HHA outliers one of the few fraud risks CMS did address from 2009. The Centers for Medicare & Medicaid Services is sitting on its hands when it comes to fraud risks, according to a new HHS Office of Inspector General report. "As of January 2011, CMS had not resolved or taken significant action to resolve 77 percent of vulnerabilities reported by contractors in 2009," the OIG says in the report, "Addressing Vulnerabilities Reported by Medicare Benefit Integrity Contractors." And when it did take action, often CMS took steps not recommended by the contractors. CMS had fully resolved only two of the 62 vulnerabilities reported in the time period, the OIG adds. The benefit integrity contractors include Program Safeguard Contractors (PSCs) and Zone Program Integrity Contractors (ZPICs). One of the fully resolved vulnerabilities was in the home health industry -- unnecessary home health visits to diabetic patients. "CMS adopted a 10-percent cap on outlier payments for home health agencies to reduce payments for unnecessary services," the OIG notes. The problem: "Although CMS has procedures to consistently track and review vulnerabilities, it lacks procedures to ensure that vulnerabilities are resolved," the OIG says. CMS agreed to determine the status of all vulnerabilities that have not been resolved and take action to address them, it says in its response to the report. Note: The report is online at http://oig.hhs.gov/oei/reports/oei-03-10-00500.pdf.