DHHS Eagle graphic
ASL Header
Mission Nav Button Division Nav Button Grants Nav Button Testimony Nav Button Other Links Nav Button ASL Home Nav Button
US Capitol Building
HHS Home
Contact Us
dot graphic Testimony bar

This is an archive page. The links are no longer being updated.

Testimony on Medicare and Medicaid Fraud
by Penny Thompson, Program Integrity Director,
Health Care Financing Administration
U.S. Department of Health and Human Services

before the House Budget Committee Health Care Task Force

July 12, 2000

Chairman Chamblis, Representative McDermott, distinguished Task Force members, thank you for the opportunity to discuss our efforts to promote and protect program integrity in Medicare and Medicaid. I would also like to thank our General Accounting Office (GAO) and HHS Inspector General (IG) colleagues for their ongoing assistance in these efforts.

Since the Clinton Administration took office, we have made paying right and fighting fraud, waste, and abuse one of our top priorities. We began with the Operation Restore Trust initiative to coordinate efforts among Medicare, Medicaid, and law enforcement agencies on known problems areas. Lessons learned in that highly successful project are now standard operating procedure throughout our agency. The result is record success in assuring proper payments to honest providers and penalties for problem providers. To build on this success, we have implemented an agency-wide Comprehensive Plan for Program Integrity with clear objectives, such as increasing the effectiveness of medical review, targeting known problem areas, and increasing efforts to help providers comply with program rules.

Efforts to measure payment errors are an integral part of our program integrity agenda. While no measurement tool is perfect, findings from the national Medicare error rate estimate conducted each year since 1996 have played an essential role in directing us to areas that most need attention and guiding our corrective actions. We are now increasing efforts to measure errors in both Medicare and Medicaid. In Medicare, we are developing error rates for each of the contractors who process claims.

In Medicaid, we are working with States as they begin to conduct error rate measurements, and to determine whether a common methodology that would allow for valid State-to-State comparisons and national estimates is feasible. We have several other efforts underway to assist States in promoting Medicaid program integrity. We have conducted seminars around the country to explore the challenges States face in these efforts. And just last month we held a special conference on how information technology can help fight fraud, waste, and abuse.

In all these efforts it is essential to stress that measurement of payment errors is a developing science, and we are learning as we proceed. It is also important to understand that measurement of payment errors, most of which are honest mistakes, is not measurement of fraud, which would be far more challenging given the covert nature and legal definition of fraud. There also is a critical need to overcome the common tendency to "shoot the messenger," which can complicate and hinder efforts to measure and address payment errors.

Promoting Medicaid Program Integrity

We fight fraud, waste, and abuse in Medicaid in partnership with States, beneficiaries, providers, contractors, and federal agencies. We provide funding and technical assistance and oversee States in their efforts to ensure that taxpayer dollars are spent appropriately. Special federal matching funds are available for State Medicaid fraud control units. These fraud control units are usually located in the State Attorney General’s office and generally perform both investigatory and prosecutorial functions. Forty-seven States have established such units to investigate allegations. In States without fraud control units, the Medicaid agency is responsible for investigating allegations and referring cases to the appropriate authorities.

Some States are making good progress in making sure that their Medicaid programs protect taxpayer dollars. However, we all agree that more needs to be done, and we are committed to repeating and building upon this success across the country. To that end, we have established a Medicaid Fraud and Abuse Control Technical Advisory Group, in which State and federal technical staff work together to advance program integrity issues.

To further these efforts, we hired a nationally recognized expert in health care fraud issues, Dr. Malcolm Sparrow of Harvard University’s Kennedy School of Government, to conduct a series of seminars across the country where State program integrity personnel came together to discuss their successes, challenges, and concerns. High-level representatives from 49 States and numerous Federal agencies and Departments participated, and Dr. Sparrow produce a report on what we learned at the seminars. On May 2 of this year we held a Medicaid Fraud and Abuse Commitment Conference to focus on Dr. Sparrow’s findings. Three essential themes emerged from the seminars:

  • There are unique issues within managed care.
  • There are substantial information technology issues.
  • There is a need for building commitment at the State level.

Managed Care

More than half of Medicaid beneficiaries across the country are now in some form of managed care, and managed care presents unique program integrity challenges. Many States are still learning how to address these challenges, and some are fighting the misconception that managed care somehow does away with program integrity issues. And there is a well-recognized need to improve the quality of managed care contracts to promote and protect program integrity.

To help States address these issues, we have sponsored a series of workshops, dating back to 1997, to bring State managed care staff together with utilization and review directors and fraud control unit directors. These workshops focused on how fraud manifests differently within the managed care setting and how programs to address it should be structured. They also featured "negotiating sessions" among State delegations and resulted in written agreements on how to work more cooperatively and effectively together.

