[House Hearing, 106 Congress]
[From the U.S. Government Publishing Office]




   THIRD-PARTY BILLING COMPANY FRAUD: ASSESSING THE THREAT POSED TO 
                                MEDICARE

=======================================================================

                                HEARING

                               before the

                            SUBCOMMITTEE ON
                      OVERSIGHT AND INVESTIGATIONS

                                 of the

                         COMMITTEE ON COMMERCE
                        HOUSE OF REPRESENTATIVES

                       ONE HUNDRED SIXTH CONGRESS

                             SECOND SESSION

                               __________

                             APRIL 6, 2000

                               __________

                           Serial No. 106-97

                               __________

            Printed for the use of the Committee on Commerce

                    U.S. GOVERNMENT PRINTING OFFICE
64-027CC                    WASHINGTON : 2000





                         COMMITTEE ON COMMERCE

                     TOM BLILEY, Virginia, Chairman

W.J. ``BILLY'' TAUZIN, Louisiana     JOHN D. DINGELL, Michigan
MICHAEL G. OXLEY, Ohio               HENRY A. WAXMAN, California
MICHAEL BILIRAKIS, Florida           EDWARD J. MARKEY, Massachusetts
JOE BARTON, Texas                    RALPH M. HALL, Texas
FRED UPTON, Michigan                 RICK BOUCHER, Virginia
CLIFF STEARNS, Florida               EDOLPHUS TOWNS, New York
PAUL E. GILLMOR, Ohio                FRANK PALLONE, Jr., New Jersey
  Vice Chairman                      SHERROD BROWN, Ohio
JAMES C. GREENWOOD, Pennsylvania     BART GORDON, Tennessee
CHRISTOPHER COX, California          PETER DEUTSCH, Florida
NATHAN DEAL, Georgia                 BOBBY L. RUSH, Illinois
STEVE LARGENT, Oklahoma              ANNA G. ESHOO, California
RICHARD BURR, North Carolina         RON KLINK, Pennsylvania
BRIAN P. BILBRAY, California         BART STUPAK, Michigan
ED WHITFIELD, Kentucky               ELIOT L. ENGEL, New York
GREG GANSKE, Iowa                    TOM SAWYER, Ohio
CHARLIE NORWOOD, Georgia             ALBERT R. WYNN, Maryland
TOM A. COBURN, Oklahoma              GENE GREEN, Texas
RICK LAZIO, New York                 KAREN McCARTHY, Missouri
BARBARA CUBIN, Wyoming               TED STRICKLAND, Ohio
JAMES E. ROGAN, California           DIANA DeGETTE, Colorado
JOHN SHIMKUS, Illinois               THOMAS M. BARRETT, Wisconsin
HEATHER WILSON, New Mexico           BILL LUTHER, Minnesota
JOHN B. SHADEGG, Arizona             LOIS CAPPS, California
CHARLES W. ``CHIP'' PICKERING, 
Mississippi
VITO FOSSELLA, New York
ROY BLUNT, Missouri
ED BRYANT, Tennessee
ROBERT L. EHRLICH, Jr., Maryland

                   James E. Derderian, Chief of Staff

                   James D. Barnette, General Counsel

      Reid P.F. Stuntz, Minority Staff Director and Chief Counsel

                                 ______

              Subcommittee on Oversight and Investigations

                     FRED UPTON, Michigan, Chairman

JOE BARTON, Texas                    RON KLINK, Pennsylvania
CHRISTOPHER COX, California          HENRY A. WAXMAN, California
RICHARD BURR, North Carolina         BART STUPAK, Michigan
  Vice Chairman                      GENE GREEN, Texas
BRIAN P. BILBRAY, California         KAREN McCARTHY, Missouri
ED WHITFIELD, Kentucky               TED STRICKLAND, Ohio
GREG GANSKE, Iowa                    DIANA DeGETTE, Colorado
ROY BLUNT, Missouri                  JOHN D. DINGELL, Michigan,
ED BRYANT, Tennessee                   (Ex Officio)
TOM BLILEY, Virginia,
  (Ex Officio)

                                  (ii)


                            C O N T E N T S

                               __________
                                                                   Page

Testimony of:
    Aronovitz, Leslie G., Associate Director for Health Financing 
      and Public Health Issues, U.S. General Accounting Office...    13
    Burleigh, Robert B., Vice President, PractiCare..............    29
    Hast, Robert H., Acting Assistant Comptroller General, Office 
      of Special Investigations, U.S. General Accounting Office..     9
    Morris, Lewis, Counsel, Office of the Inspector General, 
      Department of Health and Human Services, accompanied by 
      Steve Lack, Special Agent..................................    18
    Thompson, Penny, Director, Medicare Program Integrity Group, 
      Health Care Financing Administration.......................    25
Material submitted for the record by:
    Bliley, Hon. Tom, Chairman, Committee on Commerce, letter 
      dated March 14, 2000, to Penny Thompson, Director, Program 
      Integrity Group, Health Care Financing Administration, 
      requesting response for the record.........................    62
    Thompson, Penny, Director, Medicare Program Integrity Group, 
      Health Care Financing Administration, letter dated March 
      30, 2000, to Hon. Tom Bliley, enclosing response for the 
      record.....................................................    63

                                 (iii)

  

 
   THIRD-PARTY BILLING COMPANY FRAUD: ASSESSING THE THREAT POSED TO 
                                MEDICARE

                              ----------                              


                        THURSDAY, APRIL 6, 2000

                  House of Representatives,
                             Committee on Commerce,
              Subcommittee on Oversight and Investigations,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 10 a.m., in 
room 2322, Rayburn House Office Building, Hon. Richard Burr 
(presiding).
    Members present: Representatives Burr, Bryant, Stupak, 
Green, and Strickland.
    Staff present: Chuck Clapton, majority counsel; Amy 
Davidge, legislative clerk; and Chris Knauer, minority 
investigator.
    Mr. Burr. The Chair will call this hearing of the Oversight 
and Investigations Subcommittee to order.
    I would like to take this opportunity to welcome our 
witnesses today, some of whom have previously been before us.
    The purpose of today's hearing is to look at the third-
party billing company fraud that exists within the Medicare 
billing process. We are delighted to have with us a number of 
witnesses to testify. This hearing will be limited to one 
panel. I know that we have got members who will be in and out, 
so please be patient with us as we try to accommodate whatever 
questions they might have.
    For the purposes of an opening statement, the Chair would 
recognize himself and all members who wish to make one and 
would also ask unanimous consent that any member who wishes to 
enter an opening statement that is not here would be permitted 
to do so.
    Without objection, that will be so ordered.
    Today's hearing is about determining whether HCFA is doing 
an adequate job of protecting Medicare from fraud and abuse by 
third-party billing agencies. Across America, the population of 
companies that represent medical providers from the standpoint 
of processing their billing information for the purposes of 
reimbursement to the Health Care Financing Administration has 
grown dramatically.
    Today we will hear how a woman using one of the third-party 
billing agencies in Texas was able to submit $1.3 million in 
false claims, which was never detected by the Health Care 
Financing Administration. This raises a great question for this 
subcommittee, for Congress, and for the American people. The 
Office of the Inspector General at HHS will also tell us about 
several cases they investigated where a third-party billing 
agency was able to steal millions of dollars from Medicare.
    I will take this opportunity to say the purpose of this 
hearing is not to bash the Health Care Financing 
Administration. It is to educate us more clearly about this 
third-party billing industry that has emerged in America, to 
determine what additional procedures should be in place at the 
Health Care Financing Administration that have not existed up 
until this point. We should insure that everybody involved in 
the process has the comfort level of knowing that gaming the 
system is not quite as easy as it seems to be right now.
    Let me say that even the IRS, which is not known for its 
efficiency, requires the preparers of tax returns identify 
themselves with an identifying number. One of the most 
troubling pieces of this challenge that we have before us today 
is that we do not currently have any type of identifier that 
follows a third-party biller. A third-party biller can contract 
with multiple physicians, yet the identifier that the Health 
Care Financing Administration sees is, in fact, the 
physician's, and not the third-party biller's.
    One of the questions I hope to get an answer to is how many 
third-party billers exist in the country today. Clearly, our 
hope is that, between the members of this committee, we can 
work to make sure that the right type of procedures are in 
place at HCFA that assure us that the future is not one where 
fraud and abuse is such an opportunity. In fact, what we can do 
is shepherd third-party billing companies to be honest entities 
providing a very valuable service for the reimbursement process 
that many health care entities do not have the manpower, the 
time or the expertise to do.
    I would be remiss if I did not take this opportunity to say 
that third-party billers have been created for a number of 
reasons, but probably the biggest is because of the confusion 
and difficulty faced by physicians attempting to understand the 
rules and regulations that HCFA sets out for them. Congress is 
partly responsible for that very massive undertaking that each 
physician is faced with.
    I have made the comment many times that physicians in North 
Carolina, in the absence of being able to understand the 
constant changes in our health care regulations, turn to the 
business schools of many universities and hire that MBA student 
to come in and run their medical practice from the standpoints 
of the administrative and billing side.
    The biggest problem they have today is now that same MBA is 
walking into the physician's office saying, I can't do this any 
more, because I can't figure it out. I can't assure you with 
any degree of confidence that I have kept you out of that gray 
area that somebody might want to chase that we commonly refer 
to as fraud and abuse.
    I am confident that we can find a satisfactory conclusion 
to this current problem, but my hope also is that we can in the 
future build a system that is easier to understand, simpler for 
all involved, and, more importantly, focuses more on the 
beneficiaries who are covered under Medicare than the process 
of paying claims.
    At this time, the Chair would recognize Mr. Bryant for an 
opening statement.
    Mr. Bryant. I thank the chairman, and I thank the chairman 
for conducting this hearing. I thank the panel of witnesses. My 
statement will be brief.
    I have been in Congress as long as the chairman has, but 
this is really my first tour of duty on Commerce. It seems to 
me the short time I have been on Commerce, we have been at this 
hearing, this type of hearing, over the fraud in Medicare and 
abuse a couple of times. This may even be the third time we 
have been up here on some aspect of it.
    I fully appreciate the complexity of everything involved in 
Medicare, the size, the amounts of money we are dealing with, 
the number of people necessary to handle this, but I would echo 
what our Chairman has said that we are all wanting the same 
thing out of this, and it seems to me we ought to be able to 
get a handle on this. By bringing in third-party payers and 
intermediaries, I assume that was done to make this process 
work better, but it appears that, to some extent, we have just 
added somebody else in the system who can cheat and steal from 
us.
    I appreciate very few of the people in the big picture do 
this, but the ones that do it do it in significant amounts. It 
just seems to me we have got to find a way to better account 
and oversee all the parties involved in this.
    I know, in reading some of the materials in preparation for 
this hearing, it seems we have not done much with this 
intermediary group of third-party payers, and, of course, we 
are now starting to see the results, or at least catching some 
of these folks.
    Again, I am going to stop now. I know Mr. Stupak is here 
and has a statement to make, and I am very interested in 
hearing what each one of you has to say. If you have got any 
comments you can make in terms of how Congress can help you do 
your job, particularly from HCFA, we would appreciate it. But, 
again, I thank all of you for taking your time to come today. I 
look forward to your testimony.
    Mr. Chairman, I yield back balance of my time.
    Mr. Burr. The gentleman from Michigan.
    Mr. Stupak. Thank you, Mr. Chairman. I will be very brief. 
I don't have an opening statement. I am here interested in 
hearing the witnesses today.
    I am familiar with this third-party payee system and how 
sometimes innocent doctors get caught in the billing practices 
where they give to a third-party, who then bills Medicare and 
then, unfortunately, we have some problems. That is what we are 
going to get at today and how best to address it. I am not here 
looking to put blame on anyone but trying to get answers to the 
serious situation.
    Mr. Chairman, with that thought in mind I would like to 
enter into the record, if I may, a GAO report dated June 2, 
1999, to the Honorable John Dingell, ranking minority member on 
this side of the aisle. This side, as the majority, has been 
concerned about the third-party billing claims, submitting 
claims, and if there is fraud and abuse going on in that area. 
Mr. Dingell has a report from GAO, and I would like to make 
that part of the record with your acceptance of this report.
    Mr. Burr. Without objection, so ordered.
    [The information referred to follows:]
    [GRAPHIC] [TIFF OMITTED] T4027.001
    
    [GRAPHIC] [TIFF OMITTED] T4027.002
    
    [GRAPHIC] [TIFF OMITTED] T4027.003
    
    [GRAPHIC] [TIFF OMITTED] T4027.004
    
    [GRAPHIC] [TIFF OMITTED] T4027.005
    
    Mr. Stupak. I yield back my time. Thank you.
    Mr. Burr. I thank the gentleman from Michigan.
    [Additional statement submitted for the record follows:]
 Prepared Statement of Hon. Tom Bliley, Chairman, Committee on Commerce
    Chairman Upton, thank you for holding this hearing today. This 
hearing builds on the work this Committee has done to reduce fraud in 
the Medicare program. Serious questions have been raised about what the 
Health Care Financing Administration is doing about third party 
billers, and whether HCFA is putting Medicare at unnecessary risk of 
fraud. I hope that today's hearing will provide answers to these 
questions.
    I should note that I believe that the vast majority of third party 
billers are honest and reputable small businesses that provide a very 
valuable service to many health care providers. In fact, third party 
billers can play a very important role in insuring that claims are 
submitted in an accurate manner that complies with all of the complex 
billing requirements associated with the Medicare program. 
Unfortunately, a very small number of unscrupulous individuals have 
used third party billing services to take advantage of weaknesses in 
the current Medicare system to steal millions of scarce program 
dollars.
    At my request, the Office of Special Investigations at the General 
Accounting Office took a look at a Texas health care provider who was 
using a third party biller to submit claims to Medicare. The GAO found 
that Behavioral Medical Systems, of Sugarland Texas, was able to submit 
$1.3 million in false claims that went undetected. It was not until GAO 
shared their findings with the Medicare contractor that the provider 
number being used to submit these false claims was suspended. Last week 
we learned that this individual has also been using an old number to 
submit additional claims to Medicare. How was this individual able to 
submit all of these false claims and avoid detection? How was she able 
to continue billing Medicare after her group provider number was 
suspended?
    I was equally shocked to learn of the findings in the report 
released by the Office of Inspector General at HHS two days ago. The 
OIG found that many Medicare contractors have no way of knowing who 
actually submitted a claim to Medicare, or how many claims were 
submitted by a third party biller. In addition they lack even basic 
information about who submits a claim. According to the OIG, anyone 
with a computer, a modem, access to a provider's number and a patients 
health insurance number could send false claims to Medicare.
    This seems to me to be a recipe for disaster. How can we expect 
Medicare's front line defenders to fight fraud when they know so little 
about the claims being submitted by third party billers. These findings 
all indicate that HCFA is failing to adequately protect Medicare from 
potential fraud and abuse by third party billers. This is not a 
hypothetical risk. The case that the GAO has investigated for the 
Committee, along with the cases identified and prosecuted by the OIG, 
clearly show that fraud by third party billers costs millions of 
Medicare dollars.
    HCFA has indicated that they are taking steps to address these 
problems. While any effort to reduce the risk of Medicare fraud is 
good, I am concerned that these efforts may not do enough to solve the 
problems that have been identified. HCFA proposes to obtain information 
from health care providers about their use of third party billers and 
clearinghouses, but studies show that this information is often out of 
date and inaccurate. Additionally, in the time that it takes HCFA to 
gather this information, Medicare will continue to be at risk. How many 
more millions of Medicare dollars do we have to lose before we put in 
place an adequate system that will address these problems?
    I would like to thank all of the witnesses for testifying today, 
and will look forward to hearing their views on what can be done to 
prevent the criminal misuse of third party services to defraud 
Medicare.

    Mr. Burr. We are pleased today to have a number of 
witnesses. We have with us Mr. Robert Hast, Acting Assistant 
Comptroller General of the United States General Accounting 
Office. We have Mr. Lew Morris, Counsel of the Office of 
Inspector General. Mr. Morris is accompanied by Steve Lack, 
Special Agent. Mr. Robert Burleigh, Vice President, PractiCare. 
Ms. Leslie Aronovitz, Associate Director for Health Care 
Financing and Public Health Issues from the General Accounting 
Office; and Ms. Penny Thompson, from the Health Care Financing 
Administration.
    As I believe most of you are aware, this subcommittee is an 
investigative subcommittee; and, as such, it has had the 
practice of taking testimony under oath. Does anyone have an 
objection to taking testimony under oath?
    You also have the right under the House rules to be advised 
by counsel. Is there anybody who chooses to have counsel advise 
them?
    Hearing none, if I could get all of you to rise.
    [Witnesses sworn.]
    Mr. Burr. Consider yourselves sworn in and under oath. The 
Chair would work from your right, my left.
    At this time, I would recognize Mr. Hast.

   TESTIMONY OF ROBERT H. HAST, ACTING ASSISTANT COMPTROLLER 
   GENERAL, OFFICE OF SPECIAL INVESTIGATIONS, UNITED STATES 
   GENERAL ACCOUNTING OFFICE; LESLIE G. ARONOVITZ, ASSOCIATE 
DIRECTOR FOR HEALTH FINANCING AND PUBLIC HEALTH ISSUES, UNITED 
STATES GENERAL ACCOUNTING OFFICE; LEWIS MORRIS, COUNSEL, OFFICE 
   OF THE INSPECTOR GENERAL, DEPARTMENT OF HEALTH AND HUMAN 
   SERVICES, ACCOMPANIED BY STEVE LACK, SPECIAL AGENT; PENNY 
 THOMPSON, DIRECTOR, MEDICARE PROGRAM INTEGRITY GROUP, HEALTH 
  CARE FINANCING ADMINISTRATION; AND ROBERT B. BURLEIGH, VICE 
                     PRESIDENT, PRACTICARE

    Mr. Hast. Mr. Chairman and members of the subcommittee, I 
am pleased to be here today to discuss the results of our 
recent investigation in the operations of Behavioral Medical 
Systems, Incorporated, referred to as BMS. We determined that 
BMS represented itself to Medicare as a health care provider. 
However, BMS functioned as a broker of medical services and 
contracted with a third-party biller for submitting claims to 
Medicare. In short, BMS prepared claims and had its third-party 
biller remit them to Medicare on behalf of the health care 
providers. My testimony today is based on the report of our 
investigation, which you are releasing.
    More specifically, my remarks concern BMS and how it 
conducted business, its improper billing of Medicare, and our 
belief that BMS violated the U.S. Code.
    In brief, BMS, founded by Sandra Hunter, a Ph.D. and a 
licensed social worker, consistently caused improper claims to 
be submitted to Medicare. Those claims involved services by six 
psychiatrists contracted to it. Indeed, of the approximately 
4,900 Medicare claims that BMS filed in the 20-month period we 
investigated, 87 percent, or almost 4,300 claims, were for 
services that were not provided. These improper Medicare claims 
total $1.3 million.
    In addition, BMS violated the general statutory principle 
that Medicare payments should be made directly to the 
beneficiary or the assigned physician who provided the medical 
service. Neither of these situations fit BMS.
    On the basis of our investigation, a Medicare carrier 
temporarily suspended BMS from the Medicare program on July 9, 
1999. To date, BMS remains on suspension.
    In addition, we referred the matter to the Inspector 
General of the Department of Health and Human Services and also 
to the Justice Department. However, we recently learned that 
Dr. Hunter is currently submitting Medicare claims under an old 
provider number issued to her in 1993. That provider number is 
not related to BMS and we have not conducted an investigation 
to determine whether or not these claims are proper.
    In regard to BMS and its operations, Dr. Hunter applied for 
and received a group provider number for BMS in 1995. That 
group provider number allowed her to bill Medicare for services 
rendered. In the application, Dr. Hunter represented the 
location of BMS as a suite at a particular address in 
Sugarland, Texas. This gave the impression that BMS was located 
in a business environment and that medical services would be 
provided there. Instead, the stated suite number and business 
address consisted of a mailbox number at a local Mailbox 
Express.
    In addition, on her application for a group provider 
number, Dr. Hunter represented BMS as a group practice 
specializing in psychiatry. We determined, however, that BMS 
did not directly employ psychiatrists and was thus not a group 
practice. Instead, in its business, BMS contracted with nursing 
homes to provide psychiatric and related services to the 
resident. BMS then contracted with psychiatrists and 
psychotherapists as independent contractors, not as BMS 
employees to provide these services. According to the 
psychiatrists, they were to use BMS as their third-party 
biller.
    These psychiatrists and psychotherapists prepared monthly 
activity reports providing necessary Medicare billing 
information. These reports were then forwarded to Dr. Hunter 
for processing. Dr. Hunter next forwarded them to her 
contracted third-party biller who, following her directions, 
submitted them as billings to the fiscal carrier on behalf of 
BMS. Medicare sent the claim payments back to Dr. Hunter, who 
paid the contracted psychiatrists and psychotherapists, 
extracting a 5 percent fee.
    Medicare also sent the explanations of benefits detailing 
these payments for the services to BMS and not to the 
psychiatrists. These psychiatrists stated they were thus 
unaware of the additional claims being made on their behalf.
    However, BMS billed Medicare for fictional visits to 
patients. Most, in fact 80 percent, of the claims we analyzed 
for the period of September 1997 through April 1999 were for 
services that the psychiatrists had not rendered to these 
patients.
    For example, Medicare paid BMS for 90 visits by one 
psychiatrist to a patient between September 1, 1997, and 
February 28, 1998. According to his records, the psychiatrist 
had not visited the patient at all during that period. In 
addition, the same psychiatrist saw a second patient six times 
between May 23, 1998, and February 16, 1999. Yet carrier 
records show that BMS billed Medicare for 70 additional visits 
by the psychiatrist during that timeframe.
    According to another psychiatrist, he made five visits to 
one patient, yet carrier claims records show BMS billed 
Medicare for 41 more visits by that psychiatrist.
    As another matter, we believe BMS violated the U.S. Code 
concerning direct Medicare payments. BMS should not have billed 
Medicare because it did not directly employ the psychiatrists 
and psychotherapists who provided the services to Medicare 
patients, and it did not provide a facility in which services 
were rendered. Based on the statute and HCFA's implementing 
regulations, BMS was not entitled to bill Medicare directly for 
the services provided by the psychiatrists to nursing home 
patients.
    We believe that the statutory language is clear that BMS 
could not bill Medicare because it was neither the beneficiary 
nor the provider of services to the Medicare patients.
    Mr. Chairman, this concludes my prepared remarks, and I 
would be pleased to respond to any questions that you or the 
other members have. Thank you.
    [The prepared statement of Robert H. Hast follows:]
  Prepared Statement of Robert H. Hast, Acting Assistant Comptroller 
 General for Special Investigations, Office of Special Investigations, 
                                  GAO
    Mr. Chairman and Members of the Subcommittee: I am pleased to be 
here today to discuss the results of our recent investigation of the 
operations of Behavioral Medical Systems, Inc. (BMS) of Sugarland, 
Texas, which functioned as a broker of medical services and contracted 
with a third-party biller for submitting claims to Medicare. Third-
party billers prepare and remit (electronically or by paper) claims to 
Medicare contractors on behalf of health care providers.
    You had asked that we undertake the investigation because of your 
concern about fraud and abuse within the Medicare program. Such 
activities could be involved in a recent estimate, reported by the 
Office of Inspector General (OIG), Department of Health and Human 
Services (HHS), that $12.6 billion of fiscal year 1998 Medicare 
payments for fee-for-service claims did not comply with Medicare rules. 
My testimony today is based on our recent report of our investigation, 
which you are releasing today.1 More specifically, my 
remarks concern (1) BMS and how it conducted business, (2) its improper 
billing of Medicare, and (3) our belief that BMS violated the U.S. 
Code.
---------------------------------------------------------------------------
    \1\ See Medicare: Improper Third-Party Billing of Medicare by 
Behavioral Medical Systems, Inc. (GAO/OSI-00-5R, Mar. 30, 2000).
---------------------------------------------------------------------------
    In brief, we determined that although BMS represented itself to 
Medicare as a health-care provider, in fact it functioned as a broker 
of medical services and, according to its contracted psychiatrists, a 
third-party biller. Further, through the services of the third-party 
biller with which it had contracted, BMS consistently caused improper 
Medicare claims to be submitted for services by six psychiatrists 
contracted to it. Indeed, of the approximately 4,900 Medicare claims 
that BMS filed in the 20-month period we investigated, 87 percent--or 
almost 4,300 claims--were for services that reportedly were not 
provided. Those improper Medicare claims totaled $1.3 million. As 
another matter, we believe that BMS violated the general statutory 
principle 2 that Medicare payments should be made directly 
to the beneficiary or the assigned physician who provided the medical 
service. Neither of these situations pertained to BMS.
---------------------------------------------------------------------------
    \2\ 42 U.S.C. section 1395u(b)(6).
---------------------------------------------------------------------------
    On the basis of our investigation, the Medicare carrier temporarily 
suspended BMS from Medicare program participation on July 9, 1999. At 
this time, BMS remains suspended. Further, we referred the matter to 
the HHS OIG, and it has been referred to the Department of Justice. 
However, we recently learned that the founder of BMS--Sandra J. Hunter, 
Ph.D., a licensed social worker--is currently submitting Medicare 
claims under an old provider number issued to her in 1993. That 
provider number is not related to BMS. We have not conducted an 
investigation to determine if these claims are improper.
BMS and Its Operations
    In February 1995, Dr. Hunter applied to a Texas Medicare Part B 
carrier for a Medicare billing (provider) number for BMS. Dr. Hunter 
subsequently received a group provider number that allowed her to bill 
for Medicare services rendered. In the application, Dr. Hunter 
represented the location of BMS as a suite at a particular address in 
Sugarland, Texas. This gave the impression that BMS was located in a 
business environment and that medical services would be provided there. 
Instead, the stated suite number and business address consisted of a 
mailbox number at a local Mail Box Express.
    In addition, on her application, Dr. Hunter represented BMS as a 
group practice specializing in psychiatry. We determined, however, that 
BMS did not directly employ psychiatrists and was thus not a group 
practice. Instead, in its business, BMS contracted with nursing homes 
to provide psychiatric and related services to their residents. BMS 
also contracted with psychiatrists and psychotherapists--as independent 
contractors, not BMS employees--to provide those services and, 
according to the psychiatrists, use BMS as their third-party biller.
    Then, as was the BMS process, (1) the psychiatrists and 
psychotherapists prepared monthly activity reports providing necessary 
Medicare billing information; (2) the reports were forwarded to Dr. 
Hunter for processing; and (3) Dr. Hunter forwarded them to her 
contracted third-party biller for it to submit billings, following her 
direction, to Medicare on behalf of BMS. Medicare sent the claims 
payments to Dr. Hunter, who paid the contracted psychiatrists and 
psychotherapists. Medicare also sent the Explanations of Benefits, 
detailing the payments for the services, to BMS and not to the 
psychiatrists.3 These psychiatrists stated that they were 
thus unaware of the additional claims made on their behalf.
---------------------------------------------------------------------------
    \3\ Our analysis did not include a review of psychotherapists 
because their rate of reimbursement was based on an hourly rate for 
individual services rendered.
---------------------------------------------------------------------------
BMS Billed Medicare fo Reportedly Fictional Visits to Patients
    We compared the service dates that the psychiatrists submitted to 
Dr. Hunter in their activity reports and the claims that the BMS 
contractor submitted for reimbursement to Medicare, under Dr. Hunter's 
direction. Most--87 percent--of the claims that we analyzed from the 
period September 1997 through April 1999 (the period that we 
investigated) were for services that the psychiatrists had not rendered 
to their patients. For example, Medicare paid BMS for 90 visits by one 
psychiatrist to a patient between September 1, 1997, and February 28, 
1998. However, according to his records, the psychiatrist had not 
visited the patient at all during that period. In addition, the same 
psychiatrist saw a second patient six times between May 23, 1998, and 
February 16, 1999. Yet carrier records show that BMS, through its 
contractor, billed Medicare for 70 additional visits by the 
psychiatrist during that time frame. According to another psychiatrist, 
he made five visits to one patient. Yet carrier claims records show 
that BMS billed Medicare for another 41 visits by that psychiatrist.
    We analyzed the 4,922 claims that the BMS contractor submitted to 
Medicare on behalf of the 6 contract psychiatrists for the September 
1997-April 1999 time frame. Of these claims, 4,291--or 87 percent--were 
reportedly fictitious. According to the 6 psychiatrists and fiscal 
carrier records, these claims represented 9,854 patient visits that 
never occurred. Also according to carrier records, the improper claims 
totaled $1.3 million for unrendered services. We determined that BMS 
had received over $362,000 in Medicare payments for the fictional 
visits and services. The difference of approximately $951,000 is 
attributable to claims that were disallowed/disputed, co-payments, 
deductibles, or claims that exceeded allowable Medicare reimbursable 
amounts.
BMS Violated the U.S. Code Concerning Direct Medicare Payments
    BMS should not have billed Medicare because it neither (1) directly 
employed the psychiatrists and psychotherapists who provided the 
services to the Medicare patients nor (2) provided a facility in which 
the services were rendered. Based on statute 4 and HCFA's 
implementing regulations,5 BMS was not entitled to bill 
Medicare directly for the services that the psychiatrists and 
psychotherapists provided for patients in the nursing homes.
---------------------------------------------------------------------------
    \4\ Title 42 U.S.C. section 1395u(b)(6) states in pertinent part, 
``No payment under that part [B] for a service provided to any 
individual shall be made to anyone other than such individual or[,] 
pursuant to an assignment[,] . . . [to] the physician or other person 
who provided the service, except that (A) payment may be made (i) to 
the employer of such physician or other person . . . [or] (ii) (where 
the service was provided in a hospital, rural primary care hospital, 
clinic, or other facility) to the facility in which the service was 
provided if there is a contractual arrangement between such physician 
or other person and such facility under which such facility submits the 
bill for such services . . . .''
    \5\ HCFA regulations at 42 C.F.R. section 424.73(a) implement the 
congressional intent by limiting the extent to which Medicare pays 
individuals or entities that do not directly provide medical care.
---------------------------------------------------------------------------
    We believe that the statutory language is clear that BMS could not 
bill Medicare because it was neither the beneficiary nor the provider 
of the services to the Medicare patients. The subject statute 
establishes the general principle that Medicare payments are to be made 
to the beneficiary or, under assignment, to the medical provider who 
rendered the service. Legislative history indicates that the Congress 
was concerned about third-party direct billing because, among other 
points, ``[s]uch reassignments have been a source of incorrect and 
inflated claims for services.'' (H.R. No. 92-231, at 104 (1971)) 
Through the subject statute, the Congress sought to eliminate a third 
party's incentive to submit claims for unprovided services or to engage 
in abusive billing practices.
    Mr. Chairman, this concludes my prepared remarks. We would be 
pleased to respond to any questions that you or other members of the 
Committee have.
GAO Contacts and Acknowledgements
    For further information regarding this testimony, please contact 
Robert H. Hast at (202) 512-7455 or Steve Iannucci at (202) 512-6722. 
Robert Gettings and Harvey Gold made key contributions to this 
testimony.

