Daniel R. Levinson
Office of the Inspector General
U.S. Department of Health and Human Services (HHS)
Combating Fraud, Waste, and Abuse in Medicare and Medicaid
The Senate Special Committee on Aging
United States Senate
Wednesday May 6, 2009
Good afternoon Chairman Kohl, Ranking Member Martinez, and distinguished Members of the Senate Special Committee on Aging. I am Daniel Levinson, Inspector General of the U.S. Department of Health and Human Services (HHS). I thank you for the opportunity to discuss the Office of Inspector General’s (OIG) experience in fighting fraud, waste, and abuse in the Medicare and Medicaid programs and OIG’s strategy and recommendations for ensuring the integrity of these vital health care programs.
OIG’s Role and Partners in Protecting the Integrity of Medicare and Medicaid
OIG is an independent, nonpartisan agency committed to protecting the integrity of the more than 300 programs administered by HHS. Approximately 80 percent of OIG’s resources are dedicated to promoting the efficiency and effectiveness of the Medicare and Medicaid programs and protecting these programs and their beneficiaries from fraud and abuse. Thanks to the hard work of our 1,500 employees and our law enforcement partners, from FY 2006 through FY 2008, OIG’s investigative receivables averaged $2.04 billion and its audit disallowances resulting from Medicare and Medicaid oversight averaged $1.22 billion per year. The result was a Medicare- and Medicaid-specific return on investment for OIG oversight of $17 to $1. In addition, in FY 2008, implemented OIG recommendations resulted in $16.72 billion in savings and funds put to better use.
OIG is not alone in the fight to combat fraud and preserve the integrity of Federal health care programs. We work closely with the Department of Justice (DOJ) and our State law enforcement partners, as well as with our colleagues in the Centers for Medicare & Medicaid Services (CMS) and the Food and Drug Administration. The Government’s enforcement efforts in FY 2008 resulted in 455 criminal actions against individuals or entities that engaged in crimes against departmental programs and 337 civil and administrative actions, which included False Claims Act and unjust enrichment lawsuits filed in Federal district court, Civil Monetary Penalties Law settlements, and administrative recoveries related to provider self-disclosure matters. Also in FY 2008, OIG excluded 3,129 individuals and entities for fraud or abuse that affected Federal health care programs and/or our beneficiaries. Common reasons for exclusion included convictions for crimes concerning Medicare or Medicaid, patient abuse or neglect, and license revocation.
The collaborative antifraud efforts of HHS and DOJ are rooted in the Health Insurance Portability and Accountability Act of 1996, P. L. 104-191 (HIPAA), which directed the Secretary of HHS, acting through OIG and the Attorney General, to promulgate a joint Health Care Fraud and Abuse Control (HCFAC) Program. The HCFAC Program and Guidelines went into effect on January 1, 1997. HIPAA requires HHS and DOJ to report annually to Congress on HCFAC Program results and accomplishments. HCFAC Program activities are supported by a dedicated funding stream within the Hospital Insurance Trust Fund.
In its 11th year of operation, the HCFAC Program’s continued success confirms the soundness of a collaborative approach to identify and prosecute health care fraud, to prevent future fraud and abuse, and to protect Medicare and Medicaid beneficiaries. Since its inception, HCFAC Program activities have returned over $11.2 billion to the Medicare Trust Fund. As I will discuss, the Government’s efforts to address durable medical equipment (DME) and infusion fraud in South Florida exemplify the benefits of a collaborative approach. Although I will highlight efforts focused on DME and infusion fraud in a particular geographic “hot spot,” fraud, waste, and abuse occur among all types of health care providers and suppliers and can affect all types of services covered by Medicare and Medicaid in all geographic areas. Although the vast majority of health care providers and suppliers are well-intended, even a small percentage of providers and suppliers intent on defrauding the programs can have significant detrimental effects.
Fraud, Waste, and Abuse Vulnerabilities
The United States spends more than $2 trillion on health care every year. The National Health Care Anti-Fraud Association estimates conservatively that at least 3 percent—or more than $60 billion each year—is lost to fraud. Although it is not possible to measure precisely the extent of fraud in Medicare and Medicaid, everywhere it looks OIG continues to find fraud against these programs. In addition to the enforcement actions cited above, OIG opened 1,750 new health care fraud investigations in FY 2008.
