Medicare Automated Systems: Weaknesses in Managing Information Technology
Hinder Fight Against Fraud and Abuse (Testimony, 09/29/97,
GAO/T-AIMD-97-176).

GAO discussed: (1) the Health Care Financing Administration's (HCFA)
Medicare Transaction System (MTS) and the recommendations GAO made to
correct serious weaknesses in its management identified as part of a GAO
review; (2) two continuing HCFA initiatives to combat fraud and abuse;
and (3) underlying information technology management issues.

GAO noted that: (1) to improve the efficiency and effectiveness of
Medicare operations and better address fraud and abuse, HCFA planned to
develop one unified computer system to replace the existing system, but
the project encountered problems from the beginning; (2) HCFA assessed
the project's viability and decided to terminate both the request for
proposals for the MTS sites and the entire software-development
contract; (3) HCFA has two other independent information technology
initiatives in the areas of fraud and abuse that are
continuing--analyzing the potential for using existing commercial
software and exploring the possibilities for developing antifraud
software; (4) HCFA did not begin to test the feasibility of using
commercial code-manipulation software to process Medicare claims until
about 1 year after GAO reported on its potential; (5) any positive
results from this testing are not expected to be implemented nationally
for at least several years; (6) HCFA chose to enter an agreement with
Los Alamos National Laboratory that allowed it to explore developing
such software; (7) results from this program appear to be years away
because once the system's design is complete, HCFA would have to award
another contract to a software developer to create from the Los Alamos
design; (8) HCFA would have to acquire new computers to implement any
Los Alamos-based fraud detection system because its approaches, which
were originally to become part of MTS, are not designed to be integrated
with the Medicare claims processing systems to which HCFA is
transitioning; (9) HCFA's negative experience with its automation
projects represents a pattern of weaknesses GAO sees throughout the
federal sector; weaknesses in management that stymie effective systems
development and implementation; (10) the Clinger-Cohen Act of 1996, the
Paperwork Reduction Act of 1995, the Chief Financial Officers Act of
1990, and the 1993 Government Performance and Results Act, provide a
powerful framework under which federal agencies have the best
opportunity to improve the management and acquisition of information
technology; (11) HCFA has recognized the need to more effectively manage
its information technology acquisitions, and has taken several important
steps, but much remains to be done to ensure that HCFA's initiatives are
cost-effective and serve its mission; and (12) HCFA has not yet
implemented GAO's recommendations in establishing investment processes
that will allow it to maximize the value, manage the risks of its
information technology acquisitions, and tightly control spending.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  T-AIMD-97-176
     TITLE:  Medicare Automated Systems: Weaknesses in Managing 
             Information Technology Hinder Fight Against Fraud and Abuse
      DATE:  09/29/97
   SUBJECT:  Health care programs
             Fraud
             Information resources management
             Claims processing
             Medical information systems
             Contract termination
             Commercial products
             Computer software
             Program abuses
             Overpayments
IDENTIFIER:  Medicare Program
             HCFA Medicare Transaction System
             GAO High Risk Program
             
******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO report.  Delineations within the text indicating chapter **
** titles, headings, and bullets are preserved.  Major          **
** divisions and subdivisions of the text, such as Chapters,    **
** Sections, and Appendixes, are identified by double and       **
** single lines.  The numbers on the right end of these lines   **
** indicate the position of each of the subsections in the      **
** document outline.  These numbers do NOT correspond with the  **
** page numbers of the printed product.                         **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
** A printed copy of this report may be obtained from the GAO   **
** Document Distribution Center.  For further details, please   **
** send an e-mail message to:                                   **
**                                                              **
**                                            **
**                                                              **
** with the message 'info' in the body.                         **
******************************************************************


Cover
================================================================ COVER


Before the Subcommittee on Oversight and Investigations, Committee on
Commerce, House of Representatives

For Release on Delivery
Expected at
1 p.m.
Monday,
September 29, 1997

MEDICARE AUTOMATED SYSTEMS -
WEAKNESSES IN MANAGING INFORMATION
TECHNOLOGY HINDER FIGHT AGAINST
FRAUD AND ABUSE

Statement of Joel C.  Willemssen
Director, Information Resources Management
Accounting and Information Management Division

GAO/T-AIMD-97-176

GAO/AIMD-97-176t


(511224)


Abbreviations
=============================================================== ABBREV

  CIO - Chief Information Officer
  HCFA - Health Care Financing Administration
  HHS - Department of Health and Human Services
  MTS - Medicare Transaction System

============================================================ Chapter 0

Mr.  Chairman and Members of the Subcommittee: 

We are pleased to join you today in examining the actions of the
Health Care Financing Administration (HCFA)--an agency of the
Department of Health and Human Services (HHS)--in attempting to
acquire effective information technology systems to combat fraud and
abuse within Medicare.  HCFA's primary information technology
initiative over the last several years was known as the Medicare
Transaction System (MTS), a key objective of which was to help detect
such fraud and abuse.  As you know, this project was canceled just
last month. 

