Report Materials
Why OIG Did This Audit
The Centers for Medicare and Medicaid Services (CMS) requested that OIG audit a mail-order pharmacy's Medicare Part D Eligibility Verification Transactions (E1 transactions). To address CMS's request, we conducted this audit of E1 transactions, which included the requested provider's transactions. During our audit, we discovered that providers were taking advantage of gaps in CMS's program integrity in E1 transactions. Because E1 transactions contain beneficiary protected health information (PHI), we wanted to verify that the providers were appropriately using E1 transactions for their intended purposes.
How OIG Did This Audit
We judgmentally selected 30 providers that submitted 3.9 million E1 transactions. We selected these 30 providers because they submitted a large volume of E1 transactions relative to the number of prescriptions processed. We matched E1 transactions to prescriptions within 90 days of an E1 transaction. The result was 2.6 million E1 transactions not matched to a prescription. We reviewed supporting documentation to determine whether providers used E1 transactions for appropriate purposes.
What OIG Found
The majority of providers (25 of 30) used E1 transactions for some purpose other than to bill for a prescription or determine drug coverage billing order. On average, 98 percent of these 25 providers' E1 transactions were not associated with a prescription. We did not contact 10 providers because they were closed, under investigation, or both. Fifteen providers submitted or hired other entities to submit E1 transactions for inappropriate purposes, which involved using a beneficiary's PHI.
After our audit period, CMS took additional steps to monitor use of the eligibility verification system and take appropriate enforcement action when abuse is identified.
The deficiencies we identified occurred because CMS had not yet (1) fully implemented controls to monitor providers submitting a high number of E1 transactions relative to prescriptions processed until after our audit period, (2) published clear guidance that E1 transactions are not to be used for marketing purposes, and (3) limited non-pharmacy access.
What OIG Recommends
We recommend that CMS (1) continue to monitor providers submitting a high number of E1 transactions relative to prescriptions processed, (2) issue guidance that clearly states that E1 transactions should not be used for marketing purposes, (3) ensure that only pharmacies and other authorized entities submit E1 transactions, and (4) take appropriate enforcement action when abuse is identified.
CMS concurred with our recommendations and described actions that it had taken or planned to take to address our recommendations.
Notice
This report may be subject to section 5274 of the National Defense Authorization Act Fiscal Year 2023, 117 Pub. L. 263.