OIG also identifies vulnerabilities that put the programs or beneficiaries at risk of fraud and abuse. For example, in a series of reviews, OIG identified strategies that DME suppliers had used to circumvent billing controls and potentially defraud the program. Medicare regulations require DME suppliers to provide the Medicare provider identifier of the physician who ordered the equipment on the supplier’s claim. Previously, Medicare used unique physician identification numbers (UPIN), and as of May 2008, transitioned to using national provider identifiers (NPI) to identify providers enrolled in Medicare. Requiring the ordering physician’s UPIN (or NPI) on medical equipment claims is intended to indicate that a physician has verified the need for the DME and to enable CMS to determine who prescribed the DME during any post-payment reviews. OIG studies have uncovered: (1) the use of invalid or inactive UPINs, (2) the use of UPINs that belonged to deceased physicians, (3) the improper use of surrogate UPINs, and (4) the use of legitimate UPINs that were associated with an unusually large number of claims. The vulnerabilities that affected UPINs, as well as other challenges, may affect the integrity of the new NPI system. OIG has planned additional work to examine the accuracy and completeness of NPIs.
OIG has identified certain types of DME that are particularly vulnerable to billing abuses. For example, an investigation of a large wheelchair supplier found that the company had submitted false claims to Medicare and Medicaid, including claims for power wheelchairs that beneficiaries did not want, did not need, or could not use. In 2007, the company agreed to pay $4 million and relinquish its right to approximately $13 million in claims initially denied for payment by CMS. Nationally, in 2004, OIG estimated that Medicare and its beneficiaries paid $96 million for claims that did not meet Medicare’s coverage criteria for any type of wheelchair or scooter and that they overspent an additional $82 million for claims that could have been billed using a code for a less expensive mobility device.
Funds improperly paid and excessive reimbursements for certain items and services deplete needed resources from the health care system. CMS has made progress in addressing improper payments; however, billions of dollars are still paid for services that were not properly documented or medically necessary. CMS reports that the improper payments rate for Medicare fee-for-service payments was 3.6 percent, or $10.4 billion in 2008.
OIG reviews have identified Medicare payments for unallowable services, improper coding, and other types of improper payments for various inpatient and outpatient services. Improper payments range from reimbursement for services not adequately documented and inadvertent mistakes to payments that result from outright fraud and abuse. Expenditures for inpatient services, including those provided by inpatient hospitals and skilled nursing facilities, account for one-third of all Medicare expenditures. OIG work has uncovered problems with hospitals taking advantage of enhanced payments by manipulating billing; hospitals reporting inaccurate wage data, which affects future Medicare payments; and inpatient facilities that may be gaming prospective payment reimbursement systems by discharging or transferring patients to other facilities for financial rather than clinical reasons.
OIG also continues to identify vulnerabilities related to certain types of services provided by physicians and other health professionals, including services related to advanced imaging, pain management, and mental health. For example, OIG found that from 1995 to 2005, expenditures for advanced imaging paid under the Medicare Physician Fee Schedule grew more than fourfold, from $1.4 million to $6.2 million. Services provided by independent diagnostic testing facilities (IDTF) accounted for nearly 30 percent of this growth. OIG work has found problems with IDTFs, including noncompliance with Medicare requirements and billing for services that were not reasonable and necessary.
Medicaid services that OIG has found to be particularly vulnerable to inappropriate payments include school-based health services and case management services. For example, in 2006, OIG found that a State Medicaid agency claimed Federal Medicaid funding totaling $86 million for unallowable targeted case management services. In a series of reviews in several States, OIG consistently found that schools had not adequately supported their Medicaid claims for school-based health services and identified almost a billion dollars in improper Medicaid payments.
In addition, OIG has identified reimbursement rates for certain items and services that are too high, resulting in waste and opportunities for fraud and abuse. For example, in 2006, OIG reported that Medicare had allowed, on average, $7,215 for the rental of an oxygen concentrator that costs about $600 to purchase new. Additionally, beneficiaries incurred, on average, $1,443 in coinsurance charges. We determined that if home oxygen payments were limited to 13 months rather than the current 36 months, Medicare and its beneficiaries would save $3.2 billion over 5 years.
