OIG recently published a study analyzing the performance of Medicare Parts A and B Recovery Audit Contractors (RACs) in fiscal years (FYs) 2010 and 2011.  OIG said that it conducted the study to evaluate CMS’s oversight of RAC performance and to assess CMS’s responses to certain vulnerabilities in the Medicare program and CMS’s actions with respect to RAC-referred potential fraud. RACs contract with CMS and are tasked with identifying improper payments—both overpayments and underpayments—for Medicare Part A and B claims.  RACs are also required to refer potential fraud to CMS.  CMS pays RACs a percentage of payments recovered from providers in instances of overpayments and/or a percentage of payments returned to providers in instances of underpayments. To conduct its study, OIG pulled data and other information concerning the four RACs in operation in FYs 2010 and 2011 from a number of sources.  Those sources included RAC Data Warehouse files on improper payments; CMS data regarding vulnerabilities stemming from RAC-identified overpayments; CMS files regarding RAC referrals of potential fraud; and CMS’s annual RAC performance evaluations.  Some of OIG’s findings included:

  • Out of 2.6 million claims reviewed in FYs 2010 and 2011, RACs identified approximately 1.3 million claims involving improper payments.  These claims amounted to nearly $1.3 billion, and, of this amount, RACs recovered or returned $903 million ($768 million was recovered and $135 million was returned).  Inpatient hospitals and physician/non-physician practitioners accounted for 93 percent of all recovered or returned improper payments in FYs 2010 and 2011. 
  • During the study period, providers appealed only a small number of RAC-identified claims with overpayments.  In FYs 2010 and 2011, RACs identified about 1.1 million claims with overpayments and providers appealed 65,198 of them (or about 6 percent).  Almost half (44 percent) of those appealed claims were overturned in the providers’ favor.
  • CMS took corrective action to address the majority of vulnerabilities resulting in improper payments.  According to CMS guidance, a vulnerability is any specific issue associated with more than $500,000 in improper payments.  In FYs 2010 and 2011, CMS identified 46 vulnerabilities and eventually took action to address 28 of them.  CMS’s corrective actions included contractor technical direction letters, implementing computerized edits to block improper payments, and mailing educational letters to providers.  As of June 2012, CMS had not taken corrective action with respect to the remaining 18 vulnerabilities identified in FYs 2010 and 2011.  According to the report, CMS explained that at least one of those vulnerabilities—underpayments made to multiple providers—was considered to be a low priority, but that it intended to take action after addressing other higher-priority vulnerabilities.  OIG also found that CMS did not evaluate the impact of the actions it implemented for any of the 28 vulnerabilities for which CMS took corrective action, despite CMS policy stating that it is responsible for carrying out such evaluations.
  • In FYs 2010 and 2011, CMS received a total of six RAC fraud referrals.  According to the study, CMS had not taken action to address any of those referrals as of November 2012.
  • With respect to CMS’s performance evaluations, OIG noted, among other things, that CMS did not describe the RACs’ ability, accuracy, or effectiveness in identifying improper payments in four of the eight performance evaluations it reviewed.  OIG added that none of the evaluations linked the RACs’ proficiency in identifying improper payments to performance evaluation metrics.  

In light of its findings, OIG recommended that CMS (1) take appropriate action to address the vulnerabilities pending corrective action and evaluate the effectiveness of all implemented corrective actions; (2) make sure that RACs refer all appropriate cases of potential fraud; (3) review and respond to RAC referrals of fraud in a timely fashion; and (4) introduce new performance evaluation metrics to better track and improve RAC performance.  In CMS’s response, it concurred with OIG’s first, second and fourth recommendations.  With respect to OIG’s third recommendation, CMS did not say whether it concurred but stated it had reviewed the six referrals of potential fraud referenced in the report.