Medicare: Recent Legislation to Minimize Fraud and Abuse Requires Effective Implementation

Published by the Government Accountability Office on 1997-10-09.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                            United States General Accounting Office

GAO                         Testimony
                            Before the Subcommittee on Health, Committee on Ways
                            and Means, House of Representatives

For Release on Delivery
Expected at 10:00 a.m.
Thursday, October 9, 1997

                            Recent Legislation to
                            Minimize Fraud and Abuse
                            Requires Effective
                            Statement of William J. Scanlon, Director
                            Health Financing and Systems Issues
                            Health, Education, and Human Services Division

Medicare: Recent Legislation to Minimize
Fraud and Abuse Requires Effective
               Mr. Chairman and Members of the Subcommittee:

               We are pleased to be here as you discuss recent legislative efforts to
               address fraud and abuse in the Medicare program. In response to
               heightened concern about the exploitation of Medicare, the Congress
               enacted as part of the Balanced Budget Act of 1997 (BBA) (P.L. 105-33) a
               number of provisions designed to control fraud and abuse. At your
               request, we have sent correspondence to the Subcommittee today that
               discusses the provisions of the Health Insurance Portability and
               Accountability Act of 1996 (HIPAA) (P.L. 104-191) and BBA that address
               anti-fraud-and-abuse recommendations that we and the Inspector General
               of the Department of Health and Human Services (HHS) have made.1 We
               also included in the correspondence our remaining open
               recommendations and those from the Inspector General.

               In noting the comprehensive legislation that the Congress enacted, in part,
               to grapple with program fraud and abuse, my statement today focuses on
               the work it will likely take to realize the potential benefits of HIPAA and BBA
               in three areas—in traditional fee-for-service Medicare, the new
               Medicare+Choice plans, and information management systems. My
               remarks are based on the work we have done to prepare today’s
               correspondence and relevant GAO studies. (See the list of related products
               at the end of this statement.)

               In summary, both HIPAA and BBA directly address Medicare fraud and abuse
               and provide opportunities to improve program management. Both acts
               offer civil and criminal penalties. They also introduce opportunities to
               deploy new program safeguards. For example, on the fee-for-service side
               of the program, BBA introduces prospective payment methods for skilled
               nursing facility and home health services, in part to halt opportunists from
               overbilling Medicare. These are among Medicare’s fastest-growing
               components: From 1989 to 1996, spending for home health care and skilled
               nursing facility care averaged, respectively, a 33-percent and 22-percent
               annual rise. HIPAA also ensures a stable source of funding for
               anti-fraud-and-abuse activities, authorizes HCFA to contract for improved
               claims reviews, enhances law enforcement coordination, and calls for data
               collection improvements. On the managed care side, BBA’s
               Medicare+Choice program, which broadens beyond health maintenance
               organizations (HMO) the private health plans available to Medicare
               beneficiaries, includes several provisions addressing the marketing,

               Medicare Fraud and Abuse: Summary and Analysis of Reforms in the Health Insurance Portability and
               Accountability Act of 1996 and the Balanced Budget Act of 1997 (GAO/HEHS-98-18R, Oct. 9, 1997).

               Page 1                                                                        GAO/T-HEHS-98-9
             Medicare: Recent Legislation to Minimize
             Fraud and Abuse Requires Effective

             enrollment, and quality of care issues raised in our reports and those of
             the Inspector General.

             As always, however, the success of any reform legislation is contingent on
             its implementation. The Congress has provided HHS and the Health Care
             Financing Administration (HCFA), the Department’s administrator of the
             Medicare program, with many new statutory requirements governing
             traditional fee-for-service Medicare; some require little effort to carry out,
             whereas others, such as prospective payment system development, will
             require extensive time and resources to implement effectively. In addition,
             the Medicare+Choice program will add considerably to HCFA’s private plan
             monitoring workload. Finally, the project to modernize Medicare’s claims
             processing systems, which are at the core of many fraud and abuse
             detection efforts, has recently been halted. This brings into question the
             ability of HCFA and its contractors to perform expeditiously the
             data-intensive analyses needed to spot and counteract abusive billing
             schemes. HCFA agrees that the tasks associated with implementing HIPAA
             and BBA mandates are considerable and plans to report routinely to HHS
             officials and to the Congress on HCFA’s progress implementing the

