Medicaid: HCFA and States Could Work Together to Better Ensure the
Integrity of Providers (Testimony, 07/18/2000, GAO/T-HEHS-00-159).

Pursuant to a congressional request, GAO discussed the Health Care
Financing Administration's (HCFA) efforts to better ensure the integrity
of providers who bill the Medicaid program, focusing on: (1) why it is
important to take steps to ensure that only honest providers bill
federal health care programs; (2) what Medicare is doing to strengthen
its provider enrollment process; (3) what states are doing to ensure
provider integrity in the Medicaid program; and (4) what additional
opportunities exist to improve these efforts.

GAO noted that: (1) with hundreds of millions of claims to process each
year, Medicare and Medicaid must rely in part on provider honesty in
billing; (2) as a result, it is critical to protect program funds by
making efforts to ensure that only legitimate providers bill these
programs; (3) recent incidents of Medicaid fraud perpetrated by
dishonest medical equipment suppliers in California and other cases of
Medicare and Medicaid fraud underscore these programs' vulnerability;
(4) although HCFA has made revamping its provider enrollment process a
priority for Medicare, it has not sought similar efforts in state
Medicaid programs; (5) Medicaid state agencies report differing
practices to ensure provider integrity, with only nine states reporting
that they perform comprehensive provider enrollment activities; (6)
because HCFA is redesigning its Medicare provider enrollment process,
the HCFA Administrator has suggested that developing a joint
Medicare/Medicaid provider enrollment process might be beneficial for
both programs; and (7) thus, HCFA and the states have an additional
opportunity to work together to develop new procedures for Medicaid that
could better ensure provider integrity for both programs while
minimizing the administrative burden and cost.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  T-HEHS-00-159
     TITLE:  Medicaid: HCFA and States Could Work Together to Better
	     Ensure the Integrity of Providers
      DATE:  07/18/2000
   SUBJECT:  Health insurance
	     Health insurance cost control
	     State-administered programs
	     Health care programs
	     Fraud
	     Program abuses
	     Internal controls
	     Claims processing
IDENTIFIER:  Medicaid Program
	     Medicare Program
	     HCFA Comprehensive Plan for Program Integrity
	     HCFA Provider Enrollment Chain and Ownership System
	     Medicaid Management Information Systems
	     HCFA Medicaid Fraud and Abuse National Initiative

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Testimony.                                               **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************

GAO/T-HEHS-00-159

   * For Release on Delivery
     Expected at 10:00 a.m.

Tuesday, July 18, 2000

GAO/T-HEHS-00-159

MEDICAID

HCFA and States Could Work Together to Better Ensure the Integrity of
Providers

        Statement of Leslie G. Aronovitz, Associate Director

Health Financing and Public Health Issues

Health, Education, and Human Services Division

Testimony

Before the Subcommittee on Oversight and Investigations, Committee on
Commerce, House of Representatives

United States General Accounting Office

GAO

Medicaid: HCFA and States Could Work Together to Better Ensure the Integrity
of Providers

Mr. Chairman and Members of the Subcommittee:

We are pleased to be here as you discuss efforts to better ensure the
integrity of providers who bill the Medicaid program. In the past, we have
reported to the Congress that scrutinizing providers more rigorously before
they begin billing the federal government's two major health care programs,
Medicare and Medicaid, is an extremely important means of protecting program
funds and beneficiaries. In fiscal year 2001, federal funding of Medicare
and Medicaid is projected to reach about $342 billion.

My remarks today will focus on (1) why it is important to take steps to
ensure that only honest providers bill federal health care programs, (2)
what Medicare is doing to strengthen its provider enrollment process, (3)
what states are doing to ensure provider integrity in the Medicaid program,
and (4) what additional opportunities exist to improve these efforts. My
comments are based on our past work and work we are now conducting for the
Commerce Committee on state fraud and abuse control efforts in the Medicaid
program.

