Skip Navigation Change Font Size

Management Issue 7:
Oversight of CMS Program and Benefit Integrity Contractors

Why This Is a Challenge

With an ever-growing reliance on contractors to identify, prevent, and respond to fraud, abuse, and improper payments in the Medicare and Medicaid programs, CMS must conduct adequate oversight and monitoring. CMS contracts with several entities, including Program Safeguard Contractors (PSC), Medicare Drug Integrity Contractors (MEDIC), Zone Program Integrity Contractors (ZPIC), and Recovery Audit Contractors (RAC), to perform many Medicare integrity functions. For Medicaid integrity, CMS relies largely on State-based programs, but also contracts with Medicaid Integrity Contractors. OIG work has revealed persistent problems with CMS's program and benefit integrity contractors and ongoing vulnerabilities in CMS's oversight. These challenges include:

Inadequate contracts. The Department must ensure that CMS's contracts, statements of work, and task orders contain adequate controls, including clear roles and responsibilities and performance measures. Without these, programs are at heightened risk of poor contractor performance and ineffectiveness. Contracts should also ensure that performance incentives align with the objectives to reduce fraud, waste, and abuse. OIG has found that RACs have disincentives for referring instances of suspected fraud because even though RACs are paid through contingency fees based on the amount of overpayments collected, in cases of suspected fraud, overpayments may not be collected while the cases are being investigated. Between 2005 and 2008, RACs identified more than $1.03 billion in Medicare improper payments; however, the RACs referred only two cases of potential fraud to CMS.

Questionable contractor performance. OIG work has documented poor and/or inconsistent performance among contractors. For example, OIG found that PSCs differed substantially in the number of new investigations and case referrals to law enforcement; some had only minimal activity in these primary workload categories. Also, most PSCs had minimal results from proactive data analysis. OIG also found that PSCs referred $835 million in overpayments to claims processors for collection in 2007; however, 2 of 18 PSCs accounted for 62 percent of this amount. OIG is examining PSCs' efforts to match Medicare and Medicaid data (known as the Medi-Medi project) to identify trends and refer suspected fraud for investigation.

Insufficient CMS Oversight. CMS must collect sufficient information to monitor contractor activities and conduct regular and meaningful reviews of contractor performance. In examining early stages of the transfer of program integrity functions from PSCs and MEDICs to ZPICs, OIG found that workload data used by CMS to oversee ZPICs were not accurate or uniform. OIG has also found problems in CMS's efforts to evaluate contractor performance. CMS evaluations of PSCs' performance did not include sufficient information and were not completed in time for the results to be used during contract renewal determinations. (For related information, please see Challenge 2, Preventing and Detecting Medicare and Medicaid Fraud, and Challenge 6, Availability and Quality of Data for Effective Program Oversight.)

Progress in Addressing the Challenge

CMS has made some progress toward addressing these challenges, including providing additional training to RACs on the identification and referral of potential fraud and developing electronic systems to monitor fraud referrals. In September 2011, CMS published its final rule implementing section 6411 of the ACA and providing guidance to the States related to the funding, operation, and maintenance costs of Medicaid RACs. Effective January 1, 2012, States are required to contract with Medicaid RACs to audit Medicaid claims to identify underpayments and overpayments and to collect overpayments. The rule requires States to make referrals of suspected fraud and/or abuse to appropriate agencies. CMS anticipates working with States to develop metrics to measure the Medicaid RACs' performance. CMS is transitioning program integrity functions from PSCs and MEDICs to the ZPICs. The ZPICs will be responsible for ensuring the integrity of all Medicare-related claims under Parts A, B, C, and D and for coordinating the Medi-Medi data match program. CMS expects that the ZPIC contracting strategy will allow for the review of claims across all benefit categories and across geographic locations, which should result in improved contractor performance. In FY 2011, CMS began conducting quarterly onsite visits to the PSCs and ZPICs.

What Needs To Be Done

The ACA expanded the RAC program to encompass improper payments in Medicaid and Medicare Parts C and D. As CMS expands its use of contractors and as contractors' responsibilities grow, CMS must make continued improvements to address the above challenges. CMS should also monitor the extent to which contractor-led program and benefit integrity activities have brought about improvements and appropriate metrics exist to assess performance.

Key OIG Resources

Management Issue 8: Ensuring Integrity in Medicare and Medicaid Benefits Delivered by Private Plans

I'm Looking For

Let's start by choosing a topic

Exclusions Database Report Fraud
Newsletter Sign Up Envelop Graphic

Stay up to date on the latest OIG news and opinions

Office of Inspector General, U.S. Department of Health and Human Services | 330 Independence Avenue, SW, Washington, DC 20201