United States GA!0 General Accounting Office Washington, D.C. 20548 /5”-9/2s Health, Education, and Human Services Division B-278752 December 3, 1997 The Honorable Thomas A DascNe Minority Leader United States Senate The Honorable Richard A. Gephardt Minority Leader House of Representatives The Honorable Tom Harkin The Honorable Harry M. Reid United States Senate The Honorable James 0. Davis The Honorable Bat-t Stupak House of Representatives Subject: Medicare: Effective Imnlementation of New Legislation is Kev to Reducing Fraud and Abuse Because Medicare is one of the largest, most expensive programs in the federal budget, program spending has been the subject of much concern and scrutiny in recent years by the Congress and the administration. In fiscal year 1997, Medicare expenditures totaled an estimated $209 billion, and the program’s Hospital Insurance Trust Fund is expected to be depleted by 2010. At the same time, too much is being spent inappropriately because of the fraudulent and abusive billing practices of health care providers, thus prompting congressional concern about program vulnerabilities. At your request, this correspondence discusses Medicare fraud and abuse in both the fee-for-service and managed care programs. More specifically, it highlights (1) the impact of inadequate payment safeguard funding on efforts to combat abusive billing, (2) ineffective oversight of fee-for-service payments and operations and Medicare managed care plans, and (3) challenges that lie ahead for the effective implementation of recent legislation that addresses fraud and abuse. GAO/HEHS-9%59R Medicare Fraud and Abuse B-278752 The information in this correspondence is based on our recent studies, testimonies, and the three High-Risk Series reports on Medicare we have issued since 1992. The high-risk reports are the products of a special effort, begun irl 1990’and supported by the Senate Committee on Governmental Affairs, to review federal program areas identified as high risk because of vulnerabilities ‘. to waste, fraud, abuse, and mismanagement. (See Related GAO Products at the end of this correspondence.) RESULTS IN BRIEF Medicare’s size, complexity, and rapid growth make it an attractive target for fraud and abuse. Efforts by the Health Care F’inancing Administration (HCFA), the agency responsible for administering the program, to improve program safeguards have not been adequate to prevent substantial losses, in part because the resources available to avoid inappropriate payments have shrunk relative to the program’s size and in part because some tools have been underutilized or not deployed as effectively as possible. Because of budget constraints, reviews of claims and related medical documentation and site audits of providers’ records have become inadequate to keep up with the dramatic increases in Medicare activity. This means, for example, that a provider has only a slim chance of having its claims, its year- end cost reports, or its actual provision of services carefully scrutinized by Medicare. In addition, Medicare’s information systems and claims monitoring processes have not been uniformly effective at spotting indicators of potentiai fraud, such as suspiciously large increases in reimbursements, improbable quantities of services claimed, or duplicate bills submitted to different contractors for the same service or supply. Insufficient oversight has also resulted in little meaningful action taken against Medicare health maintenance organizations (HMCI) found to be out of compliance with federal law and regulations. Although HCFA has required these HMOs to prepare corrective action plans, it has not employed other available remedies, such as excluding poor-performing HMOs from the program, prohibiting continued enrollment until deficiencies are corrected, or notifying beneficiaries of the HMOs cited for violations. Accumulated evidence of m-home sales abuses coupled with high rates of rapid disenrolhnent for certain HMOs also indicates that some beneficiaries are confused or are being misled during the enrollment process and are dissatisfied once they become plan members. In addition, consumer information that could help beneficiaries distinguish the good plans from the poor performers has not been made publicly available, limiting the ability of beneficiaries to make informed choices 2 GAO/HEHS-9%59R Medicare Fraud and Abuse B-278752 about competing plans. This in turn limits the use of competition to drive out poor quality. ._ . Recent legislation-the Health Insurance Portability and Accountability Act of 1996 (HIPU)(P.L. 104191) and the Balanced Budget Act of 1997 (BBA) (P-L. 10533)-refocuses attention on various aspects of Medicare fraud and abuse through new program safeguard funding, new civil and criminal penalties, and new program authorities. However, while the implementation of these provisions offers the potential to reduce Medicare losses attributable to unwarranted payments, HCFA’s history of lengthy delays in implementing legislation gives rise to concern about whether the authorities