    Mr. Burr. Thank you, Mr. Hast.
    The Chair would recognize Ms. Aronovitz.

                TESTIMONY OF LESLIE G. ARONOVITZ

    Ms. Aronovitz. Thank you, Mr. Burr, Mr. Stupak and Mr. 
Bryant.
    I am very pleased to be here today. I am very pleased to be 
here today to discuss the effectiveness of HCFA's efforts to 
detect fraud by third-party billing companies that submit 
claims to Medicare on behalf of their provider clients.
    Mr. Hast has just described to you a case of a broker who 
supplied erroneous information that was ultimately used to 
fraudulently bill Medicare. This case involved a different 
entity than a third-party biller, but our concerns about third-
party billers could actually apply to any entity that acts on 
behalf of providers to facilitate the submission and payment of 
medical claims. That is not to say that all third-party billers 
should be suspect. In fact, the vast majority play an important 
and legitimate role in assisting providers with billing and 
management services.
    HCFA's contractors can only manually review a limited 
number of claims. Finding fraud among third-party billers is 
like finding a needle in a haystack.
    Knowing that providers are linked to a problematic third-
party biller is like giving HCFA a magnet to look for the 
needle. We found that HCFA's efforts to comprehensively 
identify and review claims associated with third-party billers 
fell short in several areas. I would like to briefly discuss 
some of our concerns.
    First, the identity of a third-party biller submitting a 
claim is lost on many electronic claims when multiple entities 
are involved, while on paper claims such information is not 
recorded at all. For providers, third-party billers and other 
entities such as clearinghouses to submit claims to Medicare 
electronically, they must obtain a submitter number from a 
Medicare contractor. This number becomes part of each claim's 
submission. However, when a claim passes through other entities 
such as one or more clearinghouses before reaching the 
contractor for payment, the entity may overwrite another's 
number.
    Further, on provider claims, forms only include space to 
identify the provider and not the biller. It should also be 
noted that such billers do not register with Medicare nor are 
they linked systematically to the providers they serve. 
Although the enrollment process requires providers to identify 
the name of the billing company, its address, phone number and 
a contact person, there is no registration process for third-
party billers that would allow HCFA to identify crucial 
information on the company's owners, criminal history record or 
other identifiers. Without this information, HCFA might have 
difficulty identifying an officer or officers of the company if 
problems should occur.
    We also found that HCFA's efforts to develop comprehensive 
data on all providers, including their use of third-party 
billers, is still several years from completion. In May, 1996, 
HCFA issued a new enrollment form, but HCFA's data indicates 
only about 15 percent of Medicare providers have enrolled since 
HCFA began using the new form. Thus, 85 percent of Medicare 
providers that enrolled before 1996 likely have not provided 
this information to HCFA.
    Further, even if providers that have completed the new 
enrollment form--even those providers may not have valid 
information in HCFA's system because HCFA's contractors depend 
on providers to report any changes.
    We heard that providers often do not report changes in 
their billing arrangements and as a practical matter action 
would rarely be taken against non-complying providers.
    Finally, we are concerned that information HCFA does have 
about providers' use of third-party billers is not reliable 
because HCFA's data base is dependent on a provider's self-
reporting and does not validate it. HCFA is drafting a 
regulation effective this October which would require all 
providers to update their enrollment information, and we think 
this is a good thing. Here again, however, this process 
involves self-reported data that typically will not be 
validated or updated by the contractors.
    Mr. Burr, this concludes my statement. I will be happy to 
answer any questions you or other members of the subcommittee 
have.
    [The prepared statement of Leslie G. Aronovitz follows:]
 Prepared Statement of Leslie G. Aronovitz, Associate Director, Health 
   Financing and Public Health Issues, Health, Education, and Human 
                         Services Division, GAO
    Mr. Chairman and Members of the Subcommittee: We are pleased to be 
here today to discuss the effectiveness of HCFA's efforts to prevent 
fraud by third-party billing companies that submit claims to Medicare 
on behalf of providers. With 1999 payments of about $208 billion and 
responsibility for financing health services delivered by hundreds of 
thousands of providers to almost 40 million elderly and disabled 
Americans, Medicare is inherently vulnerable to fraud, waste, and 
abuse. We, and the Department of Health and Human Services (HHS) Office 
of Inspector General (OIG) have issued several reports addressing the 
need for sophisticated program safeguards to identify and detect 
potentially fraudulent billing practices.
    In fiscal year 1999, Medicare's fee-for-service program covered 
about 83 percent of Medicare's beneficiaries. HCFA administers 
Medicare's fee-for-service program largely through a network of more 
than 50 claims processing contractors--insurance companies such as 
Mutual of Omaha and Blue Cross and Blue Shield plans--that process and 
pay Medicare claims. Once enrolled in Medicare, physicians, hospitals, 
and other providers may submit claims for payment, sometimes through 
third-party billers, to Medicare contractors. Third-party billing 
companies are businesses that prepare and submit claims on behalf of 
health care providers to payers such as Medicare, Medicaid, and private 
health insurers. In the first 7 months of fiscal year 1999, Medicare 
contractors processed over 508 million claims--averaging more than 72 
million claims per month.
    HCFA's contractors can only review a limited number of claims. 
Finding fraud among third-party billing companies is like looking for a 
needle in a haystack. Knowing that providers are linked to problematic 
third-party billers is like giving HCFA a magnet to look for those 
needles. In a GAO report issued last June, we found that HCFA's efforts 
to comprehensively identify and review claims associated with third-
party billers fell short for several reasons.1 First, the 
identity of a third-party biller submitting a claim is lost on many 
electronic claims when multiple entities are involved, while on paper 
claims, such information is not recorded at all. Second, such billers 
do not register with Medicare, nor are they linked systematically to 
the providers they serve. Third, HCFA's efforts to develop 
comprehensive data on all providers, including their use of third-party 
billers, are still several years from completion. Finally, information 
HCFA does have about providers' use of third-party billers is not 
reliable because HCFA's database is dependent on provider self-
reporting and is not validated.
---------------------------------------------------------------------------
    \1\  GAO/HEHS-99-127R, June 2, 1999.
---------------------------------------------------------------------------
                               background
    Although third-party billing services have been part of the U.S. 
health care system since the 1950s, large billing companies emerged in 
the 1980s, when Medicare required that hospital-based physicians' 
services be separately billed. In 1990, Medicare required physicians 
and other providers to submit claims to Medicare on behalf of all 
beneficiaries, increasing providers' billing workloads. Many providers 
have turned to third-party billing companies to assist them in 
submitting claims and to provide advice regarding reimbursement 
matters, as well as overall business decision-making. Officials of an 
industry trade association estimate that there are currently about 
5,000 active third-party billing companies in the United States.
    Third-party billing companies prepare either paper or electronic 
claims for submission to Medicare contractors. In fiscal year 1999, 
about 83 percent of Medicare claims were submitted electronically. 
Electronic claims may be submitted directly to a contractor or may be 
sent through one or more other entities, known as clearinghouses, 
before reaching the Medicare contractor. Third-party billers, and even 
providers, contract with clearinghouses to reformat claims to meet 
Medicare's requirements.
    Medicare claims administration contractors are responsible for 
processing and paying Medicare claims. In addition, they are 
responsible for payment safeguard activities intended to protect 
Medicare from paying inappropriately. These activities include 
analyzing claims data to identify potentially inappropriate claims, 
performing medical review of claims to determine whether the services 
provided were medically necessary and covered by Medicare, and 
investigating potential cases of fraud and abuse. To target program 
integrity resources, contractors attempt to identify aberrant patterns 
of claims submitted by providers to determine whether the claims should 
be subjected to greater scrutiny. In this connection, the ability to 
scrutinize the claims being submitted by individual third-party billing 
companies might allow HCFA to identify aberrant patterns indicative of 
fraud and abuse in their submissions.
      hcfa cannot identify claims submitted by third-party billers
     Third-party billing companies often have access to billing 
information about multiple health care providers and many of their 
patients. As a result, unscrupulous operators of such businesses have 
an opportunity to submit false claims. For example, in 1997, a billing 
company agreed to pay the government $7.75 million to settle 
allegations that it had violated the federal False Claims Act when it 
filed improperly coded claims. In 1998, a different third-party biller 
was found to have submitted duplicate claims and claims with incorrect 
diagnosis codes. Although it did not admit guilt, it agreed to pay the 
federal government $1.5 million to settle these allegations. In a third 
case, a third-party billing company agreed to pay the government almost 
$415,000 to settle allegations that it improperly filed medical supply 
claims with Medicare on behalf of a provider. The provider denied that 
it knew of, or participated in, any fraudulent conduct with respect to 
the submission of the claims.
    Even when HCFA or its contractors suspect that providers' claims 
are abusive, they are often unable to tell that the claims were 
submitted by a third-party biller. This is due to limitations in both 
the systems for processing electronic claims and the complete lack of 
identifying information on paper claims. For providers, third-party 
billers, and clearinghouses to submit claims to Medicare contractors 
electronically, they must obtain a submitter number from a Medicare 
contractor. This number becomes part of each claim submission. 
Electronic claim submissions contain only one submitter number. If a 
third-party biller submits a claim directly to a contractor, the number 
identifies the claim as coming from that biller. However, when a claim 
passes through other entities, such as one or more clearinghouses, 
before reaching the contractor for payment, the third-party biller's 
number is not always present. In some cases, one entity may overwrite 
another's number, or entities may decide among themselves whose number 
to use.
    While HCFA has established this process--albeit imperfect--to 
monitor the source of electronic claims, no such process exists for 
paper claims. Paper claim forms include a section or space to identify 
the provider but not the biller. In general, contractors would know if 
a third-party biller submitted a paper claim only if the provider 
specifically informed the contractor when it first enrolled in Medicare 
of its intention to use a third-party biller, or if the contractor 
identified a biller while investigating a provider. An OIG official who 
has investigated several cases of Medicare fraud by third-party billing 
companies told us that when billing companies used paper claims, it was 
difficult for the OIG to identify all providers using a given biller. 
In the case where a third-party billing company was submitting 
fraudulent claims for surgical dressings on behalf of many nursing 
homes across the United States, there was no indication that the same 
third-party biller was involved. The OIG agents pursued the case 
against one nursing home as an individual fraudulent provider, when in 
fact 70 nursing homes were involved. After additional cases were opened 
by other OIG offices targeting other individual nursing homes, the 
agents met to share lessons learned and realized that all the nursing 
homes used the same billing company and that a single company was, in 
fact, the source of the fraud.
                  hcfa's efforts show limited results
    HCFA has no routine registration process to collect comprehensive 
information about third-party billers. Although the enrollment process 
requires providers to identify the name of the billing company, its 
address, phone number, and a contact person, there is no registration 
process for third-party billers that would allow HCFA to identify 
critical information on the company's owners, criminal history record, 
or other identifiers. Without this information, HCFA might have 
difficulty identifying an officer or officers of the company if 
problems should occur. In addition, although providers indicating that 
they plan to use a billing company must provide a copy of their 
contract with the biller, the information in the contract may be 
minimal. For example, we reviewed one contract that identified the 
services the biller would provide but included no identifying 
information about the biller other than its name and a signature. Even 
if HCFA did have complete information on third-party billers, it has 
limited recourse if problems arise. Although HCFA can refer the biller 
to the HHS OIG or the Department of Justice, it does not have the 
ability to take intermediate administrative actions. According to a 
HCFA official, whereas the agency would like to be able to exclude 
third-party billers from submitting claims to Medicare, it cannot do so 
because third-party billers do not have to enroll with Medicare to 
participate in the program.
    HCFA has made efforts to obtain information on third-party billers, 
but it still cannot routinely match a third-party biller with all of 
the providers it represents. In May 1996, HCFA issued a new enrollment 
form for providers entering Medicare. The form requires detailed 
information, including an identification of the third-party billing 
company a provider plans to use, if any. While the enrollment form 
provides information about billers that HCFA and its contractors 
previously did not have, HCFA data indicate that only about 15 percent 
of Medicare providers have enrolled since HCFA began using the new 
form. Thus, the 85 percent of Medicare providers that enrolled before 
May 1996 likely have not provided this information to HCFA. Further, 
even providers that have completed the new enrollment form may not have 
valid information in HCFA's system. This is due to the fact that HCFA 
and the contractors depend on providers to report any changes. 
Providers often do not comply with the requirement in enrollment 
instructions to notify their claims processing contractors when they 
change or add third-party billers, according to HCFA and contractor 
officials we talked with. Although notification is legally required, it 
is unlikely as a practical matter that any action would be taken 
against a non-complying provider.
    In an attempt to gather updated and comprehensive information about 
providers, HCFA is drafting a regulation to require providers that 
enrolled in Medicare before May 1996 to complete the new enrollment 
form to fill this information gap. Providers would also be required to 
recertify the information on their enrollment form every 3 years. HCFA 
plans to have the regulation in effect by October 1, 2000, and begin 
requiring providers to update their enrollment information shortly 
thereafter. Here again, this process involves self-reported data that 
typically will not be validated or updated by the contractors.
    To make provider and third-party biller information more accessible 
to the contractors, HCFA is developing a new automated system to access 
the provider enrollment database. HCFA intends that the system, known 
as the Provider Enrollment, Chain and Ownership System (PECOS) will 
provide a complete history of a Medicare provider based on the 
information in the provider enrollment application.2 
Initially, HCFA plans to incorporate currently available provider 
information into the system, and, according to HCFA officials, will 
include updated information from all providers in the future. HCFA 
plans to implement PECOS for institutional providers, such as hospitals 
and nursing homes, by June 2000. HCFA's timeline currently indicates 
that PECOS will be operational for providers of outpatient services in 
January 2002. According to a HCFA official, this timeline was developed 
prior to addressing all Y2K concerns ; due to a smooth transition, 
however, it may be able to move implementation up to August 2001. 
Finally, HCFA expects that comprehensive data on durable medical 
equipment suppliers will be brought into PECOS about 12 months after 
these other efforts are completed. The system will depend entirely on 
providers submitting information to the contractors, without subsequent 
validation. As a result, PECOS will only be as useful as the accuracy 
of the information it receives.
---------------------------------------------------------------------------
    \2\ PECOS' functions include capturing enrollment data, logging and 
tracking provider enrollment forms, identifying and profiling provider 
chains, tracking associations of Medicare providers to these chains, 
providing inquiry and reporting capability, and providing a data 
exchange process that forwards enrollment and claim information to 
other processing systems.
---------------------------------------------------------------------------
                              conclusions
    In an effort to ensure the integrity of Medicare, HCFA and its 
contractors need to develop reliable and sophisticated approaches to 
identifying potentially fraudulent billing practices. In this regard, 
contractors should be able to easily access information about third-
party billers that complete and submit claims to Medicare for payment. 
It is especially important to be able to match up third-party billers 
with the providers they represent, so that contractors can identify 
potentially questionable billing patterns and subject these claims to 
more extensive review. Although HCFA has various efforts underway to 
better identify providers' questionable claims and their associated 
third-party billers, there continue to be gaps in its safeguard 
program. It is important that HCFA complete its provider 
recertification program as soon as possible so that it will have 
available comprehensive information about all Medicare providers and 
their billers. Further, we are concerned about problems with data 
reliability inherent in any type of self-reporting program.
    Mr. Chairman, this concludes my statement. I will be happy to 
answer any questions you or the Subcommittee Members may have.
                    gao contact and acknowledgements
    For future contacts regarding this testimony, please call Leslie G. 
Aronovitz, Associate Director, Health Financing and Public Health 
Issues, at (312) 220-7767. Other individuals who made key contributions 
include Shaunessye Curry and Lynn Filla-Clark.

    Mr. Burr. I can assure you we will have some questions. 
Thank you for your testimony.
    The Chair recognizes Mr. Morris for an opening statement.

