United States General Accounting Office GAO Testimony Before the Permanent Subcommittee on Investigations, Committee on Governmental Affairs, U.S. Senate For Release on Delivery Expected at 9:00 a.m. Thursday, June 26, 1997 MEDICARE Control Over Fraud and Abuse Remains Elusive Statement of Leslie G. Aronovitz, Associate Director Health Financing and Systems Issues Health, Education, and Human Services Division GAO/T-HEHS-97-165 Medicare: Control Over Fraud and Abuse Remains Elusive Madam Chairman and Members of the Subcommittee: We are pleased to be here today as you discuss the problem of fraud and abuse in the Medicare program. Because Medicare is one of the largest, most expensive programs in the federal budget, its spending has been the subject of numerous legislative proposals in recent years by the Congress and the administration. In fiscal year 1996, Medicare expenditures totaled about $200 billion, and the program’s Hospital Insurance Trust Fund is expected to be depleted by 2001. At the same time, millions of dollars are being spent inappropriately because of the fraudulent and abusive billing practices of health care providers, thus prompting congressional concern about program vulnerabilities. My comments today will focus on both the fee-for-service and managed care programs. Specifically, I would like to highlight the anti-fraud-and-abuse tools available to Medicare; the extent to which and how effectively they are used by the Health Care Financing Administration (HCFA), the agency responsible for administering the program; and recent legislative activity aimed at improving program safeguards. The information I am presenting today is based on recent GAO studies and the three High Risk Series reports on Medicare we have issued since 1992. The high-risk reports are the products of GAO’s special effort, begun in 1990 and supported by the Senate Committee on Governmental Affairs, to review federal program areas identified as high risk because of vulnerabilities to waste, fraud, abuse, and mismanagement. (See Related GAO Products at the end of this statement.) In brief, we selected Medicare as one of the initial programs to be included in our high-risk efforts because of the program’s size, complexity, and rapid growth. In addition, HCFA’s efforts to fight Medicare fraud and abuse have not been adequate to prevent substantial losses because the tools available over the years have been underutilized or not deployed as effectively as possible. Because of budget constraints, the number of reviews of claims and related medical documentation and the site audits of providers’ records have dwindled significantly. This means, for example, that a home health provider has only a slim chance of having its claims, its year-end cost reports, or its actual provision of services carefully scrutinized by Medicare. In addition, HCFA’s management of its claims processing controls and Medicare’s automated information systems has been unsatisfactory. Page 1 GAO/T-HEHS-97-165 Medicare: Control Over Fraud and Abuse Remains Elusive As a result, Medicare’s information systems and the staff monitoring claims have been less than effective at spotting indicators of potential fraud, such as suspiciously large increases in reimbursements, improbable quantities of services claimed, or duplicate bills submitted to different contractors for the same service or supply. Because of acknowledged system weaknesses, HCFA is in the process of acquiring a new multimillion-dollar automated system called the Medicare Transaction System (MTS). MTS is intended to replace Medicare’s multiple automated systems and is expected to enhance significantly its fraud and abuse detection capabilities. However, HCFA has not effectively managed the process for acquiring this system. Now schedule delays and growing cost projections—from a $151 million estimate made in 1992 to about a $1 billion estimate this year—have forced HCFA to halt much of the system’s development while the agency reassesses its acquisition plans. Less than adequate oversight has also resulted in little meaningful action taken against Medicare health maintenance organizations (HMO) found to be out of compliance with federal law and regulations. Other than requiring corrective action plans, HCFA has not sanctioned poor performing HMOs, using such tools as excluding these HMOs from the program, prohibiting continued enrollment until deficiencies are corrected, or notifying beneficiaries of the HMOs cited for violations. Accumulated evidence of in-home sales abuses coupled with high rates of rapid disenrollment for certain HMOs also indicate that some beneficiaries are confused about or are being misled during the enrollment process and are dissatisfied once they become plan members. In addition, consumer information that could help beneficiaries distinguish the good plans from the poor performers is not made publicly available, limiting the ability of beneficiaries to make informed choices about competing plans. This in turn limits the ability of consumer choice to drive out poor quality. Recent and proposed legislation—chiefly the Kassebaum-Kennedy legislation, also known as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the budget reconciliation legislation now being considered by the Congress—refocus attention on various aspects of Medicare fraud and abuse. The implementation of the enacted provisions, such as additional funding for special antifraud initiatives and the promise of proposed legislation, such as the authority to prevent all convicted felons from becoming Medicare providers, offer the potential to reduce Medicare losses attributable to unwarranted payments. But HCFA’s history of lengthy delays in implementing legislation gives cause Page 2 GAO/T-HEHS-97-165 Medicare: Control Over Fraud and Abuse Remains Elusive for concern about whether the authorities granted will be acted on promptly and effectively. Established under the Social Security Amendments of 1965, Medicare is a Background two-part program: “hospital insurance,” or part A, which covers inpatient hospital, skilled nursing facility, hospice, and home health care services; and “supplementary medical insurance,” or part B, which covers physician and outpatient hospital services, diagnostic tests, and ambulance and other health services and supplies. Medicare falls under the administrative jurisdiction of HCFA, within the Department of Health and Human Services (HHS). HCFA administers both