This is an archive page. The links are no longer being updated.

Testimony on the Fiscal 1998 Chief Financial Officer's Audit of HCFA by Mike Hash
Deputy Administrator, Health Care Financing Administration
U.S. Department of Health and Human Services

Chairman Horn, Congressman Turner, distinguished Subcommittee members, I am pleased to have this opportunity to discuss the findings of the fiscal 1998 Chief Financial Officer's (CFO) audit of the Health Care Financing Administration by the Department of Health and Human Services Inspector General. This is the third such comprehensive audit, which looks at our financial statements and whether we pay claims properly. We are grateful for the valuable insights these audits provide and are making substantial improvements because of them.

This year's audit shows that the Medicare payment error rate is still too high. We are pleased that we have cut the error rate in half in just two years, from 14 percent to 7 percent. However, that 7 percent represents some $12.6 billion taxpayer dollars, which we all agree is simply unacceptable. We must be diligent in sustaining and increasing the improvement. To do that, we have a number of initiatives under way and have initiated a comprehensive program integrity plan. We look forward to your continued support in these efforts.

We would not have come so far without the support of this Committee and Congress. We are particularly grateful for the steady program integrity funding provided under the Health Insurance Portability and Accountability Act (HIPAA) that allows us to plan and maintain comprehensive program integrity efforts. The Balanced Budget Act also provided essential tools to protect program integrity and fight fraud, waste, and abuse.

We are also pleased that this year's audit found that only one remaining problem area, contractor accounts receivable, prevents us from receiving an unqualified opinion. While we are working with the Inspector General's office to develop a short term solution to put in place for next year's audit, a full remedy involves systems changes that must be delayed until we have cleared the Year 2000 computer challenge.

The audit was conducted with our full cooperation and we welcome the Inspector General's findings. These audits provide a valuable roadmap directing us to areas that need attention. The findings in the previous audits helped us improve our accounting systems and highlighted areas in which our operations could be strengthened. As a result, we have cleaned up our accounts payable and Social Security Administration receivable problems and made other necessary corrections.

Paying Right

Since the Clinton Administration took office, the Department of Health and Human Services has taken numerous steps to implement a "zero tolerance" policy for waste, fraud and abuse. To do this, we must assure that we pay the right amount, to a legitimate provider, for covered, reasonable and necessary services for an eligible beneficiary. Achieving this goal is one of our top priorities at HCFA. With help from Congress, providers, beneficiaries, and our many other partners, we have achieved record success in assuring proper payments. We have also made considerable progress in fighting fraud by increasing investigations, indictments, convictions, fines, penalties, and restitutions.

In February, we released a Comprehensive Plan for Program Integrity. Its development began one year ago when we sponsored an unprecedented national conference on fraud, waste, and abuse in Washington, D.C., with broad representation from our many partners in this effort. The bulk of the conference consisted of discussions on how we could build on the highly successful Operation Restore Trust demonstration project, in which we increased collaboration with law enforcement and other partners to target known problem areas. Groups of experts from private insurers, consumer advocates, health care provider groups, state health officials and law enforcement agencies were invited to share successful techniques and explore new ideas. Their discussions were synthesized and analyzed to determine the most effective strategies and practices already in place, and the new ideas that deserve further exploration. The result is a Comprehensive Program Integrity Plan with several clear objectives. These objectives include:

Increasing the Effectiveness of Medical Review and Benefit Integrity Activities. Medical review activities, where physicians review medical records to ensure that claims are correct, include all actions taken by contractors to determine whether a particular service was medically necessary and was appropriately provided. Benefit integrity activities, such as data analysis and complaint investigation, allow us to identify and pursue improper billers. The first initiative under our Comprehensive Plan includes:

• Tightening the performance standards for, and evaluation of, contractor medical review and benefit integrity units;
• Conducting training by the HHS Inspector General's office for 500 HCFA and Medicare contractor staff to improve the quality of information included in any referrals of cases of suspected fraud by HCFA contractors to the Inspector General.
• Engaging independent contractors to evaluate key medical review processes.

Implementing the Medicare Integrity Program. This allows us to hire special contractors who will focus solely on program integrity, as authorized under the Health Insurance Portability and Accountability Act. We are now reviewing public comments on a proposed regulation for how these contracts will work. Until now, only insurance companies who process Medicare claims have been able to conduct audits, medical reviews, and other program integrity activities. Under the new authority, we can contract with many more firms who can bring new energy and ideas to this essential task. We expect to have four new types of contractors:

• Payment Safeguard Contractors will focus on medical review, fraud case development, cost report audits and related program safeguard functions as needed;
• a Coordination of Benefits Contractor will consolidate all activities associated with making sure Medicare does not pay for claims when other insurers are liable;
• a Statistical Analysis Contractor will provide a comprehensive on-going analysis of trends, utilization data and other information which helps detect fraud, waste, and abuse; and,
• Managed Care Integrity Contractor(s) will target the issues that are unique to health plans.

