Office of the Inspector General SEMIANNUAL REPORT TO CONGRESS October 1, 2002 - March 31, 2003 U.S. Office of Personnel Management OIG-SAR-28 April 2003 April 30, 2003 Honorable Kay Coles James Director U.S. Office of Personnel Management Washington, D.C. 20415 Dear Mrs. James: I respectfully submit the Office of the Inspector General's Semiannual Report to Congress for the period October 1, 2002 to March 31, 2003. This report describes our office's activities during the past six-month reporting period. Should you have any questions about the report or any other matter of concern, please do not hesitate to call upon me for assistance. Sincerely, Patrick E. McFarland Inspector General Table of Contents Foreword on page i Productivity Indicators on page ii Statutory and Regulatory Review on page 1 Audit Activities on page 9 Health and Life Insurance Carrier Audits on page 9 Information Systems Audits on page 23 Other External Audits on page 27 OPM Internal Audits on page 32 Investigative Activities on page 41 Health Care-Related Fraud and Abuse on page 42 Combined Federal Campaign Investigations on page 45 Retirement Fraud and Special Investigations on page 47 OIG Hotlines and Complaint Activity on page 48 Index of Reporting Requirements on page 51 Appendix I: Final Reports Issued With Questioned Costs on page 53 Appendix II: Final Reports Issued With Recommendations for Better Use of Funds on page 54 Appendix III Insurance Audit Reports Issued on page 55 Appendix IV: Internal Audit Reports Issued on page 58 Appendix V: Information Systems Audit Reports Issued on page 60 Appendix VI: Combined Federal Campaign Audit Reports Issued on page 61 Investigations Tables Table 1: Investigative Highlights on page 50 Table 2: Hotline Calls and Complaint Activity on page 50 Foreword As we move forward into the year 2003, we look back on the events that have shaped our world and this nation during the last six months, and readily conclude that the work of our Office of Inspector General (OIG) has more relevance than ever within the federal government. Indeed, our role as guardians of integrity and efficiency in government and as protectors of the public trust against waste, fraud and abuse where we find it, together with new homeland security duties, have heightened that awareness in direct proportion to the very real threat posed by those who would attempt to thwart and undermine our government and way of life. Thus, it is, that we can look back on the past six months of OIG work and accomplish- ments and feel much pride in both as we continue to meet the professional challenges posed to us not only by Congress, but by being a key part of the federal community that will always make the protection and defense of our democratic principles a priority. In that regard, one of the key efforts in which our OIG has been involved was an amendment to the IG Act granting police powers to OIG special agents. This amend- ment is now contained in Section 812 of the Homeland Security Act of 2002, signed into public law by the President on November 25, 2002. It specifically provides permanent law enforcement authority to 25 Offices of Inspector General. More details about this legislation appear at the beginning of the Statutory and Regulatory Review section of this report. The Office of Personnel Management (OPM) administers the health, life insurance and annuity benefits programs covering in the aggregate nine million federal employees, retirees, spouses and their dependents, with a federal expenditure of $104.6 billion this past fiscal year. In carrying out our OIG's mandated mission, we are mindful that more is at stake than simply dollars: we are protecting the well-being and welfare of those who have enrolled in these federal benefits programs. In the various sections of this report, you will note our numerous successes involving our audit and investigative work, and in the area of administrative sanctions against unscrupulous health care providers against the Federal Employees Health Benefits Program (FEHBP). We are particularly pleased to call attention to newly promulgated FEHBP administra- tive sanctions regulations that give our agency and the OIG debarring official more effective tools to use in protecting this federal program and its subscribers. Specifically, these new regulations permit us to initiate debarment actions against providers who have committed offenses solely against the FEHBP and to enhance the coordination that exists between our OIG investigators and administrative sanctions staff in their work. OPM also monitors the Combined Federal Campaign (CFC), the annual federal charity drive that involves the entire federal constituency of employees at their duty stations here and abroad. Recently, annual donations exceeded $240 million. The United Way of the National Capital Area received wide news coverage and corresponding interest on Capitol Hill as financial and other organizational issues began to emerge over the past year. We issued a final report on our audit of this CFC during the reporting period. A summary of the report, including several significant