                    TESTIMONY OF LEWIS MORRIS

    Mr. Morris. Good morning, Mr. Chairman, members of the 
subcommittee.
    Mr. Chairman, as you observed, third-party billing 
companies that operate ethically can provide great service to 
both providers and the Federal health care programs. These 
companies offer expertise in program reimbursement 
requirements, help assure claims are accurately prepared, and 
free physicians and other practitioners to devote their energy 
to the care of their patients. Unfortunately, there are system 
vulnerabilities which an unethical company can take advantage 
of and exploit for its financial gain.
    While the OIG cannot discuss any ongoing investigations, 
the following cases and others discussed in my written 
testimony show easily how dishonest third-party billing 
companies can generate millions in fraudulent claims.
    A criminal investigation from the early 1990's aptly 
demonstrates the vulnerability to our programs. In this case, a 
third-party billing company known as Handle With Care performed 
lost charge audits for over 70 nursing homes in eight States. 
The company referred nursing home resident medical records for 
services that supposedly had been provided but not claimed, 
billed Medicare in the name of the nursing home for these 
overlooked charges, and kept 50 percent of the proceeds. In 
actuality, Handle With Care billed for surgical dressings for 
nursing home patients who had never had surgery and 
fraudulently caused Medicare to pay approximately $7.4 million 
for non-rendered services.
    A more recent example of third-party billing fraud can be 
found in the Emergency Physician Billing Service case, or EPBS. 
EPBS provided coding, billing and collection services for 
emergency physician groups in 100 emergency departments in as 
many as 33 States. The investigation and subsequent trial 
revealed that EPBS and its principal owner, Dr. J.D. McKean, 
routinely billed for higher levels of treatment than was 
provided or supported by medical record documentation.
    The operation of EPBS had a number of characteristics 
common to these type of fraud schemes. First, EPBS was paid by 
its clients based on a percentage of revenues, either billed or 
recovered. Coders received a base pay, with bonuses based on 
the number of charts processed and were required to process 40 
emergency room charts per hour or the equivalent of a chart 
every 90 seconds. By contrast, a competitor of EPBS required 
120 charts per day. The coders at EPBS were able to meet the 
quotas by taking shortcuts and disregarding information in the 
charts. In addition, no coder at EPBS ever attended training or 
other informational meetings regarding emergency room decoding 
requirements other than those provided by the company, and 
coders never contacted a physician who had questions regarding 
the charts.
    EPBS and its owner, Dr. McKean, were found liable under the 
False Claims Act and agreed to pay $15.5 million to resolve 
their liabilities. In addition, Dr. McKean was excluded from 
participation in the health care programs for a period of 15 
years, and EPBS entered into a comprehensive corporate 
integrity agreement. We are presently pursuing cases against 
the physician groups that were clients of the firm.
    These investigations, as well as studies by the Inspector 
General's Office and GAO, highlight the Federal health care 
program's potential vulnerabilities to fraud by unscrupulous 
third-party billing companies.
    Among the insights gained from our efforts are the 
following: First, the ability of the Federal health care 
programs to identify third-party billers is inadequate. There 
are approximately 5,000 third-party billing companies in the 
United States. However, recent reports indicate HCFA's ability 
to identify these companies is limited. Likewise, it is unknown 
how many of the approximately 700 million claims per year 
processed by Medicare are submitted by third-party billers. As 
the case of Handle With Care demonstrates, a scam artist can 
hide behind the identification of a legitimate health care 
provider and evade detection.
    Another lesson: there are loopholes in the payment 
reassignment rules. Medicare will only pay a third-party biller 
on behalf of its clients when the agent has no financial 
interest in how much is billed or collected. Unfortunately, 
some billing companies circumvent this rule by having the 
health care provider agree to automatic transfer of Medicare 
payments to the billing company's billing account. Under this 
lockbox arrangement, as it is called, the restrictions-only 
reassignment of claims do not apply because the initial 
Medicare payment is made directly to the physician, not the 
agent.
    Given the inability to adequately identify those third-
party billers, assessing the qualifications of these companies 
or their personnel is almost impossible. Currently, the 
Medicare program lacks any standards or eligibility 
requirements to allow third-party billing companies to prepare 
and submit claims to the program.
    Based on our experience to date with third-party billers, 
the IG has formulated some tentative suggestions for reform 
measures.
    First, those who administer the health care programs need 
an effective mechanism to identify third-party billers when 
they participate in our programs. This identification system 
should allow the programs to track the third-party billing 
company's overall billing paths earnings, to link specific 
claims to particular billers, and to require claims to be 
submitted only from authorized sites. This may involve 
registering third-party billers and clearinghouses so as to 
provide an audit trail and ensure that claims entering the 
system are from authorized sources.
    Second, Congress should consider measures to expressly 
prohibit the use of payment incentives in third-party billing 
companies, no matter how the arrangement is structured. In 
other words, the lockbox loophole should be closed.
    Finally, mandated minimum training as parts of 
qualification standards must be considered as a way to 
discourage unscrupulous and ill-informed billers from gaining 
access to the Federal health care programs and to ensure high-
quality participation by honest billers who do participate. In 
the interim, contractor education efforts should be directly to 
billing companies, rather than indirectly through providers.
    I appreciate the opportunity to share the information and 
insights of the Office of Inspector General. Special Agent Lack 
and I would be pleased to try to answer any questions you may 
have.
    [The prepared statement of Lewis Morris follows:]
  Prepared Statement of Lewis Morris, Assistant Inspector General for 
      Legal Affairs, U.S. Department of Health and Human Services
    Good Morning, Mr. Chairman and Members of the Committee. I am Lewis 
Morris, Assistant Inspector General for Legal Affairs in the Office of 
Inspector General (OIG), U.S. Department of Health and Human Services 
(HHS). I am accompanied by Special Agent Steve Lack from our San 
Francisco Regional Office who is familiar with many of the issues and 
cases I will describe today.
    The mission of the OIG is to identify ways to improve HHS programs 
and operations and protect them against fraud, waste and abuse. We do 
this by conducting independent and objective audits, evaluations, and 
investigations, which provide timely, useful, and reliable information 
and advice to Department officials, the Administration, the Congress, 
and the public. In carrying out our mission, we work with the 
Department and its operating divisions, the Department of Justice 
(DOJ), other Federal and State agencies, and the Congress to bring 
about systemic improvements in HHS programs and operations, and to 
prosecute and/or recover funds from those who defraud the Government.
    I appreciate the opportunity to testify before you today and 
provide the Committee with the OIG's perspective on the issues 
presented by the role of third-party billing companies in the Federal 
health care programs. My testimony will provide:

 an overview of the role played by third-party billing 
        companies;
 a description of OIG efforts to promote integrity among third-
        party billers;
 a look at some specific fraud investigations involving third-
        party billing companies;
 the insights the OIG has gained from these cases; and
 some suggestions for programmatic reforms.
Role of Third-Party Billing Companies
    Billing companies are becoming a vital segment of the health care 
industry. Increasingly, health care providers rely on billing companies 
to assist them in processing claims in accordance with applicable 
statutes and regulations. Additionally, health care providers consult 
with billing companies for advice regarding reimbursement matters, as 
well as overall business decision-making.
    Billing companies provide a variety of types of services. For 
example, some billing companies only process bills that have already 
been coded by the provider, while others take on the added 
responsibility of assigning billing codes based on the client's medical 
documentation. In addition to claims preparation, some billing 
companies also offer a spectrum of management services, including 
accounts receivable management and bad debt collections. Other third-
party billing companies specialize in a particular sector of the health 
care industry, such as physician services provided in emergency rooms.
    In fiscal year 1998, the Medicare program processed over 700 
million Part B claims and 149 million Part A claims, the vast majority 
of which under both categories were electronic. Even with its enhanced 
program integrity functions, the Health Care Financing Administration 
is able to conduct payment reviews on only 10 percent of these claims. 
The system must rely on the honesty and good faith of health care 
providers, as well as those who process and submit claims on their 
behalf. Third-party billing companies that operate ethically can 
provide a great service to providers and the Federal health care 
programs. These companies can offer expertise in program reimbursement 
requirements, help ensure that claims are accurately prepared, and free 
physicians and other practitioners to devote their energies to the care 
of their patients.
OIG Efforts to Promote Integrity among Third-Party Billers
    In order to assist honest billers establish internal controls that 
promote adherence to Federal health care program requirements, the OIG 
has taken proactive steps to promote integrity among the third-party 
billing industry.
    Compliance Guidance. The primary method by which the OIG has 
reached out to the billing industry is through the release of the 
``Compliance Program Guidance for Third-Party Medical Billing 
Companies,'' in November 1998. Consistent with other OIG compliance 
guidance, the Third-Party Billing Compliance Guidance sets forth the 
benefits of a compliance program, describes the essential elements of a 
compliance program, discusses general compliance principles and 
counsels companies on how they might use the Guidance. Most 
importantly, the OIG formulated the Guidance with the input of the 
third-party billing industry, as well as other interested parties.
    The Third-Party Billing Compliance Guidance also identifies the 
specific risk areas that should be addressed by all billing companies. 
Such areas include billing for items or services not actually 
documented; unbundling and upcoding of claims; computer software 
programs that encourage billing personnel to enter data in fields 
indicating services were rendered though not actually performed or 
documented; knowing misuse of provider identification numbers which 
results in improper billing in violation of rules governing 
reassignment of benefits; billing company incentives that violate the 
anti-kickback statute; and percentage billing arrangements.
    In addition, the Guidance describes the risk areas for companies 
that provide coding services in addition to billing services, including 
``assumption'' coding (the coding of a diagnosis or procedure without 
supporting clinical documentation); alteration of the documentation; 
coding without proper documentation of all physician and other 
professional services; and billing for services provided by unqualified 
or unlicenced clinical personnel.
    The OIG hopes that providing information and recommendations such 
as contained in the Guidance will help lead third-party billing 
companies to voluntarily embrace corporate compliance programs that fit 
their individual needs, and thus, help reduce the level of fraud, waste 
and abuse in Medicare and Medicaid reimbursement.
    Corporate Integrity Agreements (CIAs). Another manner in which the 
OIG seeks to promote compliance in the third-party billing industry is 
through the imposition of CIAs on certain billing companies involved in 
fraud schemes. These agreements are imposed in global settlements in 
lieu of exclusion from participation in Federal health care programs. 
CIAs are imposed on companies to help reorient a corporate culture that 
may have previously been prone to fraud and abuse. In this way, the OIG 
attempts to directly affect change in third-party billing entities. 
Such CIAs may also serve as admonitory examples for others within the 
industry.
    CIAs set forth specific requirements that a provider must meet in 
establishing a compliance program or in maintaining an existing 
compliance program. For instance, the CIAs imposed on third-party 
billing companies require them to establish and maintain a compliance 
officer function, a code of conduct, specific policies and procedures 
addressing billing and coding issues, a training program, and annual 
audits and reviews. Moreover, the companies must make annual reports to 
the OIG on their efforts to comply with the CIAs.
Investigations of Third-Party Billing Companies
    Unfortunately, there are system vulnerabilities that an unethical 
billing company can take advantage of and exploit for its financial 
gain. The problems associated with dishonest third-party billing 
companies are as old as the Medicare program itself. As early as 1972, 
the Congress took action to stop ``factoring'' arrangements, the 
practice of physicians and other providers reassigning their Medicare 
and Medicaid receivables to a collection agency for a percentage of 
their face value. The agency in turn prepared and submitted the claims 
to the health care programs and received payment in its name. These 
reassignments were a significant source of incorrect and inflated 
claims. Cases of fraudulent billings by collections agencies and 
payment of substantial overpayments to these ``factoring'' agencies 
were also found. In response, Congress prohibited, with limited 
exceptions, payment for covered services to anyone other than the 
patient or the person who provided the service.
    Despite the effort to stop factoring of Medicare and Medicaid 
bills, some individuals and billing companies circumvented the intent 
of the law by the use of a power of attorney, allowing the billing 
company to receive Federal health care payments in the name of the 
provider, thus continuing the abuses associated with reassignment of 
claims. In 1977, the Congress responded by precluding the use of a 
power of attorney as a device for reassignment of benefits. However, a 
billing agency could continue collecting Medicare or Medicaid payments 
on behalf of a health care provider, provided that the agency does so 
pursuant to an agreement under which the compensation paid to the 
agency for its services is unrelated to the dollar amount of the 
billings or payments, and is not dependent upon the actual collection 
of any such payments.
    These Congressional efforts to curb program abuses continue to be 
thwarted by unethical billing companies. While the OIG cannot discuss 
any ongoing investigations, the following cases show how easily a 
dishonest third-party billing company can establish a scheme that 
generates millions in fraudulent claims.
    Physicians on Call. During the 1980's, the OIG investigated 
allegations that a billing company called ``Physicians on Call'' used 
recent medical school graduates to perpetrate a fraudulent billing 
scheme. The company hired doctors, obtained Medicare providers numbers 
in their names, and then contracted with nursing homes for the 
provision of monthly physician visits to perform examinations of the 
residents. Although these monthly examinations generally were brief, 
the billing company upcoded the physician's visits to reflect 
extensive, and more highly reimbursed, services. This fraudulent 
upcoding was done without the knowledge of the doctors, who received 
payment from the company based on the services actually rendered. The 
scheme was uncovered by the Medicare contractor during a routine review 
of claims for physician services. As the named providers of service on 
the Medicare claims, the physicians were assessed overpayments. They 
were not able to seek relief from Physicians on Call because it had 
gone out of business.
    Handle With Care, Inc. A criminal investigation from the early 
1990's provides another example of how vulnerable the Federal health 
care programs are to the schemes of dishonest billing companies. In 
this case, two sisters, Kristina Brambila and Wendy Desalvo, set up a 
third-party billing company known as Handle With Care, Inc. (HWC) to 
perform ``lost charge'' audits for nursing homes. The two sisters 
persuaded at least 70 nursing homes in 8 states that they would review 
residents' medical records and accounts for services that had not been 
billed to Medicare. Using ``tricks of the trade'' known only to HWC, 
the company billed Medicare on behalf of the nursing home for these 
overlooked charges and kept 50 percent of the proceeds. In actuality, 
HWC billed for surgical dressings for nursing home patients who had not 
had surgery and fraudulently caused Medicare to pay approximately $7.4 
million for nonrendered services.
    Because the billing company submitted the fraudulent claims under 
the nursing home's provider number, it took OIG investigators a great 
deal of time and resources to tie what appeared to be unrelated 
improper billings by different nursing homes back to a single third-
party billing company. At the conclusion of the investigation, the two 
sisters were convicted of Medicare fraud and received prison sentences. 
Additionally, the Government reached False Claims Act (FCA) settlements 
with 15 of the involved nursing homes and recovered over $5 million 
cumulatively.
    Medaphis Corporation. While some third-party billing schemes 
involve a small group of individuals, they can also involve some of the 
largest billing agencies. For example, in 1998, the United States 
investigated allegations brought by a whistle blower that the national 
third-party medical billing companies, Medaphis and Medaphis Physician 
Services (Medaphis), was submitting duplicate claims and using 
incorrect codes on claims submitted on behalf of a client. During the 
period of 1992 through 1996, a Medaphis subsidiary was alleged to have 
improperly submitted multiple claims for payment for the same service 
to the same patient on the same date of service; used incorrect or 
inapplicable diagnosis codes in resubmitting claims which had been 
denied based on the diagnosis originally stated; and submitted other 
improper radiology and cardiology-related claims. Medaphis agreed to 
pay $1.5 million to resolve its civil liability and entered into an 
extensive five year corporate integrity agreement (CIA) that covers its 
activities throughout the nation.
    Gottlieb Financial Services, Inc. In 1999, the United States 
resolved allegations against another wholly-owned subsidiary of 
Medaphis Physician Services, Gottlieb Financial Services, Inc. (GFS), 
that provided emergency department physician billing services. When 
preparing claims for evaluation and management services, GFS allegedly 
used an automated coding software system that routinely upcoded 
emergency room visits. In this instance, based on an inability to pay 
more, Medaphis agreed to pay $15 million to settle its liability, $2.4 
million of which went to the whistleblower who brought the case under 
the qui tam provisions of the FCA. Moreover, the Medaphis CIA imposed 
as part of the earlier settlement was made part of this new settlement, 
given that GFS's conducted pre-dated the execution of the prior CIA.
    Professional Medical Billers d/b/a Professional Radiology Billers. 
Yet another example of the Medicare program's vulnerability to third-
party billing fraud can be found in a recently prosecuted criminal 
case. Professional Medical Billers d/b/a Professional Radiology Billers 
(PRB) provided third-party billing services primarily to physicians. 
From 1994 through 1996, PRB added fabricated services to the physician 
claims and then submitted the claims to Federal health care programs 
under the physicians' provider number. PRB would reimburse the 
physicians for the legitimate claims (less PRB's percentage for 
providing billing services) and keep all the payments for the 
fabricated services. The scheme was uncovered when one of the company's 
clients learned that his year-to-date earning from Medicare were double 
the amount that had been deposited into his bank account by the billing 
service.
    Nancy Thetford and Tracey Huff, co-owners of PRB, pled guilty to 
criminal charges and acknowledged that the scheme cost Medicare and 
Medicaid over $1 million. Thetford was sentenced to 5 years supervised 
probation and was excluded from Federal health care programs for 10 
years. Huff was sentenced to 21 months imprisonment and is also subject 
to mandatory exclusion. The company ceased to operate in the course of 
the investigation and is now defunct.
    Emergency Physician Billing Services, Inc. Perhaps the most 
alarming example of the systematic abuse of the Federal health care 
programs by a third-party billing company can be found in the recent 
case of Emergency Physician Billing Services, Inc. (EPBS). At the time 
of the investigation, EPBS provided coding, billing, and collections 
services for emergency physician groups in over 100 emergency 
departments in as many as 33 states. Based upon allegations presented 
by a qui tam relator, the United States charged that EPBS and its 
principle owner, Dr. J.D. McKean, routinely billed Federal and state 
health care programs for higher level of treatment than was provided or 
supported by medical record documentation.
    EPBS was paid based on a percentage of revenues either billed or 
recovered, depending on the client. EPBS coders received a base pay 
with bonuses based on the number of charts processed and were required 
to process 40 emergency room medical charts per hour, or the equivalent 
of a chart every 90 seconds. By contrast, a competitor of EPBS requires 
120 charts per day. The EPBS coders were able to meet these quotas by 
taking short-cuts and disregarding information in the chart. As the 
trial court noted, no coder at EPBS ever attended training or any other 
informational meeting regarding emergency department coding other than 
in-house EPBS training and no coder ever contacted a physician with 
questions regarding a chart.
    After a trial in which the United States District Court for the 
Western District of Oklahoma found EPBS and Dr. McKean liable under the 
FCA, the defendants agreed to pay $15.5 million to resolve their civil 
and administrative monetary liabilities. In addition, Dr. McKean agreed 
to be excluded from participation in the Federal health care programs 
for 15 years and EPBS entered into a comprehensive CIA. Currently, the 
Government is pursuing physician groups that benefitted from EPBS's 
fraudulent practices.
Insights Gained from these Investigations
    These investigations, as well as program evaluations by the OIG and 
GAO, highlight the Federal health care program's potential 
vulnerability to fraud by unscrupulous third-party billing companies. 
The insights gained from the investigations include:

 payment incentives such as percentage compensation 
        arrangements can encourage abuse;
 there is a loophole in the prohibition on reassignment rule;
 training of billers and coders may be inadequate;
 the ability to identify and track third-party billers is 
        limited at best; and
 standards for participation (certifications, qualifications or 
        conditions) to act as billing agents for Federal health care 
        programs are non-existent.
    Payment incentives can encourage abuse. There can be little doubt 
that payment arrangements where billing companies are reimbursed on a 
percentage basis create an environment ripe for abuse. The temptation 
to upcode or fabricate additional services may be irresistible when the 
billing company's compensation depends upon the amount of revenue 
generated or claims submitted. For instance, EPBS was paid by its 
physician clients based on a percentage of revenues, and in turn EPBS 
paid its coders a base salary with bonuses based on the number of 
charts coded. Such payment incentives discouraged coders from paying 
close attention to the adequacy of documentation in charts to support 
the claim to Medicare.
    Improper incentives appear to have been a factor in several of the 
cases discussed above. Although we are not certain of the pervasiveness 
of these types of arrangements, our suspicion is that it characterizes 
many third-party billing arrangements.
    Loophole in prohibition on reassignment rules. Although not 
addressed specifically by the court in the EPBS case, the Government 
determined that the manner in which EPBS was compensated by its clients 
undermined Medicare policy on reassignment. As a general matter, 
Medicare prohibits the reassignment of the right to payment to persons 
other than the provider or supplier who delivered the service. However, 
as an exception to this general rule, payment may be made to an agent 
who furnishes billing and collection services to the health care 
provider if certain conditions are satisfied. Among the conditions to 
be eligible for the reassignment, the agent's compensation may not be 
related to the dollar amounts billed or collected. In other words, 
Medicare will only pay a third party biller on behalf of its clients 
when the agent has no financial interest in how much is billed or 
collected.
    Unfortunately, it appears that some billing companies have 
constructed payment arrangements that circumvent the intent of the 
Medicare rule. Rather than comply with the prohibition on incentive 
payments, billing companies arrange for the Medicare payments to be 
made to the client for deposit in a bank account in the client's name, 
usually at the same financial institution where the billing company 
maintains an account. The money is typically held in the client's 
account for twenty-four hours or less, after which the Medicare funds 
from the individual provider client account are swept into the billing 
company's general bank account. There often is an agreement between the 
client and the biller that the former will not remove any funds during 
the initial twenty-four hour period. Then the billing company remits to 
the client's account the reimbursement to which the client is entitled, 
minus its percentage-based billing fee. And in the case of dishonest 
billing companies, they also withhold the proceeds from fabricated, 
upcoded or other improper claims submitted in the name of the client. 
Under this ``lockbox'' arrangement, as it is often called, the 
prohibition on reassignment of claims to an incentive compensated 
billing agent does not apply because the payment is made directly to 
the physician and not the agent.
    Training may be inadequate. The OIG is not aware of any studies 
examining the quality and extent of training provided by billing 
companies to their personnel. However, certain facts are clear. First, 
the Medicare program does not mandate that billing companies ensure 
that their personnel meet minimal training requirements. While there 
are certain private organizations that train and certify coders and 
Medicare contractors can provide certain coding and billing training, 
such certifications and outside training are not required by Medicare. 
Moreover, it is the OIG's understanding that to the extent that 
Medicare contractors issue educational guidance on billing and coding 
issues, such guidance is only sent to providers and not to billing 
companies.
    Third-party billing companies that choose to abuse the Medicare 
program can take advantage of these system weaknesses. For example, 
EPBS did not send its coders to any training or any other informational 
meeting regarding emergency department coding other than in-house EPBS 
training. Such in-house training was highly problematic as it was based 
on an internal coding manual created by Dr. McKean and did not 
incorporate the CPT manual, the primary tool used by Medicare to 
determine appropriate billing codes.
    Ability to Identify third-party billers is limited. There are 
approximately 5,000 third-party billers in the United States. However, 
the OIG has just issued a report 1 on computerized billing 
systems that incidently raised the issue that HCFA's ability to 
identify these companies is limited. Likewise, it is unknown how many 
of the approximately 700 million claims per year processed by Medicare 
are submitted by third-party billers. One reason for this uncertainty 
is that many billing agencies submit claims to Medicare using billing 
and submitter numbers (unique numbers assigned to billers and providers 
by HCFA for electronic claim submission) of the providers for whom they 
bill. As the case of Handled with Care, Inc. demonstrates, a scam 
artist can hide behind the identification numbers of a legitimate 
health care provider and evade detection. Even if the billing company 
uses its own submitter number, the electronic claims often are passed 
through clearinghouses that reformat the claims and then submit them to 
Medicare. Under this situation, the initial third-party billing number 
may no longer appear on the claim.
---------------------------------------------------------------------------
    \1\ Medical Billing Software and Processes Used to Prepare Claims, 
March 2000 (OEI-05-99-00100).
---------------------------------------------------------------------------
    Standards for participation are non-existent. Given the inability 
to adequately identify who is doing third-party billing, assessing the 
qualifications of these companies or their personnel is almost 
impossible. Currently, the Medicare program lacks any standards or 
eligibility criteria for allowing third-party billing companies to 
prepare and submit claims to the program.
    The magnitude of this vulnerability is highlighted by a recent 
advertisement for a ``step-by-step'' business guide for medical claims 
processing services found in a complementary airline magazine. For a 
mere $69 dollars, ``How to Start a Medical Claims Processing Service'' 
promises that your ``prescription for a healthy income'' involves no 
more than owning a computer, printer, modem and claims processing 
software. As the ad also notes: ``There's no training needed and . . . 
with health care reform, the need for processors (and the profits to be 
made) will only increase.'' In short, without any type of certification 
process or minimal standards for third-party billers, Federal health 
care programs shall remain vulnerable.
Suggestions for Reform
    Based on its experience to date with third-party billing in the 
Federal health care programs, the OIG has formulated some tentative 
suggestions for reform measures.
    First, those who administer the Federal health care programs need 
an effective mechanism to identify third-party billers when they 
participate in Federal health care programs. This identification system 
should allow the programs to track billing companies' overall billing 
patterns, to link specific claims with particular billers, and to 
require claims be submitted only from authorized sites. This may 
involve registering third-party billers and clearinghouses so as to 
provide an audit trail and ensure that claims enter the Medicare system 
from authorized sources.
    Second, Congress should consider measures to expressly prohibit the 
use of payment incentives in third-party billing contracts, no matter 
how the arrangement is structured. In other words, the ``lockbox 
loophole'' should be closed.
    Third, mandated minimal training as part of qualification standards 
may be a way to discourage unscrupulous and ill-informed billers from 
gaining access to Federal health care programs and to ensure high 
quality participation by honest billers who do participate. In the 
interim, we believe contractor education efforts should be provided 
directly to billing companies rather than indirectly through providers.
Conclusion
    I appreciate the opportunity to share the views of the Office of 
Inspector General on this important subject. Special Agent Steve Lack 
and I welcome your questions.

    Mr. Burr. Thank you, Mr. Morris.
    The Chair would recognize Ms. Thompson for an opening 
statement and welcome.