granted will be deployed promptly and effectively. BACKGROUND Established under the Social Security Amendments of 1965, Medicare is a two- part program: (1) “hospital insurance,” or part A, which covers inpatient hospital, skilled nursing facility, hospice, and home health care services; and (2) “supplementary medical insurance,” or part B, which covers physician and outpatient hospital services, diagnostic tests, and ambulance and other medical services and supplies. In fiscal year 1997, part A covered an estimated 39 million aged and disabled beneficiaries. In Medicare’s fee-for-service program-which is used by almost 90 percent of the program’s beneficiaries-physicians, hospitals, and other providers submit claims for services rendered to Medicare beneficiaries. HCFA administers the fee-for-service program largely through more than 60 claims processing contractors. Insurance companies-like Blue Cross and Blue Shield plans, Mutual of Omaha, and CIGNA-processed and paid an estimated 900 million Medicare claims in fiscal year 1997. Generally, intermediaries are the I contractors that handle claims submitted by “institutional providers” ,%ospitals, skilled nursing facilities, hospices, and home health agencies); carriers generally handle claims submitted by physicians, laboratories, equipment suppliers, and other practitioners. Medicare’s managed care program covers a growing number of beneficiaries- more than 5 million as of September 1997-who have chosen to enroll in a prepaid health plan rather than purchase medical services fr-om individual providers. The managed care program, which is funded from both the part A 3 GAO/HEHS-9%59R Medicare Fraud and Abuse B-278752 and part B trust funds, consists mostly of risk contract HMOs.’ Medicare pays these HMOs a monthly amount, fixed in advance, for each beneficiary enrolled. hi this sense, the HMO has a “risk” contract because regardless of what it spends for each enrollee’s care, the HMO assumes the financial risk of providing health care in return for the predetermined rates. An HMO profits if its cost of providing services is lower than the predeterminedpayment but _ loses if its costs are higher than the payment. Medicare Fraud Fraud and abuse encompass a wide range of improper billing practices in the fee-for-service sector and marketing abuses or denial of services in the HMO program. Both result in unnecessary costs to Medicare; but fraud generally involves a deliberate act, whereas abuse typically involves actions that are inconsistent with Medicare billing rules and policies. As a practical matter, whether and how a wrongful act is addressed can depend on the size of the financial loss incurred and the quality of the evidence establishing intent. The pursuit of fraud often begins with the contractors, which conduct reviews of submitted claims and respond to beneficiary complaints. They develop cases for referral to HHS’ Office of Inspector General for possible criminal or civil prosecution and administrative sanctions. Potential fraud cases referred to the Inspector General require careful documentation by the contractor, entailing data analyses, claims audits, interviews with patients, and reviews of medical records. Inspector General investigations can involve, among other things, additional interviews or analyses of medical records and the subpoena of financial records. If it is satisfied that the evidence warrants prosecution, the Inspector General’s office forwards the case to a U.S. Attorney, within the Department of Justice. The U.S. Attorney then decides whether to accept the case for prosecution. If an indictment, and finally, a conviction are obtained, further work is necessary to establish administrative sanctions and recover overpayments. Thus, although the mechanics to pursue Medicare fraud are in place, the high level of resources and interagency coordination required for ‘The Medicare managed care program also includes cost contract HMOs and health care prepayment plans. Cost contract HMOs allow beneficiaries to choose health services from their HMO network or outside providers. Health care prepayment plans may cover only part B services. Together, both types of plans enroll fewer than 2 percent of the Medicare population. 4 GAO/JEHS-9%59R Medicare Fraud and Abuse B-278752 case development can impede the pursuit of a case at many junctures and delay the resolution of a case. Contractors’ Pavment Safeguards HCFA relies on payment safeguards that consist largely of contractors’ efforts to detect improprieties both before and after claims have been paid. Intermediaries and carriers have broad discretion over how to conduct these efforts. As a result, contractors’ implementation of Medicare payment safeguard policies varies significantly. In addition to follow-up on complaints contractors receive from beneficiaries, detection efforts include prepayment reviews of providers’ claims, and postpayment analyses, such as reviews of claims data and audits of provider costs. (See table 1.) GAOEIEHS-9%59R Medicare Fraud and Abuse B-278752 Table 1: Medicare’s