Medicare Management: CMS Faces Challenges in Safeguarding	 
Payments While Addressing Provider Needs (26-JUL-01,		 
GAO-01-1014T).							 
								 
In fiscal year 2000, Medicare made more than $200 billion in	 
payments to hundreds of thousands of health care providers who	 
served nearly 40 million beneficiaries. Because of the program's 
vast size and complexity, GAO has included Medicare on its list  
of government areas at high risk for waste, fraud, abuse, and	 
mismanagement. GAO first included Medicare on that list in 1990, 
and it remains there today. GAO has continually reported on the  
efforts of the Health Care Financing Administration -- recently  
renamed the Centers for Medicare and Medicaid Services (CMS) --  
to safeguard Medicare payments and streamline operations. CMS	 
relies on its claims administration contractors to run Medicare. 
As these contractors have become more aggressive in identifying  
and pursuing inappropriate payments, providers have expressed	 
concern that Medicare has become to complex and difficult to	 
navigate. CMS's oversight of its contractors has historically	 
been weak. In the last two years, however, CMS has made 	 
substantial progress. GAO has identified several areas in which  
CMS still need improvement, especially in ensuring that 	 
contractors provide accurate, complete, and timely information to
providers on Medicare billing rules and coverage policies.	 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-01-1014T					        
    ACCNO:   A01464						        
  TITLE:     Medicare Management: CMS Faces Challenges in Safeguarding
             Payments While Addressing Provider Needs                         
     DATE:   07/26/2001 
  SUBJECT:   Contract oversight 				 
	     Fraud						 
	     Health insurance					 
	     Internal controls					 
	     Overpayments					 
	     Program abuses					 
	     Medicaid Program					 
	     Medicare Integrity Program 			 
	     Medicare Program					 
	     Medicare Trust Fund				 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Testimony.                                               **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-01-1014T
     
Testimony Before the Special Committee on Aging, U. S. Senate

United States General Accounting Office

GAO For Release on Delivery Expected at 10: 00 a. m. Thursday, July 26, 2001
MEDICARE

MANAGEMENT CMS Faces Challenges in Safeguarding Payments While Addressing
Provider Needs

Statement of Leslie G. Aronovitz Director, Health Care- Program

Administration and Integrity Issues

GAO- 01- 1014T

Page 1 GAO- 01- 1014T

Mr. Chairman and Members of the Committee: We are pleased to be here today
as you discuss the administration of the Medicare program and activities
undertaken to safeguard the Medicare trust fund. In fiscal year 2000,
Medicare made payments of over $220 billion to hundreds of thousands of
providers who delivered services to nearly 40 million beneficiaries. Because
of Medicare?s vast size and complex structure, in 1990 we designated it as a
high- risk program- that is, at risk of considerable losses to waste, fraud,
abuse, and mismanagement- and it remains so today. Since that time, we have
consistently reported on the efforts of the Health Care Financing
Administration (HCFA), recently renamed the Centers for Medicare and
Medicaid Services (CMS), 1 to safeguard Medicare payments and streamline
operations.

Each year improper payments cost Medicare billions of dollars. Therefore,
the process of enforcing program payment rules is critical to the viability
of the program. My remarks today will focus on the importance of performing
activities to protect the integrity of Medicare, while striking a balance of
simplicity and responsiveness to the providers that bill the program. My
comments are based on our previous and ongoing work and published reports by
others.

In brief, at the heart of effectively administering Medicare is CMS?
responsibility for protecting the integrity of the program while, at the
same time, ensuring that providers are treated fairly. CMS relies on its
claims administration contractors to administer Medicare and interact with
all of its stakeholders- including providers. As CMS? contractors and others
have become more aggressive in identifying and pursuing inappropriate
payments, providers have expressed concern that Medicare has become too
complex and difficult to navigate. Although CMS monitors the effectiveness
of contractors? program management and safeguard activities, the agency?s
oversight of its contractors has historically been weak. In the last 2
years, however, the agency has made substantial progress. Our ongoing work
has identified several areas in which CMS still needs improvement-
especially in ensuring that contractors are providing accurate, complete,
and timely information to providers about Medicare billing rules and
coverage policies.

1 Our statement will continue to refer to HCFA where our findings apply to
the organizational structure and operations associated with that name.