                   TESTIMONY OF PENNY THOMPSON

    Ms. Thompson. Mr. Burr, Mr. Bryant, good morning. Nice to 
see you again.
    Thank you for inviting us here to talk about this issue. 
The question of what we should do and what our relationships 
should be with third-party billers is an area of growing 
interest and concern to us, and we greatly appreciate this 
subcommittee's interest and support, as well as the efforts of 
the General Accounting Office and the Office of Inspector 
General.
    As has been said here, but bears repeating, third-party 
billing companies who operate ethically can provide a valuable 
service in helping providers and suppliers submit claims 
correctly, and actually they can participate in helping us 
ensure that those claims are processed in an ethical and 
appropriate manner. But improper third-party billing practices 
pose a significant threat to the program.
    Under current regulations, we review these arrangements 
when new providers or suppliers ask that their payments be made 
directly to an agent. Those reviews have led to an increasing 
compliance with our requirements around the financial 
arrangements as delineated in our existing laws and 
regulations. But these billing companies are not regulated when 
they do not actually receive the payment for the provider 
directly and our overall ability to monitor third-party billing 
practices is quite limited as discussed by both the GAO and the 
OIG.
    I would like to take this opportunity also to clarify one 
statement in our testimony in our letter to the chairman around 
paper claims which, as you have said and as the GAO and OIG 
have said in their testimony, do not contain information on 
submitters or preparers. We are looking into that now to see 
what should be done about that. Problems identified by us, by 
our OIG and GAO colleagues and others make clear we need to do 
more.
    We are now working to strengthen the available safeguards 
to better protect the Medicare trust funds from potential 
third-party billing abuses. We are developing new provider 
enrollment regulations and a new enrollment data base, and 
these will help us gather information on third-party billing 
companies. The regulations will require providers to 
periodically update their billing arrangements; and, in 
publishing the provider enrollment regulation, we intend to 
solicit public comments on what we should do to further 
strengthen our oversight of third-party billing companies.
    In addition to our desire to appropriately collect 
information on billers so that we can track claims and know who 
we are doing business with, we also need to understand and 
assess the costs and benefits of collecting that information, 
of changing electronic claims submission standards, of setting 
and enforcing regulatory standards, and of overseeing private 
contracts. We also need to think through what are the rights 
and expectations we have with the physician and the suppliers 
and the providers who are providing the service and contracting 
with these entities to help them with their business functions 
and what special issues exist for third-party billers as 
opposed to billers employed by physicians, suppliers and 
providers.
    We also know that we need to consult with private insurers, 
who largely treat third-party billers in exactly the same way 
that Medicare does, and in the interest of administrative 
simplification understand what changes we want to make to 
electronic claims transactions so that they apply to all 
billers and all insurers and not just the Medicare program.
    In the meantime, we will increase our efforts to educate 
providers and billing agents around the legal requirements for 
their relationships, as well as how to file claims correctly, 
and we are doing more in that regard every day. We are 
committed to working with providers, billing agents, our OIG 
and GAO colleagues and Congress as we proceed.
    I thank you again for holding this hearing. I am happy to 
answer your questions.
    [The prepared statement of Penny Thompson follows:]
   Prepared Statement of Penny Thompson, Program Integrity Director, 
                  Health Care Financing Administration
    Chairman Upton, Representative Klink, distinguished Subcommittee 
members, thank you for inviting us to discuss our efforts to address 
concerns with third party billing agents. This is an area of growing 
concern, and we greatly appreciate this subcommittee's interest and 
support, as well as the efforts of the General Accounting Office and 
HHS Inspector General.
    Third party billing companies who operate ethically can provide a 
valuable service to providers and suppliers who seek out their help in 
submitting claims correctly and efficiently. These firms vary greatly, 
performing a wide variety of services from simply formatting claims for 
submission to Medicare and private insurance companies to managing the 
entire ``business end'' of provider practices.
    Improper third party billing practices can pose a significant 
threat to Medicare. Under current regulations, we review these 
arrangements only when new Medicare providers or suppliers ask that 
their payments be made to an agent. These reviews have led to an 
increase in the number of third party billing contracts that are in 
compliance with existing laws and regulations.
    However, when billing companies assist in preparing bills or 
coding, but do not actually receive payment, they generally are not 
regulated. Billing arrangements for providers who entered the program 
before 1996 are not reviewed, and our overall ability to monitor third 
party billing practices is quite limited. Problems identified by us, 
our HHS Inspector General and General Accounting Office colleagues, and 
others make clear that we need to do more.
    We are working to strengthen the available safeguards to better 
protect the Medicare Trust Fund from waste, fraud and abuse. We are 
developing new enrollment regulations and a new enrollment database for 
all providers. This database will gather information on third-party 
billing companies. The new enrollment regulations will require 
providers to periodically update information, including their billing 
arrangements.
    And, in publishing the provider enrollment regulation proposal this 
spring, we intend to invite public comments on how to address 
challenges in better oversight of third party billing companies. For 
example, the costs and benefits of collecting additional information, 
changing electronic claims submission standards, setting and enforcing 
regulatory standards, overseeing private contracts, and other possible 
risk mitigation strategies must be weighed. There also may be 
unintended consequences and marketplace responses to any actions that 
should be carefully assessed and considered.
Background
    Third party billing companies can take on many different forms, 
structures, operations, functions and relationships with providers. 
Billing companies vary significantly in both the size and reach of 
their organizations and functions, from small ``mom and pop'' 
organizations who only facilitate the electronic submission of claims 
to large business organizations providing coding, claims submission and 
consulting services. As the U.S. Department of Health and Human 
Services Office of Inspector General noted,
          ``It is important to note the tremendous variation among 
        billing companies in terms of the types of services and the 
        manner in which these services are provided to their respective 
        clients. For example, some billing companies code the bills for 
        their provider clients, while others only process bills that 
        have already been coded by the provider.
          ``Some billing companies offer a spectrum of management 
        services, including accounts receivable management and bad debt 
        collections, while others offer only one or none of these 
        services.'' (HHS OIG, ``Compliance Program Guidance for Third-
        Party Medical Billing Companies,'' page 3.)
False Claims
    Billing companies that engage in behavior that gives rise to false 
claims can be held accountable under the False Claims Act. One such 
case was brought through qui tam or ``whistleblower'' lawsuits. The 
firm, Emergency Physicians Billing Service, had promised its clients it 
would increase their reimbursements by 10 to 25 percent. Unfortunately, 
it did so by ``upcoding,'' or filing claims for a higher level of 
service than was actually delivered. Reassignment violations and 
misrepresentations on Medicare enrollment applications were also 
identified.
    In a settlement agreement last fall with the federal government and 
28 individual states, the firm and its owner, and J. D. McKean, Jr., 
M.D., agreed to pay $15.5 million. In addition, McKean is excluded for 
15 years from participation in any federal health care program. The 
firm has entered into a comprehensive Corporate Integrity Agreement 
with the Inspector General. And the federal government is negotiating 
additional settlements with approximately 25 emergency physician groups 
that were clients of the firm.
    This case serves as a national example of improper billing 
perpetrated by third party billers. We, along with staff from five 
Medicare contractors, participated in this investigation, performing 
data analysis directed at detecting the improper billing, suspending 
Medicare payment, and calculating the losses to the program.
    In fact, one of the contractor employees received a commendation 
for their exemplary performance during the investigation from the 
Department of Justice.
Current Oversight
    Our current ability to detect such abuses is limited. Medicare does 
not have a direct business relationship with such entities, and the 
only oversight authority we have is to review arrangements for new fee-
for-service providers who have entered the Medicare program since 1996 
and requested that their payments be made directly to a third party 
billing agent.
    Medicare claims processing contractors conduct reviews for these 
requests to ensure compliance with the statutory requirement that the 
provider's compensation to such an agent not be related in any way to 
the dollar amounts billed or collected. These reviews have led to an 
increasing number of such agreements coming into compliance with the 
statute and regulations. As the health care and billing communities 
have become more aware of these requirements and our enforcement of 
them, we see more contracts expressly containing language supporting 
our requirements.
    However, thorough assurance of compliance with the law is hampered 
by:

 the resource-intensive process for reviewing lengthy, 
        complicated legal documents;
 the capacity of contractors to accurately and fully understand 
        such documents;
 variability in the nature and scope of agreements and the 
        complicated corporate structure reflected in such agreements, 
        where it is not unusual to find a number of subcontractors 
        involved in various functions;
 lack of penalties for failure to inform Medicare when such 
        agreements change; and
 the limited number of providers and suppliers required to 
        submit such information.
    Our ability to identify when third party billers have been involved 
in submitting claims is also limited. Paper claims include a space for 
listing the ``source'' or ``preparer'' of the claim. And electronic 
claims differentiate whether the claim was sent by a third party agent 
or directly by a provider. However, we are not able to identify all 
entities that may have had a role in processing and filing a claim.
    For example, if a third party billing company coded the claim and 
sent it to a clearinghouse that formatted the claim for electronic 
submission to the Medicare program, only the clearinghouse information 
would be evident on the claim.
New Enrollment Process
    We are taking steps to improve our oversight of third party billing 
arrangements. We plan to issue this Spring a proposed rule that would, 
among other things, require periodic verification of provider 
enrollment data and reporting of changes in third party billing 
arrangements. Once the proposed rule is finalized, we will begin an 
``enrollment clean up'' process and require providers and suppliers to 
confirm and update their information, including information on third 
party billing arrangements.
    We also are developing a new national database, the Provider 
Enrollment, Chain and Ownership System, that will include extensive 
information on providers, including information on providers' billing 
arrangements and any reassignment of benefits. It also will include 
information on chain ownership and related organization information, 
which is essential because it allows us to identify when a provider or 
supplier is part of a larger organization, and to view the entire line 
of business. This will also allow a local contractor to view national 
data about an individual or entity rather than simply the data that 
appears on a local provider file. And it will better identify providers 
and suppliers who have been denied privileges, or subject to 
revocations or exclusions.
    Even with this new system and our enrollment ``clean-up'' process, 
outstanding issues remain. These include:

 identifying common ownership among billing entities or 
        ``linking'' agencies that might operate in different 
        jurisdictions;
 regulating billing agents to ensure adherence to professional 
        standards; and
 our lack of information on third party billers who do not 
        negotiate checks or submit claims directly to the program.
    We are seeking to answer many of these questions through comments 
to proposed regulations.
    In our proposed provider enrollment regulation, we will solicit 
comments on several approaches to better oversight of third party 
billing agents. Among the issues we are considering in regulation 
billing agents:

 Should we register billing companies, and/or set standards for 
        them?
 Would we need additional legislative authority to do so?
 Should such standards apply only to entities that actually 
        submit claims and receive negotiated checks on behalf of 
        providers?
 Should such standards apply to all entities that might advise, 
        consult, prepare, support, staff, or otherwise influence the 
        selection of codes and claims to be submitted to the Medicare 
        program?
 How should such standards reflect the diversity in capability, 
        organization, mission, functions, and relationships in the 
        industry?
 How would we enforce such standards?
 What staffing and skill set needs would we require in order to 
        ensure billing companies met standards and agreements were 
        properly executed?
 How should claims properly reflect the preparer's identifying 
        information? What if there are multiple preparers or 
        submitters?
 To what extent would providers, suppliers, and physicians 
        support Medicare regulation of their business contracts and 
        partners?
 To what extent is surveillance and assessment of billing 
        patterns a better approach to ensure compliance than 
        registration or standard setting?
 What information would be needed to accurately group claims 
        handled by a common third party billing company?
 If Medicare were to regulate business arrangements with third 
        party billing companies, what impact would such regulation have 
        on the private sector and the arrangements between providers 
        and third party billers in submitting claims to private 
        insurance companies and, overall, would those effects be 
        positive or negative?
    Answers to these questions are necessary before we can proceed in 
taking further action to address third party billing concerns.
Education Efforts
    In the meantime, we will increase our efforts to educate providers 
and billing agents about legal requirements for their relationships, as 
well as how to file claims correctly. One of the task orders we have 
for our special new program integrity contractors specifically focuses 
on developing educational strategies for third party billers.
    We want to build on the success we achieved in working to educate 
billing agents about how to be prepared for the Year 2000 information 
system challenge. These efforts helped to ensure that these billers 
were aware of our format requirements, Y2K compliance standards, and 
testing standards. Our claims processing contractors aggressively 
pursued testing with these submitters to assure their systems were 
ready for Y2K. And these billers helped us in setting up a major 
conference to bring together these organizations and Medicare 
contractors to discuss testing and implementation strategies and 
timetables.
    We intend to pursue similar avenues of education on other issues of 
importance to third party billing initiatives. For example, we have 
already contacted a major association to invite key billers to 
participate in education sessions for the new outpatient prospective 
payment system. We will continue dialogue with these organizations on 
future, significant changes to Medicare's claims processing systems. 
And these relationships should help contribute to a climate of 
cooperation in all our efforts, including those related to program 
integrity.
                               conclusion
    We are making some progress in addressing concerns about third 
party billing. Our new provider enrollment system and database will 
help us make additional progress. However, we clearly have much more to 
do to fully protect program integrity in this area. We are committed to 
working with providers, billing agents, our IG and GAO colleagues, and 
Congress as we proceed. I thank you again for holding this hearing, and 
I am happy to answer your questions.

    Mr. Burr. Thank you, Ms. Thompson.
    The Chair would recognize Mr. Burleigh for his opening 
statement.

                 TESTIMONY OF ROBERT B. BURLEIGH

    Mr. Burleigh. Chairman Burr, distinguished members, I have 
the honor of representing the Healthcare Billing and Management 
Association today as Chairman of HBMA's Ethics and Compliance 
Committee and consultant to the Association's Board of 
Directors.
    HBMA is a voluntary membership organization and is the only 
trade association representing third-party billing companies. 
The Association's primary goals are education, promotion of 
ethics and compliance and advocacy.
    On behalf of HBMA, I would like to thank the committee for 
the opportunity to appear today to address your interest in 
developing methods to identify those who submit claims to 
federally sponsored health care programs. We are pleased that 
the Commerce Committee, in addition to its responsibilities 
regarding oversight of Medicare, has some interest in the Small 
Business Administration, since almost all of our members are 
small businesses. Our member companies employ nearly 20,000 
nationwide processing and an estimated 650 million claims per 
year, worth an estimated $55 billion. However, most of our 
member companies have fewer than 25 employers. We have attached 
a one-page profile of our membership to our testimony.
    HBMA and its members share your commitment to preventing 
and detecting fraud and abuse in the Medicare program. Indeed, 
HBMA takes great pride in our compliance activities, putting us 
in the forefront of efforts to prevent fraud and abuse in 
third-party billing. Having said that, it is our view that the 
potential for the commission of fraud by third-party billers is 
no greater than the potential for fraud committed by 
physicians' offices that bill Medicare directly.
    Let me begin by emphasizing that HBMA strongly supports the 
goal of protecting the integrity of the Medicare program and 
other federally funded health care programs. We have worked for 
over 4 years with HHS's Department of OIG on the development 
and promotion of the Model Compliance Guidance for Third-Party 
Billing Companies.
    Beginning in February 1999, HBMA began conducting a 
compliance education program for its members and non-members to 
support implementation of the Model Compliance Guidance for 
Third-Party Billing Companies released the previous November.
    We are pleased to report that several hundred third-party 
billing companies have completed our course, in spite of the 
fact that our registration fee is seven times higher than the 
fee charged for national meetings.
    Interestingly, had the third-party billing company cited in 
today's GAO report been a HBMA member or had they attended our 
compliance course, they might have known that what their client 
was doing was improper. Our compliance course specifically 
discusses the need for third-party billing companies to be 
aware of the potential that criminal enterprises, intent on 
generating fraudulent Medicare claims, may seek out legitimate 
third-party billers to serve as a front for their criminal 
enterprise. It appears that the conduct cited earlier is 
exactly such a case.
    Every Medicare claim, regardless of its origin or 
mechanisms for delivery to HCFA's contractors, carries with it 
a risk of either being fraudulent or manipulated in such a way 
as to cause an overpayment by the Medicare program.
    It is also important, as we engage in this dialog on how to 
prevent Medicare fraud and fraudulent billing, that we do so 
with an understanding that, no matter how creative we may be in 
establishing mechanisms for prevention or detection of fraud, 
we realize that we will never be able to eliminate deliberate 
billing fraud.
    The analysis prepared by the GAO and the OIG made constant 
reference to third-party billing companies without attempting 
to define the use of that term. This is important because the 
issue is far more complex than it would appear to the layman. 
Certainly a separately incorporated company offering billing 
services is a billing company. Our full testimony outlines the 
variations that illustrate the complexity of the issue.
    The number of variations in billing service relationships 
is nearly infinite and they change constantly, usually driven 
by entrepreneurs, concerns over excess operating costs by 
billing companies and/or changes in technology. We are 
concerned that any initiative to register claim submitters 
would overlook large segments of the industry that regularly 
handle some part of the claims preparation and/or submission 
process.
    We have considered the list of potential factors that might 
be involved in the registration of Medicare claims submitters, 
and our full testimony outlines 12 potential problematic 
concerns relating to how a billing company or submitter would 
be registered.
    As we read the OIG's report, it appears the sole basis for 
concluding that the Medicare program is at risk due to claim 
submission by third-party billers is that an additional party 
has been added to the claim's processing chain between the 
practice and the contractor. The fact that more than 30 billing 
individual/entities have been excluded from participation in 
the Medicare and State Medicaid programs seems to be the only 
thing of evidence that there is a problem.
    We noted that the report contains numerous examples of 
incorrect understanding of how the industry operates, how 
practices use billing services, how the software industry 
serves practices and billing companies; and the report reaches 
a number of inaccurate conclusions regarding the types and 
levels of risk associated with claims handled by billing 
companies, clearinghouses and medical practices. HBMA would be 
willing to itemize these concerns, although it may be 
unnecessary, as we know that the identity of each and every 
party involved in presenting a claim for a party would be 
beneficial to reducing fraud and abuse. This may not be 
economically or technically practical.
    Of the companies identified by the OIG in their data base, 
we are pleased to report that none of the excluded individuals 
or companies is or was a HBMA member. What is not clear is 
whether the potential for fraud is any greater at different 
points in that chain. In other words, is a claim handled by a 
third-party biller any more likely be used to commit fraud than 
a claim submitted directly by a physician's office? We suggest 
an equally reasonable conclusion, given that we have so few 
billing entities excluded from the Medicare program. It is that 
claims submitted by third-party billers are less likely to be 
erroneous and therefore less likely to be fraudulent.
    We have made a number of specific comments regarding our 
reaction to these proposals.
    In the interest of time, I would like to conclude by 
thanking the committee for inviting us to participate in this 
very important process, and we look forward to your questions 
and to further participation in this important matter.
    [The prepared statement of Robert B. Burleigh follows:]
  Prepared Statement of Robert B. Burleigh, Vice President, PractiCare
    Chairman Burr and Distinguished Members of the Committee, my name 
is Robert B. Burleigh and I am Vice President of PractiCare; I direct 
my company's healthcare consulting practice, known as Brandywine 
Healthcare Consulting Group, a firm I founded in 1988. Today I have the 
honor of representing the Healthcare Billing and Management Association 
(HBMA) as Chairman of the HBMA's Ethics and Compliance Committee and 
Consultant to the Association's Board of Directors. HBMA is a voluntary 
membership organization and the only trade association representing 
third-party medical billing companies. The Association's primary goals 
are education, the promotion of ethics and compliance and advocacy.
    On behalf of HBMA, I would like to thank the Committee for the 
opportunity to appear today to address your interest in developing 
methods to identify those who submit claims to federally sponsored 
healthcare programs. We are pleased that the Commerce Committee, in 
addition to its responsibilities regarding oversight of Medicare, is 
also responsible for the Small Business Administration, since almost 
all of our members are small businesses. Our member companies employ 
nearly 20,000 nationwide, processing an estimated 650 million claims 
per year, worth an estimated $55 billion; however, most of our member 
companies have fewer than twenty-five employees. A one-page profile of 
our membership is included at the end of our written testimony.
                              introduction
    HBMA and its members share your commitment to preventing and 
detecting fraud and abuse in the Medicare program. Indeed, HBMA takes 
great pride in our compliance activities, putting us in the forefront 
of efforts to prevent fraud and abuse in the third party billing 
industry. Having said that, it is our view that the potential for the 
commission of fraud by third party billers is no greater than the 
potential for fraud to be committed by physician's offices that bill 
Medicare directly.
    Let me begin by emphasizing that the HBMA strongly supports the 
goal of protecting the integrity of Medicare and other federally funded 
health care programs. We have a long and well-established record of 
working with the House and Senate, HCFA, the HHS OIG, the GAO and the 
OMB and other government agencies on a wide variety of matters, most of 
which involve Medicare and compliance in some way. We are currently 
working with HCFA's Office of Program Integrity and OMB on improvements 
to the provider enrollment form (855) and processes as well as having 
had meetings last year on the subject of today's hearing; we have 
worked for over four years with HHS's OIG on the development and 
promotion of the Model Compliance Guidance for Third Party Billing 
Companies; we have testified about and submitted comments on 
Congressional and HCFA proposals regarding patient privacy and 
confidentiality; and, of course, we intend to carefully review and 
comment on the upcoming Model Compliance Guidance for Physicians.
    Beginning in February 1999, HBMA began conducting a compliance 
educational program for HBMA members and non-members to support 
implementation of the OIG's Model Guidance for Third Party Billing 
Companies released in November 1998. This intense, 3\1/2\ day course is 
based on HCFA's model compliance program guidance for third party 
billers. HHS's OIG, U.S. Attorney's Office and the FBI have each 
provided guest speakers for our programs. The response to this program 
from the third party billing community has been overwhelming. Each of 
the three conferences presented in 1999 sold-out; the first 
presentation for 2000 has already shown strong registration. We are 
pleased to report that several hundred third party billing companies 
have completed our courses in spite of the fact that the registration 
fee is more than seven times the fee for our regular educational 
meetings. Moreover, compliance has been an educational topic at every 
HBMA National and Chapter meeting since 1995.
    Interestingly, had the third party billing company that has been 
cited in today's GAO's report been an HBMA member or had they attended 
our compliance course, they would have known that what their client was 
doing was improper. Furthermore, had the billing company followed our 
compliance training, it would have ``fired'' or reported the customer. 
Indeed, more and more of our members report that they have found it 
necessary to ``fire'' customer(s) because the client has refused to 
cease its (apparently) suspect behavior. Our compliance course 
specifically discusses the need for third party billing companies to be 
aware of the potential that criminal enterprises, intent on generating 
fraudulent Medicare claims, may seek out legitimate third party billers 
to serve as a front for their criminal enterprise. It appears that the 
conduct cited earlier is exactly such a case.
    Every Medicare claim, regardless of its origin or mechanism(s) for 
delivery to HCFA's contractors, carries with it a risk of either being 
fraudulent or manipulated in such a way as to cause an overpayment by 
the Medicare program. Our goal, and we believe the goal of this 
Committee, is to reasonably reduce the extent to which this can happen 
and create a mechanism where auditors can more readily detect those 
instances of fraudulent billing that may occur. We also believe that 
the Medicare program's best source of protection is the partnership of 
a medical practice with an effective compliance program and a billing 
company with an effective compliance program; rather than increasing 
risks to the program, this relationship would double the program's 
protection. With two compliance programs at work, the chances of 
errors, as well as deliberate misconduct are sharply reduced. We are 
happy to report that such arrangements already exist and are a growing 
trend as our members encourage their clients to develop and implement 
their own compliance programs.
    It is also important, Mr. Chairman, as we engage in this dialogue 
on how to prevent fraudulent billing, that we do so with an 
understanding that no matter how creative we may be in establishing 
mechanisms for the prevention and detection of fraud, we realize we 
will never eliminate deliberate billing fraud. The simple reason is 
that the creativity of the criminal mind knows no bounds. Just as 
sophisticated bank vaults do not stop determined bank robbers from 
their crimes, no system of registration, auditing or oversight, will 
prevent a criminal from defrauding Medicare.
                    definitions and classifications
    The analysis prepared by the GAO and the OIG make constant 
reference to ``third party billing companies'' without attempting to 
define their use of the term. This is important, since the issue is far 
more complex than it would appear to the layman. Certainly, a 
separately incorporated company offering billing services is a billing 
company. But . . .