The existence of fraud and abuse within the Medicare program is
undisputed and, accordingly, we have designated it as a high-risk
area.\1 The HHS Office of Inspector General audit of HCFA's fiscal
year 1996 financial statements estimated that net overpayments
totaled about $23.2 billion nationwide, or about 14 percent of total
Medicare fee-for-service payments.  The Inspector General pointed out
that these overpayments could range from inadvertent mistakes to
outright fraud and abuse. 

Ongoing HCFA information technology initiatives to combat fraud and
abuse include an agreement reached with the Department of Energy's
Los Alamos National Laboratory in 1995 to research the potential
identification of fraud and abuse patterns, and, since September
1996, HCFA's assessment of the feasibility of using commercial
abuse-detection software along with its multiple internal
claims-processing systems. 

My statement today will focus primarily on MTS and the
recommendations we made to correct serious weaknesses in its
management identified as part of our review completed last May.\2 I
will then describe these two continuing HCFA initiatives against
fraud and abuse, including the agency's response to recommendations
made in earlier reports of ours addressing the potential benefits to
be derived from the use of commercial abuse- detection software. 
Finally, I will frame the discussion in broader terms, examining
underlying information technology management issues with an eye
toward identifying causes and solutions so that we can be more
successful in utilizing the power of automated systems against fraud
and abuse. 


--------------------
\1 High-Risk Series:  Medicare (GAO/HR-97-10, Feb.  1997). 

\2 See Medicare Transaction System:  Success Depends Upon Correcting
Critical Managerial and Technical Weaknesses (GAO/AIMD-97-78, May 16,
1997) and Medicare Transaction System:  Serious Managerial and
Technical Weaknesses Threaten Modernization (GAO/T-AIMD-97-91, May
16, 1997). 


   MTS:  ENVISIONING A SINGLE
   CLAIMS-PROCESSING SYSTEM
---------------------------------------------------------- Chapter 0:1

Medicare is a huge program.  As the nation's largest health insurer,
it serves some 38 million Americans by providing health insurance to
those aged 65 and over and to many of the nation's disabled.  It
disburses over $200 billion in health care benefits every year, and
by 2000 is expected to be processing 1 billion claims annually. 

The Medicare program is divided into two components--part A and part
B.  Part A encompasses facility-based services, with claims paid to
hospitals, skilled nursing facilities, hospices, and home health
agencies.  Part B comprises outpatient services, with claims paid to
physicians, laboratories, medical equipment suppliers, and other
outpatient providers and practitioners. 

Claims processing for the Medicare program is handled at some 45
sites throughout the country by about 70 private companies under
contract with HCFA.  Contractors handling part A services, called
intermediaries, had been using three different computer systems to
process claims; those handling part B, called carriers, used six
different systems. 

In order to improve the efficiency and effectiveness of Medicare
operations and better address fraud and abuse, HCFA planned to
develop one unified computer system to replace the existing systems. 
In January 1994, HCFA awarded a contract to a software developer to
design, develop, and implement the MTS automated claims-processing
information system.  In so doing, MTS was to aid HCFA in identifying
fraud and abuse by utilizing an integrated database that would
greatly improve HCFA's ability to profile data by type of service on
a national or regional basis.  The single system would integrate data
from Medicare part A and part B and managed care (a newer, third
component), provide a comprehensive view of billing practices, and
incorporate new technology to facilitate innovative investigative
procedures. 

The MTS project encountered problems from the very beginning.  It was
plagued with schedule delays, cost overruns, and the lack of
effective management and oversight.  We repeatedly reported that HCFA
was not applying effective investment management practices in its
planning and management and, as a result, had no assurance that the
project would be cost-effective, delivered within estimated time
frames, or even improve the processing of Medicare claims.\3

MTS costs had also escalated dramatically.  As we testified in May,
total estimated project costs jumped sevenfold in 5 years, from $151
million in 1992 to about $1 billion in 1997.  I should point out that
the $1 billion figure included costs for transitioning from the three
part A and six part B systems to a single part A and a single part B
system prior to implementing MTS, and for acquiring MTS operating
sites. 

To justify the continuation of MTS, we recommended in May 1997 that
HHS require HCFA to prepare a valid cost-benefit and alternatives
analysis.  Further, we recommended at that time that HHS withhold
funding for proposed MTS operating sites until these sites were
justified. 