traditional fee-for-service Medicare and HMOs under contract that are permitted to enroll Medicare beneficiaries. Fee-for-Service Program In 1996, Medicare’s fee-for-service program covered almost 90 percent, or 35 million, of Medicare’s beneficiaries. Physicians, hospitals, and other providers submit claims to Medicare to receive payment for services they have provided to beneficiaries. HCFA administers Medicare’s fee-for-service program largely through a network of about 70 claims processing contractors, that is, insurance companies—like Blue Cross and Blue Shield plans, Mutual of Omaha, and CIGNA—that process and pay Medicare claims. In fiscal year 1996, contractors processed about 800 million Medicare claims. As Medicare contractors, these companies use federal funds to pay health care providers and beneficiaries and are reimbursed for their administrative costs incurred in performing the work. They are also responsible for the payment safeguard activities intended to protect Medicare from paying inappropriately.1 The contractors have broad discretion in conducting these activities, resulting in significant variations across contractors in implementing payment safeguards. Generally, intermediaries are the contractors that handle claims submitted by “institutional providers” (hospitals, skilled nursing facilities, hospices, and home health agencies); carriers are those handling claims submitted by physicians, laboratories, equipment suppliers, and other practitioners. 1 Although under section 202 of HIPAA, the HHS Secretary is authorized to enter into contracts with entities other than its current contractors to perform payment safeguard activities, HCFA has not yet awarded any contracts of this type. Page 3 GAO/T-HEHS-97-165 Medicare: Control Over Fraud and Abuse Remains Elusive Managed Care Program Medicare’s managed care program covers a growing number of beneficiaries—nearly 5 million at the end of 1996—who have chosen to enroll in an HMO to receive their medical care rather than obtaining services from individual providers. The managed care program, which is funded from both the part A and part B trust funds, consists mostly of risk contract HMOs that enrolled about 4 million Medicare beneficiaries as of the end of 1996.2 These HMOs are paid a monthly amount, fixed in advance, by Medicare for each beneficiary enrolled rather than for each service provided. In this sense, the HMO has a “risk” contract because, regardless of what it spends for each enrollee’s care, the HMO assumes the financial risk of providing all needed health care in return for the payments received. HMOs profit if their costs of providing services are lower than the predetermined payment but lose if their costs are higher than the Medicare payment. Medicare Fraud Fraud and abuse encompass a wide range of improper billing practices that include misrepresenting or overcharging with respect to services delivered. Both result in unnecessary costs to Medicare; but a fraud conviction requires proof of intent to defraud. Abuse typically involves actions that are inconsistent with Medicare billing rules and policies. As a practical matter, whether and how a wrongful act is addressed can depend on the size of the financial loss incurred and the quality of the evidence establishing intent. For example, small claims are generally not pursued as fraudulent because of the cost involved in investigation and prosecution. The pursuit of fraud often begins with the contractors, which conduct reviews of submitted claims and respond to beneficiary complaints. They develop cases for referral to the HHS Inspector General for possible criminal or civil prosecution and administrative sanction. Potential fraud cases referred to the Inspector General require careful documentation by the contractor, entailing data analyses, claims audits, interviews with patients, and reviews of medical records. Inspector General investigations can involve, among other things, additional interviews or analyses of medical records, and subpoena of financial records. If satisfied that the evidence warrants prosecution, the Inspector General forwards the case to a U.S. Attorney, within the Department of Justice. The U.S. Attorney then decides whether to accept 2 Other Medicare managed care plans include cost contract HMOs and health care prepayment plans. Cost contract HMOs allow beneficiaries to choose health services from their HMO network or outside providers. Health care prepayment plans cover only part B services. Together, both types of plans enroll fewer than 2 percent of the Medicare population. Page 4 GAO/T-HEHS-97-165 Medicare: Control Over Fraud and Abuse Remains Elusive the case for prosecution. If an indictment, and finally, a conviction are obtained, further work is necessary to establish administrative sanctions and recover overpayments. Thus, although the mechanics to pursue Medicare fraud are in place, the high level of resources and interagency coordination required for case development can stall the pursuit of a case at many junctures and delay the resolution of a case for many years. HCFA relies on payment safeguards that consist largely of contractors’ Medicare’s efforts to detect improprieties both before and after claims have been Anti-Fraud-and-Abuse paid. In addition to complaints contractors receive from beneficiaries, Efforts Consist detection efforts include prepayment reviews of providers’ claims, and postpayment analyses, such as reviews of claims data and audits of Largely of provider costs. (See table 1.) Contractors’ Payment Safeguards Table 1: Medicare’s Controls to Detect Inappropriate Payments Control How it works Leads from beneficiaries Beneficiaries use Explanation of Medicare Benefits to alert Medicare of claims for services not provided, suspiciously high charges, or other indications of potential fraud. Prepayment review Computer edits check claims for compliance with such administrative requirements as the submission of all necessary information. Computer edits automatically deny claims that are duplicates of others already processed by that system. Computer screens suspend for manual review claims that do not appear to comply with medical necessity or coverage criteria. Postpayment review Focused medical review. Provider-targeted: Examining historical data, analysts compare providers’ claims against those of their peers to identify high billers; past or future claims of high billers may be targeted for more extensive