 |
 |
|
 |
||
Print 
Download Reader 
|
|
|
|
||
Print Download Reader
 |
Appendix A - FY 2005 Top Management Challenges Identified by the Office of Inspector GeneralManagement Issue 1: Implementation of the Medicare Modernization Act (MMA)Management Challenge: The Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA) (Public Law 108-173) sets forth the most comprehensive changes to the Medicare program since its inception in 1965. Implementation of this new statute is a huge undertaking involving massive amounts of dollars and new benefit programs. As a result, the Department of Health and Human Services (HHS) has acquired numerous new responsibilities. These include developing and implementing new programs, issuing regulations, conducting a variety of studies through surveys and audits, preparing and submitting reports to Congress, and enforcing program rules. Numerous components within HHS, including the Centers for Medicare & Medicaid Services (CMS), the Food and Drug Administration (FDA), the Agency for Healthcare Research and Quality (AHRQ), and the Office of Inspector General (OIG) have specific responsibilities set forth under the MMA. Thus, implementation of the MMA requires a high level of collaboration and coordination that extends across the Department to ensure these new programs and changes are implemented in such a way to guard against opportunities for waste, fraud, and abuse. Prescription Drugs Perhaps most significantly, the MMA established a new Medicare prescription drug benefit, known as Medicare Part D, which becomes available on January 1, 2006. The MMA also provides a voluntary and temporary Prescription Drug Discount Card program (drug card program) to be in effect until the Part D benefit becomes available. While the Part D drug benefit will not become available until 2006, OIG has begun work related to oversight of this new benefit and the drug card program. For example, OIG evaluated beneficiary education issues under the drug card program for the purpose of maximizing similar efforts for the Part D benefit. In addition, OIG reviewed drug card prices and transitional assistance billings under the drug card program. OIG has also provided legal guidance for drug card sponsors related to the anti-kickback statute. In addition, OIG has begun work on the Part D benefit, including a review of the employer drug subsidy and, per CMS’s request, reviews of the data systems being developed for Part D to ensure that the technological infrastructure will function properly when the benefit becomes effective. OIG also plans to review initial implementation steps at selected plans contracted by CMS to provide the Part D benefit, as well as controls in the systems and processes CMS intends to use to pay the plans. Based on vulnerabilities identified by OIG, the Government Accountability Office (GAO), and through fraud investigations, the MMA also changed the basis of Medicare Part B drug reimbursement for most drugs to an average sales price (ASP). These changes require significant oversight. The MMA requires Part B drugs to be reimbursed at 106 percent of their ASP as reported to CMS by drug manufacturers. Pursuant to the MMA, OIG is required to monitor the widely available market prices for Part B drugs and subsequently compare these and other price points to reported ASPs. If the differences between the price points and ASPs for any drugs exceed a certain threshold, the MMA directs the Secretary to modify the reimbursement amounts for the drugs. The MMA also directs OIG to review the adequacy of this new ASP-based reimbursement rate for certain physician specialties. As part of its prudent oversight, OIG is also conducting audits of manufacturers’ calculations of ASP. Other Medicare Programs In addition, the MMA sets forth numerous changes to other programs, including a revised managed care program (Medicare Advantage), certain payment reforms including durable medical equipment, rural health care improvements, and other changes involving administrative improvements, regulatory reduction, administrative appeals, and contracting reform. With respect to contractor reform, the Secretary has indicated in his statutorily required report to the Congress (February 7, 2005, “Medicare Contracting Reform: A Blueprint for a Better Medicare”) that such reforms call for, and will include, modernization of Medicare information systems. OIG has conducted previous work in many of these areas that identify potential challenges to consider for implementation of MMA changes. For example, OIG work played an important role in the price changes for durable medical equipment. OIG has also identified concerns regarding Medicare managed care, including unnecessary payments to plans, claims for excessive administrative costs, inadequate and inconsistent information provided to beneficiaries, and problematic data reporting. Likewise, OIG has previously identified numerous concerns with the administrative appeals process. The MMA transfers this function from the Social Security Administration to HHS and requires other changes to the appeals process. Implementation of all of these Medicare changes, particularly in light of previously identified vulnerabilities in these programs, warrants significant attention and oversight. Additionally, OIG has reviewed prior Medicare information systems initiatives and provided recommendations and suggestions, where warranted. Assessment of Progress in Addressing the Challenge: The Secretary has included MMA implementation in his 500-day plan, stating that he will concentrate on successfully implementing the MMA by “energizing broad participation, emphasizing preventative care, reaching out to those eligible for low-income subsidies and stimulating a competitive market.” To address the challenges in implementing the numerous responsibilities for HHS under the MMA, HHS has established MMA implementation teams and a tracking database. In addition, HHS components have set up various working groups to address MMA implementation issues. Components within HHS have already provided substantial assistance to one another with regard to implementation of the MMA and will continue to coordinate HHS-wide to ensure that the Department has fulfilled its responsibilities. An example of such coordination and cooperation are the recent MMA training conferences developed by OIG, which utilize the combined expertise of OIG, CMS, FDA, the Department of Justice, the Department of Labor, and the Social Security Administration. These conferences have focused on the careful implementation of the Part D benefit program so as to protect Medicare beneficiaries and the new benefit. CMS bears the primary responsibility for implementing the new MMA-mandated Medicare programs and reforms and has made important progress toward that end. Most notably, CMS has implemented the drug card program and has promulgated regulations relating to the Part D prescription drug benefit, Medicare Advantage plans, and the reporting and calculation of ASPs. Likewise, CMS has begun the contractor reform process by initiating procurements to competitively replace durable medical equipment carriers and consolidate the existing 15 Medicare Data Centers. Implementation of all provisions of this law requires continued diligence, scrutiny, and oversight. Based on OIG’s historical experience in auditing, evaluating, and investigating payment for, or practices relating to, prescription drugs under HHS programs (i.e., Medicare, Medicaid, 340B Drug Pricing Program), these areas warrant particular attention. Given the magnitude of potential expenditures, tight implementation deadlines, reliance on numerous contractors, program complexity, and impact of these programs on beneficiaries, it is critical that the new Part D drug benefit and Part B drug reimbursement methodology are implemented efficiently and effectively and that HHS oversight of these programs is vigilant. HHS Management Response: In FY 2005, CMS issued final rules (January 28, 2005) to establish the Medicare Prescription Drug Benefit and the Medicare Advantage (MA) Program. Under the Medicare Prescription Drug Benefit, every Medicare beneficiary will be able to choose from a range of Prescription Drug Plans (PDP). Title I rules specify the requirements for Prescription Drug Plans and how payments for drugs will be made. The CMS completed the contracting process with PDPs and is on schedule to timely implement the program on January 1, 2006. The contracting process included an extensive review and approval of PDP formulary, benefit, and bid submissions. To provide industry and other stakeholders with information, CMS published numerous guidance documents (formulary review guidelines, marketing guidelines, prescription drug event data, reporting requirements, etc.) and held weekly teleconferences with PDPs to discuss time sensitive issues and to provide live technical assistance. Because of these efforts, Medicare beneficiaries all over the country will be able to choose prescription drug coverage that will cost less than originally expected, including plans with premiums of $20 per month or less. Options will also include plans offering zero deductibles or deductibles lower than $250 annually, and plans that provide some coverage in addition to the “standard” Medicare drug benefit. The CMS is validating a Part D data monitoring system that will provide us with an extensive analytical tool to monitor for fraud, abuse, and waste. The MA Program addressed in Title II revises the Medicare Managed Care Program, based on provisions in the MMA. Most significantly, the final Title II rule replaced the adjusted community rate system with a bid submission process. As the law specifies, CMS required MA organizations to submit bids no later than the first Monday in June (June 6, 2005) for each MA plan they intend to offer in the following year, beginning with contract year 2006. The CMS issued both an advance notice of Methodological Changes for Calendar Year 2006 for MA Payment Rates and Payment Methodology for the new Part D program, as well as announcing the calendar year (CY) 2006 MA Payment Rates earlier this year. The CMS also issued a call letter to the MA plans in April 2005 addressing a number of topics in the final rules to establish the MA program. Beyond the bidding and payment process, the call letter touched upon areas related to the new MA plans such as the Special Needs Plans and related areas of payment and enrollment. In FY 2006, CMS will focus its efforts on continuing implementation of payment and enrollment operations and the information systems supporting those operations. Changes to enrollment operations include changes to election period provisions, addition of new plan types and the possibility of concurrent enrollments in certain types of MA plans and stand-alone PDPs. Changes to payment operations include introduction of Part D payments to PDPs and MA-PDs (a hybrid type that provides both Part C and Part D benefits). Beyond Part D, payment operations need to be adapted to accommodate the new bid-based payment rates in 2006. Other provisions include the new Low Income Subsidy (for premiums and cost sharing) and a beneficiary election to have premiums withheld by SSA. The CMS continues to conduct weekly meetings across the Agency to ensure an effective implementation of the information systems. This includes staff articulating and testing business requirements. Moreover, staff meet routinely via conference calls with various plans regarding system requirements and implementation. Additionally, CMS has looked closely at its past experience with the drug card program