1. What about the medical practice that, for tax reasons, has 
        incorporated its own billing office under another identity?
2. What about the claims clearinghouse to whom claims are sent by 
        medical practices and/or billing companies?
3. What about the billing software vendor serving as a ``collection 
        station'' who then forwards the claims on to a clearinghouse, 
        or the software vendor that serves as a clearinghouse itself.
4. What about the claims editing vendor who edits the claims on their 
        way to the software vendor and/or clearinghouse?
5. What about the collection agency to whom uncollected claims are 
        referred by the practice after the billing process (the 
        practice's or their billing company's) has failed?
6. What about hospital-owned practices, billed by the hospital under 
        the identity of its MSO (Management Service Organization)?
7. What about insurers who own practice(s) and provide billing?
8. What about the company that provides off-site printing and mailing 
        of paper claims as a subcontractor to the practice and/or the 
        practice's billing service?
9. And, of course, what about the Practice Plan providing centralized 
        or de-centralized billing support for medical school faculty?
    The number of variations in billing and service relationships is 
nearly infinite, and they change constantly, usually driven by 
entrepreneurs, excess operating costs and/or changes in technology. It 
is impossible to anticipate the number of combinations and variations 
of claims handling: to register only one party (a billing company, if a 
clear definition can be constructed) would be unfair and would not 
achieve the apparent goal of this initiative; to register and track all 
of the possible combinations could become impossible. We are concerned 
that any initiative to ``register'' claims submitters would overlook 
large segments of the industry that regularly handle some part of the 
claims preparation and/or submissions process.
                        the registration process
    We have considered the list of potential factors that might be 
involved in the registration of Medicare claims submitters. Listed 
below are some of the aspects of this potential process that we 
consider potentially problematic:

1. How is a ``billing company'' defined?
2. By whom would billers be registered? HCFA, the Carrier(s), or 
        another central source?
3. How would ``registration'' be accomplished? A simple name, address, 
        telephone and FEIN #, or a long, detailed ``855-style'' form? 
        How could a new ``billing company'' begin business without a 
        number, and how could it be a ``submitter'' without one?
4. What would be done when the ownership and/or or management of the 
        ``billing company'' changes? What would be considered a 
        ``reportable'' change?
5. How many ``registration(s)'' would be required? One, or one for each 
        type of claim (Physicians, Hospitals, DME Companies, Home 
        Health Agencies, Nursing Homes, Ambulance Services, etc.)?
6. Would ``registration'' discriminate against billers and discourage 
        their use?
7. How would ``billers'' with multi-state constituents be affected?
8. Would the practice handling its own billing be registered? If not, 
        why not?
9. Where in the Uniform Data Set would the biller registration number 
        be located?
10. Where on the HCFA 1500 form would the number(s) be printed?
11. How much lead time would be required for Carriers, Intermediaries, 
        software vendors, clearinghouses and others to adapt their 
        systems? (We estimate three to five years.)
12. Is a ``submitter'' a company or a person?
                            the oig's report
    We have had an opportunity to perform a preliminary review of the 
recently released Inspector General's report entitled, ``Medical 
Billing Software and Processes Used to Prepare Claims.'' Before 
addressing the specific recommendations made by the OIG, I would first 
like to comment on the information gathering process used to develop 
these recommendations.
    As we read the OIG's report, it appears that the sole basis for 
concluding that the Medicare program is at risk due to claims 
submissions by third party billers is that an additional party has been 
added to the claims processing chain between the practice and the 
Medicare contractor. We found no information presented in the OIG 
report to demonstrate that there is direct evidence of a third-party 
billing company problem. The fact that ``more than 30 billing 
individuals/entities have been excluded from participation in the 
Medicare and state Medicaid programs'' is the only thing approaching 
evidence of a problem.
    We noted that the report contains numerous examples of incomplete 
or incorrect understanding of how the billing industry operates, how 
practices utilize billing services, how the commercial billing software 
industry serves practices and billing companies, and the report reaches 
a number of inaccurate conclusions regarding the types and levels of 
risk associated with claims handled by billing companies, 
clearinghouses and medical practices. HBMA would be willing to itemize 
these concerns, although it may be unnecessary, since we agree with the 
broadest conclusion of all--that knowing the identity of EACH AND EVERY 
party involved in presenting a claim for payment would be beneficial to 
reducing fraud and abuse. However, this may not be economically or 
technically practical.
    The OIG's Report notes that ``it is estimated that there are more 
than 5,000 third party billing companies. To date, ``more than 30'' 
(the OIG's online database reports exactly 30 individuals and/or 
companies) have been excluded from the Medicare and Medicaid programs. 
That is six tenths of one percent of the number of companies that may 
be submitting claims to Medicare or Medicaid. To further put this in 
context, we noted that according to the OIG's web site, more than 40 
federal or state employees have been excluded from participation in the 
Medicare or Medicaid programs. Finally, in terms of the magnitude of 
this problem within the overall context of Medicare fraud, only 30 of 
the nearly 18,000 individuals or entities (or .0016) excluded from the 
Medicare program are classified as third party medical billers. I am 
pleased to report that none of the excluded individuals or companies is 
or was an HBMA member.
    Incidentally, the only HBMA member ever adjudicated of a claims-
related violation was promptly suspended from membership, pending the 
court's determination of the penalties to be imposed. That company is 
now under a Corporate Integrity Agreement, has had its ownership 
restructured, and we have asked the new President to apply for and 
justify reinstatement or face termination of its membership.
    Mr. Chairman, we believe it is fair to conclude that every 
individual or organization that ``touches'' a Medicare claim is in a 
position to commit fraud with respect to that claim, including the 
contractors who process them. What is not clear is whether the 
potential for fraud is any greater at different points in that chain. 
In other words, is a claim handled by a third party biller any more 
likely to be used to commit fraud than a claim submitted directly by 
the physician's office?
    We believe that there is little or no clear evidence of a problem 
and we are troubled by the OIG's conclusion on page 9 of the report 
that states: ``Inability to assess whether a claim came directly from a 
provider or passed through the hands of a third party represents a 
vulnerability in Medicare program safeguards.'' We suggest that an 
equally reasonable conclusion--given that there have been so few 
billing entities excluded from the Medicare program--is that claims 
submitted by third party billers are less likely to be erroneous and 
therefore less likely to be fraudulent.
    Now to the specific recommendations and a preliminary reaction to 
these proposals: Due to the fact that we only learned of these 
proposals very recently, the Association leadership has not had an 
opportunity to discuss these recommendations nor consult with our 
members. Consequently, the comments I make about these recommendations 
are the views of someone with over 30 years of experience in health 
care billing and not those of the Association. We will, however, 
discuss these proposals with our membership and provide you with an 
organizational position in the near future.
1. Identification and registration of all clearinghouses and third-
        party billers.
    In concept, we support the idea of identification of clearinghouses 
and third-party billers. However, we suggest that this should be 
broadened to include everyone who submits claims to government payers. 
In other words, the claim should not only identify whether the claim 
was submitted by a third party billing company, it should identify 
whether the claim was submitted by an employee of the practice, and all 
of the (many) others who may have handled the claim prior to 
submission.
    We would also suggest that because many third party billers handle 
billing for practices located in multiple states, the identification/
registration process should be national and not carrier specific. Some 
of our members have a national clientele spanning dozens of states; the 
prospect of securing and keeping track of dozens of submitter numbers 
is daunting, to say the least.
    In addition, the majority of our members utilize commercial billing 
software. None of the programs currently contain a provision for such 
an identification number. We predict that it will take the software 
industry two or more years to accommodate a new data element 
requirement and the transmission of it. Medicare Carriers may need even 
more time.
2. HCFA should only accept electronic claims from authorized sites and 
        terminals.
    Please refer to our comments, above, under THE REGISTRATION 
PROCESS. In addition, we do not understand the report's reference to 
``terminals.''
3. HCFA should educate the provider community concerning their 
        liability for erroneous claims submitted to Medicare using 
        their provider number.
    Educating the provider community is laudable and we would welcome 
HCFA's assistance in this area. Our members go to great lengths to 
educate their clients about their legal responsibilities. These are not 
the third party billers claims, they are the practices' claims. We are 
merely acting as the agent for the practice and we are therefore 
dependent upon the quality of information we receive from them to 
prepare and submit their claims. The old saying, garbage in, garbage 
out, is particularly relevant to third party billers.
    On all of these issues, Mr. Chairman, the HMBA is eager to work 
with HCFA and HHS's Office of the Inspector General to develop 
standards that are fair, equitable and reasonable in view of the scope 
of the potential problem.
    As I mentioned in my description of the third party billing 
industry, the majority of third party billers are small businesses. For 
some, this is literally a cottage industry; some third party billers 
are home-based businesses. If requirements are created that are costly 
or create an environment that suggests that practices that use third 
party billers are subject to a higher level of scrutiny, it could 
reduce the desirability of using a billing company and could put some 
companies out of business. HCFA staff has indicated that they view 
third party billing companies as an ally in preventing improper claims 
rather than being a source of them.
    In conclusion, Mr. Chairman, we welcome the support of Congress and 
the Health Care Financing Administration as the billing industry does 
its part to prevent fraud and abuse and we appreciate the opportunity 
to participate in this important matter. Our budget is, of course, more 
limited than those available to the Medicare program. We believe it is 
possible to develop a system that provides a higher level of confidence 
in the third party billing process while at the same time ensuring that 
a role for billing experts continues to exist. If reforms in this area 
result in the diminishment or closure of third party billing companies, 
we believe that the result will be more errors in claims submissions 
and at least the potential for more fraud and abuse.
    I would be happy to answer any questions you may have.

    Mr. Burr. Thank you, Mr. Burleigh. Thank you for your 
reminder to those of us on this committee that when that 
pendulum on the clock swings from one direction to the other, 
we have a tendency to let it go too far. I think you raise a 
good warning to us as it relates to some things I am sure 
members will ask questions on.
    Let me thank all of our witnesses for their testimony.
    Let me especially thank the OIG for making Special Agent 
Lack available. The OIG has a policy that generally prohibits 
field agents from appearing in congressional hearings, and we 
very much appreciate their accommodating our request to have 
Agent Lack here accompanying Mr. Morris. Given that they prefer 
that special agents do not directly testify, I will let my 
first question go to Mr. Lack so that he can answer a question 
versus testifying.
    I would ask you, if you would, to share with us anything 
about the third-party billing cases that you have investigated 
and also comment on the vulnerabilities that exist in the 
Medicare program relating to third-party billing, Agent Lack.
    Mr. Lack. Well, the case that was highlighted in Mr. 
Morris's testimony was Handle With Care. What exemplifies the 
vulnerability to the program is that Handle With Care billed 
under the premise of different nursing homes. They would go to 
a nursing home and they would tell them what appeared to be a 
legitimate pitch--that they were missing charges that they 
could legitimately recover. The company said to the nursing 
homes, ``It would be no loss to you, we will bill on your 
behalf, and the government will pay you, and then you just cut 
us a check for 50 percent.'' So, it seemed like no loss to the 
nursing home. It seemed legitimate, since the check would come 
from Medicare to the nursing home.
    The billing company proceeded to prepare a claim for 
surgical dressings, using a surgical diagnostic code, and the 
computer logic went: ``Surgical dressing, surgical code, pay,'' 
and then paid the nursing home, and eventually ended up paying 
70 nursing homes in the same way.
    We didn't know that there was a billing company out there. 
It ended up we had several cases in the United States open on 
this kind of problem, not realizing we were dealing with one 
company. One thing about companies that are questionable is 
they want to get in; they want to get the money; and they want 
to get out fast; and that is what happened with Handle With 
Care.
    By the time we determined that it wasn't the nursing homes' 
fault, it was this company, the company ceased to exist. In 
fact, it had split into two companies. The sisters had a 
disagreement and each went her way forming her own billing 
company, now billing other nursing homes. We knew Handle With 
Care, but were figuring out we got a new company.
    We then attempted to find out who this new company was. Our 
problem was there was no data base with which to determine 
this. We were lucky in being able to determine what codes were 
being used and queried the system on those codes. We found, in 
fact, one of the sisters was actively engaged in this fraud as 
we were working. We were able to mount an undercover operation 
and get her to pitch us and find out, one, how this pitch 
worked; and, two, how the mechanism worked that they got it 
through.
    The highlight of the vulnerability was this billing company 
was masquerading as nursing homes. That is a particular problem 
highlighted by that.
    Another case called ``Physicians on Call'' from the late 
1980's, that was my first experience with billing companies. In 
that case, the company recruited brand new medical graduates 
and said, ``We will start you up with a medical practice 
visiting nursing home patients, because they have to be seen 
every 30 days. We will get you a Medicare number. We will take 
care of the hassle for you, because, I think the regulations 
are somewhat difficult.'' Both Handle With Care and Physicians 
on Call oversold the difficulty of it and got people to say, 
``Well, if it is too difficult, you know what you are doing.'' 
These doctors gave permission to use their number or to get a 
number and use it to bill. What they didn't realize was the 
usual fee for an intermediate visit was padded by Physicians on 
Call as an extensive visit. The Medicare contractor sent the 
check to Physicians on Call, thinking it was going to the 
doctor. Physicians on Call cut a check back to the doctor for 
what should have been billed and kept the remainder, which was 
the fraudulent portion of it.
    The Medicare system actually worked in its analysis of 
utilization by these physicians. The system found these 
physicians were billing high for these types of services and 
did an analysis, finding the payments were not typical. The 
Medicare contractor called the physician in. The physician 
said, ``I didn't bill you; somebody else billed you.'' But 
Medicare said, ``This is your number on the check; you are the 
one we paid; it is an overpayment; and you are eligible to be 
excluded from the program.'' This surprised the brand new 
physicians. They called Physicians on Call, and, like Handle 
With Care, Physicians on Call said, ``We would like to help 
you, but we are out of business; we have no money; and good 
luck.''
    So that also highlighted the masquerading of a billing 
company.
    Mr. Burr. Let me say, for the purposes of the witnesses and 
members, it is the intent of the Chair not to keep a clock on 
members and to be a little more informal because of the few 
number of members that are here. I would just ask all members 
not to abuse that, including myself.
    Ms. Thompson, would you like to comment on what you have 
just heard from the standpoint of the Health Care Financing 
Administration?
    Ms. Thompson. Well, as I mentioned in the testimony, we do 
believe and agree with all that the GAO and the OIG have said 
about what we don't know about third-party billers. My question 
is, what is the right set of solutions to respond to that? As I 
hear some of the cases described, for example, I wonder to what 
extent, had we registered billing agents, that that would have 
really addressed the problem, for example.
    In a lot of instances, for example in the case that Mr. 
Hast talks about, it seems to me there is a person masquerading 
as a provider that really isn't a provider. That is something 
that we should be catching and dealing with in our provider 
enrollment process.
    In the cases that Mr. Lack is describing, it seems to me 
one of the issues is providers or suppliers or physicians 
basically delegating their responsibilities and saying I am not 
going to worry about this, I am not going to pay attention to 
what is going on, I am going to have my contractor deal with 
all of these issues, not looking at the information that is 
being submitted, not looking at the kinds of claims that are 
being submitted, not doing any double-checking, not asking 
about what are the credentials of the people, what are your 
quality control procedures, do you have ways of ensuring that 
claims that are being submitted are correct.
    So I worry a little bit about rushing to a false solution 
that makes it appear as though we have really addressed the 
problem, but the fundamental vulnerabilities still remain.
    Again, that is one of the reasons I raised the question 
about what is the right set of expectations for the physicians 
and the suppliers and providers who are doing business with 
some of these companies. What should they be doing? What are 
the right set of expectations for us to place on them to say, 
you can't simply delegate away this responsibility and decide 
you are not going to worry about it anymore, you are not going 
to care about it anymore, you are not going to look at 
information being submitted to the program on your behalf?
    Mr. Burr. Let me share with you a personal frustration on 
the part of this member. With only 6 years of experience at 
serving on this committee and looking at our health care 
delivery system as it is currently designed, I think one of the 
frustrations that I have is that it seems that the fraud and 
abuse initiatives of the Health Care Financing Administration 
are, in fact, the results of congressional hearings and the 
investigations of GAO and OIG. It is not an internal evaluation 
of the vulnerabilities that exist in our system and a proactive 
initiative by the Health Care Financing Administration to make 
sure that we have a system in place that does not require 
Special Agent Lack to, in fact, be on the job. I am not trying 
to put him out of business. I can assure you we have got plenty 
for him to stay after.
    But I share that with you in an open way, to tell you that 
this is a frustration. It seems that our level of interest in 
fraud and abuse is driven based upon the threat of a possible 
congressional hearing on a specific area. I would hope that, in 
the future, those initiatives are something that can be 
determined prior to fraud and abuse being committed, to the 
degree that it can be.
    I would also take this opportunity to tell you this is not 
a member that believes that we will increase the solvency of 
Medicare by another 50 years because we can squeeze out fraud 
and abuse. I think that publicly that is sometimes the belief 
that is conveyed from this institution to the American people. 
But clearly we have a responsibility for the fiscal integrity 
of Medicare regarding how the money is being spent.
    The Chair would recognize Mr. Bryant for questions.
    Mr. Bryant. Thank you, Mr. Chairman.
    I was going to start with Mr. Lack on a question, but I 
want to start with Ms. Thompson, because I think you hit on a 
good point, something that I am sitting here thinking about, 
and you partially answered my question. But in this 
relationship that is set out, where the health care provider is 
entitled to be paid, and a lot of these health care providers 
have actual employees on the payroll where they are responsible 
for the billing process and getting the right codes, and I 
assume they take great care to properly train these people and 
make sure, for instance, that they are not up-coded, that they 
are coded properly--we will talk about that in a minute. There 
are those out there like that.
    Then we have got this situation where many use the 
intermediary, the third-party people that Mr. Burleigh 
represents in his Association.
    You talk about the expectation thing. Let's talk about 
legalities here. What is the legal relationship, in your view, 
between a health care provider and this third-party person I 
assume they contract with to handle the administration of their 
claims?
    Ms. Thompson. Largely we have treated that as a private 
transaction, like how any provider or supplier or physician 
might decide to arrange their practice in a way that makes 
sense to them in terms of their employment practices or in 
terms of whether they employ consultants to help them with 
training, whether they employ auditors to look at their 
practices, whether they employ compliance training firms to 
come in and help them develop compliance programs and so forth.
    So we have seen that as sort of a subcontract type of 
arrangement, where the provider, the supplier, the physician is 
basically our prime contractor, and they have subcontractors 
who may specialize in certain areas or assist them in certain 
areas, but ultimately they are the ones responsible, they are 
the ones making those selections, they are the ones assessing 
the qualifications and capabilities of those kinds of entities.
    Mr. Bryant. Okay, you said something at the end that may 
have answered my question. You said, ultimately, the buck stops 
there; they are responsible. Do you accept the premise that the 
providers have legal liability, legal exposure, for the fraud 
and abuse that person they have contracted with, their 
subcontractor, perpetrates on the United States Government? Do 
you take that position? If so, do you go back after the health 
care providers in a civil fashion to recover the dollars? Does 
that happen?
    Ms. Thompson. Yes. But I would offer perhaps Mr. Morris to 
expound more on that.
    Ultimately, yes, the payments are made to the provider, 
regardless of whether or not they select an agent who helps 
them collect that payment and post accounts receivables and so 
forth. If there is an overpayment, it does get taken back from 
that provider. Whether or not they are legally culpable, of 
course, in a civil or criminal matter will in some part depend 
upon whether or not they meet the legal standards for reckless 
disregard and so forth.
    Mr. Bryant. One angle we are talking about today where it 
is not the provider cheating, it is the provider's third-party 
subcontractor, there are all kinds of answers to this; and we 
can talk about maybe HCFA ought to set some standards and 
requirements for these third-party payers to come in and be 
qualified. But it seems to me the simple solution is to look 
back to the health care provider with whom we have the contract 
with, who has deep pockets. If they can't be any more careful 
in who they subcontract with or who they oversee or check, some 
of the people where they are being cheated, they don't catch 
that, if they can't be more responsible, then they are the ones 
that owe us the money.
    I am wondering why we are here trying to find a solution at 
the Federal level in overseeing this, when it is just a simple 
matter of going back to that provider and saying, I am sorry, 
but the folks you trusted abused the system and committed fraud 
or abuse, and we had to overpay them, so therefore you owe us 
this.
    Maybe by making some examples--and I have friends that are 
health care providers, and I hate to lay it on them, but they 
are the ones responsible. By letting them know in a clear, 
visible, financial way that then maybe they will be more 
careful in who they hire and be more careful in overseeing and 
making sure that these folks they hired are not cheating. To 
me, that is the simple solution to this aspect of third-party 
fraud and abuse.
    Mr. Burr. Would the gentleman yield for 1 second? I know 
Mr. Morris wants to answer the question you asked, but let me 
turn to Mr. Lack for just a second. Because you got on the 
inside. You understand--you got pitched.
    Mr. Lack. Yes.
    Mr. Burr. I guess my question would go right at the heart 
of what Mr. Bryant is raising. Did you find that the pitch 
really did feed off of the difficulty that doctors have any 
assurance that they are in compliance with what the rules and 
regulations are?
    Mr. Lack. Yes. As a matter of fact, with the pitch that we 
received, we portrayed ourself as a nursing home chain seeking 
the assistance of Handle With Care. As part of it, we had an 
agent acting as a medical records technician, saying, ``Why 
can't we do this ourselves? Why do we need you?''
    And what we got pitched back was, ``Medicare doesn't want 
you to know how to bill. It is a secret. It is a trade secret. 
And you know how difficult this is, and we have been at this 
for years. We used to work for an intermediary.'' Which was not 
true. Most of it was puffery and fabrication. But we would not 
have known that as a company. We would have had to check their 
references.
    And they had very good references, by the way, extremely 
good references. Because of all the other nursing homes--the 
nursing homes didn't know they had been defrauded originally. 
The first one they went to in Seattle, they went to work for a 
week, and Medicare cut a check to the hospital--the nursing 
home was owned by a hospital--for half a million dollars. The 
hospital would say, ``This came from Medicare. How can it be 
fraudulent? It went through the system. Everything is fine.''
    It wasn't until those claims were reviewed at our request 2 
years later that the fraud became evident. Medicare processed 
those because the computer thought they were fine. It is 
surgical dressing, surgical diagnosis. The computer didn't ask 
the critical question: ``What are surgeries being done for in a 
nursing home?'' The computer just did what it was told to do.
    In that case, it appeared to be a legitimate transaction. 
This nursing home was very happy. Actually, they enlisted the 
help of a large law firm, a law firm that specialized in health 
care matters, and they underwrote Handle With Care for the tune 
of a couple million dollars, saying this is great. This law 
firm was then representing Handle With Care and getting clients 
for it. When they come to us, they come to us with 
representatives from the Seattle hospital, which is a 
legitimate major concern, and representatives from this legal 
firm that was legitimate. So, for all intents and purposes, it 
appeared legal.
    Mr. Bryant. But it seems to me again we are chasing the 
wrong horse here. It is a simple matter that the health care 
provider is liable for the subcontractors, at least in terms of 
not going to jail, but in terms of paying that money back if we 
put that onus to pay money back on the provider, that sounds 
good.
    These folks are doctors. They go to medical school. They 
have MBAs running their hospitals and clinics and so forth. 
These are smart people. They are going to have to get the 
message that, yes, if these folks cheat, we are going to 
ultimately be responsible, as they would be in any such legal 
relationship. This is not an exceptional case for doctors and 
hospitals. It seems like, anyway, that would be the simplest 
solution.
    Those people, like the third-party payers who commit fraud, 
criminal fraud--and my question to you was going to be, do you 
ever see any of these people go to jail? Or is it always just 
they are on a list somewhere and they can't do this for a while 
or they have to pay the money back? But do any of them go to 
jail?
    Mr. Lack. In the Handle With Care case we were successful 
in all avenues. One of the sisters went to prison for 3 years. 
The other went to prison for 5 years. We brought civil actions 
against the nursing homes because we held them responsible for 
not looking at nine claims. They should have asked more 
questions. The main question is, ``If I get a check for 
$500,000, I don't want to miss that in the future. What did we 
do wrong?''
    So we recovered--of the $7 million that was offered paid, 
we recovered $5 million of it in civil settlements against 15 
of the nursing homes.
    Mr. Bryant. Without being abusive, let me just thank you 
for your answer and commend you for sending some people to jail 
that need to be in jail for a while, and let Mr. Morris make 
your comment.
    Mr. Morris. Although you are correct that both the 
provider, in this case the nursing home or the physician and 
the third-party billing company, are responsible for the claim 
and the False Claims Act specifically addresses those who 
submit or cause to be submitted a false claim, there are three 
potential challenges to the solution you proposed.
    The first is that ofttimes we cannot find all the providers 
that a third-party billing company has enlisted, wittingly or 
unwittingly, in its scheme. As Mr. Lack explained in his case, 
we did not realize that there was a common thread to separate 
investigations. So it may be, even when we close down a crooked 
third-party billing company, we never learn all of those who 
intentionally or otherwise benefited from its scheme.
    The second problem is that, many times, the amount of money 
that a particular provider receives as a result of these 
schemes is relatively small. When we are talking about millions 
of dollars in fraud taking place in our programs, we obviously 
have to allocate resources. So a $15,000, $20,000, $30,000 
fraud, although not insignificant and is money that should come 
back to the trust fund, may not warrant the sort of attention 
that a $1 million fraud has. Even if we know who the health 
care provider is that benefited from a crooked third-party 
biller, it may not be an appropriate use of our resources to go 
after that one. Finally, we are always mindful of providers' 
ability to pay.
    If we take money back from a provider who thought it was 
receiving legitimate payment for legitimate service, that is 
money that comes off of their bottom line. Ofttimes we are 
confronted with the situation of having to ask whether it is 
better to walk away from a known debt and allow a provider to 
continue to provide quality services to needed patients or to 
insist on that money being repaid.
    So both the challenge of finding these people in a timely 
fashion and actually getting the money back in a cost-effective 
way makes the idea of just going back to the provider and 
holding them accountable have some challenges to it.
    Mr. Bryant. If I might just respond, I understand the 
economies of scale on this, and I appreciate that, but I think, 
again, if we put the burden on the--where it should be, we 
could accomplish a great deal. We are not going to get every 
case, obviously, but issues like small amounts, relatively 
small amounts like $30,000, it seems to me if you know that 
money is owed, send a letter to them, like in overpayments in 
the past we have done that. Of course, I hear from my hospitals 
and doctors when you do that. I say, why are you all being so 
hard on them? But that is what you might need to do, 
particularly if there is a pattern there.
    Again, I think I am interested in sending a message out 
there that we have to--this is a problem and we have to be 
careful about this. I am not so sure it is HCFA and those of us 
sitting in the room that have to be that careful, we should, 
but the legal burden is on the people in the contract with 
them, to check them out better and to monitor what they are 
doing better, and maybe the way to get their attention to do 
this is through the pocketbook.
    Mr. Morris. If I could add one last point--and we agree 
with that approach, we have issued a number of compliance 
guidelines, one in particular to third-party billing companies. 
We are now working on a compliance guideline, a voluntary 
guideline, for physician practices. One of the issues we will 
be addressing in that set of best practices is the need to make 
sure they know who they are contracting with, consultants, 
third-party billing companies and the like.
    Mr. Bryant. We will let Mr. Burleigh speak after a while on 
this.
    Mr. Burr. I think Ms. Aronovitz would like to add 
something. Let me say as I move to it, I have been sitting here 
thinking as Mr. Bryant has talked about physicians entering 
into this agreement and what Mr. Lack said trying to figure out 
what drives them, with my belief that we do have a very 
confusing system. I don't quite give the credit to physicians. 
They are educated, they are intelligent up to a point. I think 
business is not a course that they teach in medical school, nor 
was tax preparation.
    I sit here waiting for my taxes to come back. I contracted 
with somebody that I thought was capable, reputable, and the 
fact is that I am at the mercy of the calculations they come 
to. They will ask me to look them over. If I was smart enough 
to catch the mistake, I would have done the damn thing myself. 
But the fact is that I am not capable of doing it because of 
the confusion and the difficulty of wading through a Tax Code 
that I am not educated enough to do.
    I don't know that that is necessarily----
    Mr. Bryant. When the IRS comes back and you underpaid, who 
pays that?
    Mr. Burr. They come to me.
    Mr. Bryant. You get a different accountant next year.
    Mr. Burr. I am not questioning that fact. But the same way 
I would look at the Tax Code and say does it have to be this 
difficult, I would look at your quarterly booklet of new 
regulations and say, does it really have to be this difficult.
    Ms. Thompson. If I may make a comment about that, in these 
cases, as is often the case, because often we hear this, our 
rules are complex, and some of them are--but these are services 
that weren't rendered, every claim submitted was submitted at a 
higher code. These are things, if anybody had been paying one 
degree of attention to the claims submitted, they would have 
known they were wrong.
    Mr. Burr. Clearly, you are right. I think my point was more 
on the motivational factor of the contract being entered into 
originally. I think when we choose somebody who has the 
references, who we have the confidence in, we tend, because we 
are not experts, to trust the conclusions that they come to. I 
think Mr. Burleigh said it. We will never weed out all the bad 
apples.
    Ms. Aronovitz.
    Ms. Aronovitz. I think we are talking about an issue that 
is--this a fundamental issue in terms of the way HCFA uses very 
limited and valuable safeguard resources to identify problems 
that arise.
    I think Mr. Morris said the key thing when you talked about 
how we could get HCFA to systematically identify providers that 
have been either victimized or a part of a situation where one 
problem third-party biller has engaged in erroneous or 
fraudulent billing.
    The problem right now, and one of the concerns we have, is 
that HCFA, in identifying a situation where there is a third-
party biller and going after one provider, it can do that. But 
what it cannot do is link that third-party biller with all the 
other providers who might have been involved and systematically 
deal with them as one case.
    I think Special Agent Lack and Mr. Morris both described 
the extra resources and intellect it took to finally realize 
that this one third-party biller was behind quite a few 
different fraud schemes around the country. That is 
unacceptable. If there could be a way to link in either a data 
base or some automated approach which would then get to 
identifying individual providers or third-party billers in a 
more systematic and constructive way----
    Mr. Burr. Hopefully--we all hope the outcome of this 
hearing is to stimulate the thought processes as to whether 
this is a way to design that, and clearly I think we can.
    Before I recognize Mr. Stupak, let me just ask one question 
of Ms. Thompson. You said to Mr. Bryant that you consider this 
to be one entity, the physician and the contractor as one. We 
have new proposed regulations as it relates to health care 
privacy. Do you consider that the third-party billing agent is 
under the guidelines that you extend to the physician as it 
relates to health care privacy?
    Ms. Thompson. I am not the privacy expert, and I know that 
those are fairly complicated rules. We will get you an answer 
for the record. I believe that is the case.
    [The following was received for the record:]