In March 2009, OIG reported that Medicare reimbursed suppliers for negative pressure wound therapy pumps based on a purchase price of more than $17,000, but that suppliers paid, on average, approximately $3,600 for new models of these pumps. Negative pressure wound therapy pumps are a type of DME used to treat ulcers and other serious wounds. When Medicare first started covering wound pumps in 2001, it covered only one model, which was manufactured and supplied by one company. Medicare paid for this pump based on the purchase price as identified by that company. In 2005, Medicare expanded its coverage to include several new pump models manufactured by other companies. However, Medicare reimburses suppliers for these new pumps based on the original pump’s purchase price, which is more than four times the average price paid by suppliers.
Reimbursement issues are not limited to payments for DME. For example, OIG estimated that in 2005, Medicare paid $97.6 million for evaluation and management (E&M) services that were included in global fees for eye surgery but not provided during the global surgery periods. Medicare pays global surgery fees that cover the surgical service and the related pre- and post-operative E&M services. These global fees are based in part on CMS’s estimates of the number of pre- and post-operative E&M services typically provided. The global surgery fees did not reflect the number of E&M services provided to beneficiaries because CMS had not recently adjusted its estimates for most of the surgeries included in our review. For some of these global surgery codes, CMS has not updated its estimates of the resources involved with furnishing the service in more than 15 years.
Medicare Fraud and Abuse in South Florida
OIG and our law enforcement partners are focusing antifraud efforts in geographic areas at high risk for Medicare fraud, including South Florida. In 2007, the Government launched in South Florida a Medicare Fraud Strike Force (Strike Force) made up of staff from OIG, the U.S. Attorney’s Office for the Southern District of Florida, the Federal Bureau of Investigation, and DOJ. The Strike Force’s mission is to identify, investigate, and prosecute DME suppliers and infusion clinics suspected of Medicare fraud. As of April 17, 2009, the Strike Force has convicted 146 of its targets and secured $186 million in criminal fines and civil recoveries.
The recent investigation and prosecution of Medcore Group LLC (Medcore) and M&P Group of South Florida (M&P) illustrate some of the Medicare program’s vulnerabilities. Medcore and M&P operated as Miami-based HIV clinics from approximately 2004 through 2006, billed approximately $5.3 million to the Medicare program, and received payments of more $2.5 million. From their inception, Medcore and M&P were set up as criminal enterprises designed to defraud Medicare. The scheme was to submit claims for medically unnecessary HIV infusion and injection treatments. The three owners of Medcore and M&P included a former gas station attendant, a trained cosmetologist, and an individual currently incarcerated for Medicare fraud involving a separate DME company he operated from 2001 to 2003. None had a medical background.
At trial, one of Medcore’s owners, Tony Marrero, testified that the scheme was so profitable so quickly that he became concerned about getting caught and decided to set up a second fraudulent clinic, M&P, in the name of his wife. M&P was located in the same building as Medcore, had the same employees, submitted claims under the Medicare provider number of the same physician, and submitted claims on behalf of six of the same patients. In fact, the same physician was associated with other Miami-area infusion clinics, which billed Medicare for more than $60 million between 2004 and the end of 2005.
Mr. Marerro also testified at trial that he had an arrangement with a pharmaceutical wholesale company to buy invoices that showed the purchase of large amounts of medications, when only small amounts were actually purchased. One of the medical assistants testified that she manipulated the patients’ blood samples to ensure that lab results would appear to support the Medicare claims.
Like many infusion fraud schemes, Medcore and M&P gained the cooperation of patients by giving them kickbacks of up to $200 per visit. Four patients testified that they took kickbacks and never received any medication at the clinics. One patient testified that he used his payments from the clinics to support his cocaine addiction. Another patient testified that he did not have HIV, even though the clinics’ documents showed he was being infused with medication to treat HIV. By the patients’ own admission, they had been receiving kickbacks from numerous Miami clinics for many years.
On March 17, 2009, a Federal jury in Miami convicted two physicians and two medical assistants who worked for Medcore and M&P in connection with the fraud scheme. The Government obtained 6 pleas before trial, resulting in 10 convictions in total.