to mitigate any potential problems that could arise for Part D. Finally, CMS continues to analyze program data as a method for focusing resources as appropriate. The CMS has worked to effectively develop and implement an oversight program for Part D to ensure compliance with the new MMA regulations and guidelines. The CMS is in the process of implementing an oversight program for regional Preferred Provider Organizations and Special Needs Plans based on the new requirements within MMA. To provide consistency and guidance to the industry, CMS developed and conducted training programs specifically to address compliance and oversight. The MMA requires Part B drugs to be reimbursed at 106 percent of their average sales price (ASP) as reported to CMS by drug manufacturers. The CMS implemented the new ASP payment methodology on January 1, 2005. The CMS is now in the fourth quarter of paying under this methodology and prices generally have been stable. The CMS continues to work with manufacturers to ensure quality of reporting of data. The new Part B reimbursement methodology is bringing significant savings to the program and to beneficiaries. In addition, CMS has published two rules to implement the competitive acquisition program (CAP) and is scheduled to implement this program by July 2006. The CAP will provide physicians with an option on how to acquire drugs they use in their practices. The CMS continues to work with the OIG on several tasks that are critical for ensuring the success of the ASP methodology. Rural Health Care Improvements Provider Outreach - The CMS has developed a number of educational products specifically targeted to rural health providers. The CMS’ most recent “rural health products” include (1) a series of fact sheets for rural health providers including sole community hospitals, Federally Qualified health centers, rural health clinics, and critical access hospitals; and (2) a comprehensive Rural Health Guide, which provides coverage and billing information for rural health providers as well as additional resources to help them navigate the Medicare Program. The CMS aggressively markets its educational materials through national associations and its Medicare fee-for-service contractors, who also conduct training on these issues. Medicare Contractor Reform The CMS is actively engaged in the implementation of the Medicare contracting reform provisions of the MMA. In April 2005, CMS released the first Medicare Administrative Contractor (MAC) Request for Proposals (RFP) for Durable Medical Equipment claims processing pursuant to the MMA. In October 2005, CMS released the second MAC RFP for a combined Part A and Part B MAC in Jurisdiction 3. Additionally, a small group within CMS has been charged with integrating the many changes occurring within CMS and its contractor community as a result of procuring MACs. This team reviews project plans, funding and timing issues to recommend best strategies for completion of the many contracting reform projects. Management Issue 2: Accountability of Medicaid FundsManagement Challenge: The Federal share of Medicaid outlays in fiscal year (FY) 2004 exceeded $176 billion and is expected to exceed $192 billion in FY 2006. Because Medicaid is a matching program, improper payments by states always cause corresponding improper Federal payments. However, because the Federal Government does not routinely examine individual provider claims, inappropriate claims by states for a Federal share are not always easily identified. Payment Error Rates Payment accuracy in the Medicaid program helps ensure fairness across all state Medicaid programs and is critical to maximizing Federal and state health care dollars. Until recently, little was known about payment error rates in the Medicaid program. This lack of information represents a substantial vulnerability in preventing fraud, waste, and abuse perpetrated by health care providers. Understanding errors is particularly difficult due to the diversity of state programs and their unique administrative and control systems. State Financing Mechanisms In addition to payment accuracy, OIG has found significant problems in state Medicaid financing arrangements involving the use of intergovernmental transfers. Specifically, OIG found that some states inappropriately inflated the Federal share of Medicaid by billions of dollars by requiring public providers to return Medicaid payments to the state governments through intergovernmental transfers. Once the payments are returned, funds cannot be tracked, and they may be used for purposes unrelated to Medicaid. Although this abusive practice could potentially occur with any type of Medicaid payment to public facilities and is not legally prohibited, OIG identified serious problems with this practice in Medicaid supplemental payments available under upper payment limits, disproportionate share hospital payments, and payments for school-based services. These Federal/State payments are made to public providers who then return the monies to the states through intergovernmental transfers. This practice shifts the cost of Medicaid to the Federal Government, contrary to Federal and state cost-sharing principles. Assessment of Progress in Addressing the Challenge: Payment Error Rates In July 2001, CMS invited states to participate in a demonstration project to develop a payment accuracy measurement (PAM) methodology for Medicaid, i.e., a single methodology that can produce both state-specific and national level payment error estimates for Medicaid and the State Children’s Health Insurance Program. The PAM model was later modified to comply with the new requirements of the Improper Payments Information Act of 2002 (IPIA) (Public Law 107-306). FY 2004 was the final year for reporting the results of the PAM pilots. The PAM project will be renamed the Payment Error Rate Measurement (PERM) program, which will be submitted for clearance as a final interim rule. In late FY 2005, CMS will begin competing and awarding contracts using a national contracting strategy to produce a Medicaid fee-for-service error rate. The FY 2005 Performance and Accountability Report (PAR) will include the results from year three of the PAM pilots (FY 2004). For FY 2006, CMS will report the results of the PERM pilot in the PAR. The FY 2007 PAR will include a national Medicaid fee-for- service error rate for FY 2006 based on a statistically valid sample of states and claims within those states. CMS expects to be fully compliant with the IPIA requirements by FY 2008. OIG is planning to include reviews to oversee the Medicaid error rate process. In addition, the current OIG work plan includes various reviews to identify payment error vulnerabilities in the Medicaid managed care program. State Financing Mechanisms To curb abuses in state Medicaid financing arrangements, CMS issued Final Rules (effective March 13, 2001, November 5, 2001, and May 14, 2002) which modified upper payment limit regulations in accordance with the Benefits Improvement and Protection Act of 2000. The regulatory actions created three aggregate upper payment limits, one each for private, state, and non-state government-operated facilities. The new regulations will be gradually phased in and become fully effective on October 1, 2008. CMS projects that these revisions combined will save $79.3 billion in Federal Medicaid funds over the 10-year period 2002-2011. However, when fully implemented, these regulatory changes will only limit, not eliminate, the amount of state financial manipulation of the Medicaid program because the regulations do not require that the targeted facilities retain the enhanced funds to provide medical services to Medicaid beneficiaries. The CMS has been working with states to halt the inappropriate use of intergovernmental transfers that artificially inflate the Federal share of the Medicaid program. CMS identified 33 states that were using inappropriate intergovernmental transfers. According to CMS, 26 of the 33 states have halted the practice. OIG believes that CMS should continue to work to ensure that all states eliminate the use of inappropriate intergovernmental transfers involving supplemental payments available under the upper payment limits, disproportionate share hospital payments, payments for school-based services, or any other type of Medicaid payment to a public provider. OIG believes that CMS should take actions to permanently eliminate, by law or regulation, the inappropriate use of inappropriate financing mechanisms. This change would be in addition to the regulatory changes cited above and would help to ensure that Medicaid funds are used to provide services to Medicaid beneficiaries. HHS Management Response: On October 5, 2005, an interim final rule was published in the Federal Register which indicated that CMS will measure Medicaid and SCHIP fee-for-service error rates and is committed to developing an approach to measure the Medicaid and SCHIP managed care and eligibility error rates. The CMS expects to be fully compliant with IPIA by FY 2008. This interim final rule addresses some of the states’ concerns with cost and burden since the Federal government will conduct and fund the medical and data processing components of the project. In the interim final rule, CMS stated the principles that: (1) the methodology used to select the states will ensure that each state is selected at least every three years but that no state is sampled more than once every three years; and, (2) the error rates produced by this selection methodology will provide the state with a state-specific error rate estimated to be within 3 percent precision at the 95 percent confidence level. In FY 2006, states will be randomly selected. The CMS has established an eligibility workgroup to make recommendations on the best approach to conduct Medicaid and SCHIP eligibility reviews. The plan is to have recommendations from the workgroup in FY 2006 so that eligibility reviews can commence in FY 2007 for error rate reporting in the FY 2008 Performance and Accountability Report. State Financing Mechanisms Since August 2003, CMS has been requesting detail information from states regarding how states are financing their share of the Medicaid program costs under the Medicaid reimbursement SPA review process. During this SPA review process, CMS had identified questionable practices where some states are utilizing financing techniques that do not comport with the spirit of the Federal-state partnership. Specifically, CMS has discovered that several states make claims for Federal matching funds associated with certain Medicaid payments which the health care providers ultimately are not allowed to retain. The result of such an arrangement is that the health care provider is unable to retain the full Medicaid payment amount to which it was entitled (a payment for which Federal funding was made available based on the full payment), and the state and/or local government may use the funds returned by the health care provider for costs outside the Medicaid program and/or to help draw additional Federal dollars for other Medicaid program costs. The net effect of this re-direction of Medicaid payments is that the Federal Government bears a greater level of Medicaid program costs, which is inconsistent with the Federal medical assistance percentages specified in the Medicaid statute. The CMS will not approve new SPA proposals until states have fully explained how they finance their Medicaid programs and until such time that states have agreed to terminate any financing practices that contradict the spirit of the Federal-state partnership. In addition, follow-up