The Medicare Integrity Program (MIP) is a federally funded effort designed to prevent fraud, waste, and improper payments in Medicare. Established by Congress in 1996, it gives the Centers for Medicare & Medicaid Services (CMS) the authority and funding to hire specialized contractors who audit claims, review medical records, screen providers, and flag suspicious billing. In the most recent measurement period, Medicare fee-for-service improper payments totaled an estimated $28.83 billion, representing a 6.55% error rate. The MIP exists to shrink that number.
How MIP Was Created
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is best known for its privacy rules, but Section 202 of that law also added a new provision, Section 1893, to the Social Security Act. That provision created the Medicare Integrity Program and gave CMS broad authority to contract with outside entities specifically for program integrity work. Before MIP, fraud prevention was handled more loosely through the same contractors that processed Medicare claims. MIP separated the watchdog function into its own funded lane.
The program draws its funding from the Medicare Hospital Insurance Trust Fund, the same fund that pays for Part A hospital benefits. Congress appropriates MIP dollars annually, and those funds cover integrity activities across all parts of Medicare, not just hospital claims. This dedicated funding stream means fraud prevention doesn’t compete directly with claims processing for the same budget.
What MIP Actually Does
At its core, MIP funds several categories of work that all aim at the same goal: making sure Medicare only pays for services that are medically necessary, properly coded, and actually delivered. The main activities include medical record reviews, data analysis to spot billing anomalies, audits of provider cost reports, provider enrollment screening, and actions to ensure Medicare doesn’t pay for care that another insurer should cover.
Medical review is one of the most visible functions. Contractors pull claims and request the supporting medical records from providers, then check whether the service billed actually matches what the documentation shows. This can happen before a claim is paid (prepayment review) or after the money has already gone out the door (postpayment review). Reviews focus specifically on billing accuracy. If a documentation problem doesn’t change the payment amount, it falls outside MIP’s scope.
Data analysis runs continuously in the background. Contractors are required to store at least 36 months of claims data spanning Part A, Part B, durable medical equipment, home health, and hospice. They mine that data to identify patterns that suggest fraud, waste, or abuse, such as a provider billing far more of a particular service than peers in the same specialty, or a sudden spike in claims from a specific geographic area.
The Contractors Behind the Program
CMS doesn’t do most of this work in-house. Instead, it contracts with several types of specialized entities, each with a defined role.
- Medicare Administrative Contractors (MACs) process and pay Medicare claims, but they also perform medical reviews and data analysis as part of their integrity responsibilities.
- Unified Program Integrity Contractors (UPICs) focus exclusively on investigating fraud and abuse. They analyze claims data across entire jurisdictions and are responsible for obtaining billing records for all beneficiaries whose claims were paid by the MACs in their zone.
- Recovery Auditors review paid claims to identify overpayments and underpayments, then work to recover the overpaid amounts.
- Supplemental Medical Review Contractors (SMRCs) handle additional, targeted reviews that CMS assigns when national data reveals specific problem areas.
All of these contractors follow instructions laid out in the Medicare Program Integrity Manual, a detailed CMS guidance document that specifies how to analyze data, conduct reviews, and take corrective action.
How the Fraud Prevention System Works
One of the more sophisticated tools in MIP’s toolkit is the Fraud Prevention System (FPS), which uses predictive analytics similar to the fraud detection systems credit card companies rely on. The FPS monitors roughly 4.5 million Medicare claims per day, covering Part A, Part B, and durable medical equipment. It applies risk-scoring models to near-real-time claims data and generates alerts when billing patterns look suspicious.
Those alerts feed into a case management system that gives investigators detailed provider profiles and supporting evidence. Rather than waiting months for an audit to catch a problem after millions have already been paid, the FPS lets CMS identify high-risk providers early and take action before losses accumulate. This shift from “pay and chase” to “prevent and detect” has been one of the program’s most significant modernizations.
Provider Screening and Enrollment
Before a provider or supplier can bill Medicare at all, they go through an enrollment screening process that operates on three risk tiers: limited, moderate, and high. CMS assigns each applicant to a tier based on the type of provider and other risk factors.
At the limited level, contractors verify that the provider meets all federal and state requirements, check licenses (including across state lines for physicians and nonphysician practitioners), and run database checks before and after enrollment. At the moderate level, everything from the limited screen applies, plus the contractor conducts an on-site visit to the provider’s practice location. At the high level, all lower-tier checks apply, and anyone who holds a 5% or greater ownership interest in the provider entity must submit fingerprints for a national criminal background check through the FBI’s database.
This tiered approach lets CMS concentrate its most intensive screening on the provider categories most historically associated with fraud, such as home health agencies and durable medical equipment suppliers, while keeping the process lighter for lower-risk providers like hospitals.
How MIP Relates to Broader Fraud Enforcement
The Medicare Integrity Program is one piece of a larger federal effort to combat healthcare fraud. The Health Care Fraud and Abuse Control (HCFAC) program is the broader umbrella, jointly run by the Department of Health and Human Services and the Department of Justice. HCFAC funds not only CMS’s program integrity work but also criminal investigations by the FBI and the Office of Inspector General.
MIP’s role within that framework is primarily administrative and preventive. It focuses on identifying improper payments, conducting audits, and screening providers. When MIP contractors uncover evidence of outright criminal fraud, the case typically gets referred to law enforcement agencies for investigation and prosecution. In fiscal year 2019, CMS merged its Medicare and Medicaid program integrity budget allocations into a single line, reflecting the reality that fraud schemes often span both programs.
Measuring Whether It’s Working
CMS tracks MIP’s effectiveness partly through the Comprehensive Error Rate Testing (CERT) program, which pulls a statistically valid random sample of Medicare fee-for-service claims each year and checks whether they were paid correctly. The fiscal year 2025 report, covering claims from July 2023 through June 2024, found an overall improper payment rate of 6.55%, totaling $28.83 billion.
That number includes every type of payment error: claims with insufficient documentation, incorrect coding, medically unnecessary services, and outright billing for services not rendered. Not all improper payments are fraud. Many result from paperwork mistakes or honest misunderstanding of complex billing rules. But the CERT rate serves as a benchmark. When MIP activities are effective, the error rate should trend downward. When new fraud schemes emerge or oversight resources are cut, the rate climbs. The persistence of a multibillion-dollar error rate underscores why the program exists and why its funding remains a recurring line item in federal budgets.