Medicare: Effective Implementation of New Legislation is Key to Reducing Fraud and Abuse

Published by the Government Accountability Office on 1997-12-03.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

       United States
GA!0   General Accounting  Office
       Washington, D.C. 20548
       Health, Education, and
       Human Services Division


        December 3, 1997

        The Honorable Thomas A DascNe
        Minority Leader
        United States Senate

        The Honorable Richard A. Gephardt
        Minority Leader
        House of Representatives

        The Honorable Tom Harkin
        The Honorable Harry M. Reid
        United States Senate

        The Honorable James 0. Davis
        The Honorable Bat-t Stupak
        House of Representatives

        Subject:     Medicare: Effective Imnlementation of New Legislation is Kev to
                     Reducing Fraud and Abuse

        Because Medicare is one of the largest, most expensive programs in the federal
        budget, program spending has been the subject of much concern and scrutiny
        in recent years by the Congress and the administration. In fiscal year 1997,
        Medicare expenditures totaled an estimated $209 billion, and the program’s
        Hospital Insurance Trust Fund is expected to be depleted by 2010. At the same
        time, too much is being spent inappropriately because of the fraudulent and
        abusive billing practices of health care providers, thus prompting congressional
        concern about program vulnerabilities.

        At your request, this correspondence discusses Medicare fraud and abuse in
        both the fee-for-service and managed care programs. More specifically, it
        highlights (1) the impact of inadequate payment safeguard funding on efforts to
        combat abusive billing, (2) ineffective oversight of fee-for-service payments and
        operations and Medicare managed care plans, and (3) challenges that lie ahead
        for the effective implementation of recent legislation that addresses fraud and

                                      GAO/HEHS-9%59R       Medicare      Fraud   and Abuse

The information in this correspondence is based on our recent studies,
testimonies, and the three High-Risk Series reports on Medicare we have issued
since 1992. The high-risk reports are the products of a special effort, begun irl
1990’and supported by the Senate Committee on Governmental Affairs, to
review federal program areas identified as high risk because of vulnerabilities      ‘.
to waste, fraud, abuse, and mismanagement. (See Related GAO Products at the
end of this correspondence.)


Medicare’s size, complexity, and rapid growth make it an attractive target for
fraud and abuse. Efforts by the Health Care F’inancing Administration (HCFA),
the agency responsible for administering the program, to improve program
safeguards have not been adequate to prevent substantial losses, in part
because the resources available to avoid inappropriate payments have shrunk
relative to the program’s size and in part because some tools have been
underutilized or not deployed as effectively as possible.

Because of budget constraints, reviews of claims and related medical
documentation and site audits of providers’ records have become inadequate to
keep up with the dramatic increases in Medicare activity. This means, for
example, that a provider has only a slim chance of having its claims, its year-
end cost reports, or its actual provision of services carefully scrutinized by
Medicare. In addition, Medicare’s information systems and claims monitoring
processes have not been uniformly effective at spotting indicators of potentiai
fraud, such as suspiciously large increases in reimbursements, improbable
quantities of services claimed, or duplicate bills submitted to different
contractors for the same service or supply.

Insufficient oversight has also resulted in little meaningful action taken against
Medicare health maintenance organizations (HMCI) found to be out of
compliance with federal law and regulations. Although HCFA has required
these HMOs to prepare corrective action plans, it has not employed other
available remedies, such as excluding poor-performing HMOs from the
program, prohibiting continued enrollment until deficiencies are corrected, or
notifying beneficiaries of the HMOs cited for violations. Accumulated evidence
of m-home sales abuses coupled with high rates of rapid disenrolhnent for
certain HMOs also indicates that some beneficiaries are confused or are being
misled during the enrollment process and are dissatisfied once they become
plan members. In addition, consumer information that could help beneficiaries
distinguish the good plans from the poor performers has not been made
publicly available, limiting the ability of beneficiaries to make informed choices

2                             GAO/HEHS-9%59R        Medicare   Fraud   and Abuse

    about competing plans. This in turn limits the use of competition to drive out
    poor quality.                                          ._ .
    Recent legislation-the Health Insurance Portability and Accountability Act of
    1996 (HIPU)(P.L. 104191) and the Balanced Budget Act of 1997 (BBA) (P-L.
    10533)-refocuses attention on various aspects of Medicare fraud and abuse
    through new program safeguard funding, new civil and criminal penalties, and
    new program authorities. However, while the implementation of these
    provisions offers the potential to reduce Medicare losses attributable to
    unwarranted payments, HCFA’s history of lengthy delays in implementing
    legislation gives rise to concern about whether the authorities granted will be
    deployed promptly and effectively.


