Medicare: Early Evidence of Compliance Program Effectiveness Is
Inconclusive (Letter Report, 04/15/99, GAO/HEHS-99-59).

Pursuant to a congressional request, GAO reviewed the compliance
programs established by health care providers to reduce improper
payments by Medicare, focusing on the: (1) prevalence of compliance
programs among hospitals and other Medicare providers; (2) costs
involved with compliance programs; and (3) effectiveness of the
programs, to the extent that could be measured.

GAO noted that: (1) although there is no comprehensive data on the
number of providers with compliance programs, many hospitals are
implementing them; (2) two recent hospital surveys, one focusing on
academic health centers and the other including a broad range of
hospital types, found that most hospitals responding either had or
planned to soon implement a compliance program; (3) the hospitals in
GAO's study said they felt compelled to implement a compliance program
for a variety of reasons, including the heightened enforcement
environment, suggestions from the Department of Health and Human
Services' Office of the Inspector General, and expectations that the
Health Care Financing Administration and accrediting bodies would soon
require compliance programs; (4) although compliance programs are
apparently becoming widely accepted, most of the hospitals in GAO's
study have only recently begun implementation; (5) hospitals report that
compliance programs require an investment of considerable time and
money; (6) however, measuring the cost of compliance programs is
difficult; (7) hospitals could not always distinguish costs attributable
to their compliance programs from those of their normal operations, in
part because the hospitals often had existing compliance-oriented
activities that were subsumed by the compliance program; (8) hospitals
reported a variety of significant direct costs, such as salaries for
compliance staff and professional fees for consultants and attorneys;
(9) direct compliance program costs appear to account for a very small
percentage of total patient revenues--less than 1 percent in all but one
of the hospitals studied; (10) the hospitals also reported indirect
costs, such as time spent by employees in compliance-related training
and away from their regular duties; (11) these indirect costs are more
difficult to measure and may be larger than the direct costs reported;
(12) the principal measure of a compliance program's effectiveness is
its ability to prevent improper Medicare payments; (13) it is difficult
to measure effectiveness in this way because of the lack of
comprehensive baseline data and the existence of many other factors that
could affect measurement results; (14) other measures have been
suggested as a proxy for measuring compliance program effectiveness;
(15) Medicare contractors reported that they have received refunds of
provider overpayments with more frequency; and (16) however, this
preliminary evidence does not demonstrate that compliance programs have
reduced improper Medicare payments.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  HEHS-99-59
     TITLE:  Medicare: Early Evidence of Compliance Program 
             Effectiveness Is Inconclusive
      DATE:  04/15/99
   SUBJECT:  Internal controls
             Health insurance
             Fraud
             Medical expense claims
             Hospitals
             Overpayments
             Health care programs
             Administrative costs
             Institution accreditation
IDENTIFIER:  Medicare Program
             DOJ/HHS 72 Hour Window Project
             
******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  Delineations within the text indicating chapter **
** titles, headings, and bullets are preserved.  Major          **
** divisions and subdivisions of the text, such as Chapters,    **
** Sections, and Appendixes, are identified by double and       **
** single lines.  The numbers on the right end of these lines   **
** indicate the position of each of the subsections in the      **
** document outline.  These numbers do NOT correspond with the  **
** page numbers of the printed product.                         **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************


Cover
================================================================ COVER


Report to Congressional Requesters

April 1999

MEDICARE - EARLY EVIDENCE OF
COMPLIANCE PROGRAM EFFECTIVENESS
IS INCONCLUSIVE

GAO/HEHS-99-59

Corporate Compliance Programs

(101748)


Abbreviations
=============================================================== ABBREV

  AHA - American Hospital Association
  CIA - corporate integrity agreement
  HCFA - Health Care Financing Administration
  HHS - Department of Health and Human Services
  OIG - Office of Inspector General
  UHC - University Health System Consortium
  VDP - Voluntary Disclosure Program

Letter
=============================================================== LETTER


B-280879

April 15, 1999

The Honorable John L.  Mica
Chairman
Subcommittee on Criminal Justice, Drug Policy
 and Human Resources
Committee on Government Reform
House of Representatives

The Honorable Christopher Shays
House of Representatives

Concerned that fraud, abuse, and improper payments threaten the
finances of both elderly Americans and Medicare--the federal health
care program that insures nearly 39 million beneficiaries--the
Congress has acted in the past 3 years to provide additional
resources and new enforcement tools to the Department of Justice, the
Department of Health and Human Services' (HHS) Office of Inspector
General (OIG), and the Health Care Financing Administration (HCFA) to
improve Medicare safeguards.  To date, the use of these new tools and
resources has generated growing numbers of health care enforcement
actions resulting in unprecedented recoveries of overpayments and
penalties.  However, the increase in enforcement actions has raised
concerns among hospital and other provider groups that their members
have been unfairly targeted and penalized for honest billing errors. 

Despite disagreements about the appropriateness of enforcement
activities, the provider community and those charged with ensuring
compliance with Medicare requirements agree that health care
providers should follow Medicare's rules, and that compliance
programs often can help providers do that.  In general, a compliance
program is the internal set of policies, processes, and procedures
that a provider organization implements to help it prevent and detect
violations of Medicare laws and regulations.  In addition, providers
and members of the enforcement community agree that an effective
compliance program can demonstrate a provider's intent to comply with
Medicare's rules and requirements. 

Recognizing the important role that compliance programs could play in
helping health care providers and the enforcement community work
together to reduce improper payments by Medicare, you asked us to
determine (1) how prevalent are compliance programs among hospitals
and other Medicare providers, (2) what costs are involved with
compliance programs, and (3) to the extent effectiveness can be
measured, how effective these programs are. 

To address these questions we interviewed 30 Medicare providers--25
hospitals and hospital-affiliated providers and 5 nonhospital
providers--about their experience implementing compliance programs. 
We interviewed the five nonhospital providers for comparison purposes
only.  We also contacted professional associations--in particular,
the American Hospital Association (AHA), the Health Care Compliance
Association, the Ethics Officers Association, and the University
HealthSystem Consortium (UHC)--to obtain their perspective on
compliance programs.  We also obtained information on the
implementation of compliance programs from HHS-OIG and Justice
officials. 

Our review focused almost exclusively on hospital and
hospital-affiliated providers (elsewhere in this report referred to
collectively as hospitals) because they receive the largest share
of Medicare funds and are the focus of several current enforcement
actions.  We selected the majority of these 25 hospitals on the basis
of a literature search that indicated a compliance program in place
at that institution.\1 The hospitals in our study include private
for-profit and not-for-profit as well as public hospitals.  This
sample includes hospital chains, independent community hospitals,
physician groups associated with teaching hospitals, public
hospitals, and rural hospitals.  All 25 of these hospitals have or
are instituting formal compliance programs.  Some have signed
corporate integrity agreements requiring the implementation of
compliance procedures.\2 (See app.  I for a description of our
methodology.)