Controls to Detect Inamromiate Pavments Control Howit works Leadsfrom beneficiaries Beneficiaries use Explanation of Medicare Benefits (EC: SOalert Medicare to claims for services not provided, ;uspiciously high charges, or other potential indications c fraud. Prepayment review Computer edits check claims for compliance with such . . &umstrative requirements as the submission of all necessary information. Computer edits automatically deny claims that are duplicates of others already processed by that system. Computer screens suspend for manual review claims that do not appear to comply with medical necessity or coverage criteria. Postpayment review Focused medical review: Provider-targeted: E&mining historical data, analysts compare providers’ claims against those of their peers to identify high biers; past or future claims of high billers may be targeted for more extensive review. Service-targeted:Analysts examine expenditure data to identify medical services for which spending has been unusually high; past or future claims for these services be subjected to more intensive reviews. Comprehensive claims audit: Reviewers examine in greater depth providers’ billings found to show irregularit through leads from beneficiaries, focused medical review or other sources. Audit of cost reports: Auditors verify the reasonablene of costs reported annuaily by institutionaI providers that are reimbursed on a cost basis. 6 GAO/EIEHS-9%59R Medicare Fraud and Abuse B-278752 BUDGET CONSTRAINTS AND INCREASED 8 VOLUME OF MEDICARE ACTIVITY HAVE _ WEAKENED EFFORTS TO MONITOR FEE-FOR-SERVICE CLAIMS AND PROVIDERS Over the last 7 years, HCFA and its claims processing contractors have struggled to carry out critical claims review and provider audit activities with a budget that, on a per-claim basis, was declining substantialIy. For example, between 1989 and 1996, the number of Medicare claims climbed 70 percent to 822 million, while during that same period, claims review resources grew less than 11 percent. Adjusting for claims growth, the amount contractors could spend on review shrank from 74 cents to 48 cents per claim. HIP& enacted in 1996, incrementally augments contractors’ payment safeguard budgets from fiscal years 1997 through 2003, at which time the funding will stabilize. However, by that time, funding will likely have increased to a level that will be just over one-half the per-claim level of 1989 spending after adjusting for inflation. The deterioration of Medicare’s controls over home health payments and providers illustrates the effect of the inadequate funding of payment safeguards. For example, Medicare’s scrutiny of home health claims payment documentation is scant. In addition, physicians are often not adequately involved in ordering care or monitoring beneficiary status. Finally, Medicare’s survey and certification process, which is intended to determine if home health agencies meet the program’s standards, is not effective at deterring unqualified operators from gaining entry. Insufficient Scrutinv of Home Health Pavments The home health intermediaries perform relatively few medical reviews of claims; of those done, the intermediary generally does not independently verify the documentation prepared by the home health agencies. Declines in per- claim funding for payment safeguards in recent years help explain the marked absence of adequate claims reviews. Whereas 10 years ago, over 60 percent of home health claims were reviewed, by 1996, Medicare’s intermediaries reviewed only 2 percent of all claims. A sample of claims we tested for our June 1997 report on home health agency accountability demonstrates the merit 7 GAO/HEHS-9%59R Medicare Fraud and Abuse B-278752 of scrutinizing expensive claims. ’ We selected for our sample 80 high-dollar home health claims that had been processed without review. About 43 percent of the total charges was subsequently denied on the b&is of medical necessity; noncoverage of services or supplies; and inadequate documentation, including the absence of physician orders. Little Home Care Monitoring HCFA’s oversight of the care provided is also weak. The sheer volume of Medicare’s home health claims and scarce funds for monitoring have resulted in an approach that relies substantially on the home health agencies themselves. In 1996, more than 10 percent of Medicare beneficiaries-roughly 4 million people-received home health services. To cope with this caseload, HCFA relies on the home health agencies and attending physicians to monitor patient progress, the proper development and periodic review of plans of care, and the medical necessity of services delivered. Although the physician’s signature on a plan of care is intended to serve as a quality control, in practice the certifying physician may not have ever seen the patient for whom the care plan is designed. Moreover, updated plans of care-required at least every 62 days-are not routinely reviewed by an independent party, such as Medicare’s fiscal intermediary. Weak Process for Certifving Home Health Providers In July of this