Statement for the Record to the
House Budget Committee
Health Care Task Force
Medicare Program: Reducing Improper Payments & Fraud
July 12, 2000
Office of Inspector General
Department of Health and Human Services
First, we would like to express our belief that the vast majority of health care providers are honest in their dealings with Medicare. When we talk about fraud, we are not talking about providers who make innocent billing errors, but rather those who intentionally set out to defraud the Medicare program or abuse Medicare beneficiaries. The importance of our ongoing work is not only to protect the taxpayers and ensure quality healthcare for Medicare beneficiaries but also to make the Medicare environment one in which honest providers can operate on a level playing field and do not find themselves in unfair competition with criminals.
At the same time, we are concerned about all errors, even those that are totally innocent. The complexity of the Medicare program places an obligation on health care providers, beneficiaries, fiscal intermediaries, carriers, and the Health Care Financing Administration (HCFA) to take reasonable care to comply with its rules. Thus, our audits and studies are also intended to identify vulnerabilities to administrative errors and to the related dollar losses, which can be quite significant.
BACKGROUND
The HCFA is the single largest purchaser of health care in the world. With expenditures of approximately $316 billion, assets of $212 billion, and liabilities of $39 billion, HCFA is also the largest component of the Department. In 1999, Medicare and Medicaid outlays represented 33.7 cents of every dollar of health care spent in the United States. In view of Medicare's 39.5 million beneficiaries, 870 million claims processed and paid annually, complex reimbursement rules, and decentralized operations, the program is inherently at high risk for payment errors and fraudulent schemes.
Like other insurers, Medicare makes payments based on a standard claim form. Providers typically bill Medicare using standard procedure codes without submitting detailed supporting medical records. However, regulations specifically require providers to retain supporting documentation and to make it available upon request.
The OIG is statutorily charged with protecting the integrity of our Department's programs, as well as promoting their economy, efficiency, and effectiveness. The OIG meets this mandate through a comprehensive program of audits, program evaluations, and investigations designed to improve the management of the Department; to detect and prevent waste, fraud, and abuse; and to ensure that beneficiaries receive high-quality, necessary services at appropriate payment levels. As part of this effort, we conduct annual audits of the Department's and HCFA's financial statements, as required by the Chief Financial Officers Act, as amended by the Government Management Reform Act of 1994.
ANNUAL ESTIMATE OF IMPROPER PAYMENTS
One objective of a financial statement audit is to determine whether there are material instances of noncompliance with laws and regulations. To that end, for the Fiscal Year (FY) 1996 financial statement audit period, we developed the first methodology to measure noncompliance in the Medicare fee-for-service program, which included reviewing supporting medical records. This work resulted in the first-ever, statistically valid, national rate of improper Medicare payments. At HCFA's request, we have continued these reviews because of the high risk of Medicare payment errors and the huge dollar impact on the financial statements.
This past year, we completed our fourth annual review, covering FY 1999, of the extent of fee-for-service payments that did not comply with laws and regulations. Our primary objective each year has been to determine whether Medicare benefit payments were made in accordance with Title XVIII of the Social Security Act (Medicare) and implementing regulations. Specifically, we examine whether services were (1) furnished by certified Medicare providers to eligible beneficiaries; (2) reimbursed by HCFA's Medicare contractors in accordance with Medicare laws and regulations; and (3) medically necessary, accurately coded, and sufficiently supported in the beneficiaries' medical records. Our objective is not to determine the extent of fraud in the Medicare program.
Methodology
To accomplish our objective, we begin with a statistically valid sample. For FY 1999, our multistage, stratified sample design resulted in a sample of 600 beneficiaries with 5,223 claims valued at $5.4 million. For each selected beneficiary, we review all claims processed for payment. We first contact each provider in our sample by letter requesting copies of all medical records supporting services billed. In the event that we do not receive a response, we make numerous follow-up contacts by letter, telephone calls, and/or onsite visits. Then medical review staff from the Medicare contractors (fiscal intermediaries and carriers) and peer review organizations assess the medical records to determine whether the services billed were reasonable, adequately supported, medically necessary, and coded in accordance with Medicare reimbursement rules and regulations.