--------------------
\1 We were referred to the other providers in our study by agency and
association representatives who told us the providers had implemented
or were implementing formal compliance programs. 

\2 Corporate integrity agreements are executed as part of a civil
settlement between a health care provider (or an entity responsible
for billing for the provider) and the government to resolve cases of
alleged health care fraud or abuse.  These HHS-OIG imposed programs
are in effect for a period of 3 to 5 years. 


   RESULTS IN BRIEF
------------------------------------------------------------ Letter :1

Although there is no comprehensive data on the number of providers
with compliance programs, many hospitals are implementing them.  Two
recent hospital surveys, one focusing on academic health centers and
the other including a broad range of hospital types, found that most
hospitals responding either had or planned to soon implement a
compliance program.  The hospitals in our study told us that they
felt compelled to implement a compliance program for a variety of
reasons, including the heightened enforcement environment,
suggestions from HHS-OIG, and expectations that HCFA and accrediting
bodies would soon require compliance programs.  Although compliance
programs are apparently becoming widely accepted, most of the
hospitals in our study have only recently begun implementation. 

Hospitals report that compliance programs require an investment of
considerable time and money.  However, measuring the cost of
compliance programs is difficult.  Hospitals in our study could not
always distinguish costs attributable to their compliance programs
from those of their normal operations, in part because the hospitals
often had existing compliance-oriented activities that were subsumed
by the compliance program.  Nevertheless, hospitals reported a
variety of significant direct costs, such as salaries for compliance
staff and professional fees for consultants and attorneys.  For
example, compliance department salary estimates ranged from $15,000
to $2.5 million.  However, according to the information we were able
to obtain, direct compliance program costs appear to account for a
very small percentage of total patient revenues--less than 1 percent
in all but one of the hospitals we studied.  The hospitals also
reported indirect costs, such as time spent by employees in
compliance-related training and away from their regular duties. 
These indirect costs are more difficult to measure and may be larger
than the direct costs reported. 

The principal measure of a compliance program's effectiveness is its
ability to prevent improper Medicare payments.  However, it is
difficult to measure effectiveness in this way because of the lack of
comprehensive baseline data and the existence of many other factors
that could affect measurement results.  Other measures have been
suggested as a proxy for measuring compliance program effectiveness,
such as the amount and frequency of refunds of overpayments
identified by the provider and the frequency of self-disclosures of
potential provider misconduct.  Hospital officials in our study
agreed that these are valid indicators of compliance program
effectiveness but also pointed to other indicators--such as increased
employee knowledge of compliance policies and procedures.  Hospital
officials in our study reported that the benefits of their compliance
programs outweigh their costs.  They believe that these programs will
reduce their liability under the fraud and abuse statutes.  Further,
Medicare contractors reported that they have received refunds of
provider overpayments with more frequency--in one case, a $2.7
million refund reportedly identified through the provider's
compliance program.  We have also noted an increase in formal
provider self-disclosures during the last few years.  However, this
preliminary evidence does not demonstrate that compliance programs
have reduced improper Medicare payments. 


   BACKGROUND
------------------------------------------------------------ Letter :2

With the increased focus on health care fraud and abuse in recent
years, the government has identified widespread improper billing by
Medicare providers.  While in the past the government might have
simply sought repayment, it has begun to invoke the penalties and
damages prescribed in the False Claims Act in some cases.  The False
Claims Act has become one of the government's primary enforcement
tools because it allows recovery of losses to federal health care
programs, and the damages and penalty provisions provide a deterrent
effect.  The act provides that anyone who knowingly submits false
claims to the government is liable for three times the amount of
damages plus a mandatory penalty of $5,000 to $10,000 for each false
claim.\3 The term knowingly is broadly defined to mean that a
person (1) has actual knowledge of the false claim, or (2) acts in
deliberate ignorance of the truth or falsity of the information, or
(3) acts in reckless disregard for the truth or falsity of the
information.\4 In the health care setting, where providers submit
thousands of claims each year, the potential damages and penalties
provided under the False Claims Act can be quite large. 

The widespread application of the False Claims Act to improper
Medicare billings has heightened providers' attention to the
importance of compliance with Medicare program requirements.  In
February 1997, HHS-OIG released its first guidance\5 for compliance
programs in the health care industry--Model Compliance Plan for
Clinical Laboratories.  Since then, HHS-OIG has issued three
additional provider-specific compliance guides and revised the
laboratory model.  Through these guides HHS-OIG encourages providers
to improve and enhance their internal controls so that their billing
practices are in compliance with Medicare's rules and regulations. 
However, use of the guides remains voluntary.  Table 1 shows the
current HHS-OIG compliance guides and the dates they were issued. 



                                Table 1
                
                Office of Inspector General Health Care
                       Compliance Program Guides

HHS-OIG guide                                   Date issued
----------------------------------------------  ----------------------
Compliance Program Guidance for Hospitals       February 1998

Compliance Program Guidance for Home Health     August 1998
Agencies

Compliance Program Guidance for Clinical        August 1998
Laboratories (revised)

Compliance Program Guidance for Third-Party     November 1998
Medical Billing Companies
----------------------------------------------------------------------
All of the HHS-OIG compliance guides provide for seven components of
comprehensive compliance programs: 

1.  Written policies and procedures, including standards of conduct. 

2.  Designation of a compliance officer responsible for operating and
monitoring the compliance program. 

3.  Regular employee education and training programs. 

4.  A reporting mechanism to receive complaints anonymously. 

5.  Corrective action policies and procedures, including disciplinary
policies, to respond to allegations of noncompliance. 

6.  Periodic audits to monitor compliance. 

7.  Investigation and correction of identified systemic problems,
including policies addressing the nonemployment of sanctioned
individuals. 

Each of the compliance guides also highlights what HHS-OIG calls
risk areas, or areas of special concern, which HHS-OIG has
identified through its investigative and audit activities, and which
it believes the internal policies and procedures of compliance
programs should address.  While the risk areas are generally specific
to a type of provider, several of the risk areas are included in more
than one guide.  Risk areas identified by HHS-OIG include potential
Medicare billing infractions such as billing for items or services
not actually provided and billing for a more expensive item or
service than provided.  HHS-OIG cites other Medicare rules and
regulations as risk areas as well, including the Stark physician
self-referral law\6 and the antikickback statute.\7

HHS-OIG believes that the compliance guides have significantly
advanced the cause of corporate compliance with federal health care
program requirements and is planning to issue guides for other health
care providers serving Medicare beneficiaries.  These include durable
medical equipment companies, Medicare+Choice organizations offering
coordinated care plans, nursing homes, and hospices.  (The
regulations implementing the Medicare+Choice program require
Medicare+Choice organizations to implement compliance plans.\8 )

Providers' compliance programs, among other things, are to be
considered by Justice attorneys in determining whether the provider
knowingly submitted a false claim, according to detailed guidance
on the use of the False Claims Act in health care matters which was
issued by the Deputy Attorney General in June 1998.\9 While this
guidance primarily addresses national health care initiatives, such
as the 72-hour Window Project,\10 it also directs Justice attorneys
to consider prior remedial efforts such as self-disclosure of
potential wrongdoing.  We recently issued the first of two
legislatively mandated reports on Justice efforts to implement its
new False Claims Act guidance.\11


--------------------
\3 31 U.S.C.  3729(a). 

\4 31 U.S.C.  3729(b). 

\5 Throughout this report, referred to as guide(s). The Hospital
Guide can be found at 63 Fed.  Reg.  8987 (Feb.  23, 1998).  This
and the other compliance guides can also be found at HHS-OIG's
website:  http://www.dhhs.gov/progorg/oig. 

\6 42 U.S.C.  1395nn.  The Stark laws prohibit referrals for
certain services payable under Medicare if the referring physician
(or a party related to the physician) has a financial relationship
through either ownership or compensation with the entity providing
the service. 

\7 42 U.S.C.  1320a-7b(b).  The antikickback statute prohibits
providers from knowingly and willfully offering, paying, soliciting,
or receiving--either directly or indirectly--any remuneration in
order to induce the referral of any patient or business item for
which payment may be made, in whole or in part, by the government. 

\8 See 42 C.F.R.  422.501 (63 Fed.  Reg.  34968 (June 26, 1998)). 
Medicare+Choice organizations have until January 1, 2000, to
implement a compliance plan.  The regulations require that the plan
include elements similar to the seven elements identified in the
HHS-OIG guides. 

\9 See Guidance on the Use of the False Claims Act in Civil Health
Care Matters located at http://fca.aha.org/guidance6-98.html. 

\10 The 72-Hour Window Project is described later in the report. 

\11 Medicare Fraud and Abuse:  Early Status of Justice's Compliance
With False Claims Act Guidance (GAO/HEHS-99-42R, Feb.  1, 1999). 


   HOSPITALS ARE IMPLEMENTING
   COMPLIANCE PROGRAMS
------------------------------------------------------------ Letter :3

According to the results of two hospital surveys, our interviews with
observers in the health care field, and our study of 25 hospitals, it
is apparent that many hospitals are implementing formal compliance
programs.  However, the actual prevalence of such programs is
difficult to determine precisely.  Often hospitals are driven in
their compliance efforts, at least in part, by the requirements of
agreements with the government resolving allegations of provider
misconduct.  Hospitals that agreed to implement compliance procedures
to resolve billing or fraud issues told us they are implementing
compliance programs that go well beyond the requirements of the
agreements.  Because their programs are relatively new, only a few of
the hospitals in our study have completely implemented all of the
policies and procedures that they have identified as being part of
their compliance program. 


      ACCURATE COUNT OF COMPLIANCE
      PROGRAMS IS NOT AVAILABLE
---------------------------------------------------------- Letter :3.1

Medicare providers are generally not required to report on their
compliance programs to federal agencies or other entities so there
are no readily available data on their prevalence.  Even if providers
were required to report this information, the task of measuring the
prevalence and composition of compliance programs would still be
complicated by several factors.  Most important, the lack of an
accepted definition of a compliance program would make any tabulation
problematic.  HHS-OIG's hospital compliance guide itself states that
there is no single best' hospital compliance program, given the
diversity within the industry.\12

In addition, determining whether or not the components of a
compliance program have been meaningfully implemented is inherently
subjective.  For example, whether or not a provider is conducting
billing audits is subject to interpretation.  While two compliance
programs may each call for a sampling of all claims, their sampling
methodologies may differ significantly.  Further, one provider may
review past claims when a problem is identified, and another provider
may audit only current claims. 


--------------------
\12 Hospital Guide, 63 Fed.  Reg.  8988. 


      INDICATIONS POINT TO
      COMPLIANCE PROGRAMS BEING
      IMPLEMENTED
---------------------------------------------------------- Letter :3.2

Despite these inherent measurement difficulties, there are
indications that compliance programs are being implemented, in some
fashion, by many hospitals.  We spoke with members of hospital
groups, federal agency representatives, and other observers in the
health care and compliance fields who all said that compliance
programs are increasingly prevalent.  A few hospitals in our study
told us that they believe compliance programs are becoming an
industry standard.  In addition, two recent hospital surveys indicate
that compliance programs are being implemented.  First, a February
1998 copyrighted survey by UHC (which has 84 academic health center
members) found that 97 percent of the 64 respondents either had a
compliance program in place or planned to implement one soon.\13
Also, a recent survey of 4,300 hospitals by AHA found that 96 percent
of the 1,902 respondents indicated that they have a formal compliance
program in place or plan to implement one within the coming year.\14


--------------------
\13 UHC was to update this survey in February 1999, with results
expected to be released to members by May 1999. 

\14 Because fewer than 50 percent of the surveyed hospitals
responded, the results cannot be generalized to all of the hospitals
that received the survey. 


      EFFORTS TO INITIATE
      COMPLIANCE PROGRAMS ARE
      DRIVEN IN PART BY SETTLEMENT
      AGREEMENTS WITH THE
      GOVERNMENT
---------------------------------------------------------- Letter :3.3

About 2,000 hospitals have agreed to implement certain compliance
procedures--in some cases a full compliance program covering all
Medicare risk areas--as part of an agreement with the government to
settle billing issues under the False Claims Act.  Nearly all of the
25 hospitals in our study had agreed to implement compliance
procedures as part of a settlement agreement for at least some part
of their operations.  Seventeen of the hospitals in our study agreed
to implement compliance procedures as part of a settlement under
Justice's 72-Hour Window Project.\15 The 72-Hour Window Project
investigates whether hospitals have separately billed Medicare for
outpatient services, which are already covered by a Medicare
inpatient payment, such as preadmission tests provided within 72
hours of admission.  The compliance procedures required under this
project include installing and maintaining computer systems to
identify such outpatient services before the hospital bills Medicare
as well as training billing personnel on the 72-hour rule.  These
settlements do not cover any risk area other than the 72-hour rule,
do not require ongoing monitoring, do not require the appointment of
a compliance officer, and do not impose any obligations on the
hospital to report any potential violations uncovered. 

At least 6 of the 25 hospitals in our study agreed to implement more
comprehensive corporate integrity agreements (CIA) to settle charges
of misconduct in their Medicare operations.  A CIA is an agreement
between a health care provider and HHS-OIG in conjunction with the
settlement of a case alleging health care fraud or abuse.  CIAs are
generally specific to the provider and case, set requirements for a
term of 3 to 5 years, and are a condition of the provider's continued
participation in Medicare and other federal health care programs. 
While CIA requirements vary, they generally include (1) the
appointment of a Compliance Officer; (2) mandatory compliance
training; (3) internal and/or independent external reviews of either
specified risk areas, the implementation of the agreement provisions,
or both; (4) notice to HHS-OIG of material violations when
identified; (5) annual reporting to HHS-OIG; and (6) continuing CIA
responsibilities after organizational changes such as mergers and
acquisitions.  If a provider fails to comply with the CIA, HHS-OIG
reserves the right to exclude the provider from Medicare and other
federal health care programs or, alternatively, impose monetary
penalties.  HHS-OIG has recently negotiated CIAs that require
compliance procedures covering all laws, regulations, and guidelines
relating to federal and state health care programs--not only those
relevant to the allegations in the case. 

Most of the hospital officials we interviewed told us that they felt
compelled to implement more extensive compliance procedures than
required of them by the federal government.\16 Twenty-two of the 25
hospitals we reviewed have government-imposed compliance procedures
of some type; nearly all of the 22 told us their compliance programs
go beyond the requirements of any settlement agreements they are
subject to--often far beyond.  For instance, as of December 31, 1998,
10 of the hospitals in our study have only the compliance procedures
associated with the 72-Hour Window Project imposed upon them.  Yet 9
of those 10 say they have implemented or plan to soon implement a
more comprehensive compliance program with procedures covering risk
areas such as medical necessity, laboratory billing, and upcoding. 

When asked why they felt the need to develop more rigorous compliance
programs, these hospital officials mentioned the heightened
enforcement environment, HHS-OIG guides and workplans showing a
continued enforcement focus on hospital billing, and expectations
that HCFA and accrediting bodies would soon require compliance
programs.  Some providers and observers in the field noted that
HCFA's requirement that managed care plans participating in the new
Medicare+Choice program implement compliance programs may be an
indication that compliance programs will eventually be mandated. 


--------------------
\15 Several of these organizations are large systems with many
hospitals.  In some cases only one or a few of the system's hospitals
were required to implement these procedures, while in other cases
more than half of the system's hospitals were so required.  Over
4,600 hospitals were targeted by this national initiative, and at
least 1,600 have agreed to implement compliance procedures as a part
of their settlement.  See Medicare:  Application of the False Claims
Act to Hospital Billing Practices (GAO/HEHS-98-195, July 10, 1998). 

\16 Requirements for providers to implement compliance procedures can
be imposed through the settlement agreement by Justice and HHS-OIG or
through an associated CIA. 


      FEW COMPLIANCE PROGRAMS IN
      STUDY ARE FULLY IMPLEMENTED
---------------------------------------------------------- Letter :3.4

Very few of the hospitals in our study have fully implemented their
compliance programs.  All 25 of them identified policies, processes,
and procedures that they said were important parts of their programs. 
However, only five of the hospitals have implemented all of the
policies, processes, and procedures identified.  Seventeen hospitals
have not conducted compliance program audits, to ensure that the
policies, processes, and procedures of their compliance program have
been carried out.  Seven hospitals still need to introduce the
compliance program to their employees.  Six hospitals have not
started doing background checks to identify sanctioned individuals,
and two hospitals have yet to establish an organizational code of
conduct. 

Figure 1 shows the implementation status and history of the various
components of the compliance programs being implemented by our
study's hospital providers. 

   Figure 1:  Compliance Program
   Implementation Reported by
   Hospitals

   (See figure in printed
   edition.)


   HOSPITALS REPORT COMPLIANCE
   PROGRAM COSTS ARE CONSIDERABLE
------------------------------------------------------------ Letter :4

According to the hospitals in our study, the implementation and
operation of compliance programs entail a considerable commitment of
time and money.  However, among hospitals that could provide us with
direct compliance program cost data, only one appears to spend more
than 1 percent of total patient care revenues.  All of the hospitals
in our study identified direct cost components, such as salaries and
fringe benefits for compliance officers and staff, consulting and
legal fees, and outside audit services; but determining the costs of
these and other components of compliance programs was difficult for
our hospital providers.  The lack of a compliance budget was the main
reason for this difficulty; the hospitals could not always
distinguish the costs attributable to their compliance programs from
those of their normal operations.  The components for which hospitals
could estimate costs, as well as the actual cost estimates, varied
widely among the hospitals.  Hospital officials pointed out that
their compliance programs also generate indirect costs, which are
more difficult to measure and may be greater than the direct costs. 


      COMPLIANCE PROGRAM COSTS ARE
      DIFFICULT TO MEASURE
      ACCURATELY
---------------------------------------------------------- Letter :4.1

Fifteen of the hospitals in our study did not specifically budget for
compliance activities, limiting their ability to give us precise or
comprehensive figures for their compliance program costs.  Without a
compliance budget, these officials were hard-pressed to distinguish
the costs of their compliance program-related activities from the
costs of their normal business operations.  In addition, the
compliance officials we interviewed differed as to their treatment of
costs absorbed by departments other than their own.  Some considered
these to be costs of their compliance program, others did not.  Eight
hospitals in our study told us their ability to report compliance
program costs was further limited because they had difficulty
identifying costs they would have incurred even without their formal
compliance programs.  For example, officials at six hospitals said
they had long audited medical records on a periodic basis and that
the compliance program merely formalized their methodology. 

The challenges in capturing compliance program costs were borne out
by UHC's February 1998 membership survey.  In addition to determining
which of its members were implementing compliance programs, UHC
attempted to gather comprehensive information about the cost of
compliance program components.  The consortium found that while
members could identify some cost information, they generally could
not provide cost estimates for all compliance program components. 


      ESTIMATES FOR COMPLIANCE
      PROGRAM DIRECT COSTS VARY
      WIDELY
---------------------------------------------------------- Letter :4.2

In general, the cost estimates given to us by hospitals fell under
the following compliance-related categories:  development of
policies, processes, and procedures; oversight activities; background
checks; training and education; auditing; operation of reporting
mechanisms, such as a compliance hotline; and attorney fees and
investigations.  The hospital officials we spoke with could not
address the costs associated with each of these categories because of
differences in how they organized their compliance programs and how
they funded these activities.  In those cost categories for which we
received more than one hospital's estimates, the costs reported
varied widely.  The relation of these costs to the organizations'
revenues varied as well.  In one case, the direct costs identified by
a hospital chain with relatively comprehensive cost estimates were
less than 1 percent of the chain's revenue.  In another, the
compliance officer of a hospital-affiliated physician practice plan
estimated the costs of its compliance program to be over 2 percent of
the plan's revenue. 