    Established under the Social Security Amendments of 1965, Medicare is a two-
    part program: (1) “hospital insurance,” or part A, which covers inpatient
    hospital, skilled nursing facility, hospice, and home health care services; and
    (2) “supplementary medical insurance,” or part B, which covers physician and
    outpatient hospital services, diagnostic tests, and ambulance and other medical
    services and supplies. In fiscal year 1997, part A covered an estimated 39
    million aged and disabled beneficiaries.

    In Medicare’s fee-for-service program-which is used by almost 90 percent of
    the program’s beneficiaries-physicians, hospitals, and other providers submit
    claims for services rendered to Medicare beneficiaries. HCFA administers the
    fee-for-service program largely through more than 60 claims processing
    contractors. Insurance companies-like Blue Cross and Blue Shield plans,
    Mutual of Omaha, and CIGNA-processed and paid an estimated 900 million
    Medicare claims in fiscal year 1997. Generally, intermediaries are the
I   contractors that handle claims submitted by “institutional providers” ,%ospitals,
    skilled nursing facilities, hospices, and home health agencies); carriers
    generally handle claims submitted by physicians, laboratories, equipment
    suppliers, and other practitioners.

    Medicare’s managed care program covers a growing number of beneficiaries-
    more than 5 million as of September 1997-who have chosen to enroll in a
    prepaid health plan rather than purchase medical services fr-om individual
    providers. The managed care program, which is funded from both the part A

    3                            GAO/HEHS-9%59R        Medicare   Fraud   and Abuse

and part B trust funds, consists mostly of risk contract HMOs.’ Medicare pays
these HMOs a monthly amount, fixed in advance, for each beneficiary enrolled.
hi this sense, the HMO has a “risk” contract because regardless of what it
spends for each enrollee’s care, the HMO assumes the financial risk of
providing health care in return for the predetermined rates. An HMO profits if
its cost of providing services is lower than the predeterminedpayment but      _
loses if its costs are higher than the payment.

Medicare Fraud

Fraud and abuse encompass a wide range of improper billing practices in the
fee-for-service sector and marketing abuses or denial of services in the HMO
program. Both result in unnecessary costs to Medicare; but fraud generally
involves a deliberate act, whereas abuse typically involves actions that are
inconsistent with Medicare billing rules and policies. As a practical matter,
whether and how a wrongful act is addressed can depend on the size of the
financial loss incurred and the quality of the evidence establishing intent.

The pursuit of fraud often begins with the contractors, which conduct reviews
of submitted claims and respond to beneficiary complaints. They develop
cases for referral to HHS’ Office of Inspector General for possible criminal or
civil prosecution and administrative sanctions. Potential fraud cases referred
to the Inspector General require careful documentation by the contractor,
entailing data analyses, claims audits, interviews with patients, and reviews of
medical records.

Inspector General investigations can involve, among other things, additional
interviews or analyses of medical records and the subpoena of financial
records. If it is satisfied that the evidence warrants prosecution, the Inspector
General’s office forwards the case to a U.S. Attorney, within the Department of
Justice. The U.S. Attorney then decides whether to accept the case for
prosecution. If an indictment, and finally, a conviction are obtained, further
work is necessary to establish administrative sanctions and recover
overpayments. Thus, although the mechanics to pursue Medicare fraud are in
place, the high level of resources and interagency coordination required for

‘The Medicare managed care program also includes cost contract HMOs and
health care prepayment plans. Cost contract HMOs allow beneficiaries to
choose health services from their HMO network or outside providers. Health
care prepayment plans may cover only part B services. Together, both types of
plans enroll fewer than 2 percent of the Medicare population.

4                             GAO/JEHS-9%59R        Medicare   Fraud   and Abuse

case development can impede the pursuit of a case at many junctures and
delay the resolution of a case.

Contractors’ Pavment Safeguards

HCFA relies on payment safeguards that consist largely of contractors’ efforts
to detect improprieties both before and after claims have been paid.
Intermediaries and carriers have broad discretion over how to conduct these
efforts. As a result, contractors’ implementation of Medicare payment
safeguard policies varies significantly.

In addition to follow-up on complaints contractors receive from beneficiaries,
detection efforts include prepayment reviews of providers’ claims, and
postpayment analyses, such as reviews of claims data and audits of provider
costs. (See table 1.)