In brief, with hundreds of millions of claims to process each year, Medicare
and Medicaid must rely in part on provider honesty in billing. As a result,
it is critical to protect program funds by making efforts to ensure that
only legitimate providers bill these programs. Recent incidents of Medicaid
fraud perpetrated by dishonest medical equipment suppliers in California and
other cases of Medicare and Medicaid fraud underscore these programs'
vulnerability. Although the Health Care Financing Administration (HCFA) has
made revamping its provider enrollment process a priority for Medicare, it
has not sought similar efforts in state Medicaid programs. Medicaid state
agencies report differing practices to ensure provider integrity, with only
nine states reporting that they perform comprehensive provider enrollment
activities. Because HCFA is redesigning its Medicare provider enrollment
process, the HCFA Administrator has suggested that developing a joint
Medicare/Medicaid provider enrollment process might be beneficial for both
programs. Thus, HCFA and the states have an additional opportunity to work
together to develop new procedures for Medicaid that could better ensure
provider integrity for both programs while minimizing the administrative
burden and cost.

Background

Medicare is a federal health insurance program for certain disabled persons
and those 65 years and older. It is administered by HCFA, within the
Department of Health and Human Services (HHS), through about 50 claims
administration contractors. Medicaid is a jointly funded federal-state
health insurance program for eligible low-income and medically needy people.
HCFA oversees the Medicaid program at the federal level, but at the state
level, the program actually consists of 56 separate state-operated programs
(including the District of Columbia, Puerto Rico, the Virgin Islands, Guam,
American Samoa, and the Northern Marianas-hereafter referred to collectively
as "states"). The federal government matches state Medicaid spending
according to a formula that is based on each state's per capita income.
Within broad federal guidelines, each state establishes its own eligibility
standards; determines the type, amount, duration, and scope of services;
sets its payment rates; and administers its program-including the enrollment
of its providers.

Although Medicare and Medicaid have different structures and governance, and
serve different populations, many providers bill both programs and must
separately enroll in each. Enrollment refers to all of the application and
verification activities that occur before a provider is issued a provider
number and approved to bill a federal health care program.

My comments today are based on our past and on-going work for the Commerce
Committee on controlling fraud and abuse in the Medicaid program. This
statement focuses on enrollment processes for noninstitutional providers,
because there are some specific requirements for institutions such as
hospitals and nursing homes. Noninstitutional providers include durable
medical equipment suppliers, physicians or physician groups, home health
agencies, transportation companies, and laboratories-in effect, any
providers who do not provide care in an institutional setting such as a
hospital or nursing home. To gain more information on state efforts, we
surveyed the 56 state Medicaid programs. Several survey questions focused on
states' provider enrollment activities. For this statement, we supplemented
the states' self-reported survey data with on-site or telephone interviews
of Medicaid officials from several states, including Connecticut, Florida,
Georgia, New Jersey, and Texas, that reported taking actions to tighten
their provider enrollment processes.

Problems With Fraudulent Providers Underscore the Value of Ensuring Provider
Integrity

With hundreds of millions of claims being processed each year, federal
health care programs need to rely to an extent on the integrity of their
providers. Medicare and Medicaid receive claims for services, equipment, and
supplies, and use automated computer edits as a check before payment to help
ensure the claims are legitimate and billed by an enrolled provider. While
some of the claims are also reviewed after payment is made, with such a
massive number of claims, it is impossible to perform detailed checks on a
significant share of them.

Most providers bill appropriately, reducing the risks from not being able to
scrutinize claims more comprehensively. However, both programs have been
victims of improper billing and outright fraud. For example, we recently
reported on seven criminal health care fraud investigations, four of which
involved both the Medicare and Medicaid programs. In one of these cases,
providers filed more than $120 million in fraudulent Medicare claims and
$1.5 million in fraudulent Medicaid claims before being caught.