Concurrent with the medical reviews, we make additional detailed claim reviews to determine whether (1) the contractor paid, recorded, and reported the claim correctly; (2) the beneficiary and the provider met all Medicare eligibility requirements; (3) the contractor did not make duplicate payments or payments for which another primary insurer should have been responsible under Medicare secondary payer requirements; and (4) all services were subjected to applicable deductible and co-insurance amounts and were priced in accordance with payment regulations.
Results in Brief
These audit procedures have enabled us to determine the extent of sampled claims that did not comply with Medicare laws and regulations. By projecting the sample results, we have estimated an annual national error rate. In FY 1999, for instance, net payment errors totaled an estimated $13.5 billion, or about 7.97 percent of total Medicare fee-for-service benefit payments. As in past years, the payment errors could range from inadvertent mistakes to abuse or outright fraud, such as phony records or kickbacks. We cannot quantify what portion of the error rate is attributable to fraud.
Our historical analysis of payment errors from FY 1996 through FY 1999 identified four major error categories: unsupported services, medically unnecessary services, incorrect coding, and noncovered services and miscellaneous errors. Where appropriate, we also identified specific trends by the types of health care providers whose claims were erroneous. For example, this past year's estimated $5.5 billion in unsupported services was largely attributable to home health agencies ($1.7 billion), durable medical equipment (DME) suppliers ($1.6 billion), and physicians ($1.1 billion).
When the sampled claims were submitted for payment to Medicare contractors, they contained no visible errors. It should be noted that the contractors' claim processing controls were generally adequate for (1) ensuring beneficiary and provider Medicare eligibility, (2) pricing claims based on information submitted, and (3) ensuring that the services as billed were allowable under Medicare rules and regulations. However, their controls were not effective in detecting the types of errors we found. Instead, reviews of patient records by medical professionals detected 92 percent of the improper payments.
Summing up, our error rate methodology enables us to quantify, with statistical certainty, the extent of improper payments and to clearly see the pervasiveness of these improper payments across the various types of Medicare services. The methodology also identifies the types of errors and the types of providers accountable for these errors. More importantly, it provides a performance measure for HCFA's use in reducing improper payments. We have seen significant progress in this area; the FY 1999 $13.5 billion estimate represents a 42 percent reduction since the FY 1996 estimate of $23.2 billion.
Using the Error Rate Process as an Internal Control
The HCFA subsequently incorporated the error rate process as part of its internal control structure. It intends to further expand the scope of this technique through two processes: Comprehensive Error Rate Testing (CERT) and the surveillance portion of the Payment Error Prevention Program (PEPP). The PEPP is designed to produce an error rate on inpatient hospital services, and CERT, while similar to the current methodology, provides more detail on error causes at specific Medicare contractors.
The current error rate process has been endorsed by the General Accounting Office (GAO) for several years and is consistent with its report, "Increased Attention Needed to Prevent Billions in Improper Payments" (GAO/AIMD-00-10), calling for agencies to establish processes to determine compliance with laws and regulations. The GAO states that "cost-effective internal controls should be designed to provide reasonable assurance regarding prevention of or prompt detection of unauthorized acquisition, use, or disposition of an agency's assets." We concur with GAO and believe that HCFA's current and proposed error rate processes will do exactly that.
Expanding the Error Rate Methodology to Measure Fraud
With respect to incorporating into the error rate methodology the additional techniques being discussed at this hearing, we believe that beneficiary interviews and provider profiling are appropriate tools in certain circumstances. While medical reviews clearly were the primary identifier of improper payments in all 4 years' error rate samples, we also conducted beneficiary and/or caregiver interviews concerning services billed by high-risk providers. For example, we contacted beneficiaries who had received home health services to determine whether they were, in fact, homebound -- a requirement for Medicare reimbursement of these services. In FY 1996, when problems in meeting this requirement were more prevalent, beneficiary and caregiver visits were quite valuable in establishing whether beneficiaries were homebound. However, when errors shifted in the following years to problems with beneficiaries' plans of care, these types of contacts had limited value in determining improper payments.
This observation is shared by Medicare contractor fraud control units, which find that beneficiary interviews generally are not a valuable resource for detecting fraud. According to fraud control officials, beneficiaries (like any other patients) do not always remember what services were rendered, do not understand the usual/customary charges associated with surgeries, or do not recognize the scope of certain therapy services. Recalling specific details of time spent or services performed by the physician during an office visit 6 or 8 months ago would be a major challenge for anybody, with often questionable results. We therefore believe that beneficiary contacts should be used on a case-by-case basis for selected high-risk Medicare services. For instance, because of the high risk of abusive billing practices by DME providers, we are expanding our ongoing FY 2000 error rate methodology to include contacts with beneficiaries who received DME services.
