Medicaid: Federal and State Leadership Needed to Control Fraud And Abuse
(Testimony, 11/09/1999, GAO/T-HEHS-00-30).

Medicaid fraud schemes cross state lines and enforcement jurisdictions,
engaging the different or competing priorities of federal, state, and
local agencies in efforts to investigate, prosecute, and enforce program
compliance. Essential components of an effective strategy with program
integrity include coordinating the efforts of the multiple players,
investing in preventive strategies, and dedicating adequate resources to
fraud control units. The Health Care Financing Administration, the
federal agency that runs Medicaid, established a fraud and abuse
national initiative in 1997 to bring together groups at the state level
to provide training, share information, and address common concerns.
Despite HCFA's efforts to facilitate the states' activities, questions
remain about its role as a steward of Medicaid funds.

--------------------------- Indexing Terms -----------------------------

 REPORTNUM:  T-HEHS-00-30
     TITLE:  Medicaid: Federal and State Leadership Needed to Control
	     Fraud And Abuse
      DATE:  11/09/1999
   SUBJECT:  Health care programs
	     Federal/state relations
	     Fraud
	     Health insurance cost control
	     Program abuses
	     Internal controls
	     State-administered programs
IDENTIFIER:  Medicaid Program
	     HHS Operation Restore Trust
	     FBI Operation Goldpill
	     Medicare program

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Testimony.                                               **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************

GAO/T-HEHS-00-30

   * For Release on Delivery
     Expected at 10:30 a.m.

Tuesday, November 9, 1999

MEDICAID

Federal and State Leadership Needed to Control Fraud and Abuse

        Statement of Leslie G. Aronovitz, Associate Director

Health Financing and Public Health Issues

Health, Education, and Human Services Division

Testimony

Before the Subcommittee on Oversight and Investigations, Committee on
Commerce, House of Representatives

United States General Accounting Office

GAO

TC ": MEDICAID: Federal and State Leadership Needed to Control Fraud and
Abuse: " \l 3

Medicaid: Federal and State Leadership Needed to Control Fraud and Abuse

Mr. Chairman and Members of the Subcommittee:

We are pleased to be here today as you discuss ways to combat fraud and
abuse in the Medicaid program. Some 40 million Americans-not only poor
mothers and children but also poor elderly, blind, and disabled
individuals-depend on health care services made possible by the Medicaid
program. With total expenditures of over $177 billion in fiscal year 1998,
Medicaid is the third largest social program in the federal budget and
represents a significant share of individual state budgets as well.

Fraud and abuse drains away vital program dollars and exploits taxpayers and
vulnerable beneficiaries. As we recently reported, consumers and legitimate
health care providers have been victimized by the fraud schemes of career
criminals and organized criminal groups. While the Department of Health and
Human Services (HHS) and the Department of Justice have recently augmented
their program integrity activities for Medicare, the Congress is concerned
that a similar emphasis be placed on fraud and abuse control in Medicaid. We
have just launched a study to better understand the scope and effectiveness
of Medicaid program integrity efforts at the federal and state levels and
will report our results next spring. Today, my remarks will focus on a brief
overview of the problem, several key components of fraud control, and the
importance of federal and state cooperation. My comments are based on
observations gleaned from our prior work addressing both Medicaid and
Medicare program integrity issues and from our ongoing Medicaid study.

In summary, our body of work on health care fraud and abuse indicates that
programs the size and structure of Medicaid are inherently vulnerable to
exploitation. Fraud schemes often cross state lines and enforcement
jurisdictions, entailing a number of federal, state, and local agencies that
may have different or competing priorities in their efforts to investigate,
prosecute, and enforce compliance. Experience shows that coordinating the
efforts of the multiple players, investing in preventive strategies, and
dedicating adequate resources to fraud control units are essential
components of an effective program integrity strategy. Finally, our work
shows that the Health Care Financing Administration (HCFA), the agency in
HHS responsible for administering Medicaid federally, is in a position to
work in partnership with the states to ensure an appropriate level of
commitment in states' efforts to control Medicaid fraud and abuse.