We have already issued one Program Safeguard Contract solicitation to establish a multiple awards contract for these activities, and expect to have a schedule of approved contractors shortly. Once established, the multiple awards contract will allow us to issue Task Orders for any or all program integrity activities. This way we can have a pool of contractors available to undertake the work before we solicit proposals for specific contractors' workloads. This lets us experiment with various configurations of program integrity activities, and provides flexibility that will help mitigate risk related to the Year 2000 issue and other challenges. We also will be able to turn to these contractors when various situations arise, such as the appearance of new scams or the departure of another contractor.

Proactively Addressing the Balanced Budget Act. This law created several new programs, benefits, and payment systems which all create new vulnerabilities. We are Acting to address potential program integrity problems before they occur for:

• diabetes self-management, mammography screening, prostate cancer screening, and osteoporosis screening benefits;
• reimbursement changes for physicians Assistants and nurse practitioners;
• the prospective payment system for skilled nursing facilities; and
• the Children's Health Insurance Program.

Promote Provider Integrity. We intend to make clear that we do not simply pay bills, but enter into agreements to do business with providers. To do so, we will:

• step up efforts to educate providers on how to comply with program rules;
• increase the number of unannounced onsite visits; and
• publish a proposed regulation to establish clear enrollment requirements, including conditions under which we will deny or revoke billing privileges.

Prepare for the Year 2000 Computer Issue. We have special work groups exploring how the millennium problem could affect program integrity efforts. They are evaluating the function, value, and Year 2000 risks for each of our efforts, and are developing a plan to mitigate or circumvent any problems if they do arise.

Target Known Problem Areas. These include inpatient hospital care, managed care, congregate care (delivered in settings such as assisted living facilities), nursing homes, and community mental health centers.

• Inpatient Hospital Care. We will step up efforts to investigate, correct, and prevent problems documented in audits of Medicare, such as providing unnecessary or uncovered services, failing to properly document care, and coding claims incorrectly.
• Managed Care. As mentioned above, we will hire a special program integrity contractor to focus on managed care, where fraud, waste, and abuse are more likely to involve inadequate care, avoiding enrollment of high-cost patients, and misrepresenting data on which payment rates are based. We expect such contractors to verify data, review beneficiary appeals to ensure that access to care is not denied inappropriately, and monitor plan compliance with Medicare rules.
• Congregate Care. Beneficiaries in nursing homes, assisted living centers or adult day care facilities are easy targets because there is easy access to large numbers of beneficiary billing numbers. Unscrupulous providers conduct Agang visits" in which all beneficiaries receive a service or supply whether they need it or not, or they submit bills for every beneficiary without furnishing anything at all. They also submit duplicate bills to both Medicare and other payers for services that only one payer should cover. We will mount Operation Restore Trust style projects to fight these types of scams. We also will work to anticipate shifting incentives for congregate care fraud, waste, and abuse as we move to more prospective payment systems.
• Nursing Homes. As one of our original Operation Restore Trust focus areas, much is already underway to fight fraud, waste, and abuse and improve the quality of care. We will continue our initiative, announced by the President this past summer. Last month, we announced a number of steps that build on the President's initiatives to promote quality care for 1.6 million elderly and disabled Americans in nearly 17,000 nursing homes. These steps include a new regulation that subjects nursing homes with problems to tougher fines; instructions to states to investigate complaints about harm to nursing home residents more quickly; a national campaign to prevent neglect and abuse of nursing home residents; and a website link at www.medicare.gov aimed at getting comparative information about nursing homes to families. We will continue to develop Operation Restore Trust style projects targeted on specific nursing home fraud, waste, and abuse problems.
• Community Mental Health Centers (CMHCs). As another of our earlier Operation Restore Trust focus areas, much is already being done to stop abuses in this area, as well. We have a 10-point action plan underway which first and foremost ensures that beneficiaries who need intensive psychiatric services get them from qualified providers. We are doing so through coordination with other agencies, providers, and advocacy groups. This beneficiary protection is essential as we terminate the worst offenders and work aggressively to bring others into compliance with all rules and regulations. We are increasing claims review and developing a prospective payment system that will eliminate incentives for inappropriate, unnecessary or inefficient care. We also are increasing scrutiny of new applicants and requiring site visits nationwide to ensure that they meet all of Medicare=s core requirements. Already this year we have denied Medicare participation to more than 100 applicants because they failed to provide all the required services. President Clinton is seeking legislation to strengthen CMHC enforcement activities by: authorizing fines for falsely certifying a beneficiary=s eligibility for partial hospitalization services; prohibiting partial hospitalization services from being provided in a beneficiary=s home or other residential setting; and authorizing the Secretary to set additional requirements for CMHCs to participate in the Medicare program.

