The federal agency that administers Medicare and Medicaid contributed to gaps in a national database of disciplined health care providers when it failed to report disciplinary actions as required by law, a new investigation found.

Significant gaps in the decades-old database came to light earlier this year when ProPublica found that many states hadn’t been reporting disciplinary actions taken against doctors, nurses, therapists and other health practitioners as required.

But the Centers for Medicare & Medicaid Services, a federal agency that’s part of the Department of Health and Human Services, essentially undermined its own department’s efforts to manage and maintain the federal database.

The new investigation was conducted by the department’s inspector general [PDF]. It found that CMS, which oversees health care programs serving about 45 million Medicare beneficiaries and 59 million Medicaid beneficiaries, took disciplinary action against numerous bad medical providers but did not report those actions to the Healthcare Integrity and Protection Data Bank.

The database is meant to help hospitals and other entities make informed hiring decisions, and to prevent incompetent, fraudulent, or abusive medical providers from crossing state lines to continue practicing and putting patients at risk. But as we’ve reported, the database is riddled with gaps, and many states have also failed to report.

Because the sanctions that went unreported by CMS often involved institutions such as nursing homes and laboratories, the repercussions of this missing data may be less serious compared to the data that went unreported by states. Unlike individual practitioners, they’reless able to move across state lines and set up shop elsewhere.

CMS is required by law to report the following types of disciplinary action to the database: revocations and suspensions of laboratory certifications; terminations of providers from participation in Medicare; civil monetary penalties against all types of providers, managed care plans, and prescription drug plans.

Some of the data that should’ve been reported includes 148 sanctions imposed against laboratories in 2007 and 30 sanctions taken against managed care and prescription drug plans between January 2006 and July 31, 2009. From 2004 to 2008, the agency banned 45 nursing homes from participating in Medicare, and those actions were not reported until fall 2009, long after the required reporting timeframe, the inspector general’s office said.

One CMS division —responsible for tracking and reporting actions against Medicare-certified providers—didn’t report a single action between 2001 and 2008.

Officials from the agency wrongly believed “that only adverse actions related to fraud and abuse should be reported to the HIPDB,”the inspector general’s office found.

CMS acknowledged the lapse in a written response to the inspector general’s office. The agency said it will work on reducing the extent of manual reporting and building the necessary infrastructure to meet reporting requirements in the future.