review. Service-targeted: Analysts examine expenditure data to identify medical services for which spending has been unusually high; past or future claims for these services may be subjected to more intensive reviews. Comprehensive claims audit. Reviewers examine in greater depth providers’ billings found through leads from beneficiaries, focused medical review, or other sources to show irregularities. Audit of cost reports. Auditors verify the reasonableness of costs reported annually by institutional providers that are reimbursed on a cost basis. Page 5 GAO/T-HEHS-97-165 Medicare: Control Over Fraud and Abuse Remains Elusive Beneficiary Leads The Explanation of Medicare Benefits (EOMB), which is a notice to Generated From Payment beneficiaries detailing the services their provider billed for and Medicare Notices payment decisions, is one type of payment safeguard. Many fraud cases begin with beneficiary calls to Medicare contractors, HCFA, the HHS Inspector General, the Federal Bureau of Investigation, state licensing agencies, and professional associations. These calls, officially termed complaints, are often triggered by EOMBs that show providers’ bills for services never received, items never ordered, or suspiciously high charges for services or supplies received. Prepayment Claims One of Medicare’s key payment safeguard activities—performed by the Screening claims processing contractors—is the prepayment screening of claims for compliance with administrative billing procedures and medical coverage policies. Edits and screens are programmed into claims processing software that trigger the suspension of incomplete or erroneous claims. For example, if a provider’s billing number or beneficiary identification number is incomplete or otherwise incorrect, the computer automatically holds the claim until the data are corrected. Edits automatically deny duplicate claims. Screens will also halt processing when claims do not meet certain medical necessity or coverage conditions for payment. For example, a screen developed for echocardiography might suspend the processing of a claim for which the documented diagnosis was indigestion; in such a case, the claim would receive further review by contractor staff. Postpayment Review Another payment safeguard performed by contractor staff is postpayment review, which consists of efforts to detect irregularities. These efforts include (1) focused medical reviews, in which an examination of claims data focuses on either the billings of a particular provider or the expenditures for a particular service; (2) comprehensive audits of claims submitted by suspect providers; and (3) audits of providers’ cost reports. Postpayment reviews can lead to the strengthening of payment policies that in the future will disallow or reduce unwarranted Medicare reimbursements for certain services. Focused medical reviews involve reviewers examining claims data to find patterns that deviate from a norm. For example, they look for aberrancies in an individual provider’s billing patterns by profiling, or identifying providers who bill for many more services per patient than their peers. Reviewers also look for aberrancies in expenditure data for a specific service or procedure largely by comparing the total amounts the Page 6 GAO/T-HEHS-97-165 Medicare: Control Over Fraud and Abuse Remains Elusive contractor spent for a particular service with spending in previous periods and with other contractors’ spending for that service. The outcome of focused medical reviews can include more comprehensive reviews, also called audits, of providers’ claims. Claims audits are typically conducted for providers whose billings have shown irregularities. In these cases, contractors review a sample of claims for the provider’s patients to determine whether services were appropriate—that is, medically necessary, covered by Medicare, and actually provided—and whether they were billed in compliance with Medicare rules. Audits are resource-intensive, often involving medical record reviews and patient and provider interviews. If audits disclose that Medicare has paid for unnecessary or inappropriate services, the contractor attempts to recover overpayments. Focused medical review also generates the information contractors need to decide which services need medical review policies, which in turn typically serve as the basis for developing a computerized medical necessity screen, as discussed earlier. With the exception of some national policies, contractors develop their own medical review policies to address “local” payment issues. For example, after examining several years of data on spending for foot care services, a contractor determined that total spending for foot care services increased fourfold—from about $470,000 to about $1.8 million in a 3-year period. From this and other postpayment review information, the contractor developed a medical review policy covering foot care under certain conditions. This policy served as the basis for the contractor’s development of a computer software screen for foot care services. Within a year, the contractor’s payments for foot care procedures dropped to about $620,000, or a third of what had been paid the previous year. Audits of cost reports submitted by providers paid under cost-based reimbursement are another postpayment review tool. Such providers—including hospital outpatient departments, skilled nursing facilities, and home health agencies—are reimbursed not on the basis of a fee schedule or the charge for a service but on the basis of the “reasonable” cost to provide the service. Reimbursement to such institutional providers occurs in several steps. First, Medicare contractors make “interim” payments based on the provider’s historical costs and current cost estimates. These payments help defray the ongoing costs of providing services to Medicare Page 7 GAO/T-HEHS-97-165 Medicare: Control Over Fraud and Abuse Remains Elusive beneficiaries. Second, at the end of each year, the providers submit reports that detail their operating costs throughout the preceding year and specify the share related to the provision of Medicare services. Using this information, intermediaries make interim adjustments to the payments made to the provider. Third, the intermediary can conduct either “desk audits” or more detailed reviews of the cost reports, including “field audits,” to determine the appropriate final payment amounts. Over the last 7 years, HCFA and its claims