United States General Accounting Office GAO Testimony Before the Subcommittee on Health, Committee on Ways and Means, House of Representatives For Release on Delivery Expected at 10:00 a.m. Thursday, October 9, 1997 MEDICARE Recent Legislation to Minimize Fraud and Abuse Requires Effective Implementation Statement of William J. Scanlon, Director Health Financing and Systems Issues Health, Education, and Human Services Division GAO/T-HEHS-98-9 Medicare: Recent Legislation to Minimize Fraud and Abuse Requires Effective Implementation Mr. Chairman and Members of the Subcommittee: We are pleased to be here as you discuss recent legislative efforts to address fraud and abuse in the Medicare program. In response to heightened concern about the exploitation of Medicare, the Congress enacted as part of the Balanced Budget Act of 1997 (BBA) (P.L. 105-33) a number of provisions designed to control fraud and abuse. At your request, we have sent correspondence to the Subcommittee today that discusses the provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (P.L. 104-191) and BBA that address anti-fraud-and-abuse recommendations that we and the Inspector General of the Department of Health and Human Services (HHS) have made.1 We also included in the correspondence our remaining open recommendations and those from the Inspector General. In noting the comprehensive legislation that the Congress enacted, in part, to grapple with program fraud and abuse, my statement today focuses on the work it will likely take to realize the potential benefits of HIPAA and BBA in three areas—in traditional fee-for-service Medicare, the new Medicare+Choice plans, and information management systems. My remarks are based on the work we have done to prepare today’s correspondence and relevant GAO studies. (See the list of related products at the end of this statement.) In summary, both HIPAA and BBA directly address Medicare fraud and abuse and provide opportunities to improve program management. Both acts offer civil and criminal penalties. They also introduce opportunities to deploy new program safeguards. For example, on the fee-for-service side of the program, BBA introduces prospective payment methods for skilled nursing facility and home health services, in part to halt opportunists from overbilling Medicare. These are among Medicare’s fastest-growing components: From 1989 to 1996, spending for home health care and skilled nursing facility care averaged, respectively, a 33-percent and 22-percent annual rise. HIPAA also ensures a stable source of funding for anti-fraud-and-abuse activities, authorizes HCFA to contract for improved claims reviews, enhances law enforcement coordination, and calls for data collection improvements. On the managed care side, BBA’s Medicare+Choice program, which broadens beyond health maintenance organizations (HMO) the private health plans available to Medicare beneficiaries, includes several provisions addressing the marketing, 1 Medicare Fraud and Abuse: Summary and Analysis of Reforms in the Health Insurance Portability and Accountability Act of 1996 and the Balanced Budget Act of 1997 (GAO/HEHS-98-18R, Oct. 9, 1997). Page 1 GAO/T-HEHS-98-9 Medicare: Recent Legislation to Minimize Fraud and Abuse Requires Effective Implementation enrollment, and quality of care issues raised in our reports and those of the Inspector General. As always, however, the success of any reform legislation is contingent on its implementation. The Congress has provided HHS and the Health Care Financing Administration (HCFA), the Department’s administrator of the Medicare program, with many new statutory requirements governing traditional fee-for-service Medicare; some require little effort to carry out, whereas others, such as prospective payment system development, will require extensive time and resources to implement effectively. In addition, the Medicare+Choice program will add considerably to HCFA’s private plan monitoring workload. Finally, the project to modernize Medicare’s claims processing systems, which are at the core of many fraud and abuse detection efforts, has recently been halted. This brings into question the ability of HCFA and its contractors to perform expeditiously the data-intensive analyses needed to spot and counteract abusive billing schemes. HCFA agrees that the tasks associated with implementing HIPAA and BBA mandates are considerable and plans to report routinely to HHS officials and to the Congress on HCFA’s progress implementing the legislation. As we stated in our 1997 High-Risk Series report on Medicare, fraudulent and abusive schemes are inherently dynamic, as unprincipled entrepreneurs continually seek ways to dodge program safeguards.2 As a result, fortifying Medicare against fraud and abuse will require a concerted and ongoing effort by Medicare program managers and federal law enforcement agencies to keep pace with new attempts to exploit the program. It will also likely require additional congressional oversight to encourage timely and effective program management. Established under the Social Security Amendments of 1965, Medicare is a Background two-part program: (1) “hospital insurance,” or part A, which covers inpatient hospital services and skilled nursing facility, hospice, and home health care services, and (2) “supplementary medical insurance,” or part B, which covers physician and outpatient hospital services, diagnostic tests, and ambulance and other medical services and supplies. In fiscal year 1997, part A will have covered an estimated 38.1 million aged and disabled beneficiaries, including those with chronic kidney disease. Total outlays for parts A and B are estimated at $212 billion for fiscal year 1997. 