year, we reported that there is little screening of home health providers seeking Medicare certification.3 We found that the initial survey of an applicant takes place too soon after the agency begins operating, offering little assurance that the agency is providing or is capable of providing quality care. For example, Medicare certified an agency owned by an individual with no home health experience who turned out to be a convicted drug felon and who later pled guilty with an associate to having defrauded Medicare of over $2.5 million. Rarely are new home health agencies found to fail Medicare’s certification requirements, which are to (1) be financially solvent, (2) comply with 2Medicare: Need to Hold Home Health Agencies More Accountable for l[naurzomiate Billings (GAOLHEHS-97-108,June 13, 1997). 3Medicare Home Health Agencies: Certification Process Is Ineffective in Excluding Problem Agencies (GAO/T-HEHS-97-180, July 28, 1997). 8 GAOLHEHS-9%59R Medicare Fraud and Abuse B-278752 antidiscrimination provisions in title VI of the Civil R’ights Act of 1964, and (3) meet Medicare’s conditions of participation. Home health agencies self-certify their solvency, agree to comply with the act, and undergo a very limited survey that few fail. Until recently, HCFA had been certifying about 100 new home health agencies each month, Once certi.Iied, moreover, home health agencies are unlikely to be terminated l?om the program or otherwise penalized, even when they have been repeatedly cited for not meeting Medicare’s conditions of participation or for providing substandard care. In response to reports of the steadily increasing volume of investigations, indictments, and convictions against home health agencies, the administration announced in September 1997 a 6-month moratorium on the admission of new home health agencies to the Medicare program. Between 1988 and 1996, the number of home health agencies increased from about 5,800 to over 9,000. According to HCFA, the moratorium is designed to stop the admission of untrustworthy providers while HCFA strengthens its requirements for entering the program. During the moratorium, HHS expects to implement certain program safeguards mandated by BBA, such as implementing the requirement for home health agencies to post at least a $50,000 surety bond before they are certified and promulgating a rule requiring new agencies to have enough funds on hand to operate for the first 3 to 6 months. HHS is also expected to develop new regulations requiring home health agencies to provide more ownership and other business-related information and requiring agencies to be recerWied every 3 years. MANAGEMENT PROBLEMS ALSO AFFECT FEE-FOR-SERVICE PAYMENTS AND OPERATIONS In addition to the issue of adequate payment safeguard funding, questions remain concerning whether available moneys are being used as effectively as possible. HCFA has not taken full advantage of the controls contractors could use to screen for inappropriate claims. Moreover, despite deficiencies that might have been corrected in Medicare’s current claims processing systems, HCFA until recently had been concentrating its management efforts on the development of a completely new system that has now been canceled. GAO/HEHS-9%59R Medicare Fraud and Abuse B-278752 HCFA Has Not Routinelv Made Available to Contractors Information on Effective Pavment Controls One chronic problem is that HCFA has not coordinated contractors’ payment safeguard activities. For example, as was planned when the program was set up, part B carriers establish their own medical policies and screens, which are. the criteria used to identify claims that may not be eligible for payment. Certain policies and the screens used to enforce them have been effective in helping some Medicare carriers avoid making unnecessary or inappropriate payments. However, the potential savings from having these policies and screens used by all carriers have been lost, as HCFA has not adequately coordinated their use among carriers. For example, for just 6 of Medicare’s top 200 most costly services in 1994, the use of certain carriers’ medical policy screens by all of Medicare’s carriers could have saved millions of dollars annually. However, because HCFA has not systematically shown leadership in this area, the opportunity to avoid significant Medicare expenditures has been lost. Information Management Problems Slow Efforts to Uncover Fraud and Abuse HCFA’s failed attempt to acquire a major new claims processing system-the Medicare Transaction System (MTS)-has serious consequences for the ability of HCFA and its contractors to improve fraud and abuse detection activities. Ideally, as we reported in 1994,3a system like MTS would allow “real time” claims review, enabling a contractor’s system to compare each submitted claim on behalf of a beneficiary against all other claims already submitted to its own or any other contractor’s system, against other claims submitted by the provider, and against other claims for the same procedure or item. Currently, I none of the contractors’ discrete processing systems is programmed to routinely screen, prior to payment, for either (1) suspiciously large increases in reimbursements to a provider or for a procedure or item over a short period or (2) improbable quantities of services performed for a particular beneficiary or claimed by a particular provider for a single day of care. The following examples cited in our previous work highlight these kinds of vulnerabilities: 4Medicare: New Claims Processing Svstem Benefits and Acauisition Risks (GAOHEHSAIMD-9479, Jan. 25, 1994). 