Medicare Improper Payments: Challenges for Measuring Potential Fraud and
Abuse Remain Despite Planned Enhancements (Testimony, 07/12/2000,
GAO/T-AIMD/OSI-00-251).

Pursuant to a congressional request, GAO discussed the Health Care
Financing Administration's (HCFA) efforts to improve the measurement of
improper payments in the Medicare fee-for-service program.

GAO noted that: (1) because it was not intended to include procedures
designed specifically to identify all types of potential fraudulent and
abusive activity, the current methodology does not provide an estimate
of the full extent of improper Medicare fee-for-service payments; (2)
HCFA has initiated three projects designed to further its measurement
efforts which offer some promise for determining the extent of improper
payments attributable to potential fraud and abuse; (3) based on careful
evaluation of their effectiveness, performing additional potential fraud
identification techniques as part of its efforts to measure improper
payments could assist HCFA in arriving at a more comprehensive
measurement and, ultimately, develop cost-effective internal controls to
combat improper payments; and (4) however, no set of techniques, no
matter how extensive, can be expected to measure all potential fraud and
abuse.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  T-AIMD/OSI-00-251
     TITLE:  Medicare Improper Payments: Challenges for Measuring
	     Potential Fraud and Abuse Remain Despite Planned
	     Enhancements
      DATE:  07/12/2000
   SUBJECT:  Program evaluation
	     Health insurance
	     Overpayments
	     Internal controls
	     Program abuses
	     Fraud
	     Cost effectiveness analysis
	     Health insurance cost control
	     Performance measures
	     Claims processing
IDENTIFIER:  Medicare Program
	     Medicare Fee-for-Service Program
	     DOJ Fraud Investigation Database
	     HCFA Comprehensive Error Rate Testing Project
	     HCFA Payment Error Prevention Program
	     HCFA Model Fraud Rate Project
	     Medicare Prospective Payment System

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Testimony.                                               **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************

GAO/T-AIMD/OSI-00-251

   * For Release on Delivery
     Expected at
     10 a.m.

Wednesday,

July 12, 2000

GAO/T-AIMD/OSI-00-251

medicare improper payments

Challenges for Measuring Potential Fraud and Abuse Remain Despite Planned
Enhancements

        Statement of Gloria L. Jarmon

Director, Health, Education, and Human Services Accounting and Financial
Management Issues

Accounting and Information Management Division

Testimony

Before the Task Force on Health, Committee on the Budget, House of
Representatives

United States General Accounting Office

GAO

Mr. Chairman and Members of the Task Force:

I am pleased to be here today to discuss our review of the Health Care
Financing Administration's (HCFA) efforts to improve the measurement of
improper payments in the Medicare fee-for-service program. Identifying the
extent of improper payments and their causes, including those attributable
to potential fraud and abuse, are the first steps toward implementing the
most cost-effective ways to reduce losses. In my statement today, I would
like to share with you the results of our review which is being conducted at
the request of the Chairman of the House Committee on the Budget.

HCFA, an operating division within the Department of Health and Human
Services (HHS), has designated ensuring the integrity of the Medicare
program a top priority. It recognizes that inappropriate payments are a
drain on the program's financial resources- resources intended to provide
essential health care services to millions of elderly and disabled
Americans. In conjunction with its audit of HCFA's annual financial
statements since 1996, the HHS Office of the Inspector General (OIG) has
conducted a nationwide study to estimate Medicare fee-for-service improper
payments. The statistically-projectable results cited in the OIG's study
have provided valuable insights regarding the extent of Medicare
vulnerabilities. Results from the most recent study indicate that, of the
$164 billion in fiscal year 1999 Medicare fee-for-service claim payments, a
projected $13.5 billion were paid improperly for various reasons ranging
from inadvertent errors to outright fraud and abuse. The magnitude of these
estimated losses has led to considerable concern regarding HCFA's efforts to
protect Medicare dollars as well as the need to obtain a better
understanding of the nature and extent of the problems.

The OIG's study was a major undertaking and, as we recently reported, the
development and implementation of the methodology (referred to as "current
methodology") it used as the basis for its estimates represents a
significant step toward quantifying Medicare improper payments. It is
important to note however, that this methodology was not intended to and
would not detect all potentially fraudulent schemes perpetrated against the
Medicare program. Rather, it was designed to provide users of HCFA's
financial statements with an initial estimate of Medicare fee-for-service
claims that may have been paid in error and has served as a performance
measure for the program. However, given the size and complexity of the
Medicare program, the usefulness of this estimate as a tool for targeting
specific corrective actions is limited.

To demonstrate a commitment to improving payment safeguards, in January
2000, HCFA reaffirmed its goal of reducing the Medicare fee-for-service
payment errors to 5 percent or less by the year 2002, about a 3 percent or
$5 billion reduction from fiscal year 1999 levels. However, without
additional information on the extent of improper payments attributable to
potential fraud and abuse, HCFA's ability to fully measure the success of
its efforts remains limited. Accomplishing this goal will depend, in part,
on HCFA's ability to further develop improper payment measures to enable it
to more effectively target specific corrective actions. In response to this
need, HCFA has begun three projects intended to enhance its understanding of
improper payments and help it develop targeted corrective actions.

Given the importance of Medicare to millions of beneficiaries and concerns
about the financial health of the program, you asked us to provide suggested
improvements to assist HCFA in its efforts to further estimate Medicare
improper payments, including potential fraud and abuse. In summary, we
concluded that

   * because it was not intended to include procedures designed specifically
     to identify all types of potential fraudulent and abusive activity, the
     current methodology does not provide an estimate of the full extent of
     improper Medicare fee-for-service payments;
   * HCFA has initiated three projects designed to further its measurement
     efforts which offer some promise for determining the extent of improper
     payments attributable to potential fraud and abuse; and
   * based on careful evaluation of their effectiveness, performing
     additional potential fraud identification techniques as part of its
     efforts to measure improper payments could assist HCFA in arriving at a
     more comprehensive measurement and, ultimately, develop cost-effective
     internal controls to combat improper payments; however, no set of
     techniques, no matter how extensive, can be expected to measure all
     potential fraud and abuse.

