oversight

Medicare Automated Systems: Weaknesses in Managing Information Technology Hinder Fight Against Fraud and Abuse

Published by the Government Accountability Office on 1997-09-29.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                          United States General Accounting Office

GAO                       Testimony
                          Before the Subcommittee on Oversight and Investigations,
                          Committee on Commerce, House of Representatives




For Release on Delivery
Expected at
1 p.m.
                          MEDICARE AUTOMATED
Monday,
September 29, 1997        SYSTEMS

                          Weaknesses in Managing
                          Information Technology
                          Hinder Fight Against Fraud
                          and Abuse
                          Statement of Joel C. Willemssen
                          Director, Information Resources Management
                          Accounting and Information Management Division




GAO/T-AIMD-97-176
Mr. Chairman and Members of the Subcommittee:

We are pleased to join you today in examining the actions of the Health
Care Financing Administration (HCFA)—an agency of the Department of
Health and Human Services (HHS)—in attempting to acquire effective
information technology systems to combat fraud and abuse within
Medicare. HCFA’s primary information technology initiative over the last
several years was known as the Medicare Transaction System (MTS), a key
objective of which was to help detect such fraud and abuse. As you know,
this project was canceled just last month.

The existence of fraud and abuse within the Medicare program is
undisputed and, accordingly, we have designated it as a high-risk area.1
The HHS Office of Inspector General audit of HCFA’s fiscal year 1996
financial statements estimated that net overpayments totaled about
$23.2 billion nationwide, or about 14 percent of total Medicare
fee-for-service payments. The Inspector General pointed out that these
overpayments could range from inadvertent mistakes to outright fraud and
abuse.

Ongoing HCFA information technology initiatives to combat fraud and
abuse include an agreement reached with the Department of Energy’s Los
Alamos National Laboratory in 1995 to research the potential identification
of fraud and abuse patterns, and, since September 1996, HCFA’s assessment
of the feasibility of using commercial abuse-detection software along with
its multiple internal claims-processing systems.

My statement today will focus primarily on MTS and the recommendations
we made to correct serious weaknesses in its management identified as
part of our review completed last May.2 I will then describe these two
continuing HCFA initiatives against fraud and abuse, including the agency’s
response to recommendations made in earlier reports of ours addressing
the potential benefits to be derived from the use of commercial
abuse-detection software. Finally, I will frame the discussion in broader
terms, examining underlying information technology management issues
with an eye toward identifying causes and solutions so that we can be
more successful in utilizing the power of automated systems against fraud
and abuse.

1
 High-Risk Series: Medicare (GAO/HR-97-10, Feb. 1997).
2
 See Medicare Transaction System: Success Depends Upon Correcting Critical Managerial and
Technical Weaknesses (GAO/AIMD-97-78, May 16, 1997) and Medicare Transaction System: Serious
Managerial and Technical Weaknesses Threaten Modernization (GAO/T-AIMD-97-91, May 16, 1997).



Page 1                                                                    GAO/T-AIMD-97-176
                     Medicare is a huge program. As the nation’s largest health insurer, it serves
MTS: Envisioning a   some 38 million Americans by providing health insurance to those aged 65
Single               and over and to many of the nation’s disabled. It disburses over
Claims-Processing    $200 billion in health care benefits every year, and by 2000 is expected to
                     be processing 1 billion claims annually.
System
                     The Medicare program is divided into two components—part A and part B.
                     Part A encompasses facility-based services, with claims paid to hospitals,
                     skilled nursing facilities, hospices, and home health agencies. Part B
                     comprises outpatient services, with claims paid to physicians,
                     laboratories, medical equipment suppliers, and other outpatient providers
                     and practitioners.

                     Claims processing for the Medicare program is handled at some 45 sites
                     throughout the country by about 70 private companies under contract with
                     HCFA. Contractors handling part A services, called intermediaries, had been
                     using three different computer systems to process claims; those handling
                     part B, called carriers, used six different systems.