We also have worked with State Medicaid agencies and fraud control units to develop Guidelines for Addressing Fraud and Abuse in Medicaid Managed Care. The guidelines focus on:

  • key components of an effective managed care fraud control program;
  • data needed to detect and prosecute managed care fraud;
  • how to report managed care fraud;
  • suggested language for managed care contracts and waivers; and
  • the roles of HCFA, State Medicaid agencies and fraud control units, managed care organizations, and the IG.

We hope to have these guidelines to the States later this year.

We also have developed a draft model Medicaid Managed Care Compliance Plan for States that is similar to our compliance plan for Medicare+Choice plans. Compliance programs help establish and promote awareness of applicable program regulations and to define a standard of organizational values regarding regulatory compliance. Effective compliance programs include:

  • Standards and Procedures: The organization must establish relevant compliance standards and procedures to be followed by its employees and other agents that are reasonably capable of reducing the prospect of criminal conduct.
  • High Level Oversight and Delegation of Authority: Specific high-level personnel must be assigned overall responsibility to oversee compliance with such standards and procedures.
  • Employee Training: The organization must communicate effectively its standards and procedures to all employees and agents, for example by requiring participation in training programs or by disseminating publications that explain what is required.
  • Monitoring and Auditing: The organization must take reasonable steps to achieve compliance with its standards, for example by utilizing monitoring and auditing systems and by having a system for reporting criminal conduct without fear of retribution.
  • Enforcement and Disciplinary Mechanisms: The standards must be consistently enforced through appropriate disciplinary mechanisms, including discipline for the failure to detect an offense.
  • Corrective Actions and Prevention: After an offense has been detected, the organization must take all reasonable steps to respond appropriately and prevent similar offenses.

We are considering whether to mandate, in final Medicaid managed care regulations, that plans participating in Medicaid have compliance programs in place.

Information Technology

Better data systems are key to improving efforts to fight Medicaid fraud, waste, and abuse. But many States have inadequate technological infrastructures and a basic inability to interrogate databases efficiently to ferret out improper claims. A number of States indicate that they need better, more targeted data, to pinpoint areas most likely to foster problems, as well as guidance and technical assistance on acquiring new data systems and other fraud and abuse detection tools.

To address this, we collaborated last month with the Department of Justice to conduct a conference on the role of information technology in promoting Medicaid program integrity. The conference had nearly 300 attendees from all across the country, and served as a highly interactive information exchange on electronic tools, techniques, and approaches for combating health care fraud and abuse. Robust discussions focused on the need for wider understanding of the technological tools available, funding to procure such tools, sources of data and how to access them, legal means for sharing data, and privacy issues. Nearly 30 vendors displayed some of the latest fraud detection tools available in the marketplace. We plan to follow up on this conference by producing a report of the proceedings with recommendations for future steps, including the possibility of forming regional or national technology user groups.

In addition, our Technical Advisory Group is addressing data issues. It is preparing an educational packet that identifies various reporting requirements and suggestions for how States can implement them. It also will disseminate information to all States on Medicare-Medicaid data sharing rules.

We also recently developed a national fraud and abuse electronic bulletin board, co-sponsored by the American Public Human Services Association, to allow States to exchange and share information on fraud and abuse related issues. And we are modifying our National Fraud Investigation Database to include Medicaid cases, which will further help in tracking down and stopping unscrupulous providers across the country.


States have primary responsibility for protecting Medicaid program integrity. While some States are having success, the seminars made clear that, in many States, the nature and magnitude of the Medicaid fraud problem is still not properly understood. In some States it may not even be treated as a serious or central issue in program administration.

We are taking several steps to help States meet this challenge and understand their obligation to ensure that taxpayer dollars are spent properly. For example, we have developed and posted on our cms.hhs.gov website a comprehensive listing of State statutes that target Medicaid fraud. This allows States to access and share innovative and effective program integrity legislation. The website also includes detailed contact information for State program integrity personnel and individual State legislation web sites.

We also have worked closely with the IG to clarify how States can ensure that payments are not made to providers who have been "excluded" from Medicare and Medicaid because of program integrity or other problems. Guidance for States now clearly addresses the specifics of what must be reported to whom, when, and where, as well as how to enforce exclusions, and the consequences for States that fail to comply. We are also working to help States enhance their processes for identifying excluded providers.

Measuring Payment Errors

Still, each State needs to be held accountable for protecting taxpayer dollars and meeting concrete goals and objectives for improvement in the fight against fraud, waste, and abuse. Error rates are essential for accurately determining the extent of improper payments and assessing any improvement in preventing them.

