By way of background, CMS conducted a 3-year demonstration project from March 2005 through March 2008 on the use of recovery audit contractors (RACs) to identifying and recoup Medicare improper payments. CMS subsequently established implemented the program nationwide. Under the permanent RAC program, four designated contractors review Medicare paid claims and are paid contingency fees based on the overpayments and underpayments they find. The Government Accountability Office (GAO) was asked to examine specific issues that arose during the demonstration project and CMS’s efforts to address them in the national RAC program. The GAO found that CMS did not establish an adequate process to address RAC-identified vulnerabilities that led to improper payments, such as paying duplicate claims for the same service. In fact, according to GAO, CMS has not yet implemented corrective actions for 60 percent of the most significant RAC-identified vulnerabilities that led to improper payments. GAO recommends certain improvements to the CMS corrective action process, with which CMS agreed.