On the other hand, the fraud control units we contacted found provider profiling an excellent technique for identifying fraud. This technique highlights irregular billing patterns and other anomalies so that a provider's claims can be targeted for more detailed review of medical records. We, too, apply this technique, not as part of our error rate methodology but in in-depth reviews of individual providers. These reviews often follow our multi-State reviews used to develop a "national" error rate for specific provider types or services. Through individual provider audits, we can identify patterns of misconduct or multiple questionable actions that may be referred for investigation. It is interesting to note that a review at one provider often takes as many, if not more, resources than a multi-State error rate review.
We do not devote investigative resources to cases unless we have a proper predication, such as a particularly egregious situation or a strongly suspected pattern of abuse based on a sample. For example, in the current error rate process, if we find a claim for services that were not performed, we cannot conclude that there is a pattern of abuse or fraud. If we were to expand the audit scope as suggested by GAO, we would have to review a significant number of additional provider claims to establish such a pattern. In addition, substantial evidence must be developed before an investigation can be initiated. For instance, to obtain a search warrant, both the U.S. Attorney and the Federal magistrate must be convinced that there is probable cause, based on the evidence, that a crime has occurred. Thus, determining fraud is extremely time-consuming, often taking several years and thousands of staff-hours to prove intentional deception or misrepresentation on the part of just one provider. Additionally, expanding the current error rate methodology in an attempt to determine actual or potential fraud would go substantially beyond what is expected in a normal internal control process, and it is unclear whether cost-effective corrective actions could be developed to preclude the types of schemes discussed below.
FRAUD DETECTION
As we have stated, the error rate methodology does not detect fraud, such as kickbacks, deliberate forgery of bills or supporting documents, or violations of the Stark law regarding the financial relationship between an entity and a physician or an immediate family member. To fulfill this function of our legislative mandate, we look to sources and techniques outside the error rate process. And we know from our investigations and from complaints we receive that waste, fraud, and abuse are still pervasive in the health care sector. We are therefore continuing to watch all areas of Medicare through our audits, inspections, and investigations, as well as to encourage and receive support from industry and beneficiary groups in our efforts.
Before we describe these efforts, it may be useful to define what we mean by "fraud." The Government's primary enforcement tool, the civil False Claims Act, covers only offenses that are committed with actual knowledge of the falsity of the claim, reckless disregard of the truth or falsity of the claim, or deliberate ignorance of the truth or falsity of the claim. The other major civil remedy available to the Government, the Civil Monetary Penalties Law, has the same standard of proof. Neither statute covers mistakes, errors, misunderstanding of the rules, or negligence, and we are very mindful of the difference between innocent errors ("erroneous claims") and reckless or intentional conduct ("fraudulent claims").
To actually determine fraud, we typically obtain information through a combination of investigative techniques tailored to each case. These tools include subpoenas of medical and billing records, use of search warrants, investigative interviews of provider employees, surveillance, and undercover operations. For example, establishing that a claim is tainted by an illegal kickback often requires an analysis of contracts in the context of safe harbors as well as a review of the provider's Medicare and private billings over time. Once this information is gathered, it is presented to a U.S. Attorney whose office will evaluate the information and, with input from the OIG, make a final decision on whether the conduct constitutes criminal or civil fraud. If the evidence demonstrates an intentional violation of the law, the U.S. Attorney may opt to present the case to a Federal grand jury for potential criminal action. If no criminal intent can be shown, but there is evidence of provider knowledge that false claims were submitted, a civil False Claims Act case may be authorized.
Now let us describe the sources and techniques that we use to detect and combat fraud, along with some related accomplishments.
Allegations of Wrongdoing
The OIG receives allegations of wrongdoing from a number of sources, including beneficiaries, ex-employees of providers, competitors, contractors, and Qui Tam complaints. Each of these allegations is taken seriously and is evaluated as quickly and thoroughly as possible. Because Qui Tams are based on insider information, they have proved most useful in terms of identifying large- dollar vulnerabilities. In fact, since Calendar Year 1996, we have received 1,074 Qui Tam allegations, of which over 300 are under active investigation.