Four years ago, we worked with the IG to break new ground in developing a systematic, statistically valid estimate to assess the accuracy of payments. We did not want to merely examine whether claims processing systems were working correctly—avoiding duplicate payments, payments to ineligible providers or beneficiaries, or incorrectly calculated payment amounts. We wanted to examine in a statistically valid way whether payment was made for a service that met all requirements for documenting the service, coding it correctly, and representing medically necessary care. To do this, obtaining medical records is key. Other kinds of verification, such as contact with the Social Security Administration to verify beneficiary enrollment, and visits with beneficiaries designated as "homebound," also are important.

This systematic, statistically valid estimate was a great leap forward. Estimates of Medicare payment errors, done by the IG each year since 1996, have greatly aided us in improving our management of the program. They have provided us with a meaningful benchmark from which we have tracked our success—showing a decrease in improper payments of almost half since 1996. We also found interesting results that confirmed the validity of this approach. Indeed, the vast majority of errors we detect using this approach are found only through examination of medical records. Few errors are related to our claims processing systems, or detectable based on the data on the face of the claim. Few are related to third party verification or beneficiary contact.

In fact, medical records are by far the most important source of information on whether payment is made properly. While this methodology is not perfect or the only one we could have devised, it has been a valuable tool to evaluate and measure the effectiveness of our internal controls.

However, every methodology has its limitations. One limitation is that the national estimate is too broad to allow discrete judgments about where the largest problems reside, or what targeted interventions would have the most impact. As a result, after several years of experience with the national error rate program, we developed two new projects for Medicare—the Payment Error Prevention Program (PEPP) and the Comprehensive Error Rate Testing program (CERT). We designed PEPP and CERT to develop more targeted error rate estimates in States (for inpatient hospital discharges) and at claims processing contractors (for all other services). They are largely consistent with the way we calculate errors in the overall national error rate, but contain some important adjustments.

For example, rather than measuring only net errors (overpayments minus underpayments), we want to measure absolute errors (overpayments plus underpayments). In implementing CERT, we will use just one national contractor to review medical records, to ensure consistency and facilitate our oversight. These additional efforts will provide us additional useful information for making interventions to address payment problems, and represent step-by-step building on our collective efforts over time.

Measuring Fraud

It is essential to stress that these measurements are of payment errors, most of which are honest mistakes by well-intentioned providers. These are not measurements of fraud. Certain kinds of fraud—such as falsification of medical records—probably would not be detected through current methodology. And other kinds of fraud—on cost reports, for example—are not detectable in a claims-based sampling environment.

Fraud measurement is, in fact, uncharted territory. Our progress in pioneering payment accuracy projects might not even be directly relevant to helping us navigate this new territory. Some experts suggest that a statistically valid estimate of fraud might not be possible at all, given the covert nature and level of evidence necessary to meet the legal definition of fraud. And methods to establish fraud might be considerably different than those used to detect other payment errors.

For example, given the importance of establishing patterns, it might be more reliable to sample providers rather than individual claims. And, to minimize the concern about manufactured records, it might be necessary to conduct unannounced visits to providers, or provide very little notice. More direct contact with beneficiaries to verify the provision of the services billed also may be warranted.

All of these approaches, while potentially useful, are themselves unproven as reliable, valid measures in establishing the probability of fraud. The State of Illinois did establish direct contact with beneficiaries to verify claims as part of its 1998 payment accuracy project.

But in reporting on this effort, the investigators stressed that "this study was designed to measure payment accuracy. It was never intended to measure a fraud rate. Indeed, we are not sure that is even possible." They go on to say that establishing a fraud rate "would have required, at a minimum, conducting a criminal investigation on each service in the sample. Even then, we would not have been certain that every potentially fraudulent claim would be detected..."

We have found beneficiary contact in known Medicare problem areas, such as durable medical equipment or home health, to be quite useful. However, few investigations based on the hundreds of thousands of beneficiary calls we receive regarding suspected fraud result in any payment adjustments because discussion with the beneficiary and/or provider sufficiently explain the situation. Since these contacts with beneficiaries are initiated by them, we could expect "cold calls" outside of known problem areas to yield fewer instances of potential fraud.

Provider-based sampling has certain advantages methodologically, but creates great tension in the provider community, especially when combined with unannounced visits or interviews with employees. The benefits of such an approach, as weighed against the actual and unintended costs, have not yet been thoroughly researched, and care must be taken in assessing how such efforts would be viewed by providers. Already sensitive to random review of claims, in which we ask for additional documentation to support the claim, providers are very likely to object strenuously to greater invasions.