Recent fraud cases in California underscore Medicaid's vulnerability to
providers who are eager to defraud the program. As you have heard from other
witnesses today in more detail, since July 1999, a state-federal task force
targeting questionable pharmaceutical and durable medical equipment
providers has found large-scale fraud in California's Medicaid
program-Medi-Cal. More than 100 Medicaid providers, wholesalers, and
suppliers have been charged with more than $50 million in fraud since July
1999. At least 61 of these individuals have already been convicted and paid
about $15 million in restitution. An additional 250 providers, wholesalers,
and suppliers are being investigated for possible fraud that could exceed
$250 million. In some cases, investigators found that providers set up shop
for 4 or 5 months to bill Medi-Cal and collect payments for services not
rendered and then closed down before the fraud was detected. These so-called
"bump and run providers" often made off with hundreds of thousands of
dollars before they disappeared.

These cases follow a pattern that has been seen in federal health care
programs since at least the early 1990s. Investigations, some conducted as
part of Operation Restore Trust, pinpointed weaknesses in provider
enrollment procedures that have allowed questionable providers easy entry
into the Medicare and Medicaid programs. Examples follow:

   * A man convicted of health care fraud in 1989 and excluded from
     participating in Medicaid and Medicare was arrested in 2000 on new
     charges that he secretly ran several companies that received $40
     million in Medicare reimbursements for fraudulent ambulance
     transportation claims. His involvement in the companies was hidden when
     these companies enrolled as Medicare providers. Employees of the
     companies routinely falsified paperwork for ambulance transports for
     patients who did not need this service. For example, patients,
     typically people being taken for radiation and dialysis treatment,
     would be described as "bed-confined," even though covert videotaping by
     federal investigators showed them walking to the ambulances.
   * A provider opened two "storefront clinics" in New Jersey and began
     billing the Medicaid and Medicare programs for such invasive procedures
     as colonoscopies and upper gastrointestinal endoscopies. An
     investigation revealed that the clinic owner was not licensed to
     practice medicine in New Jersey and, in fact, did not have any medical
     license. Before the scheme was detected, the clinic owner had billed
     the Medicaid program for over $6 million and had defrauded the Medicare
     program of over $166,000.
   * The owner of a medical supply company in New York pleaded guilty to
     billing Medicaid for more than $1.2 million for supplies that were
     never provided. The company, operated out of the owner's home, filed
     claims for medical items for several patients authorized by a physician
     who had been dead for more than 10 years.

Checking the credentials and qualifications of such providers more
thoroughly might have raised questions about their integrity. Periodically
requiring providers to reenroll would allow regular scrutiny and updating of
their information. As a result, federal health programs could keep tighter
control over the current validity of billing numbers. Failure to do so
leaves federal health programs vulnerable to questionable providers who
either may not be providing services to beneficiaries as billed or be
providing poor quality services. For example, in 1996, HCFA reported that of
36 new applicants to provide durable medical equipment to Medicare
beneficiaries in Miami, 32 were not bona fide businesses. Some of these
entities did not have a physical address or an inventory of durable medical
equipment. To determine whether this was only a problem in Florida, the HHS
Office of Inspector General (OIG) conducted on-site inspections of 420
suppliers with Medicare billing numbers issued between January and June 1996
and 35 applicants who had applied but had not yet been enrolled. The OIG
found that 31 of the 420 enrolled suppliers and 4 of the 35 new applicants
did not have the required physical business address, or their addresses were
suspect. Some had closed suddenly, leaving no forwarding address. Some
operated out of homes, while others lacked inventory, making their
suppliers' status suspect. Other enrolled suppliers did not provide the
level of service expected, because they did not make repairs on items
supplied to beneficiaries that were still under warranty or allow
beneficiaries to return unsuitable items.

As one convicted Medicaid fraud felon whose previous experience was owning a
nightclub in Miami, Florida, remarked,

"I had no experience or training in health care services. . . Without this
experience and with no knowledge of the Medicare program, I purchased a
business and started billing Medicare. It was very easy for me to get
approval from Medicare to become a provider. . . They gave me a provider
number over the phone. No one from the government or anywhere else ever came
to me or my place of business to check any information on the application.
No one ever checked my credentials or asked if I was qualified to operate a
medical supply business."

By the time this man was arrested in 1994, he owned seven medical supply
companies, using the different billing numbers to hide the number of claims
he was submitting. All of his businesses were at the same location, and he
used the same staff and computers to bill under different numbers. He
estimated that he billed about $32 million to Medicare in total, most for
services not rendered.

Some states and the federal government have realized that their programs do
not have all the tools needed to address the problem of providers entering
their programs intent on committing fraud. One state audit pointed out that
the state's Medicaid program could not terminate a problem provider quickly
and that providers could potentially sell their businesses, including their
billing numbers, to others. In this state, once a provider was accepted into
the program, there was no mechanism to ensure that Medicaid had up-to-date
information about the provider, thus allowing billing numbers to be
potentially misused by others. Furthermore, no efforts were made to verify
information on the enrollment form. Because the state program accepted
copies of out-of-state licenses rather than verifying them, a provider could
produce a fraudulent out-of-state license and thereby be enrolled to treat
Medicaid patients.

Efforts to Strengthen Medicare Provider Enrollment Under Way

   * publishing a notice of proposed rulemaking to set standards for
     provider enrollment, specifying that HCFA can deny and revoke billing
     privileges and periodically require providers to reenroll;
   * implementing a new centralized data system on enrolled providers-the
     Provider Enrollment, Chain and Ownership System (PECOS), which can be
     used to track ownership and relationships between providers;
   * developing a new standard enrollment form that will ask for detailed
     information in many categories, such as ownership; and
   * requiring provider Social Security numbers on the enrollment form,
     which then will be verified through the Social Security Administration.

In addition to our ongoing Medicaid work on this issue, we are now reviewing
the Medicare provider enrollment process and will be reporting about it
later this year. In that study, we are primarily focusing on the activities
Medicare contractors perform to enroll new providers and HCFA's plans to
require providers to periodically reenroll.

While HCFA has a number of actions planned or in process to help strengthen
Medicare provider enrollment, its plan for program integrity does not
include any actions to strengthen provider enrollment in Medicaid. Dealing
with such issues at the federal level is more complex in Medicaid because of
the differing program requirements and state approaches to ensuring program
integrity. Because the Medicaid program is administered by the states under
federal oversight, both federal requirements and state actions form a
state's Medicaid provider enrollment program.

Federal Requirements Are Minimal, but a Few States Have Aggressive Provider
Enrollment Programs

Minimal Federal Requirements Exist to Ensure Medicaid Provider Integrity

HCFA's guidance to states, incorporated in the State Medicaid Manual,
indicates that states may only enroll providers that are qualified to
provide the specified service and that have not been excluded from federal
health care programs. A qualified provider is one that is licensed to
practice in the state, if licensure is required, and that provides services
within the scope of practice as defined by state law. States can impose
additional qualifications on providers that they enroll in their Medicaid
programs. Recently, the OIG found evidence that some state Medicaid programs
have paid excluded providers for providing services to beneficiaries, and
the OIG is thus concerned that some states may not be checking on whether a
provider has been excluded.

Finally, the federal government provides states matching funds for automated
claims processing and information retrieval systems, called Medicaid
Management Information Systems (MMIS), provided that the states' systems
meet certain specifications. States that receive federal funding for their
MMIS must collect and enter into their systems certain types of provider
information to help ensure that their providers are eligible. This
information includes a unique Medicaid provider identification number, the
provider's Social Security number, and, if applicable, the provider's
Medicare number. In addition, state information systems need to be able to
support certain functions, such as enrolling providers only after they agree
to abide by the state Medicaid program's rules and helping to screen
applicants by verifying their state license or certification, if applicable.

Limited Federal Oversight of State Enrollment Processes

However, HCFA is working with state Medicaid programs on strengthening their
fraud and abuse control activities through its Medicaid Fraud and Abuse
National Initiative. The goal of this initiative is to facilitate, not
oversee or direct, state efforts. The initiative is led from HCFA's Atlanta
regional office and has coordinators in each of its 10 regional offices.
Although the initiative's plan does not list provider enrollment as one of
its strategic goals, its national work group has a goal to work with states
to help them avoid providers who have been excluded, suspended, debarred, or
sanctioned from other federal health care programs. Recently, HCFA teams
consisting of regional office Medicaid fraud and abuse coordinators reviewed
eight states' Medicaid program integrity procedures. In those states, they
checked two processes relevant to provider enrollment-providers' disclosure
of ownership, significant business transactions, and employee criminal
history information; and states' processes to ensure that excluded providers
do not participate or receive payment for services. HCFA has not yet
reported its findings on this eight-state review.