One direct cost figure frequently identified by hospitals was the
annual salary(ies) of the compliance officer/staff.  The low cost
reported was $15,000 at a mid-sized hospital where the compliance
officer devoted 10 percent of his time to compliance and the hospital
received substantial support and guidance from its system parent. 
The highest estimated cost was $2.5 million at a large hospital
system where the compliance staff included four full-time attorneys
and support staff.  Audit costs (both internal and external) were the
most frequently identified direct cost component, with estimates
ranging from $17,000 to about $3.8 million per year. 


      COMPLIANCE PROGRAMS HAVE
      INDIRECT COSTS
---------------------------------------------------------- Letter :4.3

The hospitals in our study also identified many significant indirect
costs associated with their compliance programs.  Foremost among
these was employee and physician time spent away from regular duties
while attending compliance-related training.  Indirect compliance
program costs were not generally estimated by the hospitals in our
study, but hospital officials told us these costs might be larger
than the direct costs.  For example, the compliance officer from a
hospital that did estimate some indirect costs told us that the
organization spent approximately $2 per employee to present its
compliance program training.  However, he estimated the value of the
time spent by the employees away from their normal duties while
attending the training to be $25 per employee, over 10 times as much. 
Other indirect compliance program costs identified by hospitals in
our study include the time of high-level executives spent on
compliance program development and oversight, and lower revenues as a
result of conservative billing practices. 


   EARLY EVIDENCE OF COMPLIANCE
   PROGRAM EFFECTIVENESS IS
   INCONCLUSIVE
------------------------------------------------------------ Letter :5

The principal objective of compliance programs, and hence the most
direct measure of their effectiveness, is their performance in
preventing improper Medicare payments.  However, baseline data on the
amount of improper payments made to providers is lacking; and the
costs associated with gathering such baseline data--or comparison
data for providers without compliance programs--have precluded the
use of this effectiveness measure.  Lacking such a direct measure,
HHS-OIG plans to continue using various indirect measures, including
refunds of provider-identified overpayments and self-disclosures of
potential misconduct, to determine whether or not compliance programs
are effective.  Officials from HHS-OIG and Justice told us they
anticipate that, as providers fully implement their compliance
programs, provider-identified refunds and self-disclosures should
increase, at least initially.  Another possible indicator of
effectiveness mentioned by law enforcement authorities is the
frequency of disciplinary actions taken against noncompliant
employees.  Hospital officials in our study agreed that these
measures could indicate compliance program effectiveness, but pointed
to some others as well.  The most frequently mentioned was increased
employee awareness of proper billing rules and other compliance
policies and procedures. 

While each of the measurement criteria mentioned has limitations that
prevent conclusive proof that the elements of compliance programs
reduce improper Medicare payments, there are preliminary indications
that such programs can have a positive effect.  For example, some
Medicare contractors have reported refunds of provider-identified
overpayments, although neither they nor HCFA keep track of this
indicator on a systematic basis.  Self-disclosures of potential
misconduct by providers have been reported by HHS-OIG, Justice, and
hospital officials, although the number of self-disclosures reported
is small.  Hospital officials also reported taking disciplinary
actions against noncompliant employees and instituting corrective
actions, such as remedial training of billing staff.  Finally, the
hospitals in our study overwhelmingly believe that the benefits of
their compliance programs exceed their costs. 


      REFUNDS OF
      PROVIDER-IDENTIFIED
      OVERPAYMENTS
---------------------------------------------------------- Letter :5.1

Because compliance programs are relatively new to the health care
industry, HHS-OIG and Justice officials say they have yet to come
across many that led to refunds of provider-identified overpayments. 
These officials do acknowledge, however, that some billing errors are
inevitable.  Therefore, they expect that as effective compliance
programs are implemented, these errors will be detected and such
detection will lead to an increase in refunds of provider-identified
overpayments.  HHS-OIG officials think this will happen because the
monitoring of compliance across the risk areas identified by their
compliance guides will probably cause providers to examine billing
issues that they had not examined before.  HHS-OIG and Justice
officials further expect that as compliance programs mature,
providers' compliance with Medicare billing rules should increase and
refunds of provider-identified overpayments should then decline. 

Others we spoke with cautioned that a variety of factors could
contribute to an increase in refunds of provider-identified
overpayments--not just the effectiveness of compliance programs.  For
example, a change in Medicare billing rules or the institution of a
new payment system might cause errors that could lead to an increase
in refunds of provider-identified overpayments.  Similarly, provider
operational changes, such as entering a new line of business or
acquiring another provider, could lead to an increase in overpayments
returned.  Moreover, while several hospitals in our study were
hopeful that over time the billing errors detected by their
compliance program would decline, a few felt that billing errors
might not, in fact, decline because of the complexity of Medicare
rules.  Therefore, tracking refunds of provider-identified
overpayments--either for an individual provider or for providers
overall--may not be sufficient to determine effectiveness of
compliance programs. 

HCFA officials and some Medicare contractors we talked with told us
that although they do not routinely track refunds of
provider-identified overpayments, they have noted an increase in such
refunds within the last 2 years.\17 Without extensive research, these
Medicare contractors were not able to tell us the actual amount of
all such refunds.  Nevertheless, two of the contractors were able to
identify some amounts refunded.  For example, one recently received a
$2.7 million refund from a home health agency that said the
overpayment was identified through its compliance program.  In this
case, after reviewing documents provided by the agency and reviewing
the actions the agency has taken to ensure future billings are
correct, the contractor is now in the process of assessing the
agency's method for determining the refund amount.  This contractor
also received a $200,000 refund from a teaching hospital.  One of the
other two contractors we spoke with also reported that it had
received refunds of overpayments, reportedly due to compliance
programs. 

Several hospitals indicated their compliance program had led to
refunds of overpayments or informal self-disclosures.  Generally,
refunds of overpayments arose pursuant to an internal audit of a
specific functional area identified by HHS-OIG as high-risk.  For
example, one hospital told us it does quarterly audits of its
compliance with physician billing rules and has refunded identified
overpayments when it was too late for them to resubmit the bill.  The
hospitals in our study generally viewed such refunds of overpayments
to Medicare's contractors as informal self-disclosures to the
government.  Yet several hospitals were concerned that the
contractors they deal with did not know how to process the refunds of
self-identified overpayments, and a few expressed concern that the
contractors would automatically refer these refunds to HHS-OIG. 


--------------------
\17 These refunds are for groups of erroneous claims and are in
addition to refunds Medicare contractors receive under the
longstanding practice of submitting corrected claims or in settlement
of a cost report. 