Page 2 GAO- 01- 1014T

The complexity of the environment in which CMS and its contractors operate
the Medicare program cannot be overstated. CMS is an agency within the
Department of Health and Human Services (HHS) but has responsibilities over
expenditures that are larger than those of most other federal departments. 2
Under the fee- for- service system- which accounts for over 80 percent of
program beneficiaries- physicians, hospitals, and other providers submit
claims for services they provide to Medicare beneficiaries to receive
reimbursement. The providers billing Medicare, whose interests vary widely,
create with program beneficiaries and taxpayers a vast universe of
stakeholders.

About 50 Medicare claims administration contractors 3 carry out the day-
today operations of the program and are responsible not only for paying
claims but for providing information and education to providers and
beneficiaries that participate in Medicare. They periodically issue
bulletins that outline changes in national and local Medicare policy, inform
providers of billing system changes, and address frequently asked questions.
To enhance communications with providers, the agency recently required
contractors to maintain toll- free telephone lines to respond to provider
inquiries. It also directed them to develop Internet sites to address, among
other things, frequently asked questions. In addition, CMS is responsible
for monitoring the claims administration contractors to ensure that they
appropriately perform their claims processing duties and protect Medicare
from fraud and abuse.

In 1996, the Congress enacted the Health Insurance Portability and
Accountability Act (HIPAA), in part to provide better stewardship of the
program. 4 This act gave HCFA the authority to contract with specialized
entities, known as program safeguard contractors (PSC), to combat fraud,
waste, and abuse. HCFA initially selected 12 firms to conduct a variety of
program safeguard tasks, such as medical reviews of claims and audits of
providers? cost reports. Previously, only claims administration contractors
performed these activities.

2 Medicare ranks second only to Social Security in federal expenditures for
a single program. 3 Contractors that process and pay part A claims (i. e.
for inpatient hospital, skilled nursing facility, hospice care, and certain
home health services) are known as fiscal intermediaries. Contractors paying
and processing part B claims (i. e. for physician, outpatient hospital
services, laboratory and other services) are known as carriers.

4 P. L. 104- 191. Background

Page 3 GAO- 01- 1014T

In response to the escalation of improper Medicare payments, Congress and
executive branch agencies have focused attention on efforts to safeguard the
Medicare Trust Fund. HIPAA earmarked increased funds for the prevention and
detection of health care fraud and abuse and increased sanctions for abusive
providers. The HHS Office of Inspector General (OIG) and the Department of
Justice (DOJ) subsequently became more aggressive in pursuing abusive
providers. In response, the medical community has expressed concern about
the complexity of the program and the fairness of certain program safeguard
activities, such as detailed reviews of claims, and the process for
appealing denied claims. Recent actions address some of these concerns.

Since 1996, the HHS OIG has repeatedly estimated that Medicare contractors
inappropriately paid claims worth billions of dollars annually. The
depletion of Medicare?s hospital trust fund and the projected growth in
Medicare?s share of the federal budget have focused attention on program
safeguards to prevent and detect health care fraud and abuse. It has also
reinforced the importance of having CMS and its contractors develop and
implement effective strategies to prevent and detect improper payments.

HIPAA provided the opportunity for HCFA to enhance its program integrity
efforts by creating the Medicare Integrity Program (MIP). MIP gave the
agency a stable source of funding for its safeguard activities. Beginning in
1997, funding for antifraud- and- abuse activities has increased
significantly- by 2003, funding for these activities will have grown about
80 percent. In fiscal year 2000, HCFA used its $630 million in MIP funding
to support a wide range of efforts, including audits of provider and managed
care organizations and targeted medical review of claims. By concentrating
attention on specific provider types or benefits where program dollars are
most at risk, HCFA has taken a cost- effective approach to identify
overpayments. Based on the agency?s estimates, MIP saved the Medicare
program more than $16 for each dollar spent in fiscal year 2000.

CMS is only one of several entities responsible for ensuring the integrity
of the Medicare program. HIPAA also provided additional resources to both
the HHS OIG and DOJ. The HHS OIG has emphasized the importance of
safeguarding Medicare by auditing providers and issuing compliance guidance
for various types of providers. It also pursues potential fraud brought to
its attention by contractors and other sources, such as beneficiaries and
whistleblowers. DOJ has placed a high priority on Inappropriate

Payments Underscore The Importance of Integrity Efforts, Raising Provider
Concerns

Program Integrity Efforts Have Intensified in Response to Improper Payments

Page 4 GAO- 01- 1014T

identifying patterns of improper billing by Medicare providers. DOJ
investigates cases that have been referred by the HHS OIG and others to
determine if health care providers have engaged in fraudulent activity, and
it pursues civil actions or criminal prosecutions, as appropriate. 5 The
False Claims Act (31 U. S. C. sec. 3729 to 3733) gives DOJ a powerful
enforcement tool as it provides for substantial damages and penalties
against providers who knowingly submit false or fraudulent bills to
Medicare, Medicaid, or other federal health programs. DOJ has instituted a
series of investigations known as national initiatives, which involve
examinations of similarly situated providers who may have engaged in common
patterns of improper Medicare billing.