Wide Variation in State Efforts to Check Provider Integrity

HCFA has found site visits to be useful in verifying whether applicants for
enrollment in Medicare have bona fide businesses. In our survey, 19 states
reported that they conducted site visits when a provider initially applies
to become enrolled. Most states that conducted site visits reported visiting
only certain providers that they feel have a greater likelihood of abusing
the program-for example, the Kansas Medicaid program reported visiting only
durable medical equipment suppliers. Because these site visits cost money,
such targeting is seen by those states as the best approach. Only New
Hampshire, which reported enrolling about 5,000 providers in the last 3
years, said that it checked the sites of all providers before enrollment.

Once enrolled, many states allow providers to stay indefinitely in the
program without having to update information about their status. As a
result, while some providers may be reporting changes to the Medicaid
program, such as selling a business and its associated billing number,
others may not. Twenty-six states reported allowing providers to continue to
bill indefinitely once enrolled. Others had an enrollment time limit, which
often varied by provider type. Eighteen states reported conducting visits to
help determine whether providers should remain in the program. These states
generally reported visiting only certain providers, with 11 reporting that
they visited such providers at least once a year.

Because billing numbers allow claims to be processed, they are valuable and
need to be guarded. Existing businesses may be sold to owners that intend to
defraud Medicaid, and dead or retired providers' numbers can be used by
unscrupulous individuals. Canceling inactive billing numbers can prevent
questionable providers from deliberately obtaining multiple numbers to keep
"in reserve" in the event that their practices result in suspension of
claims under the primary number. Once again, a number of states reported
doing nothing to control billing numbers. Only thirty-three states reported
canceling inactive billing numbers. Of those, 16 reported canceling
providers' numbers when they did not submit a bill for 2 years. Five states
reported that they canceled a provider number if no bill had been submitted
in more than 3 years.

States' Key Activities to Ensure the Integrity of Potential Providers

More Stringent Review of Provider Enrollment Applications. In late 1998,
Connecticut began using information from its fraud and abuse cases to help
it determine what to require of new providers. Earlier audits had revealed
that durable medical equipment providers operating in networks-many of which
were family-based-were defrauding the program. As a result, representatives
from Connecticut's Office of the Attorney General and Office of the Chief
State's Attorney worked with Medicaid quality assurance and provider
relations staff to revise the Medicaid enrollment process, starting with the
provider enrollment application.

Connecticut's new application requires providers to disclose business or
personal relationships with other Medicaid providers. In addition,
applicants must now state whether they have any administrative sanctions,
civil judgments, criminal convictions, or bankruptcies, and whether they are
enrolled in federal or other states' health care programs. Further, the
Connecticut Medicaid application requires submission of the names and Social
Security numbers of all owners, officers, and directors of the provider's
business. A critical step in the state's enrollment process is verification
of the enrollment application information. Connecticut has a contractor that
uses various on-line databases to check applicants' personal, financial and
criminal backgrounds. Similar to Connecticut, beginning July 1, 2000,
Georgia started using a revised provider enrollment application that
requires the applicant to disclose criminal background, exclusions and
sanctions, and ownership information on the application form.

As a result of problems with provider fraud in South Florida, in December
1995, Florida began to implement several changes in provider enrollment
procedures. Florida now requires noninstitutional providers to undergo
fingerprinting and criminal history background screenings. For group
providers, all officers, directors, managers, and owners of 5 percent or
more of the business must be screened. Applicants are required to submit
fingerprints and to pay for the background checks. Fingerprints are checked
with both state law enforcement authorities and the Federal Bureau of
Investigation.