    Yes, the proposed rule, which implements the privacy provisions of 
the Health Insurance Portability and Accountability Act of 1996, would 
apply to the third-party billing agent of the physician.
    The third-party billing agent, who is under contract to perform 
services for the physician, is a contractor. While the proposed privacy 
rule applies to three types of covered entities (e.g., health plans, 
health care clearinghouses, and health care providers who transmit any 
health information in electronic form), its provisions also pertain to 
the business partners of covered entities. Section 160.504 of the 
regulation describes a business partner as a person to whom the covered 
entity discloses protected health information to assist in the 
performance of a function or activity and includes ``contractors or 
other persons who receive protected health information from the covered 
entity . . . including lawyers, auditors, consultants, third-party 
administrators, health care clearinghouses, data processing firms, 
billing firms, and other covered entities.'' Clearly, the third-party 
billing agent falls within the purview of a business partner.
    In section 160.506(e)(1) of the regulation, covered entities are 
required to have contracts with their business partners to ensure that 
the business partners appropriately safeguard protected health 
information. This means that business partners of covered entities are 
required to comply with the same privacy rule standards for the use and 
disclosure of protected health information as covered entities.
    Therefore, the proposed privacy rule requirements for protecting 
health information would apply to the physician's third-party billing 
agent.

    Mr. Burr. So wouldn't that really compel you to want to 
know who that third-party billing agent is?
    Ms. Thompson. Our instincts are to want to know who the 
third-party billing agent is. That is why we are collecting 
that information on our enrollment forms. When we have fully 
implemented our new enrollment process, it will do it.
    Miss Aronovitz has talked about collecting information on 
third-party billers, to be able to allow us to make some 
linkages about which providers third-party billers are 
associated with, for the purposes of looking at claims and 
doing analysis and supporting investigations and so forth and 
so on. There are some issues with that. Ms. Aronovitz talks 
about the fact it is self-reported data. That is true. We are 
going to be setting out requirements asking for periodic 
updates of that information. It is also true, though, if 
someone fails to do that, our recourses are somewhat limited. 
People will say, well, I overlooked it. I didn't update the 
information. But it was an oversight.
    So I think that there are some issues with that, but I 
think it is going to provide a lot richer data for us in order 
to be able to aggregate and analyze claims that are being 
handled by a third-party source.
    Mr. Burr. I just want to make sure I understood you. As 
director of the Medicare Program Integrity Group, you weren't 
consulted in an integral way about the privacy regulations that 
HHS was proposing?
    Ms. Thompson. Yes, I was, but I am not the privacy expert, 
and I don't have in front of me all of the answers to who falls 
under what rubric.
    Mr. Burr. Mr. Stupak is on a very tight schedule, I know, 
and I don't want to take away from that, but I am going to come 
back to this, because I think the implications of the privacy 
issue are enormous. I saw Mr. Burleigh start writing. I think I 
have raised an issue that he should be very interested in, too, 
in taking your interpretation and understanding of how these 
two tie together.
    Mr. Stupak.
    Mr. Stupak. Ms. Thompson, in response to Mr. Bryant you 
said something like, this case was very simple. No one was 
paying attention. They were overpaying false claims. I think 87 
percent of the claims filed were false by this BMS. Who should 
have been paying attention? Who should have been overlooking 
the data that comes in?
    Ms. Thompson. Well, clearly, it is one of our 
responsibilities, in terms of analyzing the claims, that we 
receive to assess whether or not those claims are correct and 
appropriate for payment. Obviously, with 1 billion claims, it 
is very difficult for us to collect a medical record on each 
one of those claims or to go out to the providers or the 
beneficiaries onsite and document that those claims were 
actually rendered.
    Mr. Stupak. If you have the responsibility, then where is 
the accountability then? Who do we hold accountable when we get 
cases like this?
    This isn't something that just happened. I entered Mr. 
Dingell's report from GAO, which was June 1999, but I know this 
has been on the radar screen for several years now and doesn't 
seem like we are any closer to a solution to this problem.
    So while maybe people are willing to accept responsibility, 
I guess we are still not getting accountability here. How do we 
go about implementing this so it doesn't continue to happen?
    Ms. Thompson. I have to say that I always want to caution 
people about the idea of how do we fix the problem of people 
submitting claims that aren't true, and there isn't an easy, 
silver-bullet answer to that. If there was, we would do it, and 
we would put the OIG out of business, and they could go home 
and move on to other areas of fraud.
    Mr. Stupak. That is not realistic. I said it has been going 
on for a couple of years. The GAO report in June 1999 put forth 
conclusions that it should be done. What has been done to 
implement the conclusions of almost 10 months ago? Anything?
    Ms. Thompson. We have had many conversations about what 
steps we need to take, and I think that part of my testimony is 
pointing out that two sentences saying you should register 
billing agents who collect this data doesn't quite reflect the 
complexity which Mr. Burleigh discusses, about the kinds of 
questions we need to answer so we are not imposing a regulation 
on the industry, that really doesn't accomplish what any of us 
want it to accomplish and creates administrative burdens and 
new requirements without really addressing the underlying 
vulnerability.
    Mr. Stupak. You said you have had some conversations, and 
the two lines you put out in your statement there, those 
suggestions have been around even before June 1999, even before 
that report. So how many more years are we going to have 
conversations before we actually get some implementation of 
something?
    Ms. Thompson. Mr. Stupak, implementation of what? What 
would you like us to do?
    Mr. Stupak. Just start with the third-party billing. Let's 
start with the identifications and identify who they are.
    Ms. Thompson. So what are the answers to the questions that 
Mr. Burleigh and I have raised in our testimony about who we 
should classify as a third-party biller, and what standards 
should be set for them, and what is the registration process so 
that we can validate the information that we receive?
    Mr. Stupak. Well, the rule of law under HCFA says the 
person who receives it is the provider, right? You have to have 
a provider number, right?
    Ms. Thompson. Right.
    Mr. Stupak. Someone applies to you. They are either a 
provider or not. So if they are not, I think they would fall 
into third-party billing.
    Ms. Thompson. We don't enroll third-party billers. We 
enroll providers. I think the question is whether or not we 
should enroll----
    Mr. Stupak. Hasn't the recommendation been for some time 
now, even before the June 1999 report, that it is time to 
enroll these third-party billers?
    Ms. Thompson. Yes.
    Mr. Stupak. So other than just having discussions among 
yourselves, what have you been doing to get the process off the 
ground?
    Ms. Thompson. We are not prepared to say that we agree that 
that is the right solution.
    Mr. Stupak. If that is not the right solution, then what is 
your suggestion as the right solution?
    Ms. Thompson. What we are inclined to do is say, yes, we 
need to have a process for tracking claims so that we can 
understand who is associated with the preparation of those 
claims. Again, the response to that--I think we also need to be 
clear about what that information is going to give us, and 
whether or not we can be confident about the reliability of the 
information--to the extent we have collected information from 
providers, for example, on who their third-party billers are, 
as Ms. Aronovitz points out, how confident are we that 
information is being updated and that information is correct, 
or in absence of a registration process, how well we link 
commonly owned, say, third-party billers from one to another.
    Mr. Stupak. To summarize, you are really not sure what you 
should be doing yet. You haven't made a decision yet.
    Ms. Thompson. That is one of the reasons we are very happy 
to have this hearing and work with the committee on what are 
the proper responses.
    Mr. Stupak. Let me ask Ms. Aronovitz and Mr. Morris. Each 
of you know the GAO report was completed for Mr. Dingell in 
June of last year highlights a number of weaknesses regarding 
the way HCFA tracks third-party billing. Since that report was 
issued, can you tell me of any material changes HCFA has made 
to corrects these problems?
    Ms. Aronovitz. I think in our report last June we did not 
actually take on the idea of registration. We were concerned 
with some other fundamental problems about activities that HCFA 
had agreed to do, and that was to update its provider 
enrollment data base and to develop its automated system. We 
see that there are some real gaps in reliable and complete and 
timely information in those two efforts, and our hope is that, 
at a minimum, HCFA will consider ways to deal with those gaps.
    Mr. Stupak. Those two gaps----
    Ms. Aronovitz. Those still exist right now.
    Mr. Morris. In a report we issued earlier this week 
entitled Medical Billing Software and Processes Used to Prepare 
Claims, one of our conclusions was there was a need for 
identifying and registering all clearinghouses and third-party 
billers, and there was a need for improving safeguards. HCFA 
agreed with those recommendations. I don't think we are finding 
resistance from HCFA. As Ms. Thompson indicated, the question 
is how to do that effectively.
    One of the problems we have seen, not just in the third-
party billing context but all of the interfaces we have with 
providers or their representatives, is how do we know the 
information is accurate and updated? So one of the balances is, 
if you get all this information in, can you rely on it and what 
do you do with it?
    We do think there are vulnerabilities. I think Ms. Thompson 
made it clear she acknowledged that as well. To answer your 
specific question, I am not aware of any changes from the 
summer.
    Mr. Stupak. Mr. Burleigh?
    Mr. Burleigh. Well, I think that this is probably a good 
point to make several comments on, but to respond specifically 
to your question, the idea that a third-party billing company 
is a third-party billing company oversimplifies this.
    For example, a medical practice might, for tax reasons--and 
there are a number of examples of this--incorporate a separate 
identity to employ all of the staff involved in its billing, 
and they do that because they can have separate pension funds 
and so forth. Is that a billing company? Their only customer is 
the owner of the billing company. It is a different name.
    Some of those organizations provide billing services to 
other practices. Gee, I am having trouble with my billing, and 
my colleague tells me they are doing pretty well, so I will 
hire my colleague and their practice to do my billing. They use 
commercial software. Because of the aggregation and sort of 
critical mass required for claims submission, it is not unusual 
for the software vendor that provided the software to become a 
collection point for the claims. They then forward that to a 
clearinghouse.
    Mr. Stupak. That may all be true, but, again, if you rely 
on 42 USC 1395, it says that payments made to a beneficiary or 
under assignment to the medical provider who provides the 
service----
    Mr. Burleigh. That is how it works.
    Mr. Stupak. [continuing] whether they set up a corporation 
to do their billing or anything else, it if it is supposed to 
be to the provider, if it is not the provider, then I think it 
is a third-party.
    Mr. Burleigh. The payments are not made to the third-party. 
The payments are made to the practice.
    Mr. Stupak. The third party does the billing, right?
    Mr. Burleigh. That is right.
    Mr. Stupak. So they should have a separate identification 
number, separate from the doctor or the hospital providing the 
medical service.
    Mr. Burleigh. The complication is the number of third 
parties involved in that process explodes. The practice hires a 
third-party biller. The biller is a relatively small 
organization. They transmit the claim that they have prepared 
to the software company whose software they are using. The 
software company aggregates them with others, forwards it to a 
clearinghouse.
    Mr. Stupak. That may be all true. Maybe I am taking a 
little hardheaded approach here, but this has been going on for 
some time. I don't think it is that difficult to identify a 
provider and third-party biller. I mean, we just were talking 
about our taxes. Most of us probably have someone else do our 
taxes. That person who prepares our taxes has his 
identification or her identification number on there. I still 
have to sign it. I still have to put my John Hancock on there. 
If there is a problem, I am still responsible.
    But, you know what? There is a provider number for that 
accountant or CPA firm or H&R Block or if Burr is doing my 
taxes, heaven forbid, he has to have one. The point being, I 
don't think it is that difficult to identify these third 
parties if we get at it instead of continue discussions and 
make up excuses--you know, different scenarios how we could get 
around it. If we do it with the Tax Code, which everyone says 
is the worst thing in the world to deal with, why can't we do 
it with something like this?
    Mr. Burleigh. We agree conceptually identifying who we are 
is not a problem. The concern is that, in terms of the 
practical process, if the billing company has touched a claim, 
put their number on it, if the software company that they sent 
it to has touched the claim and could theoretically participate 
in some fraudulent scheme, put their number on it also, it then 
goes to a clearinghouse, and they have the same opportunities, 
you have got to put their number on it as well. There are 
additional variations of that. There are billing companies and 
practices alike who subcontract to have their paper claims 
handled by a third-party, even though they do their own 
electronic claims, or they have other contractors do that. The 
industry has become very, very complicated.
    Mr. Stupak. Probably with all the rules, we made it more 
complicated. Why don't we just call a summit between all the 
stakeholders next month and have them come in and get a grip on 
this thing and fix the thing?
    Mr. Burleigh. We would be happy to do that.
    Mr. Stupak. That is one positive thing I heard. Go ahead, 
Ed.
    Mr. Bryant. I thank my friend from Michigan.
    Before you arrived, we were talking about this issue, and I 
think it has become even more complicated.
    Mr. Burleigh, I appreciate your explanation in terms of the 
way the system works sometimes. It appears we have got multiple 
layers now of subcontractors, and that subcontractor is 
subcontracting, and as many as maybe two or three, which seems 
to be something of a defense here, that, well, that is part of 
the problem. That is why there is abuse and fraud. We don't 
know who is doing it, but we are not doing it. Somebody else is 
doing it.
    I am not saying HCFA doesn't have an obligation and others 
don't have an obligation at the top end to look down. But, 
ultimately, all of these layers of subcontractors--the legal 
responsibility goes back to the provider who hires the first 
subcontractor. And it seems to me that is--I know it is an 
oversimplification, but if we start going back against some of 
my colleagues back home who operate clinics and doctors' 
offices and hospitals and really letting them know I think they 
have a legal obligation to the taxpayers to be more responsible 
in who they bring on and monitoring who they bring on so we 
don't get hit with this fraud and abuse--this is not to say you 
don't have a responsibilities, too, but I think we are missing 
a key component here. I know we are doing it some, but I think 
we could do a better job of getting that message out.
    I yield back.
    Mr. Stupak. Mr. Burleigh, has HCFA contacted you, your 
business, PractiCare, on your input on the problem?
    Mr. Burleigh. We have had an ongoing dialog with Ms. 
Thompson's office and with the Office of the Inspector General 
and others in the government. Because, as an association, we 
viewed this as an obligation that we have to be proactive, to 
have a clean house, to be a strong advocate for compliance in 
every respect, to promote it with our members and our members' 
customers.
    You will see in my written comments that we have even 
advised our members that it may become necessary for them to 
fire a customer if they have a problematic practice who has 
asked them to do things that they are not comfortable with. So 
we are very much in favor of keeping a clean process and 
supporting compliance, as long as it is realistic and 
practical, and as long as it really is not a false solution, as 
Ms. Thompson said. Because you can know who we are, and there 
are so many others involved in the process that you really have 
not addressed the issue.
    Mr. Stupak. Well, you know, as I think Ed pointed out in 
his opening statement, he has only been on here--he is in his 
first term. Mr. Burr and I have been on here for some time, 6 
years at least, and it seems like we are always dealing with 
the same thing, always getting the answer we are working on it, 
and nothing gets done. From this end of the dais, it gets 
frustrating. When I suggested a summit between the stakeholders 
next month to fix it, I hope HCFA picks that up. Is there any 
objection to having a summit and getting it resolved?
    Ms. Thompson. I think that is a wonderful idea. As we noted 
in our testimony, we plan--our upcoming provider enrollment 
regulation asks for public comments on what steps we should be 
taking to strengthen the oversight of third-party billers. That 
could be, actually, a very helpful sort of precursor to wider 
opportunity for public comment on what steps we should be 
taking.
    Mr. Stupak. Thank you, Mr. Chairman.
    Mr. Burleigh. If I could just add one thing, last year we 
met--our immediate past president and our current treasurer, 
two of our board members met with Ms. Thompson and her staff to 
talk about this specific issue; and we also participated in a 
conference call with the GAO staff, who were also exploring 
this on behalf of Congressman Dingell. So we have been active 
and wish to continue to be active in assisting the committee 
and developing a solution.
    Mr. Stupak. Active discussions are great, but we want 
active, concrete action.
    Mr. Burr. I thank the gentleman.
    I see that we have been joined by several more of our 
colleagues. The Chair would recognize Mr. Green for the 
purposes of questions.
    Mr. Green. Thank you, Mr. Chairman. I ask unanimous consent 
to have a statement placed in the record.
    [The prepared statement of Hon. Gene Green follows:]
  Prepared Statement of Hon. Gene Green, a Representative in Congress 
                        from the State of Texas
    Thank you, Mr. Chairman for scheduling today's hearing. The 
problems of waste, fraud and abuse in the Medicare program is a 
continuing one and this Committee must remain vigilant if we are to 
ever start making progress toward diminishing it.
    Today, we are examining the role of third party billers in the 
Medicare system. Because of their access to billing information from 
the health care providers and their patients, these companies, should 
they be inclined, are in a unique position to commit fraud with a low 
chance of discovery.
    Part of the difficulty in tracking this fraud is that HCFA 
currently has no way to determine whether or not providers are 
submitting claims themselves, or if they are using a third party 
billing company.
    In the example that the GAO will present to us today, a woman from 
Sugarland, Texas added a new twist. She operated as a broker between 
doctors providing mental health services to nursing homes and another, 
reputable third party billing company, using her access to doctor and 
patient information to improperly bill Medicare for $1.3 million 
dollars.
    This case, currently under review by the U.S. Attorney's office in 
Houston, should serve as a call to action, not just to this Committee, 
but to HCFA, to implement regulations that will put an end to this type 
of behavior.
    Again, I commend the Chairman for calling this hearing and look 
forward to the testimony of the witnesses before us today.