As safeguard and enforcement actions have increased, so have provider
concerns about their interaction with contractors. Individual physicians and
representatives of medical associations have made a number of serious
charges regarding the following.

 Inadequate communications from CMS? contractors. Providers assert that the
information they receive is poorly organized, difficult to understand, and
not always communicated promptly. As a result, providers are concerned that
they may inadvertently violate Medicare billing rules.

 Inappropriate targeting of claims for review and excessive paperwork
demands of the medical review process. 6 For example, some physicians have
complained that the documentation required by some contractors goes beyond
what is outlined in agency guidance or what is needed to demonstrate medical
necessity.

 Unfair method used to calculate Medicare overpayments. Providers expressed
concern that repayment amounts calculated through the use of samples that
are not statistically representative do not accurately represent actual
overpayments.

 Overzealous enforcement activities by other federal agencies. For example,
providers have charged that DOJ has been overly aggressive in its use of the
False Claims Act and has been too accommodating to the

5 In fiscal year 2000, DOJ filed 233 civil cases and reported recoveries of
over $840 million related to civil health care fraud. 6 Contractors conduct
medical reviews- either prior to or after payment- to identify claims that
should not be or should not have been paid because services are not covered
or are not medically necessary. Provider Concerns Grow

With the Expansion of Safeguard and Enforcement Activities

Page 5 GAO- 01- 1014T

OIG?s insistence on including corporate integrity agreements in provider
settlements. 7

 Lengthy process to appeal denied claim. Related to this issue is that a
provider who successfully appeals a claim that was initially denied does not
earn interest for the period during which the administrative appeal was
pending.

We have studies underway to examine the regulatory environment in which
Medicare providers operate. At the request of the House Committee on the
Budget and the House Ways and Means Subcommittee on Health, we are reviewing
CMS? communications with providers and have confirmed some provider
concerns. For example, our review of several information sources, such as
bulletins, telephone call centers, and Internet sites, found a disappointing
performance record. Specifically, we reviewed recently issued contractor
bulletins- newsletters from carriers to physicians outlining changes in
national and local Medicare policy- from 10 carriers. Some of these
bulletins contained lengthy discussions with overly technical and legalistic
language that providers may find difficult to understand. These bulletins
also omitted some important information about mandatory billing procedures.
Similarly, we found that the calls we placed to telephone call centers this
spring were rarely answered appropriately. For example, for 85 percent of
our calls, the answers that call center representatives provided were either
incomplete or inaccurate. Finally, we recently reviewed 10 Internet sites,
which CMS requires carriers to maintain. We found that these sites rarely
met all CMS requirements and often lacked user- friendly features such as
site maps and search functions. We are continuing our work and formulating
recommendations that should help CMS and its contractors improve their
communications with providers.

We are also in the preliminary stages of examining how claims are reviewed
and how overpayments are detected to assess the actions of contractors as
they perform their program safeguard activities. Although we have not yet
formulated our conclusions, agency actions may address some provider
concerns. For example, HCFA clarified the conditions under which contractors
should conduct medical reviews of providers. In August 2000, the agency
issued guidance to contractors regarding the

7 A corporate integrity agreement is an obligation imposed on a provider by
the HHS OIG as part of a settlement of a potential fraud matter. It requires
the provider to improve compliance and to report periodically to the OIG.

Page 6 GAO- 01- 1014T

selection of providers for medical reviews, noting, among other things, that
a provider?s claims should only be reviewed when data suggest a pattern of
billing problems. Although providers may be wary of the prospect of medical
reviews, the extent to which they are subjected to such reviews is largely
unknown. Last year, HCFA conducted a one- time limited survey of contractors
to determine the number of physicians subject to complex medical reviews in
fiscal year 2000. It found that only 1,891, or 0.3 percent, of all
physicians who billed the Medicare program that year were selected for
complex medical reviews- examinations by clinically trained staff of medical
records. 8

In regard to physician complaints about sampling methodologies, HCFA
outlined procedures to give providers several options to determine
overpayment amounts. Contractors would initially review a small sample
(probe sample) of a provider?s claims and determine the amount of the
overpayment. 9 A provider could then (1) enter into a consent settlement,
whereby the provider accepts the results of this probe review and agrees to
an extrapolated ?potential? overpayment amount based on the small sample,
(2) accept the settlement but submit additional documentation on specific
claims in the probe sample to potentially adjust downward the amount of the
projected overpayment, or (3) require the contractor to review a larger
statistically valid random sample of claims to extrapolate the overpayment
amount. According to agency officials, although providers can select any of
these options, consent settlements are usually chosen when offered because
they are less burdensome for providers, as fewer claims have to be
documented and reviewed.

