OIG: Medicare provider databases need better management
The Department of Health and Human Services’ Office of the Inspector General is recommending improvements to management of the agency’s two Medicare provider databases.
In the National Plan and Provider Enumeration System (NPPES) and Provider Enrollment, Chain and Ownership System (PECOS), Medicare provider data were “often inaccurate and occasionally incomplete,” the OIG found in a recent report.
The OIG has previously identified problems with NPPES and PECOS (and their predecessor system), citing them as a possible contributor to improper payments, with some fraud schemers potentially enrolling in the database as providers.
In its latest report, the OIG surveyed a random sample of 170 Medicare providers (out of 987,200) to probe data accuracy and consistency between NPPES and PECOS. (Medicare providers use NPPES to apply for a national provider identifier, or NPI, and then enroll through PECOS.)
Data “were generally inconsistent between the two databases,” in 97 percent of records, the OIG found; data were inaccurate in 48 percent of NPPES records and in 58 percent of PECOS records. Provider addresses were the source of most inaccuracies and inconsistencies — problematically, the OIG said, because addresses are “essential for contacting providers and identifying trends in fraud, waste and abuse.”
The OIG, the watchdog arm of HHS, also found that CMS did not verify most provider information, in either NPPES or PECOS. Social security numbers for physicians and provider representatives was the only data element verified within NPPES — “a possible explanation for why SSNs were the most complete and consistent variable in both databases,” the OIG said.
No other data points were verified, the OIG found. CMS and contractor staff told the OIG that although the NPPES software standardized the street names to those used by the U.S. Postal Service, the software did not verify that the provider actually maintained a practice at the location.
CMS staff, meanwhile, told the OIG that they typically focus integrity efforts solely on PECOS because NPPES is not used exclusively for federal healthcare programs, and they also said that it is providers’ responsibility to keep their information accurate and timely.
[See also: OIG lets state Medicaid fraud units use federal funds for analytics.]
The OIG said the data management issues go back several years. In 2008, four years after the two databases launched, the OIG told Congress that CMS would be better served preventing the enrollment of “unqualified and fraudulent” providers, rather than attempting to recover payments or address fraud or abuse after the fact.
While CMS has called PECOS an important tool to track and identify illegal Medicare billing, the OIG said it has found problems throughout the system’s implementation and use that mirror a predecessor system, the Unique Physician Identification Number.
The OIG found in an early review of PECOS that contractor staff processing Medicare applications “misunderstood policy and had trouble accessing the system,” and in a 2009 study, the OIG could not reach many of the providers in its sample from the contact information listed in PECOS.
CMS, meanwhile, has been working on improving records, recently directing all providers and suppliers enrolled in PECOS before March 2011 to revalidate their enrollment data. In large part that effort is geared toward meeting Affordable Care Act provisions that require Medicare providers to be classified by risk of improper payments, in categories of limited, moderate or high.
The OIG, though, still has several recommendations for managing the databases.
CMS should require Medicare administrative contractors to use program integrity safeguards for Medicare provider enrollment, and require more verification of NPPES and PECOS data, using tools such as automated screening, the OIG said. CMS should also make a point to detect and correct inaccurate or incomplete provider data, the watchdog said.
See also:
