To establish and maintain Medicare billing privileges, providers and suppliers must be enrolled in a CMS database known as PECOS, which stands for Provider Enrollment, Chain and Ownership System, the report noted.
“In fiscal year 2014, Medicare paid $554 billion for health care and related services. CMS [Centers for Medicare and Medicaid Services] estimates that $60 billion of that total was paid improperly.”
About 1.8 million providers and suppliers were in PECOS as of December 2014, according to the CMS.
The GAO said that it examined the implementation of four enrollment screening procedures that CMS uses to prevent and detect ineligible or potentially fraudulent providers and suppliers from enrolling in the PECOS database.
The report identified weaknesses in two PECOS enrolment procedures: CMS’s verification of provider practice location and physician licensure status.
“GAO’s examination of 2013 data found that about 23,400 of 105,234 of practice location addresses are potentially ineligible.”
The GAO pointed out that the computer software CMS uses as a method to validate applicants’ addresses does not flag potentially ineligible addresses,
Also, a March 2014 CMS “reduced the amount of independent verification conducted by contractors, thereby increasing the program’s vulnerability to potential fraud,” the GAO warned.
The report noted that GAO had been asked “to determine whether PECOS was vulnerable to fraud.”
The GAO recommended that the CMS incorporate flags into its software to help identify potentially questionable addresses, revise its 2014 guidance for verifying practice locations and collect additional license information.