In response to concerns regarding its use of the False Claims Act, DOJ
issued guidance in June 1998 to all of its attorneys that emphasized the
fair and responsible use of the act in civil health care matters, including
national initiatives. In 1999, we reviewed DOJ?s compliance with its False
Claims Act guidance and found that implementation of this guidance varied
among U. S. Attorneys? Offices. 10 However, the next year we

8 Regulatory Issues for Medicare Providers (GAO- 01- 802R, June 11, 2001). 9
To identify improper billing by a provider, CMS requires contractors to
conduct a ?probe?

review of roughly 20 to 40 claims. If the probe sample indicates improper
billing, the contractors determine the provider?s overpayment amount by
either selecting a statistically valid random sample of claims or basing the
amount on a small sample that is not statistically representative.

10 Medicare Fraud and Abuse: DOJ?s Implementation of False Claims Act
Guidance in National Initiatives Varies (GAO/ HEHS- 99- 170, August 6, 1999
).

Page 7 GAO- 01- 1014T

reported that DOJ had made progress in incorporating the guidance into its
ongoing investigations and had also developed a meaningful assessment of
compliance in its periodic evaluations of U. S. Attorneys? Offices. 11
Regarding corporate integrity agreements, we noted in our March 2001 report
that these agreements were not always a standard feature of DOJ settlements.
12 For example, 4 of 11 recent settlements that we reviewed were resolved
without the imposition of such agreements.

Finally, some providers? concerns about the timeliness of the appeals
process could be addressed by the Medicare, Medicaid, and SCHIP Benefits
Improvement and Protection Act of 2000 (BIPA), which imposes deadlines at
each step of the appeals process. For example, initial determination of a
claim must be concluded within 45 days from the date of the claim, and
redetermination must be completed within 30 days of receipt of the request.
These revisions are scheduled to take effect on October 1, 2002.

CMS? oversight of its contractors is essential to ensuring that the Medicare
program is administered efficiently and effectively. CMS is faced with the
challenge of protecting program dollars and treating providers fairly.
However, to accomplish these goals, contractors must implement CMS? policies
fully and consistently. Historically, the agency?s oversight of contractors
has been weak, although it has made substantial improvements in the past 2
years. Continued vigilance in this area is critical as CMS tries to cope
with known weaknesses and begins to rely on new specialty contractors for
some of its payment safeguard activities.

Medicare?s claims administration contractors are responsible for all aspects
of claims administration, conduct particular safeguard activities, and are
the primary source of Medicare communications to providers. However,
oversight of Medicare contractors has historically been weak, leaving the
agency without assurance that contractors are implementing program
safeguards or paying providers appropriately. For years, HCFA?s contractor
performance and evaluation program (CPE)- its principal tool

11 Medicare Fraud and Abuse: DOJ Has Made Progress in Implementing False
Claims Act Guidance (GAO/ HEHS- 00- 73, March 31, 2000). 12 Medicare Fraud
and Abuse: DOJ Has Improved Oversight of False Claims Act Guidance (GAO- 01-
506, March 30, 2001). CMS? Oversight of

Contractors Is Key to Balancing Program Safeguards and Provider Concerns

Various Factors Have Contributed to Weak Contractor Oversight

Page 8 GAO- 01- 1014T

used to evaluate contractor performance- lacked the consistency that agency
reviewers need to make comparable assessments of contractor performance.
HCFA reviewers had few measurable performance standards and little direction
on monitoring contractors? payment safeguard activities. The reviewers in
HCFA?s 10 regional offices, who were responsible for conducting these
evaluations, had broad discretion to decide what and how much to review as
well as what disciplinary actions to take against contractors with
performance problems.

This highly discretionary evaluation process allowed key program safeguards
to go unchecked and led to the inconsistent treatment of contractors with
similar performance problems. Dispersed responsibility for contractor
activities across many central office components, limited information about
how many resources are used or needed for contractor oversight, and late and
outdated guidance provided to regional offices have also weakened contractor
oversight. 13

Over the years, we have made several recommendations to improve HCFA?s
oversight of its claims administration contractors. For example, we
recommended that the agency strengthen accountability for evaluating
contractor performance. In response to our recommendations, HCFA has
established an executive- level position at its central office with ultimate
responsibility for contractor oversight, instituted national review teams to
conduct contractor evaluations, and provided more direction to its regional
offices through standardized review protocols and detailed instructions for
CPE reviews.