2 High-Risk Series: Medicare (GAO/HR-97-10, Feb. 1997). Page 2 GAO/T-HEHS-98-9 Medicare: Recent Legislation to Minimize Fraud and Abuse Requires Effective Implementation In Medicare’s fee-for-service program, which is used by almost 90 percent of the program’s beneficiaries, physicians, hospitals, and other providers submit claims for services rendered to Medicare beneficiaries. HCFA administers the fee-for-service program largely through claims processing contractors. Insurance companies—like Blue Cross and Blue Shield plans, Mutual of Omaha, and CIGNA—process and pay Medicare claims, which totaled an estimated 900 million in fiscal year 1997. As Medicare contractors, these companies use federal funds to pay health care providers and beneficiaries and are reimbursed for the administrative expenses incurred in performing the Medicare work. Over the years, HCFA has consolidated some of Medicare’s operations, and the number of contractors has fallen from a peak of about 130 to about 65 in 1997. Generally, intermediaries are the contractors that handle claims submitted by “institutional providers” (hospitals, skilled nursing facilities, hospices, and home health agencies); carriers generally handle claims submitted by physicians, laboratories, equipment suppliers, and other practitioners. HCFA has guarded against inappropriate payments largely through contractor-managed operations, leaving the intermediaries and carriers broad discretion over how to protect Medicare program dollars. As a result, contractors’ implementation of Medicare payment safeguard policies varies significantly. Medicare’s managed care program covers a growing number of beneficiaries—more than 5 million as of September 1997—who have chosen to enroll in a prepaid health plan rather than purchase medical services from individual providers. The managed care program, which is funded from both the part A and part B trust funds, consists mostly of risk contract HMOs that enrolled nearly 5 million Medicare beneficiaries as of September 1997.3 Medicare pays these HMOs a monthly amount, fixed in advance, for each beneficiary enrolled. In this sense, the HMO has a “risk” contract because regardless of what it spends for each enrollee’s care, the HMO assumes the financial risk of providing health care in return for the payments received. An HMO profits if its cost of providing services is lower than the predetermined payment but loses if its cost is higher than the payment. 3 The Medicare managed care program also includes cost contract HMOs and health care prepayment plans. Cost contract HMOs allow beneficiaries to choose health services from their HMO network or outside providers. Health care prepayment plans may cover only part B services. Together, both types of plans enroll fewer than 2 percent of the Medicare population. Page 3 GAO/T-HEHS-98-9 Medicare: Recent Legislation to Minimize Fraud and Abuse Requires Effective Implementation The Congress provided important new resources and tools to fight health Implementing New care fraud and abuse when it enacted HIPAA and BBA. To address problems Laws Affecting in traditional fee-for-service Medicare, various provisions require HCFA to Fee-for-Service change outmoded payment methods, largely by establishing new prospective payment systems and by imposing fee caps, reductions, and Medicare Will Require updates to contain unnecessary expenditures. Certain provisions offer the Sustained Effort to potential to improve claims reviews—mandating specific increases in reviews and providing HCFA new contracting authority to acquire technical Realize Benefits expertise. Enactment of the legislation represents an important first step toward the realization of program integrity goals. As we have noted in previous testimony, the legislation process sets forth the broad concepts while the administering agencies implement the legislation through planning, design, and execution.4 In the case of HIPAA, now more than a year old, HCFA and the HHS Inspector General have been developing plans on many fronts, but actual implementation is just beginning. In the case of BBA, less than 3 months old, the “to-do” list is long. Three examples relating to both acts illustrate the situation. First, HIPAA, enacted over a year ago, grants HCFA the authority to use contractors other than the insurers serving as Medicare intermediaries and carriers to conduct medical and utilization review, audit cost reports, and carry out other program safeguard activities. The purpose is to enhance HCFA’s oversight of claims payment operations by increasing contractor accountability, enhancing data analysis capabilities, and avoiding potential contractor