We likewise identified critical areas in which HCFA was not using
sound systems-development practices in managing its MTS software
development contractor.  HCFA had not developed the kinds of plans
that are critical to systems success.  This included missing or
inadequate plans for three important components of systems
development:  requirements management, configuration management, and
systems integration.  Finally, HCFA had not adequately monitored its
contractor's activities using measures of software development
quality.  These problems decreased HCFA's chances of controlling the
development of systems requirements and software. 


--------------------
\3 GAO/AIMD-97-78, May 16, 1997; GAO/T-AIMD-97-91, May 16, 1997;
Medicare Transaction System:  Strengthened Management and Sound
Development Approach Critical to Success (GAO/T-AIMD-96-12, Nov.  16,
1995); and Medicare:  New Claims Processing System Benefits and
Acquisition Risks (GAO/HEHS/AIMD-94-79, Jan.  25, 1994). 


      MTS CONTRACT IS TERMINATED
-------------------------------------------------------- Chapter 0:1.1

Given the magnitude of problems surfaced with MTS, along with runaway
costs, HCFA further assessed the project's viability.  Faced with the
prospect of spending hundreds of millions of dollars to acquire MTS
operating sites along with additional millions of dollars for the
software development effort, HCFA decided to terminate both the
request for proposals for the sites and the entire
software-development contract as well.  On August 15, 1997, HCFA
terminated the MTS contract on which it had spent about 3 and a half
years and about $80 million to date--about $50 million for software
development and about another $30 million for internal HCFA costs. 

What has that money purchased?  A huge learning experience about the
difficulty of acquiring such a large system under a single contract
and a better understanding of the requirements for developing a
Medicare claims processing system, but no integrated claims
processing software to aid HCFA in preventing fraud and abuse.  Still
to be delivered to HCFA, at additional cost under the original
contract, is a set of application requirements for what was to have
been the managed care module.  The agency is considering awarding
another contract for the development and implementation of managed
care software using these requirements.  In addition, it is now
beginning to reconsider its approach for identifying requirements and
developing software for two features that were planned as part of
MTS:  a beneficiary insurance file and a financial management
component. 


   ONGOING HCFA TECHNOLOGY
   INITIATIVES TO COMBAT FRAUD AND
   ABUSE
---------------------------------------------------------- Chapter 0:2

While the MTS termination delays one means of possibly combatting
fraud and abuse, HCFA has two other independent information
technology initiatives in this area that are continuing.  These
separate initiatives are analyzing the potential for using existing
commercial software and exploring the possibilities for developing
antifraud software. 

In May 1995, we reported on the potential benefits of HCFA's use of
commercial software to help detect inappropriate medical coding, a
common form of billing abuse.\4 We concluded that HCFA had not kept
pace with private industry's use of such software, and that HCFA's
internal efforts to develop the capability to detect such code
manipulation were limited and unlikely to fully stem the losses being
suffered from these abuses.  We recommended that HCFA require
Medicare carriers to use a commercial system to detect code
manipulation when processing Medicare claims for physicians' services
and supplies. 

Although senior HCFA officials voiced their support for our
recommendation to use modern information technology to strengthen
payment controls, they did not begin to test the feasibility of using
commercial code manipulation-detection software to process Medicare
claims until about a year after we reported on its potential. 
Furthermore, any positive results from this testing are not expected
to be implemented nationally for at least several years.  In the
meantime, hundreds of millions of dollars continue to be lost
annually, some of which could have possibly been saved with timely
implementation of this software. 

In addition to our report on opportunities to use commercial software
to detect billing abuse, we reported in 1995 that new antifraud
systems were available and being used by private insurers, some of
whom were also Medicare carriers.  Concluding that this technology
could possibly complement existing Medicare systems, we recommended
that HHS direct HCFA to develop a plan for implementing antifraud
technology.\5 However, HHS expressed three reservations about
implementing new technology for identifying fraudulent patterns of
behavior in the Medicare program.  First, it said, the technology
might not be applicable in a health insurance setting; second, that
it might require substantial modification; and third, that more
testing would be needed to assess its usefulness in detecting fraud
in Medicare claims data. 

Rather than trying to adopt the commercially available software, HCFA
chose to enter into an agreement that allowed it to explore the
possibility of developing such software.  Specifically, HCFA signed a
2-year, $6-million interagency agreement with the Los Alamos National
Laboratory to assess the potential for identifying patterns of fraud. 
This agreement was recently extended for 3 additional months, until
December of this year. 

As part of this agreement, Los Alamos has developed prototype
approaches to detecting some suspicious part B claims.  These
approaches are currently being tested.  To bring its work to
fruition, the laboratory has submitted a 4-year, $13-million
follow-up proposal to HCFA to use these approaches to design a system
that will detect those and other suspicious claims.  According to
HCFA officials, they have agreed to a 4-year follow-up commitment and
have approved $2.7 million for the fiscal year 1998 work. 