                            GAOEIEHS-9%59R         Medicare   Fraud   and Abuse
Table 1: Medicare’s Controls to Detect Inamromiate Pavments

    Control                        Howit works
    Leadsfrom beneficiaries        Beneficiaries use Explanation of Medicare Benefits (EC:
                                   SOalert Medicare to claims for services not provided,
                                   ;uspiciously high charges, or other potential indications c
    Prepayment review              Computer edits check claims for compliance with such
                                      . .
                                   &umstrative requirements as the submission of all
                                   necessary information.

                                   Computer edits automatically deny claims that are
                                   duplicates of others already processed by that system.

                                   Computer screens suspend for manual review claims that
                                   do not appear to comply with medical necessity or
                                   coverage criteria.
    Postpayment review             Focused medical    review:

                                   Provider-targeted: E&mining historical data, analysts
                                   compare providers’ claims against those of their peers to
                                   identify high biers; past or future claims of high billers
                                   may be targeted for more extensive review.

                                   Service-targeted:Analysts examine expenditure data to
                                   identify medical services for which spending has been
                                   unusually high; past or future claims for these services
                                   be subjected to more intensive reviews.

                                   Comprehensive     claims audit: Reviewers examine in
                                   greater depth providers’ billings found to show irregularit
                                   through leads from beneficiaries, focused medical review
                                   or other sources.

                                   Audit  of cost reports:  Auditors verify the reasonablene
                                   of costs reported annuaily by institutionaI providers that
                                   are reimbursed on a cost basis.

6                             GAO/EIEHS-9%59R         Medicare     Fraud    and Abuse

VOLUME OF MEDICARE ACTIVITY HAVE                           _

 Over the last 7 years, HCFA and its claims processing contractors have
 struggled to carry out critical claims review and provider audit activities with a
budget that, on a per-claim basis, was declining substantialIy. For example,
between 1989 and 1996, the number of Medicare claims climbed 70 percent to
 822 million, while during that same period, claims review resources grew less
than 11 percent. Adjusting for claims growth, the amount contractors could
spend on review shrank from 74 cents to 48 cents per claim. HIP& enacted
in 1996, incrementally augments contractors’ payment safeguard budgets from
fiscal years 1997 through 2003, at which time the funding will stabilize.
However, by that time, funding will likely have increased to a level that will be
just over one-half the per-claim level of 1989 spending after adjusting for

The deterioration of Medicare’s controls over home health payments and
providers illustrates the effect of the inadequate funding of payment safeguards.
For example, Medicare’s scrutiny of home health claims payment
documentation is scant. In addition, physicians are often not adequately
involved in ordering care or monitoring beneficiary status. Finally, Medicare’s
survey and certification process, which is intended to determine if home health
agencies meet the program’s standards, is not effective at deterring unqualified
operators from gaining entry.

Insufficient   Scrutinv of
Home Health Pavments

The home health intermediaries perform relatively few medical reviews of
claims; of those done, the intermediary generally does not independently verify
the documentation prepared by the home health agencies. Declines in per-
claim funding for payment safeguards in recent years help explain the marked
absence of adequate claims reviews. Whereas 10 years ago, over 60 percent of
home health claims were reviewed, by 1996, Medicare’s intermediaries
reviewed only 2 percent of all claims. A sample of claims we tested for our
June 1997 report on home health agency accountability demonstrates the merit

7                             GAO/HEHS-9%59R        Medicare    Fraud   and Abuse

of scrutinizing expensive claims. ’ We selected for our sample 80 high-dollar
home health claims that had been processed without review. About 43 percent
of the total charges was subsequently denied on the b&is of medical necessity;
noncoverage of services or supplies; and inadequate documentation, including
the absence of physician orders.

Little Home Care Monitoring

HCFA’s oversight of the care provided is also weak. The sheer volume of
Medicare’s home health claims and scarce funds for monitoring have resulted
in an approach that relies substantially on the home health agencies
themselves. In 1996, more than 10 percent of Medicare beneficiaries-roughly 4
million people-received home health services. To cope with this caseload,
HCFA relies on the home health agencies and attending physicians to monitor
patient progress, the proper development and periodic review of plans of care,
and the medical necessity of services delivered. Although the physician’s
signature on a plan of care is intended to serve as a quality control, in practice
the certifying physician may not have ever seen the patient for whom the care
plan is designed. Moreover, updated plans of care-required at least every 62
days-are not routinely reviewed by an independent party, such as Medicare’s
fiscal intermediary.