                     In order to improve the efficiency and effectiveness of Medicare
                     operations and better address fraud and abuse, HCFA planned to develop
                     one unified computer system to replace the existing systems. In
                     January 1994, HCFA awarded a contract to a software developer to design,
                     develop, and implement the MTS automated claims-processing information
                     system. In so doing, MTS was to aid HCFA in identifying fraud and abuse by
                     utilizing an integrated database that would greatly improve HCFA’s ability to
                     profile data by type of service on a national or regional basis. The single
                     system would integrate data from Medicare part A and part B and
                     managed care (a newer, third component), provide a comprehensive view
                     of billing practices, and incorporate new technology to facilitate
                     innovative investigative procedures.

                     The MTS project encountered problems from the very beginning. It was
                     plagued with schedule delays, cost overruns, and the lack of effective
                     management and oversight. We repeatedly reported that HCFA was not
                     applying effective investment management practices in its planning and
                     management and, as a result, had no assurance that the project would be
                     cost-effective, delivered within estimated time frames, or even improve the
                     processing of Medicare claims.3

                     3
                      GAO/AIMD-97-78, May 16, 1997; GAO/T-AIMD-97-91, May 16, 1997; Medicare Transaction System:
                     Strengthened Management and Sound Development Approach Critical to Success (GAO/T-AIMD-96-12,
                     Nov. 16, 1995); and Medicare: New Claims Processing System Benefits and Acquisition Risks
                     (GAO/HEHS/AIMD-94-79, Jan. 25, 1994).



                     Page 2                                                                  GAO/T-AIMD-97-176
                  MTS costs had also escalated dramatically. As we testified in May, total
                  estimated project costs jumped sevenfold in 5 years, from $151 million in
                  1992 to about $1 billion in 1997. I should point out that the $1 billion figure
                  included costs for transitioning from the three part A and six part B
                  systems to a single part A and a single part B system prior to implementing
                  MTS, and for acquiring MTS operating sites.


                  To justify the continuation of MTS, we recommended in May 1997 that HHS
                  require HCFA to prepare a valid cost-benefit and alternatives analysis.
                  Further, we recommended at that time that HHS withhold funding for
                  proposed MTS operating sites until these sites were justified.

                  We likewise identified critical areas in which HCFA was not using sound
                  systems-development practices in managing its MTS software development
                  contractor. HCFA had not developed the kinds of plans that are critical to
                  systems success. This included missing or inadequate plans for three
                  important components of systems development: requirements
                  management, configuration management, and systems integration. Finally,
                  HCFA had not adequately monitored its contractor’s activities using
                  measures of software development quality. These problems decreased
                  HCFA’s chances of controlling the development of systems requirements
                  and software.


MTS Contract Is   Given the magnitude of problems surfaced with MTS, along with runaway
Terminated        costs, HCFA further assessed the project’s viability. Faced with the prospect
                  of spending hundreds of millions of dollars to acquire MTS operating sites
                  along with additional millions of dollars for the software development
                  effort, HCFA decided to terminate both the request for proposals for the
                  sites and the entire software-development contract as well. On August 15,
                  1997, HCFA terminated the MTS contract on which it had spent about 3 and a
                  half years and about $80 million to date—about $50 million for software
                  development and about another $30 million for internal HCFA costs.

                  What has that money purchased? A huge learning experience about the
                  difficulty of acquiring such a large system under a single contract and a
                  better understanding of the requirements for developing a Medicare claims
                  processing system, but no integrated claims processing software to aid
                  HCFA in preventing fraud and abuse. Still to be delivered to HCFA, at
                  additional cost under the original contract, is a set of application
                  requirements for what was to have been the managed care module. The
                  agency is considering awarding another contract for the development and



                  Page 3                                                       GAO/T-AIMD-97-176
                         implementation of managed care software using these requirements. In
                         addition, it is now beginning to reconsider its approach for identifying
                         requirements and developing software for two features that were planned
                         as part of MTS: a beneficiary insurance file and a financial management
                         component.


                         While the MTS termination delays one means of possibly combatting fraud
Ongoing HCFA             and abuse, HCFA has two other independent information technology
Technology Initiatives   initiatives in this area that are continuing. These separate initiatives are
to Combat Fraud and      analyzing the potential for using existing commercial software and
                         exploring the possibilities for developing antifraud software.
Abuse
                         In May 1995, we reported on the potential benefits of HCFA’s use of
                         commercial software to help detect inappropriate medical coding, a
                         common form of billing abuse.4 We concluded that HCFA had not kept pace
                         with private industry’s use of such software, and that HCFA’s internal
                         efforts to develop the capability to detect such code manipulation were
                         limited and unlikely to fully stem the losses being suffered from these
                         abuses. We recommended that HCFA require Medicare carriers to use a
                         commercial system to detect code manipulation when processing
                         Medicare claims for physicians’ services and supplies.