We are making recommendations designed to assist HCFA in its efforts to
further enhance its ability to measure the extent of losses emanating from
Medicare fee-for-service payments. Although we believe HCFA's efforts to
measure Medicare fee-for-service improper payments can be further enhanced
with the use of additional fraud detection techniques, we support the
efforts they have taken thus far. Considering the challenges associated with
identifying and measuring improper payments, the projects discussed in our
statement represent important steps toward advancing the usefulness of its
improper payment measurement efforts.

To fulfill our objectives, we analyzed the current methodology and HCFA's
three planned projects related to improper payment measurement; related
documents discussing the methodologies, designs, planned steps, and time
frames for implementation of these initiatives; and relevant HHS OIG and GAO
reports. We also interviewed HCFA officials and recognized experts in health
care and fraud detection in academia, federal and state government, and the
private sector on the various types of improper payments and the techniques
used to identify and measure them. We performed our work from November 1999
through June 2000 in accordance with generally accepted government auditing
standards. See appendix 1 for a more detailed discussion of our objectives,
scope, and methodology.

In my statement today, I will summarize our conclusions and recommendations
regarding

   * the three HCFA projects that have been designed or initiated to measure
     Medicare fee-for-service improper payments;
   * how such projects will potentially enhance HCFA's ability to
     comprehensively measure improper payments, including those attributable
     to potentially fraudulent and abusive provider practices based on the
     extent to which effective techniques used to detect common types of
     potential fraud and abuse are included in their design; and
   * actions HCFA should take to further enhance its efforts to measure the
     extent of improper Medicare fee-for-service payments and help HCFA
     better develop targeted corrective actions.

But, first I would like to begin with some relevant background about HCFA,
the Medicare program, and the vulnerabilities of the Medicare program to
fraud and abuse.

Medicare Is Vulnerable to Fraudulent and Abusive Activity

With total benefit payments of $201 billion in fiscal year 1999, Medicare
enrollment has doubled since 1967 to nearly 40 million beneficiaries today.
Beneficiaries can elect to receive Medicare benefits through the program's
fee-for-service or managed care options. With benefit payments of
$164 billion in fiscal year 1999 and about 85 percent of participating
beneficiaries, the fee-for-service option represents the most significant
part of the program. The managed care option accounts for the remaining $37
billion and 15 percent of participating beneficiaries. The program is
comprised of two components. Hospital Insurance or Medicare Part A covers
hospital, skilled nursing facility, home health, and hospice care.
Supplementary Medical Insurance, also known as Part B, covers physician,
outpatient hospital, home health, laboratory tests, durable medical
equipment (DME), designated therapy services, and some other services not
covered by Part A.

HCFA's administration of the Medicare fee-for-service program is
decentralized. Each year, about 1 million providers enrolled in the program
submit about 900 million claims to about 56 Medicare contractors for
payment. The bulk of the claims are submitted electronically and never touch
human hands during the entire computer processing and payment cycle.

Ensuring the integrity of the Medicare fee-for-service program is a
significant challenge for HCFA and its Medicare claims processing
contractors and Peer Review Organizations (PROs). They are HCFA's front line
defense against inappropriate payments including fraud and abuse and should
ensure that the right amount is paid to a legitimate provider for covered
and necessary services provided to eligible beneficiaries. Except for
inpatient hospital claims, which are reviewed by the PROs, Medicare
contractors perform both automated and manual prepayment and postpayment
medical reviews of Medicare claims. Various types of pre- and postpayment
reviews are available to contractors to assess whether claims are for
covered services that are medically necessary and reasonable. These include
automated reviews of submitted claims based on computerized edits within
contractors' claims processing systems, routine manual reviews of claims
submitted, and more complex manual reviews of submitted claims based on
medical records obtained from providers.

Reliance on postpayment utilization and medical record reviews to detect
potential fraud and abuse has created opportunities for unscrupulous
providers and suppliers to defraud the program with little fear of prompt
detection. For example, a few providers-subjects of past health care fraud
investigations in which they have pled guilty to or have been indicted for
criminal charges-had set up store-front operations and fraudulently obtained
millions of dollars from Medicare before their billing schemes were detected
through postpayment reviews. HCFA is moving toward more extensive use of
prepayment reviews, but contractors' efforts to prevent and detect improper
payments are challenged due to the sheer volume of claims they are required
to process and the need to pay providers timely. The program's
vulnerabilities have been compounded by the emergence of some organized
groups of criminals who specialize in defrauding and abusing Medicare, which
has led to an array of fraudulent schemes that are diverse and vary in
complexity. For example, based on our recent review of seven investigations
of fraud or alleged fraud, we reported that the criminal groups involved had
created as many as 160 sham medical entities-such as medical clinics,
physician groups, diagnostic laboratories, and durable medical equipment
companies-or used the names of legitimate providers to bill for services not
provided.

Medicare contractors and PROs are identifying thousands of improper payments
each year due to mistakes, errors, and outright fraud and abuse. They refer
the most flagrant cases of potential fraud and abuse to the OIG and
Department of Justice (DOJ) so they can investigate further, and if
appropriate, pursue criminal and civil sanctions. HCFA tracks the cases
referred by Medicare contractors and PROs to the OIG and DOJ in its Fraud
Investigation Database (FID). Figure 1 shows the six most common types of
potential fraud and abuse cases in the FID and the relative frequency of
these cases. Definitions of these common types of fraud and abuse and
examples are provided in appendix 2 to this testimony.

Figure 1: Fraud Investigation Database Statistics for Cases Referred, 1993
to April 2000

We were unable to assess the level of actual or potential program losses for
the different types of potential fraud or abuse due to the limited financial
data in the FID. However, HCFA officials told us that while more complex
types of fraud or abuse, such as fraudulent cost reporting and kickback
arrangements may be less frequent than other types, such cases often involve
significantly greater losses.

Efforts to Measure Potential Fraud and Abuse Rely on Effective Use of
Diverse Techniques

Given the broad nature of health care fraud and abuse, efforts to measure
its potential extent should incorporate carefully selected detection
techniques into the overall measurement methodology. With billions of
dollars at stake, health care fraud and abuse detection has become an
emerging field of study among academics, private insurers, and HCFA
officials charged with managing health care programs. A variety of methods
and techniques are being utilized or suggested to improve efforts to uncover
suspected health care fraud and abuse. Such variety is needed because one
technique alone may not uncover all types of improper payments.