Weak Process for Certifving
Home Health Providers

In July of this year, we reported that there is little screening of home health
providers seeking Medicare certification.3 We found that the initial survey of
an applicant takes place too soon after the agency begins operating, offering
little assurance that the agency is providing or is capable of providing quality
care. For example, Medicare certified an agency owned by an individual with
no home health experience who turned out to be a convicted drug felon and
who later pled guilty with an associate to having defrauded Medicare of over
 $2.5 million.

Rarely are new home health agencies found to fail Medicare’s certification
requirements, which are to (1) be financially solvent, (2) comply with

2Medicare: Need to Hold Home Health Agencies More Accountable for
l[naurzomiate Billings (GAOLHEHS-97-108,June 13, 1997).

3Medicare Home Health Agencies: Certification Process Is Ineffective in
Excluding Problem Agencies (GAO/T-HEHS-97-180, July 28, 1997).

8                             GAOLHEHS-9%59R         Medicare   Fraud   and Abuse

antidiscrimination provisions in title VI of the Civil R’ights Act of 1964, and (3)
meet Medicare’s conditions of participation. Home health agencies self-certify
their solvency, agree to comply with the act, and undergo a very limited survey
that few fail. Until recently, HCFA had been certifying about 100 new home
health agencies each month, Once certi.Iied, moreover, home health agencies
are unlikely to be terminated l?om the program or otherwise penalized, even
when they have been repeatedly cited for not meeting Medicare’s conditions of
participation or for providing substandard care.

In response to reports of the steadily increasing volume of investigations,
indictments, and convictions against home health agencies, the administration
announced in September 1997 a 6-month moratorium on the admission of new
home health agencies to the Medicare program. Between 1988 and 1996, the
number of home health agencies increased from about 5,800 to over 9,000.
According to HCFA, the moratorium is designed to stop the admission of
untrustworthy providers while HCFA strengthens its requirements for entering
the program. During the moratorium, HHS expects to implement certain
program safeguards mandated by BBA, such as implementing the requirement
for home health agencies to post at least a $50,000 surety bond before they are
certified and promulgating a rule requiring new agencies to have enough funds
on hand to operate for the first 3 to 6 months. HHS is also expected to
develop new regulations requiring home health agencies to provide more
ownership and other business-related information and requiring agencies to be
recerWied every 3 years.


In addition to the issue of adequate payment safeguard funding, questions
remain concerning whether available moneys are being used as effectively as
possible. HCFA has not taken full advantage of the controls contractors could
use to screen for inappropriate claims. Moreover, despite deficiencies that
might have been corrected in Medicare’s current claims processing systems,
HCFA until recently had been concentrating its management efforts on the
development of a completely new system that has now been canceled.

                             GAO/HEHS-9%59R         Medicare    Fraud   and Abuse

    HCFA Has Not Routinelv Made
    Available to Contractors Information
    on Effective Pavment Controls

    One chronic problem is that HCFA has not coordinated contractors’ payment
    safeguard activities. For example, as was planned when the program was set
    up, part B carriers establish their own medical policies and screens, which are.
    the criteria used to identify claims that may not be eligible for payment.
    Certain policies and the screens used to enforce them have been effective in
    helping some Medicare carriers avoid making unnecessary or inappropriate
    payments. However, the potential savings from having these policies and
    screens used by all carriers have been lost, as HCFA has not adequately
    coordinated their use among carriers. For example, for just 6 of Medicare’s top
    200 most costly services in 1994, the use of certain carriers’ medical policy
    screens by all of Medicare’s carriers could have saved millions of dollars
    annually. However, because HCFA has not systematically shown leadership in
    this area, the opportunity to avoid significant Medicare expenditures has been

    Information Management Problems Slow
    Efforts to Uncover Fraud and Abuse

    HCFA’s failed attempt to acquire a major new claims processing system-the
    Medicare Transaction System (MTS)-has serious consequences for the ability
    of HCFA and its contractors to improve fraud and abuse detection activities.
    Ideally, as we reported in 1994,3a system like MTS would allow “real time”
    claims review, enabling a contractor’s system to compare each submitted claim
    on behalf of a beneficiary against all other claims already submitted to its own
    or any other contractor’s system, against other claims submitted by the
    provider, and against other claims for the same procedure or item. Currently,
    none of the contractors’ discrete processing systems is programmed to
    routinely screen, prior to payment, for either (1) suspiciously large increases in
    reimbursements to a provider or for a procedure or item over a short period or
     (2) improbable quantities of services performed for a particular beneficiary or
     claimed by a particular provider for a single day of care. The following
     examples cited in our previous work highlight these kinds of vulnerabilities:

    4Medicare: New Claims Processing Svstem Benefits and Acauisition Risks
    (GAOHEHSAIMD-9479, Jan. 25, 1994).