10 GAOIEEHS-9%59R Medicare Fraud and Abuse B-278752 In the fourth quarter of 1992, a Medicare contractor paid a supplier $211,900 for surgical dressing claims. For the same quarter a year later, the contractor paid the same supplier more than $6 million without becoming suspicious, despite the 2,800-percent increase in the amount paid. A contractor paid claims for a supplier’s body jackets5-with no questions asked-that averaged about $2,300 per quarter for five consecutive quarters and then jumped to $32,000, $95,000, $235,000, and $889,000 over the next four quarters. A contractor reimbursed a clinical psychology group practice for individual psychotherapy visits of 45 to 50 minutes. Three psychologists in the group were billing for, and allegedly seeing, from 17 to 42 nursing facility patients per day. On many days, the leading biller of this group would have had to work more than 24 uninterrupted hours to provide the services he claimed. A contractor paid a podiatrist $143,580 for performing surgical procedures on at least 4,400 nursing facility patients during a 6-month period. For these services to be legitimate, the podiatrist would have had to serve at least 34 patients a day, 5 days a week. In the last two cases cited, the contractors did not become suspicious until they received complaints from family members and beneficiaries themselves. The inability to routinely discover unusual increases or unusually high amounts billed by a particular provider or for a particular service or supply item makes Medicare vulnerable to billing schemes. HCFA stated that MTS, among other things, would provide on-line access to I beneficiary patient histories. CurrenYy, Medicare’s part A and part B systems are not directly linked, making it difficult to spot schemes that involve billing both parts for the same service. Specifically, Medicare’s discrete part A and part B processing systems are not designed to easily identify, on-line, all of the medical services and devices billed on behalf of an individual beneficiary. As a result, providers can improperly bill both parts with little danger of detection in the short term. In our 1995 review of medical supply payments, for example, we noted that the same supply item could be billed on behalf of an individual 5A body jacket is a custom-fitted spinal brace made of a rigid plastic material that conforms to the body and largely immobilizes it. 11 GAO/HEHS-9%59R Medicare Fraud and Abuse B-278752 beneficiary to both a fiscal intermediary and a regional carrier.6 We found instances of duplicate payments and noted that contractors lacked effective t&s to determine whether both carriers and intermediaries paid for the same items. The HHS Office of Inspector General has reported similar problems with payments for other services, such as ambulance transportation and diagnostic laboratory tests7 In the wake of MT% demise, HCFA is in the process of consolidating its eight separate systems into three standard systems-one to process hospital and other part A claims; a second to process physician, laboratory, and other outpatient claims; and a third to process durable medical equipment claims. .I While having standard systems should improve the ability to share data, it would not provide all the benefits that had been expected from MTS, including the ability to ensure routinely, before payments are made, that an item or service billed to part A has not also been billed to part B and vice versa. Other anti-fraud-and-abuse software development discussed in our high-risk report- namely, algorithms under development by the Los Alamos National Laboratory for generating prepayment claims screens and commercial off-the-shelf software controls being tested-are years away from implementation in Medicare nationwide.’ INEFFECTIVE OVERSIGHT ALSO WEAKENS MEDICARE MANAGED CARE Some have argued that encouraging beneficiaries to enroll in managed care- that is, into a “claimless” environment-would eliminate problems of fraud and abuse. Unlike fee-for-service providers, in managed care, physicians, hospitals, and other providers do not submit to Medicare a per-service claim for reimbursement. Instead, they are paid by the HMO, which in turn is paid a ‘Medicare: Excessive Pavments for Medical Sunolies Continue Desnite Imnrovements (GAOHEHS95171, Aug. 8, 1995). ‘Ambulance Services for Medicare End-Stage Renal Disease Beneficiaries: Medical Necessitv (HHS, OEI-03-90-02130,Aug. 1994); Ambulance Services for Medicare End-Stage Renal Disease Beneficiaries: Pavment Practices (HHS, OEI- 03-90-02131, Mar. 1994); and Review of Senaratelv Billable End-Stage Renal Disease Laboratorv Tests (#A-01-96-00513,Oct. 1996). ‘For a more detailed discussion of this work, see Medicare Automated Svstems: Weaknesses in Managing Information Technologv Hinder Fight Against Fraud and Abuse (GAO/T-AIMD-97-176, Sept. 29, 1997). 