Although the vast majority of health care providers and suppliers are
honest, unscrupulous persons and companies can be found in every health care
profession and industry. Further, fraudulent schemes targeting health care
patients and providers have occurred in every part of the country and
involve a wide variety of medical services and products. Individual
physicians, laboratories, hospitals, nursing homes, home health care
agencies, and medical equipment suppliers have been found to perpetrate
fraud and abuse.

Fraud and abuse detection is not an exact science. No matter how
sophisticated the techniques or the fraud and abuse audit protocols, not all
fraud and abuse can be expected to be identified. However, using a variety
of techniques holds more promise for estimating the extent of potentially
fraudulent and abusive activity and also provides a deterrent to such
illegal activity. Health care fraud experts and investigators have
identified techniques that can be used to detect fraudulent and abusive
activity. According to OIG officials, these techniques are performed by
Medicare contractor fraud units to detect potential fraud and abuse. Table 1
summarizes the most promising techniques they identified along with some of
their limitations.

Table 1: Techniques for Detecting Potential Fraud and Abuse
 Medical record review: Doctors and nurses review medical records to assess
 whether the services billed were allowable, reasonable, medically
 necessary, adequately documented, and coded correctly in accordance with
 Medicare reimbursement rules and regulations.

 Limitations: Medical reviews may not uncover services that have not been
 rendered or billing for more expensive procedures when the medical records
 have been falsified to support the claim.
 Beneficiary contact: Verify that the services billed were actually
 received through contacting the beneficiary either in person or over the
 phone, or by mailing a questionnaire.

 Limitations: Beneficiary may be difficult to locate and not be fully aware
 of, or understand the nature of, all services provided. Contact may not
 reveal collusion between the beneficiary and provider to fraudulently bill
 for unneeded services or services not received. In some instances, medical
 necessity and quality of care may be difficult to judge.
 Provider contact: Visit provider to confirm that a business actually
 exists, that the activity observed supports the number of claims being
 submitted by the provider, and that medical records and other
 documentation support the services billed.

 Limitations: Provider contact may not reveal collusion between the
 provider and beneficiary to fraudulently bill for unneeded services or
 services not rendered. In some instances, medical necessity and quality of
 care may be difficult to judge.
 Data analysis: Examine provider and beneficiary billing histories to
 identify unusual or suspicious claims. Provider focused data analysis
 attempts to identify unusual billing, utilization, and referral patterns
 relative to a provider's peer group. Beneficiary focused data analysis
 looks for unusual treatment patterns such as visiting several different
 providers for the same ailment or claims for duplicate or similar
 services.

 Limitations: Data analysis may only identify the most flagrant cases of
 potential fraud and abuse because it relies on detecting unusual patterns
 relative to the norm. Application of additional techniques may be
 necessary to assess the appropriateness of unusual patterns identified.
 Third party contact/confirmation: Validate information relied on to pay
 claims with third parties to assist in identifying potential fraud and
 abuse. For example, verify that a provider is qualified to render medical
 services to Medicare beneficiaries through contacting state licensing
 boards or other professional organizations. Also, other entities, such as
 employers, private insurers, other governmental agencies (e.g., Internal
 Revenue Service, Social Security Administration, state Medicaid agencies)
 and law enforcement authorities represent valuable sources in determining
 the validity of claim payments when the reliability of data from primary
 sources (e.g., claims data, beneficiaries, and providers) is questionable.

 Limitations: Does not address utilization patterns, whether services were
 rendered, the need for services, or quality of services.

Consequently, health care experts and investigators also told us that
effective detection of potential fraud and abuse necessarily involves the
application of several of these techniques and considerable analysis,
especially for the more sophisticated types of billing schemes and kickback
arrangements. In addition, data on fraud referrals contained in the FID
indicate that information necessary for identifying potential Medicare fraud
and abuse comes from a variety of sources, as shown in figure 2. In
particular, these data and the fraud experts we spoke with suggest that
Medicare beneficiaries represent a valuable source for detecting certain
types of potential fraud and abuse, especially services not rendered. HCFA
officials told us that beneficiary complaints stem largely from the
beneficiaries' review of their explanation of Medicare benefit (EOMB)
statements received after health services and supplies are provided. These
findings suggest that potential fraud and abuse can only be comprehensively
measured by effectively applying a variety of investigation techniques using
a variety of sources.

Figure 2: Sources of Common Fraud and Abuse Referrals, 1993 to April 2000

Notes:

Beneficiary: A person eligible to receive Medicare payment or services. This
category includes beneficiary telephone, walk-in, and written complaints.

Referral: A formal submission of a case by various federal investigators
(for example, Federal Bureau of Investigations, Office of Inspector General,
and Health Care Financing Administration).

Provider: Persons or entities, including their employees and former
employees, who provide health care services or supplies to Medicare
beneficiaries.

Fraud Unit: Individuals responsible for preventing, detecting, and deterring
Medicare fraud and abuse. Such a unit is located at each HCFA contractor.

Other contractor/PRO: In addition to fraud units, Medicare contractor
medical review, claims processing, and audit units perform a broad range of
activities in the identification of fraud, including reviews of submitted
claims and medical records by medical professionals to assess whether
services billed were allowed, medically necessary, adequately documented,
and coded correctly in accordance with Medicare requirements. In addition,
audits of provider cost reports are performed to determine the
appropriateness of costs reimbursed in connection with the cost report
settlement process.

Other: In addition to the sources listed above, referrals of fraud and abuse
cases are sometimes generated based on leads obtained via calls made to the
OIG Hotline, from media sources, or other anonymous sources. The OIG Hotline
allows employees and the public to directly report allegations or provide
information regarding problems of possible waste, mismanagement, and abuse
in the Medicare program.

Source: Prepared by GAO from data in HCFA's FID and interviews with HCFA and
contractor officials. We did not independently verify information contained
in HCFA's FID.

Planned HCFA Projects Will Provide Some Improvements

Current Methodology Not Designed to Measure the Full Extent of Potential
Fraud and Abuse

The primary purpose of the current methodology is to provide an estimate of
improper payments that HCFA can use for financial statement reporting
purposes, and it has served as a performance measure. The OIG is responsible
for overseeing the annual audit of HCFA's financial statements, as required
by the Chief Financial Officers Act of 1990 as expanded by the Government
Management Reform Act of 1994. The current methodology has identified
improper payments ranging from inadvertent mistakes to outright fraud and
abuse. However, specifically identifying potentially fraudulent and abusive
activity and quantifying the portion of the error rate attributable to such
activity has been beyond the scope of the current methodology.