audits are conducted for any questionable financing practice that is discovered as part of the Medicaid reimbursement SPA review. The CMS is working with states to terminate such practices, which many states have agreed to stop as of the end of their 2005 state fiscal year. As of September 30, 2005, 26 states have terminated 62 such financing practices effective with the end of their state fiscal year 2005. Because of these efforts, CMS has noticed a decreasing desire on the part of states to make supplemental payments up to their upper payment limit (UPL). It appears that requiring states to pay their share of the supplemental payments and requiring that qualifying providers retain 100 percent of the payment has effectively decreased the interest/trend to maximize the UPL. Moreover, while some states have revised financing mechanisms to continue making supplemental payments, other states have dropped their supplemental payments altogether. Management Issue 3: Integrity of Medicare PaymentsManagement Challenge: The Medicare program’s size and complexity place it at high risk for payment errors. In FY 2004, the Medicare benefit payments totaled about $300 billion, which represents payments for health care services provided to approximately 42 million Medicare beneficiaries. To help ensure that beneficiaries have continued access to appropriate and high-quality Medicare services, as well as to protect the financial integrity of the program and the solvency of the Trust Funds, continuing efforts must be made so that correct and appropriate payments are made for properly rendered services. From FY 1996 through FY 2002, OIG developed and reported on the annual Medicare fee-for-service paid claims error rate. In FY 2003, CMS assumed responsibility for the error rate development. In its 2004 financial report, CMS reported a gross paid claims error rate of 10.1 percent ($21.7 billion) and a net paid claims error rate of 9.3 percent ($19.8 billion) for the FY.1 Targeted audits and evaluations by OIG and CMS continue to identify improper payments and problem areas in specific parts of the program. These reviews have revealed payments for unallowable services, improper coding, excessive payments, and other types of improper payments. For example, to date OIG found over $149 million in improper payments in CYs 1999 and 2000 for equipment and supplies separately billed by suppliers for beneficiaries residing in skilled nursing facilities. OIG and CMS discovered substantial abuses of medical equipment suppliers billing Medicare for power wheelchairs that were never delivered, equipment that was medically unnecessary, and billing for high-cost equipment when lesser-cost equipment was provided. Similarly, OIG found that some providers had manipulated the Medicare rules for outlier payments, receiving a disproportionate share of these payments because of dramatic increases in billed charges. OIG audits continue to show that Medicare has serious internal control weaknesses in its financial systems and processes for producing financial statements. For example, the reporting mechanism that Medicare contractors use to reconcile and report funds expended depends heavily on inefficient, labor-intensive, manual processes subject to the increased risk of submitting inconsistent, incomplete, or inaccurate information to CMS. These serious internal control weaknesses persist. Assessment of Progress in Addressing the Challenge: The FY 2004 gross paid claims error rate of 10.1 percent was 3.7 percentage points lower than the 13.8 percent reported in FY 1996 but higher than the 6.3 percent in 2001. The CMS has demonstrated continued vigilance in monitoring the error rate and developing appropriate corrective action plans. In addition, CMS has worked with the provider community to clarify reimbursement rules and to impress upon health care providers the importance of fully documented services, and the overwhelming majority of health care providers follow Medicare reimbursement rules and bill correctly. The CMS has taken a number of steps to strengthen Medicare coverage and reimbursement requirements to help curb inappropriate payments. For example, CMS has agreed to establish or enhance billing controls to ensure compliance with the consolidated billing provision, identify “best practices” in both consolidated billing and postacute care transfers, and aggressively scrutinize new applications for durable medical equipment supplier numbers. The CMS received an unqualified opinion on its 2004 financial statements. However, the lack of a fully integrated financial management system and insufficient oversight of the Medicare contractors continued to impair the reporting of accurate financial information. Weaknesses were identified in general and in application controls at Medicare contractors, at data centers where Medicare claims are processed, at sites that maintain the “shared” application system software used in claims processing, and at the CMS central office. In addition, although there were improvements in CMS’s oversight of Medicare contractors, continuing weaknesses affected its ability to analyze and accurately report financial information on a timely basis. To address these problems, CMS has initiated steps to implement the Healthcare Integrated General Ledger Accounting System, expected to be fully operational at the end of FY 2009. In the interim, corrective action is needed to address persistent weaknesses in internal controls throughout the Medicare system. HHS Management Response: Improving the integrity of Medicare payments is a top management priority at CMS and significant progress has been made during FY 2005. The Comprehensive Error Rate Testing (CERT) program and the Hospital Payment Measurement Program (HPMP) programs provide CMS with a rigorous set of data that is used to manage Medicare contractors, identify errors, educate Medicare billing providers, and prevent future errors from occurring. The CMS focused attention on these activities during the last year resulted in a dramatic reduction in payment errors by more than 50 percent based on last year’s error rate. The CMS analysis for FY 2005 indicated that the paid claims gross error rate was 5.2 percent or $12.1 billion in gross improper payments. The CMS also increased efficiencies in financial management by implementing the Healthcare Integrated General Ledger Accounting System (HIGLAS) at four Medicare contractor sites. The CMS continues to make progress toward the full implementation of HIGLAS, which is a key element of the agency’s strategic vision to implement a complete, financial management system that integrates CMS accounting systems with those of its Medicare contractors Management Issue 4: Payment for Medicaid Prescription DrugsManagement Challenge: OIG and GAO have consistently found that the Medicaid program pays too much for prescription drugs compared to prices available in the marketplace. The CMS estimates that Medicaid expenditures for prescription drugs in CY 2004 totaled more than $30 billion, a substantial increase over the $9 billion spent in CY 1994. Both states and the Federal Government share in these expenditures. Under Federal law, states have substantial discretion in setting reimbursement rates for drugs covered under Medicaid. In general, Federal regulations require that each state’s reimbursement for a drug not exceed the lower of the estimated acquisition cost plus a reasonable dispensing fee or the provider’s usual and customary charge for the drug. In addition, CMS sets Federal upper limits and many states implement maximum allowable costs for certain multiple source (generic) drugs that meet specific criteria. While states must reasonably reimburse pharmacies for prescription drugs provided to Medicaid beneficiaries, they often lack access to pharmacies’ actual market prices. Due to this lack of pricing data, states rely on estimates to determine Medicaid reimbursement. Most states base their calculation of estimated acquisition costs on published Average Wholesale Prices (AWPs). AWPs are not defined by law or regulation and are compiled in drug compendia such as Medical Economics’ “Red Book” and First Databank’s “Blue Book.” OIG reports have demonstrated that the published AWPs states use to determine their Medicaid drug reimbursement amounts generally bear little resemblance to the prices incurred by retail pharmacies. In June 2005, OIG released three additional reports indicating that published prices used by Medicaid to calculate prescription drug reimbursement amounts do not approximate pharmacy acquisition costs. One report addresses how prices for drugs set under the Medicaid Federal Upper Limit (FUL) program compare to reported Average Manufacturer Prices (AMP) and estimates potential savings if FUL amounts were based on reported AMPs. The other two reports compare how the prices that most states currently use to set Medicaid reimbursement, i.e., AWP and wholesale acquisition cost (WAC), compare to statutorily defined prices based on actual sales transactions, such as ASP and AMP. These three OIG reports provide additional supportive evidence that the current Medicaid payment rules result in excessive payments for prescription drugs and emphasize the need for reform that could significantly impact Medicaid expenditures. Furthermore, OIG recommends that CMS work with Congress to restructure Medicaid pharmacy payments so that drug prices more accurately reflect actual costs. In addition to paying too much up front for Medicaid prescription drugs, state Medicaid programs may not be receiving the proper amount of drug rebates that they are entitled to receive. The statutory drug rebate program, which became effective in January 1991, allows Medicaid to receive pricing benefits commensurate with its position as a high-volume purchaser of prescription drugs. Medicaid requires that rebates be based on AMPs, which are values developed by drug manufacturers. Both OIG and GAO reviews have shown that manufacturers make inconsistent interpretations as to what sales are included in AMPs. OIG suggests that additional clarification of the definition of AMP be provided by CMS. Assessment of Progress in Addressing the Challenge: Previous work by OIG, GAO, and others revealed that states have wide latitude in setting their Medicaid prescription reimbursement amounts and that, in general, the Medicaid program pays too much for prescription drugs. Until the passage of the MMA in 2003, Medicare Part B also used AWP as the basis for most drug reimbursements. Based upon provisions in the MMA, Medicare Part B now generally uses ASP, a statutorily defined price based on actual sales transactions, to help lower excessive Medicare prescription payment levels. However, the MMA did not address the AWP vulnerabilities in Medicaid prescription drug reimbursement. Thus, most state Medicaid programs continue to reimburse for pharmaceuticals based on the same inflated AWPs that once plagued Medicare. A major responsibility of Federal and state governments is to ensure that Medicaid reimbursement for prescription drugs is paid correctly and accurately. Drug reimbursement should reliably reflect the actual costs of drugs to pharmacies and be based on pricing data that can be validated. It is also essential that all manufacturers report consistent and accurate information for the rebate process to work as intended. Therefore, CMS needs to be especially attentive in its oversight of Medicaid drug rebates and payment for prescription drugs. HHS Management Response: The CMS has shared the findings of the numerous reports on pharmacy acquisition costs