12 GAOIHEHS-9%59R Medicare Fraud and Abuse B-2 78752 monthly amount by Medicare for each beneficiary enrolled. However, our work shows that another set of problems exists in Medicare’s managed care program, which enrolls more than 10 percent of Medicare’s 39 million beneficiaries and has been growing by about 85,000 beneficiaries per month. iTnder managed care, where fixed monthly payments are made per beneficiary rather than per service, strategies to exploit Medicare are based on the incentive to underserve rather than overserve the beneficiary. Risk contract HMOs, Medicare’s principal managed care option, can provide beneficiaries an attractive alternative to the traditional fee-for-service program because risk HMOs typically cover additional benefits, cost beneficiaries less out-of-pocket, and offer freedom from complicated billing statements. However, in recent years, we have reported that some Medicare HMOs have not complied with federal standards and that HCFA’s monitoring of these HMOs has been weak. For example, in 1995 we reported that, despite efforts to improve its HMO monitoring, HCFA conducted only paper reviews of HMOs’quality assurance plans, ex amining only the description rather than the implementation of HMOs’ quality assurance processes.g Moreover, HCFA was reluctant to take action against noncompliant HMOs, even when there was a history of abusive sales practices, delays in processing beneficiaries’ appeals of HMO decisions to deny coverage, or patterns of poor-quality care. In a 1996 report, we discussed the value of releasing HMO performance data to Medicare beneficiaries as having the potential to reduce the occurrence of abusive marketing practices.” We found that cases developed from beneficiary complaints and other HCFA documentation revealed violations of Medicare regulations prohibiting certain marketing practices, such as activities that mislead, confuse, or misrepresent. Some examples follow: At least 20 beneficiaries were inappropriately enrolled in an HMO after attending the same sales seminar in August 1995. The beneficiaries thought they were signing up to receive more information but later discovered the sales agent had enrolled them in the plan. In January 1995 a beneficiary was notified by his medical group before an appointment that he was now enrolled in another plan. The beneficiary ‘Medicare. Increased HMO Oversight Could Imnrove Qualiti and Access to Care (GAOLIEtiS95155, Aug. 3, 1995). “Medicare: HCFA Should Release Data to Aid Consumers. Promnt Better HMO Performance (GAO/HEHS-97-23, Oct. 22, 1996). 13 GAOAEHS-9%59R Medicare Fraud and Abuse B-278752 had no idea how this could be as he had not intended to change plans. Though the beneficiary signs with an “X,” the new anrohment application was signed with a legible, cursive signature. HCFA reenrolled the beneficiary into his former plan but took no action against the plan or the sales agent. One plan’s marketing activities resulted in enrolling an 81-year-old woman. In the first months of membership, she visited her doctor, who was in the plan’s provider network. When she later visited a nonnetwork physician who had also been one of her regular providers, Medicare denied her claims because of her HMO enrollment. She then requested to d&enroll and told HCFA that if she had understood the requirement to visit specific providers, she would not have enrolled in the HMO. HCFA d&enrolled the beneficiary from the plan, effective with her use of nonnetwork providers. Despite many beneficiary complaints, HCFA does not take advantage of opportunities to use market forces to prod competitors to offer better-quality services. HCFA collects, but has not systematically or routinely analyzed, data on HMO activities that could be used to measure performance. Putting these data in the hands of beneficiaries would give them information that could be used to identify and select plans with better records and give HMOs key information and incentives to benchmark and improve their performance. For example, in our 1996 study, we examined HCFA data on HMO d&enrollments-rates at which Medicare beneficiaries quit their HMO and join another plan or return to fee-for-service Medicare-as an indicator of beneficiary satisfaction. In the Miami market, for example, we found that in 1995 at one HMO only about 3 of every 25 beneficiaries disenrolled, whereas at another HMO more than 3 of every 10 beneficiaries disenrolled. We reported that these statistics, particularly in combination with complaint data, cculd help identify HMOs whose sales agents mislead or fail to adequately educate new enrollees. In the case of one Florida HMO, for example, HCFA found-m 1991, 1992, 1994, and 199~some combination of deficiencies in