable Care Act requirements for the centralization of certain claims data from Medicare, Medicaid, CHIP, the Department of Veterans Affairs, the Department of Defense, the Social Security Administration, and the Indian Health Service.
CMS continues to build the Integrated Data Repository (IDR) to provide a comprehensive view of Medicare and Medicaid data including claims, beneficiary data, and drug information. The IDR provides broader and easier access to data and enhanced data integration while strengthening and supporting CMS’ analytical capabilities. The IDR is currently populated with seven years of historical Medicare Parts A, B, and D paid claims, and CMS is actively working to integrate pre-payment claims data.
CMS is also working to incorporate State Medicaid data into the IDR, while also working with States to improve the quality and consistency of the MSIS data from each State. MSIS data is the primary data source for Medicaid statistical data, and is a subset of Medicaid eligibility and claims data from all 50 States and the District of Columbia. To improve the quality of the MSIS data, and Medicaid data in general, CMS established the Medicaid and CHIP Business Information Solution (MACBIS) Council. This Council provides leadership and guidance in support of efforts to create a more robust and comprehensive information management strategy for Medicaid and CHIP. The council’s strategy includes:
- Promoting consistent leadership on key challenges facing State health programs;
- Improving the efficiency and effectiveness of the Federal-State partnership;
- Making data on Medicaid, CHIP, and State health programs more widely available to stakeholders; and
- Reducing duplicative efforts within CMS and minimizing the burden on States.
The Council has initiated several efforts including the Transformed MSIS (T-MSIS) pilot project in 11 States, which together represent 40 percent of the nation’s Medicaid expenditures. The heart of this pilot is to create a consolidated format from a variety of State information sources to satisfy multiple Medicaid and CHIP Federal information reporting requirements. CMS will use the results and lessons learned from these 11 States as the basis for national implementation by 2014. The MACBIS projects will lead to the development and deployment of improvements in data quality and availability for Medicaid program administration, oversight, and program integrity.
Improved data will allow CMS to analyze information from throughout the claims process to identify previously undetected indicators of aberrant activity. Used with the IDR, CMS’ One Program Integrity (One PI) web-based portal helps CMS share data with our integrity contractors and law enforcement. The portal provides a single access point to the data within the IDR, as well as analytic tools to review the data. CMS has been working closely with our law enforcement colleagues to provide One PI training and support. Since October of 2010, CMS has trained a total of 622 program integrity contractors and CMS staff, including 82 law enforcement personnel, on the portal and tools on One PI.
CMS continues to improve access to better quality Medicaid data by exploring opportunities to collaborate with States participating in the Medicare-Medicaid Data Match Expansion Project (Medi-Medi) as well as working directly with States to obtain Medicaid data for specific collaborative projects.
As these efforts mature, we expect to be able to more easily transfer the lessons learned from Medicare program integrity analytics and algorithms, including predictive analytics, to the Medicaid Integrity Program. Like in Medicare, CMS’ ultimate goal is to utilize predictive modeling to enhance our analytic capabilities, as well as increase information-sharing and collaboration among State Medicaid agencies to detect and deter aberrant billing and servicing patterns at the State level and on a regional or national scale.
Medicare and Medicaid fraud affect every American by draining critical resources from our health care system, and contributing to the rising cost of health care for all. The Administration has made a firm commitment to rein in fraud, waste and improper payments. Today, we have more tools than ever before to move beyond “pay and chase” and implement strategic changes in pursuing and detecting fraud, waste, and abuse. I look forward to continuing to work with you as we make improvements in protecting the integrity of Federal health care programs and safeguarding taxpayer resources.
 MACPAC, “Report to the Congress on Medicaid and CHIP.” March 2012.
Last revised: June 18, 2013