findings, is located in the Audit Activities section of this semiannual report. Productivity Indicators Financial Impact: Audit Recommendations for Recovery of Funds total $32,667,819 Recoveries Through Investigative Actions total $2,526,375 Management Commitments to Recover Funds total $8,719,734 Note: OPM management commitments for recovery of funds during this reporting period reflect amounts covering current and past reporting period audit recommendations. Accomplishments Audit Reports Issued total 44 Investigative Cases Closed total 36 Indictments total 10 Convictions total 6 Hotline Contacts and Complaint Activity total 548 Health Care Provider Debarments and Suspensions total 1,800 Statutory and Regulatory Review As is required under section 4 (a)(2) of the Inspector General Act of 1978, as amended (IG Act), our office monitors and reviews legislative and regulatory proposals for their impact on the Office of the Inspector General (OIG) and the Office of Personnel Management (OPM) pro- grams and operations. Specifically, we perform this activity to evaluate the potential of such proposals for encouraging economy and efficiency and preventing fraud, waste and mismanagement. We also monitor legal issues that have a broad effect on the Inspector General community and present testimony and other communications to Congress as appropriate. The most significant legislation affecting the Inspector General (IG) community during this reporting period was the Homeland Security Act of 2002, signed into law (P.L. 107- 296) by President Bush on November 25, 2002. As we referenced in our last semiannual report, section 812 of this Act provides law enforcement authority to 23 designated agencies, including ours, to carry firearms and execute arrest and search warrants. This section also provides authority to those Inspectors General at agencies not specifically cited in the Act to seek these same powers individually from the U.S. Attorney General. In addition, the Act also calls for the U.S. Attorney General to adopt guidelines governing the exercise of these powers no later than May 25, 2003, the effective date of this authority. Meanwhile, each agency is continuing to exercise law enforcement authority under existing memoranda of understanding with the Department of Justice. From a regulatory standpoint, the other significant development during this reporting period related to the Federal Employees Health Benefits Program (FEHBP) administered by our agency, and was twofold: þ OPM's issuance of final regulations implementing our agency's new administrative sanctions authority under P.L. 105-266, the Federal Employees Health Care Protection Act of 1998. þ The publication in the Federal Register of proposed regulations for the civil monetary penalty provisions of that Act. In our last semiannual report, we discuss in detail the significance of these new OPM regulations to provide protection to federal civilian employees and retirees enrolled in the Federal Employees Health Benefits Program against unscrupulous health care providers. In the Administrative Sanctions Activities section which follows, we provide additional information about these new authorities and include significant administrative sanctions actions we took during the reporting period. Administrative Sanctions Activities Since May 1993, our office has been issuing administrative sanctions relating to the Federal Employees Health Benefits Program (FEHBP) under a delegation of authority from the OPM Director. To date, the OIG debarring official has issued over 24,000 debarments and suspensions of health care providers under the government-wide Nonprocurement Suspension and Debarment Common Rule (common rule). Using the common rule has afforded our agency the authority to exclude health care providers from the FEHBP previously debarred from other federal programs. Typically, we applied administrative sanctions following health care provider debarments under the Medicare program. On pages 5-7, we provide a fuller discussion of the common rule, the differences between a debarment and a suspension, as well as a summary of a debarment action we took using this enforcement tool. In our four most recent semiannual reports, we related our progress toward implement- ing new and exclusive statutory authority to debar and suspend health care providers from the Federal Employees Health Benefits Program. As mentioned in the introduction on the previous page, this authority was authorized under P.L. 105-266, the Federal Employees Health Care Protection Act of 1998. Currently, this new authority consists of two sets of OPM regulations written by our OIG. One set has been officially issued; the other is nearing that status. With publication in the Federal Register on February 3, the first set of these new OPM regulations was issued by our agency. That date marks the single most significant milestone in our office's efforts to operate an effective and efficient administrative sanctions tool to block the participation of health care providers posing a threat to the FEHBP and its federal enrollees. On February 10, proposed