AUDIT FINDINGS

In conducting the CFO audit, the Inspector General found that our contractors paid the vast majority of claims correctly based on the information submitted by providers on claims. The estimated error rate was determined by visiting HCFA contractors, requesting supporting documentation from providers, and reviewing the medical records of 5,540 fee-for-service claims paid in fiscal 1998 for 600 beneficiaries. Of these, 915 should not have been paid. The error rate identified in the audit could only be found by manually reviewing supporting documentation and medical records from providers. This is a very expensive, labor intensive process, and we do not have resources for such extensive investigation of every claim.

In the case of the 915 erroneous claims, the auditors found that the providers had not demonstrated that the claim was in accordance with Medicare laws and regulations. By projecting these results to the entire universe of Medicare claims, the Inspector General arrived at a midpoint estimate of $12.6 billion in improper payments nationwide or about 7.1 percent of the total Medicare fee-for-service benefit payments. Due to the limited size and variance of the sample, however, the true level of improper payments could range from 4.4 to 9.9 percent.

Documentation Errors represented the most dramatic improvement in this year's audit. They had been the single largest factor in our error rate in past audits, and have declined by almost 80 percent from fiscal 1996 to fiscal 1998. They now account for approximately 17 percent of the claim errors. Documentation errors occur when the records are not sufficient to justify a claim. The drop is primarily attributed to HCFA's enhanced claims review activities; and HCFA and Inspector General outreach efforts. As part of that, I would especially like to thank the provider groups with whom we have worked to educate their members on the importance of documenting and filing claims correctly.

Lack of Medical Necessity is the largest factor identified as resulting in improper payments in fiscal 1998. Over one-half of the erroneous claims fell into this category, which covers situations in which the medical records contained sufficient documentation to allow professional medical review staff to determine that the services were, in fact, not medically necessary. Even here, however, we have shown improvement - a nearly 20 percent decline in erroneous payments due to medical necessity between fiscal 1996 and fiscal 1998.

Incorrect Coding is another problem identified by the CFO audit. These types of errors accounted for approximately 18 percent of the claim errors. Incorrect coding errors occur when the documentation provided supports a lower level of service than is billed. Medical professionals who reviewed the documentation determined that the service was not as complex as the provider claimed, and that Medicare had therefore paid too much. These errors have decreased by 24 percent since last year.

Noncovered Services is another payment error problem. The Inspector General noted that a small percentage of improper payments were for services not covered by Medicare. Such claims were for services that fee-for-service Medicare by law does not cover, such as routine physical examinations, routine ear and eye examinations and most routine foot care. This type of improper payment has declined by 50 percent since fiscal 1996.

CORRECTIVE ACTIONS

Almost 80 percent of the incorrect payments found in the fiscal 1998 audit occurred in five areas: inpatient hospital services (26 percent), physician services (25 percent), home health agencies (13 percent), and outpatient hospital services (13 percent). The remaining 20 percent were made in other categories. Several initiatives in our Comprehensive Plan for Program Integrity address these specific findings and we are zeroing in on these key areas.

Bolstering Provider Education. First and foremost, we want to ensure that providers understand our coding and documentation rules. Most providers who make billing errors have no intent to do anything wrong, but simply make mistakes. Still, these mistakes are costly both to the provider and to the taxpayer, and they must be stopped. We are bolstering our provider education efforts to make sure that happens.

Last year we piloted, in thirteen states, a multi-faceted provider education project developed by Blue Cross/Blue Shield of Florida. We will be expanding the project this year. Its first component is a seminar on proper documentation and coding under Medicare. The seminar is aimed at hospital billing agents and other providers and their employees responsible for billing Medicare. We broadcast the seminar via satellite, and in one broadcast alone, we reached over 10,000 people at hundreds of sites in hospitals and other providers across the Southeast. Combined with 44 live seminars that we also conducted, our seminars reached more than 19,000 people this year alone. And we know that they work. We tested participants' knowledge of Medicare rules both before and after the seminars, and found a big improvement in test scores.

