The Office of Inspector General (“OIG”) of the United States Department of Health and Human Services (“HHS”) has issued a report criticizing the Centers for Medicare and Medicaid (“CMS”) and its Recovery Audit Contractor (“RAC”) Program. In a report issued on September 4, 2013, the OIG determined that CMS need to take corrective action on reimbursement program vulnerabilities, had not addressed fraud referrals form its RAC auditors, and had not provided sufficient oversight of RAC performance.

In Report OIE-04-11-00680, the OIG reported that although CMS took corrective action in 2010 and 2011 in response to program vulnerabilities, deficiencies nevertheless continue. For example, CMS apparently did not take action to address six RAC referrals for potential fraud.  The OIG also reported that when comparing performance evaluation metrics with RAC contract performance requirements, CMS oversight of the RAC’s performance is not as effective as it should be.

According to the OIG, RAC auditors identified half of all claims they reviewed in 2010 and 2011 as having been improperly paid.  CMS defines any specific issue associated with more than $500,000 in improper payments as a “vulnerability”.  CMS is supposed to develop corrective action plans to address vulnerabilities and is to keep an action plan open until each vulnerability is corrected.    One example of corrective action is provider education.

As of June 2012, CMS had not taken action on 18 of 46 vulnerabilities.  As of this same time, CMS had not evaluated the effectiveness of its correction actions on 28 of 46 vulnerabilities.   Additionally, as of November 2012, CMS has not taken action to address the six fraud referrals that had been made by RAC auditors in 2010 and 2011.

Although most of the RAC-identified overpayments were made to hospitals, all health care providers should be vigilant in ensuring adequate documentation, proper code selection, and the ability to defend the medical necessity of items and services provided to Medicare beneficiaries.