Background

Medicaid is a jointly funded federal-state health insurance program for
eligible low-income and needy people. Although it is one federal program, as
a practical matter, it consists of 56 separate programs (including the
District of Columbia, Puerto Rico, and the U.S. territories). Within broad
federal guidelines, each state establishes its own eligibility standards;
determines the type, amount, duration, and scope of services; sets the rate
of payment for services; and administers its own program. For fiscal year
1998, federal Medicaid expenditures were over $101 billion, with the states
contributing about $76 billion. For each state, the federal share varies
according to a statutory formula. The federal government picks up at least
half the cost for medical services, and in nine states, it pays for more
than 70 percent.

Medicaid fraud and abuse control entails a complex mix of actors and
entities. At the federal level, HCFA and the HHS Office of Inspector General
(OIG) have program oversight responsibilities. The Federal Bureau of
Investigation (FBI) and the U.S. Attorneys in the Department of Justice are
responsible for enforcement under certain conditions. However, front line
oversight and enforcement reside primarily with the states. Each state
administers its Medicaid program through a state Medicaid agency-variously
situated in departments such as health, welfare, or human services. In
addition to paying claims and performing other administrative duties, the
state Medicaid agencies conduct program integrity activities. Many state
Medicaid agencies have a "data mining" unit-a surveillance and utilization
review subsystem (SURS) unit-dedicated to reviewing paid claims to identify
suspect billing practices or other aberrations indicating potential
wrongdoing. Separate from the state Medicaid agency, 47 states have Medicaid
Fraud Control Units (MFCU), generally located in the state's attorney
general's office, which carry out investigations and prosecutions. For a
composite view of the multiple agencies involved in Medicaid fraud and abuse
control, see table 1.

Table 1: Overview of Medicaid Fraud and Abuse Control Efforts
 Agency         Responsibility           Related activities
 Federal
 Department of Health and Human Services (HHS)

 Health Care                             Among other activities, through
 Financing      Oversees state Medicaid  its Medicaid Fraud and Abuse
 Administration agencies                 National Initiative, HCFA provides
 (HCFA)                                  an ongoing forum and training for
                                         state officials on fraud control.
                Oversees state Medicaid  The OIG can sanction fraudulent
 Office of      Fraud Control Units      providers by imposing exclusions
 Inspector                               and civil monetary penalties. It
 General (OIG)  Investigates federal     refers investigative findings to
                Medicaid fraud cases     Department of Justice.
 Department of Justice
                Prosecute Medicaid       The U.S. Attorneys also indict,
 U.S. Attorneys fraud cases referred by  negotiate settlements, and make
                FBI and HHS OIG          recoveries.
 Federal Bureau
 of             Investigates federal     The FBI refers investigative
 Investigation  fraud cases but cannot   findings to the U.S. Attorneys.
 (FBI)          impose sanctions
 State
 State Medicaid
 agency
                Administers state        The state Medicaid agency's
 (located in    Medicaid program and     activities may include conducting
 such           oversees Medicaid        pre- and postpayment claims
 departments as program integrity        reviews and administering the
 health, human  activities               provider enrollment process.
 services, and
 welfare)
 Program
 integrity/
                Reviews claims data to
 surveillance   detect and investigate   SURS units refer suspected fraud
 and            aberrant payment         cases to the state's MFCU and
                patterns and conducts    noncriminal cases to the state
 utilization    other types of           Medicaid agency's collection unit.
 review         integrity activities
 subsystem
 (SURS)a unit
                Investigates and
 Medicaid Fraud prosecutes cases
 Control Unit   involving fraudulent
 (MFCU)b        Medicaid activities      The MFCU may refer cases that will
 (generally in                           not be prosecuted to the state
 state attorney Investigates and acts    Medicaid agency or other authority
 general's      on complaints of abuse   for administrative action.
 office)        or neglect of patients
                in facilities receiving
                Medicaid funding
 Local
                Prosecutes Medicaid
 District       fraud cases in states
 attorney       where MFCUs do not have
                prosecutorial authority

aStates vary in how their program integrity activities are organized and in
what the units are called.

bThree states do not have MFCUs-Idaho, Nebraska, and North Dakota.