      SELF-DISCLOSURES OF
      POTENTIAL MISCONDUCT
---------------------------------------------------------- Letter :5.2

HHS-OIG and Justice officials told us of one hospital provider who
formally self-disclosed potential misconduct after a review of its
billing procedures.  These officials expect to see more formal
self-disclosures such as this one, because the HHS-OIG compliance
guides and the Sentencing Guidelines for Organizations both say
misconduct identified by a compliance program should be reported to
HHS-OIG or Justice.\18 HHS-OIG requires that providers who enter into
CIAs report on the implementation of the agreement, and these reports
usually include disclosures of refunds of overpayments and of
potential misconduct.\19 Both HHS-OIG and Justice officials told us
they have used speaking engagements and public documents to support
and encourage providers to self-disclose as part of an effective
compliance program. 

Some hospital officials agreed that as compliance programs are
implemented, self-disclosures of possible wrongdoing might increase. 
However, most hospitals said they expect that the increased awareness
of compliance issues created by an effective compliance program will
result in the prevention of misconduct that otherwise might occur. 
Therefore, there may be fewer instances of potential misconduct for
providers to self-disclose.  As a result, tracking self-disclosures
of potential misconduct--either for an individual provider or for
providers overall--may not be an appropriate indicator of
effectiveness. 

HHS-OIG has operated a formal voluntary disclosure mechanism since
1995 and revised the process in October 1998.  Providers who identify
potential misconduct within their organizations can use this
mechanism to self-report such potential misconduct.  The hospitals in
our study generally did not see formal disclosure as a viable option. 
As of December 31, 1998, only 20 providers had applied to use this
mechanism, and it is not clear that those who did formally
self-disclose did so as a result of a formal compliance program.\20
(See app.  II for further discussion of formal voluntary disclosure
mechanisms.)

Although few providers have used the formal self-disclosure
mechanism, some of the hospitals in our study told us they had
informally contacted HHS-OIG or Justice officials to discuss billing
problems in their organization before returning an overpayment to
Medicare.  In some instances, the problem was identified through
their compliance program.  The typical informal self-disclosure that
hospitals described to us involves the provider's attorney
approaching an HHS-OIG or Justice representative and describing the
issue on behalf of the provider.  Hospitals and hospital associations
and their advisers told us self-disclosure is fraught with risk, and
therefore it is a step that is taken only after careful consideration
of the ramifications. 


--------------------
\18 The U.S.  Sentencing Commission guidelines for the sentencing of
organizations states that the organization will not get credit for an
effective compliance program if, after becoming aware of an offense,
the organization unreasonably delayed reporting the offense to
appropriate governmental authorities.  See USSG 8C2.5(f).  The term
appropriate governmental authorities does not encompass
governmental agents, such as Medicare contractors.  See USSG 8C2.5(f)
(n.  11).  The guide for hospitals states that where there is
credible evidence of misconduct [that] may violate criminal, civil
or administrative law, [ ] the hospital promptly should report the
misconduct to Justice or HHS-OIG.  See Hospital Guide, 63 Fed.  Reg. 
8998, n.  56. 

\19 HHS-OIG officials told us that they plan to use this reported
information, once it becomes due, to determine the effect of CIAs,
which providers have agreed to implement in order to settle billing
and fraud issues with the government. 

\20 In its technical comments on this report, HHS-OIG told us that
since December 31, 1998, it has received 14 additional disclosures. 


      OTHER POSSIBLE INDICATORS OF
      COMPLIANCE PROGRAM
      EFFECTIVENESS
---------------------------------------------------------- Letter :5.3

Justice, HHS-OIG, and the hospitals in our study identified other
possible indicators of compliance program effectiveness.  For
example, HHS-OIG and Justice have said they will be looking for
disciplinary actions taken by providers against employees who have
not followed compliance procedures.  The hospitals in our study that
reported overpayment refunds and self-disclosures told us that they
also took additional corrective actions such as remedial training,
discipline, and modification of compliance program policies and
procedures.  For example, some hospitals associated with physician
groups told us they used special procedures to review the bills for
physicians with documentation problems.  A few of these hospitals
make the physician either absorb this expense, foot the costs of
remedial training, or pay some other type of monetary sanction in an
attempt to improve that physician's compliance.  Several hospitals
have had trainers teach correct billing and coding techniques to the
employees who are identified by audits as having weaknesses in these
areas. 

The major intangible indicator mentioned by hospitals is an increased
corporate awareness of compliance as shown by frequent calls to
compliance staff and/or hotlines for guidance.  Sixteen hospitals
told us that an improved employee knowledge of compliance issues,
risk areas, and procedures is something they will consider in
evaluating the effectiveness of their compliance efforts.  Some plan
to measure this knowledge in conjunction with compliance training by
asking employees questions such as What is our hotline number? and
What risk areas does our organization face? A few hospitals will
have employees respond to hypothetical situations so the compliance
officer can judge whether or not the employee knows what to do when
faced with concerns regarding compliance with Medicare rules. 


      PROVIDERS REPORT BENEFITS OF
      COMPLIANCE PROGRAMS EXCEED
      THE COSTS
---------------------------------------------------------- Letter :5.4

Almost all of the hospitals in our study believe their liability
under the fraud and abuse statutes will be reduced as a result of
their compliance programs.  For most of them the reduction of
improper payments and their attendant liabilities is a benefit that
exceeds the costs of their compliance programs.  In addition to this
benefit, hospitals expressed hope that they would receive some form
of recognition of their compliance efforts if they should be the
targets of an investigation by the federal government.  They also
believe the compliance program helps foster an improved culture for
doing the right thing. Additionally, several hospitals said their
compliance program helps them maintain their reputation in the
community.  These hospital officials told us that these benefits,
where realized, also indicate compliance program effectiveness. 

Several of the hospitals we interviewed told us they received such
recognition when they were the target of an investigation.  One
hospital, with a long-standing compliance program, told us that it
was subject to an HHS-OIG Physicians at Teaching Hospitals audit.\21
This hospital credited its compliance program with enabling it to
arrange not only a less expensive method for conducting the audit
but, ultimately, a written resolution of the audit without
findings.\22

Five hospitals that had entered into settlements with Justice and
HHS-OIG told us that their compliance efforts were recognized in the
form of nonexclusion from Medicare, less onerous future compliance
requirements, or less than treble damages.  However, more hospitals
expressed concern about not getting such recognition from law
enforcement agencies.  At least one hospital system claimed that a
U.S.  Attorney did not give it credit for its preexisting compliance
program in a settlement because the U.S.  Attorney believed the
hospital involved had not effectively corrected prior misconduct. 
Nevertheless, Justice and HHS-OIG officials told us, and have
publicly stated, that they will consider the presence of an effective
compliance program when settling allegations of improper billing by
hospitals. 

