OIG Report Reveals CMS’s Ongoing Oversight Problems with Provider Enumeration and Medicare Enrollment

The Office of Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS) recently issued the results of an investigation into the quality of provider-related data held in its databases in a report entitled “Improvements Needed To Ensure Provider Enumeration and Medicare Enrollment Data are Accurate, Complete, and Consistent.” The investigation reviewed the accuracy and completeness of provider-related data held in the National Plan and Provider Enumeration System (NPPES) and Medicare Provider Enrollment, Chain, and Ownership System (PECOS) as well as CMS’s oversight of these systems. The report revealed that the two databases of provider-related data are replete with “inaccurate data” and “ineffective safeguards” and ultimately concluded that the “integrity and security of health information systems and data” continues to be a “Top Management Challenge for HHS.”


The Center for Medicare & Medicaid Services (CMS) collects and holds provider-related data in two databases–NPPES and PECOS. NPPES contains the data that providers are required to submit in order to obtain a National Provider Identifier (NPI); while, PECOS contains the data collected from provider enrollment applications submitted by providers to enroll in Medicare. To break down the enrollment process, before enrolling in Medicare, a provider must apply through NPPES to obtain an NPI. CMS assigns NPIs to providers via a process called enumeration, and these assignments are maintained within NPPES. After obtaining an NPI, a provider wishing to establish and maintain Medicare billing privileges must enroll in Medicare and periodically reenroll with accurate and verifiable information via an approved CMS application process. The Medicare provider enrollment applications are processed through PECOS. CMS oversees both NPPES and PECOS and uses contractors to process and maintain provider information.

The accuracy of the data held by CMS is of increasing importance to providers because according to the OIG 2012 Compendium of Unimplemented Recommendations, HHS and OIG “rely heavily on the availability and completeness of data to…identify instances of fraud, waste and abuse.” CMS and OIG decided long ago that preventing fraudulent providers from enrolling in Medicare, Medicaid and other federal health care programs is a more efficient and effective method to combat fraud and abuse than trying to recover fraudulent payments that have already been issued. Yet, under the current enrollment and administration systems, CMS staff indicated that the “onus is on the providers” to keep their data accurate though “CMS is ultimately responsible for ensuring the accuracy of the database.”

Please click the link below to download the full alert.

Related Services