A recent experiment conducted by the Government Accountability Office (GAO) seems to show significant gaps in the fraud-prevention efforts of the Centers for Medicare & Medicaid Services (CMS) when it comes to awarding Medicare contracts and billing privileges to new DMEPOS suppliers.
The GAO’s findings may also serve as some vindication for those in the DME industry who have protested for years that CMS complains about fraud in this sector, but has historically done too little to combat it proactively.
Starting in February 2007 and ending in June 2008, the GAO sought to secure Medicare supplier numbers, open two DME businesses — one in Maryland and one in Virginia — and complete electronic test billing to determine if CMS safeguards were working effectively. In opening the phony stores, undercover GAO personnel were careful to use resources and information accessible to the general public, such as “publicly available guidance and software.” The GAO also used case studies of actual fraudulent DME suppliers to determine how to set up the fake businesses.
In his July report to the Senate’s Committee on Homeland Security and Governmental Affairs, Gregory D. Kutz, GAO managing director of forensic audits and special investigations, noted, “CMS approved both of our fictitious, easily created DMEPOS storefronts despite the fact that we had no clients and no inventory.” Kutz said CMS and the National Supplier Clearinghouse (NSC), contracted by CMS to issue supplier billing numbers, initially declined the GAO’s applications because the dealerships lacked inventory, but “eventually accepted the phony contracts with wholesale suppliers we created.”
In at least some cases, the NSC’s attempts to confirm the legitimacy of these would-be suppliers were flimsy and lacked follow-through, Kutz said.
“NSC performed limited verification to confirm the authenticity of these (inventory) contracts,” he said. “For example, the telephone number we gave for the wholesalers rang on an unmanned undercover telephone in the GAO building. When NSC’s inspector left a message on the number looking for further information related to the contracts, a GAO investigator left a vague message in return, pretending to be the wholesaler,” but without confirming that the fake company had either a contract with the wholesaler or a credit line.
Kutz said despite that lack of information, NSC never followed up to be sure the store would be able to service beneficiaries. And the store eventually received its billing number.
The GAO also successfully completed electronic test billing as required, though it stopped short of attempting to actually bill Medicare.
On June 18, the GAO informed CMS of the investigation and its results. “In response, they stated that they are implementing new supplier requirements, including the accreditation process and the revisions and additions to the 25 standards that were proposed in January 2008,” Kutz said. “They also acknowledged that our covert testing illustrates gaps in oversight that still require improvement and stated that they would continue to work to strengthen the entire DMEPOS enrollment program.”
But Kutz concluded in his report to the Senate, “As indicated, CMS is currently taking additional actions to strengthen both the 25 standards and its oversight of the DMEPOS supplier enrollment process; however, these actions will only be successful if those tasked with ensuring compliance exercise due diligence when conducting screenings and inspections. Our covert tests clearly demonstrate that a simple paperwork review is not sufficient.”
He added, “Unless CMS and its contractors scrutinize suppliers to ensure that they are responsible, legitimate businesses, DMEPOS fraud will continue to cost taxpayers billions of dollars each year.”
Kutz stated in his cover letter to the Senate committee that his office would release its findings in August, unless the committee decided to release the report earlier, and that the GAO would send a copy to CMS Acting Administrator Kerry Weems. Kutz said his office would also make the report available to the public.
To read the GAO report, go to www.gao.gov and search for document GAO-08-955.