regulations dealing exclusively with FEHBP-related financial sanctions were published in the Federal Register. While the existing common rule administrative sanctions will not be affected by these new regulations, our office will issue virtually all future debarments and suspensions under OPM's new regulatory authority. FEHBP Sanctions Regulations Offer New Program Protections Unlike the common rule, the Federal Employees Health Care Protection Act of 1998, and the new OPM regulations authorized by that Act, reflect a new emphasis on protecting the safety of FEHBP enrollees and the financial interests of the FEHBP. By design, the com- mon rule primarily addresses financial transactions, such as loans, loan guarantees, grants and scholarships, with health and safety issues being secondary concerns. Operational Advantages of New Regulations As a practical matter, sanctions issued under either the common rule or the new FEHBP sanctions regulations have the same impact of rendering health care providers ineligible to receive FEHBP payments. The new regulations, however, reflect several operational advantages over the common rule. More efficient procedures. The procedures that OPM must follow to debar or suspend a provider are, in most cases, simpler and more efficient. For example, unlike the common rule, the new regulations call for mandatory debarment designations. The bases for such debarments are: þ A health provider's exclusion by another federal agency from its health care program. þ A health care provider's conviction of certain types of crimes. Having these mandatory designations for debarment streamlines OPM decision-making and the appeal processes. Focus on health care issues. OPM's FEHBP debarment and suspension regulations encompass 18 statutorily based grounds for debarment that specifically address health care-related violations. These provisions are directly relevant and applicable to provider-integrity violations within the FEHBP. In contrast, the common rule authority is worded in general terms to permit its use across the entire range of federal nonprocurement programs. Longer debarment periods. The new sanctions regulations offer OPM greater flexibility in setting the length of a debarment. While the common rule indicates that the period of debarment should generally "not exceed three years," the statute underlying the new regulations sets a 3-year minimum period for all mandatory debarments. Equally important, the new regulations set no limits on the maximum period of a debarment. Provider reinstatement controls. Health care providers debarred now must apply to OPM for reinstatement into FEHBP participation at the end of their debarment periods. The underlying statute and new regulations establish specific criteria for acting on these applications. Debarred providers now must demonstrate their fitness before resuming participation in the FEHBP. On the other hand, those debarred under the common rule automatically become eligible to participate in federal programs upon expiration of the period of their debarment without any type of review by the debarring agency. OPM Issues Proposed FEHBP Financial Sanctions Regulations The same statute that gives debarment and suspension authority to the FEHBP also contains financial sanctions authority OPM may impose on providers who commit certain violations with the intent of obtaining fraudulent, wrongful or improper payments of FEHBP funds. As mentioned earlier in this section, on February 10, proposed regulations regarding financial sanctions were published in the Federal Register. As with the first set of FEHBP administrative sanctions regulations, a 60-day notice period was provided to allow the public and other interested parties to comment. After the notice period has closed, our office will prepare the final regulations, taking into account any comments received. The proposed financial sanctions are of two distinct types. Either one, or both, may be imposed for any given violation. These sanctions are described below. Civil monetary penalties. Such penalties may not exceed $10,000 per item claimed fraudulently, falsely or improperly. Assessments. Amounts may not exceed twice the amount claimed when such claims are determined to be fraudulent, false or improper. Financial sanctions will apply to violations in which a health care provider either claims or receives FEHBP funds fraudulently, falsely or improperly and would include the following: þ Services not performed or items not provided--or services not performed or provided as described. þ False or misleading statements in or concerning claims. þ Failure to disclose information required by law in connection with claims. The financial sanctions fill a dual purpose. First, they enable OPM to recover, through administrative action, all of its financial losses resulting from provider misconduct. In addition to fraudulent, false or improper payments, such losses include the loss of interest income to the FEHBP trust fund. The rationale for the latter rests in the fact that the FEHBP did not have the opportunity to invest any of the money improperly paid