Strengthened Provider Agreements. Several states now include provisions in
their provider agreements that allow either the provider or the Medicaid
program to terminate the agreement without cause after giving the other
party advance notice. While the details vary, such a clause is now part of
the Medicaid provider agreements required by Connecticut, Florida, Georgia,
and Texas. New Jersey's provider agreement currently allows providers to
terminate their agreement without cause after giving the program 30 days
written notice. However, New Jersey Medicaid officials told us that a
provision giving Medicaid the same termination rights is being developed. A
Texas Medicaid official told us that the termination-without-cause provision
was an important new tool to help protect the Texas Medicaid program by
allowing officials to remove problem providers more expeditiously.

Reenrollment Under Stricter Standards. Several states that tightened
standards for newly enrolling providers also required existing Medicaid
providers to reenroll under the new standards. For example, after
strengthening the Texas Medicaid program's provider enrollment process for
new applicants, the Texas legislature directed Medicaid officials, beginning
September 1, 1997, to initiate a 2-year period during which all current
providers would be required to reenroll in the Medicaid program. Texas
Medicaid providers-both new applicants and existing providers-must now sign
a provider agreement that includes stricter terms of participation and new
anti-fraud-and-abuse language. When Texas providers were slow to reenroll,
the legislature extended the deadline by a year to September 1, 2000, and
reduced some requirements, such as filling out a provider information form,
but not the requirement that providers sign the new agreement. Texas
Medicaid officials reported that as of May 31, 2000, 68 percent of the
providers had reenrolled. Similarly, starting in 1996, Florida required all
noninstitutional Medicaid providers to reenroll on a staggered basis under
stricter standards. When Florida began the reenrollment, there were
approximately 80,000 Medicaid providers; when it ended, there were about
20,000 less. State program officials report that access to health care was
not affected by the reduction in Medicaid providers.

Special Scrutiny of Certain Provider Types. As several other states have
done, New Jersey's Division of Medical Assistance and Health Services has
instituted special Medicaid enrollment procedures for certain types of
providers. The New Jersey Medicaid program's fiscal agent handles all
aspects of the Medicaid provider enrollment process for most provider types.
However, enrollment applications from pharmacies, independent laboratories,
transportation companies, and durable medical equipment providers receive
extra attention. Both the Medicaid Program Integrity staff and Medicaid
Fraud Control Unit (MFCU) staff review pharmacy and independent laboratory
enrollment applications. The review includes a criminal background check.
Other New Jersey Medicaid program personnel review applications from durable
medical equipment and transportation providers. Program consultants conduct
preenrollment site visits to pharmacy and durable medical equipment
applicants. In addition, physician group practices are visited on-site after
they are enrolled. This type of approach can root out those individuals who
set up a physical location only long enough to enroll in the program. For
example, in an Illinois Medicaid fraud case involving a laboratory, an
individual paid 1 month's rent on office space and state-of-the-art medical
testing equipment to obtain the certification needed to bill Medicaid for
complex laboratory tests. But after receiving certification, no patients
were actually tested, although Medicaid was billed for laboratory services.

Florida requires certain types of Medicaid providers, including home health
agencies, durable medical equipment suppliers, nonemergency transportation
providers, physician groups with more than 50 percent nonphysician
ownership, and independent laboratories to obtain surety bonds. On May 25,
2000, legislation was enacted that increases the maximum surety bond the
Medicaid agency can require a prospective or participating provider to
obtain. Under the new law, Medicaid can require the current $50,000 flat
rate or, if greater, the total amount billed by the provider during the
current or most recent calendar year. Florida officials indicated that a
primary reason for the surety bond requirement is that in underwriting a
bond, surety companies check the capacity and financial ability of the
providers to operate as a valid business. Florida officials consider such a
review an effective screening tool to help keep less qualified providers out
of the program. However, obtaining a surety bond does not reflect how well
an applicant will perform as a health care provider, just that they are a
business. In a previous report, we pointed out that these requirements may
negatively affect the ability of small providers to serve beneficiaries. In
addition, individuals with no history of criminal action but an intent to
defraud the program could still obtain bonds.