             As we stated in our 1997 High-Risk Series report on Medicare, fraudulent
             and abusive schemes are inherently dynamic, as unprincipled
             entrepreneurs continually seek ways to dodge program safeguards.2 As a
             result, fortifying Medicare against fraud and abuse will require a concerted
             and ongoing effort by Medicare program managers and federal law
             enforcement agencies to keep pace with new attempts to exploit the
             program. It will also likely require additional congressional oversight to
             encourage timely and effective program management.

             Established under the Social Security Amendments of 1965, Medicare is a
Background   two-part program: (1) “hospital insurance,” or part A, which covers
             inpatient hospital services and skilled nursing facility, hospice, and home
             health care services, and (2) “supplementary medical insurance,” or part B,
             which covers physician and outpatient hospital services, diagnostic tests,
             and ambulance and other medical services and supplies. In fiscal year
             1997, part A will have covered an estimated 38.1 million aged and disabled
             beneficiaries, including those with chronic kidney disease. Total outlays
             for parts A and B are estimated at $212 billion for fiscal year 1997.

              High-Risk Series: Medicare (GAO/HR-97-10, Feb. 1997).

             Page 2                                                         GAO/T-HEHS-98-9
Medicare: Recent Legislation to Minimize
Fraud and Abuse Requires Effective

In Medicare’s fee-for-service program, which is used by almost 90 percent
of the program’s beneficiaries, physicians, hospitals, and other providers
submit claims for services rendered to Medicare beneficiaries. HCFA
administers the fee-for-service program largely through claims processing
contractors. Insurance companies—like Blue Cross and Blue Shield plans,
Mutual of Omaha, and CIGNA—process and pay Medicare claims, which
totaled an estimated 900 million in fiscal year 1997. As Medicare
contractors, these companies use federal funds to pay health care
providers and beneficiaries and are reimbursed for the administrative
expenses incurred in performing the Medicare work. Over the years, HCFA
has consolidated some of Medicare’s operations, and the number of
contractors has fallen from a peak of about 130 to about 65 in 1997.

Generally, intermediaries are the contractors that handle claims submitted
by “institutional providers” (hospitals, skilled nursing facilities, hospices,
and home health agencies); carriers generally handle claims submitted by
physicians, laboratories, equipment suppliers, and other practitioners.
HCFA has guarded against inappropriate payments largely through
contractor-managed operations, leaving the intermediaries and carriers
broad discretion over how to protect Medicare program dollars. As a
result, contractors’ implementation of Medicare payment safeguard
policies varies significantly.

Medicare’s managed care program covers a growing number of
beneficiaries—more than 5 million as of September 1997—who have
chosen to enroll in a prepaid health plan rather than purchase medical
services from individual providers. The managed care program, which is
funded from both the part A and part B trust funds, consists mostly of risk
contract HMOs that enrolled nearly 5 million Medicare beneficiaries as of
September 1997.3 Medicare pays these HMOs a monthly amount, fixed in
advance, for each beneficiary enrolled. In this sense, the HMO has a “risk”
contract because regardless of what it spends for each enrollee’s care, the
HMO assumes the financial risk of providing health care in return for the
payments received. An HMO profits if its cost of providing services is lower
than the predetermined payment but loses if its cost is higher than the

 The Medicare managed care program also includes cost contract HMOs and health care prepayment
plans. Cost contract HMOs allow beneficiaries to choose health services from their HMO network or
outside providers. Health care prepayment plans may cover only part B services. Together, both types
of plans enroll fewer than 2 percent of the Medicare population.