The focus of the current methodology is on procedures that verify that the
claim payments made by Medicare contractors were in accordance with Medicare
laws and regulations. The primary procedures used are medical record reviews
and third party verifications. Medical professionals working for Medicare
contractors and PROs review medical records submitted by providers and
assess whether the medical services paid for were allowable, medically
necessary, accurately coded, and sufficiently documented. OIG staff perform
various procedures including third party verifications to ensure that health
care providers are in "good standing" with state licensing and regulatory
authorities and are properly enrolled in the Medicare program. They also
verify with the Social Security Administration (SSA) that the beneficiaries
receiving the services were eligible for them.

The OIG reported that the medical reviews conducted in the current
methodology have been the most productive technique for identifying improper
payments-detecting the overwhelming majority of the improper payments
identified. According to OIG officials, medical reviews have led to some
major prosecutions. In addition, some of the health care fraud experts we
talked with stated that such medical reviews are most effective in detecting
unintentional errors. However, they also told us that medical reviews are
less effective in identifying potentially fraudulent and abusive activity
because clever providers can easily falsify supporting information in the
medical records to avoid detection.

With respect to identifying potentially fraudulent or abusive activities,
OIG officials indicated that medical reviews performed during the current
methodology have resulted in referrals to its Investigations Office.
However, they acknowledge that the current methodology generally assumes
that all medical records received for review are valid and thus represent
actual services provided. In addition, they agree that additional improper
payments may have been detected had additional verification procedures been
performed, such as (1) confirming with the beneficiary whether the services
or supplies billed were received and needed and
(2) confirming the nature of services or supplies provided through on-site
visits and direct contact with current or former provider employees.
Recognizing the potential for abuse based on past investigations-such as
falsified certificates of medical necessity or where beneficiaries are not
"homebound", a requirement for receiving home health benefits-the OIG has
included face-to-face contact with beneficiaries and providers when
reviewing sampled claims associated with home health agency services.
Further, during the course of our review, OIG officials stated that they
will conduct beneficiary interviews when reviewing DME claims selected in
its fiscal year 2000 study. However, according to OIG officials, they have
not extended this or certain other techniques to the other numerous types of
claims included in its annual review because they consider them costly and
time-consuming.

Accordingly, the OIG recognizes that the current methodology does not
estimate the full extent of Medicare fee-for-service improper payments,
especially those resulting from potentially fraudulent and abusive activity
for which documentation, at least on the surface, appears to be valid and
complete. In fact, the OIG testified that its estimate of improper payments
did not take into consideration numerous kinds of outright fraud such as
phony records or kickback schemes. To identify potential fraud, the OIG also
relies on tips received from informants and other investigative techniques.

A secondary benefit that has been derived from the current methodology is
that it has prompted HCFA into developing additional strategies, as we
discuss later, for reducing the types of improper payments identified.
However, HCFA is limited in developing specific corrective actions to
prevent such payments because the current methodology only produces an
overall national estimate of improper payments. Having the ability to
pinpoint problem areas by geographic areas below a national level (referred
to as subnational), Medicare contractors, provider types, and services would
make improper payment measures a more useful management tool.

HCFA Projects Enhance Error Rate Precision and Some Potential Fraud and
Abuse Detection Capabilities

HCFA has two projects that center on providing it with the capability of
producing improper payment rates on a subnational and provider type
basis-the Comprehensive Error Rate Testing (CERT) project and the
surveillance portion of the Payment Error Prevention Program (PEPP). These
projects are designed to improve the precision of future improper payment
estimates and provide additional information to help develop corrective
actions. However, since the methodologies associated with the CERT and PEPP
projects incorporate techniques for identifying improper payments that are
similar to those used in the current methodology, the extent to which these
two projects will enhance HCFA's potential fraud and abuse measurement
efforts is limited.

HCFA has a third project in the concept phase that will test the viability
of using a variety of investigative techniques to develop a potential fraud
rate for a specific geographic area or for a specific benefit type. This
project, called the Model Fraud Rate Project (MFRP), provides HCFA the
opportunity to pilot test more extensive detection techniques that, if
effective, could be incorporated into the other measurement methodologies to
improve the measurement and, ultimately, prevention of potential fraudulent
and abusive activity. Table 2 compares the scope and potential fraud and
abuse detection capabilities of the current methodology to the HCFA
projects.