During our study we attempted to determine whether U.S.  Attorneys
have encountered compliance programs in the course of their
investigations and whether the presence of a compliance program
affected the investigation.  Because Justice does not track whether
health care providers it investigates have compliance programs, we
asked Justice officials to contact the U.S.  Attorneys' offices
responsible for most of the districts where the providers in our
study were located.  In these 20 districts, the U.S.  Attorneys
reported four closed cases in which the health care provider
investigated had a compliance program in place at the time of the
investigation.  One case involved the self-disclosure and refund of
an overpayment identified in a compliance program audit.  This case
was closed with no action taken by Justice.  In another case, the
U.S.  Attorney reported that a provider being investigated for
billing problems had a compliance program in place that appeared to
have prevented billing problems, and the investigation was dropped. 

In the remaining two cases, although a compliance program was in
place at the time of the alleged misconduct, the U.S.  Attorneys
involved indicated they did not reduce damages when arriving at the
settlement.  U.S.  Attorneys also reported that several providers
under current investigation have compliance programs that were in
place at the time of the alleged misconduct.  However, because these
cases are still open, Justice officials will not discuss whether or
how the presence of a compliance program will affect the final
disposition of these cases. 


--------------------
\21 GAO reviewed this multistate initiative.  See Medicare:  Concerns
With Physicians at Teaching Hospitals (PATH) Audits (GAO/HEHS-98-174,
July 23, 1998). 

\22 An HHS-OIG official told us that HHS-OIG did not evaluate this
provider's compliance program as part of the audit. 


   CONCLUSIONS
------------------------------------------------------------ Letter :6

In addition to stepping up enforcement actions, HHS-OIG, HCFA, and
Justice have all encouraged the adoption of compliance programs in
the hopes of reducing improper Medicare payments.  The voluntary
compliance of hospitals and other Medicare providers is crucial to
reducing the improper payments that continue to plague the program. 

Although determining the prevalence of such programs is difficult,
there is a consensus among providers and agencies that these programs
are becoming more widespread.  Furthermore, despite the investment of
time and resources that compliance programs entail, many hospitals
believe the benefits of these programs--particularly reduced
liability under the fraud and abuse statutes--outweigh their costs. 
Finally, while the effectiveness of compliance programs is difficult
to determine with certainty, HHS-OIG, HCFA, Justice, and providers
themselves believe that compliance programs can reduce improper
Medicare payments. 


   AGENCY COMMENTS AND OUR
   EVALUATION
------------------------------------------------------------ Letter :7

We provided a draft of this report for comment to HHS-OIG and
Justice.  The following summarizes their comments and our responses. 

HHS-OIG expressed concern that the title of the report does not
reflect its view that compliance programs are effective in promoting
compliance with requirements of federal health care programs. 
HHS-OIG points to the consensus among the hospitals in our study that
the benefits of compliance programs exceed their costs as evidence of
compliance program effectiveness.  Finally, HHS-OIG identified
several other indicators that improper payments in the Medicare
program may have declined, such as its recent review of Medicare
fee-for-service payments.  In this review HHS-OIG reported a decline
in its estimate of improper payments, from $10.6 billion in fiscal
year 1997 to $7.7 billion in fiscal year 1998.  We included the views
of HHS-OIG and providers regarding the benefits of compliance
programs in our report.  However, we continue to believe that the
principal measure of compliance programs' effectiveness is their
effect on improper payments.  The evidence available to date does not
show that compliance programs have reduced improper Medicare
payments.  Indeed, HHS-OIG acknowledges that it does not have
empirical evidence supporting a causal relationship between a decline
in improper payments and implementation of compliance programs. 
HHS-OIG also provided technical comments, which we incorporated as
appropriate.  HHS-OIG's comments appear in appendix III. 

Officials from Justice's Executive Office for United States Attorneys
reviewed the draft and offered technical comments, which we
incorporated as appropriate. 


---------------------------------------------------------- Letter :7.1

We are sending copies of this report to the Honorable Donna E. 
Shalala, Secretary of Health and Human Services; the Honorable June
Gibbs Brown, HHS Inspector General; the Honorable Nancy-Ann Min
DeParle, Administrator of HCFA; the Honorable Janet Reno, U.S. 
Attorney General; the organizations we visited; and other interested
parties. 

Please call me at (312) 220-7600 or Paul Alcocer at (312) 220-7709 if
you or your staffs have any questions about this report.  The other
major contributors are Barbara A.  Mulliken and Victoria M.  Smith. 

Leslie G.  Aronovitz
Associate Director, Health Financing and
 Public Health Issues


METHODOLOGY
=========================================================== Appendix I

To determine how prevalent compliance programs are among Medicare
providers, we interviewed officials at HCFA; HHS-OIG; and
provider-affiliated associations, including the American Hospital
Association (AHA) and the Health Care Compliance Association.  We
also reviewed some of the results of two 1998 compliance program
surveys conducted by the University HealthSystem Consortium and AHA. 
In addition, we asked providers about their perspective on the
prevalence of compliance programs among their peers. 

To determine what costs are involved with compliance programs, we
interviewed 30 Medicare providers.  We contacted 37 providers, and 30
of them were willing to speak with us directly about their compliance
programs.  We selected these providers on the basis of a variety of
factors that indicated a compliance program in place at that
institution.  These factors included articles commenting on a
compliance program, prior interviews with GAO personnel indicating a
compliance program, active corporate integrity agreements, referrals
by agency and association officials, and application to HHS-OIG's
Voluntary Disclosure Program.  The 30 providers we interviewed
represent a range of provider type, geographic service area,
organizational size, religious affiliation, and profit status. 

Of the 30 provider organizations interviewed, 25 of them are
hospitals or hospital-affiliated organizations, including physician
groups.  Our review focused primarily on hospital providers because
they receive the largest share of Medicare funds and are the focus of
several current enforcement actions.  (The remaining five Medicare
providers are an independent clinical laboratory, a home health
organization, a durable medical equipment provider, a skilled nursing
provider, and a managed care organization.  We interviewed these
nonhospital providers for comparison purposes only).  We asked
provider-affiliated association officials about their perspective on
the cost of compliance programs among their member organizations.  We
also asked approximately 30 vendors of compliance-related products
and services for the prices of their products and services, but used
these for comparison purposes only. 

To determine how the effectiveness of compliance programs should be
measured, we interviewed officals at the Department of Justice,
HHS-OIG, and provider-affiliated associations; several observers in
the field; and 30 Medicare providers.  We also reviewed the Federal
Sentencing Guidelines for Organizations, case law referencing
compliance programs, HHS-OIG Compliance Guides, Model Compliance
Manuals, and the marketing material of approximately 30 vendors of
compliance-related products and services.  To determine whether
compliance programs are effective, we interviewed three Medicare
contractors, Justice, HHS-OIG, and HCFA with regard to the presence
of the measures that had been identified.  We also interviewed
provider-affiliated associations, several observers in the field, and
30 Medicare providers about their perspective on the effectiveness of
compliance programs but used this information for comparison purposes
only.  We also reviewed the results of HHS-OIG's Voluntary Disclosure
Program. 