Fraud and Abuse Are a Persistent Problem in Medicaid Program

Several Types of Fraud and Abuse Are Common in Medicaid

Table 2: Examples of Medicaid Fraud and Abuse
 Type of fraud        Example
                      A psychiatrist operated a "psychotherapy mill," in
                      which parents were enticed to enroll their children
                      in "free" enrichment programs such as after-school
                      tutoring, field trips, and supervised recreation in
                      exchange for their children's Medicaid numbers. Using
                      these numbers, the psychiatrist billed Medicaid for
 Billing fraud        psychotherapy services not provided. A psychologist
                      he employed discovered the scam and negotiated a
                      higher salary from him. The psychologist also set up
                      her own copycat operation. State officials estimated
                      that the two fraudulently obtained $421,000 from
                      Medicaid. The defendants pleaded guilty, were ordered
                      to pay fines and restitution, and received probation.
                      Source: Georgia State Health Care Fraud Control Unit.
                      Two businessmen pleaded guilty to felony charges
                      related to a complex scheme of submitting fraudulent
                      nursing home cost reports to the state's Medicaid
                      program. The scheme involved a nursing home chain and
                      a shell corporation that the chain allegedly
                      contracted with, enabling the owners to bill Medicaid
                      for inflated expenses related to phony contracts with
                      the nursing homes. Through a complex web of bank and
                      investment accounts, the owners laundered payments.
 Business practices   The scheme, which netted the owners nearly $10
 fraud                million in excess Medicaid reimbursements, was
                      discovered when a state auditor became suspicious of
                      high payments to the shell company. One of the
                      defendants received 50 months in prison and a $70,000
                      fine; the other, 36 months in prison and a $50,000
                      fine. Both received an additional 3 years of
                      supervised release. As restitution, the pair agreed
                      to pay about $6 million to the state Medicaid program
                      and to forfeit an additional $2-million-plus in
                      assets. Source: Georgia State Health Care Fraud
                      Control Unit.
                      A woman, who had never attended, graduated, or
                      received a degree from a nursing school, presented a
                      false nursing license to several nursing homes that
                      employed her. She also contracted with a county Board
                      of Mental Retardation and Developmental Disabilities
                      to provide nursing and counseling services. The
                      misrepresentation was discovered when substandard
 Fraudulent           care she provided led to complaints and a subsequent
 misrepresentation of investigation. A state nursing board determined that
 qualifications       the woman had posed as a nurse for at least 5 years.
                      She was charged with felony Medicaid fraud, felony
                      forgery, and misdemeanor practice of unlicensed
                      nursing. She pleaded guilty and was sentenced to 5
                      years' probation and was ordered to either pay some
                      $3,850 in restitution or perform 84 days of community
                      service. Source: Ohio Attorney General's Health Care
                      Fraud Section.

Fee-for-service providers do not have a monopoly on fraudulent and abusive
health care practices. Under managed care, providers intending to exploit
the program have adapted to new financial incentives. Whereas receiving a
fee for each service enables providers to enhance revenues by ordering too
many services, receiving a lump-sum payment in advance for each enrollee can
encourage dishonest providers to enhance their profits by stinting on
patient care. Consistent with this incentive are examples of Medicaid
managed care fraud and abuse by prepaid health plans: avoiding expensive
treatments, underfinancing plan operations, providing poor quality care,
using deceptive marketing practices, and claiming phony enrollments. In a
specific instance in Tennessee, a managed care plan used a homeless shelter
as the address for nearly 4,500 fictitious enrollees-a scheme that was
generating nearly $450,000 a month in fraud losses to Medicaid. The scheme
came to light once the shelter tipped off the state Medicaid agency. Managed
care plans can also engage in fraudulent business practices similar to those
in fee-for-service health care-such as providing kickbacks for referrals or
having unqualified personnel provide services.