processing contractors have Budget Constraints struggled to carry out critical claims review and provider audit activities Have Weakened with a budget that, on a per-claim basis, was declining substantially. For Efforts to Review example, between 1989 and 1996, the number of Medicare claims climbed 70 percent to over 800 million, while during that same period, claims Claims, Deter Abuse review resources grew less than 11 percent. Adjusting for inflation and claims growth, the amount contractors could spend on review shrank from 74 cents to 48 cents per claim. (See fig I.1.) The deterioration of Medicare’s controls over home health payments exemplifies the effect of the inadequate funding of payment safeguards. Between 1988 and 1996, Medicare spending for home health care grew from $2.1 billion to $18 billion and by the year 2000 is projected to exceed $21 billion (see fig. I.2). Along with increasing expenditures, the number of home health agencies has also increased—from about 5,800 to over 9,000. However, as we reported in 1996, Medicare’s review of home health claims greatly decreased in the 1990s, despite the dramatic rise in home health care expenditures.3 Because of budgetary constraints in recent years, contractors’ reviews of home health claims plummeted from 62 percent in 1987 to a target of 3 percent in 1996.4 The infrequency of the intermediaries’ medical review of claims and limited physician involvement in overseeing home health agencies’ plans of care have made it nearly impossible to determine whether the beneficiary receiving home health services qualified for the benefit, needed the care being delivered, or even received the services being billed to Medicare. Also, because of the small percentage of claims selected for review, home health agencies that billed for noncovered services are much less likely to be identified than was the case a decade earlier. 3 Medicare: Home Health Utilization Expands While Program Controls Deteriorate (GAO/HEHS-96-16, Mar. 27, 1996). 4 Because the 3-percent target applied to all part A claims, the actual proportion of home health claims reviewed, which are a subset of part A claims, could actually be as low as 1 percent. Page 8 GAO/T-HEHS-97-165 Medicare: Control Over Fraud and Abuse Remains Elusive Similarly, the percentage of cost reports audited has declined; between 1991 and 1996, the chances that any institutional provider’s cost report would be subject to a detailed review fell from about 1 in 6 to about 1 in 13. Because of the time needed to schedule and conduct audits, intermediaries can take 2 years or more to reach a final settlement. Tentative settlements that differ substantially from the amount ultimately determined to be due a provider cause underpayments or excessive payments that can remain outstanding for 2 years or more. Concern about home health fraud and abuse is not new. Nearly two decades ago, HCFA began gathering information that this Subcommittee used to launch a review in 1981 of certain home health agencies operating in the Chicago metropolitan area. The findings and recommendations of the Subcommittee’s 1981 report still resonate today. Among the recommendations made in 1981, several are particularly germane in light of current anti-fraud-and-abuse legislative activity, namely the Kassebaum-Kennedy legislation, and budget reconciliation provisions currently being considered by both houses of Congress: • The Subcommittee recommended not reducing intermediaries’ budgets for auditing home health agencies to keep pace with program growth. Medicare payment safeguard funding nevertheless did decline since 1989 until the passage of the Kassebaum-Kennedy legislation, which now ensures stable funding for program safeguards through 2003 and allows HCFA to count on stable funding in the coming years. However, per-claim expenditures for medical review and other controls will remain below the 1989 level after adjusting for inflation. • The Subcommittee noted that the government had no viable mechanism by which it could recoup overpayments. In a report just released, we suggested that the Congress consider directing HCFA to start a demonstration that would assess home health agencies found to be habitual abusive billers for the costs of performing the follow-up audit work required to estimate overpayment amounts.5 • The Subcommittee recommended that, to recoup overpayments, HCFA regulations require bonding of new agencies and agencies found to be habitual abusers and that HCFA expedite its promulgation of these regulations. The regulations, however, were never finalized. The budget reconciliation bill proposes that certain providers billing Medicare, including home health agencies, post a surety 5 See Medicare: Need to Hold Home Health Agencies More Accountable for Inappropriate Billings (GAO/HEHS-97-108, June 13, 1997). Page 9 GAO/T-HEHS-97-165 Medicare: Control Over Fraud and Abuse Remains Elusive bond for at least $50,000. This would make bonding a statutory requirement rather than an option left to HCFA’s discretion. Independent of the question of adequate funding is the issue of whether Management available safeguard dollars are being used as effectively as possible. HCFA Problems Also Affect has not taken full advantage of the controls contractors could use to Payments and screen for inappropriate claims. Moreover, despite deficiencies that might have been corrected in Medicare’s current claims processing systems, HCFA Operations has concentrated its management efforts on the development of a new system. HCFA Has Not Routinely One chronic problem is that HCFA has not coordinated contractors’ Made Available to payment safeguard activities. For example, as was planned when the Contractors Information program was set up, part B carriers establish their own medical policies and screens, which are the criteria used to identify claims that may not be on Effective Payment eligible for payment. Certain policies and the screens used to enforce them Controls have been effective in helping some Medicare carriers avoid making unnecessary or inappropriate payments. However, the potential savings from having these policies and screens used by other carriers have been lost, as HCFA has not adequately coordinated their use among carriers. For example, as we reported in 1996, for just 6 of Medicare’s top 200 most costly services in 1994, the use of certain carriers’ medical policy screens by all of Medicare’s carriers could have saved millions to hundreds of millions of dollars annually.6 However, HCFA has not led in this area and the opportunity to avoid significant Medicare expenditures has been lost. (See fig. I.3.) Information Management HCFA’s unsatisfactory management of a major systems acquisition Problems Slow Efforts to project—MTS—has serious consequences for the ability of HCFA and its Uncover Fraud and Abuse contractors to improve fraud and abuse monitoring activities. Ideally, as we reported in 1994,7 a system like MTS would allow “on-line” claims processing, enabling contractors’ systems to compare claims against other claims already submitted on behalf of the beneficiary, other claims submitted by the provider, and other claims for the same procedure or item. Without this capability, contractors’ processing systems are not 6 Medicare: Millions Can Be Saved by Screening for Overused Services (GAO/HEHS-96-49, Jan. 30, 1996). 