Page 3                                                                           GAO/T-HEHS-98-9
                        Medicare: Recent Legislation to Minimize
                        Fraud and Abuse Requires Effective

                        The Congress provided important new resources and tools to fight health
Implementing New        care fraud and abuse when it enacted HIPAA and BBA. To address problems
Laws Affecting          in traditional fee-for-service Medicare, various provisions require HCFA to
Fee-for-Service         change outmoded payment methods, largely by establishing new
                        prospective payment systems and by imposing fee caps, reductions, and
Medicare Will Require   updates to contain unnecessary expenditures. Certain provisions offer the
Sustained Effort to     potential to improve claims reviews—mandating specific increases in
                        reviews and providing HCFA new contracting authority to acquire technical
Realize Benefits        expertise.

                        Enactment of the legislation represents an important first step toward the
                        realization of program integrity goals. As we have noted in previous
                        testimony, the legislation process sets forth the broad concepts while the
                        administering agencies implement the legislation through planning, design,
                        and execution.4 In the case of HIPAA, now more than a year old, HCFA and
                        the HHS Inspector General have been developing plans on many fronts, but
                        actual implementation is just beginning. In the case of BBA, less than 3
                        months old, the “to-do” list is long. Three examples relating to both acts
                        illustrate the situation.

                        First, HIPAA, enacted over a year ago, grants HCFA the authority to use
                        contractors other than the insurers serving as Medicare intermediaries and
                        carriers to conduct medical and utilization review, audit cost reports, and
                        carry out other program safeguard activities. The purpose is to enhance
                        HCFA’s oversight of claims payment operations by increasing contractor
                        accountability, enhancing data analysis capabilities, and avoiding potential
                        contractor conflicts of interest.

                        HCFA’s  target date for awarding the first program safeguard contract is in
                        fiscal year 1999, more than a year from now. HCFA officials are preparing
                        for public comment a notice of proposed rulemaking that would ultimately
                        govern the selection of contractors to perform safeguard functions, but
                        they are not able to specify when the contract award rules will be final.

                        Second, to allow greater information-sharing among federal and state
                        government agencies and health plans, HIPAA mandates the creation of a
                        national data collection program under which information on final adverse
                        actions against health care providers will be maintained. Officials from the
                        Office of the Inspector General are working with the Health Resources and
                        Services Administration to develop the database. On the basis of past

                         “Administration’s Proposed Budget Cuts Affecting the Medicare Program,” hearing before the House
                        Subcommittee on Health, Committee on Ways and Means, March 2 and June 15, 1982, serial 97-53, pp.

                        Page 4                                                                         GAO/T-HEHS-98-9
Medicare: Recent Legislation to Minimize
Fraud and Abuse Requires Effective

experiences with database development, it could be several years before
the system can be fully operational.

Distinct from its predecessor system, the National Provider Data Bank,
this data collection program is expected to maintain information on civil
judgments, criminal convictions, licensing and certification actions on
suppliers and providers, exclusions, and other adjudicated adverse
actions—involving the collection of data from state and local
governments. The program must also be self-supporting, requiring market
research to assess the needs and preferences of potential users. Finally,
because existing federal and state statutes and regulations may impede the
collection and dissemination of the information required, new federal
regulations may be necessary, requiring the publication of proposed rules,
a 60-day period for receipt of public comments, and an indeterminate
period for making the regulations final.

Third, BBA requires the implementation of several prospective payment
systems to replace cost-based reimbursement methods. Depending on
their design, prospective payment systems can remove the incentive to
provide services unnecessarily. For example, prospective payment for
skilled nursing facilities (SNF) should make it more difficult to increase
payments by manipulating Medicare’s billing rules for ancillary services
provided to beneficiaries in these facilities, an issue often raised in our
reports and testimonies. However, a considerable amount of work will be
involved. Establishing rates that will enable efficient providers to furnish
adequate services without overcompensating them will require
(1) accounting for the varying needs of patients for routine and ancillary
services and (2) collecting reliable cost and utilization data to compute the
rates and the needed health status adjustment factors. Earlier this year in
testimony before this Committee on prospective payment proposals, we
suggested that HCFA use the results of audits of a projectable sample of SNF
cost reports when setting base rates to avoid incorporating the inflated
costs found in the HHS Inspector General’s reviews of SNF cost reports. We
also discussed the need for systems to adequately monitor prospective
payments to help ensure that providers do not skimp on services to
increase profits at the expense of quality care.5