     10                           GAOIEEHS-9%59R        Medicare   Fraud   and Abuse

          In the fourth quarter of 1992, a Medicare contractor paid a supplier
          $211,900 for surgical dressing claims. For the same quarter a year later,
          the contractor paid the same supplier more than $6 million without
          becoming suspicious, despite the 2,800-percent increase in the amount

          A contractor paid claims for a supplier’s body jackets5-with no questions
          asked-that averaged about $2,300 per quarter for five consecutive
          quarters and then jumped to $32,000, $95,000, $235,000, and $889,000 over
          the next four quarters.

          A contractor reimbursed      a clinical psychology group practice for
          individual psychotherapy     visits of 45 to 50 minutes. Three psychologists
          in the group were billing    for, and allegedly seeing, from 17 to 42 nursing
          facility patients per day.   On many days, the leading biller of this group
          would have had to work       more than 24 uninterrupted hours to provide the
          services he claimed.

          A  contractor paid a podiatrist $143,580 for performing surgical
          procedures on at least 4,400 nursing facility patients during a 6-month
          period. For these services to be legitimate, the podiatrist would have had
          to serve at least 34 patients a day, 5 days a week.

    In the last two cases cited, the contractors did not become suspicious until
    they received complaints from family members and beneficiaries themselves.
    The inability to routinely discover unusual increases or unusually high amounts
    billed by a particular provider or for a particular service or supply item makes
    Medicare vulnerable to billing schemes.

    HCFA stated that MTS, among other things, would provide on-line access to
I   beneficiary patient histories. CurrenYy, Medicare’s part A and part B systems
    are not directly linked, making it difficult to spot schemes that involve billing
    both parts for the same service. Specifically, Medicare’s discrete part A and
    part B processing systems are not designed to easily identify, on-line, all of the
    medical services and devices billed on behalf of an individual beneficiary. As a
    result, providers can improperly bill both parts with little danger of detection in
    the short term. In our 1995 review of medical supply payments, for example,
    we noted that the same supply item could be billed on behalf of an individual

    5A body jacket is a custom-fitted spinal brace made of a rigid
    plastic material that conforms to the body and largely immobilizes it.

    11                            GAO/HEHS-9%59R          Medicare   Fraud   and Abuse

beneficiary to both a fiscal intermediary and a regional carrier.6 We found
instances of duplicate payments and noted that contractors lacked effective
t&s to determine whether both carriers and intermediaries paid for the same
items. The HHS Office of Inspector General has reported similar problems
with payments for other services, such as ambulance transportation and
diagnostic laboratory tests7

In the wake of MT% demise, HCFA is in the process of consolidating its eight
separate systems into three standard systems-one to process hospital and
other part A claims; a second to process physician, laboratory, and other
outpatient claims; and a third to process durable medical equipment claims.      .I
While having standard systems should improve the ability to share data, it
would not provide all the benefits that had been expected from MTS, including
the ability to ensure routinely, before payments are made, that an item or
service billed to part A has not also been billed to part B and vice versa. Other
anti-fraud-and-abuse software development discussed in our high-risk report-
namely, algorithms under development by the Los Alamos National Laboratory
for generating prepayment claims screens and commercial off-the-shelf
software controls being tested-are years away from implementation in
Medicare nationwide.’


Some have argued that encouraging beneficiaries to enroll in managed care-
that is, into a “claimless” environment-would eliminate problems of fraud and
abuse. Unlike fee-for-service providers, in managed care, physicians, hospitals,
and other providers do not submit to Medicare a per-service claim for
reimbursement. Instead, they are paid by the HMO, which in turn is paid a

‘Medicare: Excessive Pavments for Medical Sunolies Continue Desnite
Imnrovements (GAOHEHS95171, Aug. 8, 1995).
‘Ambulance Services for Medicare End-Stage Renal Disease Beneficiaries:
Medical Necessitv (HHS, OEI-03-90-02130,Aug. 1994); Ambulance Services for
Medicare End-Stage Renal Disease Beneficiaries: Pavment Practices (HHS, OEI-
03-90-02131, Mar. 1994); and Review of Senaratelv Billable End-Stage Renal
Disease Laboratorv Tests (#A-01-96-00513,Oct. 1996).

‘For a more detailed discussion of this work, see Medicare Automated Svstems:
Weaknesses in Managing Information Technologv Hinder Fight Against Fraud
and Abuse (GAO/T-AIMD-97-176, Sept. 29, 1997).