OIG’s fraud-fighting efforts in South Florida also draw on the expertise of our auditors and evaluators. For example, OIG identified weaknesses in Medicare’s supplier enrollment process and its supplier oversight activities. In 2006, OIG conducted unannounced site visits to 1,581 DME suppliers in South Florida and found that 31 percent did not maintain physical facilities or were not open and staffed during business hours, contrary to Medicare requirements.
OIG’s analysis of Medicare billing patterns in South Florida for inhalation drugs used with DME has uncovered evidence of abusive billing. Despite CMS’s efforts to address inappropriate payments, problems persist. For example, Medicare paid almost $143 million for inhalation drugs in Miami-Dade County alone—an amount 20 times greater than the amount paid in Cook County, Illinois, the county (outside South Florida) with the next highest total payments. However, according to Medicare enrollment data, Cook County is home to almost twice as many Medicare beneficiaries as Miami-Dade County. Medicare’s average per-beneficiary spending on inhalation drugs was five times higher in South Florida than in the rest of the country. Further, 75 percent of South Florida beneficiaries who received a particular inhalation drug, budesonide, had Medicare-paid claims that exceeded Medicare utilization guidelines, compared to 14 percent of beneficiaries in the rest of the country. For 62 percent of South Florida inhalation drug claims, the beneficiaries on these claims did not have a Medicare-billed office visit or other service in the past 3 years with the physician who reportedly prescribed the drug. Finally, 10 South Florida physicians were each listed as the ordering physician on more than $3.3 million in submitted inhalation drug claims in 2007, or an average of $12,000 per day. We have shared with our Office of Investigations and CMS information on providers with aberrant billing patterns for further review and followup.
Similarly, OIG found that CMS has had limited success controlling aberrant billing by infusion clinics. In the second half of 2006, claims originating in three South Florida counties accounted for 79 percent of the amount submitted to Medicare nationally for drug claims involving HIV/AIDS patients and constituted 37 percent of the total amount Medicare paid for services for beneficiaries with HIV/AIDS. However, only 10 percent of Medicare beneficiaries with HIV/AIDS lived in these three counties.
OIG’s Five-Principle Strategy to Combat Health Care Fraud, Waste, and Abuse
For Federal health care programs to serve the medical needs of beneficiaries and remain solvent for future generations, the Government must pursue an effective and comprehensive strategy to combat fraud, waste, and abuse. Based on OIG’s audit, evaluation, investigative, enforcement, and compliance work and experience, we have identified the following five principles of an effective health care integrity strategy.
- Scrutinize individuals and entities that want to participate as providers and suppliers prior to their enrollment in health care programs.
- Establish payment methodologies that are reasonable and responsive to changes in the marketplace.
- Assist health care providers and suppliers in adopting practices that promote compliance with program requirements, including quality and safety standards.
- Vigilantly monitor the programs for evidence of fraud, waste, and abuse.
- Respond swiftly to detected frauds, impose sufficient punishment to deter others, and promptly remedy program vulnerabilities.
These principles provide a useful framework for designing and implementing program benefits and integrity safeguards. When OIG provides CMS with the results of its audits, evaluations, and investigations, these principles are reflected in OIG’s programmatic recommendations and suggested corrective actions. Based on these principles, we offer the following recommendations to strengthen the integrity of Federal health care programs.
1. Scrutinize individuals and entities that want to participate as providers and suppliers prior to their enrollment in health care programs.
As the Medcore and M&P case demonstrates, a lack of effective screening measures gives dishonest and unethical individuals access to a system they can easily exploit. Even after Medcore had billed Medicare for $4 million in fraudulent claims, it was easy for the clinic’s owner to obtain a provider number in his wife’s name for a second clinic, M&P, operating in the same building as Medcore, with the same medical director, employees, and patients. When one of the owners, Mr. Marrero, ultimately sold M&P for $100,000 in cash, he testified that he went to a lawyer’s office so the lawyer could fill out paperwork to put ownership of the clinic in the name of two nominee owners. The sale was structured as a stock sale so that the new “owners” would have 90 days to notify Medicare of the change in ownership, allowing a window of time for the fraud to continue under new “ownership.” In our experience, it is too easy for unscrupulous individuals to recruit nominee owners of fraudulent companies.