to the provider. Losses also extend to the costs OPM incurs in investigating and resolving the underlying provider violations. Beyond the more immediate purpose of monetary redress for OPM and the FEHBP, financial sanctions may serve as disincentives to further violations by the sanctioned provider or similar misconduct by other providers. Proposed Financial Sanctions Regulations Appear in Federal Register Suspensions and Debarments Under the Government-Wide Common Rule While we have been developing regulations to implement our statutory sanctions authori- ties, (see earlier discussion in this section), we have used the separate regulatory authority of the government-wide Nonprocurement Suspension and Debarment Common Rule (common rule) to issue debarments and suspensions. In this reporting period, our office debarred 1,800 health care providers under the common rule sanctions authority. The terms debarment and suspension, within the context of either the common rule or OPM's newly issued regulations, have distinct connotations. Debarment refers to an exclusion of a provider from participating in the FEHBP for a specific period of time. Debarments can be imposed only after appropriate prior notice, including the right to an administrative appeal. A suspension, on the other hand, takes effect immediately after issuance by OIG's debarring official and occurs without prior notice or appeal. Its use is appropriate only in cases where there is reliable information suggesting that a provider poses a tangible risk to the FEHBP or its enrollees. Most of these sanctions involve health care providers previously debarred from other federal programs. However, an increasing number represent cases where the adminis- trative action is based on the findings of investigations and other staff work conducted by our OIG. Common Rule Debarments Issued During Period Total 1,800 Two such cases resulting from OIG internal staff work are described below and illustrate the egregious nature of some health care provider actions that require sanctions to be imposed against them. Felony Conviction Leads to Debarment from FEHBP & Other Federal Programs During the reporting period, judgment was entered in a criminal case against a Texas cardiologist. This doctor pleaded guilty in federal district court in Abilene, Texas, to a felony offense arising from violations against the programs of several federal agencies. Previously, our investigation had revealed that this physician submitted false and improper certifications to induce the issuance of special visas for foreign doctors. As a sponsor of doctors entering the United States on such visas, the cardiologist certified that: þ These foreign doctors would be employed in clinics located in health care shortage areas. þ They would be paid a prevailing wage rate. þ He would report promptly any noncompliance with these conditions. Over a period of approximately three years, the cardiologist knowingly violated all of these certifications. His sentence included a term of supervised probation and payment of $1 million to one of the agencies whose programs were victimized. OIG investigators referred this case internally to the OIG debarring official for consideration of possible administrative sanctions action. Our OIG administrative sanctions staff determined that the cardiologist was an active FEHBP-participating health care provider, having submitted over $1.9 million in FEHBP claims during the preceding five-year period. Moreover, the doctor's conduct underlying his conviction raised a direct and serious question regarding the provider's responsibility to continue to participate in any federal programs, not just the FEHBP. Consequently, in January 2003, our OIG debarring official suspended the provider from the FEHBP. He also proposed a three-year debarment to run concurrently with the suspension. The provider contested the debarment on the grounds that the conviction did not involve fraud and that the program violations on which the conviction was based did not concern health care services. The OIG debarring official upheld the debarment as originally proposed. He noted that the regulatory provision on which the debarment was proposed did not require commission of a fraud-related crime, but rather any offense that demonstrated a lack of business honesty and integrity needed to participate in federal programs. The debarring official further observed that the physician's conviction did involve health care programs, providers and facilities, and that the conviction clearly reflected on the cardiologist's responsibility as an FEHBP-participating provider. Suspended Cardiologist Debarred After Criminal Conviction Administrative Sanctions Case Update As we reported in our semiannual report last fall, in September 2002, we suspended a southern California doctor who had pleaded guilty to felony charges arising from a pro- longed and elaborate scheme to evade federal income tax. The plea agreement also con- tained information indicating that the doctor had submitted false and improper claims to TRICARE, the health insurance program for military