conflicts of interest. HCFA’s target date for awarding the first program safeguard contract is in fiscal year 1999, more than a year from now. HCFA officials are preparing for public comment a notice of proposed rulemaking that would ultimately govern the selection of contractors to perform safeguard functions, but they are not able to specify when the contract award rules will be final. Second, to allow greater information-sharing among federal and state government agencies and health plans, HIPAA mandates the creation of a national data collection program under which information on final adverse actions against health care providers will be maintained. Officials from the Office of the Inspector General are working with the Health Resources and Services Administration to develop the database. On the basis of past 4 “Administration’s Proposed Budget Cuts Affecting the Medicare Program,” hearing before the House Subcommittee on Health, Committee on Ways and Means, March 2 and June 15, 1982, serial 97-53, pp. 331-38. Page 4 GAO/T-HEHS-98-9 Medicare: Recent Legislation to Minimize Fraud and Abuse Requires Effective Implementation experiences with database development, it could be several years before the system can be fully operational. Distinct from its predecessor system, the National Provider Data Bank, this data collection program is expected to maintain information on civil judgments, criminal convictions, licensing and certification actions on suppliers and providers, exclusions, and other adjudicated adverse actions—involving the collection of data from state and local governments. The program must also be self-supporting, requiring market research to assess the needs and preferences of potential users. Finally, because existing federal and state statutes and regulations may impede the collection and dissemination of the information required, new federal regulations may be necessary, requiring the publication of proposed rules, a 60-day period for receipt of public comments, and an indeterminate period for making the regulations final. Third, BBA requires the implementation of several prospective payment systems to replace cost-based reimbursement methods. Depending on their design, prospective payment systems can remove the incentive to provide services unnecessarily. For example, prospective payment for skilled nursing facilities (SNF) should make it more difficult to increase payments by manipulating Medicare’s billing rules for ancillary services provided to beneficiaries in these facilities, an issue often raised in our reports and testimonies. However, a considerable amount of work will be involved. Establishing rates that will enable efficient providers to furnish adequate services without overcompensating them will require (1) accounting for the varying needs of patients for routine and ancillary services and (2) collecting reliable cost and utilization data to compute the rates and the needed health status adjustment factors. Earlier this year in testimony before this Committee on prospective payment proposals, we suggested that HCFA use the results of audits of a projectable sample of SNF cost reports when setting base rates to avoid incorporating the inflated costs found in the HHS Inspector General’s reviews of SNF cost reports. We also discussed the need for systems to adequately monitor prospective payments to help ensure that providers do not skimp on services to increase profits at the expense of quality care.5 In general, reforming payment methods entails developing payment methodology components that require data-intensive studies, developing the implementing regulations, publishing the proposed regulations for 5 Medicare Post-Acute Care: Cost Growth and Proposals to Manage It Through Prospective Payment and Other Controls (GAO/T-HEHS-97-106, Apr. 9, 1997). Page 5 GAO/T-HEHS-98-9 Medicare: Recent Legislation to Minimize Fraud and Abuse Requires Effective Implementation public comment, and issuing final regulations. For example, it took HCFA 4 years—from the time a task force was established in 1993—to issue proposed salary guideline regulations for rehabilitation therapy services. To meet the requirements of BBA, HCFA will have to develop, concurrently, separate prospective payment systems for services delivered through inpatient rehabilitation facilities, home health agencies, skilled nursing facilities, and hospital outpatient departments. Developing prospective payment systems, moreover, represents only a fraction of the design and implementation work that HIPAA and BBA require. Conducting demonstration projects and reporting to the Congress constitute another portion of work mandated by the legislation. Among the more challenging of BBA’s provisions to implement are those Medicare’s New establishing the Medicare+Choice program, which expands beneficiaries’ Choice Plans Present private plan options to include preferred provider organizations (PPO), Unknown Challenges provider sponsored organizations (PSO), and private fee-for-service plans. It also makes medical savings accounts (MSA) available to a limited number for Program Managers of beneficiaries under a demonstration program. The reforms the