with the states and has encouraged states to review their estimates of acquisition cost in light of the respective findings. Additionally, CMS continuously monitors states’ estimated acquisition costs and provides a quarterly update which is listed on the CMS website. These actions have resulted in states submitting an increased number of state plan amendments to lower the states estimate of acquisition costs. In regard to initiating a review of Medicaid rebates, the President’s 2006 budget proposes the use of average sales prices (ASP) so Medicaid drug prices will reflect actual costs. In the FY 2006 budget, the President proposed to require drug manufacturers to report the ASP for each drug and to cap Federal payment at an aggregate level to ASP plus 6 percents. As long as state relies on prices that are not based on true prices paid to manufacturers, states have no means to set appropriate payment amounts. Current wholesale acquisition cost and average wholesale price (AWP) cost are greatly inflated and this inflation is encouraged by setting Medicaid payment in relation to these inflated prices. Requiring manufacturers to report true prices and to limit Medicaid payment to a reasonable amount above these prices will eliminate the opportunity for manufacturers and pharmacies to gain through report of inflated prices, yield substantial state and Federal government savings, and retain flexibility for states to set prices for individual drugs as they find appropriate within the overall cap. The OIG and GAO concluded that there is a variation in the methods that manufacturer use to determine the Medicaid AMP. The CMS continues to believe that the drug rebate law and rebate agreement already established a methodology for computing AMP. The CMS continuously re-examines current policy to assure that it is clear that manufacturers have not appropriately excluded prices from AMP, as required by section 1927 of the Act. The CMS also issues manufacturer releases to clarify policy when an area is identified where manufacturers did not follow the current policy. Also, CMS continues to work with OIG to provide policy guidance to them to conduct audits of manufacturers’ calculations of AMP. Management Issue 5: Quality of Care in Long-Term Care ServicesManagement Challenge: With the large number of people approaching retirement, ensuring quality of care on behalf of long term care beneficiaries warrants significant attention so that Federal dollars can be well spent purchasing appropriate care. This new generation of consumers will demand much more from their long term care service, not only in terms of quality, but also in the venue of care delivery. While there will always be a need for nursing homes services, the expectation is that care will continue to shift to more community-based services, encompassing the beneficiaries’ homes or other social settings. This shift may increase utilization of alternatives to institution-based care, such as home health and hospice services, more than any other time in the past. Thus, it is imperative that HHS continues to monitor quality of care for long term care beneficiaries in all settings. OIG has raised longstanding concerns regarding payment and quality issues in nursing facilities. Prior OIG work found an increase in the number of deficiencies, and a large number of nursing homes had been cited for substandard care. States are required to refer case information to CMS for enforcement action when facilities are found to be out of compliance for designated time periods or have deficiencies that are considered to put residents in immediate jeopardy. Enforcement actions are mandatory to address particularly egregious cases of noncompliance. These enforcement actions can include termination of the facility’s Medicare contract and denial of payment for new admissions. OIG continues to be concerned that enforcement mechanisms may not be working in a sufficiently effective manner to bring nursing homes with serious deficiencies back to compliance nor to effectively prevent nursing homes with egregious practices from continuing to provide substandard care to Medicare beneficiaries. OIG work has found evidence that CMS and states are not using enforcement mechanisms. In one study, OIG found that states appropriately referred 92 percent of nursing home cases that warranted enforcement; but 8 percent of the cases were either not referred or were referred but the referral was not recognized as such by the CMS regional office. Another OIG report found that facility terminations did not occur as required in 55 percent of cases cited in 2000-2002, due to both late case referral by states and CMS’s staff reluctance to impose this severe remedy. Additionally, CMS did not apply mandatory denial of payment remedies as required in 44 percent of cases in 2002, also primarily due to late referrals. These errors allowed facilities the opportunity to receive payment from Federal programs while out of compliance with resident care standards. Finally, OIG’s report on collection of civil monetary penalties (CMPs) found that, as of March 2004, CMS did not fully collect 4 percent of the CMPs imposed in 2002 and collected another 8 percent well after their due dates. Responsibilities with CMS for CMP collections are neither clearly defined nor commonly agreed upon. OIG also found that the databases used for tracking CMP collections contained inaccurate and incomplete information, causing collection errors. OIG also continues to find vulnerabilities in other programs that are intended to ensure quality of care and protect residents of nursing homes. For instance, in a report examining nurse aide registries, OIG found that most facilities check only their state nurse aide registry but not those in other states. This incomplete compliance indicates that the facilities that are not checking other states’ registries may be jeopardizing the safety of their residents. OIG is also concerned about whether payments to nursing homes are correct and whether the funds are being used for patient care-related activities. It is now examining the adequacy of Medicaid payments to nursing facilities in states that have enhanced payment programs for public nursing facilities. As part of these studies, OIG is determining whether Medicaid reimbursements to states for nursing home care are being diverted from the nursing homes to other state programs. For instance, OIG examined nursing homes from each of three states, New York, Tennessee, and Washington, and found that these nursing homes were required by their state or county to return 90, 96, and 94 percent, respectively, of their enhanced funding. These nursing homes had received the most unfavorable ratings the states can issue. These homes might have provided better quality of care if they had been able to retain all the funding they initially received. Some nursing home care problems are so serious that they constitute “failure of care” and thereby implicate the civil False Claims Act. OIG continues to work with U.S. Attorneys’ Offices and the Department of Justice on development and settlement of these egregious cases. It develops exclusion actions against individuals and entities whose conduct cause the furnishing of poor care, with particular emphasis on higher-level officials of nursing facilities and chains. OIG continues to negotiate quality of care Corporate Integrity Agreements (CIA) as part of the settlement of such False Claims Act cases. All of these CIAs require an outside monitor and include effective enforcement remedies for breach of the CIA, such as specific performance, stipulated penalties, and exclusion. Currently there are 10 active quality of care CIAs that cover approximately 1,000 nursing facilities. Additionally, OIG ensures that long term care providers are implementing quality of care CIAs appropriately. OIG continues to fine tune provisions of the quality of care CIAs and to develop uniform guidelines and practices for quality monitors and means of measuring success of existing CIAs. OIG continues to have concerns about the quality of care residents of nursing facilities receive and also about the adequacy of oversight in other long term care services such as home health and hospice. OIG has thus extended its oversight of long term care services and is currently determining the adequacy of quality of care oversight in hospices, as well as examining the access to and quality of care provided by home health agencies. Assessment of Progress in Addressing the Challenge: The CMS has chartered a Civil Monetary Penalty Quality Improvement Project based on its recognition that collection of CMPs needed improvement. The workgroup is tasked with developing guidelines that establish revised policies and procedures for collection of CMPs, as well as clarify roles and responsibilities. The CMS has also made changes to the “State Operations Manual,” which clarify and enhance guidance about making double G determinations (reflective of substandard care with a scope and severity of actual harm or immediate jeopardy to residents) during the survey process involving nursing homes. CMS has implemented two data systems to manage survey and enforcement actions and complaint and incident-related activities. Increased dependence on these systems to manage and track survey, enforcement, and complaint actions, as well as increased national reporting capabilities of the two systems, is dependent upon timely and complete data entry. CMS also issued a survey and certification letter to all states affirming the law and CMS policy that nursing homes employ qualified nurse aides who are properly trained, appropriately tested, and have no adverse findings of abuse, neglect or misappropriation of property against them. The guidance included instructions asking states to assess their compliance with the nurse aide registry requirements. CMS will analyze this information and plans follow-up activities to support improvements to this area. CMS has also initiated activities to conduct a Background Check Pilot Program, which requires that facilities and providers search any available registries that would likely contain disqualifying information about the prospective employee, as well as conducting a search of state and national criminal history records. HHS Management Response: The CMS has engaged several approaches to improve and refine the number of survey and certification actions, protocols, survey tools, and state agency guidance/instruction. The OIG has touched on a number of concerns ranging from enforcement actions, civil money penalty collection and nurse aide registries. In October 2004, CMS implemented, in all states, a new, electronic, automated enforcement manager (AEM) for all types of enforcement actions in nursing homes. The AEM data system will assist CMS and states in timely referral and imposition of mandatory enforcement actions and terminations and will help CMS monitor the timeliness of data entry into the system. The CMS continues to make investments in this critical program infrastructure. In addition, CMS has clarified the referral process and implemented a system fix that provides assurance that referrals are not missed. To address the issue of timely entry of enforcement data into the data system, CMS released guidance to states and regional offices on May 12, 2005. The CMS will finalize the timeframes once they have been in place for a period of time sufficient for us to evaluate their reasonableness and value. The CMS revised the state Operations Manual to clarify and enhance guidance about making double “G” determinations. This additional guidance, which was issued on May 21, 2004, is detailed and comprehensive. The CMS is reevaluating the effectiveness of the double “G” policy, while it is simultaneously redoubling efforts to make it work. The CMS chartered the CMP Quality Improvement Project team, based on its own recognition that the tracking, collection and data system for CMPs needed improvement. As part of that effort, CMS (1) drafted policies and procedures to track and collect CMPs through the Civil Monetary Penalty Quality Improvement Project, (2) clarified the roles and responsibilities among internal components, and (3) mapped out a streamlined CMP collection process, including how to handle past due CMPs. However, implementation has been delayed as a result of several CMS cross-cutting, resource-intensive initiatives such as the Medicare Modernization Act. In particular the needed changes to the data tracking system have been put on hold until these other priorities have been satisfied and needed resources to make changes are available. In addition, CMS established regional office /State workgroup to develop a national CMP grid to provide written guidance on appropriate dollar ranges for individual ratings of scope and severity. To address issues surrounding nurse aide registries, CMS:
Posted on Sharing Innovations in Quality a compilation of all State Nurse Aide Registry contact information. See http://www.cms.hhs.gov/medicaid/survey-cert/siqhome.asp. Management Issue 6: Grants ManagementManagement Challenge: Departmental grants, totaling over $257.9 billion in FY 2005 ($38.5 billion discretionary and $219.4 billion mandatory), must be used appropriately to maximize their intended purposes.2 Many HHS agencies rely on grants and cooperative agreements to meet mission objectives, such as providing critical health and social services to underserved individuals, researching the causes and treatments of diseases, elevating the social and economic status of vulnerable populations, and supporting the nationwide infrastructure for the health surveillance and prevention network. As such, it is paramount that HHS award these funds to the most qualified and competent organizations, while at the same time adequately monitoring program performance and results and ensuring grantees’ appropriate use of Federal funds. To help address this challenge, OIG has initiated a two-part grant management review plan. OIG is studying HHS agencies’ grantmaking and oversight processes to identify vulnerabilities and to assess criteria and procedures for determining grantee risk and program performance. . OIG is also conducting reviews to assess individual grantees’ program activities and stewardship of funds. Discretionary Grants In a review of the HIV/AIDS prevention grant-making process operated by the Centers for Disease Control and Prevention (CDC), OIG determined that improvements were needed in the agency’s operating process. . OIG identified numerous deficiencies throughout the preaward, award, and postaward phases of CDC’s grants management operations and concluded that CDC could not be assured that its grants management operations provided appropriate direction and oversight for the activities of grantees under the HIV/AIDS prevention program. OIG has initiated two related reviews examining the adherence by the Health Resources and Services Administration (HRSA) and CDC with Departmental policies governing placement on and use of the Departmental Alert List. The Alert List contains the names of high-risk grantees and is used as a grants management tool by the Department to ensure that high-risk grantees are known to the various grant-making agencies within the Department and to help safeguard the Department’s funds. . In a review of HHS agency compliance with the Department’s malpractice reporting requirement of such information in the National Practitioner Data Bank (NPDB), OIG found that the Department under-reported as many as 474 cases to the NPDB. OIG recommended that each Departmental agency required to report take steps to: 1) implement a corrective action process to address the under-reported cases; 2) improve internal controls involving case files management; and 3) assign staff to assume responsibility for addressing practitioner questions/complaints and data entry of reports to the NPDB. At the grantee level, reviews of HRSA Ryan White HIV/AIDS service providers indicated that overall the intended services were being provided, but certain aspects of grantee or subrecipient operations, such as service delivery and fiscal management, could be improved. For example, a provider of emergency housing served some clients beyond the time period established in agency guidelines, while other potential clients were on waiting lists. OIG also identified a number of providers who claimed costs at budgeted levels, rather than based on actual costs, as required by Federal cost principles. At National Institutes of Health (NIH) and university grantee sites, ongoing OIG work is determining whether costs transferred to NIH grants were allowable. In addition, OIG has initiated reviews involving the Head Start Program. OIG has focused its work on reviewing underenrollment issues and procurement and construction practices within Head Start. Mandatory Grants An OIG assessment of the methods used by states to monitor foster care subgrantees found that: (1) some states’ systems were inadequate according to criteria OIG developed for the study based on Federal grants management requirements; (2) some states did not communicate required information to subgrantees; and (3) the Administration for Children and Families (ACF) paid minimal attention to oversight of states’ subgrantee monitoring systems. OIG recommended that ACF hold states accountable for adhering to grant management requirements relating to subgrantees. OIG is also examining states’ standards and capacities to track frequency and content of caseworker visits with children in the Foster Care Program. OIG has also initiated several reviews involving the Foster Care and Adoption Assistance programs. Specifically, OIG has focused on the appropriateness of Federal reimbursement related to Foster Care and Adoption Assistance training and administrative costs and maintenance claims. OIG has also analyzed the ACF’s plan to develop erroneous payments for Foster Care, Head Start, and Child Care as mandated by the Improper Payment Information Act of 2002 and OMB Memorandum on M-03-13. Assessment of Progress in Addressing the Challenge: Through the governmentwide Federal Grant Streamlining program, the HHS grant management environment is undergoing significant changes. The program is intended to implement the Federal Financial Assistance Management Improvement Act of 1999 (Public Law 106-107), which requires agencies to improve the effectiveness and performance of their grant programs, simplify the grant application and reporting process, improve the delivery of services to the public, and increase communication among entities responsible for delivering services. The initiative requires grant officials to examine the way they do business, focusing not only on streamlining the grant process but also on ensuring that results are achieved and Federal funds are used appropriately for the maximum benefit of program recipients. It is crucial that HHS agencies adequately manage and monitor their grantees and, to the extent possible, their subgrantees’ program performance and to require fiscal accountability. HHS Management Response: Assistant Secretary for Budget, Technology, and Finance (ASBTF), Office of Grants: The Office of Grants (OG), under the Office of the ASBTF, continues to conduct a variety of Departmental activities that complement the various studies being conducted by OIG. OG activities include targeted reviews of HHS grant programs, P.L. 106-107 activities to streamline the grants process, Grants.gov to allow grant applicants the ability to find and apply for grant opportunities in one place, balanced scorecard (BSC) surveys to measure the reliability of grant administration processes across the Department, collaboration with OIG to improve Agencies’ use of the Alert List, and Departmental review of funding opportunity announcements. OG has initiated targeted reviews to ensure that grant practices are in compliance with established Departmental grant policies and regulations. These reviews focus on evaluating pre-award processes, examining post-award monitoring activities (including performance and financial report submissions), improving consistency between Agencies, and identifying best practices to share across the Department. To date, the reviews have identified mismatches in policy documents and flawed business processes, as well as some Agency-specific practices that could serve as models across the Department. OG has worked collaboratively with OIG in conducting targeted reviews, so that each office is kept abreast of the various grant oversight activities and reviews being conducted. Early in FY 2006, OG will advise Agencies of those discretionary grant programs that have been designated for review in the upcoming fiscal year. The results of the OIG reviews and studies are being analyzed by OG so that appropriate strategies for generalizing solutions across programs can be developed and shared through effective training modules with Departmental staff responsible for monitoring grantee and subgrantee performance-based outcomes and stewardship of funds. Through effective training, Departmental staff will be able to achieve improvement in these areas. HHS’ Grants Management Balanced Scorecard is a self-administered review protocol enabling HHS Agencies to assess perceptions of performance by soliciting feedback from a variety of internal and external users/customers. The results provide indicators as to how well an HHS Agency is performing a variety of pre-award and post-award grant monitoring activities, enabling HHS Agencies to develop and implement action plans to address areas targeted for improvement. In the second quarter of FY 2005, all HHS Agencies administered Phase One of the scorecard, (which consists of internal HHS Agency surveys; Phase Two consists of external surveys of grant recipients). HHS Agencies’ results from this second initiation of BSC surveys will be compared to those results from the 2003 survey results (where applicable). HHS Agencies such as HRSA, AHRQ, and AoA, for example, developed and implemented process improvements after the 2003 surveys. Improvements from the 2003 surveys to the 2005 round of surveys are anticipated and will be confirmed upon a final comparison of the surveys to be completed during the first half of FY 2006. Grants.gov is the government-wide electronic government (e-Gov) initiative managed by HHS, working in collaboration with the 26 Federal grant-making agencies. The deployment of the Grants.gov portal was a major step taken to migrate all Federal agencies to the system envisioned by the President’s Management Agenda and P.L. 106-107. Deployment of the portal assists the Agencies, including HHS, in meeting their mission objectives by providing a common system to support interactions with the grants community, which includes potential applicants, applicants, and grantees. Grants.gov’s Find functionality allows Federal agencies to post discretionary grant opportunities on Grants.gov and potential applicants to conduct a search of these opportunities. Since October 2003, all grant-making agencies have posted their discretionary funding opportunities on Grants.gov, and all of HHS’s Operating Divisions are posting their grant opportunities. As of September 