United States General Accounting Office GAO Testimony Before the Subcommittee on Oversight and Investigations, Committee on Commerce, House of Representatives For Release on Delivery Expected at 1 p.m. MEDICARE AUTOMATED Monday, September 29, 1997 SYSTEMS Weaknesses in Managing Information Technology Hinder Fight Against Fraud and Abuse Statement of Joel C. Willemssen Director, Information Resources Management Accounting and Information Management Division GAO/T-AIMD-97-176 Mr. Chairman and Members of the Subcommittee: We are pleased to join you today in examining the actions of the Health Care Financing Administration (HCFA)—an agency of the Department of Health and Human Services (HHS)—in attempting to acquire effective information technology systems to combat fraud and abuse within Medicare. HCFA’s primary information technology initiative over the last several years was known as the Medicare Transaction System (MTS), a key objective of which was to help detect such fraud and abuse. As you know, this project was canceled just last month. The existence of fraud and abuse within the Medicare program is undisputed and, accordingly, we have designated it as a high-risk area.1 The HHS Office of Inspector General audit of HCFA’s fiscal year 1996 financial statements estimated that net overpayments totaled about $23.2 billion nationwide, or about 14 percent of total Medicare fee-for-service payments. The Inspector General pointed out that these overpayments could range from inadvertent mistakes to outright fraud and abuse. Ongoing HCFA information technology initiatives to combat fraud and abuse include an agreement reached with the Department of Energy’s Los Alamos National Laboratory in 1995 to research the potential identification of fraud and abuse patterns, and, since September 1996, HCFA’s assessment of the feasibility of using commercial abuse-detection software along with its multiple internal claims-processing systems. My statement today will focus primarily on MTS and the recommendations we made to correct serious weaknesses in its management identified as part of our review completed last May.2 I will then describe these two continuing HCFA initiatives against fraud and abuse, including the agency’s response to recommendations made in earlier reports of ours addressing the potential benefits to be derived from the use of commercial abuse-detection software. Finally, I will frame the discussion in broader terms, examining underlying information technology management issues with an eye toward identifying causes and solutions so that we can be more successful in utilizing the power of automated systems against fraud and abuse. 1 High-Risk Series: Medicare (GAO/HR-97-10, Feb. 1997). 2 See Medicare Transaction System: Success Depends Upon Correcting Critical Managerial and Technical Weaknesses (GAO/AIMD-97-78, May 16, 1997) and Medicare Transaction System: Serious Managerial and Technical Weaknesses Threaten Modernization (GAO/T-AIMD-97-91, May 16, 1997). Page 1 GAO/T-AIMD-97-176 Medicare is a huge program. As the nation’s largest health insurer, it serves MTS: Envisioning a some 38 million Americans by providing health insurance to those aged 65 Single and over and to many of the nation’s disabled. It disburses over Claims-Processing $200 billion in health care benefits every year, and by 2000 is expected to be processing 1 billion claims annually. System The Medicare program is divided into two components—part A and part B. Part A encompasses facility-based services, with claims paid to hospitals, skilled nursing facilities, hospices, and home health agencies. Part B comprises outpatient services, with claims paid to physicians, laboratories, medical equipment suppliers, and other outpatient providers and practitioners. Claims processing for the Medicare program is handled at some 45 sites throughout the country by about 70 private companies under contract with HCFA. Contractors handling part A services, called intermediaries, had been using three different computer systems to process claims; those handling part B, called carriers, used six different systems. In order to improve the efficiency and effectiveness of Medicare operations and better address fraud and abuse, HCFA planned to develop one unified computer system to replace the existing systems. In January 1994, HCFA awarded a contract to a software developer to design, develop, and implement the MTS automated claims-processing information system. In so doing, MTS was to aid HCFA in identifying fraud and abuse by utilizing an integrated database that would greatly improve HCFA’s ability to profile data by type of service on a national or regional basis. The single system would integrate data from Medicare part A and part B and managed care (a newer, third component), provide a comprehensive view of billing practices, and incorporate new technology to facilitate innovative investigative procedures. The MTS project encountered problems from the very beginning. It was plagued with schedule delays, cost overruns, and the lack of effective management and oversight. We repeatedly reported that HCFA was not applying effective investment management practices in its planning and management and, as a result, had no assurance that the project would be cost-effective, delivered within estimated time frames, or even improve the processing of Medicare claims.3 3 GAO/AIMD-97-78, May 16, 1997; GAO/T-AIMD-97-91, May 16, 1997; Medicare Transaction System: Strengthened Management and Sound Development Approach Critical to Success (GAO/T-AIMD-96-12, Nov. 16, 1995); and Medicare: New Claims Processing System Benefits and Acquisition Risks (GAO/HEHS/AIMD-94-79, Jan. 25, 1994). Page 2 GAO/T-AIMD-97-176 MTS costs had also escalated dramatically. As we testified in May, total estimated project costs jumped sevenfold in 5 years, from $151 million in 1992 to about $1 billion in 1997. I should point out that the $1 billion figure included costs for transitioning from the three part A and six part B systems to a single part A and a single part B system prior to implementing MTS, and for acquiring MTS operating sites. To justify the continuation of MTS, we recommended in May 1997 that HHS require HCFA to prepare a valid cost-benefit and alternatives analysis. Further, we recommended at that time that HHS withhold funding for proposed MTS operating sites until these sites were justified. We likewise identified critical areas in which HCFA was not using sound