We have also targeted medical schools, to reach medical residents just as they are about to start their own practices. Last year, we taught over 6,000 residents, almost one-quarter of all of the residents that graduated nationally, about setting up their practices to bill Medicare correctly.

And, we have turned to the Internet to advance our cause. We now have training modules on the web that can be used by any physician, office clerk, hospital employee, or anyone else with Medicare billing responsibilities. The site is www.medicaretraining.com, and I invite any of you to log on and take one of our online courses. I must warn you that there is a pre-test and a post-test, so we can see how you do, but you will have plenty of company. In 1998, over 15,000 of these courses were completed.

The last component of our provider education effort is a special duplicate claims reduction program. It has two components: an edit for electronic claims that rejects duplicates and a set of provider training materials. This program was particularly popular with doctors, who often pay billing agencies by the number of claims they file, and thus save money themselves by reducing duplicates. We piloted the program last year at Blue Cross/Blue Shield of Texas, implementing the edit and sending the training materials to the 250 providers who filed the most duplicate claims. The result was a reduction in duplicate claim volume of 170,000 claims, resulting in an estimated savings of $7.40 for each dollar spent. We expect that the program will save the Texas contractor over $1 million in administrative costs next year.

Improving Medical Review. While trying to reduce the number of errors made by providers, we are engaging in a variety of efforts to catch errors that are made by improving our contractor's medical review processes. We have tested a protocol for an outside contractor to verify and validate all contractor medical review practices and to recommend necessary corrective action. We will also be hiring an outside contractor to evaluate local medical review policies to identify policy similarities, differences, and gaps, and to assure compliance with national coverage policy.

Inpatient hospital claims are especially important since they are the most expensive claims we pay, and we will be implementing an aggressive plan to lower the error rate in inpatient claims. Among the types of analyses we may use are changes in patterns of DRG coding, prevalence of readmission of the same patient to the same facility on the same day as discharge, and changes in patterns of very short stay admissions. We are also working with our Peer Review Organizations to develop and test new ways to ensure the medical necessity of inpatient hospital claims.

With respect to physician payments, we are conducting thorough prepayment reviews of documentation on a random sample of physician office visit claims and are developing a testing process. That process will help us determine whether services are actually rendered and medically necessary, allow for projection of a national claims error rate, and help to spot areas for improvement.

Enhancing Contractor Evaluation. A key component of these efforts is managing our contractors. We are improving our assessment process to better gauge the effectiveness of contractor medical review and benefit integrity activities. This will ensure that we obtain the most from our contractors and will give the contractors solid guidance as to where improvements are needed.

Using Technology. We are always looking for ways to use technology to help us "pay it right."To assure we are taking advantage of the latest in anti-fraud technology, we have begun cataloging and evaluating fraud detection technologies for use by Medicare contractors. This is an ongoing process allowing us to keep abreast of developments in the field.

An example of our successful use of technology is the Correct Coding Initiative, a package of more than 93,000 automated edits we have required contractors to use since 1996. This initiative has saved hundreds of millions of dollars since its inception, and we continue to improve on it with new edits being tested and added regularly. Similarly, the HCFA Customer Information System enables us to view provider or service utilization data at the national, State, contractor, provider type, or individual provider level. As a result, audits or reviews can be focused, rapidly and inexpensively, on a particular level.

Implementing the Medicare Integrity Program. As discussed earlier, HIPAA gave us new authority to hire specialized contractors to perform program integrity functions. This will be a key part of our efforts to reduce the payment error rate in the future. There will be at least three types of program integrity contractors. Program Safeguard Contractors will perform the standard program integrity functions that are currently part of the claims processing handled by carriers and intermediaries. This new contrActing authority allows us to contract with different entities to perform these tasks, and will give us new flexibility in managing and evaluating these functions. We expect to begin hiring these types of contractors shortly.

Collecting Overpayments Identified by the Inspector General. We have already recovered almost all of the overpayments identified in this year's CFO audit, and we have intensified payment recovery efforts overall. In addition, we have instructed our contractors to evaluate providers identified in the CFO audit report for more extensive oversight.

RECENT LAWS AND LEGISLATIVE PROPOSALS

Thanks to the work of your Committee and this Congress, we now have more tools we need to fight fraud and abuse. These tools from the Balanced Budget Act let us:

• exclude providers convicted of felonies or health related crimes;
• levy new civil monetary penalties on hospitals who contract with providers who have been excluded from Medicare;
• levy civil monetary penalties on providers who take kickbacks;
• require provider applicants to provide Social Security numbers and employer identification numbers so we can check the applicant histories; and
• tighten eligibility and close loopholes for home health services.