Preenrollment Site Visits. In 1999, after receiving new budget authority
from the state, the recently reestablished Georgia Medicaid program's
Provider Enrollment Unit began conducting site audits on all new
noninstitutional provider applicants. Georgia's site audit requirements
include verification of the provider's business location, a check of the
provider's compliance with the Americans With Disabilities Act, and a check
of the provider's business license. The audit also checks compliance with
any additional criteria that are required for that category of provider as
stipulated in the state's Medicaid provider manual. Georgia Medicaid
officials reported that when they began the site audits they detected
numerous applicants with nonexistent addresses or mailbox-only operations;
now such a finding is rare.

According to Texas Medicaid officials, that state had a less successful
experiment with preenrollment site visits. In 1997, in part because of the
experience of the Florida Medicaid program, the Texas legislature directed
its Medicaid program to establish a pilot project aimed at reducing fraud by
conducting random on-site reviews of prospective Medicaid providers in
targeted counties. For the pilot, program officials selected the three urban
counties that had the largest concentration of providers in the specialties
designated by the legislation-durable medical equipment providers, home
health care providers, therapists, and laboratories. At a minimum, Texas
Medicaid investigators were required to inspect the providers' sites; review
appropriate licenses or other authorities; interview the providers'
representatives, staff, and patients; and review medical and business
records. Only nine provider applications were received during this time
period. The nine applicants reviewed during the 5-month pilot were found to
be capable of delivering the specific services proposed in their
applications and to have fully operational businesses. Program officials
calculated that the reviews cost an average of $4,200 per provider-too high
to be cost-effective-and they recommended against extending the pilot or
implementing the preenrollment reviews statewide.

Site visits are done before enrollment in the Florida Medicaid program for
certain types of provider applicants, including pharmacies, durable medical
equipment suppliers, physicians' group practices that are at least 50
percent owned by nonphysicians, independent laboratories, home health
agencies, and some transportation companies. Florida officials plan to begin
conducting checks on 100 percent of the pharmacies in two counties that
historically have had a problem with fraud. In addition, the state or its
contractor may conduct site visits on any existing providers if they are
considered to be high risk, have exhibited aberrant billing practices, or
are the subject of a complaint made to the Medicaid state agency.

Better Control of Medicaid Billing Numbers. Because control of Medicaid
billing numbers has been lax in some states, Medicaid has been billed by
individuals using information from deceased or retired providers-either
directly or as referring physicians. In an effort to better control Medicaid
billing numbers, Texas Medicaid officials developed the Texas Provider
Identification System, which they planned to institute in conjunction with
their provider enrollment changes. At present, Texas providers can
legitimately have and use several Medicaid provider numbers simultaneously.
Under the new system, each provider would have one seven-digit base number
to which locator code numbers could be added to indicate where a service was
performed. Texas has had to delay implementing the new identification system
because the start-up of the state's new MMIS is behind schedule. The Georgia
Medicaid program uses a billing number system similar to the one envisioned
by Texas Medicaid officials. Medicaid providers in Georgia have a base
number to which letters are added that indicate the location where the
service was provided.

As previously mentioned, many states now cancel the billing numbers of
providers who have not submitted a bill to the Medicaid program during a
certain period of time. Of the states whose Medicaid officials we
interviewed, Florida, Georgia, and Texas currently cancel the billing
numbers of inactive providers, while Connecticut and New Jersey do not.

The state Medicaid officials reported that the strengthened provider
enrollment measures they have adopted have given them important new tools to
help ensure the integrity of their Medicaid programs. Despite the obstacles
encountered in recent efforts to better ensure the integrity of their
Medicaid providers, Texas Medicaid officials reported that they have sent a
strong message to providers about the program's intolerance for fraudulent
and abusive practices. Connecticut Medicaid officials said that while it is
difficult to quantify the deterrent effect of their provider enrollment
measures, preventing fraudulent providers from entering the Medicaid program
is inherently more cost-effective than trying to recover inappropriately
expended funds.