Table 2: Comparison of HCFA Efforts to Measure Medicare Improper Payments

                                   Comprehensive Error    Payment Error         Model Fraud Rate
                                                          Prevention
            Current methodology    Rate Testing           Program/Surveillance  Project
                                   (CERT)                                       (MFRP)
                                                          (PEPP)
               * First national
                 statistically
                 valid estimate
                 for all types of
                 fee-for-service      * Test procedures                            * Pilot study to
                 claims,                expected to be                               develop a
                 beneficiaries,         similar to        Designed to estimate       model fraud
                 and providers          current           payment error rates        rate
               * Includes tests         methodology       for inpatient            * Scope focused
                 for:                 * Independent       Prospective Payment        on specific
                                        medical review    System (PPS) claims
                                                                                     benefit or
               * medical necessity    * Larger sample and by state                   geographic
                 and                    on-going                                     area
                 reasonableness         reporting         Larger sample and        * Fraud
               * proper                 improves          frequent reporting         investigative
                 documentation,         analyses/utility  designed to improve        techniques
               * proper coding,                           analyses and               will be used:
               * provider             * Statistically     targeting of
 Key design      eligibility,           valid national    integrity efforts        * beneficiary
 attributes    * determination of       error rates by                               contact,
                 whether providers      contractor,       Tests focus on:          * medical
                 are subject to         provider type,                               records
                 current sanctions      benefit category, medical necessity and      review,
                 or                     and claims        reasonableness,          * provider and
                 investigations,        processing,                                  beneficiary
               * beneficiary          * Trend analysis to unnecessary                profiling,
                 eligibility,           assist in         admissions,              * investigation
               * duplicate              targeting of                                 of complaints
                 payments,              integrity         incorrect diagnostic
               * Medicare as            efforts,          coding,                  * Results to be
                 secondary payer                                                     categorized
                 (MSP) compliance,    * Potential         some quality of care       under fraud
               * compliance with        platform for      measures                   types and
                 pricing,               testing claims                               causes
                 deductible, and        software
                 coinsurance
                 rules, & other
                 selected rules
               * Significant
                 reliance on the
                 integrity of
                 medical records
                                                                                Plan for
 Limitations   * Lacks                                                          comprehensive
 for             provider-focused                            * Similar to       nationwide study
 detecting       data analysis     Similar to current          current          evolving
 potential       during testing    methodology                 methodology
 fraud and     * Limited provider                            * Scope limited to Limited provider or
 abuse           or beneficiary                                inpatient PPS    third party
                 validation
               * Not designed to                                                validation
                 identify certain
                 types of fraud or
                 abuse
                                                                                Concept currently
                                   Contract awarded 5/00  Contracts completed   under development
                                                          3/00
 Status        * Fourth annual     Phased implementation                        Pilot testing
                 review completed                         Baseline error rates
                                   designed to be                               projects designed
                                   completed by 10/2001   and first quarterly   to be implemented
                                                          report due by 9/00
                                                                                by 10/2000
                                   Base year $2 million
 Costs         * 1999 review $4.7  plus                   $7.5 million annually Not yet determined
                 million           $4 million annually
                                   thereafter

The CERT project focuses on reviewing a random sample of all Part A and B
claims processed by Medicare contractors each year except inpatient
Prospective Payment System (PPS) hospital claims. It involves the review of
a significantly larger random sample of claims and thus, according to HCFA
officials, allowing HCFA to project subnational improper payment rates for
each Medicare contractor and provider type. It is the largest of the
projects and is undergoing a phased implementation with a scheduled
completion date of October 2001. In addition to developing subnational error
rates, HCFA officials stated that the CERT project will also be used to
develop performance measures that will assist HCFA in monitoring contractor
operations and provider compliance. For example, CERT is designed to produce
a claim processing error rate for each contractor that will reflect the
percentage of claims paid incorrectly and denied incorrectly, and a provider
compliance rate that indicates the percentage of claims submitted correctly.

The PEPP project is similar to the CERT project and is designed to develop
payment error rates for the Part A inpatient PPS hospital claims not covered
by CERT. PEPP is designed to produce subnational error rates for each state
and for each PRO area of responsibility. Claim reviews under PEPP are
designed to be continuous in nature with results reported quarterly. HCFA
officials stated that the project is the furthest along in implementation,
with the first quarterly reports expected in September 2000. The contractors
and PROs implementing the project are expected to identify the nature and
extent of payment errors for these inpatient claims and implement
appropriate interventions aimed at reducing them.

After their full implementation, HCFA intends to develop a national improper
payment rate by combining the results of the CERT and PEPP projects. This
rate will be compared to the rate produced by the current methodology to
identify, and research reasons for, any significant variances among results.
While the national estimate will continue to provide valuable information
concerning the extent of improper payments, HCFA officials state that the
availability of reliable estimates at the subnational levels contemplated by
these efforts will greatly enhance the usefulness of these estimates as
management tools.

While enhancing the precision of improper payment estimates will offer a
richer basis for analyzing causes and designing corrective actions,
conceptually, the MFRP holds the most promise for improving the measurement
of potential fraud and abuse. However, the Medicare contractor assisting
HCFA in developing this project is dropping out of the Medicare program in
September 2000 and has ceased work on the project. Efforts to date have
focused on developing a potential fraud rate for a specific locality and
specific benefit type; however, HCFA intends to eventually expand the scope
of the project to provide a national potential fraud rate. As currently
conceived, the project involves studying the pros and cons of using various
investigative techniques, such as beneficiary contact, to estimate the
occurrence of potential fraud. HCFA officials informed us that before the
contractor ceased work on this project, it conducted a small pilot test
using beneficiary contact as a potential fraud detection technique that
identified some of the challenges HCFA will face in implementing this
technique. The results of the test are discussed later.

HCFA is seeking another contractor to take over implementation of the
project. The contractor eventually selected will be expected to produce a
report that identifies the specific potential fraud and abuse identification
techniques used, the effectiveness of the techniques in identifying
potential fraud and abuse, and recommendations for implementing the
techniques nationally. The contractor will also be expected to develop a
"how to manual" that Medicare contractors and other HCFA program safeguard
contractors (PSC) can use to implement promising techniques. HCFA officials
stated that promising techniques identified through MFRP could also be
exported to the CERT and PEPP projects and the current methodology to
enhance national and subnational estimates of potential fraud and abuse over
time.

Expanding the Scope of the HCFA Projects Could Enhance Measurement of
Potential Fraud and Abuse

Contacting beneficiaries and checking providers are valuable investigative
techniques used to develop potential fraud and abuse cases. For example,
California officials recently visited all Medicaid Durable Medical Equipment
(DME) suppliers as part of a statewide Medicaid provider enrollment effort
and found that 40 percent of the dollars paid to the suppliers was
potentially fraudulent. The on-site visits not only helped to identify the
fraudulent activity, but also to obtain sufficient evidence to support
criminal prosecutions for fraud.