Medicare and Medicaid provider enrollment standards and screening should be strengthened, making participation in Federal health care programs as a provider or supplier a privilege, not a right. It is more efficient and effective to protect the programs and beneficiaries from unqualified, fraudulent, or abusive providers and suppliers upfront than to try to recover payments or redress fraud or abuse after it occurs. Greater transparency in the enrollment process will help the Government know with whom it is doing business. Providers and suppliers applying for enrollment in Medicare or Medicaid should be screened before they are granted billing privileges. Heightened screening measures for high-risk items and services could include requiring providers to meet accreditation standards, requiring proof of business integrity or surety bonds, periodic recertification and onsite verification that conditions of participation have been met, and full disclosure of ownership and control interests. The cost of this screening could be covered by charging application fees. New providers and suppliers should also be subject to a provisional period during which they are subject to enhanced oversight, such as prepayment review and payment caps.
2. Establish payment methodologies that are reasonable and responsive to changes in the marketplace.
OIG has conducted extensive reviews of Medicare and Medicaid payment methodologies and has determined that the programs pay too much for certain items and services. As OIG’s reviews of home oxygen equipment and wound therapy pump payments demonstrated, when reimbursement methodologies do not respond effectively to changes in the marketplace, the program and its beneficiaries bear the cost. As the experience of South Florida illustrates, excessive payments are also a lucrative target for criminals. These criminals can reinvest some of their profit in kickbacks for additional referrals, thus using the program’s funds to perpetuate the fraud scheme.
We support efforts to pay appropriately for the items and services covered by Federal health care programs. Medicare and Medicaid payments should be sufficient to ensure access to care without wasteful overspending. Payment methodologies should also be responsive to changes in the marketplace, medical practice, and technology. Although CMS has the authority to make certain adjustments to fee schedules and other payment methodologies, for some changes, congressional action is needed.
3. Assist health care providers and suppliers in adopting practices that promote compliance with program requirements.
Health care providers and suppliers must be our partners in ensuring the integrity of Federal health care programs and should adopt internal controls and other measures that promote compliance and help prevent, detect, and respond to health care fraud, waste, and abuse. To this end, OIG has published on its webpage extensive resources to assist industry stakeholders in understanding the fraud and abuse laws and designing and implementing effective compliance programs. These resources include sector-specific Compliance Program Guidance that describes the elements of an effective compliance program and identifies risk areas; advisory opinions; and fraud alerts and bulletins.
In many sectors of the health care industry, such as hospitals, compliance programs are widespread and often very sophisticated; other sectors have been slower to adopt internal compliance practices. Compliance programs not only benefit the Federal health care programs; they also benefit industry stakeholders by improving their business practices, by fostering early detection and correction of emerging problems, and by reducing the risk that they will become the subject of a whistleblower complaint or fraud prosecution.
States also have begun to recognize the value of compliance systems. For example, New York now requires providers and suppliers to implement an effective compliance program as a condition of participation in its Medicaid program. Medicare Part D also requires that prescription drug plan sponsors have compliance plans that address eight required elements.
Although compliance programs do not guarantee reduced fraud and abuse, they are an important component of a comprehensive government-industry partnership to promote program integrity. We recommend that providers and suppliers should be required to adopt compliance programs as a condition of participating in the Medicare and Medicaid programs. OIG has gained extensive experience with compliance programs through its industry guidance initiatives described above and through the negotiation and monitoring of corporate integrity agreements with providers and suppliers that have entered into settlements to resolve civil and administrative Federal health care program investigations. CMS should consult with OIG on the standards for mandatory compliance programs.
4. Vigilantly monitor the programs for evidence of fraud, waste, and abuse.
The health care system compiles an enormous amount of data on patients, providers, and the delivery of health care items and services. However, Federal health care programs often fail to use claims-processing edits and other information technology effectively to identify improper claims before they are paid and to uncover fraud schemes. For example, Medicare should not pay a clinic for HIV infusion when the beneficiary has not been diagnosed with the illness, pay twice for the same service, or routinely process claims that rely on the provider identifiers of deceased physicians. Better collection, monitoring, and coordination of data would allow Medicare and Medicaid to detect these problems earlier and avoid making improper payments. Moreover, more effective use of data would enhance the government’s ability to detect fraud schemes – such as the South Florida DME and inhalation drug schemes – more quickly.