personnel, retirees and their families. This suspension was imposed after our administrative sanctions staff had determined that the doctor was a member of the preferred provider networks of several FEHBP carriers. This situation raised the question of the doctor's potential risk to FEHBP enrollees and to the FEHBP. Final judgment was entered in U.S. District Court in San Diego, California, on the tax evasion charges in November 2002, with the doctor sentenced to 30 months' incarcera- tion and three years' supervised probation. Subsequently, OIG's debarring official proposed the doctor be debarred for six years, retroactive to his suspension date in September of last year. This extended debarment period was based on the existence of aggravating factors, including: þ Large dollar amount of evaded taxes. þ Collaboration with other persons in his offenses. þ Prolonged nature of the offenses (a five-year period). þ High number of improper health care claims. þ Evidence of substance abuse by the doctor. The doctor contested the length of the proposed debarment, requesting that it be reduced to three years. He asserted that: (1) he had actively cooperated with federal investigators; (2) he had merely participated in a tax avoidance scheme developed by his attorney; and (3) his substance use had not affected his patient care. The OIG debarring official subsequently reduced the debarment period to five years on the basis of the doctor's cooperation with federal law enforcement officials. No further reduction was warranted because, as the debarring official noted, the doctor had accepted full responsibility for his criminal conduct as part of his guilty plea, and that the court had determined the doctor's substance abuse to be sufficiently serious to include a treatment program as part of the sentence. Consistent with common rule regulations, the doctor's debarment period was made retroactive to the beginning of the previous suspension imposed in September 2002. The doctor's two clinics, whose debarment was proposed concurrently with that of the doctor, did not contest their debarments. The clinics were also debarred for identical five-year periods. Ruling on Debarment Period for Suspended Doctor Issued Debarments Under New OPM Statutory Authority By the end of the current reporting period, OPM had proposed 221 debarments under the new statute-based regulations. One of the cases in which the provider reflected a high level of risk for the FEHBP and its enrollees is described below. Medical Doctor Debarred After Conviction on Multiple Felony Counts A physician who owned and operated a clinic in Texas pleaded guilty in U.S. District Court, in Midland, Texas, to felony charges of health care fraud and money laundering. The plea culminated an extensive investigation involving our office, the FBI, and other federal and state law enforcement agencies. Additional information regarding the investigation and its legal consequences appears in the Investigative Activities section of this report on pages 43-44. After judgment was imposed on the doctor in October 2002, our OIG administrative sanctions staff considered this case for action under OPM's new debarment regulations. The doctor's convictions constituted a mandatory basis for his debarment under Title 5 of the United States Code, codified at 5 U.S.C.  8902a(b)(1), covering convictions "relating to fraud, corruption, breach of fiduciary responsibility, or other financial misconduct in connection with the delivery of a health care service or supply." While the law establishes a minimum three-year period of debarment in all mandatory debarment cases, OPM has the authority to impose a longer term as necessary to protect FEHBP and its enrollees. In this case, our OIG identified several aggravating factors associated with the doctor's violations, including numerous fraudulent health claims against federal programs. These factors were: þ Defrauding federally funded health care programs (FEHBP, Medicare and Medicaid) for combined financial losses exceeding $4,000,000. þ Offenses committed by the doctor were extraordinary for sheer numbers and repetitiveness, carried out over a period of nearly four years. þ Fraudulent schemes involved unnecessary procedures on patients that carried risks of dangerous reactions. Note: In at least one case, he compelled a patient to submit to a procedure by threatening to withhold needed medication. þ Illegal drug use and cocaine distribution, creating additional risks for his patients. Because of the severity of the doctor's offenses and the threat he posed to the integrity of federal health care programs, including the FEHBP and the health and safety of FEHBP enrollees, we proposed in March 2003 to debar this provider for a period of 20 years. Final resolution of this case will be reported in our next semiannual report. Debarment Proposal for Convicted Doctor Set at 20 Years Audit Activities Health and Life Insurance Carrier Audits The Office of Personnel Management (OPM) contracts with private-sector firms to under- write and provide health and life insurance benefits to civilian federal