The Program for Evaluating Payment Patterns Electronic Report (PEPPER) is supposed to be used to support internal auditing and monitoring activities, with the goal of preventing improper Medicare payments.

The most recent PEPPER report contains provider-specific data statistics for episodes of care identified by Medicare as potentially vulnerable to improper payments for encounters recorded from Oct. 1, 2009 through Sept. 30, 2012. Acute-care hospitals, critical access hospitals, psychiatric hospitals, rehabilitation hospitals and hospices have been receiving such reports for year.

Why they send them

The U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) believes there is a lot of Medicare fraud out there, and they want to scare providers into compliance and reduce the cost of the Medicare payments at the same time. I call it the IRS method.

The IRS can’t audit every tax return. The agency does want taxpayers submitting tax returns to have a reasonable fear of the consequences of fibbing, though. Since there are a lot of tax returns filed, the IRS looks for unusual ratios in tax returns, then audits some of the abusers and lets word of mouth convince people to be honest.

How big does CMS think the problem is?

The Centers for Medicare & Medicaid Services (CMS) clearly thinks the problem is huge. According to the Medicare Fee-For-Service 2010 Improper Payment Report:

“In 2010, the Medicare FFS (fee-for-service) paid claims error rate was 10.5 percent,” the report read, “or $34.3 billion in improper payments.”

Knowing you have a problem is only part of the solution. The OIG wanted to find abusers the same way the IRS did. Here is where “big data” comes into play.

Here is a list of some of the data sources the OIG uses to identify fraud:

  • The Healthcare Cost Report Information System (HCRIS) has cost report data for all nursing homes dating back to 1996.
  • Medicare’s “open working file” includes information on all paid and pending claims.
  • Medicare Administrative Contractors (MACs) claims databases.


Nursing homes must file a Medicare cost report every year. This information is reported to CMS by the MACs and loaded into HCRIS. Cost report data includes, but is not limited to:

  • Resource utilization group (RUG) data
  • Census data
  • Income statements
  • Balance sheets

The common working file

CMS maintains a database of all billed and paid Medicare claims. Claims older than 18 months are listed in the system, but the claims detail is truncated since the claims cannot be adjusted. The OIG and certain vendors have access to this data.

MAC databases

The seven national MACs maintain their own databases of billed and paid claims. The OIG and CMS have access to this data.

They all got together and talked

In July 2013, the General Accounting Office and the Office of Inspector General released a report called “Data Analytics for Oversight and Law Enforcement.” Sounds like a scary title. It is a scary title. Here are some quotes from the report:

“Participants (the OIG and GAO) also cited an interest in finding ways to identify sources of information on known offenders, or ‘bad actors,’ that agencies identified as having taken advantage of the government in an abusive or fraudulent manner.”

“Participants noted that there is a wide array of data that exist about such individuals, such as individual Inspector General (IG) databases, public court records, and data on contractors and grant recipients.”

“While the fall in days can partially be attributed to the penetration of Medicare Advantage plans, the impact of the fear of Zone Program Integrity Contractor (ZPIC) audits appears to be the real culprit.” 

Nursing homes are keeping patients for shorter periods of time and offering less rehabilitation because the OIG scared them. CMS decided this worked so well, they would send out PEPPER scorecards telling nursing homes how they ranked in RUG scores and length-of-stay categories. Who needs to audit when you can scare providers into reducing services?  

What is in PEPPER?

The PEPPER scorecards provide:

For acute-care hospitals, long-term acute-care hospitals, and critical access hospitals:

  • DRGs “prone to readmission” data
  • Readmission data
  • 72-hour rule data
  • Three-day stay for inpatient claims data


For hospices:

  • Live discharges data
  • Long length of stay data

For nursing homes

  • RUG utilization data
  • Change of therapy data
  • Long-stay claim data for stays over 90 days

The provider is scored against:

  • Federal averages
  • State averages
  • MAC jurisdictional averages

What can you do?

First, while the PEPPER reports themselves clearly indicate that the reports are not provided to your local RACs and ZPICs, assume that they are, and review any items noted in the report. Remember that lack of documentation in coding is the largest cause of findings from governmental audits.

Incorporate coding reviews into your compliance plan and make sure your compliance plan meets the new OIG and CMS rules.

What CMS does not provide is a local context. Billing and payment patterns are affected by the city, state, and county of your facility. There is data available from consultants about how you benchmark against facilities in your region. Let them help you. 

What if I did not get my PEPPER scorecard?

Some nursing home facilities and other providers will not receive PEPPER reports because they did not have enough facilities in their jurisdictional group to create a PEPPER report. Other than this small number of facilities, the PEPPER scorecards were mailed in a paper report generically addressed to “administrator.”

We can help you get your PEPPER scorecard if you did not receive it or cannot find it. 

About the Author

Timothy Powell, CPA, is the healthcare manager for Moore, Stephens long-term care group. He has more than 30 years of reimbursement experience working with the “Big 4.” He has worked in the managed care area for most of his career.

Contact the Author

To comment on this article please go to

Share This Article