CMS is taking significant steps to enhance the data available to monitor payment accuracy and internal controls. For example, CMS is working to develop a centralized data repository as part of its One Program Integrity System Integrator (One PI), which would warehouse data on Medicare Parts A, B, and D and on Medicaid. However, the target implementation date for One PI has been delayed, and it is not clear when the system will be complete and operable. In addition, national Medicaid claims data are limited in their capacity to support program integrity and oversight activities. Limitations include the following: some essential data elements, such as provider identification information, are not captured; data are updated quarterly, limiting the ability to analyze national data in real time; and CMS’s process for collecting and validating the States’ Medicaid data files can take as long as 2 years, making the final data outdated for certain program integrity activities. CMS is working to expand the Medicaid data elements that it captures.
In addition to structural improvements to the data systems, real-time access to all relevant Medicare and Medicaid data by law enforcement is critical to the success of the antifraud effort. Currently, law enforcement receives data weeks or months after claims have been filed, making it more difficult to detect and thwart new scams. It is essential that law enforcement have real-time access to Medicare and Medicaid program data. In addition, we recommend that Congress authorize OIG to streamline the process for matching Medicare data to other relevant databases, such as Medicaid data obtained from States and data from the Social Security Administration. We also recommend the consolidation and expansion of the various provider databases, including the Health Care Integrity and Protection Data Bank, the National Practitioner Data Bank, and OIG’s List of Excluded Individuals/Entities. Providing a centralized, comprehensive, and public database of adverse actions and other sanctions imposed on individuals and entities would be an effective means of preventing providers and suppliers with problem backgrounds from moving from State to State unnoticed by licensing, government, and health plan officials.
5. Respond swiftly to detected fraud, impose sufficient punishment to deter others, and promptly remedy program vulnerabilities.
Our investigations have found evidence of an increase in organized crime in health care. Health care fraud is attractive to organized crime because the penalties are lower than those for other organized-crime-related offenses (e.g., offenses related to illegal drugs); there are low barriers to entry (e.g., a criminal can easily obtain a supplier number, gather some beneficiary numbers, and bill the program); schemes are easily replicated; and there is a perception of a low risk of detection. We need to alter the cost-benefit analysis by increasing the risk of swift detection and the certainty of punishment.
As part of this strategy, law enforcement must accelerate the Government’s response to fraud schemes. The Government’s Strike Force model has proved highly successful. In addition to prosecuting criminals and recovering funds for the Medicare Trust Fund, the South Florida Strike Force has had a powerful sentinel effect. Medicare claims data show that during the first 12 months of the Strike Force (March 1, 2007, to February 29, 2008), claim amounts submitted for DME decreased by 63 percent to just over $1 billion from nearly $2.76 billion during the preceding 12 months.
Although resource intensive, the strike force is a powerful antifraud tool and represents a tremendous return on the investment. Building on the success of the South Florida Strike Force, in March 2008, DOJ and OIG created a second Strike Force in Los Angeles. Since operations began, the Strike Force has opened 46 cases and is targeting individuals and organizations that collectively have submitted more than $33 million in fraudulent claims to the Medicare program. The schemes include false claims for wheelchairs, orthotics, and other DME that was medically unnecessary and/or was not provided to the beneficiaries identified in claims.
OIG uses a range of administrative sanctions, including civil money penalties (CMP) and program exclusions, as an adjunct to criminal and civil enforcement. OIG has identified a number of enhancements to these administrative authorities that, if mandated by Congress, would increase our ability to address emerging schemes, such as authorizing CMPs for the intentional submission of erroneous data used to set Medicare payment and a CMP for the ordering or prescribing of items or services by an excluded person.
OIG and its law enforcement partners are implementing a comprehensive strategy to combat fraud, waste, and abuse in Federal health care programs. However, sophisticated health care fraud schemes increasingly rely on falsified records, elaborate business structures, and the participation of health care providers, suppliers, and even beneficiaries to create the false impression that the Government is paying for legitimate health care services. In addition, improper payments and misaligned reimbursement rates waste scarce health care resources. The principles described above provide the framework to identify new ways to protect the integrity of the programs, meet needs of beneficiaries, and keep Federal health care programs solvent for future generations.
Last revised: April 19, 2011