marketing, enrollment, quality assurance systems, grievance and appeals procedures, and access to health services. Despite the repeated findings of standards violations at this HMO, HCFA’s strongest regulatory action was to require, after each inspection, a corrective action plan. HCFA did not provide Miami-area beneficiaries this information, and at the same time, Medicare beneficiaries continued to enroll and disenroll in this plan. 14 GAO/HEHS-9th59R Medicare Fraud and Abuse B-278752 RECENT LEGISLATION ADDRESSING MEDICARE FRAUD AND ABUSE GENERATES IMPLEMENTATION CHALLENGES _- With the passage of HIPAA and BBA, the Congress recently provided important new resources and tools to fight health care fraud and abuse. In addition to earmarked funding for anti-fraud-and-abuse activities, the legislation offers specific civil and criminal penalties against health care fraud as well as opportunities to improve detection capabilities. For example, HIPAA makes health care fraud a separate criminal offense and establishes new fines and other penalties for federal health care offenses. BBA stiffens the exclusion penalties for individuals convicted of health care fraud. It also establishes civil monetary penalties for such offenses as contracting with an excluded provider, failing to report adverse actions under the new health care data collection program, and violating the antikickback statute. IIIPAA and BBA provisions also shore up payment safeguard and oversight authority. HIPAA sets aside funding specifically for anti-fraud-and-abuse activities and authorizes HCFA to contract with entities specializing in claim review activities. Addressing oversight of Medicare HMOs, HIPAA and BBA clarity and extend the conditions under which HCFA can impose intermediate sanctions against plans that deviate from Medicare regulations. BBA’s Medicare+Choice program-which broadens beyond HMOs the private health plans available to Medicare beneficiaries-includes several provisions addressing marketing, enrollment, and quality-of-care issues. Various provisions address fraud in traditional fee-for-service Medicare, but none to date has been fully implemented. In the case of HIP&& now more than a year old, HCFA and the HHS Office of Inspector General have been developing plans on many fronts, while actual implementation is just beginning. For example, under HIPAA, HCFA has the authority to use contractors other than the insurers serving as Medicare intermediaries and carriers to conduct medical and utilization review, audit cost reports, and carry out other program safeguard activities. The purpose is to enhance HCFA’s oversight of claims payment operations by increasing contractor accountability, enhancing data analysis capabilities, and avoiding potential contractor conflicts of interest. HCFA’s target date for awarding the first program safeguard contract is in fiscal year 1999, more than a year from now. HCFA officials are preparing for public comment a notice of proposed rulemaking that would ultimately govern the selection of contractors to perform safeguard functions, but they are not able to specify when the contract award rules will be final. - 15 GAO/HEHS-9%59R Medicare Fraud and Abuse B-278752 Among the more challenging of BBA’s provisions to implement are those related to the managed care and other alternatives to fee-for-service Medicare. The BBA has established options under the Medicare+Choice program, which, in addition to HMOs, include preferred provider organizations (PPO), provider- sponsored organizations (PSO), and private fee-for-service plans. It also makes medical savings accounts available to a limited number of beneficiaries under a demonstration program. BBA provisions address many of these concerns cited earlier for HMOs, for example, by calling for all Medicare+Choice plans to obtain external review from an independent quality assurance organization and for the dissemination of consumer information on an area’s Medicare+Choice plans. We remain concerned, however, about new issues raised by expanded choice for beneficiaries. For example, under BBA, requirements for minimum enrollment levels-aimed at achieving an adequate spreading of risk to ensure a plan’s financial solvency -can be waived for new Medicare+Choice plans in their first 3 years of operation. In addition, the recent authorization of higher HMO rates in rural areas may well increase the total number of risk contract HMOs. If the number of Medicare managed care organizations grows, HCFA may not be equipped to make site visits at the current rate of every other year. Finally, all the Medicare+Choice plans, including PPOs, PSOs, and private fee-for-service plans; will have to submit new marketing materials for HHS approval; with an escalating workload, however, these materials could be approved without adequate scrutiny. Under the law, marketing materials are approved automatically if HHS does not disapprove them within 45 days of their submission to the Department. CONCLUSIONS Many of Medicare’s vulnerabilities are inherent in its size and mission, making it a