Improving Medicare Provider Enrollment Creates Additional Opportunities to
Strengthen Medicaid

The current revamping of Medicare's provider enrollment process may provide
an opportunity for HCFA to help states strengthen the provider enrollment
process in their Medicaid programs. Because many of the same providers bill
both programs, we were interested in finding out whether the programs'
working together could more efficiently screen out problematic providers.
Sharing a standard enrollment form with Medicare and checking providers
using the new database, PECOS might help Medicaid programs more effectively
operate their provider enrollment processes.

The HCFA Administrator has suggested that developing a joint
Medicare/Medicaid provider enrollment process might be beneficial for both
programs. A HCFA official with responsibility for program integrity
activities advised us that HCFA plans to solicit state Medicaid officials'
comments in the next month concerning the use of HCFA's provider enrollment
form for enrollment of both Medicare and Medicaid providers.

Combining Medicare and state Medicaid efforts would not necessarily mean
that states with particularly aggressive or more comprehensive provider
enrollment programs would not continue them. HCFA and the states would need
to agree on the minimum requirements of a provider enrollment process in
Medicaid and to what extent enrollment through the Medicare process
satisfied those requirements. For example, it might be reasonable to have
states verify provider business addresses and readiness to provide services
through state-controlled site visits. Either Medicare or Medicaid could be
responsible for verifying provider credentials and qualifications. The
Medicare program could be responsible for verifying Social Security numbers
and other information available in national databases, as well as for
entering provider information into the PECOS system. This would allow the
states to put more effort into activities that are best done at the local
and state levels.

One other recent development will affect both programs' enrollment
processes. As contemplated by the Health Insurance Portability and
Accountability Act of 1996 (HIPAA), HHS is developing the National Provider
Identifier, a single, unique identifier for each provider to be used in
transactions with all health payers. This number could help eliminate the
multiple identification numbers for the same provider present in today's
environment that unscrupulous providers can use to obscure their billing
practices. This system would more easily track all the activities of a
provider by his or her unique identifier. Currently, the draft of the final
regulation is awaiting approval by HCFA, HHS, and the Office of Management
and Budget.

Mr. Chairman, this concludes my prepared statement. I will be happy to
answer any questions you or the Subcommittee Members may have.

GAO Contact And Acknowledgments

Related GAO Products

edicaid: Federal and State Leadership Needed to Control Fraud and Abuse
(GAO/T-HEHS-00-30, Nov. 9, 1999).

Medicaid: Federal and State Leadership Needed to Control Fraud and Abuse
(GAO/T-HEHS-00-30, Nov. 9, 1999).

Health Care: Fraud Schemes Committed by Career Criminals and Organized
Criminal Groups and Impact on Consumers and Legitimate Health Care Providers
(GAO/OSI-00-1R, Oct. 5, 1999).

Medicare Contractors: Despite Its Efforts, HCFA Cannot Ensure Their
Effectiveness or Integrity (GAO/HEHS-99-115, July 14, 1999).

Medicare Home Health Agencies: Role of Surety Bonds in Increasing Scrutiny
and Reducing Overpayments (GAO/HEHS-99-23, Jan. 29, 1999).

Medicare Home Health Agencies: Certification Process Ineffective in
Excluding Problem Agencies (GAO/HEHS-98-29, Dec. 16, 1997).

Fraud and Abuse: Providers Excluded From Medicaid Continue to Participate in
Federal Health Programs (GAO/T-HEHS-96-205, Sept. 5, 1996).

Fraud and Abuse: Medicare Continues to Be Vulnerable to Exploitation by
Unscrupulous Providers (GAO/T-HEHS-96-7, Nov. 2, 1995).

(201072)

        Orders by Internet

For information on how to access GAO reports on the Internet, send an e-mail
message with "info" in the body to:

[email protected]

or visit GAO's World Wide Web home page at:

http://www.gao.gov

        Web site: http://www.gao.gov/fraudnet/fraudnet.htm

E-mail: [email protected]

1-800-424-5454 (automated answering system)
  
*** End of document. ***