backOIG Audit Finds Medicare Improperly Paid DMEPOS Suppliers $22.7 Million Over 7 Years
On October 28, 2025, HHS Office of Inspector General (OIG) posted an audit report finding that Medicare improperly paid suppliers $22.7 million over seven years for durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS) provided to Medicare enrollees during inpatient stays. This audit was conducted to follow up on a November 2018 audit, which identified that Medicare improperly paid suppliers $34 million for DMEPOS from January 1, 2015 through December 31, 2017. This most recent audit spanned from 2018 through 2024, and OIG concluded that none of the $22.7 million in payments to suppliers for DMEPOS complied with Medicare requirements and that suppliers may have incorrectly collected up to $5.9 million in deductible and coinsurance amounts from enrollees or from someone on their behalf.
By way of background, Medicare Part B should not pay a supplier for items furnished to an enrollee who is still an inpatient. This is because the DME benefit under Medicare is limited to items that are furnished for use in the enrollee’s home. Suppliers, therefore, cannot be paid by Medicare for these items and must look to the inpatient facilities for payment for the items they provide to an inpatient enrollee.
As a result of the 2018 audit, OIG determined that the system edits to prevent overpayments to suppliers were not adequate and recommended that CMS correct the system edits to fully prevent and detect overpayments to suppliers for DMEPOS items provided during inpatient stays. CMS agreed with this recommendation and modified its claims processing system in January 2020. There was a large drop in overpayments resulting from the system edits, with about 80% of the overpayments identified in this audit occurring prior to January 2020. However, given that OIG alleged $4.5 million was improperly paid following the system edits, OIG believes further evaluation is needed to determine whether additional refinements are necessary.
Findings
OIG found that Medicare payments to suppliers for DMEPOS items provided to enrollees during inpatient stays from 2018 to 2024 did not comply with Medicare requirements. Specifically, OIG alleged that $22.7 million was improperly paid to suppliers for 114,323 DMEPOS items and suppliers should not have billed separately for the DMEPOS items provided to enrollees during their inpatient stays. In addition, OIG determined that suppliers may have incorrectly collected up to $5.9 million in deductible and coinsurance amounts from 51,747 enrollees or from someone on their behalf.
The OIG concluded that Medicare Part B improperly paid $16.7 million (or 73% of the total amount of overpayments) to suppliers for DMEPOS items provided to enrollees who were inpatient at acute-care hospitals. These are considered overpayments because the payment for those items are already included in the inpatient PPS rate that is paid out by Medicare Part A. According to the OIG, seventeen percent of the overpayments were paid to suppliers for items provided to enrollees who were inpatient at an inpatient rehabilitation facility, 5% to enrollees who were inpatient at a long-term care hospital, 3% to enrollees who were inpatient at inpatient psychiatric facilities, and 2% to enrollees who were inpatient at critical access hospitals.
The audit also found that improper payments for artificial limbs, urinary catheters, and other prosthetics and orthotics accounted for 55% of the total improper payments. Drugs administered through DME accounted for 15% of the improper payments, and DME (walkers, wheelchairs, hospital beds, etc.) accounted for 11% of the improper payments. Additionally, feeding tubes and nutrition supply kits accounted for 8% of the improper payments, wound-care suppliers, fillers, and other supplies accounted for 7% of the improper payments, and injections and immunosuppressive drugs accounted for the remaining 4% of the improper payments.
Recommendations and CMS Comments
Based on the results of the audit, OIG recommended that CMS:
- Direct the DME MACs to recover the $22.7 million in overpayments from suppliers;
- Direct the DME MACs to recommend that the suppliers refund the $5.9 million in deductible and coinsurance amounts to enrollees;
- Instruct the DME MACs to notify suppliers that received overpayments to consider conducting internal audits or investigations based on the risks identified by this audit;
- Identify any DMEPOS claim after the audit period for items provided to enrollees during inpatient stays and direct the DME MACs to recover any improper payments; and
- Review system edits to determine whether additional refinements are necessary to prevent additional improper payments to suppliers.
CMS agreed with OIG’s first four recommendations and has purportedly taken action to address the recommendations. However, CMS did not concur with OIG’s fifth recommendation. CMS explained that it received a sample of claims identified by OIG during the audit and could not identify a systemic cause for the overpayments resulting after the system edits were implemented in January 2020. Therefore, CMS did not agree with OIG that further refinements are necessary. OIG maintained that its final recommendation is valid and encouraged CMS to conduct a review of the list of the improperly paid claims to identify whether systemic issues exist.
A full copy of the OIG audit report can be found here.
Reporter, Morgan Cronin, Atlanta, + 1 404-572-2795, mcronin@kslaw.com.
Upcoming Events
Life Sciences & Healthcare Roundtable Webinar: Data Security Incident Response: How to Plan for It, Deal With It and Survive It
Thursday, November 20, 12:30 p.m. – 1:30 p.m. ET
Join us for a webinar focused on data security incident response for healthcare industry companies. Our expert panel will explore key challenges and best practices, including how to prepare for a security incident, engage the board effectively, manage response efforts, preserve attorney-client privilege and develop a strong communications strategy. The discussion will also cover navigating HIPAA and state law requirements, notification protocols, credit monitoring, cyber insurance considerations, and dealing with the aftermath of an incident.
You do not have to be a client to attend, and there is no charge. RSVP by November 19. For questions, contact Sydney Forte
Editors: Chris Kenny and Ahsin Azim
Issue Editors: Michael LaBattaglia and Priya Sinha