perpetually attractive target for exploitation. That wrongdoers continue to find ways to dodge safeguards illustrates the dynamic nature of fraud and abuse and the need for constant vigilance to protect the program. Judicious changes in Medicare’s day-today operations involving HCFA’s oversight and leadership, solutions to information management weaknesses, and HCFA’s appropriate application of new anti-fraud-and-abuse funds are necessary ingredients to reduce substantial future losses. Moreover, as Medicare+Choice enrollment grows, HCFA must work to ensure that beneficiaries receive information sufficient to make informed choices and that the agency’s expanded authority to enforce plan compliance with federal standards is used. 16 GAOEIEHS-9%59R Medicare Fraud and Abuse B-278752 How HI-IS and HCFA will use the authority of HIFAA and BBA to improve its vigilance over Medicare benefit dollars remains uncertain. The outcome is largelv dependent on how promptly and effectively HCFA implements the various provisions. HCFA’s past efforts to implement laws through regulations, oversee managed care plans, and acquire a major information system have &en been slow or ineffective. Now that many more requirements have been placed on HCFA, we are concerned that the promise of the new legislation to combat health care fraud and abuse could at best be delayed or not be realized at all without sustained efforts at implementation. As agreed with your offices, we will make this correspondence available to others on request. If you have any questions about this correspondence, please contact Sheila Avruch, Assistant Director, at (202) 512-7277. Lisanne Bradley and Hannah Fein contributed to this correspondence, which is based largely on earlier work done by Health Financing and Systems staff. William J. Scanlon Director, Health Financing and Systems Issues 17 GAO/EEHS-98-59R Medicare Fraud and Abuse RELATED GAO PRODUCTS Medicare Automated SvstemS: Weaknesses in Managing Information Technolom Hinder Fight Against Fraud and Abuse (GAO!I’-AIMD-97-176, Sept. 29, 1997). Medicare Home Health Agencies: Certification Process Is Ineffective in Excluding Problem Agencies (GAO/T-HEHS-97-180, July 28, 1997). Medicare: Need to Hold Home Health Agencies More Accountable for Inappronriate Billings (GAOHEHS-97-108, June 13, 1997). Medicare Managed Care: HMO Rates. Other Factors Create Uneven Availabihtv of Benefits (GAOHEHS-97-133, May 19, 1997). Medicare Transaction Svstem: Serious Managerial and Technical Weaknesses Threaten Modernization (GAO/T-AI&ID-97-91, May 16, 1997). Medicare (GAOKIR-97-10, Feb. 1997) and related testimony entitled Medicare: Inherent Program Risks and Management Challenges Reauire Continued Federal Attention (GAOLI’- HEHS-97-89, Mar. 4, 1997). Medicare: HCFA Should Release Data to Aid Consumers. Promut Better HMO Performance (GAOHEHS-97-23, Oct. 22, 1996). Medicare: Milbons Can Be Saved bv Screening Claims for Overused Services (GAOHEHS 96-49, Jan. 30, 1996). Medicare: Excessive Pavments for Medical Suunlies Continue Des&e Imnrovements (GAOLEIEHS95171, Aug. 8, 1995). Medicare: Increased HMO Oversight Could Imnrove Quabtv and Access to Care (GAOHEHS-95155, Aug. 3, 1995). Medicare: AIlegations Against ABC Home Health Care (GAO/OSI-9517, July 19, 1995). Medicare Claims (GAOLEIR-958, Feb. 1995). Medicare: New Claims Processing Svstem Benefits and Acauisition Risks (GAO/HEHS/AIMD-94-79, Jan. 25, 1994). Medicare Claims (GAO/HR-93-6, Dec. 1992). (101706) 18 GAOIHEHS-98-59R Medicare Fraud and Abuse Ordering Information The first copy of each GAO report and testimony is free. Additional copies are $2 each. Orders should be sent to the following address, accompanied by a check or money order made out to the Superintendent of Documents, when necessary. VISA and Mastercard credit cards are accepted, also. Orders for 100 or more copies to be mailed to a single address are discounted 25 percent. Orders by mail: U.S. General Accounting Office P.O. Box 37050 Washington, DC 20013 or visit: Room 1100 700 4th St. NW (corner of 4th and G Sts. NW) U.S. General Accounting Office Washington, DC Orders may also be placed by calling (202) 512-6000 or by using fax number (202) 512-6061, or TDD (202) 512-2537. Each day, GAO issues a list of newly available reports and testimony. To receive facsimile copies of the daily list or any list from the past 30 days, please call (202) 512-6000 using a touchtone phone. A recorded menu will provide information on how to obtain these lists. For information on how to access GAO reports on the INTERNET, send an e-mail message with “info” in the body to: firstname.lastname@example.org or visit GAO’s World Wide Web Home Page at: htQ&Ywww.gao.gov United States Genera;l Accounting Office Washington, D.C. 20548-0001 Official Business Penalty for Private ‘Use $300 Address Correction Reauested
Medicare: Effective Implementation of New Legislation is Key to Reducing Fraud and Abuse
Published by the Government Accountability Office on 1997-12-03.
Below is a raw (and likely hideous) rendition of the original report. (PDF)