                         Although senior HCFA officials voiced their support for our
                         recommendation to use modern information technology to strengthen
                         payment controls, they did not begin to test the feasibility of using
                         commercial code manipulation-detection software to process Medicare
                         claims until about a year after we reported on its potential. Furthermore,
                         any positive results from this testing are not expected to be implemented
                         nationally for at least several years. In the meantime, hundreds of millions
                         of dollars continue to be lost annually, some of which could have possibly
                         been saved with timely implementation of this software.

                         In addition to our report on opportunities to use commercial software to
                         detect billing abuse, we reported in 1995 that new antifraud systems were
                         available and being used by private insurers, some of whom were also
                         Medicare carriers. Concluding that this technology could possibly
                         complement existing Medicare systems, we recommended that HHS direct



                         4
                          Medicare Claims: Commercial Technology Could Save Billions Lost to Billing Abuse
                         (GAO/AIMD-95-135, May 5, 1995). Code manipulation occurs when providers submit claims containing
                         an inappropriate combination of billing codes that can lead to overpayment for the services provided.



                         Page 4                                                                         GAO/T-AIMD-97-176
                       HCFA  to develop a plan for implementing antifraud technology.5 However,
                       HHS expressed three reservations about implementing new technology for
                       identifying fraudulent patterns of behavior in the Medicare program. First,
                       it said, the technology might not be applicable in a health insurance
                       setting; second, that it might require substantial modification; and third,
                       that more testing would be needed to assess its usefulness in detecting
                       fraud in Medicare claims data.

                       Rather than trying to adopt the commercially available software, HCFA
                       chose to enter into an agreement that allowed it to explore the possibility
                       of developing such software. Specifically, HCFA signed a 2-year, $6-million
                       interagency agreement with the Los Alamos National Laboratory to assess
                       the potential for identifying patterns of fraud. This agreement was recently
                       extended for 3 additional months, until December of this year.

                       As part of this agreement, Los Alamos has developed prototype
                       approaches to detecting some suspicious part B claims. These approaches
                       are currently being tested. To bring its work to fruition, the laboratory has
                       submitted a 4-year, $13-million follow-up proposal to HCFA to use these
                       approaches to design a system that will detect those and other suspicious
                       claims. According to HCFA officials, they have agreed to a 4-year follow-up
                       commitment and have approved $2.7 million for the fiscal year 1998 work.

                       Usable results from this effort appear to be years away because, once the
                       system’s design is complete, HCFA would have to award another contract to
                       a software developer to create software from the Los Alamos design.
                       Further, according to laboratory officials, HCFA will have to acquire
                       separate computers to implement any Los Alamos-based fraud detection
                       system because its approaches, which were originally to become part of
                       MTS, are not designed to be integrated with the standard part A and part B
                       Medicare claims-processing systems to which HCFA is now transitioning.


                       HCFA’s negative experience with its automation projects represents a
Strong Management      pattern we see throughout the federal sector: it is weaknesses in
Essential Regardless   management, not technology itself, that stymie effective systems
of Project Direction   development and implementation. Managing information technology is not
                       easy. But the payoffs of success—and the significant cost of failure, in
                       time and money—demand that agencies implement sound information
                       technology practices.


                       5
                        Medicare: Antifraud Technology Offers Significant Opportunity to Reduce Health Care Fraud
                       (GAO/AIMD-95-77, Aug. 11, 1995).



                       Page 5                                                                       GAO/T-AIMD-97-176
    How can agency officials begin implementing such practices? A good
    place to start is with the Clinger-Cohen Act of 1996. Fueled by a decade of
    poor information technology planning and program management across
    government, the act sought to strengthen executive leadership in
    information management and institute sound investment decision-making
    to maximize the return on costly technology investments. It is important to
    note that just as technology is most effective when it supports defined
    business needs and objectives, Clinger-Cohen will be more powerful if it
    can be integrated with the objectives of broader governmentwide
    management reform legislation that HHS, HCFA’s parent department, is also
    required to implement.