Table 3: Methodologies for Estimating Medicare Improper Payments
Identification elements
                            Key               Current
                            characteristics   methodology  CERT       PEPP      MFRP

                            Scope -                        Nationwide Nationwide
                                              Nationwide   a          a
 Measurement elements                                                           Evolving b
                               * Geographical
                               * Claim type   All          All but    Inpatient
                                                           Inpatient  only
                            Measurement-

                               * Technique    Sampling     Sampling   Sampling  Sampling
                                 used
                               * Annual       5,000 -      100,000+   55,000+   Not yet
                                 claims       8,000                             determined
                                 sample size
                            Classification of
                            errors c          -            -          -         X

                               * Cause        X            X          X         X
                               * Type

                            Claims
                            Validation:

                               * Medical
                                 record and   X            X          X         X
                                 claims
                                 processing
                                 review

                               * Beneficiary
                                 contact      - d          - d        -         X

    * Provider/Supplier
      contact e             - d               -            -          -

    * Third party
      contact/confirm-ation X                 -            -          -
      f

    * Data analysis g
                            -                 -            -          X
    * Provider focused h
    * Beneficiary focused   X                 -            -          X

Legend: X Element included - Element not included

aThe CERT and PEPP projects also provide for estimates of improper payments
at the subnational and provider type levels.

bThe scope of the MFRP is still conceptual. Efforts to date have focused on
developing a potential fraud rate for specific benefit types and specific
localities and to eventually expand efforts to provide a national rate.

cErrors can be classified in many ways; table 3 shows two types of
categories. For example, cause classifications may include inadvertent
billing errors or possible fraud and abuse errors. Type categories may
include documentation errors or lack of medical necessity errors.

dMethodology includes face-to-face contact with beneficiaries and providers
for home health agency claims only.

eOther than requests for medical records.

fThird party contact/confirmation, for example, may include contact with
state licensing boards or other professional organizations to verify
provider standing. This example represents only one of the numerous methods
of utilizing third party confirmation to identify improper payments

gSee table 1 for a discussion of data analysis techniques for detecting
potential fraud and abuse.

hOIG officials recently told us that each year at the end of the their
review, after all data has been entered in their national database, they
profile each provider type in the claims sample.

Including an assessment of the likely causes of specific payment errors
could help HCFA better develop effective strategies to mitigate them. The
current methodology classifies errors by type, such as lack of documentation
or medically unnecessary services, which is used to show the relative
magnitude of the problems. Knowing the relative magnitude of a problem
offers perspective on what issues need to be addressed. For example, based
on its review of errors identified in the current methodology, HCFA recently
issued a letter to physicians emphasizing the need to pay close attention
when assigning Current Procedural Terminology (CPT) codes and billing
Medicare for two closely related, yet differing, types of evaluation and
management services.

Further analysis of identified improper payments that provide additional
insights into possible root causes for their occurrence is essential for
developing effective corrective actions. For example, if errors are
resulting from intentionally abusive activity, specific circumstances or
reasons that permit the abuse to be perpetrated can be analyzed to develop
and implement additional prepayment edits to detect and prevent their
occurrence. In this regard, GAO has long advocated enhancing automated
claims auditing systems to more effectively detect inappropriate payments
due to inadvertent mistakes or deliberate abuse of Medicare billing systems.
Also, developing or strengthening specific enforcement sanctions offer an
additional tool to deter providers or suppliers from submitting
inappropriate claims.

Likewise, numerous individuals and entities are involved throughout the
entire Medicare claims payment process, including providers, suppliers,
employees (caregivers, clerical, and management), Medicare claims processing
contractors, HCFA, beneficiaries (and their relatives), and others.
Interestingly, in its review of Illinois Medicaid payments, the Illinois
Department of Public Aid (IDPA) determined that over 45 percent of the
errors it identified were inadvertent or caused by the IDPA itself during
the process of approving services or adjudicating claims, and that 55
percent appeared to be caused by questionable billing practices. IDPA
officials told us that having a clear understanding of the root causes for
these errors has been instrumental in developing effective corrective
actions. Similarly, attributing the causes of Medicare fee-for-service
improper payments to those responsible for them could provide HCFA with
useful information for developing specific corrective actions.

Certain third party validation techniques are included and have been
successfully implemented in the current methodology. For example, OIG staff
confirm a provider's eligibility to bill the Medicare program by contacting
state licensing boards to ensure that the doctors billing Medicare have
active licenses. They also verify that beneficiaries are eligible to receive
medical services under the Medicare program with the SSA. However, as
currently conceived, none of the HCFA projects include third party contact
as a potential fraud detection technique.

Implementing More Aggressive Fraud Detection Techniques Will Require Careful
Study and Additional Resources

   * The initial contractor for the MFRP conducted a small pilot test using
     beneficiary contact to verify Medicare billed services and found that
     making contact was more difficult than anticipated. Telephone contact
     was the most cost-effective approach for contacting beneficiaries, but
     the contractor could only reach 46 percent of them due to difficulty in
     obtaining valid phone numbers and difficulty in actually talking to the
     beneficiary or his or her representative once a valid number was
     located. Using more costly and time-consuming approaches, such as
     mailing written surveys and conducting face-to-face interviews only
     increased the success rate to 64 percent. To maximize the effectiveness
     of these alternative approaches, the contractor noted that it was
     important to obtain valid addresses and ensure that the written survey
     instrument was concise, easy to understand, and complete for
     beneficiaries to take the time to respond.
   * The state of Texas experienced similar difficulties contacting Medicaid
     recipients in a recent statewide fraud study. Telephone numbers for
     more than half of the 700 recipients that the state attempted to
     contact were not available or were incorrect. The state attempted to
     make face-to-face contact if telephone contact was not possible, and by
     the study's end, over 85 percent of the recipients were contacted. The
     state concluded that contacting a recipient by telephone is the only
     cost-effective way to verify that services had been delivered. It also
     found that delays in making contact could impact the results since
     recipients' ability to accurately recall events appeared to diminish
     over time.
   * For the Illinois Medicaid study, the IDPA found other problems in using
     beneficiary contact as a detection technique in the payment accuracy
     study of its program. Department investigators met with almost 600
     recipients or their representatives to verify that selected medical
     services had been received. The investigators found that while
     recipient interviews were an overall useful step in the study's
     methodology, they did not always produce the desired results. For
     example, investigators found cases where caretaker relatives could not
     verify the receipt of services. They also found other cases where
     recipients were unaware of the services received, such as lab tests, or
     could not reliably verify the receipt of services because they were
     mentally challenged.

Illinois officials involved with implementing the Medicaid study told us
that direct provider contact is also challenging. For example, an important
consideration is whether or not to make unannounced visits. According to the
Illinois officials, unannounced visits can be disruptive to medical
practices and inappropriately harm the reputations of honest providers by
giving patients and staff the impression that suspicious activities are
taking place. Announced visits, on the other hand, can give the provider
time to falsify medical records, especially if they know which medical
records are going to be reviewed. The Illinois officials resolved this
dilemma by announcing visits two days in advance and requesting records for
50 recipients so it would be difficult for the provider to falsify all the
records on such short notice.