7 Medicare: New Claims Processing System Benefits and Acquisition Risks (GAO/HEHS/AIMD-94-79, Jan. 25, 1994). Page 10 GAO/T-HEHS-97-165 Medicare: Control Over Fraud and Abuse Remains Elusive programmed to screen for suspiciously large increases in reimbursements over a short period or improbable quantities of services claimed for a single day of care. The following examples cited in our previous work highlight the problem: • In the fourth quarter of 1992, a Medicare contractor paid a supplier $211,900 for surgical dressing claims. For the same quarter a year later, the contractor paid the same supplier more than $6 million without becoming suspicious, despite the 2,800-percent increase in the amount paid. • A contractor paid claims for a supplier’s body jackets8—with no questions asked—that averaged about $2,300 per quarter for five consecutive quarters and then jumped to $32,000, $95,000, $235,000, and $889,000 over the next four quarters. • A contractor reimbursed a clinical psychology group practice for individual psychotherapy visits of 45 to 50 minutes. Three psychologists in the group were billing for, and allegedly seeing, from 17 to 42 nursing facility patients per day. On many days, the leading biller of this group would have had to work more than 24 uninterrupted hours to provide the services he claimed. • A contractor paid a podiatrist $143,580 for performing surgical procedures on at least 4,400 nursing facility patients during a 6-month period. For these services to be legitimate, the podiatrist would have had to serve at least 34 patients a day, 5 days a week. In the last two cases cited, the contractors did not become suspicious until they received complaints from family members and beneficiaries themselves. This failure to discover unusual increases or unusually high amounts billed by a particular provider or for a particular service or supply item makes Medicare vulnerable to billing schemes. MTS was also expected to, among other things, provide on-line access to beneficiary patient histories. Currently, Medicare’s part A and part B systems are incompatible, making it difficult to spot schemes that involve billing both parts for the same service. Specifically, Medicare’s discrete part A and part B processing systems are not designed to easily identify, on-line, all of the medical services and devices billed on behalf of an individual beneficiary. As a result, providers can improperly bill both parts with little danger of detection. In our 1995 review of medical supply payments, for example, we noted that the same supply item can be billed on behalf of an individual beneficiary to both an intermediary and a 8 A body jacket is a custom-fitted spinal brace made of a rigid plastic material that conforms to the body and largely immobilizes it. Page 11 GAO/T-HEHS-97-165 Medicare: Control Over Fraud and Abuse Remains Elusive carrier.9 We found instances of duplicate payments and noted that contractors lacked effective tests to determine whether both carriers and intermediaries paid for the same items. The HHS Inspector General has reported similar problems with payments for other services, such as ambulance transportation and diagnostic laboratory tests.10 The promise of MTS, however, could be delayed indefinitely. We recently reported that, in the 5 years between 1992 and 1997, estimated MTS development and implementation costs have jumped sevenfold from $151 million to about $1 billion.11 This is symptomatic of various project management weaknesses we have previously reported, namely, that HCFA had not completely defined its requirements 2 years after awarding a systems development contract; HCFA’s MTS development schedule has had significant overlap among the various system-development phases, increasing the risk that incompatibilities and delays will occur; and HCFA has not adequately managed MTS as an investment as evidenced by the lack of a satisfactory cost-benefit analysis or consideration of viable alternatives. After major problems and delays with its MTS development contract, HCFA announced on April 4, 1997, that it was halting all MTS fee-for-service software development for 90 days. As a transitional step to MTS, HCFA has begun consolidating its three intermediary part A systems and six carrier part B systems into one part A claims system and one part B claims system. Having a single system for each part will allow better editing of claims, but it does not provide some of the benefits that were expected from MTS. Among these are the on-line capability to identify, before payment is made, whether (1) an item or service billed to part A has also been billed to part B and vice versa and (2) a billed item or service is consistent with the other items and services billed on behalf of an individual. The fate of MTS remains uncertain. HCFA officials said they would use the 90-day period to examine alternative methods for achieving their MTS goals. 9 Medicare: Excessive Payments for Medical Supplies Continue Despite Improvements (GAO/HEHS-95-171, Aug. 8, 1995). 10 Ambulance Services for Medicare End-Stage Renal Disease Beneficiaries: Medical Necessity, OEI-03-90-02130 (Washington, D.C.: HHS Office of Inspector General, Aug. 17, 1994); Ambulance Services for Medicare End-Stage Renal Disease Beneficiaries: Payment Practices, OEI-03-90-02131 (Washington, D.C.: HHS Office of Inspector General, Mar. 9, 1994); and Review of Separately Billable End-Stage Renal Disease Laboratory Tests, #A-01-96-00513 (Washington, D.C.: HHS Office of Inspector General, Oct. 1, 1996). 