systems-development practices in managing its MTS software development contractor. HCFA had not developed the kinds of plans that are critical to systems success. This included missing or inadequate plans for three important components of systems development: requirements management, configuration management, and systems integration. Finally, HCFA had not adequately monitored its contractor’s activities using measures of software development quality. These problems decreased HCFA’s chances of controlling the development of systems requirements and software. MTS Contract Is Given the magnitude of problems surfaced with MTS, along with runaway Terminated costs, HCFA further assessed the project’s viability. Faced with the prospect of spending hundreds of millions of dollars to acquire MTS operating sites along with additional millions of dollars for the software development effort, HCFA decided to terminate both the request for proposals for the sites and the entire software-development contract as well. On August 15, 1997, HCFA terminated the MTS contract on which it had spent about 3 and a half years and about $80 million to date—about $50 million for software development and about another $30 million for internal HCFA costs. What has that money purchased? A huge learning experience about the difficulty of acquiring such a large system under a single contract and a better understanding of the requirements for developing a Medicare claims processing system, but no integrated claims processing software to aid HCFA in preventing fraud and abuse. Still to be delivered to HCFA, at additional cost under the original contract, is a set of application requirements for what was to have been the managed care module. The agency is considering awarding another contract for the development and Page 3 GAO/T-AIMD-97-176 implementation of managed care software using these requirements. In addition, it is now beginning to reconsider its approach for identifying requirements and developing software for two features that were planned as part of MTS: a beneficiary insurance file and a financial management component. While the MTS termination delays one means of possibly combatting fraud Ongoing HCFA and abuse, HCFA has two other independent information technology Technology Initiatives initiatives in this area that are continuing. These separate initiatives are to Combat Fraud and analyzing the potential for using existing commercial software and exploring the possibilities for developing antifraud software. Abuse In May 1995, we reported on the potential benefits of HCFA’s use of commercial software to help detect inappropriate medical coding, a common form of billing abuse.4 We concluded that HCFA had not kept pace with private industry’s use of such software, and that HCFA’s internal efforts to develop the capability to detect such code manipulation were limited and unlikely to fully stem the losses being suffered from these abuses. We recommended that HCFA require Medicare carriers to use a commercial system to detect code manipulation when processing Medicare claims for physicians’ services and supplies. Although senior HCFA officials voiced their support for our recommendation to use modern information technology to strengthen payment controls, they did not begin to test the feasibility of using commercial code manipulation-detection software to process Medicare claims until about a year after we reported on its potential. Furthermore, any positive results from this testing are not expected to be implemented nationally for at least several years. In the meantime, hundreds of millions of dollars continue to be lost annually, some of which could have possibly been saved with timely implementation of this software. In addition to our report on opportunities to use commercial software to detect billing abuse, we reported in 1995 that new antifraud systems were available and being used by private insurers, some of whom were also Medicare carriers. Concluding that this technology could possibly complement existing Medicare systems, we recommended that HHS direct 4 Medicare Claims: Commercial Technology Could Save Billions Lost to Billing Abuse (GAO/AIMD-95-135, May 5, 1995). Code manipulation occurs when providers submit claims containing an inappropriate combination of billing codes that can lead to overpayment for the services provided. Page 4 GAO/T-AIMD-97-176 HCFA to develop a plan for implementing antifraud technology.5 However, HHS expressed three reservations about implementing new technology for identifying fraudulent patterns of behavior in the Medicare program. First, it said, the technology might not be applicable in a health insurance setting; second, that it might require substantial modification; and third, that more testing would be needed to assess its usefulness in detecting fraud in Medicare claims data. Rather than trying to adopt the commercially available software, HCFA chose to enter into an agreement that allowed it to explore the possibility of developing such software. Specifically, HCFA signed a 2-year, $6-million interagency agreement with the Los Alamos National Laboratory to assess the potential for identifying patterns of fraud. This agreement was recently extended for 3 additional months, until December of this year. As part of this agreement, Los Alamos has developed prototype approaches to detecting some suspicious part B claims. These approaches are currently being tested. To bring its work to fruition, the laboratory has submitted a 4-year, $13-million follow-up proposal to HCFA to use these approaches to design a system that will detect those and other suspicious claims. According to HCFA officials, they have agreed to a 4-year follow-up commitment and have approved $2.7 million for the fiscal year 1998 work. Usable results from this effort appear to be years away because, once the system’s design is complete, HCFA would have to award another contract to a software developer to create software from the Los Alamos design. Further, according to laboratory officials, HCFA will have to acquire separate computers to implement any Los Alamos-based fraud detection system because its approaches, which were originally to become part of MTS, are not designed to be integrated with the standard part A and part B Medicare claims-processing systems to which HCFA is now transitioning. HCFA’s negative experience with its automation projects represents a Strong Management pattern we see throughout the federal sector: it is weaknesses in Essential Regardless management, not technology itself, that stymie effective systems of Project Direction development and implementation. Managing information technology is not easy. But the payoffs of success—and the significant cost of failure, in time and money—demand that agencies implement sound information technology practices. 