Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

CMS Could Use Medicare Data To Identify Instances of Potential Abuse or Neglect

Issued on  | Posted on  | Report number: A-01-17-00513

Why OIG Did This Review

This audit report is one of a series of OIG reports that addresses the identification, reporting, and investigation of incidents of potential abuse and neglect of our Nation's vulnerable populations, including the elderly and individuals with developmental disabilities. OIG is committed to detecting and combating such abuse and neglect. Accordingly, we prepared this audit report after identifying a significant number of Medicare claims submitted for the treatment of injuries related to potential abuse and neglect.

Our objectives were to determine (1) the prevalence of incidents of potential abuse or neglect of Medicare beneficiaries, (2) who may have perpetrated those incidents and where they occurred, (3) whether the incidents were reported to law enforcement officials, and (4) whether the Centers for Medicare & Medicaid Services (CMS) also identified similar incidents of potential abuse or neglect during our audit period and took action to address them.

How OIG Did This Review

Our review covered 34,664 Medicare inpatient and outpatient claims totaling $99.6 million for services provided from January 2015 through June 2017 to treat beneficiaries with at least 1 of 17 diagnosis codes related to potential physical abuse, sexual abuse or rape, neglect or abandonment, or other maltreatment. We selected a stratified random sample of 100 Medicare claims and then reviewed the associated medical records to obtain evidence of potential abuse or neglect.

What OIG Found

We identified 34,664 Medicare claims for our audit period that contained diagnosis codes indicating the treatment of injuries potentially caused by abuse or neglect of Medicare beneficiaries. We estimated 30,754 of these Medicare claims were supported by medical records that contained evidence of potential abuse or neglect. We further estimated that, of the claims in our population associated with incidents of potential abuse or neglect, 2,574 were allegedly perpetrated by a healthcare worker, 3,330 were related to incidents that occurred in a medical facility, and 9,294 were related to incidents that were not reported to law enforcement.

CMS did not identify similar incidents of potential abuse or neglect during our period of review, but it did take some corrective actions in response to the Early Alert we sent to CMS. CMS did not identify the Medicare claims that indicate potential abuse or neglect because, according to CMS officials, it did not extract data consisting of Medicare claims containing the 17 diagnosis codes related to abuse or neglect. The lack of a data extract impeded the ability of CMS or of public and patient safety organizations to pursue legal, administrative, and other appropriate remedies to ensure the safety, health, and rights of Medicare beneficiaries.

What OIG Recommends and CMS Comments

We recommend that CMS (1) compile a complete list of diagnosis codes that indicate potential physical or sexual abuse and neglect; (2) use that complete list to conduct periodic data extracts of all Medicare claims containing at least one of those codes; (3) inform States that the extracted Medicare claims data are available to help States ensure compliance with their mandatory reporting laws; and (4) assess the sufficiency of existing Federal requirements, such as conditions of participation and section 1150B of the Social Security Act, to report suspected abuse and neglect of Medicare beneficiaries, regardless of where services are provided, and strengthen those requirements or seek additional authorities as appropriate.

In written comments on our draft report, CMS concurred with our fourth recommendation but did not concur with our first three recommendations. Specifically, CMS stated that claims data may not be timely enough to address acute problems in identifying and addressing potential abuse or neglect of Medicare beneficiaries. We respectfully disagree with CMS and continue to recommend the use of the Medicare claims data to identify and address potential abuse and neglect of beneficiaries.

To address the issues identified in this report and prepare for future emergencies, we issued the following recommendations:
19-A-01-099.01 to CMS-Closed Unimplemented
Closed Date 10/19/2023
We recommend that CMS compile a complete list of diagnosis codes that indicate potential physical or sexual abuse and neglect.

19-A-01-099.02 to CMS-Closed Unimplemented
Closed Date 10/19/2023
We recommend that CMS use the complete list of diagnosis codes to conduct periodic data extracts of all Medicare claims containing at least one of the codes indicating either potential abuse or neglect of adult and child Medicare beneficiaries.

19-A-01-099.03 to CMS-Closed Unimplemented
Closed Date 10/19/2023
We recommend that CMS inform States that the extracted Medicare claims data are available to help the States ensure compliance with their mandatory reporting laws.

19-A-01-099.04 to CMS-Closed Implemented
Closed Date 02/16/2023
We recommend that CMS assess the sufficiency of existing Federal requirements, such as CoPs and section 1150B of the Act, to report suspected abuse and neglect of Medicare beneficiaries, regardless of where services are provided, and strengthen those requirements or seek additional authorities as appropriate.

View in Recommendation Tracker