    Mr. Green. Mr. Morris, your office, the OIG, released a 
report suggesting that HCFA register all claims and 
clearinghouses and all third-party billers. Following up on my 
colleague from Michigan, in that report OIG suggested HCFA 
cannot identify most of the clearinghouses and billing 
agencies. I think that is what we heard in the last series of 
questions.
    First, what are the implications of this finding; and, 
second, Ms. Thompson, after Mr. Morris, does HCFA agree with 
the IG's findings in that it cannot identify most of the 
clearinghouses and most much the billing agencies and all of 
the people that may touch those? Mr. Morris?
    Mr. Morris. The implications of that recommendation are we 
would have then a data base by which we could draw patterns and 
identify overarching practices and individuals. I think the 
analogy of a needle in the haystack, this would allow us to use 
a magnet to pull that needle out. It would give us another tool 
to be able to identify problems which are broader than a single 
provider. So it would be very helpful to us.
    Mr. Green. Ms. Thompson?
    Ms. Thompson. We did concur with the OIG recommendation as 
we have been discussing. We do believe we need to develop more 
information and have more information on the clearinghouses and 
third-party billers involved in our process and have some plans 
and efforts under way to increase the amount of information 
that we collect on those billers.
    Mr. Green. Okay. That includes the whole gambit, as Mr. 
Burleigh talked about, of people who--everyone that may touch 
that particular claim?
    Ms. Thompson. I think that is one of the issues that we 
need to sort out a bit better. Because there is a question, for 
example, as to whether or not we would want to reach in to, 
say, a small practice environment in one of our rural States 
where there is a part-time contractor who comes in perhaps on a 
weekly basis to prepare a claim. Do we really want to regulate 
that kind of person and set standards for that kind of person? 
Does that kind of person need to register? So we do need to 
have some conversations about where to draw these lines and who 
we want to define as a third-party biller and who we really 
want to know about and track.
    Mr. Green. If that part-time contractor all of a sudden 
from that rural State that does it part-time all of a sudden 
started billing three or four times what is expected, you need 
to have some mechanism to identify that.
    Ms. Thompson. That is right. There are some available 
mechanisms where we might be able to see that. In fact, at 
least in one of the cases that was discussed here today it was 
a contractor actually performing focused medical review, which 
is one of our program safeguard activities, that actually 
identified the vulnerability and identified the improper 
payments and actually triggered the investigation. So I think, 
again, the question is, do we--you know, where do we want to 
draw the line? Is it on everyone who may influence or who may 
participate in a coding decision? And to what extent, for 
example, would we want to set standards if we are doing that 
for employees, say, of a physician's office?
    Mr. Green. Mr. Morris?
    Mr. Morris. If I could just add, there is a way of looking 
at this that expands the analysis beyond just clearinghouse 
registration. As we note in our written testimony, Congress 
recognized as early as the early 1970's paying billing 
companies based on a percentage of the revenues they bring back 
to the client is an incentive to cheat, because the more you 
bill the program, the more you can take off the top.
    This is what we have seen in Handle With Care. They took 50 
percent of the receivables. It is what we see with physician 
billing practices. If you can inflate claims because you are 
going to get a percentage of each claim that goes in in 
dollars, that creates an incentive. Anonymity creates an 
incentive to cheat, because, if no one knows what you are doing 
in the dark corners, it is one more temptation. Registering 
third-party billing companies addresses the issue of anonymity, 
but we should also be thinking about whether there should be an 
expressed, clear prohibition against incentive billing.
    The way the Congress set the reassignment requirements up, 
there is such a prohibition. But, as we note in our written 
testimony, there is a very easy way that one can circumvent 
that by having the payment first go to the physician who then 
promptly reassigns it to the third-party billing company.
    What happens is physicians will have all the money come 
into an account and authorize its third-party billing company 
to sweep that account every 24 hours. So from the appearance of 
HCFA, it is making a payment to a physician and thus none of 
the reassignment rules apply. Yet, in reality, the third-party 
billing company has swept that account, taken all the money out 
and, if operating on a percentage basis, has every incentive to 
inflate the claims that went into that account. So as we think 
about this, it is not just a question of registering third-
party billing companies and facing the challenges of dealing 
with small providers and the like, but it is also going to the 
fundamental incentive that anybody has to inflate services in 
order to get a greater share of the fraud.
    Mr. Green. Again, from what we have heard today and the 
suggestion of my colleague, Mr. Stupak, do you think HCFA is 
moving forward with what they are talking about, just from the 
little bit of time here?
    By the way, Mr. Chairman, I apologize. I was at the telecom 
hearing downsize. Governor Gilmore was there, and very seldom 
does a lowly Member of Congress get to question a Governor of a 
State.
    Mr. Burr. My only hope is I can touch you before you go.
    Mr. Green. But do you think HCFA is on the road to drafting 
new regulations or addressing the concerns that the OIG has?
    Mr. Morris. I think so. I think, as Ms. Thompson indicated, 
this hearing, our reports, the GAO reports, all add logs to 
that fire. I think certainly they intend to try to address this 
as best they can.
    Mr. Green. Do you have any other suggestions that HCFA 
could do? Obviously, hopefully you communicate with each other 
more often than when we have these congressional hearings every 
6 months.
    Mr. Morris. One other suggestion we would offer, and it is 
in our written testimony, is, in addition to knowing who we are 
dealing with and cutting out the incentive to cheat through 
these incentive payments, is that there be efforts made to 
ensure that third-party billing companies are adequately 
trained and know what they are doing.
    In my written testimony I reference an advertisement we 
came across in an airline magazine, where for $69 you could get 
into the business of medical billing company services. It is 
quite remarkable, if I could read from it.
    For a mere $69 you can pick up a book called ``How to Start 
a Medical Claims Processing Service'' that promises that your 
prescription to a healthy income involves nothing more than 
owning a computer, a printer, a modem and claims processing 
software. The ad goes on: ``There is no training needed; and 
with health care reform, the need for processors and the 
profits to be made will only increase.''
    We think that kind of inducement to bring people in who 
don't know what they are talking about to this line of work 
creates another vulnerability.
    Mr. Burr. Would the gentleman yield for a second? I just 
want to take this opportunity to point out, I am sure this is 
not an ad that the association took out.
    Mr. Burleigh. That is right.
    Mr. Burr. I don't want there to be any link there. That ad 
just on its face suggests that you have to have some type of 
application or ID number or something that eliminates an ad 
like that from filtering anybody into this business it can.
    One real specific question: In your proposals, your No. 1 
was you have got to have an ID. I heard Ms. Thompson say we are 
not convinced that that is a necessity. I understand Mr. 
Burleigh's reluctance, because sometimes our actions to tighten 
an opening that is there becomes very onerous, and we are going 
to stay focused on that as we look for solutions to make sure 
it is not overburdening on stakeholders.
    But there is a distinct difference. You are making a 
specific proposal with a great deal of confidence that this is 
one of the things we need to do. You are saying we don't know. 
I am hearing that you are talking to OIG. I don't think you 
didn't know that he would make this proposal. I think you have 
probably shared it with him.
    Mr. Morris. We talk frequently.
    Mr. Burr. Had you ever seen that ad?
    Ms. Thompson. No, although it was very scary to me, because 
it was very reminiscent of some ads we used to see for home 
health agencies about 15 years ago. We don't see them any more. 
But it is a very scary kind of ad.
    Again, I want to clarify, we do believe conceptually that 
registering billing agents is something that we should do. The 
question is less what than how.
    Appreciating all the kinds of issues that Mr. Burleigh 
brings to the table, as we have discussions about how would you 
react to that and would you be supportive of that kind of an 
approach--and the general answer again is, conceptually, yes, 
but now what information are we collecting? Some of this gets 
down to the details about how onerous is this going to be. How 
high is the bar going to be? Can you decline to register me? On 
what basis would you decline to register me and basically then 
sort of make me unable to do business with providers who are 
billing the program?
    Mr. Burr. Clearly, based upon our reimbursements, if that 
were a home health ad today, we could bring them up on false 
advertising. They can't aspire to making a profit being in the 
business.
    Mr. Green. I just have one last question.
    Mr. Burleigh, you remarked in your testimony that your 
Association is concerned with, and in the last line of 
questioning, any initiative to register claim submitters would 
overlook large segments of the industry that regularly handle 
some parts of the claims preparation and submission process. 
Mr. Burleigh, how do you achieve accurate accountability over 
the entire Medicare payment chain without your having to 
register each and every participant involved in handling or 
submitting a Medicare claim? In other words, what is the best 
solution for tracking ancillary or third-party billers that 
play some role in preparing these Medicare claims?
    Mr. Burleigh. The methodology has to be divided, first, 
between electronic claims and paper claims, because there 
continues to be claims that require attachments and other 
documents that have to be go on paper, and there are still 
insurers who will not accept claims electronically. So on the 
tracking electronic claims, our view is it would require there 
be an identification number or an identification mark of some 
kind that would be attached by each party that handled the 
claim, and that would require space for probably five or six 
possible additions to the claim before it got to the payer.
    The physical aspects of that, the technological aspects of 
that--there is a very well-established data set, and the time 
required to reprogram the contractor's computers to receive the 
information, the vendor's computers to transmit the 
information, the practice to keep track of all of that 
information, would be very time-consuming, and we have to begin 
wondering to what benefit?
    To go back to what Ms. Thompson said about the possibility 
that we have a false solution, we agree that identifying all 
the parties that have handled the claim will make the OIG's job 
easier, and we don't disagree with that. We support that as 
well. We believe in compliance. Our members are not concerned 
about having anyone know who they are. Most of the examples 
that have been discussed today describe a criminal enterprise 
and not ordinary business being done by billing companies.
    So, you know, again, we have no problem with it. We do have 
concerns about how it would be done and whether it is 
technically feasible and whether it is economically practical.
    Mr. Burr. If the gentleman would yield, let me say it is 
the hope of this committee that our policy won't be to make 
Special Agent Lack's job easier. It would be that we discourage 
people from committing the type of fraudulent claims that Mr. 
Lack goes out and investigates. I think you just misstated what 
you meant to----
    Mr. Burleigh. Thank you for that suggestion. I think, too, 
that Mr. Lack will never be out of work, just because there are 
criminals in every walk of life, and some of them decide to 
come down in the medical billing arena or in health care in 
general.
    Mr. Burr. There seems to be an attraction to that anywhere 
there is a large pot of money. Clearly, this is one of the 
largest that we can identify.
    Mr. Burleigh. Let me just make a comment on an example that 
Mr. Morris gave related to the $69 get-into-the-billing 
business. That ad and others like it, there is an example that 
$695, another one at $895, all of those represent essentially 
consumer fraud and not billing fraud. What is really going on 
there is the separation of the unaware from their money. No 
billing ever occurs.
    The people who respond to those ads are buying basically an 
empty bag, because they get what they think is software that 
will allow them to be in the billing business, and they are 
misinformed as to the amount of money that they can get paid by 
practices to provide those services, and they never get any 
customers. So really what that describes is a consumer fraud. 
No one ever really ends up in the billing business as a result 
of those ads, as far as we know. We have had a number of people 
who after buying the package contact our association to join, 
and months later come back saying they can't find any 
customers. They were told how to do this, and it isn't working. 
It is because they really don't know.
    Mr. Burr. Let me go back to you, Mr. Morris, because I 
think the Office of Inspector General has done some studies on 
providers that have identification now. You have looked at 
those that--you know who some of the third-party billers are 
now at HCFA. Have you looked at the data that they have got?
    Mr. Morris. On electronic claims, there is a field for the 
submitter which could be one of potentially many third-party 
billers. I don't believe we have done any studies specifically 
analyzing what that submitter data field means.
    Mr. Burr. I was hoping to get a feel for the accuracy of 
the information that they currently have or that exists about 
these people.
    Mr. Morris. I don't believe we have done any work to 
determine what is on the electronic claim form, if it matches 
present reality, for example, whether the number on the 
electronic claim form for a submitter actually represents who 
is doing the submitting of the claim.
    Mr. Burr. Let me go to you, Mr. Burleigh. Prior to my 
question to Ms. Thompson about privacy, did you know that HCFA 
considered your members covered under the new proposed privacy 
legislation exactly in the same way that the doctors are?
    Mr. Burleigh. We interpreted the proposal differently. We 
prepared official comments to the proposal and submitted those. 
Our reading of it was that a billing company would be a 
business partner, although one of our criticisms of the 
regulations was that the proposal was left quite confusing as 
to whether we were a clearinghouse or a business partner or 
both or neither. So I think that the regulations require 
considerable effort to clarify that question.
    We are quite aware of the confidential nature of the data 
we possess on a regular basis, and we regularly inform our 
members on what they have as a responsibility to protect the 
privacy of the data.
    Mr. Burr. Ms. Thompson, who is responsible under the 
proposed privacy legislation to purge the physician worlds on 
any breach of medical data?
    Ms. Thompson. Well, as a general rule, all electronic 
claims that we are dealing with and that are dealt with within 
the insurance world in general are going to be subject to the 
privacy rule protections.
    Mr. Burr. If there is a breach by a physician of medical 
data, is it HCFA's responsibility----
    Ms. Thompson. There are various penalties laid out, some of 
which we have responsibility for and some of which may be 
enforced by law enforcement.
    Mr. Burr. That would be also the same penalty that would go 
to the third-party billers?
    Ms. Thompson. Correct.
    Mr. Burr. How do we enforce that if we don't know who they 
are? Mr. Burleigh said earlier we will never eliminate all the 
bad apples. I believe that. Medical data is, I think, an issue 
that all of us have taken on as a very big responsibility of 
the Congress for the American people. We have attacked this 
issue in a way that, though I haven't been in full agreement 
how we have done it, we have erred on the side of protection, 
in some cases when some of us thought it limited our 
capabilities for research and development of future drugs, 
devices and other things. But with that said, can we take it 
that seriously and have an entity out there that has full 
access of medical data that we are not concerned with knowing 
who it is?
    Ms. Thompson. One comment that I would make about that is 
that, in any kind of surveillance or enforcement mechanism, 
there are going to be various layers of detail and attention. 
One of the issues that we always face, of course, in program 
safeguard activity, is figuring out where to place those 
resources and knowing we are not going to be able, for example, 
to look underneath every claim that we process to assess the 
medical record and the necessity of the service and whether the 
service is coded correctly based on what we see in the medical 
record, or even then to go below the medical record to say to 
the beneficiary or to the provider, was this service actually 
rendered? Was it rendered in the way described in the record?
    So the question is always one of balancing how much 
information do we want to collect and receive and deal with at 
the Federal level, what do we want to enforce as an ongoing, 
every-case kind of basis, what do we want to pursue on an 
exception basis, and what should that entire surveillance 
network look like.
    I think that is one of the issues that we have to face with 
the Privacy Act issues or the privacy rule issues, as well as 
many of the other sets of rules that we establish.
    Mr. Burr. I remember in the privacy debate--and correct me 
if I am wrong, because I think you are closer to it than we 
were. At a point of that debate we discussed whether we should 
limit what insurance companies got about procedures performed 
because we were concerned about what could happen to that 
patient. And we got to the point where we were talking about 
could it just be one lump sum. And the question that arose is, 
how can an insurance company pay based upon not knowing what 
was performed?
    So I know how tightly we were in this debate and in the 
negotiations. This seems to be an area that we have just 
disregarded any concern about privacy and just said, well, they 
are covered. I mean, it is an automatic link.
    Whether Mr. Burleigh knew it or whether every member of the 
Association knows it or whether the 5,000 individuals out there 
know it, I think there is a question and probably an honest 
effort to make sure that they do. But then we go back around 
the circle and say, if HCFA is responsible for the integrity 
and Congress ultimately, I believe, because we go back to our 
constituents and say you don't have to worry, we have got 
things in place, can I confidently with 5,000 individuals, or 
potentially 5,000 individuals, can I go home and tell them that 
all of the information they are using to bill these Medicare 
claims, that none of that medical data gets out?
    Mr. Thompson. One of the issues that we are addressing in 
developing the proposed regulation actually goes back to HIPAA, 
which established certain requirements for administrative 
simplification of electronic claim submission standards, some 
of which have to do particularly with security, with things 
like the protection of data at rest, the protection of data in 
motion, the encryption of data, the possibility for digital 
signatures to authenticate who actually created or prepared the 
claim. So some of those issues are being addressed as well 
through that venue.
    Mr. Burr. Let me go back to you, Mr. Morris, because I was 
trying to work off my memory, which on a Thursday when we are 
getting ready to adjourn--as you can tell, I am in travel 
clothes. Nothing matches. I am just trying to reallocate these 
to the right spot, whether it is North Carolina or Washington. 
In the OIG report it said this: Studies have shown that 
information on provider applications concerning billing 
agencies is often outdated and inaccurate. Can you expand on 
that at all?
    Mr. Morris. You are referring to the reports we issued 
earlier this week?
    Mr. Burr. Yes.
    Mr. Morris. Well, this is a concern that we have that I 
think Ms. Thompson touched on. If it is the self-reporting 
obligation with no sanctions associated with failure to keep 
the information current, you don't know that the data that you 
have, the data base you developed, has any value to you, 
because it may be so outdated that you are dealing with 
companies that no longer exist.
    We have come across this in other contexts as well. 
Ofttimes we will go out to the provider address which payments 
have been made for and discover it is now a pizza parlor, 
because we have not, nor has the Health Care Financing 
Administration nor its contractors, been given updated data 
about who it is we are dealing with.
    So the vulnerability we have--and I think this is what Ms. 
Thompson was getting at. If we put this data field together, if 
we compel billing companies to provide us with their 
identification, how are we going to make sure that it is 
accurate, updated and reflects all the players? Because it is 
very easy to put a number in a field. The computers are set up 
generally to say look for a number in this field. If it is 
there, move on.
    Mr. Lack gave a good demonstration of it in the Handle With 
Care case. If you put the right procedure code number into the 
computer, it will say, ``Oh, surgical dressing, surgery, fine, 
I will pay.'' The computer doesn't then ask questions like, 
``What is a patient in a nursing home doing with surgery?'' 
Unless we have the computers ask, do we know that this biller 
number is accurate, and when was the last time it was updated, 
and has someone gone out actually onsite and knocked on a door, 
that information sits there, but it has no value. So that is 
the risk you face.
    Mr. Burr. We update physician information how often?
    Ms. Thompson. Our proposed regulation will address that. It 
is supposed to be updated with any material changes within 30 
days. The difficulty, of course, is that, as Mr. Morris and Ms. 
Aronovitz have talked about, if we find that the information is 
not updated, what is our response? Sometimes what a physician 
might say is, well, I just forgot to update the information. It 
was an oversight on my part. Here is the updated information.
    Mr. Burr. Don't physicians who participate in Medicare as 
well get an annual notification?
    Ms. Thompson. No. But that is one of the issues that we are 
addressing in our proposed rule. How frequently should we go 
back, even if we haven't heard--No. 1, a provider, a supplier 
physician should be updating their information on an ongoing 
basis. But how often should we ourselves go back and ask them 
to recertify to what we have currently in our data base? 
Physician groups basically don't think that we need to go back 
to them very frequently. They believe that physicians will 
update it and fulfill their responsibilities as required.
    There may be some higher risk versus lower risk kinds of 
groups where we want to go back to some folks more frequently 
than other folks. Maybe you could postulate, for example, that 
a hospital, a large hospital, would be more apt to keep their 
information updated, or perhaps even have fewer changes, than 
some other kinds of providers or suppliers or physicians. But 
we do believe that we have to have a sort of reasonable process 
to go back to people where we haven't heard from them over some 
period of time and make sure----
    Mr. Burr. We might go back to physicians more frequently 
that use third-party billing as a way to reimburse.
    Ms. Thompson. Yes.
    Mr. Burr. But we wouldn't know which ones use third-party 
billing today, would we?
    Ms. Thompson. In our enrollment form that we instituted in 
1996, it contained a space for completing information on third-
party billers. When we go back and do our enrollment clean-up 
process, we will be getting that information from everyone. I 
think that is an excellent idea.
    One of the things we are looking at is, what are some of 
the risk triggers or categories that would make us want to go 
back more frequently to certain providers than others, knowing 
that we don't necessarily want to go back to 1 million 
different providers every 6 months or every year to ask them to 
update their information. Maybe the presence of a third-party 
biller is sort of an additional risk factor that could trigger 
more frequent requests for updated certifications.
    Mr. Burr. I don't want to put words in your mouth, but did 
you just tell me you are interested in knowing who the third-
party billers are?
    Ms. Thompson. Yes. We are collecting that information now 
and collecting that going forward. That is a different question 
than whether or not you want to register or set standards for 
third-party billers.
    Mr. Burr. Our debate is over how we want to know who they 
are.
    Ms. Thompson. Right. And how much information we should 
collect to know who they are. Right now, we collect information 
on a company name and address and contact name. We don't 
collect as we do on providers' and owners', Social Security 
numbers.
    Mr. Burr. You have that on how many third-party billers?
    Ms. Thompson. We have that on all providers that have come 
into our system since the institution of the new form, which is 
since 1996. That is about 15 percent of the providers that we 
do business with now.
    Mr. Burr. That is how many?
    Ms. Thompson. 150,000.
    Ms. Aronovitz. 150,000.
    Mr. Morris. The only drawback or challenge to that approach 
is all you have to do is put down the name of a third-party 
billing company. You can create a name of a third-party billing 
company as quickly as getting lunch. Handle With Care could be 
Handle with Diligence overnight. All of a sudden we have two 
different billing companies. Well, no, we don't. We have one 
billing company with two names.
    So, one of the things that it speaks to having a unique 
identifier, similar to physicians, is to say if you are going 
to be in business, you are going to have, like an employment 
identification number, a single number that identifies you, 
regardless of what you call yourself, so we can then match data 
based on a common element. Whereas, if you are free to put down 
whatever the company chooses to call itself this week, you have 
got a data field completed, but it tells you nothing about the 
commonality of that named party to others that, in this case, 
scam artists have set up.
    The Handle With Care case demonstrates that once the two 
scam artists parted ways, two sisters in this case, they set up 
two different companies with two different names. Neither of 
those names presumably would have had any linkage to the first 
company name. So having a field that gives you just a name 
isn't requesting to help you try to figure out where there is 
commonality in the third-party billing companies.
    Mr. Burr. Does the fact that they are registered, with no 
degree of confidence as to who they are, bring credibility in 
any way to their operation?
    Mr. Morris. The mere fact of registering?
    Mr. Burr. Yes.
    Mr. Morris. I guess you would have to ask what are you 
registering.
    Mr. Burr. What are they registering?
    Mr. Morris. Well, that is the question. Right now, I think 
the answer is nothing. For the third-party billing company, 
nothing is registered. So the provider, the physician, will 
say, ``When I filled out this form, the name of the company 
that I did my third-party billing through was X. I made no 
representations about who it is, what they do, what their skill 
levels are, or who their head is and whether he or she----''
    Mr. Burr. So from a standpoint of an investigative agency, 
what is that worth to you?
    Mr. Morris. If you are focusing on intent to defraud, not 
much.
    Mr. Burr. Let me go back to Special Agent Lack. I don't 
want to take anything away from your investigative skills----
    Mr. Lack. Sure.
    Mr. Burr. [continuing] but the connection that was made 
between these two companies, as I understand it, was the result 
of more than one agent getting together, agents working on 
different cases----
    Mr. Lack. Right.
    Mr. Burr. [continuing] and through the exchange of what 
each was doing, a light bulb went off and said this is all 
connected.
    Mr. Lack. Correct. It was the name of one of the sisters. 
When we had this conference call, I threw out the name, and the 
others said, ``That is the owner of mine. That is the owner of 
mine. That is the owner of mine.'' That is what tied it 
together as a national problem.
    Mr. Morris. Coincidence.
    Mr. Burr. I didn't want to use that.
    Mr. Lack. I got the case as an individual case. As a matter 
of fact, when the nursing home in question found out about it, 
they went to their legal counsel; and their legal counsel said, 
``You've got to be careful, because they might hold you 
responsible. Send a check for the overpayment.'' This nursing 
home, to their credit, agreed with that and called us up. I got 
there, and, sure enough, those claims were false. They said, 
this company told us they are out at a lot of different places. 
We don't know how many.
    If I had been able to go to a data base and pull up that 
number, I would have found Massachusetts, Florida, Ohio, and we 
could have immediately pulled it altogether. But it wasn't 
until 2 years later that we knew the full extent. We knew when 
we had that conference call we had maybe four or five nursing 
homes. We didn't realize the extent was 70 nursing homes, and 
this all occurred in the space of 10 months. She went from No. 
1 to number 70 in 10 months.
    Mr. Burr. Ms. Thompson, whose responsibility was it to have 
caught this?
    Ms. Thompson. I think there is some shared 
responsibilities. I mean, I think the program itself has 
significant responsibility in analyzing the claims that it 
receives to make sure they are--there is no doubt we consider 
that to be our responsibility and our job.
    I think the nursing homes have responsibility for knowing 
what has been submitted on their behalf. I think that they had 
some responsibility for perhaps not being as tempted as perhaps 
they were for the idea that there was some easy money that was 
going to require no outlays on their part and that magically 
some money would show up and it would be good money they were 
entitled to and they decided to take that money and not ask any 
questions. So I think there is also some responsibility on the 
nursing home.
    Of course, ultimately, the actual, ultimate accountability 
lies with the people themselves who decide the way to make some 
money and be successful in life is to defraud the program.
    Mr. Burr. Let me be more specific in how I can ask the 
question. Where should we have detected it, if it isn't in 
Special Agent Lack's investigation?
    Ms. Thompson. I think that we probably should have detected 
it if we had had some more information on the commonality 
amongst the claims themselves.
    One of the best ways that we use to detect potential fraud 
or payment errors is by aggregating claims and making 
comparison among different kinds of sets of claims. For 
example, if you can look at various kinds of physician 
specialists, for example, and you can see that in a certain 
community every physician specialist has a kind of bell curve 
in their billings, some high coded, some lower----
    Mr. Burr. Does that happen at the Medicare carrier level or 
at HCFA?
    Ms. Thompson. It happens at the contractor level. But it is 
under our direction, and we tell them the kinds of things that 
we want them to do, and we give them the resources.
    Mr. Burr. Are there contractors sitting in on these 
discussions as to how we close this hole?
    Ms. Thompson. Yes. We discuss with our contractors on an 
ongoing basis issues of importance to us and how to address 
potential program vulnerabilities.
    Mr. Burr. Let me just stipulate, there is a huge difference 
between a discussion and an inclusion. If you see the Medicare 
carrier as the point that we should be catching, detecting, 
some improprieties, then they should play a substantive role in 
the design of what it is we are trying to institute to close 
that. Are they playing such a role?
    Ms. Thompson. I would characterize it, yes, as a 
substantive role. We do look to them to help us understand what 
it is they are seeing as they conduct these activities. But we 
are also aware that we are the ones that have the 
responsibility and the contractors have the responsibility to 
implement our instructions. So, ultimately, we have to be the 
decisionmakers about where we want to place resources and what 
expectations we want to place on what we want our contractors 
to do. We can't, again, delegate that responsibility to the 
contractors and say, well, this contractor did a good job, this 
contractor did a bad job, and it is all the contractors. We 
have to take that responsibility ourselves.
    Mr. Burr. I don't think the intent of this oversight 
hearing was to reach conclusions today. I think it was clearly 
to make sure that we provided the correct amount of stimulus so 
that we could reach some type of conclusion.
    Mr. Hast, I want to apologize to you, because we have 
neglected you at that end of the table. Let me also make the 
assurance that from a standpoint of an oversight investigative 
committee, that is a good thing.
    I want to take this opportunity to thank each of you for 
your willingness and openness to discuss this particular issue. 
The lack of involvement by all of the members of the 
subcommittee is not a lack of interest in the challenge that we 
have got before us in finding a solution to this, it is more 
indicative of its schedule today and the fact that they are 
probably also trying to book some flights for tonight since we 
weren't expected to leave.
    Let me extend to anybody that would like to, if there is 
any follow-up comments that you would like to make, anybody 
that would like to make additional comments? Mr. Burleigh?
    Mr. Burleigh. Well, once again, we very much appreciate 
becoming part of this hearing and having the opportunity to 
contribute to this process. The vast majority--we think 99 
percent of, at least, the members of our Association and more 
billers who may not yet be members are honest and improve the 
system, and we want to make sure that any changes that are made 
continue to contribute to strengthening the system and provide 
a practical solution to these very appropriate concerns that 
the committee is investigating.
    Mr. Burr. As do we. Any other members?
    Let me once again thank you and say to you, Mr. Morris, 
with your comment relative to the incentive that we create on a 
percentage billing, it has made me also think about my choice 
of tax preparers and wondering, had somebody been out there and 
said, you know, I will set your cost based upon how much I save 
you over last year, I wonder what my reaction would be. 
Clearly, it would get my attention. Whether it would get a 
business relation between the two of us, probably as a Member 
of Congress, it wouldn't. As a member of the private sector, it 
probably would have an influence on who I chose. I might on the 
back end be a little more prudent at my review of what they 
came up with, which I think is something that Mr. Bryant 
expressed about your members and consequently the physicians 
that contract with them.
    But, clearly, there are some ways that we can set it up or 
that could be allowed to be set up that create incentives for 
people to cheat. Health care is the largest challenge that we 
will deal with for the next decade, and the primary piece of 
that will be how we pay for it. The work that each one of you 
has before you will play a very important role in how long or 
whether in the future we can continue to afford what it is we 
have in this country. I thank you for your commitment.
    This hearing is now adjourned.
    [Whereupon, at 12:15 p.m., the subcommittee was adjourned.]
    [Additional material submitted for the record follows:]