11 For a detailed account of MTS costs and development problems, see Medicare Transaction System: Success Depends Upon Correcting Critical Managerial and Technical Weaknesses (GAO/AIMD-97-78, May 16, 1997). Page 12 GAO/T-HEHS-97-165 Medicare: Control Over Fraud and Abuse Remains Elusive Some have argued that moving beneficiaries into managed care—that is, Ineffective Oversight into a “claimless” environment—would eliminate problems of fraud and Leaves Beneficiaries abuse. Unlike fee-for-service providers, physicians, hospitals, and other Vulnerable to HMO providers do not submit a per-service claim for reimbursement. Instead, they are paid by the HMO, which in turn is paid a monthly amount by Quality Problems Medicare for each beneficiary enrolled. However, our work shows that another set of problems exists in Medicare’s managed care program, which enrolls more than 10 percent of Medicare’s 39 million beneficiaries and is growing by about 85,000 beneficiaries per month. Under managed care, where fixed monthly payments are made per beneficiary rather than per service, strategies to exploit Medicare are based on the incentive to underserve rather than overserve the beneficiary. Risk contract HMOs, Medicare’s principal managed care option, can offer an attractive alternative to the traditional fee-for-service program because risk HMOs typically cover additional benefits and cost beneficiaries less money. However, in recent years, we have reported that some Medicare HMOs have not complied with federal standards and that HCFA’s monitoring of these HMOs has been weak. For example, in 1995, we reported that, despite efforts to improve its HMO monitoring, HCFA conducted only paper reviews of HMOs’ quality assurance plans, examining only the description rather than the implementation of HMOs’ quality assurance processes.12 Moreover, HCFA was reluctant to take action against noncompliant HMOs, even when there was a history of abusive sales practices, delays in processing beneficiaries’ appeals of HMO decisions to deny coverage, or poor-quality care. In a 1996 report, we discussed the value of releasing HMO performance data to Medicare beneficiaries as having the potential to reduce the occurrence of abusive marketing practices.13 We found that cases developed from beneficiary complaints and other HCFA documentation revealed violations of Medicare regulations prohibiting certain marketing practices, such as activities that mislead, confuse, or misrepresent. Some examples follow: • At least 20 beneficiaries were inappropriately enrolled in an HMO after attending the same sales seminar in August 1995. The beneficiaries thought they were signing up to receive more information but later discovered the sales agent had enrolled them in the plan. 12 Medicare: Increased HMO Oversight Could Improve Quality and Access to Care (GAO/HEHS-95-155, Aug. 3, 1995). 13 Medicare: HCFA Should Release Data to Aid Consumers, Prompt Better HMO Performance (GAO/HEHS-97-23, Oct. 22, 1996). Page 13 GAO/T-HEHS-97-165 Medicare: Control Over Fraud and Abuse Remains Elusive • In January 1995, a beneficiary was notified by his medical group before an appointment that he was now enrolled in another plan. The beneficiary had no idea how this could be, as he had not intended to change plans. Though the beneficiary signs with an “X,” the new enrollment application was signed with a legible cursive signature. HCFA reenrolled the beneficiary in his former plan but took no action against the plan or the sales agent. • One plan’s marketing activities resulted in enrolling an 81-year-old woman. In the first months of membership, she visited her doctor, who was in the plan’s provider network. When she later visited a non-network physician who had also been one of her regular providers, Medicare denied her claims because of her HMO enrollment. She then requested to disenroll and told HCFA that if she had understood the requirement to visit specific providers, she would not have enrolled in the HMO. HCFA disenrolled her from the plan effective with her use of non-network providers. Despite many beneficiary complaints, HCFA does not take advantage of opportunities to use market forces to prod competitors to offer better quality services. HCFA collects, but does not systematically or routinely analyze, data on HMO activities that could be used to measure performance. Putting these data in the hands of beneficiaries could allow them to identify and select plans with better records and give HMOs incentives to improve their performance. For example, in our 1996 study, we examined HCFA data on HMO disenrollments—rates at which Medicare beneficiaries quit their HMOs and join other plans or return to fee-for-service Medicare—as an indicator of beneficiary satisfaction. In the Miami market, for example, we found that in 1995 at one HMO only about 3 of every 25 beneficiaries disenrolled, whereas at another HMO more than 3 of every 10 beneficiaries disenrolled. We reported that these statistics, particularly in combination with complaint data, could help identify HMOs whose sales agents mislead or fail to adequately educate new enrollees. (See fig. I.4.) In the case of one Florida HMO, for example, HCFA found—in 1991, 1992, 1994, and 1996—some combination of deficiencies in marketing, enrollment, quality assurance systems, grievance and appeals procedures, and access to health services. Despite the repeated findings of standards violations at this HMO, HCFA’s strongest regulatory action was to require, after each inspection, a corrective action plan. HCFA did not provide Miami area beneficiaries with information on the inspection findings; at the same time, Medicare beneficiaries continued to enroll and disenroll in this plan. Page 14 GAO/T-HEHS-97-165 Medicare: Control Over Fraud and Abuse Remains Elusive With the passage of the Kassebaum-Kennedy legislation known as HIPAA, Recent Legislative the Congress recently provided important new resources and tools to fight Activity Addresses health care fraud and abuse. To inform the Congress on the progress of Aspects of Medicare HIPAA’s implementation, we have begun monitoring HCFA’s and the HHS Inspector General’s efforts to implement the act. The Congress is currently Fraud and Abuse considering additional provisions, as part of the budget reconciliation legislation, to further strengthen fraud reduction efforts. Legislative Activity Related HIPAA ensures stable funding and provides for other antifraud efforts, while to Fee-for-Service