We conducted our work at HCFA, HHS-OIG, Justice, and selected
provider and provider-affiliated association offices.  We performed
our work between May 1998 and February 1999 in accordance with
generally accepted government auditing standards. 

HHS-OIG'S VOLUNTARY DISCLOSURE PROGRAM/PROTOCOL

In May 1995, HHS-OIG and Justice initiated a pilot Voluntary
Disclosure Program (VDP) in conjunction with the Operation Restore
Trust initiative\23 for providers to report instances of possible
misconduct.  In An Open Letter to Health Care Providers, HHS-OIG
stated that the success of this and other such initiatives would be
best ensured through cooperative efforts with providers.  However,
the VDP pilot was ostensibly open only to the providers targeted by
Operation Restore Trust.\24 Moreover, acceptance into the program was
predicated on strict eligibility requirements being met.  The
disclosure had to be on behalf of an entity and not an individual,
and the entity could not be under investigation at the time of
application. 

During the VDP pilot period--May 1995 through May 1997--Justice was a
signatory to the agreement with the self-disclosing provider and
HHS-OIG upon entry into the program.  However, because of the low
number of applications during the pilot period, Justice chose to no
longer participate in this program.  After assessing the pilot
program and exploring criticisms leveled at it, HHS-OIG decided to
continue these efforts under a Voluntary Disclosure Protocol
(Protocol).  The two hospitals we spoke with that were accepted into
VDP told us that despite a high level of HHS-OIG cooperation, the
application process was arduous and expensive. 

Table II.1:  reports the activity, by calendar year, in HHS-OIG's
VDP/Protocol. 



                         Table II.1
          
              Activity in HHS-OIG's Voluntary
                Disclosure Program/Protocol

                     Providers  Applications         Cases
                  that applied      accepted       settled
----------------  ------------  ------------  ------------
1995                         6             3             2
1996                         4             4             1
1997                       1\a             0            \b
1998                         9             5             0
==========================================================
Total                       20            12             3
----------------------------------------------------------
\a Provider applied after the pilot VDP had ended. 

\b Not applicable. 

As table II.1 illustrates, the number of disclosures under VDP and
the Protocol has been small.  An HHS-OIG official told us he believes
that with Justice no longer a formal partner in the program, it is
unlikely that this Protocol will be highly utilized.  However, in the
belief that VDP's strict application requirements were discouraging
providers from applying, HHS-OIG removed the eligibility requirements
from the Protocol.\25 It should be noted, however, that like the VDP,
the Protocol does not offer any assurances to self-disclosing
providers.\26



(See figure in printed edition.)Appendix III

--------------------
\23 The purpose of this 2-year demonstration project was to
illustrate that extensive collaboration among law enforcement
agencies would result in greater effectiveness and efficiency in
preventing and detecting fraud and abuse in certain targeted services
reimbursed by Medicare and Medicaid.  Operation Restore Trust was
aimed specifically at fraud, waste, and abuse in three areas:  home
health, nursing homes, and durable medical equipment suppliers.  It
targeted providers in five states:  New York, Florida, Illinois,
Texas, and California. 

\24 According to the pilot VDP statistics given to us by HHS-OIG,
none of the applicants met the criteria.  Justice officials told us
it was their understanding that no voluntary disclosures were
submitted during the pilot period by entities within the scope of the
program. 

\25 63 Fed.  Reg.  58,399 (Oct.  30, 1998).  HHS-OIG continues to
determine whether the disclosing provider is under investigation. 
According to the Protocol, HHS-OIG will not continue to work with a
provider that is under investigation if the collaboration interferes
with the efficient and effective resolution of the inquiry. 63 Fed. 
Reg.  58,400. 

\26 63 Fed.  Reg.  58,401.  (The HHS-OIG is not bound by any
findings made by the disclosing provider under the Provider
Self-Disclosure Protocol and is not obligated to resolve the matter
in any particular manner.)


COMMENTS FROM THE DEPARTMENT OF
HEALTH AND HUMAN SERVICES' OFFICE
OF INSPECTOR GENERAL
========================================================== Appendix II



(See figure in printed edition.)



(See figure in printed edition.)



(See figure in printed edition.)



(See figure in printed edition.)


ORGANIZATIONS AT WHICH GAO
CONDUCTED INTERVIEWS
========================================================== Appendix IV

Alton Ochsner Medical Foundation, New Orleans, La.
American Hospital Association, Washington, D.C.
Beaumont Rehabilitation and Skilled Nursing Centers, Westborough,
Mass.\27


Catholic Health Initiatives, Denver, Colo.
Catholic Healthcare West, San Francisco, Calif.
Cook County Hospital, Chicago, Ill.
Coventry Health Care, Bethesda, Md.
Deborah Heart and Lung Center, Browns Mills, N.J.
Ethics Officers Association, Boston, Mass.
Gottlieb Memorial Hospital, Melrose Park, Ill.
Health Care Compliance Association, Philadelphia, Pa.
Holy Cross Health System, South Bend, Ind.
Home Health Corporation of America, King of Prussia, Pa.
Home Life Medical, Inc., Woburn, Mass.
Huguley Memorial Medical Center, Fort Worth, Tex.\28


Joint Commission on Accreditation of Healthcare Organizations, Oak
Brook, Ill.
Lewistown Hospital, Lewistown, Pa.
MedCentral Health System, Mansfield, Ohio
Meridia Health System, Cleveland, Ohio\29


Montefiore Medical Center, Bronx, N.Y.
Parkland Health and Hospital System, Dallas, Tex.
Poudre Valley Hospital, Ft.  Collins, Colo.
Provena Saint Therese Medical Center, Waukegan, Ill.\30


Quest Diagnostics, Teterboro, N.J.
Quorum Health Group, Brentwood, Tenn.
Reedsburg Area Medical Center, Reedsburg, Wis.
Rural Wisconsin Health Cooperative, Sauk City, Wis.
Southern Illinois Healthcare, Carbondale, Ill.
Southern Illinois University, Springfield, Ill.
Sutter Health, Sacramento, Calif.
Tenet Healthcare Corporation, Santa Barbara, Calif.
Texas Health Resources, Irving, Tex.
UCSF Stanford Health Care, San Francisco, Calif.
University HealthSystem Consortium, Oak Brook, Ill.
University of Colorado Medical Services Foundation, Denver, Colo.
University of Virginia Health Services Foundation, Charlottesville,
Va. 


--------------------
\27 A member of The Salmon Family of Services. 

\28 A member of Adventist Health System. 

\29 A member of Cleveland Clinic Health System. 

\30 A member of Provena Health. 


*** End of document. ***