For example, one case that began with a Qui Tam complaint centered on misconduct engaged in by National Medical Care, a nationwide dialysis company, and various of its subsidiaries before a 1996 merger with Fresenius Medical Care Holdings, Inc., the Nation's largest provider of kidney dialysis products and services. The Government recently reached a record-breaking Medicare fraud settlement with Fresenius. As a result of a joint investigation by OIG and multiple law enforcement agencies, the company agreed to a global resolution under which three subsidiaries pled guilty, and it agreed to pay $486 million to resolve the criminal and civil aspects of the case. As part of the civil settlement agreement on credit balances, the company paid directly to HCFA $11 million for overpayments that were previously reported to the fiscal intermediaries but never recouped. The alleged criminal misconduct involved illegal kickback activity, submission of false claims for dialysis-related nutrition therapy services, improper billing for laboratory services, and false reporting of credit balances. As part of the settlement, the company also entered into the most comprehensive corporate integrity agreement ever imposed by OIG.
Medicare Contractor Fraud Control Units
Medicare contractor fraud control units, which are a required part of the Medicare claim processing contractors' operations, are used in the effort to prevent, detect, and deter Medicare fraud and abuse. They employ a number of techniques, including sampling claims to determine propriety of payments, contacting beneficiaries to verify delivery of services, reviewing DME certificates of medical necessity, analyzing high-cost procedures and items, and analyzing local billing trends against national and regional trends for the top 30 national procedures. Unusual trends are targeted for focused medical review. Potential fraud is also identified by researching complaints and referrals received from beneficiaries, providers, and industry insiders and through various data analysis techniques. One proactive technique profiles providers using special software designed to highlight irregular billing patterns and other anomalies to target a provider's claims for more detailed review.
If fraud is indicated, the fraud control units refer cases to the OIG and other law enforcement authorities for consideration of civil or criminal prosecution and application of administrative sanctions. Over a third of the more than 1,600 referrals in FYs 1998 and 1999 were developed using proactive techniques.
Audits and Evaluations
Many of our leads on potential fraud are developed through audits and evaluations of various aspects of the Medicare program, most often on a provider-by-provider basis. Some significant examples are summarized below:
Home Health Care. Looking behind the explosive growth in Medicare expenditures for home health care since 1990, OIG, using claim data from 1995 through part of 1996, found that 40 percent of the payments were improper. We also determined that many home health agencies shared characteristics that could undermine the Department's ability to recover overpayments or levy sanctions. Our recommendations to strengthen the Medicare certification process and to otherwise protect the trust fund were adopted in the Balanced Budget Act of 1997. Conducted at the Department's request, our follow-up work, which examined 1998 claim data, noted that the payment error rate had fallen to 19 percent.
Additional reviews at individual home health agencies have led to 420 investigations of potential fraud since October 1997, and 130 of these investigations are ongoing. A particularly egregious case of misappropriated Medicare funds and potential abuse of Medicare patients was noted at St. John's Home Health Agency, the highest paid home health agency in South Florida. We found that St. John's billed Medicare for nonrendered or upcoded home health services, that nurses and home health aides permitted subcontracting groups to use their names and/or create fraudulent documents to support nonrendered services, and that some nursing visits were provided by unlicensed persons. Further, subcontractors paid kickbacks to St. John's employees in order to do business with them. In December 1999, 26 people were indicted for racketeering, conspiring to racketeer, conspiring to launder money, and conspiring to submit false claims to the Medicare program. Subsequent to plea or trial, there were 24 guilty verdicts (1 individual became a fugitive and 1 was acquitted); all 24 of those found guilty are in the process of being excluded from Federal health care programs.
Durable Medical Equipment. After sampling 36 new durable medical equipment applicants in the Miami, Florida, area, HCFA reported in 1996 that 32 were not bona fide businesses. Among other problems, some bogus applicants did not have a physical address or an inventory of DME. According to HCFA, those companies should not have been issued a supplier number because they were not operational entities. To determine the prevalence of this problem, we sampled suppliers and applicants in 12 large metropolitan areas in New York, Florida, Texas, Illinois, and California at HCFA's request. Our inspection found that 1 of every 14 suppliers and 1 of every 9 new applicants did not have a required physical address. When we checked questionable addresses, we usually found that the business had closed or had a questionable presence at the address. Some addresses were merely mail drop locations or were nonexistent or could not be located. These types of problems with physical addresses often indicate potentially illegitimate business arrangements.