Medicare pending budget reconciliation legislation addresses additional aspects of fraud and abuse. HIPAA A key HIPAA provision ensures stable and gradually increasing funds earmarked for payment safeguard activities. HIPAA provides up to $440 million for program safeguards for this fiscal year, with budget increases scheduled in following years. For the year 2003 and beyond, HIPAA ensures funding of between $710 million and $720 million. However, as we have previously reported, by 2003, per-claim safeguard expenditures will be at about one-half the level of 1989 expenditures, after adjusting for inflation.14 Another HIPAA provision enables HCFA to contract with entities other than the insurers serving as Medicare intermediaries and carriers to conduct payment safeguard activities, including medical and utilization review and audits of cost reports. These contracts, intended to be awarded to entities with relevant expertise, may help improve the oversight of claims payment operations by enhancing data analysis capabilities and avoiding potential conflicts of interest with the contractor’s private business. HCFA does not yet have a target date for awarding program safeguard contracts, nor has it finalized related plans to implement this HIPAA provision. HIPAA also provides funding to HHS and the Department of Justice for combating health care fraud. For fiscal year 1997, the act provides an additional $104 million to these two departments, $70 million of which was specifically allocated to the Office of Inspector General. The remaining $34 million was divided between Justice, which received $24 million, and other HHS agencies, including HCFA, which received $1.8 million of these funds. 14 High-Risk Series: Medicare (GAO/HR-97-10, Feb. 1997). Page 15 GAO/T-HEHS-97-165 Medicare: Control Over Fraud and Abuse Remains Elusive According to HHS Inspector General officials, the Office of Inspector General will use its $70 million to, among other things, hire 250 additional investigators, auditors, lawyers, and other analysts to pursue fraudulent providers. The Office of Inspector General recently published its plan for continuing Operation Restore Trust, an initiative begun in 1995 in response to the rapid growth in Medicare’s spending for home health and nursing home services and medical equipment and supplies. This effort, conducted jointly by HHS and the Department of Justice, operated in five states and reported identifying almost $188 million in inappropriate payments in its 2 years of operation. In expanding Operation Restore Trust, the Inspector General has opened new investigative offices in six states this fiscal year. Officials also told us that, depending on its final budget, the office is planning to add another eight offices in fiscal year 1998. According to Department of Justice officials, Justice will use its $24 million to hire 120 new prosecutors who will devote their work exclusively to prosecuting health care fraud. Ninety of the new prosecutors will join U.S. Attorneys’ Offices nationwide. The remaining 30 will serve in Justice’s Civil and Criminal Divisions in Washington, D.C. The Department also intends to hire additional support staff, including paralegals, auditors, and other analysts. HIPAA also mandates the creation of a national data collection system reporting final adverse actions against health care providers. The system is intended to enable greater information-sharing among federal and state government agencies and health plans. According to Inspector General officials, the system is not likely to be fully operational for at least another 2 years. Pending Legislation Earlier we cited provisions in the pending budget reconciliation bill that address concerns about Medicare’s payments for home health services. In addition, the legislation contains various other provisions directed at Medicare fraud and abuse. Among these are the following: • A requirement to implement consolidated billing for nursing facility stays not covered by the new prospective payment system. Under such an arrangement, the nursing facility would have a greater incentive to monitor the care provided and the charges claimed by outside providers and suppliers. In past reports, we have also suggested consolidated billing for ancillary services provided in skilled nursing facilities.15 15 Fraud and Abuse: Providers Target Medicare Patients in Nursing Facilities (GAO/HEHS-96-18, Jan. 24, 1996). Page 16 GAO/T-HEHS-97-165 Medicare: Control Over Fraud and Abuse Remains Elusive • Authority to refuse to enter into Medicare agreements with individuals or entities convicted of felonies. This gives the Inspector General the opportunity to prevent convicted felons from becoming Medicare providers. • Requirement for providers to furnish key identification numbers. Medicare providers must furnish HHS with the Social Security and employer identification numbers for themselves and their owners, individuals with a controlling interest, and subcontractors in which the provider has an ownership interest. As we discussed in our March 1997 report on Medicaid providers, this would allow HCFA to trace problem providers through related health care organizations and better ensure that excluded individuals are not paid by the program.16 Legislative Activity Related A recent legislative proposal, cosponsored by you, Madam Chairman, to Medicare Managed Care would help make information about beneficiary satisfaction with Medicare managed care plans publicly available. Among other things, the bill, S. 302, would require Medicare HMOs to conduct consumer satisfaction surveys. It would also authorize grants to states and other organizations to disseminate information comparing benefits, quality and performance, cost information, and the results of the satisfaction surveys of Medicare managed care plans. Also, HIPAA gives HCFA more flexible sanction authority while providing HMOs the statutory right to greater procedural safeguards. In addition to existing authority to terminate an HMO’s contract if the HMO did not meet requirements, HCFA now has the option of imposing lesser sanctions, such as suspending the HMO’s right to enroll Medicare beneficiaries until the deficiencies are corrected. Many of Medicare’s vulnerabilities are inherent in its size and mission, Conclusions making it a perpetually attractive target for exploitation. That wrongdoers continue to find ways to dodge safeguards illustrates the dynamic nature of fraud