Congress embodied in these provisions are major, helping Medicare adapt to and capitalize on changes in the health care market. However, each of these options will have to be carefully monitored to identify and correct vulnerabilities. Our observations of HCFA’s oversight of Medicare’s risk contract HMOs, which have been the chief alternative to traditional fee-for-service Medicare, raise concerns. In our 1997 High-Risk Series report, we noted that HCFA’s monitoring of HMOs has been historically weak. HCFA has allowed some plans with a history of abusive sales practices, delays in processing beneficiaries’ appeals of HMO decisions to deny coverage, and patterns of poor-quality care to receive little more than a slap on the wrist. We also noted that HCFA had done little to inform beneficiaries of HMO performance and did not publish available data on such satisfaction indicators as rapid disenrollment rates compared across Medicare HMOs within a given market.6 BBA addresses many of these problems. For example, the legislation calls for all Medicare+Choice plans to, among other things, obtain external review from an independent quality assurance organization, such as a peer review organization, that would assess such factors as the quality of the 6 Our in-depth study on this subject is entitled Medicare: HCFA Should Release Data to Aid Consumers, Prompt Better HMO Performance (GAO/HEHS-97-23, Oct. 22, 1996). Page 6 GAO/T-HEHS-98-9 Medicare: Recent Legislation to Minimize Fraud and Abuse Requires Effective Implementation plan’s inpatient and outpatient services and the adequacy of the plan’s response to written complaints about poor-quality care. These and other mandates should help improve oversight. The act also requires HHS to disseminate to all beneficiaries within a market area consumer information on the area’s Medicare+Choice plans, including, for example, disenrollment rates, health outcomes, and compliance with program requirements. Collectively, these consumer information requirements enlist market forces to help improve HMO performance. We remain concerned that HCFA will have to be attentive to new issues raised by expanded choice for beneficiaries. The implementation challenge for HCFA will be to strike a judicious balance between encouraging plan growth and development and adequately protecting beneficiaries’ quality of care. For example, under BBA, requirements for minimum enrollment levels—aimed at achieving an adequate spreading of risk to ensure a plan’s financial solvency—can be waived for new Choice plans in their first 3 years of operation. In addition, the recent authorization of higher HMO rates in rural areas may well increase the total number of risk contract HMOs. If the number of Medicare managed care organizations grows, HCFA may not be equipped to make site visits at the current rate of every other year. Finally, all the Medicare+Choice plans, including PPOs, PSOs, and private fee-for-service plans, will have to submit new marketing materials for HHS approval; with an escalating workload, however, these materials could be approved without adequate scrutiny. Under the law, marketing materials are approved automatically if HHS does not disapprove them within 45 days of their submission to the Department. Another implementation concern is related to HCFA’s information Delays in Modernizing management systems. As you know, HCFA’s major project to modernize its Medicare’s Claims information systems—the Medicare Transaction System (MTS)—all but Processing Systems collapsed as of August 15, 1997.7 This is a significant setback for HCFA’s efforts to prevent and detect fraud and abuse. For example, HCFA intended Could Hamper MTS to replace nine separate automated information systems with a single, Program Integrity unified system. It was expected to provide an on-line database that could integrate data on part A and part B services and payments that are Efforts currently stored separately. Ideally, such a system would enable the comparison of claims against other claims already submitted on behalf of the beneficiary, other claims submitted by the provider, and other claims for the same procedure or item. Work is still underway to develop a new 7 On that day, an internal HCFA memo was issued stating, “Today, HCFA formally notified GTE of our decision to close down the contract by January 1998. This contract action results from the stop work order that we issued to GTE on April 4, 1997.” Page 7 GAO/T-HEHS-98-9 Medicare: Recent Legislation to Minimize Fraud and Abuse Requires Effective Implementation system for collecting payment and other information related to risk contract HMOs, but the MTS contract has been terminated. HCFA is in the process of consolidating its nine separate systems into one part A claims system and one part B claims system. While having a single system for each part should allow better claims editing, it would not provide all the benefits that had been expected from MTS, including the ability to ensure routinely, before payments are made, that an item or service billed to part A has not also been billed to part B and vice versa. Other anti-fraud-and-abuse software development discussed in