Also, since most providers are honest, the number of providers to be randomly sampled and the depth of investigation necessary to establish a statistically valid fraud rate would entail substantial costs. Profiling, i.e., the use of analytical tools to detect patterns which might be indicative of fraud, might provide an alternative to random sampling. And it is a valuable tool that we already use to detect fraud in both Medicare and Medicaid. However, it is not clear that it could provide a statistically valid measurement of fraud.

Error Measurement in Medicaid

All of this experience has provided a backdrop to informing our approach to dealing with States on Medicaid payment accuracy projects. We are very supportive of States’ efforts in this arena, and believe that measurement programs are an essential part of proper fiscal management of Medicaid. Some States have already attempted such measurement. The Illinois Department of Public Aid, in 1998, conducted what it believes was the first comprehensive payment accuracy review of any State Medicaid program. The Kansas Medicaid agency conducted a similar review in 1999. And, pursuant to State law, the Texas Comptroller, in 1998, conducted the first of what will be biennial Medicaid payment accuracy reviews. In addition, Alabama, North Carolina, Missouri, and Ohio State audit agencies have performed limited reviews in one or several recent years to measure the accuracy of Medicaid payments.

To advance these efforts, we sent a national review team to conduct a targeted evaluation of anti-fraud efforts in eight States (Illinois, Wyoming, Oklahoma, Virginia, Vermont, Georgia, Nebraska and Nevada) selected to represent a cross-section of State Medicaid programs. These reviews were completed last month and will help provide an accurate assessment of where States are, what barriers may hinder their progress, and what most needs to be done to ensure substantial, measurable improvement.

However, it is clear from that start that the nature and structure of the Medicaid program presents different challenges and opportunities for both Federal and State partners in such measurements. Each State Medicaid program has unique eligibility and coverage rules, and other variables.

That makes development of a statistically valid, common methodology that could be used by all States particularly challenging. Such a common methodology would have substantial advantages in allowing State-to-State comparisons and a national payment accuracy rate to be constructed. Determining whether a common methodology is feasible is a high priority for us, and we have made it one of our Government Performance and Results Act goals.

To help us in this effort, we are requesting $3.5 million from the Health Care Fraud and Abuse Control Program for FY 2001 to:

  • provide incentive grants to several States to conduct payment accuracy studies and assess the feasibility of establishing a standard methodology;
  • contract with an outside audit/consulting firm to assess State and Medicare program payment accuracy study experience to date, work with the pilot States, and develop appropriate measurement methodologies; and
  • hire expert analysts to staff this initiative.

If development of a common methodology does not prove to be feasible, we want to help States develop measurement tools that they can tailor to their own programs to help reduce inaccurate payments, recover overpayments, and target reviews on the specific providers or services that are most problematic.

At the least, guiding principles, definitions, and reporting protocols should be developed so that stakeholders can easily understand, interpret, and draw proper conclusions about each State’s approach. We expect that our Technical Advisory Group can help develop these important tools.

We also would like to see groups of States bind together to assess certain benefit areas. For example, it would be very useful for several States with differing payment rules, provider enrollment processes, and administrative review procedures to examine payment errors in a given benefit area, such as transportation or home health The results would not only be useful for each individual State, but also to the system as a whole. Regression analysis and other techniques could be used to isolate variables that are most, or least, related to payment accuracy.

We also believe it is very important that States understand that they will be rewarded and respected for undertaking these long overdue efforts to measure and prevent payment errors. Unfortunately, as we have found in Medicare, such efforts are sometimes greeted with scorn and retribution despite the large amounts of taxpayer dollars in need of protection.

We are encouraged that a number of States have agreed to work with us on these issues and participated in discussions on this topic at our recent information technology conference.


We have been working diligently to improve our payment error measurement systems and to help States fight Medicaid fraud, waste, and abuse. We are providing States with information, tools, and training to build effective program integrity infrastructures. And we are building a basis for holding States accountable for measurable improvement.

We look forward to continuing to work with our GAO and IG colleagues, other experts, and Congress to meet these detection, measurement, and administrative challenges. We welcome your assistance. Specific answers to the questions you asked us to address at this hearing are attached, and I am happy to answer any additional questions.

HHS Home (www.hhs.gov) | Topics (www.hhs.gov/SiteMap.html) | What's New (www.hhs.gov/about/index.html#topiclist) | For Kids (www.hhs.gov/kids/) | FAQs (answers.hhs.gov) | Site Info (www.hhs.gov/SiteMap.html) | Disclaimers (www.hhs.gov/Disclaimer.html) | Privacy Notice (www.hhs.gov/Privacy.html) | FOIA (www.hhs.gov/foia/) | Accessibility (www.hhs.gov/Accessibility.html) | Contact Us (www.hhs.gov/ContactUs.html)