Fraud and abuse schemes also cross jurisdictional and program boundaries,
complicating the task of pursuing the perpetrators. In our October 1999
correspondence on health care fraud, we noted that criminal groups have
created interstate health care fraud schemes and have used associates in
foreign countries to transfer ill-gotten proceeds out of the United States.
For example, a group with ties to a New Jersey scheme purchased a lab in
Illinois and began bilking Medicaid and Medicare there. In another case, two
individuals investigated for Medicaid fraud in south Florida were tied to
three individuals in North Carolina who used a similar scheme to falsely
bill Medicare. Proceeds from this scam were laundered through associates in
Mexico.

Medicaid Is Vulnerable to Fraudulent and Abusive Practices

   * As a third-party payer, Medicaid pays for services provided by others
     and cannot, as a practical matter, police each claim for reimbursement
     submitted. In a state like New York, the very size of the program
     invites exploitation. In fiscal year 1998, New York's Medicaid program,
     covering roughly 2 million beneficiaries, cost an estimated $27
     billion. Medicaid consumes, on average, 20 percent of a state's budget.
   * The impermanence of the population, owing to beneficiaries' changing
     eligibility status, makes the program a target for such schemes as
     billing for services provided to ineligible or deceased individuals.
   * Because many states pay considerably less under Medicaid than
     providers' customary charges, Medicaid providers are often in short
     supply. Thus, program administrators are reluctant to impose controls
     that are perceived as burdensome for fear of discouraging provider
     participation.

Coordination, Prevention, and Adequate Resources Are Key Fraud Control
Elements

Our prior health care program integrity work has shown that strong federal
and state leadership is needed to ensure that three essential fraud control
elements are in place. First, the multiple agencies involved must coordinate
their efforts effectively. Second, HCFA and the states must focus on
preventive strategies, since detection and prosecution efforts alone cannot
stem program losses. Finally, state agencies need the administrative and
technical tools and resources to accomplish their mission.

Coordination Essential, but Difficult to Achieve

Two examples illustrate the payoff resulting from agency cooperation. One is
the FBI's Operation Goldpill. Working with other federal agencies and with
state MFCUs and regulators, approximately 1,000 FBI agents participated in
the FBI's largest health care undercover operation at that time, involving
50 cities nationwide. This initiative reflected a new strategy focusing on
multidefendant conspiracy indictments rather than single-defendant
prosecutions. Through this effort, law enforcement agencies were able to
charge 254 defendants; seize $10.8 million in assets, including 11
pharmacies; and levy $6.6 million in fines.

The second example-Operation Restore Trust (ORT)-represented a cornerstone
in recent health care fraud coordination, which focused on Medicare and
Medicaid fraud and abuse. ORT brought together the HHS OIG and other
federal, state, and local agencies to target wrongdoing by home health,
nursing home, and durable medical equipment providers, initially in five
states. In its first 2 years of operation, ORT identified $188 million in
inappropriate payments. Among the lessons learned was the importance of
coordination among the various program and enforcement agencies involved at
the federal, state, and local levels. For example, coordination between
Medicare claims administration contractors and state licensing inspectors in
the project states resulted in the decertification of many of the targeted
home health agencies and the recovery of substantial sums in inappropriate
payments. Through the Medicare contractors' efforts to train state
inspectors on specific billing and beneficiary coverage issues, the
inspectors were able to provide the contractors information they might not
otherwise have been able to obtain on beneficiaries who were not eligible or
home health agencies that billed for services not provided. Through this
mutual exchange of information, contractors were able to identify an array
of billing abuses costing the government millions of dollars.