 12                           GAOIHEHS-9%59R        Medicare   Fraud   and Abuse
B-2 78752

monthly amount by Medicare for each beneficiary enrolled. However, our work
shows that another set of problems exists in Medicare’s managed care program,
which enrolls more than 10 percent of Medicare’s 39 million beneficiaries and
has been growing by about 85,000 beneficiaries per month.

iTnder managed care, where fixed monthly payments are made per beneficiary
rather than per service, strategies to exploit Medicare are based on the
incentive to underserve rather than overserve the beneficiary. Risk contract
HMOs, Medicare’s principal managed care option, can provide beneficiaries an
attractive alternative to the traditional fee-for-service program because risk
HMOs typically cover additional benefits, cost beneficiaries less out-of-pocket,
and offer freedom from complicated billing statements. However, in recent
years, we have reported that some Medicare HMOs have not complied with
federal standards and that HCFA’s monitoring of these HMOs has been weak.
For example, in 1995 we reported that, despite efforts to improve its HMO
monitoring, HCFA conducted only paper reviews of HMOs’quality assurance
plans, ex amining only the description rather than the implementation of HMOs’
quality assurance processes.g Moreover, HCFA was reluctant to take action
against noncompliant HMOs, even when there was a history of abusive sales
practices, delays in processing beneficiaries’ appeals of HMO decisions to deny
coverage, or patterns of poor-quality care.

In a 1996 report, we discussed the value of releasing HMO performance data to
Medicare beneficiaries as having the potential to reduce the occurrence of
abusive marketing practices.” We found that cases developed from beneficiary
complaints and other HCFA documentation revealed violations of Medicare
regulations prohibiting certain marketing practices, such as activities that
mislead, confuse, or misrepresent. Some examples follow:

     At least 20 beneficiaries were inappropriately enrolled in an HMO after
     attending the same sales seminar in August 1995. The beneficiaries
     thought they were signing up to receive more information but later
     discovered the sales agent had enrolled them in the plan.

      In January 1995 a beneficiary was notified by his medical group before an
      appointment that he was now enrolled in another plan. The beneficiary

‘Medicare. Increased HMO Oversight Could Imnrove Qualiti and Access to Care
(GAOLIEtiS95155, Aug. 3, 1995).
“Medicare: HCFA Should Release Data to Aid Consumers. Promnt Better HMO
Performance (GAO/HEHS-97-23, Oct. 22, 1996).

13                          GAOAEHS-9%59R         Medicare   Fraud   and Abuse

      had no idea how this could be as he had not intended to change plans.
      Though the beneficiary signs with an “X,” the new anrohment application
      was signed with a legible, cursive signature. HCFA reenrolled the
      beneficiary into his former plan but took no action against the plan or the
      sales agent.

      One plan’s marketing activities resulted in enrolling an 81-year-old
      woman. In the first months of membership, she visited her doctor, who
      was in the plan’s provider network. When she later visited a nonnetwork
      physician who had also been one of her regular providers, Medicare
      denied her claims because of her HMO enrollment. She then requested to
      d&enroll and told HCFA that if she had understood the requirement to
      visit specific providers, she would not have enrolled in the HMO. HCFA
      d&enrolled the beneficiary from the plan, effective with her use of
      nonnetwork providers.

Despite many beneficiary complaints, HCFA does not take advantage of
opportunities to use market forces to prod competitors to offer better-quality
services. HCFA collects, but has not systematically or routinely analyzed, data
on HMO activities that could be used to measure performance. Putting these
data in the hands of beneficiaries would give them information that could be
used to identify and select plans with better records and give HMOs key
information and incentives to benchmark and improve their performance.

For example, in our 1996 study, we examined HCFA data on HMO
d&enrollments-rates at which Medicare beneficiaries quit their HMO and join
another plan or return to fee-for-service Medicare-as an indicator of
beneficiary satisfaction. In the Miami market, for example, we found that in
1995 at one HMO only about 3 of every 25 beneficiaries disenrolled, whereas at
another HMO more than 3 of every 10 beneficiaries disenrolled. We reported
that these statistics, particularly in combination with complaint data, cculd help
identify HMOs whose sales agents mislead or fail to adequately educate new

In the case of one Florida HMO, for example, HCFA found-m 1991, 1992, 1994,
and 199~some combination of deficiencies in marketing, enrollment, quality
assurance systems, grievance and appeals procedures, and access to health
services. Despite the repeated findings of standards violations at this HMO,
HCFA’s strongest regulatory action was to require, after each inspection, a
corrective action plan. HCFA did not provide Miami-area beneficiaries this
information, and at the same time, Medicare beneficiaries continued to enroll
and disenroll in this plan.