5 Medicare: Antifraud Technology Offers Significant Opportunity to Reduce Health Care Fraud (GAO/AIMD-95-77, Aug. 11, 1995). Page 5 GAO/T-AIMD-97-176 How can agency officials begin implementing such practices? A good place to start is with the Clinger-Cohen Act of 1996. Fueled by a decade of poor information technology planning and program management across government, the act sought to strengthen executive leadership in information management and institute sound investment decision-making to maximize the return on costly technology investments. It is important to note that just as technology is most effective when it supports defined business needs and objectives, Clinger-Cohen will be more powerful if it can be integrated with the objectives of broader governmentwide management reform legislation that HHS, HCFA’s parent department, is also required to implement. One such reform is the Paperwork Reduction Act of 1995, which emphasizes the need for an overall information resources management strategic planning framework, with information technology decisions linked directly to mission needs. Another reform is the Chief Financial Officers Act of 1990, which requires, among other things, that sound financial management practices and systems essential for tracking program costs and expenditures be in place. Still another reform is the 1993 Government Performance and Results Act, which focuses on defining mission goals and objectives, measuring and evaluating performance, and reporting results. Together, Clinger-Cohen and these other laws provide a powerful framework under which federal agencies have the best opportunity to improve the management and acquisition of information technology. We believe that if properly and fully implemented, the requirements of Clinger-Cohen and the Paperwork Reduction Act should help HHS and HCFA make real change and improve the way they acquire information technology and manage these investments. These acts emphasize • establishing senior-level chief information officers (CIO), • involving senior executives in information management decisions, and • tightening controls over technology spending. HCFA has recognized the need to more effectively manage its information technology acquisitions and has taken several important steps. For example, late last year it established a CIO position and is now reportedly in the final stages of selecting an individual for the position. Such a position is essential to ensuring the success of the agency’s information technology initiatives. HCFA has also established an information technology investment review board involving senior executives. HCFA sees these Page 6 GAO/T-AIMD-97-176 actions as providing an integrated process for planning, budget development, performance-based management, and evaluation of information technology investments. We endorse these positive steps. However, much remains to be done to ensure that HCFA’s initiatives—or those of any agency—are cost-effective and serve its mission. HCFA has not yet implemented our recommendations in establishing investment processes that will allow it to maximize the value and manage the risks of its information technology acquisitions, and tightly control spending. In HCFA’s case, officials state that establishing investment management practices to support its recent changes will be an “iterative process” that will take time. To effectively manage as an investment any information technology it seeks to acquire, an agency—including HCFA—must be structured organizationally in a way that allows—even promotes—such an approach. This means providing a qualified top official with the authority and accountability to make critical management decisions on the basis of sound information. This structure should provide such information through systematic analyses that predict the kind of return on investment envisioned, in both a fiscal and technical sense. The agency then is obliged to use sound systems-development practices in managing its automation projects. Where such management has not been the norm, both HHS and the Office of Management and Budget should provide close oversight to ensure swift implementation of sound information technology management. Continuing congressional oversight would further assist in accomplishing this. This concludes my statement. I would be happy to respond to any questions you or other Members of the Subcommittee may have at this time. (511224) Page 7 GAO/T-AIMD-97-176 Ordering Information The first copy of each GAO report and testimony is free. Additional copies are $2 each. Orders should be sent to the following address, accompanied by a check or money order made out to the Superintendent of Documents, when necessary. VISA and MasterCard credit cards are accepted, also. Orders for 100 or more copies to be mailed to a single address are discounted 25 percent. Orders by mail: U.S. General Accounting Office P.O. Box 37050 Washington, DC 20013 or visit: Room 1100 700 4th St. NW (corner of 4th and G Sts. NW) U.S. General Accounting Office Washington, DC Orders may also be placed by calling (202) 512-6000 or by using fax number (202) 512-6061, or TDD (202) 512-2537. Each day, GAO issues a list of newly available reports and testimony. To receive facsimile copies of the daily list or any list from the past 30 days, please call (202) 512-6000 using a touchtone phone. A recorded menu will provide information on how to obtain these lists. For information on how to access GAO reports on the INTERNET, send an e-mail message with "info" in the body to: email@example.com or visit GAO’s World Wide Web Home Page at: http://www.gao.gov PRINTED ON RECYCLED PAPER United States Bulk Rate General Accounting Office Postage & Fees Paid Washington, D.C. 20548-0001 GAO Permit No. G100 Official Business Penalty for Private Use $300 Address Correction Requested
Medicare Automated Systems: Weaknesses in Managing Information Technology Hinder Fight Against Fraud and Abuse
Published by the Government Accountability Office on 1997-09-29.
Below is a raw (and likely hideous) rendition of the original report. (PDF)