                      U.S. House of Representatives
                                      Committee on Commerce
                                                     March 14, 2000
Ms. Penny Thompson
Director
Program Integrity Group
Health Care Financing Administration
7500 Security Blvd.
Baltimore, MD 21244
    Dear Ms. Thompson: I am writing to ascertain what actions the 
Health Care Financing Administration (HCFA) has taken to respond to the 
problems associated with third party billing companies, which were 
identified in a June 2, 1999 General Accounting Office (GAO) letter. 
The Committee on Commerce is very concerned about possible misconduct 
by third party billing companies, which may result in the loss of 
millions of Medicare program dollars due to undetected fraud and abuse. 
As part of the Committee's ongoing efforts to assess the efforts of 
HCFA to combat fraud and abuse within the Medicare program, I wish to 
learn what specific steps have been taken to insure that scarce 
Medicare dollars are not being wasted due to fraud committed by third 
party billing companies.
    As you know, acts of fraud committed by third party billing 
companies are an insidious form of health care fraud which is, by many 
accounts, particularly difficult to detect. It has been estimated that 
there are currently over five thousand third party billing companies 
currently operating in the United States, which prepare and submit 
claims on behalf of health care providers to Medicare, Medicaid and 
other health insurers. In doing so, they provide a valuable service to 
many doctors and other health care providers, by freeing them from the 
sometimes onerous administrative requirements of submitting claims for 
the health care services they provide. However as third party billing 
companies often have wide access to the billing information of multiple 
health care providers and many of the patients they treat, unscrupulous 
individuals operating such companies are uniquely situated to be able 
to submit fraudulent medical claims.
    Given the threat that such activities could pose, the Committee was 
particularly disturbed to learn of GAO's findings regarding this issue. 
The GAO determined that HCFA and its Medicare contractors are unable to 
determine, when Medicare claims are submitted in a paper format, 
whether the claim was prepared by a third party billing company. In 
addition, where claims are submitted electronically, Medicare 
contractors are still not always able to identify claims submitted by 
third party billing companies. For the overwhelming majority of 
providers, HCFA has not sought information about whether they utilize 
third party billing companies to prepare and submit their claims, nor 
has HCFA made any effort to gather information about the third party 
billing companies themselves.
    Such a lack of basic safeguards provides an open invitation for 
fraud. Further, according to the GAO, HCFA has taken only limited steps 
to address this problem. Since 1996, HCFA's new provider enrollment 
form has required these new providers to identify which third party 
billing company, if any, that they will use to prepare their claims. 
This change has no impact, however, on the 96% of all Medicare 
providers who enrolled in the program prior to 1996. In addition to 
modifying the enrollment form, HCFA is also developing a new automated 
database system, to provide Medicare contractors with provider 
enrollment data. It has been reported that this data will include the 
identity of any reported third party billing company used by that 
provider. This database, the Provider Enrollment Chain and Ownership 
System (PECOS), will depend upon the information submitted by 
providers, who often fail to report when they change billing services.
    These changes, while individually possessing some merit, fail to 
address the systemic problems associated with third party billing 
company fraud. It is imperative that HCFA and its contractors be able 
to immediately identify all claims submitted by a third party billing 
company, whether such claims are submitted electronically or in paper 
format. Additionally, HCFAs should at least obtain basic background 
information on all persons who are submitting Medicare claims. Failure 
to do so needlessly exposes the Medicare program to additional risks of 
fraud and abuse.
    In order for the Committee to better assess HCFA's response to this 
emerging problem, we request pursuant to Rules X and XI of the U.S. 
House of Representatives, that you provide the following information no 
later than March 30, 2000.

1. Please identify what actions have been taken to date to enable HCFA 
        and its contractors to identify all paper claims prepared and 
        submitted by third party billing companies. In your answer, 
        please also separately identify all actions that HCFA 
        prospectively plans to take relating to this issue, including 
        the specific type of action planned and when such action will 
        occur.
2. Please identify what actions have been taken to date to enable HCFA 
        and its contractors to identify all electronic claims prepared 
        and submitted by third party billing companies. In your answer, 
        please also separately identify all actions that HCFA 
        prospectively plans to take relating to this issue, including 
        the specific type of action planned and when such action will 
        occur.
3. Please identify what actions have been taken to date to gather basic 
        background information relating to third party billing 
        companies. In your answer, please also separately identify all 
        actions that HCFA prospectively plans to take relating to this 
        issue, including the specific type of action planned and when 
        such action will occur.
4. Please analyze all actions taken to date by HCFA and its contractors 
        relating to third party billing companies and provide to the 
        Committee your assessment of whether these actions have 
        sufficiently addressed the concerns raised in the June 2, 1999 
        GAO letter and thereby minimized the risk of third party 
        billing company fraud.
5. Please identify when the regulation requiring all Medicare providers 
        to complete a new enrollment form, which will identify any 
        third party billing companies they utilize, will be completed.
6. Please specifically identify when the PECOS system will be made 
        available to Medicare fiscal intermediaries and carriers.
7. Please provide to the Committee your assessment of whether these 
        additional actions, along with any others HCFA may be planning, 
        sufficiently address the concerns raised in the July 2, 1999 
        GAO letter and thereby minimize the risk of third party billing 
        company fraud.
    If you should have any questions relating to this request, please 
contact Charles M. Clapton, Committee Counsel at 226-2424. We 
appreciate your cooperation in this matter.
            Sincerely,
                                                 Tom Bliley
                                                           Chairman
                                 ______
                                 
            Department of Health and Human Services
                       Health Care Financing Administration
                                                     March 30, 2000
The Honorable Tom Bliley
Chairman
Committee on Commerce
U.S. House of Representatives
Washington, DC 20515-6115
    Dear Chairman Bliley: Thank you for your letter of March 14, 2000, 
asking about our activities with respect to third party billing 
companies and issues raised by the U.S. General Accounting Office in a 
June 2, 1999 letter on this subject. We appreciate your interest in 
this important subject and for giving us the opportunity to express our 
views.
    Third party billing companies who operate ethically can provide a 
great service to providers, suppliers and physicians who seek out their 
expertise and help in submitting claims that are consistent with 
Medicare laws and regulations. However, unethical third party billing 
practices pose a significant threat to Medicare's program integrity. 
Our efforts to review third party billing arrangements have led to an 
increase in the number of third party billing contracts that are in 
compliance with existing laws and regulations. Though our ability to 
monitor third party billing practices is now limited, we are working to 
strengthen the available safeguards to better protect the Medicare 
Trust Fund from waste, fraud and abuse. We intend to ask for public 
comments on how to strengthen our oversight of third party billing 
entities in the proposed provider enrollment regulation that we 
anticipate issuing this spring. And we look forward to working further 
with you, as well as our colleagues at the General Accounting Office 
and HHS Inspector General to address this important issue.
    Our efforts involving third party billing practices represent one 
part of our overall strategy to protect the integrity of Medicare today 
and for the future. We continue to work to ensure that providers are 
paid appropriately while we protect beneficiaries and taxpayers from 
improper payments caused by both honest errors and unscrupulous 
activity. Our efforts to date have shown real results. As you know, 
Medicare has reduced its improper payment rate sharply from 14 percent 
four years ago to less than 8 percent last year, and we are committed 
to achieving further reductions in the future.
General Background
    As you know, we consider our provider enrollment function central 
to our program integrity activities. In fact, we focused on provider 
integrity and enrollment functions in our comprehensive plan for 
program integrity, which we released last year. Since then, we have 
accomplished a number of important tasks which have strengthened the 
Medicare program by ensuring that only qualified entities enter the 
program and have billing privileges. For example, we have implemented:

 New standards for testing facilities. Because of evidence of 
        widespread problems in enrolling qualified entities to perform 
        physiological testing, we implemented new standards for 
        supervisory physicians, technicians and equipment. We required 
        all entities previously enrolled as independent physiological 
        laboratories (IPLs) to reenroll in the program and establish 
        their qualifications to meet the new, enhanced standards as 
        independent diagnostic testing facilities. We verified their 
        status through site visits. Hundreds of IPLs did not even 
        submit new applications or failed their assessments, and are 
        now off our rolls. As a result, we now have much better 
        assurance that the entities doing business with us are 
        legitimate, qualified health care suppliers.
 New scrutiny of Community Mental Health Centers. Likewise, we 
        have stepped up our scrutiny of CMHC applicants as part of our 
        10-point plan for addressing vulnerabilities in this area. We 
        now conduct site visits to all new applicants to verify the 
        representations made in their applications and ensure that they 
        are qualified to enter the program. We have also moved to 
        terminate noncompliant providers, beginning with the most 
        egregious providers, and have clarified to our regional offices 
        and to state survey agencies the statutory and regulatory 
        requirements applicable for participation in the Medicare 
        program.
 Continued vigilance over durable medical equipment supplies. 
        We have continued to fund the work of the National Supplier 
        Clearinghouse, which conducts site visits for suppliers. In 
        fiscal year 1999, the NSC completed over 22,000 site visits on 
        new and reenrolling suppliers, resulting in 227 denials of 
        initial applications and 2,848 revocations of existing numbers.
 Work on new regulations and national database. We plan to 
        issue this spring a proposed rule on provider enrollment, and 
        are currently developing a national database including 
        extensive information on providers as they enroll in our 
        program. Once the proposed rule is finalized, we will begin an 
        ``enrollment clean up'' process. As part of this process, we 
        will go back to providers, suppliers and physicians now billing 
        the program and require them to confirm and update their 
        information, including information on third party billing 
        companies they use. Providers and suppliers will be required to 
        periodically update this information, and inform us of any 
        changes to their billing agreements. Information collected will 
        be entered in our new enrollment system, known as the Provider 
        Enrollment, Chain and Ownership System (PECOS). PECOS is 
        integral to our enrollment approach, because it will be a 
        central source of provider/supplier enrollment information. In 
        addition, to chain ownership and related organization 
        information, it will include information on providers' billing 
        arrangements and any reassignment of benefits. The chain 
        organization/related organization information is essential, 
        because it allows contractors to identify when a provider or 
        supplier is part of a larger organization, and to view the 
        entire line of business. PECOS will also allow a local 
        contractor to view national data about an individual or entity 
        rather than simply the data that appears on a local provider 
        file. PECOS will also identify provider/suppliers who have been 
        denied privileges, or subject to revocations or exclusions.
Third Party Billing Companies
    Your letter specifically asks about third party billing companies, 
our efforts to identify them as claims are submitted or as providers 
are enrolled, and the risks and vulnerabilities we see.
    Health care providers look to billing companies to assist them in 
processing claims in accordance with applicable statutes and 
regulations, and many claims received by Medicare, Medicaid and private 
insurance companies involve such companies.
    Third party billing companies can take on many different forms, 
structures, operations, functions and relationships with providers. 
Billing companies vary significantly in both the size and reach of 
their organizations and functions, from small ``mom and pop'' 
organizations who only facilitate the electronic submission of claims 
to large business organizations providing coding, claims submission and 
consulting services. They can be employed by providers, suppliers and 
physicians to manage the ``business end'' of the practice or simply to 
format claims for submission to insurance companies. As the U.S. 
Department of Health and Human Services Office of Inspector General 
noted,
        At this juncture, it is important to note the tremendous 
        variation among billing companies in terms of the types of 
        services and the manner in which these services are provided to 
        their respective clients. For example, some billing companies 
        code the bills for their provider clients, while others only 
        process bills that have already been coded by the provider. 
        Some billing companies offer a spectrum of management services, 
        including accounts receivable management and bad debt 
        collections, while others offer only one or none of these 
        services. (HHS OIG, ``Compliance Program Guidance for Third-
        Party Medical Billing Companies.)
    Medicare contractors review billing agreements when Medicare 
payments are made to a billing agent rather than a provider. However, 
when billing companies assist in preparing-bills or coding, but do not 
actually receive payment, as a general rule, they are not regulated.
    Yet, it is absolutely true that the Medicare program can be 
inordinately harmed by the poor business practices or unethical or even 
illegal behavior of such companies, even though the program does not 
have a direct business relationship with those entities or regulate 
them in any fashion. If a billing company engages in behavior that 
gives rise to false claims, however, they can be held accountable under 
the False Claims Act.
    For example, On September 27, 1999, the United States, through the 
Department of Justice, HHS, TRICARE, and OPM, as well as 28 individual 
states, entered into a Settlement Agreement with Medical Consultants, 
Inc., d/b/a Emergency Physicians Billing Service (``EPBS'') and J.D. 
McKean, Jr., M.D. (``McKean''). EPBS provided billing and coding 
services to emergency physician practice groups and was owned and 
operated by McKean.
    Emergency Physicians Billing Service (``EPBS'') and its owner, Jack 
McKean, were the subjects of a qui tam lawsuit. The lawsuit alleged 
that the parties engaged in deceptive practices resulting in 
significant Medicare, Medicaid, and CHAMPUS overpayments. The 
allegations of fraud have now been confirmed by a Federal Judge in 
Oklahoma City, Oklahoma. On August 10, 1998, EPBS and Mr. McKean were 
found liable for the submission of false claims to various federal and 
state health insurance programs.
    EPBS and McKean were found liable for upcoding emergency room 
services, reassignment violations, and misrepresentations on Medicare 
enrollment applications. EPBS promised its clients it would increase 
their reimbursements by a range of 10-25 percent and was able to 
deliver on this promise by upcoding emergency services to higher 
complexity levels than were provided. Nearly all of EPBS' clients saw 
increased billings in the range of 10-25 percent as a result of EPBS' 
services.
    As part of the settlement McKean and EPBS have agreed to pay $15.5 
million to resolve their civil and administrative liabilities arising 
out of the allegations in the qui tam lawsuit. In addition, McKean is 
being excluded for 15 years from participation in the Federal health 
care programs, and EPBS has entered into a comprehensive Corporate 
Integrity Agreement with the OIG. In addition to the settlement with 
EPBS and McKean, the United States is currently negotiating additional 
settlements with approximately 25 emergency physician groups which were 
clients of EPBS.
    This case was developed by the FBI and HHS OIG, with assistance 
provided by various Medicare contractors. HCFA and staff from five 
Medicare contractors participated in the EPBS investigation, performing 
data analysis directed at detecting the improper billing, suspending 
Medicare payment and the calculation of the losses (overpayment) to the 
Trust Fund. One such contractor employee received a commendation for 
their exemplary performance during the investigation from the 
Department of Justice's Assistant U.S. Attorney responsible for the 
case.
    This case served as a national example for improper billing 
perpetrated by third party billers and was presented at the Department 
of Justice's quarterly Health Care Fraud Working Group meeting in 
February 2000. This working group consists of federal staff from law 
enforcement agencies, U.S. Attorney's offices, HCFA, Medicaid State law 
enforcement offices, and Medicare contractors' anti-fraud units.
    As this case demonstrates, unethical third party billing companies 
can cause significant damage to the Medicare program.
    At the same time, there are challenges and costs involved in 
stricter oversight of third party billing companies. In addition to the 
simple resource costs of collecting additional information on 
companies, changing electronic claims submission standards, setting and 
enforcing regulatory standards, overseeing private contracts, and other 
possible risk mitigation strategies, there may be unintended 
consequences and marketplace responses that should be carefully 
assessed and considered.
    You asked us to identify actions taken or planned to enable HCFA to 
identify all paper claims and electronic claims submitted by third 
party billers.
    Ninety-seven percent of claims submitted to intermediaries are 
submitted electronically and 81% of claims submitted to carriers are 
submitted electronically.
    For electronic claims, we can differentiate whether the claim was 
sent by a third party agent or directly by a provider. Each of the 
electronic claims formats we support for Medicare (UB-92 flat file for 
institutional claims, National Standard format for professional claims, 
and the X12.837 format for professional and institutional claims) have 
fields that separately identify the submitter and the provider of the 
care being billed. A comparison of these fields would clearly indicate 
when the submitter was other than the provider.
    However, this identifying information goes to the submitter only, 
and may not contain a ``history'' of all entities who may have 
contributed to the claims data or information. For example, if a third 
party billing company coded the claim and sent it to a clearinghouse 
which formatted the claim for electronic submission to the Medicare 
program, only the clearinghouse information might be obtainable from 
the claim.
    Paper claims include an item for ``source'' or ``preparer'' 
information.
    We believe the new provider enrollment regulations, the enrollment 
clean-up initiative, and our PECOS database will gather information on 
third-party billing companies, identify such companies for contractors, 
and provide significant protections for beneficiaries and taxpayers.
    You asked us to identify actions taken to date and those planned to 
gather basic background information relating to third party billing 
companies, and to analyze all actions taken to date by HCFA and its 
contractors relating to third party billing companies. You further 
asked whether those actions, taken and planned, have addressed the 
issues raised by the GAO's June 2, 1999 letter and minimized the risk 
of third party billing company fraud.
    Presently the HCFA provider enrollment process collects some 
information about third party billers for new fee for service 
providers. The current form collects the name of the billing agency/
management service organization, the employer identification number, a 
contact name, the business street address, telephone and fax numbers. 
Contractors review billing agent agreements when they involve agents 
who negotiate checks payable to the provider, supplier or physician.
    Current law prescribes who may be paid by the Medicare program for 
services provided to Medicare beneficiaries, generally stipulating that 
payment must be made to the individual performing such services, or 
their employer, facility, or plan. However, the statute also provides 
for payment to be made to agents under assignment ``if (but only if) 
such agent does so pursuant to an agency agreement under which the 
compensation to be paid to the agent for services for or in connection 
with the billing or collection of payments due . . . is unrelated 
(directly or indirectly) to the amount of such payments or the billings 
. . . (42 U.S.C. 1395g.) Under regulations we established at 42 CFR 
424.73 implementing the statute, payments to an agent who furnishes 
billing and collection services to a provider may be made if:
 the agent receives the payment under an agreement;
 the agent's compensation is not related in any way to the 
        dollar amounts billed or collected;
 the agent's compensation is not dependent on the actual 
        collection of payment;
 the agent acts under payment disposition instructions that the 
        provider may modify or revoke at any time; and
 the agent, in receiving the payment, acts only on behalf of 
        the provider.
    Our instructions to Medicare contractors reiterate these 
requirements, explaining that ``the primary purpose . . . is to permit 
computer and other billing services to claim and receive Medicare 
payment in the name of a physician (or other supplier or eligible 
party). The conditions for payment are designed to ensure that the 
billing agent has no financial interest in how much is billed or 
collected and is not acting on behalf of someone who has such an 
interest, other than the physician himself/herself.'' (Medicare 
Carriers Manual 3060.10.)
    Medicare contractors' review of billing agreements has led to an 
increasing number of such agreements coming into compliance with the 
statute and regulations. As the health care and billing community has 
become more aware of these requirements and our enforcement of them, we 
see more contracts expressly containing language supporting our 
requirements. However, thorough assurance of compliance with these 
requirements is hampered by:

 the resource intensive process for review of sometimes lengthy 
        and complicated legal documents;
 the capacity of Medicare contractors to accurately and fully 
        understand such documents;
 the variability in the nature and scope of agreements, 
        depending on the size of the third party billing company and 
        the services they perform;
 the complicated corporate structure reflected in such 
        agreements, where it is not unusual to find a number of 
        subcontractors involved in various functions;
 lack of sanctions or intermediate penalties for failure to 
        update the Medicare program when such agreements change or 
        arrangements are altered;
 the limited number of providers, suppliers, or physicians who 
        have been required to submit such information (only those who 
        have newly enrolled in the program since implementation of the 
        new national enrollment form in 1996).
    Furthermore, until implementation of our enrollment ``clean-up'' 
process, a major undertaking, and the availability of PECOS to all 
contractors, consistent information on third party billers will not be 
available for easy search and retrieval. Even then, significant 
limitations remain (in addition to the first five points identified 
above, which are not solved by PECOS or enrollment clean up), such as 
our limited ability to identify common ownership or to ``link'' 
agencies which might operate in different jurisdictions, the absence of 
regulation of such entities to ensure adherence to professional 
standards, or our lack of information on third party billers who do not 
negotiate checks or submit claims directly to the program. These 
information or programmatic gaps are not easily solved. We continue to 
consider to what extent direct Federal regulatory action should be 
taken to address these issues.
    In our proposed rule to be issued this spring, we will be 
soliciting comments on the question of whether we should register third 
party billing agents, and/or set standards for them. Such an approach 
could significantly strengthen our protection of the Medicare program 
and address some of the problems cited above. However, there are also 
significant challenges and costs to be carefully weighed and 
considered. We discuss these in more detail in response to your last 
question.
    We continue to train Medicare contractor fraud units in 
identification and analysis of third party billing company fraud. 
Medicare contractors have also received specific training to combat 
this problem. During fiscal year 1999, HCFA sponsored Benefit Integrity 
Training Conferences at which contractor staff were provided with 
detailed explanations on appropriate billing arrangements and examples 
of inappropriate arrangements. HCFA is also planning additional 
contractor training during this year's Benefit Integrity training 
conferences. This year's training session will focus on the improper 
billing perpetrated by Emergency Physicians Billing Service and J.D. 
McKean Jr., M.D.
    You asked when regulations requiring all Medicare providers to 
complete a new enrollment form will be completed. We expect to publish 
a proposed rule this spring.
    You asked when the PECOS system will be made available to Medicare 
fiscal intermediaries and carriers. Our current schedule calls for 
PECOS to be running for fiscal intermediaries this summer, with 
carriers following in January 2002.
    You asked us to provide an assessment of whether our actions, taken 
and planned as a whole, will address the GAO's concerns and minimize 
the risk of third party billing company fraud.
    While we believe that our ``enrollment clean up'' and PECOS 
implementation will address a number of vulnerabilities, we believe 
that additional threats may remain. We continue to consider how to best 
to respond to risks posed by third party billing companies while not 
impeding the activities of ethical companies, in light of the 
substantial assistance they can provide to providers in submitting 
proper claims. Among the questions we are considering are:

 Should HCFA register billing companies, and/or set standards 
        for them? As noted above, we plan to pose this question in our 
        proposed rule this spring.
 Would HCFA need additional legislative authority to do so?
 Should such standards apply only to entities who actually 
        submit claims on behalf of providers?
 Should such standards apply only to entities who actually 
        submit claims and receive negotiated checks on behalf of 
        providers?
 Should such standards apply to all entities who might advise, 
        consult, prepare, support, staff, or otherwise influence the 
        selection of codes and claims to be submitted to the Medicare 
        program?
 How should such standards reflect the diversity in capability, 
        organization, mission, functions, and relationships in the 
        industry?
 How would HCFA enforce such standards?
 What staffing and skill set needs would HCFA require in order 
        to ensure billing companies met standards and agreements were 
        properly executed?
 How should claims properly reflect the preparer's identifying 
        information? What if there are multiple preparers or 
        submitters?
 To what extent would providers, suppliers, and physicians 
        support HCFA regulation of their business contracts and 
        partners?
 To what extent is surveillance and assessment of billing 
        patterns a better approach to ensure compliance than 
        registration or standard setting?
 What information would be needed to accurately group claims 
        handled by a common third party billing company?
 If Medicare were to regulate business arrangements with third 
        party billing companies, what impact would such regulation have 
        on the private sector and the arrangements between providers 
        and third party billers in submitting claims to private 
        insurance companies? Overall, would those effects be positive 
        or negative?
    We look forward to working closely with your Committee and the 
Congress as we consider this important topic. We hope the information 
and analysis we have supplied is useful. Please feel free to contact me 
should you have any questions or wish to discuss our responses further.
            Sincerely,
                                             Penny Thompson
                                  Director, Program Integrity Group
cc: The Honorable John D. Dingell