 14                           GAO/HEHS-9th59R       Medicare   Fraud   and Abuse

With the passage of HIPAA and BBA, the Congress recently provided important
new resources and tools to fight health care fraud and abuse. In addition to
earmarked funding for anti-fraud-and-abuse activities, the legislation offers
specific civil and criminal penalties against health care fraud as well as
opportunities to improve detection capabilities. For example, HIPAA makes
health care fraud a separate criminal offense and establishes new fines and
other penalties for federal health care offenses. BBA stiffens the exclusion
penalties for individuals convicted of health care fraud. It also establishes civil
monetary penalties for such offenses as contracting with an excluded provider,
failing to report adverse actions under the new health care data collection
program, and violating the antikickback statute.

IIIPAA and BBA provisions also shore up payment safeguard and oversight
authority. HIPAA sets aside funding specifically for anti-fraud-and-abuse
activities and authorizes HCFA to contract with entities specializing in claim
review activities. Addressing oversight of Medicare HMOs, HIPAA and BBA
clarity and extend the conditions under which HCFA can impose intermediate
sanctions against plans that deviate from Medicare regulations. BBA’s
Medicare+Choice program-which broadens beyond HMOs the private health
plans available to Medicare beneficiaries-includes several provisions addressing
marketing, enrollment, and quality-of-care issues.

Various provisions address fraud in traditional fee-for-service Medicare, but
none to date has been fully implemented. In the case of HIP&& now more
than a year old, HCFA and the HHS Office of Inspector General have been
developing plans on many fronts, while actual implementation is just beginning.
For example, under HIPAA, HCFA has the authority to use contractors other
than the insurers serving as Medicare intermediaries and carriers to conduct
medical and utilization review, audit cost reports, and carry out other program
safeguard activities. The purpose is to enhance HCFA’s oversight of claims
payment operations by increasing contractor accountability, enhancing data
analysis capabilities, and avoiding potential contractor conflicts of interest.

HCFA’s target date for awarding the first program safeguard contract is in
fiscal year 1999, more than a year from now. HCFA officials are preparing for
public comment a notice of proposed rulemaking that would ultimately govern
the selection of contractors to perform safeguard functions, but they are not
able to specify when the contract award rules will be final. -

15                            GAO/HEHS-9%59R         Medicare   Fraud   and Abuse

Among the more challenging of BBA’s provisions to implement are those
related to the managed care and other alternatives to fee-for-service Medicare.
The BBA has established options under the Medicare+Choice program, which,
in addition to HMOs, include preferred provider organizations (PPO), provider-
sponsored organizations (PSO), and private fee-for-service plans. It also makes
medical savings accounts available to a limited number of beneficiaries under a
demonstration program.

BBA provisions address many of these concerns cited earlier for HMOs, for
example, by calling for all Medicare+Choice plans to obtain external review
from an independent quality assurance organization and for the dissemination
of consumer information on an area’s Medicare+Choice plans. We remain
concerned, however, about new issues raised by expanded choice for

For example, under BBA, requirements for minimum enrollment levels-aimed
at achieving an adequate spreading of risk to ensure a plan’s financial solvency
-can be waived for new Medicare+Choice plans in their first 3 years of
operation. In addition, the recent authorization of higher HMO rates in rural
areas may well increase the total number of risk contract HMOs. If the number
of Medicare managed care organizations grows, HCFA may not be equipped to
make site visits at the current rate of every other year. Finally, all the
Medicare+Choice plans, including PPOs, PSOs, and private fee-for-service plans;
will have to submit new marketing materials for HHS approval; with an
escalating workload, however, these materials could be approved without
adequate scrutiny. Under the law, marketing materials are approved
automatically if HHS does not disapprove them within 45 days of their
submission to the Department.


Many of Medicare’s vulnerabilities are inherent in its size and mission, making
it a perpetually attractive target for exploitation. That wrongdoers continue to
find ways to dodge safeguards illustrates the dynamic nature of fraud and
abuse and the need for constant vigilance to protect the program. Judicious
changes in Medicare’s day-today operations involving HCFA’s oversight and
leadership, solutions to information management weaknesses, and HCFA’s
appropriate application of new anti-fraud-and-abuse funds are necessary
ingredients to reduce substantial future losses. Moreover, as Medicare+Choice
enrollment grows, HCFA must work to ensure that beneficiaries receive
information sufficient to make informed choices and that the agency’s
expanded authority to enforce plan compliance with federal standards is used.