Usable results from this effort appear to be years away because, once
the system's design is complete, HCFA would have to award another
contract to a software developer to create software from the Los
Alamos design.  Further, according to laboratory officials, HCFA will
have to acquire separate computers to implement any Los Alamos-based
fraud detection system because its approaches, which were originally
to become part of MTS, are not designed to be integrated with the
standard part A and part B Medicare claims-processing systems to
which HCFA is now transitioning. 


--------------------
\4 Medicare Claims:  Commercial Technology Could Save Billions Lost
to Billing Abuse (GAO/AIMD-95-135, May 5, 1995).  Code manipulation
occurs when providers submit claims containing an inappropriate
combination of billing codes that can lead to overpayment for the
services provided. 

\5 Medicare:  Antifraud Technology Offers Significant Opportunity to
Reduce Health Care Fraud (GAO/AIMD-95-77, Aug.  11, 1995). 


   STRONG MANAGEMENT ESSENTIAL
   REGARDLESS OF PROJECT DIRECTION
---------------------------------------------------------- Chapter 0:3

HCFA's negative experience with its automation projects represents a
pattern we see throughout the federal sector:  it is weaknesses in
management, not technology itself, that stymie effective systems
development and implementation.  Managing information technology is
not easy.  But the payoffs of success--and the significant cost of
failure, in time and money--demand that agencies implement sound
information technology practices. 

How can agency officials begin implementing such practices?  A good
place to start is with the Clinger-Cohen Act of 1996.  Fueled by a
decade of poor information technology planning and program management
across government, the act sought to strengthen executive leadership
in information management and institute sound investment
decision-making to maximize the return on costly technology
investments.  It is important to note that just as technology is most
effective when it supports defined business needs and objectives,
Clinger-Cohen will be more powerful if it can be integrated with the
objectives of broader governmentwide management reform legislation
that HHS, HCFA's parent department, is also required to implement. 

One such reform is the Paperwork Reduction Act of 1995, which
emphasizes the need for an overall information resources management
strategic planning framework, with information technology decisions
linked directly to mission needs.  Another reform is the Chief
Financial Officers Act of 1990, which requires, among other things,
that sound financial management practices and systems essential for
tracking program costs and expenditures be in place.  Still another
reform is the 1993 Government Performance and Results Act, which
focuses on defining mission goals and objectives, measuring and
evaluating performance, and reporting results.  Together,
Clinger-Cohen and these other laws provide a powerful framework under
which federal agencies have the best opportunity to improve the
management and acquisition of information technology. 

We believe that if properly and fully implemented, the requirements
of Clinger-Cohen and the Paperwork Reduction Act should help HHS and
HCFA make real change and improve the way they acquire information
technology and manage these investments.  These acts emphasize

  -- establishing senior-level chief information officers (CIO),

  -- involving senior executives in information management decisions,
     and

  -- tightening controls over technology spending. 

HCFA has recognized the need to more effectively manage its
information technology acquisitions and has taken several important
steps.  For example, late last year it established a CIO position and
is now reportedly in the final stages of selecting an individual for
the position.  Such a position is essential to ensuring the success
of the agency's information technology initiatives.  HCFA has also
established an information technology investment review board
involving senior executives.  HCFA sees these actions as providing an
integrated process for planning, budget development,
performance-based management, and evaluation of information
technology investments.  We endorse these positive steps. 

However, much remains to be done to ensure that HCFA's
initiatives--or those of any agency--are cost-effective and serve its
mission.  HCFA has not yet implemented our recommendations in
establishing investment processes that will allow it to maximize the
value and manage the risks of its information technology
acquisitions, and tightly control spending.  In HCFA's case,
officials state that establishing investment management practices to
support its recent changes will be an "iterative process" that will
take time. 

To effectively manage as an investment any information technology it
seeks to acquire, an agency--including HCFA--must be structured
organizationally in a way that allows--even promotes--such an
approach.  This means providing a qualified top official with the
authority and accountability to make critical management decisions on
the basis of sound information.  This structure should provide such
information through systematic analyses that predict the kind of
return on investment envisioned, in both a fiscal and technical
sense.  The agency then is obliged to use sound systems-development
practices in managing its automation projects.  Where such management
has not been the norm, both HHS and the Office of Management and
Budget should provide close oversight to ensure swift implementation
of sound information technology management.  Continuing congressional
oversight would further assist in accomplishing this. 


-------------------------------------------------------- Chapter 0:3.1

This concludes my statement.  I would be happy to respond to any
questions you or other Members of the Subcommittee may have at this
time. 


*** End of document. ***