Data on fraud referrals included in HCFA's FID indicates that health care
providers and beneficiaries represent important sources for identifying
improper payments, particularly for certain types of potential fraud and
abuse. Moreover, the application of more extensive fraud detection
techniques into efforts to measure improper payments will require their
cooperation. Our discussions with patient and health care provider advocacy
groups indicated they may oppose the application of more extensive detection
techniques due to concerns with violating doctor-patient confidentiality,
protecting the privacy of sensitive medical information, and added
administrative burdens. For example, officials from the Administration on
Aging, an HHS operating division, told us that they discourage elders from
responding to telephone requests for medical and other sensitive
information. Similarly, the American Medical Association and American
Hospital Association emphasize the adverse impact that meeting what they
consider to be complex regulations and responding to regulatory inquiries
has on health care providers' ability to focus on meeting patient needs.
They also voiced concerns with the added cost that would have to be absorbed
by providers to comply with even more requests for medical information in an
era of declining Medicare reimbursements. Further, some of the health care
experts we talked with cautioned that there are practical limits to the
amount of potentially fraudulent and abusive activity that can be measured.
These experts emphasize that no set of techniques, no matter how extensive,
can be expected to identify and measure all potential fraud and abuse.

In addition to beneficiary and provider contact, the health and fraud
experts we spoke with told us that validating the information that Medicare
contractors are relying on to pay claims, including provider and supplier
assertions concerning the appropriateness of those claims, with third
parties could also help to identify potential fraudulent or abusive
activity. The current methodology incorporates such procedures to confirm
providers' current standing with state licensing authorities and
beneficiaries' eligibility status with SSA. Other sources-such as
beneficiary employers, beneficiary relatives or personal caregivers, State
Medicaid agencies, and employees of providers and suppliers-could also offer
useful information for assessing the appropriateness of claims. However,
determining the appropriate nature and extent of third party verification
procedures to incorporate into efforts to measure improper payments should
be considered carefully. Excluding third party verification efforts, and
therefore placing greater reliance on the accuracy of data developed
internally or provided independently, should be based on risks determined
through analysis of reliable indicators.

The Comptroller General's Standards for Internal Control in the Federal
Government stresses the importance of performing comprehensive risk
assessments and implementing control activities, including efforts to
monitor the effectiveness of corrective actions to help managers
consistently achieve their goals. While the annual cost of the current
methodology and the HCFA projects involve several million dollars, these
efforts represent a needed investment toward avoiding significant future
losses through better understanding the nature and extent of improper
payments-including potential fraud and abuse. As shown in table 2, the
current methodology costs $4.7 million, not counting the cost of medical
review staff time at contractors. PEPP is estimated to cost $7.5 million
annually, and CERT costs are expected to be over $4 million annually once
fully implemented. While these may seem to be expensive efforts, when
considered in relation to the size and vulnerability of the Medicare program
and the known improper payments that are occurring, they represent prudent,
needed outlays to help ensure program integrity.

In our recent report on improper payments across the federal government, we
discussed the importance of ascertaining the full extent of improper
payments and understanding their causes to establish more effective
preventive measures and to help curb improper use of federal resources.
However, as we recently testified, HCFA's ability to protect against fraud
and abuse depends on adequate administrative funding. Therefore, in
developing effective strategies for measuring improper payments,
consideration of the most effective techniques to apply in the most
efficient manner is essential to maximize the value of administrative
resources. While HCFA faces significant challenges for ensuring the
integrity of the Medicare fee-for-service program, importantly, HCFA can use
the results of these efforts to more effectively assess corrective actions,
target high-risk areas, and better meet its role as steward of Medicare
dollars.

MFRP Holds Some Promise for Advancing Potential Fraud and Abuse Management

HCFA plans to expand its efforts to measure Medicare improper payments by
assessing the usefulness of performing additional fraud detection techniques
with the MFRP. Meanwhile, since the current methodology and the CERT and
PEPP projects do not incorporate the use of some techniques considered
effective in identifying potential fraud and abuse, HCFA's ability to fully
measure the success of its efforts to reduce fraud and abuse remains
limited.

Health care fraud experts told us that the ability of these projects to
measure potential fraud and abuse are somewhat dependent on the nature,
extent, and level of fraud sophistication that may be involved. For example,
the introduction of beneficiary contact, in conjunction with other
techniques, should improve the ability to determine whether services were
actually rendered. However, if the beneficiary is a willing participant in
the potential fraud and abuse scheme, these additional techniques may not
lead to an accurate determination.

Conclusions

Recommendations

To improve the usefulness of measuring Medicare fee-for-service improper
payments, including those attributable to potential fraud and abuse, we
recommend that the HCFA Administrator take the following actions:

   * Experiment with incorporating additional techniques for detecting
     potential fraud and abuse into methodologies used to identify and
     measure improper payments and then evaluate their effectiveness. In
     determining the nature and extent of additional specific procedures to
     perform, the overall measurement approach should (1) recognize the
     types of fraud and abuse perpetrated against the Medicare program, (2)
     consider the relative risks of potential fraud or abuse that stem from
     the various types of claims, (3) identify the advantages and
     limitations of common fraud detection techniques and use an effective
     combination of these techniques to detect improper payments, and (4)
     consider, in consultation with advocacy groups, concerns of those
     potentially affected by their use, including beneficiaries and health
     care providers.
   * Include in the methodologies' design, sufficient scope and evaluation
     to more effectively identify underlying causes of improper payments,
     including potential fraud and abuse, to develop appropriate corrective
     actions.

Mr. Chairman this concludes my statement. I would be happy to answer any
questions you or other Members of the Task Force may have.

Contact and Acknowledgments

Appendix I

Objectives, Scope, and Methodology

Our objective was to identify additional improvements to the Medicare
improper payments measurement projects that were recently designed by HCFA
to further estimate improper payments including potential fraud and abuse.

Through interviews with HCFA Program Integrity Group officials and reviews
of HCFA documentation including program integrity plans, project
descriptions, statements of work, and requests for proposals, we identified
HCFA projects that could improve the measurement of Medicare fee-for-service
improper payments.