 16                          GAOEIEHS-9%59R        Medicare   Fraud   and Abuse

How HI-IS and HCFA will use the authority of HIFAA and BBA to improve its
vigilance over Medicare benefit dollars remains uncertain. The outcome is
largelv dependent on how promptly and effectively HCFA implements the
various provisions. HCFA’s past efforts to implement laws through regulations,
oversee managed care plans, and acquire a major information system have
&en been slow or ineffective. Now that many more requirements have been
placed on HCFA, we are concerned that the promise of the new legislation to
combat health care fraud and abuse could at best be delayed or not be realized
at all without sustained efforts at implementation.

As agreed with your offices, we will make this correspondence available to
others on request.

If you have any questions about this correspondence, please contact Sheila
Avruch, Assistant Director, at (202) 512-7277. Lisanne Bradley and Hannah
Fein contributed to this correspondence, which is based largely on earlier work
done by Health Financing and Systems staff.

William J. Scanlon
Director, Health Financing
  and Systems Issues

17                           GAO/EEHS-98-59R      Medicare   Fraud   and Abuse
                              RELATED GAO PRODUCTS

Medicare Automated SvstemS: Weaknesses in Managing Information Technolom Hinder
Fight Against Fraud and Abuse (GAO!I’-AIMD-97-176, Sept. 29, 1997).

Medicare Home Health Agencies: Certification Process Is Ineffective in Excluding
Problem Agencies (GAO/T-HEHS-97-180, July 28, 1997).

Medicare: Need to Hold Home Health Agencies More Accountable for Inappronriate
Billings (GAOHEHS-97-108, June 13, 1997).

Medicare Managed Care: HMO Rates. Other Factors Create Uneven Availabihtv of
Benefits (GAOHEHS-97-133, May 19, 1997).

Medicare Transaction Svstem: Serious Managerial and Technical Weaknesses Threaten
Modernization (GAO/T-AI&ID-97-91, May 16, 1997).

Medicare (GAOKIR-97-10, Feb. 1997) and related testimony entitled Medicare: Inherent
Program Risks and Management Challenges Reauire Continued Federal Attention (GAOLI’-
HEHS-97-89, Mar. 4, 1997).

Medicare: HCFA Should Release Data to Aid Consumers. Promut Better HMO
Performance (GAOHEHS-97-23, Oct. 22, 1996).

Medicare: Milbons Can Be Saved bv Screening Claims for Overused Services (GAOHEHS
96-49, Jan. 30, 1996).

Medicare: Excessive Pavments for Medical Suunlies Continue Des&e Imnrovements
(GAOLEIEHS95171, Aug. 8, 1995).

Medicare: Increased HMO Oversight Could Imnrove Quabtv and Access to Care
(GAOHEHS-95155, Aug. 3, 1995).

Medicare: AIlegations Against ABC Home Health Care (GAO/OSI-9517, July 19, 1995).

Medicare Claims (GAOLEIR-958, Feb. 1995).

Medicare: New Claims Processing Svstem Benefits and Acauisition Risks
(GAO/HEHS/AIMD-94-79, Jan. 25, 1994).

Medicare Claims (GAO/HR-93-6, Dec. 1992).


18                                     GAOIHEHS-98-59R       Medicare   Fraud   and Abuse
Ordering    Information

The first copy of each GAO report and testimony is free.
Additional   copies are $2 each. Orders should be sent to the
following address, accompanied by a check or money order
made out to the Superintendent     of Documents, when
necessary. VISA and Mastercard      credit cards are accepted, also.
Orders for 100 or more copies to be mailed to a single address
are discounted 25 percent.

Orders by mail:

U.S. General Accounting    Office
P.O. Box 37050
Washington,  DC 20013

or visit:

Room 1100
700 4th St. NW (corner of 4th and G Sts. NW)
U.S. General Accounting  Office
Washington,  DC

Orders may also be placed by calling (202) 512-6000
or by using fax number (202) 512-6061, or TDD (202) 512-2537.

Each day, GAO issues a list of newly available reports and
testimony.   To receive facsimile copies of the daily list or any
list from the past 30 days, please call (202) 512-6000 using a
touchtone phone. A recorded menu will provide information         on
how to obtain these lists.

For information on how to access GAO reports on the INTERNET,
send an e-mail message with “info” in the body to:


or visit GAO’s World Wide Web Home Page at:

United States
Genera;l Accounting Office
Washington, D.C. 20548-0001

Official   Business
Penalty    for Private   ‘Use $300

Address    Correction    Reauested