The Centers for Medicare & Medicaid Services has fallen short in its efforts to prevent improper Medicare payments through the use of recovery audit contractors (RACs),a new Government Accountability Office report asserts.

CMS in 2005 initiated a three-year demonstration project in part to determine the effectiveness of RACs in identifying improper Medicare payments and recouping overpayments. While RACs identified 58 vulnerabilities in the project that led to improper payments during that time, CMS has failed to address 35 of those, according to the GAO. Those unaddressed vulnerabilities represent $231 million in improper payments during the three-year project. A mandated national RAC program began in March 2009.

CMS took steps to compile identified vulnerabilities and recommend actions to prevent improper payments for the national RAC program, which went into effect in March of this year, according to the GAO. But these fixes “lack certain essential procedures and staff with the authority to ensure that these vulnerabilities are resolved promptly and adequately to prevent further improper payments.”

To help correct these vulnerabilities, the GAO recommends that CMS authorize personnel to ensure implementation of corrective actions and that the actions taken were effective. CMS agreed with the GAO findings, and has said it intends to include the recommended fixes in its national RAC program.