As obvious as the benefits are from interagency coordination, several
barriers exist that discourage such cooperative efforts. Among these are the
following:

   * Labor-intensity of building a case with uncertain outcome. The level of
     resources and interagency coordination required for case development
     can stall the pursuit of a case at many junctures and delay the
     resolution of a case for many years. The pursuit of fraud often begins
     with the state Medicaid agency, which, to refer the case to a MFCU,
     must typically prepare careful documentation through data analyses,
     claims audits, interviews with patients, and medical record reviews.
     The MFCU may reject cases because of its backlog, insufficient
     evidence, or estimated dollar losses below a certain threshold. At the
     time of our drug diversion study, one state's MFCU typically rejected
     more than 90 percent of the Medicaid agency's fraud referrals because
     of staffing constraints. For cases accepted, MFCU investigations can
     involve, among other things, additional interviews or analyses of
     medical records and subpoena of financial records. If the case enters
     federal jurisdiction, the MFCU may forward the case to a U.S. Attorney.
     If the case is prosecuted and convictions are obtained, further work
     also may be necessary to establish administrative sanctions and recover
     overpayments.
   * Timing of actions to maximize administrative as well as criminal
     sanctions. In our drug diversion study, we reported that the state
     agencies and MFCUs made little effort to time audits and criminal
     investigations so that civil recoveries could be made without
     compromising criminal prosecution. When poor communication exists
     between a MFCU and the state Medicaid agency, the state agency may be
     delayed in taking civil action before the statute of limitations has
     expired. In such cases, the agency may have to forgo the opportunity to
     assess monetary penalties or obtain recoveries that can restore
     financial losses to the Medicaid program.
   * Competing productivity goals between agencies. One state's MFCU
     officials told us that a state Medicaid agency's SURS unit, for
     example, may be reluctant to classify cases as fraud. Fraud cases must
     generally be referred to the state MFCU. Cases classified as
     overpayments generally remain the within the SURS' jurisdiction, and
     recoveries are credited to the SURS' performance results.
   * Federal payback rules. Federal law creates a fiscal incentive for
     states to avoid finding fraud. The law requires that the state pay back
     the federal share of these overpayments within 60 days of discovery,
     regardless of whether the state has recouped its losses.

We are currently reviewing states' efforts to enhance coordination in our
ongoing study for the Committee. In Georgia, the MFCU has established
working teams consisting of members from three state agencies-prosecutors
from the Attorney General's office, investigators from the Georgia Bureau of
Investigation, and auditors from the Department of Audits.

Prevention Is Key to Avoiding Program Losses

Preventive strategies can be embedded in the design of provider enrollment
procedures, payment methods, coverage policies, and beneficiary eligibility
verification. As we concluded from previous work, states' emphasis on
developing preventive measures were well-placed because efforts to recover
losses were often unsuccessful. In our ongoing study, we will examine
states' approaches to fraud control prevention. One example-provider
enrollment controls in the Medicare program-illustrates how such approaches
help avert fraud.

Until recently, when new requirements were established, Medicare procedures
for certifying home health agencies were seriously flawed. For example, in a
1997 report, we noted that becoming a Medicare-certified home health agency
had been too easy, particularly in light of the number of problem agencies
that had been identified in past years. There had been little screening of
those seeking Medicare certification. For example, Medicare certified an
agency owned by an individual with no home health experience who turned out
to be a convicted drug felon and who later pleaded guilty with an associate
to having defrauded Medicare of over $2.5 million. Rarely did new home
health agencies fail the program's certification requirements. HCFA has
since developed procedures to better scrutinize the qualifications and
background of home health agency applicants.

Adequate Resources Include Qualified Staff and Modern Technology

In recent interviews, officials in several states have expressed concerns
that the lack of effective data systems has hampered their efforts to
identify fraud. For example, one state official said that the state's
Medicaid automated detection system is 15 years old and not well designed
for the types of analysis needed today. Another official noted that the
state lacked a system to perform electronic prepayment screening of claims,
a tool that we have reported on in Medicare reports as a fundamental payment
safeguard. Reflecting these concerns, a MFCU official stated that service
data, staff capable of mining them, and state-of-the-art detection software
are important tools for fraud control. Our ongoing study will examine the
extent of states' capacity to identify fraud or abuse.