and abuse and the need for constant vigilance and increasingly sophisticated ways to protect against gaming the system. Judicious changes in Medicare’s day-to-day operations involving HCFA’s improved oversight and leadership, the mitigation of MTS acquisition risks, and HCFA’s appropriate application of new anti-fraud-and-abuse funds are necessary ingredients to reduce substantial future losses. Moreover, as Medicare’s 16 Medicaid Fraud and Abuse: Stronger Action Needed to Remove Excluded Providers From Federal Health Programs (GAO/HEHS-97-63, Mar. 31, 1997). Page 17 GAO/T-HEHS-97-165 Medicare: Control Over Fraud and Abuse Remains Elusive managed care enrollment grows, HCFA must enhance its efforts to see that beneficiaries receive sufficient information about HMOs to make informed choices, and that the agency’s authority to enforce HMO compliance with federal standards is used. To adequately safeguard the Medicare program, HCFA needs to meet these important challenges promptly. How HCFA will use the funding and authority provided under HIPAA to improve its vigilance over Medicare benefit dollars has not yet been determined. The outcome is largely dependent on how promptly and effectively HCFA implements the act’s provisions. As we have highlighted today, weak monitoring, poor coordination, and delays have characterized HCFA’s past efforts to oversee fee-for-service contractors, the MTS acquisition process, and Medicare managed care plans. Thus, even with the promise of HIPAA and the potential enactment of additional legislation, the prospects for HCFA’s success in combating Medicare fraud and abuse remain uncertain. Madam Chairman and Members of the Subcommittee, this concludes my prepared remarks. I will be happy to answer any questions. Page 18 GAO/T-HEHS-97-165 Page 19 GAO/T-HEHS-97-165 Appendix Additional Data on Medicare Spending and Program Activities Figure I.1: Claims Reviews Have Not Matched the Growth in Medicare Claims Percentage of Claims Reviewed Has Dropped From 17% to 9% Claims (in Millions) 1,000 790 808 800 736 685 651 599 600 537 486 400 200 82 73 75 73 71 72 67 74 0 1989 1990 1991 1992 1993 1994 1995 1996 Claims Reviewed Page 20 GAO/T-HEHS-97-165 Appendix Additional Data on Medicare Spending and Program Activities Figure I.2: Rising Costs of Medicare Home Health Benefit Dollars in Billions 20 15 Hospital Issuance of Prospective Revised Payment System Guidelines 10 Omnibus Reconciliation Act of 1980 5 0 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 Year Figure I.3: Many Contractors Do Not Screen Claims for Costly Services Based on a Review of 17 Contractors in 1994 Contractors that have screens for the listed Medicare payments medical procedures Procedures (in millions) (percentage) Echocardiography $851 41% Eye exams $686 35% Chest x-rays $507 35% Colonoscopy $478 35% YAG laser surgery $325 18% Duplex scan of extracranial arteries $143 47% Page 21 GAO/T-HEHS-97-165 Appendix Additional Data on Medicare Spending and Program Activities Figure I.4: Annual Disenrollment in Medicare HMOs in Miami, 1995 PCA CareFlorida Humana Prudential CAC-United AV-Med Health Options 0 10 20 30 40 Percentage of Members Disenrolling Page 22 GAO/T-HEHS-97-165 Page 23 GAO/T-HEHS-97-165 Related GAO Products Medicare: Need to Hold Home Health Agencies More Accountable for Inappropriate Billings (GAO/HEHS-97-108, June 13, 1997). Medicare Transaction System: Success Depends Upon Correcting Critical Managerial and Technical Weaknesses (GAO/AIMD-97-78, May 16, 1997) and related testimony entitled Medicare Transaction System: Serious Managerial and Technical Weaknesses Threaten Modernization (GAO/T-AIMD-97-91, May 16, 1997). Nursing Homes: Too Early to Assess New Efforts to Control Fraud and Abuse (GAO/HEHS-97-114, Apr. 16, 1997). Medicaid Fraud and Abuse: Stronger Action Needed to Remove Excluded Providers From Federal Health Programs (GAO/HEHS-97-63, Mar. 31, 1997). Medicare (GAO/HR-97-10, Feb. 1997) and related testimony entitled Medicare: Inherent Program Risks and Management Challenges Require Continued Federal Attention (GAO/T-HEHS-97-89, Mar. 4, 1997). Medicare: Home Health Utilization Expands While Program Controls Deteriorate (GAO/HEHS-96-16, Mar. 27, 1996). Medicare: Millions Can Be Saved by Screening Claims for Overused Services (GAO/HEHS-96-49, Jan. 30, 1996). Medicare Transaction System: Strengthened Management and Sound Development Approach Critical to Success (GAO/T-AIMD-96-12, Nov. 16, 1995). Medicare: Allegations Against ABC Home Health Care (GAO/OSI-95-17, July 19, 1995). Medicare: Commercial Technology Could Save Billions Lost to Billing Abuse (GAO/AIMD-95-135, May 5, 1995). Medicare Claims (GAO/HR-95-8, Feb. 1995). Medicare: New Claims Processing System Benefits and Acquisition Risks (GAO/HEHS/AIMD-94-79, Jan. 25, 1994). Medicare Claims (GAO/HR-93-6, Dec. 1992). (101577) Page 24 GAO/T-HEHS-97-165 Ordering Information The first copy of each GAO report and testimony is free. Additional copies are $2 each. Orders should be sent to the following address, accompanied by a check or money order made out to the Superintendent of Documents, when necessary. VISA and MasterCard credit cards are accepted, also. Orders for 100 or more copies to be mailed to a single address are discounted 25 percent. Orders by mail: U.S. General Accounting Office P.O. Box 6015 Gaithersburg, MD 20884-6015 or visit: Room 1100 700 4th St. NW (corner of 4th and G Sts. NW) U.S. General Accounting Office Washington, DC Orders may also be placed by calling (202) 512-6000 or by using fax number (301) 258-4066, or TDD (301) 413-0006. Each day, GAO issues a list of newly available reports and testimony. To receive facsimile copies of the daily list or any list from the past 30 days, please call (202) 512-6000 using a touchtone phone. A recorded menu will provide information on how to obtain these lists. For information on how to access GAO reports on the INTERNET, send an e-mail message with "info" in the body to: firstname.lastname@example.org or visit GAO’s World Wide Web Home Page at: http://www.gao.gov PRINTED ON RECYCLED PAPER United States Bulk Rate General Accounting Office Postage & Fees Paid Washington, D.C. 20548-0001 GAO Permit No. G100 Official Business Penalty for Private Use $300 Address Correction Requested
Medicare: Control Over Fraud and Abuse Remains Elusive
Published by the Government Accountability Office on 1997-06-26.
Below is a raw (and likely hideous) rendition of the original report. (PDF)