Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it's official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Medicare Recovery Audit Contractors and CMS's Actions To Address Improper Payments, Referrals of Potential Fraud, and Performance

Related Podcast

David Samchok

Recovery Audit Contractors and Improper Payments

David Samchok, a program analyst for the Office of Evaluation and Inspections in Atlanta, is interviewed by Jaime Durley, Deputy Regional Inspector General for the Office of Evaluation and Inspections.


Recovery Audit Contractors (RAC) are designed to protect Medicare by identifying improper payments and referring potential fraud to CMS. Prior Government Accountability Office work has identified problems with CMS's actions to address improper payment vulnerabilities, and prior OIG work has identified problems with CMS's actions to address referrals of potential fraud. Further, OIG has identified vulnerabilities in CMS's oversight of its contractors. Given the critical role of identifying improper payments, effective oversight of RAC performance is important.


We collected RAC Data Warehouse (i.e., electronic database) files from CMS and data from RACs to determine their activities to identify improper payments and refer potential fraud in fiscal years (FYs) 2010 and 2011. We also collected data from CMS regarding activities to address vulnerabilities (i.e., improper payments exceeding $500,000 that result from a specific issue) and referrals of potential fraud. Finally, we collected RAC performance evaluations and performance evaluation metrics from CMS and determined the extent that RAC performance evaluations addressed these metrics. We also compared performance evaluation metrics to contract requirements to determine the extent that these metrics addressed contract requirements.


In FYs 2010 and 2011, RACs identified half of all claims they reviewed as having resulted in improper payments totaling $1.3 billion. CMS took corrective actions to address the majority of vulnerabilities it identified in FYs 2010 and 2011; however, it did not evaluate the effectiveness of these actions. As a result, high amounts of improper payments may continue. Additionally, CMS did not take action to address the six referrals of potential fraud that it received from RACs. Finally, CMS's performance evaluations did not include metrics to evaluate RACs' performance on all contract requirements.


We recommend that CMS (1) take action, as appropriate, on vulnerabilities that are pending corrective action and evaluate the effectiveness of implemented corrective actions; (2) ensure that RACs refer all appropriate cases of potential fraud; (3) review and take appropriate, timely action on RAC referrals of potential fraud; and (4) develop additional performance evaluation metrics to improve RAC performance and ensure that RACs are evaluated on all contract requirements. CMS concurred with our first, second, and fourth recommendations. CMS did not indicate whether it concurred with our third recommendation but noted that it has reviewed the six RAC referrals of potential fraud in our review.