    One such reform is the Paperwork Reduction Act of 1995, which
    emphasizes the need for an overall information resources management
    strategic planning framework, with information technology decisions
    linked directly to mission needs. Another reform is the Chief Financial
    Officers Act of 1990, which requires, among other things, that sound
    financial management practices and systems essential for tracking
    program costs and expenditures be in place. Still another reform is the
    1993 Government Performance and Results Act, which focuses on defining
    mission goals and objectives, measuring and evaluating performance, and
    reporting results. Together, Clinger-Cohen and these other laws provide a
    powerful framework under which federal agencies have the best
    opportunity to improve the management and acquisition of information
    technology.

    We believe that if properly and fully implemented, the requirements of
    Clinger-Cohen and the Paperwork Reduction Act should help HHS and HCFA
    make real change and improve the way they acquire information
    technology and manage these investments. These acts emphasize

•   establishing senior-level chief information officers (CIO),
•   involving senior executives in information management decisions, and
•   tightening controls over technology spending.

    HCFA  has recognized the need to more effectively manage its information
    technology acquisitions and has taken several important steps. For
    example, late last year it established a CIO position and is now reportedly
    in the final stages of selecting an individual for the position. Such a
    position is essential to ensuring the success of the agency’s information
    technology initiatives. HCFA has also established an information technology
    investment review board involving senior executives. HCFA sees these



    Page 6                                                    GAO/T-AIMD-97-176
           actions as providing an integrated process for planning, budget
           development, performance-based management, and evaluation of
           information technology investments. We endorse these positive steps.

           However, much remains to be done to ensure that HCFA’s initiatives—or
           those of any agency—are cost-effective and serve its mission. HCFA has not
           yet implemented our recommendations in establishing investment
           processes that will allow it to maximize the value and manage the risks of
           its information technology acquisitions, and tightly control spending. In
           HCFA’s case, officials state that establishing investment management
           practices to support its recent changes will be an “iterative process” that
           will take time.

           To effectively manage as an investment any information technology it
           seeks to acquire, an agency—including HCFA—must be structured
           organizationally in a way that allows—even promotes—such an approach.
           This means providing a qualified top official with the authority and
           accountability to make critical management decisions on the basis of
           sound information. This structure should provide such information
           through systematic analyses that predict the kind of return on investment
           envisioned, in both a fiscal and technical sense. The agency then is obliged
           to use sound systems-development practices in managing its automation
           projects. Where such management has not been the norm, both HHS and
           the Office of Management and Budget should provide close oversight to
           ensure swift implementation of sound information technology
           management. Continuing congressional oversight would further assist in
           accomplishing this.


           This concludes my statement. I would be happy to respond to any
           questions you or other Members of the Subcommittee may have at this
           time.




(511224)   Page 7                                                     GAO/T-AIMD-97-176
Ordering Information

The first copy of each GAO report and testimony is free.
Additional copies are $2 each. Orders should be sent to the
following address, accompanied by a check or money order
made out to the Superintendent of Documents, when
necessary. VISA and MasterCard credit cards are accepted, also.
Orders for 100 or more copies to be mailed to a single address
are discounted 25 percent.

Orders by mail:

U.S. General Accounting Office
P.O. Box 37050
Washington, DC 20013

or visit:

Room 1100
700 4th St. NW (corner of 4th and G Sts. NW)
U.S. General Accounting Office
Washington, DC

Orders may also be placed by calling (202) 512-6000
or by using fax number (202) 512-6061, or TDD (202) 512-2537.

Each day, GAO issues a list of newly available reports and
testimony. To receive facsimile copies of the daily list or any
list from the past 30 days, please call (202) 512-6000 using a
touchtone phone. A recorded menu will provide information on
how to obtain these lists.

For information on how to access GAO reports on the INTERNET,
send an e-mail message with "info" in the body to:

info@www.gao.gov

or visit GAO’s World Wide Web Home Page at:

http://www.gao.gov




PRINTED ON    RECYCLED PAPER
United States                       Bulk Rate
General Accounting Office      Postage & Fees Paid
Washington, D.C. 20548-0001           GAO
                                 Permit No. G100
Official Business
Penalty for Private Use $300

Address Correction Requested