A classic example is a case we uncovered in New York. The OIG was drawn into investigating this scheme after numerous Medicare beneficiaries complained to their carriers that they had not received the services for which Medicare was billed. We interviewed the beneficiaries and verified that claims had been submitted for services that were not actually rendered. These companies billed Medicare for millions in fraudulent claims. In one instance, three of the companies billing for ear implants received checks from Medicare totaling approximately $1 million in less than a month. The bank where the money was being deposited became suspicious and called the carrier which, in turn, stopped payment on the checks. The carrier had placed a system alert on these companies if they submitted claims for MRI services, so the fictitious companies began submitting claims for ear implants and were paid.
Partial Hospitalization and Community Mental Health Centers.
In collaboration with HCFA, we examined the growth of Medicare expenditures
to community mental health centers for partial hospitalization services
(highly intensive outpatient psychiatric services). We found that Medicare
was paying for services to beneficiaries who had no history of mental illness
and for therapy sessions that consisted of only recreational and diversionary
activities, such as watching television, dancing, and playing games. Our
review in five States, which accounted for 77 percent of partial hospitalization
payments to mental health centers nationally during 1996, disclosed that
over 90 percent of the services, or $229 million in Medicare payments, were
unallowable or highly questionable. From that review, we were able to identify
potentially abusive centers for in-depth audits and, based on our results,
referred all of these centers for investigation of potential fraud. Currently,
investigations are underway at 18 centers identified from this work and
from other sources.
Hospital Outpatient Psychiatric Services. The OIG conducted a 10-State review of outpatient psychiatric services which accounted for 77 percent of the value of partial hospitalization and other outpatient psychiatric claims at acute care hospitals nationally. We estimated that almost 60 percent of the $382 million in 1997 outpatient psychiatric claims made by hospitals did not meet Medicare reimbursement requirements. These unallowable services were not reasonable and necessary for the patient's condition, not authorized and/or supervised by a physician, not adequately documented or not documented at all, or rendered by unlicensed personnel. Our reviews at individual hospitals found similar problems, as well as alteration of medical records after we selected the records for review. To determine whether fraud was a factor in these cases, additional work is being performed. Overall, we have 69 ongoing investigations.
Undercover Operations
We occasionally conduct undercover operations to identify potential fraud. Past undercover operations have targeted podiatrists, opthalmologists, chiropractors, medical doctors, DME companies, billing companies, and laboratories for various Medicare billing fraud schemes, such as billing for medically unnecessary services, billing for services not provided, soliciting and receiving kickbacks, upcoding services, unbundling services, and misusing provider Medicare billing numbers. Many of these undercover operations are conducted jointly with other Federal agencies, including the Federal Bureau of Investigations (FBI), the Internal Revenue Service (IRS), and the Drug Enforcement Agency, since violations often fall within their jurisdictions as well.
For example, an ongoing multiagency undercover project targeted certain DME providers. The DME companies offered cash kickbacks to undercover operatives (Federal agents) in exchange for patient referrals. In addition, some companies billed Medicare and/or Medicaid for medically unnecessary services, services not provided, and/or upcoded services. The operation also identified physicians involved in the scheme. To date, this project has resulted in 20 convictions with nearly $1 million in restitutions, fines, and savings. Additional cases are currently being adjudicated, and more convictions are expected.
* * * * * *
In conclusion, we would like to commend HCFA for incorporating an improper payment methodology into its internal control structure for Medicare, and we note that it was one of the first health care programs to develop such a technique. Modifications to the methodology being made by HCFA would further enhance its ability to identify areas in need of corrective action. With respect to other techniques being discussed today to expand the error rate process, we believe they are currently being used to the extent appropriate. For example, we have used beneficiary contacts in high-risk areas for the past 4 years. Such techniques as provider profiling have long been used as a means for targeting providers for fraud investigations and, as we have noted, have led to a significant number of investigative referrals. To incorporate additional fraud development techniques into the error rate methodology, in our opinion, would be cost prohibitive and extremely time-consuming and would divert substantial resources from the Department's highly successful fraud-fighting efforts. We believe that all the techniques discussed have their appropriate uses in a comprehensive, flexible anti-fraud system. We, HCFA, the Department of Justice, the FBI, and other enforcement entities will continue to apply these techniques in the most cost-effective manner that ensures the best outcomes for Medicare and other Federal health care programs.