HCFA's Role in Medicaid Fraud Control

In 1997, HCFA established the Medicaid fraud and abuse national initiative
designed to bring different components among and within states together at
meetings and to provide training, share information, and address common
concerns. As part of the initiative, individual committees have been created
to work on specific problems and solutions. For example, a state legislation
committee developed a database on a Web site that all states can access that
catalogues states' program integrity legislation. This serves states seeking
models for anti-fraud-and-abuse legislation and contacts for further
information. A federal legislation committee has developed proposals to
increase state effectiveness that have been added to HHS' legislative
proposals. HCFA has also formed and funded a technical advisory group that
meets regularly to discuss Medicaid program integrity issues.

Despite HCFA's positive efforts to facilitate states' activities, we are
concerned about the agency's efforts to ensure that all states have
effective program integrity strategies. In our June 1999 testimony on
Medicaid payments for school-based services, we raised concerns about HCFA's
role as steward of Medicaid funds. We noted that the agency's regional
offices, lacking specific guidance, were inconsistent in their
determinations of whether a given state's practices for claiming
administrative costs were appropriate. Practices that HCFA had allowed in
one state had not been allowed in others, resulting in confusion. It also
created an environment in which school systems "pushed the envelope" into
the realm of questionable billing practices.

From this particular work we made observations that apply to Medicaid fraud
and abuse control in general. First, striking a balance between the
stewardship of Medicaid and the need for flexible approaches in dealing with
50-plus Medicaid programs is difficult. However, mindful of that balance,
HCFA is in a position to explore, in partnership with states, the
appropriate level of commitment to preventing and detecting fraud and abuse.
We think this is important because both have a fiduciary responsibility to
administer Medicaid efficiently and effectively.

GAO Contact and Acknowledgments

TC ": RELATED GAO PRODUCTS: " \l 3

Related GAO Products

Financial Management: Increased Attention Needed to Prevent Billions in
Improper Payments (GAO/AIMD-00-10, Oct. 29, 1999).

Health Care: Fraud Schemes Committed by Career Criminals and Organized
Criminal Groups and Impact on Consumers and Legitimate Health Care Providers
(GAO/OSI-00-1R, Oct. 5, 1999).

Medicaid: Questionable Practices Boost Federal Payments for School-Based
Services (GAO/T-HEHS-99-148, June 17, 1999).

Fraud, Waste, and Abuse: The Cost of Mismanagement (GAO/AIMD-98-265R, Sept.
14, 1998).

Nursing Homes: Too Early to Assess New Efforts to Control Fraud and Abuse
(GAO/T-HEHS-97-114, Apr. 16, 1997).

Medicaid Fraud and Abuse: Stronger Action Needed to Remove Excluded
Providers From Federal Health Programs (GAO/HEHS-97-63, Mar. 31, 1997).

Fraud and Abuse: Providers Excluded From Medicaid Continue to Participate in
Federal Health Programs (GAO/T-HEHS-96-205, Sept. 5, 1996).

Medicare and Medicaid: Opportunities to Save Program Dollars by Reducing
Fraud and Abuse (GAO/T-HEHS-95-110, Mar. 22, 1995).

Prescription Drugs: Automated Prospective Review Systems Offer Potential
Benefits for Medicaid (GAO/AIMD-94-130, Aug. 5, 1994).

Medicaid: A Program Highly Vulnerable to Fraud (GAO/T-HEHS-94-106, Feb. 25,
1994).

Medicaid Drug Fraud: Federal Leadership Needed to Reduce Program
Vulnerabilities (GAO/HRD-93-118, Aug. 2, 1993).

(201006)

*** End of document. ***