2005, over 7,000 Federal discretionary grant opportunities have been posted. HHS has posted approximately 2,247 opportunities since October 2003. Grants.gov’s Apply functionality allows Federal agencies to post their application packages on Grants.gov, and allows applicants to download the application package and complete it offline based on agency instructions. After applicants have completed all required forms, they can electronically submit the package to Grants.gov. Upon receipt of the application, Grants.gov sends an electronic acknowledgment to the applicant and delivers the application to the Agency. The Grants.gov Apply functionality was launched in October 2003. As of September 2005, approximately 1,533 application packages have been posted by Federal agencies and over 16,650 electronic applications have been received from the grants community. HHS has posted 558 application packages and received 2,939 electronic applications. This utilization signals a marked increase from previous years, and underscores the growing adoption of Grants.gov as the single source for posting and applying for grants across the Federal government and throughout HHS. HHS has completed system-to-system integration testing with ACF, HRSA, OPHS, and NIH. The Grants.gov Program Management Office (PMO) continues to work closely with OMB and the Federal grant-making agencies to establish government-wide grant application data sets and forms. This year, the Grants.gov PMO worked with OMB to establish a new clearance process for government-wide grant forms, enabling a more expeditious transition from agency specific to government-wide grant application data sets and forms. In addition, Federal agencies began using the government-wide research grant application data set, which was published in the Federal Register. The mandatory grants application/plan� was also published in the Federal Register and has been deployed for government-wide use. Going forward, Grants.gov will deploy version 2 of the core grant application data set, as well as other cross-agency (industry-specif�ic) grant application data sets. At this time, 88 percent (23 of 26) agencies are using these Government-wide grant application forms. Having developed 27 Government-wide forms (as well as 45 agency-specific forms) Grants.gov drives the streamlining of forms for all agencies. As of September 2005, 85 percent of forms used in electronic applications on Grants.gov are Government-wide, accounting for over 11,000 uses of these forms in 1,455 application packages. HHS has adopted the use of government-wide forms to assist the grant community in responding to grant opportunities. Use of government-wide forms allows the grants community to more easily apply, because they are familiar with the forms and can re-use application materials for similar grant opportunities. HHS has used 12 different government-wide forms over 4,600 times in preparing 548 application packages. In addition, Grants.gov has developed three PureEdge forms and has used them 377 times in their application packages. HHS uses government-wide forms 93 percent of the time for their application packages. HHS, in collaboration with OIG, continues to work to improve Agency use of the HHS Alert List as a grants management tool. HHS maintains its Alert List in order to notify all HHS awarding offices of entities considered "high risk/special award conditions" by one or more awarding office and/or those for which the OIG has issued an alert. This allows other HHS Agencies to decide whether they should include special terms and conditions in awards they make to the same grantee. If an award contains special award conditions, the HHS Agencies must ensure that the grantee is aware of those conditions and understands the action necessary to satisfy them. Furthermore, HHS Agencies develop a corrective action plan with the affected grantee, monitor improvement, and assess, at the conclusion of the corrective action period, whether the special award conditions may be removed. To alleviate perceived confusion and/or further misuse of the HHS Alert List, OG is planning, in FY 2006, one-on-one training sessions with each HHS awarding agency to discuss proper use of the HHS Alert List, awarding agency issues, prevalent misconceptions and best practices. OG will consider a reevaluation/restructuring of the HHS Alert List based upon awarding agency comments. As one of several initiatives designed to ensure that the Department meets the President’s Management Agenda goal for improving the management and performance of the Federal Government, OG was authorized by the Secretary to conduct a Departmental review of grants management activities involving the pre-award process. Special interest was given to the development of funding opportunity announcements to afford greater efficiencies and increased accountability, and ensure that announcements are consistent with regulations and Departmental policies. The Departmental review has identified various recommendations for improvements in announcement preparation and presentation, which subsequently have been promulgated through a directed action transmittal to the awarding components. Beginning in FY 2004, the reviews had an additional focus to ensure that Agencies’ funding opportunity announcements were compliant with OMB’s new policy directive requiring the use of a government-wide standard program announcement format. All HHS Agencies are implementing the standard format and, as a result, funding opportunity announcements have greater consistency across the Department. In FY 2005, steps were taken to begin integrating “Topic Area” comparisons between Agencies into the reviews, having 100 percent compliance with OMB requirements including use of Grants.gov and the OMB standard announcement format, and any additional requirements directed by OMB as the result of ongoing P.L. 106-107 initiatives. In addition, FY 2005 reviews identified more specific program areas in which the OPDIVs need to pay closer attention during the development phases of the announcements prior to submitting them to the review process. In FY 2006, the process will be re-evaluated and updated to continue to streamline the topic areas and other identified redundancies. OG encourages grants management offices to perform grants management financial/business process site visits to the grantees in order to identify any financial/business process internal control weaknesses. If weaknesses are found, grantees are required to submit corrective action plans which, if necessary, can be placed in the terms and conditions of the grant award. Ineffective compliance to the correction of a “weakness” as identified in the terms and conditions can result in a suspension or termination of the grant. All of the initiatives referenced above require grant officials throughout the Department to examine their current business processes. The Department anticipates that through the implementation of the aforementioned initiatives, grant officials will not only focus on streamlining the various HHS grant processes but, also ensure that: (1) appropriate methods are put in place to achieve programmatic goals and objectives, (2) collection and distribution of meaningful evaluation data will be enhanced, and (3) effective stewardship of all Federal funds will be achieved. ACF: ACF just recently received the draft reports on the studies the OIG is conducting related to worker contact, and has not yet developed an official response. However, ACF appreciates the OIG’s willingness to look in greater detail into issues that ACF has raised to their attention. Based on the OIG’s findings that result from the studies on training and administrative costs, and maintenance claims, ACF will disallow funds accordingly and engage states in corrective action, as appropriate. With regard to ACF’s Improper Payments Initiatives concerning Foster Care, Head Start and Child Care�three of the four ACF A-11 programs OMB identified as at risk of significant improper payments�ACF has been working with the Department and OMB to prepare and implement annual plans with deliverables aimed toward achieving error rates in these programs. Head Start was able to report an error rate of 3.9 percent in the FY 2004 PAR and will report an error rate of 1.6 percent in the HHS FY 2005 PAR. Similarly, in the FY 2005 PAR, Foster Care will be reporting a preliminary national error rate of 10.02%, Child Care will report error rates for four states that participated in its IPIA pilot, and TANF will report an error rate for the state that participated in its expanded A-133 audit pilot. . While the OIG has expressed concern that ACF’s methodologies for developing these error rates will not result in a statistically valid estimate and rate, OMB is aware of the limitations in which ACF is actively pursuing these initiatives. ACF, HHS, and OMB officials jointly consider strategies that are most reasonable and cost-beneficial in light of statutory and regulatory limitations. CDC: HIV/AIDS Grants Management OIG recommended that “�CDC continue to monitor its grants management operations to ensure full compliance with relevant laws, regulations, and departmental policies.” Their findings stated that CDC failed to: “�perform required cost analyses of applications�to ensure that proposed costs were allowable and reasonable for the work to be performed”; “�[establish] clear, specific objectives providing a basis for assessing grantees’ accomplishments”; require documented accomplishments before awarding a continuation to grants. In order to resolve these deficiencies, CDC has:
Alert List OIG recommended that “�CDC needs to ensure that grants officers follow policies for placing grantees on the Alert List, checking the Alert List, consulting with agencies that place grantees on the Alert List, monitoring grantees with special award conditions, removing grantees from the Alert List when appropriate, and ensure that grants officers justify retaining a grantee whose name appears on the Alert List more than 2 years. In order to resolve these deficiencies, CDC has:
Required all Grants Management Officers to review grants to determine the need for inclusion on the list due to special condition. It is CDC’s desire to ensure compliance with all grant requirements. CDC appreciates the input and guidance provided by the recent OIG reviews. The current challenges have been fully embraced by CDC and measurable results have evolved. Development and implementation of additional improvement measures are forthcoming. Management Issue 7: Ensuring the Integrity ofCritical Support Systems and Infrastructure Management Challenge: IT Infrastructure and Data Integrity HHS continues to make progress in securing its most critical assets, both cyber-based and physical, such as computer systems, data communication networks, and Department laboratories. However, the vastly distributed and complex network of systems, applications, and facilities makes this a daunting task. Recent legislation, such as the MMA, significantly increases the programmatic and systems demands on the Department, creating new or expanding existing relationships with business partners. These new relationships will create new systems exposures that have to be evaluated and, if need be, corrected to ensure the confidentiality, integrity, and availability of critical assets. Recent OIG assessments found that many identified security weaknesses are attributed to either an absence of a process to protect resources or a failure to comply with an established process. The latter presents a major challenge to the Department. While the human factor is critical for the establishment of an effective security program, it is typically overlooked in the development of technical solutions to address weaknesses in entity-wide security, access controls, service continuity, application controls and development, and segregation of duties. As the Department focuses more on data integrity and application controls, the need to ensure adherence to general controls becomes paramount. For example, OIG’s body of work indicates that the Medicare payment error is more often a function of the input of incorrect information than data processing. For the 7 years that OIG produced the Medicare fee-for-service error rate, the overwhelming majority (over 95 percent) of the improper payments identified were detected through medical reviews. Through planned and scheduled work, OIG will place new emphasis on controls that are designed to ensure the integrity of data for numerous vital programs on which critical systems depend. Human Resources Critical to the integrity, management, efficiency and effectiveness of the Department’s hundreds of programs serving the public is its valuable work force. Maintaining high ethical requirements for employees and grantees contributes to the delivery of programs through high standards and fosters public confidence in the integrity of the services provided as well as research conducted. OIG has a special interest in controls related to ethical considerations. It is imperative that program administrators and grantees adhere to ethical standards that preclude conflicts of interest that could negatively affect program outcomes. HHS employees, including those engaged in intramural research and those who administer grants and contracts, as well as HHS grantees, must remain ever vigilant to ensure that conflicts of interest are prevented in all HHS programs, including HHS-funded research. OIG examined NIH policies and procedures for reviewing and approving outside activities requests for its employees. Several vulnerabilities were identified that inhibit NIH’s ability to effectively review outside activities. OIG found that sometimes employees submitted incomplete information regarding their outside activities. Also, several problems were identified with the review process itself, such as approvals after the start date, limited use of written recusals, and inadequate followup for ongoing outside activities of Federal employees. OIG recommended that NIH improve the quality and extent of information it receives for outside activities and address inadequacies in the review process for outside activities. NIH concurred with OIG’s findings and recommendations and has undertaken initiatives to improve its process for outside activities. A similar review is being conducted at FDA that will identify and assess the conflict of interest policies and practices at the agency. The importance of safeguarding the integrity of HHS research dollars is illustrated by a recent audit of a HRSA cooperative agreement implementing an HIV/AIDS peer treatment education program at a major university. OIG found that the university had not resolved a conflict of interest situation in which the program’s co-principal investigator was at the same time a university employee hired specifically for the program and also the chief executive officer of the subcontractor. At a minimum, this “one person wearing two hats” situation gives the appearance that Federal funds were not adequately safeguarded. The school agreed to strengthen its procedures for identifying, reviewing, and resolving potential and actual conflicts of interest. To further examine conflict of interest matters, OIG will examine how NIH monitors extramural grantees for potential conflicts of interest. The focus will be on the effectiveness of NIH’s oversight, whether conflicts of interest have affected Federal and public interests, and whether the definition of “significant financial interest” effectively protects researchers from perceived or actual conflicts of interest. As OIG continues to investigate conflicts of interest at the grantee level, it recognizes a corresponding need to ensure that departmental systems are also effective in preventing and detecting internal conflicts of interest and is encouraging maximum compliance by HHS employees. OIG will continue to issue the results of its assessments at both the grantee and Departmental levels. Assessment of Progress in Addressing the Challenge: IT Infrastructure and Data Integrity HHS has made progress in securing the most critical and essential assets, both physical and cyber-based, such as Department laboratories, computer systems, and data communication networks. Core requirements for security controls were established and distributed, and systems architecture documents are being developed. However, the collective assessment of recently identified weaknesses resulted in the reporting of a material weakness and significant deficiency for major Departmental Operating Divisions in the FY 2004 HHS financial statement audit and Federal Information Security Management Act evaluation. While no evidence of exploitation has been discovered, these weaknesses leave the Department vulnerable to unauthorized access to and disclosure of sensitive information; malicious changes that could lead to fraud, error, or destruction of critical data; improper payments; or disruptions of operation. Human Resources Under the leadership of the Department’s Designated Agency Ethics Official (DAEO), great strides have been made recently to enhance the Department’s ethics program. One important step was the release on February 3, 2005, of an Interim Final Rule implementing more stringent HHS Supplemental Standards of Ethical Conduct that include policies for the review and approval of employee requests to participate in outside activities. All HHS employees continue to be required to seek prior approval before engaging in professional and consultative activities, service on a board of directors or other advisory body, and for teaching, speaking, writing and editing that are related to the employee’s official duties. In addition, NIH employees, like FDA employees, are now required to seek prior approval of all outside employment or self-employed business activities. Moreover, the revised Departmental Supplemental Standards introduce a stricter standard of review for management officials who decide whether or not to approve an employee’s outside activity request. Whereas the prior version, which was in place when OIG conducted recent work at NIH and FDA, required approval unless the proposed outside activity would violate a Federal law or regulation, the revised version mandates that “Approval shall be granted only upon a determination that the outside employment or other outside activity is not expected to involve conduct prohibited by statute or Federal regulation�” 5 CFR � 5501(d)(4). In April 2005, the DAEO launched a revised and expanded outside activity approval form (Form HHS 520) and introduced a required annual report on outside activities (HHS Form 521), which requires more detailed information about the proposed outside activity and how it might relate to the employee’s official duties. The new Supplemental Standards and outside activity forms, along with a tripling of the staff of the Office of General Counsel’s Ethics Division, are indicative of the Department’s efforts to guard against employee conflicts of interest and to help ensure the integrity of all of the Department’s programs. HHS Management Response: IT Infrastructure and Data Integrity HHS has made significant progress in mitigating the risks that are presented in the course of daily mission business processes, but realizes that there are always opportunities to increase Departmental diligence. A comprehensive HHS Security program is in place that has membership and participation from across the Department. HHS has taken a multi-faceted approach in striving to mitigate risk and eliminate any weaknesses in the Departmental security posture. The HHS infrastructure consolidation efforts in the areas of network infrastructure, web access and e-mail services have limited Departmental exposure to cyber attacks by limiting the number of access points that must be protected. The HHS Enterprise Architecture program has worked closely with the HHS Secure One HHS program to develop a security architecture that addresses management, technical, and operational controls at all levels of HHS activity. This architecture is built upon National Institutes of Standards and Technology (NIST) guidance and Federal Information Processing Standards (FIPS). This approach allows HHS to address necessary controls in business process areas, such as separation of duties, as well as those involved in the technical areas of automated assurance. HHS has also begun the development and implementation of a role based learning management system that targets the required competencies for security professionals that have been identified in NIST guidance. This will not only provide technical competency but will help to address behavioral issues that may threaten ongoing data integrity. Automated tools are being put in place to ensure that all aspects of the Federal Information Security Management Act (FISMA) compliance are addressed in a structured and consistent manner, and that the associated documents that provide evidence of that rigor are developed. An HHS-wide network and security monitoring framework is being implemented that allows the Department to define network and operational policies for acceptable and secure network traffic, and monitor that traffic against those policies in an automated fashion, thus only allowing acceptable network traffic and appropriate access to digital resources. Network traffic that falls outside of the bounds of established policy is flagged for inspection, generates an alert to the security team, or is completely blocked, depending on the criticality of the offence and the risk that such an offence may expose. Plans are in place to provide this network and security monitoring service twenty-four hours a day, seven days a week to facilitate a more expedited response to potential security threats. This list of actions and efforts confirms the HHS commitment to a strong security posture and a constant diligence in all areas that might help to eliminate any weakness in that posture. NIH:
The February 2005 interim final rule focused primarily on changes that affected employees of the National Institutes of Health. However, as a result of significant concerns and objections to the February interim rule, the Department carefully considered and made significant revisions to the final rule. Of most importance to FDA, is the fact that the Department removed entirely the requirement that FDA employees obtain prior approval for all outside activities. Activities that never posed a conflict of interest, such as coaching a sport team, teaching a crafts class, providing electrical or plumbing work have been eliminated from requiring prior approval. By tailoring the prior approval requirement, FDA is now able to focus more closely on those activities that are most likely to pose a conflict or raise an appearance concern. Furthermore, by developing written procedures and policies, FDA will ensure consistency in the process to ensure compliance with the Departments Supplemental Standards of Conduct regulations. Human Resources
In addition to these measures implemented under the DAEO’s leadership, the leadership of the NIH has undertaken a series of initiatives designed to improve the effectiveness of its ethics program.