In general, reforming payment methods entails developing payment
methodology components that require data-intensive studies, developing
the implementing regulations, publishing the proposed regulations for

 Medicare Post-Acute Care: Cost Growth and Proposals to Manage It Through Prospective Payment
and Other Controls (GAO/T-HEHS-97-106, Apr. 9, 1997).

Page 5                                                                       GAO/T-HEHS-98-9
                       Medicare: Recent Legislation to Minimize
                       Fraud and Abuse Requires Effective

                       public comment, and issuing final regulations. For example, it took HCFA 4
                       years—from the time a task force was established in 1993—to issue
                       proposed salary guideline regulations for rehabilitation therapy services.
                       To meet the requirements of BBA, HCFA will have to develop, concurrently,
                       separate prospective payment systems for services delivered through
                       inpatient rehabilitation facilities, home health agencies, skilled nursing
                       facilities, and hospital outpatient departments.

                       Developing prospective payment systems, moreover, represents only a
                       fraction of the design and implementation work that HIPAA and BBA require.
                       Conducting demonstration projects and reporting to the Congress
                       constitute another portion of work mandated by the legislation.

                       Among the more challenging of BBA’s provisions to implement are those
Medicare’s New         establishing the Medicare+Choice program, which expands beneficiaries’
Choice Plans Present   private plan options to include preferred provider organizations (PPO),
Unknown Challenges     provider sponsored organizations (PSO), and private fee-for-service plans.
                       It also makes medical savings accounts (MSA) available to a limited number
for Program Managers   of beneficiaries under a demonstration program. The reforms the Congress
                       embodied in these provisions are major, helping Medicare adapt to and
                       capitalize on changes in the health care market.

                       However, each of these options will have to be carefully monitored to
                       identify and correct vulnerabilities. Our observations of HCFA’s oversight of
                       Medicare’s risk contract HMOs, which have been the chief alternative to
                       traditional fee-for-service Medicare, raise concerns. In our 1997 High-Risk
                       Series report, we noted that HCFA’s monitoring of HMOs has been
                       historically weak. HCFA has allowed some plans with a history of abusive
                       sales practices, delays in processing beneficiaries’ appeals of HMO
                       decisions to deny coverage, and patterns of poor-quality care to receive
                       little more than a slap on the wrist. We also noted that HCFA had done little
                       to inform beneficiaries of HMO performance and did not publish available
                       data on such satisfaction indicators as rapid disenrollment rates compared
                       across Medicare HMOs within a given market.6

                       BBA addresses many of these problems. For example, the legislation calls
                       for all Medicare+Choice plans to, among other things, obtain external
                       review from an independent quality assurance organization, such as a peer
                       review organization, that would assess such factors as the quality of the

                        Our in-depth study on this subject is entitled Medicare: HCFA Should Release Data to Aid Consumers,
                       Prompt Better HMO Performance (GAO/HEHS-97-23, Oct. 22, 1996).

                       Page 6                                                                          GAO/T-HEHS-98-9
                        Medicare: Recent Legislation to Minimize
                        Fraud and Abuse Requires Effective

                        plan’s inpatient and outpatient services and the adequacy of the plan’s
                        response to written complaints about poor-quality care. These and other
                        mandates should help improve oversight. The act also requires HHS to
                        disseminate to all beneficiaries within a market area consumer
                        information on the area’s Medicare+Choice plans, including, for example,
                        disenrollment rates, health outcomes, and compliance with program
                        requirements. Collectively, these consumer information requirements
                        enlist market forces to help improve HMO performance.