our High-Risk report—namely, algorithms under development by the Los Alamos National Laboratory for generating prepayment claims screens and commercial off-the-shelf software controls being tested at one contractor—are years away from implementation nationwide.8 Aware of the need for agencywide coordination and planning to HCFA Dedicates Staff implement BBA’s multiple provisions, HCFA has established an to Implement BBA infrastructure to track and monitor the tasks associated with BBA Mandates mandates. Staff organized into functional teams will be led by a project management team tasked with reporting to agency executives, including the HCFA Administrator. According to a HCFA official, the agency has plans to keep Department officials and the Congress routinely informed of the agency’s progress. With the enactment of HIPAA and BBA, the Congress has provided significant Conclusions opportunities to strengthen several of Medicare’s areas of vulnerability. How HHS and HCFA will use the authority of HIPAA and BBA to improve its vigilance over Medicare benefit dollars remains to be seen. The outcome largely depends on how promptly and effectively HCFA implements the various provisions. HCFA’s past efforts to implement regulations, oversee Medicare managed care plans, and acquire a major information system have often been slow or ineffective. Now that many more requirements have been placed on HCFA, we are concerned that the promise of the new legislation to combat health care fraud and abuse could at best be delayed or not be realized at all without sustained efforts at implementation. Mr. Chairman, this concludes my statement. I will be happy to answer your questions. 8 For a more detailed discussion of this work, see Medicare Automated Systems: Weaknesses in Managing Information Technology Hinder Fight Against Fraud and Abuse (GAO/T-AIMD-97-176, Sept. 29, 1997). Page 8 GAO/T-HEHS-98-9 Page 9 GAO/T-HEHS-98-9 Page 10 GAO/T-HEHS-98-9 Page 11 GAO/T-HEHS-98-9 Related GAO Products Medicare Automated Systems: Weaknesses in Managing Information Technology Hinder Fight Against Fraud and Abuse (GAO/T-AIMD-97-176, Sept. 29, 1997). Medicare Home Health Agencies: Certification Process Is Ineffective in Excluding Problem Agencies (GAO/T-HEHS-97-180, July 28, 1997). Medicare: Control Over Fraud and Abuse Remains Elusive (GAO/T-HEHS-97-165, June 26, 1997}. Medicare: Need to Hold Home Health Agencies More Accountable for Inappropriate Billings (GAO/HEHS-97-108, June 13, 1997). Medicare Transaction System: Success Depends Upon Correcting Critical Managerial and Technical Weaknesses (GAO/AIMD-97-78, May 16, 1997). Nursing Homes: Too Early to Assess New Efforts to Control Fraud and Abuse (GAO/T-HEHS-97-114, Apr. 16, 1997). Medicare Post-Acute Care: Cost Growth and Proposals to Manage It Through Prospective Payment and Other Controls (GAO/T-HEHS-97-106, Apr. 9, 1997). Medicaid Fraud and Abuse: Stronger Action Needed to Remove Excluded Providers From Federal Health Programs (GAO/HEHS-97-63, Mar. 31, 1997). High-Risk Series: Medicare (GAO/HR-97-10, Feb. 1997). Medicare: HCFA Should Release Data to Aid Consumers, Prompt Better HMO Performance (GAO/HEHS-97-23, Oct. 22, 1996). Medicare: Home Health Utilization Expands While Program Controls Deteriorate (GAO/HEHS-96-16, Mar. 27, 1996). Medicare Transaction System: Strengthened Management and Sound Development Approach Critical to Success (GAO/T-AIMD-96-12, Nov. 16, 1995). Medicare: Commercial Technology Could Save Billions Lost to Billing Abuse (GAO/AIMD-95-135, May 5, 1995). (101598) Page 12 GAO/T-HEHS-98-9 Ordering Information The first copy of each GAO report and testimony is free. Additional copies are $2 each. Orders should be sent to the following address, accompanied by a check or money order made out to the Superintendent of Documents, when necessary. VISA and MasterCard credit cards are accepted, also. Orders for 100 or more copies to be mailed to a single address are discounted 25 percent. Orders by mail: U.S. General Accounting Office P.O. Box 37050 Washington, DC 20013 or visit: Room 1100 700 4th St. NW (corner of 4th and G Sts. NW) U.S. General Accounting Office Washington, DC Orders may also be placed by calling (202) 512-6000 or by using fax number (202) 512-6061, or TDD (202) 512-2537. Each day, GAO issues a list of newly available reports and testimony. To receive facsimile copies of the daily list or any list from the past 30 days, please call (202) 512-6000 using a touchtone phone. A recorded menu will provide information on how to obtain these lists. For information on how to access GAO reports on the INTERNET, send an e-mail message with "info" in the body to: email@example.com or visit GAO’s World Wide Web Home Page at: http://www.gao.gov PRINTED ON RECYCLED PAPER United States Bulk Rate General Accounting Office Postage & Fees Paid Washington, D.C. 20548-0001 GAO Permit No. G100 Official Business Penalty for Private Use $300 Address Correction Requested
Medicare: Recent Legislation to Minimize Fraud and Abuse Requires Effective Implementation
Published by the Government Accountability Office on 1997-10-09.
Below is a raw (and likely hideous) rendition of the original report. (PDF)