Although the agency has taken a number of steps to improve its oversight
efforts, our ongoing work suggests that opportunities for additional
improvement exist. Last month, we joined CMS representatives as they
conducted a CPE review at a contractor?s telephone center. Although
providers? ability to appropriately bill Medicare is dependent on their
obtaining accurate and complete answers to their questions, the review
focused primarily on adherence to call center procedures and the timeliness
of responses to provider questions. Moreover, the CMS

13 The weak oversight of contractors helped create an environment in which a
number of HCFA contractors committed fraud. The fraud was not detected
through the agency?s oversight efforts but instead was reported by
whistleblowers and resulted in settlements for millions of dollars. HCFA
failed to uncover the contractors? fraudulent practices, in part, because it
relied on contractor self- reporting of management controls and seldom
independently validated contractor- provided information.

Page 9 GAO- 01- 1014T

reviewer selected a small number of cases to evaluate- only 4 of the roughly
140,000 provider calls this center receives each year.

While CMS? management of claims administration contractors suffers from weak
oversight, its contracting practices for selecting fiscal intermediaries and
carriers may contribute to these difficulties. Unlike most of the federal
government, the agency was exempted from conducting full and open
competitions by the Social Security Act. Thus, for decades, HCFA has relied
on many of the same contractors to perform program management activities,
and has been at a considerable disadvantage in attracting new entities to
perform these functions.

Congress included provisions in HIPAA that provided HCFA with more
flexibility in contracting for program safeguard activities. It allowed the
agency to contract with any entity that was capable of performing certain
antifraud activities. In May 1999, HCFA implemented its new contracting
authority by selecting 12 program safeguard contractors- PSCs- using a
competitive bidding process. 14 These entities represent a mix of health
insurance companies, information technology businesses, and several other
types of firms.

In May of this year, we reported on the opportunities and challenges that
the agency faces as it integrates its PSCs into its overall program
safeguard strategy. 15 The PSCs represent a new means of promoting program
integrity and enable CMS to test a multitude of options. CMS is currently
experimenting with these options to identify how PSCs can be most
effectively utilized. For example, some PSCs are performing narrowly focused
tasks that are related to a specific service considered to be particularly
vulnerable to fraud and abuse. Others are conducting more broadly based work
that may have national implications for the way program safeguard activities
are conducted in the future or which may result in the identification of
best practices.

14 Almost all of the PSCs have had experience as Medicare contractors: as of
May 2001, six were Medicare claims administration contractors and an
additional five had other types of contracts with CMS. Two of the six PSCs
with claims administration contracts have established new entities to
perform PSC work.

15 Medicare: Opportunities and Challenges in Contracting for Program
Safeguards (GAO- 01- 616, May 18, 2001 ). New Contracting Authority

Provides Opportunity for Improving Safeguard Performance

Page 10 GAO- 01- 1014T

In our report, we recommended that the agency define the strategic
directions for future use of the PSCs, including the establishment of
longterm goals and objectives. We also recommended that clear, quantifiable
performance measures and standards be established and related to well
defined outcomes in order to lay the groundwork for meaningful future
performance evaluations. We recognize that it will take some time for the
agency to develop appropriate performance criteria, but believe it is
important to start experimenting with different approaches, such as using
performance- based contracts, and refine them as time goes on. This need for
better performance measures, standards, and outcomes will become especially
critical if CMS awards contracts that are performance- based and contain
financial incentives and penalties.

Medicare is a popular program that millions of Americans depend on for
covering their essential health needs. However, the management of the
program has fallen short of expectations because it has not always
appropriately balanced or satisfied beneficiaries?, providers?, and
taxpayers? needs. Although the agency has taken some positive steps,
weaknesses in its communications with providers and its oversight of
contractors still exist. CMS? ability to successfully address these and
other shortcomings will ultimately enhance its program safeguard activities
and improve Medicare program operations.

This concludes my statement. I would be happy to answer any questions that
you may have.

For further information regarding this testimony, please contact me at (312)
220- 7767. Susan Anthony and Geraldine Redican- Bigott also made key
contributions to this statement.

(290103) Concluding

Observations GAO Contact And Staff Acknowledgments
*** End of document. ***