GAO Report: RAC Program Lacks Follow-through

  • By
  • In Audit
  • April 15, 2010
  • Comments Off on GAO Report: RAC Program Lacks Follow-through

A U.S. Government Accountability Office’s (GAO) March 2010 report to Congress concludes that, although the Center for Medicare & Medicaid Services (CMS) has taken steps to improve recovery audit contractor (RAC) oversight and related services to providers, the agency has not established processes to ensure prompt resolution of RAC-identified improper payment vulnerabilities.
Despite actions CMS has taken to resolve RAC and Medicare administrative contractor (MAC) coordination issues and to improve oversight of RAC accuracy and service to providers, there continues to be a lack of accountability and adequate processes for ensuring corrective actions are taken, the GAO report says. This has resulted in most of the RAC-identified vulnerabilities that led to improper payments going unaddressed.


The GAO bases its claims on evidence that CMS implemented corrective actions for only 23 of the 58 vulnerabilities (40 percent) listed in the Improper Payment Prevention Plan (IPPP) — leaving 35 of the 58 vulnerabilities identified during the demonstration project (60 percent) unresolved.
CMS stated in its June 2008 demonstration evaluation report that overpayments were identified for 18 specific medical services totaling $378 million. GAO’s analysis of the status of the vulnerabilities related to these overpayments in the IPPP indicates that corrective actions had not been implemented by CMS or MACs for vulnerabilities representing $231 million (61 percent) of the $378 million in overpayments for these services. More than 90 percent of the $231 million in vulnerabilities that were not addressed were for inpatient hospital claims alone.


To help reduce future improper payments, the GAO recommends in the report that the administrator of CMS develop and implement a process that includes policies and procedures to ensure that the agency promptly:

  • evaluates findings of RAC audits,
  • decides on the appropriate response and a time frame for taking action based on established criteria, and
  • acts to correct the vulnerabilities identified.

As part of this process, the GAO recommends that the administrator of CMS designate key personnel with appropriate authority to be responsible for ensuring corrective actions are implemented and the actions taken were effective.
Read the full GAO report for details.

Comments are closed.