                        We remain concerned that HCFA will have to be attentive to new issues
                        raised by expanded choice for beneficiaries. The implementation
                        challenge for HCFA will be to strike a judicious balance between
                        encouraging plan growth and development and adequately protecting
                        beneficiaries’ quality of care. For example, under BBA, requirements for
                        minimum enrollment levels—aimed at achieving an adequate spreading of
                        risk to ensure a plan’s financial solvency—can be waived for new Choice
                        plans in their first 3 years of operation. In addition, the recent
                        authorization of higher HMO rates in rural areas may well increase the total
                        number of risk contract HMOs. If the number of Medicare managed care
                        organizations grows, HCFA may not be equipped to make site visits at the
                        current rate of every other year. Finally, all the Medicare+Choice plans,
                        including PPOs, PSOs, and private fee-for-service plans, will have to submit
                        new marketing materials for HHS approval; with an escalating workload,
                        however, these materials could be approved without adequate scrutiny.
                        Under the law, marketing materials are approved automatically if HHS does
                        not disapprove them within 45 days of their submission to the Department.

                        Another implementation concern is related to HCFA’s information
Delays in Modernizing   management systems. As you know, HCFA’s major project to modernize its
Medicare’s Claims       information systems—the Medicare Transaction System (MTS)—all but
Processing Systems      collapsed as of August 15, 1997.7 This is a significant setback for HCFA’s
                        efforts to prevent and detect fraud and abuse. For example, HCFA intended
Could Hamper            MTS to replace nine separate automated information systems with a single,
Program Integrity       unified system. It was expected to provide an on-line database that could
                        integrate data on part A and part B services and payments that are
Efforts                 currently stored separately. Ideally, such a system would enable the
                        comparison of claims against other claims already submitted on behalf of
                        the beneficiary, other claims submitted by the provider, and other claims
                        for the same procedure or item. Work is still underway to develop a new

                         On that day, an internal HCFA memo was issued stating, “Today, HCFA formally notified GTE of our
                        decision to close down the contract by January 1998. This contract action results from the stop work
                        order that we issued to GTE on April 4, 1997.”

                        Page 7                                                                           GAO/T-HEHS-98-9
                       Medicare: Recent Legislation to Minimize
                       Fraud and Abuse Requires Effective

                       system for collecting payment and other information related to risk
                       contract HMOs, but the MTS contract has been terminated.

                       HCFA  is in the process of consolidating its nine separate systems into one
                       part A claims system and one part B claims system. While having a single
                       system for each part should allow better claims editing, it would not
                       provide all the benefits that had been expected from MTS, including the
                       ability to ensure routinely, before payments are made, that an item or
                       service billed to part A has not also been billed to part B and vice versa.
                       Other anti-fraud-and-abuse software development discussed in our
                       High-Risk report—namely, algorithms under development by the Los
                       Alamos National Laboratory for generating prepayment claims screens and
                       commercial off-the-shelf software controls being tested at one
                       contractor—are years away from implementation nationwide.8

                       Aware of the need for agencywide coordination and planning to
HCFA Dedicates Staff   implement BBA’s multiple provisions, HCFA has established an
to Implement BBA       infrastructure to track and monitor the tasks associated with BBA
Mandates               mandates. Staff organized into functional teams will be led by a project
                       management team tasked with reporting to agency executives, including
                       the HCFA Administrator. According to a HCFA official, the agency has plans
                       to keep Department officials and the Congress routinely informed of the
                       agency’s progress.

                       With the enactment of HIPAA and BBA, the Congress has provided significant
Conclusions            opportunities to strengthen several of Medicare’s areas of vulnerability.
                       How HHS and HCFA will use the authority of HIPAA and BBA to improve its
                       vigilance over Medicare benefit dollars remains to be seen. The outcome
                       largely depends on how promptly and effectively HCFA implements the
                       various provisions. HCFA’s past efforts to implement regulations, oversee
                       Medicare managed care plans, and acquire a major information system
                       have often been slow or ineffective. Now that many more requirements
                       have been placed on HCFA, we are concerned that the promise of the new
                       legislation to combat health care fraud and abuse could at best be delayed
                       or not be realized at all without sustained efforts at implementation.