Through interviews with health care fraud and investigation experts, we
gained an understanding of the vulnerabilities in the Medicare
fee-for-service program that create opportunities for improper payments,
especially those stemming from fraudulent and abusive activity, and the most
promising detection techniques to identify these payments. Specifically, we
talked with officials from the Department of Health and Human Service's
Office of the Inspector General (OIG) and Office of Investigations (OI),
Department of Justice (DOJ), Federal Bureau of Investigation (FBI), HCFA's
program integrity group, HCFA's Atlanta Regional Office unit specializing in
fraud detection efforts, a Medicare claims processing contractor,
Association of Certified Fraud Examiners, three private health insurance
organizations, National Health Care Anti-Fraud Association (NHCAA), Health
Insurance Association of America (HIAA), three states in connection with
their Medicaid program, and two academicians with notable fraud
investigation experience. We also reviewed various documents including HCFA
and OIG Fraud Alerts, prior GAO, OIG, and other studies on health care fraud
and abuse, particularly those related to the Medicare fee-for-service
program.

We analyzed HCFA's Fraud Investigation Database (FID) to identify the most
common types of potential fraud referred to the OI and DOJ for further
investigation and possible criminal and civil sanctions. We also analyzed
the FID to determine the most frequent sources for identifying potential
fraud. The FID was created in 1995, but has data on fraud referral going
back to 1993. We did not attempt to validate the database.

To assess the potential effectiveness of the techniques planned for the HCFA
projects for identifying improper payments attributable to potential fraud
and abuse, we (1) performed a comparative analysis of common types and
sources of referrals of fraud and abuse occurring in the Medicare program,
the types of techniques identified by investigative experts as most
effective for identifying them, and the extent to which identified
techniques are incorporated in the respective methodologies and (2)
discussed the results of our analysis with officials in HCFA's Program
Integrity Group and OIG.

To gain an understanding of how the implementation of additional procedures
to identify and measure improper payments attributable to potential fraud
and abuse could affect providers, suppliers, and recipients of health care
services and supplies, we interviewed officials from patient and health care
provider advocacy groups, including the American Medical Association,
American Hospital Association, HHS Administration on Aging (AOA), American
Association of Retired Persons (AARP), and the Health Care Compliance
Association (HCCA).

We performed our work from November 1999 through June 2000 in accordance
with generally accepted government auditing standards.

Appendix II

Definitions and Examples of Common Types of Potential Fraud and Abuse
Referrals

Services Not Rendered

As the category indicates, cases involving billing for services not rendered
occur when health care providers bill Medicare for services they never
provided. Potential fraud and abuse is usually detected by statements
received from the provider's patients or their custodians and the lack of
supporting documents in the medical records.

For example, a provider routinely submitted claims to Medicare and CHAMPUS
for cancer care operations for services not rendered or not ordered; upcoded
procedures, as defined below, to gain improper high reimbursement; and
double billed Medicare for certain procedures. As a result of the fraudulent
submissions, the provider allegedly obtained millions of dollars to which
they were not entitled.

Medically Unnecessary Services and Supplies and Overutilization

For example, a provider ordered magnetic resonance imaging tests (MRIs) and
neurological tests which investigators questioned whether the tests were
medically necessary, and whether the neurological tests were actually
performed. Most of the tests were performed on patients who responded to the
provider's advertisements in the yellow pages. After a 5 to 10 minute
consultation, the provider would diagnose almost every patient with the same
disorder - radiculopathy, a disease involving compression of, or injury to
the roots of spinal nerves.

Misrepresentation of Services and Products/Falsifying Certificates of
Medical Necessity (CMNs)/Other Documents

Medicare publishes coverage rules on what goods and services the program
will pay for and under what circumstances it will pay or not pay for certain
goods and services. Providers sometimes bill Medicare, showing a billing
code for a covered item or service when, in fact, a noncovered item or
service was provided. Further, providers sometimes intentionally falsify
statements or other required documentation when asked to support payments
for claimed services or supplies. In particular, investigators have
determined that falsification of CMNs-documents evidencing appropriately
authorized health care professionals' assertions regarding the
beneficiaries' needs for certain types of care or supplies, such as home
health and hospice services or certain durable medical equipment-occur,
providing unscrupulous providers and suppliers additional opportunities to
abuse Medicare.

For example, a provider billed for an orthotic knee brace, when in fact the
provider was providing Medicare beneficiaries with nonelastic compression
garments and leggings. Although knee orthotics are reimbursed by Medicare
and Medi-Cal for a total of over $650 per brace, the nonelastic compression
garment is not reimbursed by Medicare. The total billings totaled
approximately $332,055.

Upcoding

For example, a provider allegedly submitted false claims for services
provided by physicians in training and inflated (upcoded) claims in
connection with patient admissions services. The provider paid the U.S.
Government $825,000 primarily to settle allegations resulting from an audit
performed by the HHS OIG. The audit was triggered by a lawsuit filed by
private citizens as authorized by the False Claims Act (31 U.S.C. sections
3729 -3733).

Fraudulent Cost Reporting

Falsifying any portion of the annual report submitted by all institutional
providers participating in the Medicare program. The report is submitted on
prescribed forms, depending on the type of provider (e.g., hospital, skilled
nursing facility, etc.). The cost information and statistical data reported
must be current, accurate and in sufficient detail to support an accurate
determination of payments made for the services rendered.

For example, a provider billed Medicare for hundreds of thousands of dollars
for personal expenses disguised as legitimate healthcare expenses. The
personal expenses billed included an addition to a private home, vacations,
and beauty pageant gowns. The provider was fined over $500,000 for the
fraudulent billings.

Kickbacks and Accepting/Soliciting Bribes, Gratuities or Rebates

For example, a provider agreed to plead guilty to conspiracy, mail fraud,
and violating the anti-kickback provision and to pay $10.8 million in
criminal fines in connection with its scheme to defraud Medicare. The pleas
relate to kickbacks and false Medicare billings made in connection with the
provider's receipt of fees from another company for the provider's
management of certain home health agencies.

(916363)

        Orders by Internet

For information on how to access GAO reports on the Internet, send an e-mail
message with "info" in the body to:

[email protected]

or visit GAO's World Wide Web home page at:

http://www.gao.gov

        Web site: http://www.gao.gov/fraudnet/fraudnet.htm

E-mail: [email protected]

1-800-424-5454 (automated answering system)
  
*** End of document. ***