The Health Insurance Portability and Accountability Act also for the first time created a stable source of funding for program integrity activities -- in fiscal 1999, $560 million. It also gave us authority to contract with special program integrity contractors. Under HIPAA, $630 million will be available for program integrity functions in fiscal 2000.

President Clinton's fiscal 2000 budget also includes several new proposals to continue our success in fighting health care fraud, waste, and abuse. These measures would save an additional $2 billion in Medicare expenditures over five years and preserve the Medicare Trust Funds. The proposals include:

• eliminating excessive Medicare reimbursement for drugs;
• ending overpayments for Epogen, a drug used to treat anemia related to chronic renal failure;
• preventing abuse of Medicare's partial hospitalization benefit;
• ensuring Medicare does not pay for claims owed by private insurers;
• empowering Medicare to purchase cost-effective high-quality health care; and
• requesting new authority to enhance contractor performance.

We look forward to working with you to secure passage of these important provisions.

Through additional tools provided in the BBA and HIPAA, our Comprehensive Program Integrity Plan, our corrective action plan, the President's new proposals, and your continued support, I am confident that we will continue to make progress in reducing the payment error rate.

FINANCIAL STATEMENTS

A second function of the CFO Audit is to determine whether HCFA's internal accounting mechanisms are in order. In public accounting terms, the purpose of an audit is to permit the auditors to render an opinion as to whether the financial statements are presented fairly and in conformity with generally accepted accounting principles.

There are four types of audit opinions: 1) an unqualified opinion, which means the financial statements are fairly presented; 2) a qualified opinion, which means the financial statements are fairly presented except for the effects of specific matters as described in the auditor's report; 3) an adverse opinion, which means the financial statements are not presented fairly; and, 4) a disclaimer of opinion, which states that the auditor does not express an opinion on the financial statements and gives all the substantive reasons for the disclaimer. We received a qualified opinion, which is a significant step above an adverse or disclaimer of opinion but represents that we still have work to do to achieve an unqualified opinion.

I am also very pleased to say that since fiscal 1996 we have resolved two major financial statement shortcomings, we have worked with the auditors to satisfy their concerns with two other shortcomings, and we are making progress on remaining areas of concern.

In response to the fiscal 1996 audit, we responded to concerns regarding Medicare accounts payable ledgers to the satisfaction of the external auditors. In addition, we funded an audit of the Social Security Administration process for withholding Supplemental Medical Insurance premiums that did not disclose any material weaknesses. In response to the fiscal 1997 audit, we were able to clarify our handling of cost reports and the Medicaid payables and receivables to the auditors' satisfaction, and we have made progress in each of the remaining areas of concern to the auditors.

Accounts Receivable

The one remaining issue that prevents us from obtaining a clean audit is accounts receivable. The auditors could not be sure the receivable number was correct due to the lack of general ledgers and other documentation at most Medicare contractors. Concerns were also expressed about internal controls. Finally, because States use different accounting systems, their reporting of Medicaid receivables is inconsistent.

Our goal for the long run is to standardize contractors' claims processing systems so we can have an integrated accounting system. However, this will require extensive system changes which will not be possible given the priority that we and our contractors must place on ensuring all systems are Year 2000 compliant. In the meantime we will focus on using the contractors' existing subsidiary systems to improve the quality of data, and to identify and document the audit trails necessary to support and validate the data reported to HCFA.

We also have two efforts underway in 1999 toward resolving the accounts receivable qualification. First, we are currently reviewing our policies for determining the Medicare Secondary Payer (MSP) receivables at 15 Medicare contractors that comprise 80 percent of all Medicare contractor receivable activity to improve procedures to ensure that FY 1999 accounts receivable data are adequately processed and documented. This determination may enable us to significantly reduce the amount of accounts receivable that remain on the books and to obtain a clean opinion for next year's audit.

We intend to improve our internal controls for assuring that transactions are properly recorded and accounted for, safeguarded against loss, and in compliance with laws and regulations. For example, we are updating financial reporting instructions and requiring components to clearly identify controls.

We are also working to improve security in electronic data processing. We have introduced a systems security initiative to aggressively address vulnerabilities found through the Inspector General's and our own reviews. Our goal is to be able to maintain the tightest security as the business environment in which we operate changes, and to integrate security into every aspect of our information technology management activities.

CONCLUSION