                       Mr. Chairman, this concludes my statement. I will be happy to answer your

                        For a more detailed discussion of this work, see Medicare Automated Systems: Weaknesses in
                       Managing Information Technology Hinder Fight Against Fraud and Abuse (GAO/T-AIMD-97-176, Sept.
                       29, 1997).

                       Page 8                                                                      GAO/T-HEHS-98-9
Page 9   GAO/T-HEHS-98-9
Page 10   GAO/T-HEHS-98-9
Page 11   GAO/T-HEHS-98-9
Related GAO Products

              Medicare Automated Systems: Weaknesses in Managing Information
              Technology Hinder Fight Against Fraud and Abuse (GAO/T-AIMD-97-176, Sept.
              29, 1997).

              Medicare Home Health Agencies: Certification Process Is Ineffective in
              Excluding Problem Agencies (GAO/T-HEHS-97-180, July 28, 1997).

              Medicare: Control Over Fraud and Abuse Remains Elusive
              (GAO/T-HEHS-97-165, June 26, 1997}.

              Medicare: Need to Hold Home Health Agencies More Accountable for
              Inappropriate Billings (GAO/HEHS-97-108, June 13, 1997).

              Medicare Transaction System: Success Depends Upon Correcting Critical
              Managerial and Technical Weaknesses (GAO/AIMD-97-78, May 16, 1997).

              Nursing Homes: Too Early to Assess New Efforts to Control Fraud and
              Abuse (GAO/T-HEHS-97-114, Apr. 16, 1997).

              Medicare Post-Acute Care: Cost Growth and Proposals to Manage It
              Through Prospective Payment and Other Controls (GAO/T-HEHS-97-106, Apr. 9,

              Medicaid Fraud and Abuse: Stronger Action Needed to Remove Excluded
              Providers From Federal Health Programs (GAO/HEHS-97-63, Mar. 31, 1997).

              High-Risk Series: Medicare (GAO/HR-97-10, Feb. 1997).

              Medicare: HCFA Should Release Data to Aid Consumers, Prompt Better HMO
              Performance (GAO/HEHS-97-23, Oct. 22, 1996).

              Medicare: Home Health Utilization Expands While Program Controls
              Deteriorate (GAO/HEHS-96-16, Mar. 27, 1996).

              Medicare Transaction System: Strengthened Management and Sound
              Development Approach Critical to Success (GAO/T-AIMD-96-12, Nov. 16, 1995).

              Medicare: Commercial Technology Could Save Billions Lost to Billing
              Abuse (GAO/AIMD-95-135, May 5, 1995).

(101598)      Page 12                                                     GAO/T-HEHS-98-9
Ordering Information

The first copy of each GAO report and testimony is free.
Additional copies are $2 each. Orders should be sent to the
following address, accompanied by a check or money order
made out to the Superintendent of Documents, when
necessary. VISA and MasterCard credit cards are accepted, also.
Orders for 100 or more copies to be mailed to a single address
are discounted 25 percent.

Orders by mail:

U.S. General Accounting Office
P.O. Box 37050
Washington, DC 20013

or visit:

Room 1100
700 4th St. NW (corner of 4th and G Sts. NW)
U.S. General Accounting Office
Washington, DC

Orders may also be placed by calling (202) 512-6000
or by using fax number (202) 512-6061, or TDD (202) 512-2537.

Each day, GAO issues a list of newly available reports and
testimony. To receive facsimile copies of the daily list or any
list from the past 30 days, please call (202) 512-6000 using a
touchtone phone. A recorded menu will provide information on
how to obtain these lists.

For information on how to access GAO reports on the INTERNET,
send an e-mail message with "info" in the body to:


or visit GAO’s World Wide Web Home Page at:


United States                       Bulk Rate
General Accounting Office      Postage & Fees Paid
Washington, D.C. 20548-0001           GAO
                                 Permit No. G100
Official Business
Penalty for Private Use $300

Address Correction Requested