FDA: Prior to commencement of the study , in June 2004, FDA’s Acting Commissioner directed a review be conducted of all ongoing outside activities. The purpose was to assess compliance with the Agency’s strict ethical standards as well as with the standards established by the Office of Government Ethics and the DHHS Supplemental Standards of Ethical Conduct to ensure that the outside activities undertaken by FDA employees were in the public interest. In the end, no outside activities were identified as posing a concern (with the exception of one previously identified and promptly remedied). As a result of the internal review, FDA began to take steps to bolster its process to monitor outside activities. Steps included: 1) developing an automated process for the submission of all outside activity requests; 2) conducting annual reviews of all outside activities; 3) receiving approval to create form HHS-520-1 “Request for Approval of Outside Activity for FDA employees”; and 4) developing a guide on outside activities. While FDA was implementing internal changes to its outside activity process, on February 3, 2005, DHHS issued interim final regulations on the HHS Supplemental Standards of Ethical Conduct. As a result of the interim regulations, FDA had to again change its course of action. FDA learned yet again that the Department was in the process of making additional changes to the interim final regulations for NIH employees as it relates to outside activities and invited the FDA to participate. Management Issue 8: Public Health ReadinessManagement Challenge: The tragedy of September 11, 2001, and events since then, such as the 2005 Gulf Coast hurricanes, underscore the importance of having a well functioning national public health infrastructure and the health care resources necessary to respond to threatened and actual acts of terrorism, bioterrorism, and other public health emergencies. Because HHS manages most of the nation’s Federal health resources through surveillance, coordination, research, and delivery of health care service programs, OIG work has focused on vulnerabilities in those numerous programs. OIG assesses how well HHS programs and their grantees plan for, recognize, and respond to outside health threats, the security of HHS and grantee laboratory facilities, the management of these grant programs and funds by the Department and grantees, and the readiness and capacity of responders at all levels of government to protect the public’s health. Since 2001, OIG has completed numerous audits and evaluations of the Department’s programs for bioterrorism preparedness and response. In 2002, OIG evaluated the effectiveness of the CDC bioterrorism preparedness efforts and assessed the ability of 12 state and 36 local health departments to detect and respond to bioterrorist events. Additionally, OIG conducted a review in 11 states and 21 localities to evaluate their ability to receive and deploy the National Pharmaceutical Stockpile (now the Strategic National Stockpile). The stockpile is designed to supplement state and local public health agency pharmaceutical supplies in the event of a biological or chemical incident. In both studies, OIG found that these states and localities were underprepared to detect and respond to bioterrorist events in general and that their planning documents tended to overstate preparedness. Since that time, the Department has provided to states $1.9 billion to strengthen public health preparedness for bioterrorism. At CDC’s request in 2003, OIG conducted follow-up reviews of progress made by the same states and localities OIG had previously reviewed both for general preparedness efforts and their ability to receive and deploy the Strategic National Stockpile. In both studies, OIG again found that while some progress had been made since 2002, the states and localities were still underprepared to detect and respond to bioterrorist events in general and that their planning documents tended to overstate preparedness. OIG found that the 35 selected local health departments report that they are still not fully prepared for bioterrorism and that these local health departments have made moderate progress in completing general preparedness activities since 2002. Similarly, we found that the 21 localities in the 11 states examined were still not fully prepared to receive and deploy Strategic National Stockpile assets. Overall, the 21 localities met 57 percent of preparedness criteria for receipt and deployment of Strategic National Stockpile assets. In both of these studies, OIG noted that while some progress had been made, CDC needs to continue working with states and localities to ensure that priority planning systems are in place. OIG performed reviews in 14 states and four major metropolitan areas assessing grantees’ efforts to comply with the financial accounting and reporting requirements of the CDC and HRSA bioterrorism grant programs. OIG found that grantees did not always follow program regulations with respect to recording, summarizing, and reporting bioterrorism grant expenditures; monitoring subrecipient expenditures; and timely obligation of grant funds. In 2004, OIG also reviewed states’ progress in developing and implementing jurisdiction-wide laboratory response programs for bioterrorism, which included Level A laboratories. These Level A laboratories are clinical labs that may be involved in the early detection of a bioterrorism event and can conduct initial testing to rule out critical agents of bioterrorism (such as Anthrax) and refer suspected specimens to higher level laboratories. They are generally hospital-based, freestanding, or local public health laboratories. OIG found that virtually all states had begun creating their programs by drafting plans and identifying, contacting, educating, and assessing the capabilities of at least some Level A laboratories. However, OIG noted key vulnerabilities, including insufficient training, a lack of critical emergency communication systems, and states’ use of inconsistent standards to identify Level A laboratories. In the period following the terrorist attacks, OIG assessed security at laboratories operated by CDC, NIH, FDA, and several colleges and universities, as well as CDC’s role in regulating select agents. In FY 2004, OIG followed up on its original assessment of security controls at departmental laboratories and found that the agencies had implemented, or developed plans to implement, most of its prior recommendations. Because legal requirements for the possession of select agents have become more stringent and detailed in the last several years, OIG initiated additional audits of entities with select agents to assess their compliance with select agent regulations and plans in the near future to reassess CDC’s management of the select agent program. In a related effort, OIG will also evaluate physical security and environmental controls over the Strategic National Stockpile. In 2004, OIG conducted reviews of selected state health departments’ 24/7 urgent disease reporting systems. These systems enable health care providers to report to or consult with states or local health department staff at any time regarding public health emergencies, such as bioterrorism events and other suspected or confirmed diseases that require urgent reporting. Only18 states reported to CDC that they had completed the establishment of their 24/7 systems. However, based on OIG assessment, these 18 states still need to make improvements in systems development, coordination, and management. OIG recommended that CDC require and ensure that states annually test their 24/7 systems, require states to develop backup systems that function independently of telephone lines, continue efforts in developing performance indicators that could be incorporated into their Cooperative Agreement on Public Health Preparedness and Response for Bioterrorism, and facilitate information sharing among all states. In 2005, OIG examined hospital surge capacity, an important indicator of preparedness to respond to mass casualties incurred in a terrorist attack. OIG used the specific requirements in the HRSA Bioterrorism Cooperative Grant funding for state and local entities as the criteria for examining states’ and localities’ abilities to ensure attainment of this critical benchmark, which provides a tangible measurement of bioterrorism preparedness. OIG found that states reported shortcomings in meeting these critical benchmarks, which could undermine a hospital’s ability to achieve overall surge capacity. HRSA’s response to these findings includes standardizing data collection through a national survey tool and sentinel indicator project. Additionally, as part of an interagency review in collaboration with the Inspectors General at the Environmental Protection Agency and the Department of Homeland Security, the HHS OIG is reviewing CDC’s role in the BioWatch program, which conducts surveillance for environmental indicators of bioterror agents. In addition to our significant investment examining the Department’s activities related to bioterrorism and public health preparedness, OIG has made it a priority to examine HHS’s response to the public health challenges resulting from Hurricanes Katrina and Rita. We anticipate new work that will address the immediate response of the Department, with a focus on all types of procurements, deployment and recovery activities, as well as an in-depth assessment of the effectiveness of the Department’s programmatic response. Assessment of Progress in Addressing the Challenge: HHS agencies continue to seek additional resources and work on corrective action plans that respond to OIG-reported concerns. Federal, state, and local health departments are striving to work cooperatively to ensure that potential bioterrorist attacks are detected early and responded to appropriately. CDC has taken steps to expand the availability of pharmaceuticals needed in the event of chemical, biological, or radiological attacks. States and localities are currently strengthening their bioterrorism preparedness programs, and recent increases in HHS funding address some of the OIG’s concerns. However, OIG continues to believe that the general readiness of state and local governments to detect and respond to bioterrorist attacks is below acceptable levels. HHS Management Response: CDC:
HRSA: In July 2005 HRSA convened a panel of pediatric experts to identify and suggest strategies to meet the needs of the pediatric population in the event of a terrorist act or public health emergency. Results of the meeting have not been finalized but will be made available soon. HRSA and its partners planned a Pediatric Consensus Conference for September 2005. Although highly anticipated by professionals across the country, it was postponed due to the Hurricane Katrina and Rita responses. The consensus meeting is now scheduled for December 2005. HRSA understands that additional personnel will be needed during a health emergency. The Emergency System for Advance Registration of Volunteer Health Professionals (ESAR-VHP) program continues to build a network of state-based registries that enables states to identify and pre-credential professionals that can then be called upon for immediate support if an event occurs. The program completed phase I (10 jurisdictions) and entered into phase II (adding 20 jurisdictions), with phase III (the remaining 32) planned to begin in January 2006. As an early indicator of progress, 1019 healthcare professionals were deployed from seven states in the Katrina response as a result of the ESAR-VHP registries. Community health centers, poison control centers and emergency medical services organizations are eligible for funding under the program. HRSA encourages states to include these organizations in their surge capacity plans. HRSA has implemented two strategies to enhance data collection. In collaboration with the Agency for Healthcare Research and Quality, HRSA has surveyed over 3,000 HRSA funded hospitals to better gauge the nation’s hospital preparedness level. Results of the survey are expected to be released by the end of 2005. To measure program progress HRSA requires states to report sentinel indicators twice a year. The first set of data has been collected and is now being analyzed. The second set of data is expected in March 2006. Finally, HRSA has closed the 18 OIG audits which assessed grantee’s efforts to comply with the financial accounting and reporting requirements of the bioterrorism grant programs. All of the 18 grantees have either implemented or are in the process of implementing procedures to ensure that program regulations are followed with respect to recording, summarizing and reporting bioterrorism grant expenditures; monitoring sub recipient expenditures; and timely obligation of funds. ---------------------------------- 1 CMS’s performance target for FY 2005 is 7.9 percent and 6.9 percent for FY 2006. 2 The Medicaid budget was excluded from these figures and is addressed in a separate section of this document. |
|