employees, annuitants, and their dependents and survivors through the Federal Employees Health Benefits Program (FEHBP) and the Federal Employees' Group Life Insurance program (FEGLI). Our office is responsible for auditing these benefits program activities to ensure that these various insurance entities meet their contractual obligations with our agency. Our audit universe contains approximately 250 audit sites, consisting of health insurance carriers, sponsors and underwriting organizations, as well as two life insurance carriers. The number of audit sites are subject to yearly fluctuations due to contracts not being renewed or because of plan mergers and acquisitions. Annual premium payments are in excess of $26.1 billion for this contract year. The health insurance plans that our office is responsible for auditing are divided into two categories: community-rated and experience-rated. Within the first category are compre- hensive medical plans, commonly referred to as health maintenance organizations (HMOs). The second category consists of mostly fee-for-service plans, with the most popular among these being the various Blue Cross and Blue Shield health plans. The critical difference between the categories stems from how premium rates are calcu- lated. A community-rated carrier generally sets its subscription rates based on the average revenue needed to provide health benefits to each member of a group, whether that group is from the private or public sector. Rates established by an experience-rated plan reflect a given group's projected paid claims, administrative expenses and service charges for administering a specific group's contract. With respect to the FEHBP, each experience- rated carrier must maintain a separate account for its federal contract, adjusting future premiums to reflect the FEHBP group enrollees' actual past use of benefits. During the current reporting period, we issued 23 final reports on organizations partici- pating in the FEHBP, 16 of which contain recommendations for monetary adjustments in the aggregate amount of $32.7 million due the FEHBP. Our OIG issued 207 reports and questioned $559.2 million in inappropriate charges to the FEHBP during the previous six semiannual reporting periods. We believe it is important to note the dollar significance resulting from our audits of FEHBP carriers and the monetary implications for the FEHBP trust fund. These audit results are reflected in the graph on the following page. A complete listing of all health plan audit reports issued during this reporting period can be found in Appendices III and V. The sections that immediately follow provide additional details concerning the two cate- gories of health plans described on this page, along with audit summaries of significant final reports we issued within each category during the past six months. Community-Rated Plans Our community-rated HMO audit universe covers approximately 150 rating areas. Community-rated audits are designed to ensure that plans charge the appropriate premium rates in accordance with their respective FEHBP contracts and applicable federal regulations. The rates health plans charge the FEHBP are derived predominantly from two rating methodologies. The key rating factors for the first methodology (community rating by class) are the age and sex distribution of a group's enrollees. In contrast, the second methodology (adjusted community rating) is based on the projected use of benefits by a group using actual claims experience from a prior period of time adjusted for increases in medical costs. However, once a rate is set, it may not be adjusted to actual costs incurred. The inability to adjust to actual costs, including administrative expenses, distinguishes community-rated plans from experience-rated plans. The latter category includes fee- for-service plans as well as experience-rated HMOs. The regulations governing the Federal Employees Health Benefits Program require each carrier to certify that the FEHBP is being offered rates equivalent to the rates given to the two groups closest in subscriber size to the FEHBP. It does this by submitting to OPM a certificate of accurate pricing. The rates charged are set by the FEHBP-participating carrier, which is responsible for selecting the two appropriate groups. Should our auditors later determine that equivalent rates were not applied to the FEHBP, they will report a condition of defective pricing. The FEHBP is entitled to a downward rate adjustment to compensate for any overcharges resulting from this practice. We issued 15 audit reports on community-rated plans during this reporting period. Nine of the reports contain recommendations for the return of approximately $18.8 million to the FEHBP. A summary of the findings and recommendations for two of these reports follows. Aetna U.S. Healthcare - Ohio in Blue Bell, Pennsylvania Report No. 1C-RD-00-01-076 October 16, 2002 Aetna U.S. Healthcare - Ohio (Aetna) provides comprehensive medical services to its members living in the Cincinnati, Ohio area. The plan began its participation in the Federal Employees Health Benefits program (FEHBP) in 1983. Our audit covered the plan's FEHBP activities during contract years 1996 through 2001, and was conducted at Aetna U.S. Healthcare's offices in Blue Bell, Pennsylvania. During this six-year period, the FEHBP paid the plan over $150.5 million in premiums. The audit revealed that Aetna overcharged the FEHBP a total $7,053,006 during the years covered by the audit, including $5,890,427 for inappropriate health benefits charges and $1,162,579 for lost investment income. Lost investment income represents the interest the FEHBP would have earned on the money the plan overcharged the FEHBP. Aetna agrees with $3,584,601 of the overcharges and that the FEHBP is due lost investment income. Health Benefit Overcharges Exceed $5.8 Million Premium Rates When analyzing the premium rates the plan set for the FEHBP during the contract years we audited, our primary objectives were to find out if: þ The plan had offered the FEHBP market price rates. þ The loadings to the FEHBP were reasonable and equitable. Note: A loading is the term used to define additional benefit costs purchased by a group on behalf of its members to enhance the group's basic benefits package.) þ The plan had developed the premium rates in accordance with the laws and regulations governing the FEHBP. Rates documentation issue. For 1996 and 1997, the plan was unable to provide documen- tation to support the rates charged the FEHBP and the two groups closest to it in size as required under federal regulation. As a result, to determine the propriety of the rates for those two years, we redeveloped the rates for the FEHBP and the two similarly sized groups using the plan's community-filed rates. Community-filed rates are the rates a plan files with a particular state which show that the rates the plan is charging each group are all based on the same underlying community rate. Based on the redeveloped rates, we found that the FEHBP was charged appropriately in 1996. In 1997, however, one of the groups closest in size received a 17.22 percent discount, which was larger than the 13.65 percent discount the plan gave the FEHBP. Since the FEHBP is entitled to the largest discount afforded either of the two groups, we applied the 17.22 percent discount to the FEHBP audited rates and determined that the FEHBP was overcharged $651,959. $5.1 Million in Premium Discounts Not Given to the FEHBP In contract year 2001, our auditors noted another problem regarding inadequate supporting documentation. Due to the merger of Aetna U.S. Healthcare - Ohio with Prudential Health Care HMO - Midwest that year, data from the two health plans was blended to determine the FEHBP yearly rates. Documentation provided to our auditors was not sufficient to support the benefit charges and adjustments applied to Prudential's portion of the rate development. Consequently, the same factors used for the Aetna portion of the rate were used to develop the Prudential portion. Based on this adjustment, we determined that the FEHBP was overcharged $157,801. Discounted rates. In contract years 1998 and 2000, the FEHBP did not receive a discount equivalent to the largest discount given to one of the two groups closest in size as required under its FEHBP contract. In 1998, the FEHBP received a 3.45 percent discount, while one of the two other groups received a 14 percent discount from the plan. Applying the 14 percent discount to the audited FEHBP rates showed that the FEHBP had been overcharged $3,933,802. In 2000, our auditors' analysis revealed that one of the groups closest in size to the FEHBP received a two percent discount. Not only did the audit indicate that the FEHBP did not receive a discount that year, our auditors also found that the FEHBP was charged twice for an enrollment discrepancy loading. As a result, we eliminated one of the loadings from the FEHBP rates and applied a two percent discount. A comparison of these audited rates to the actual rates charged the FEHBP indicated the plan overcharged the FEHBP $1,146,865. Lost Investment Income In accordance with the FEHBP contract with community-rated carriers and FEHBP regulations, the FEHBP is entitled to recover lost investment income on the defective pricing findings we found in contract years 1997, 1998, 2000 and 2001. We calculated an additional $1,162,579 due the FEHBP for investment income it could have earned through December 31, 2001, had it not been for the overcharges. Additional lost invest- ment income is due for the period that began January 1, 2002, and until all questioned costs have been returned to the FEHBP. FEHBP Due $1,162,579 for Lost Investment Income HealthPartners, Inc. in Minneapolis, Minnesota Report No. 1C-HQ-00-02-019 January 8, 2003 Our audit of HealthPartners, Inc., was conducted at its offices in Minneapolis, Minnesota, and covered the plan's FEHBP activities during 1996 through 2001. During this period, the plan received approximately $62.5 million in premium payments from the FEHBP. HealthPartners, Inc., began its participation in the FEHBP in 1993. The plan provides comprehensive medical services to its members throughout the Minneapolis - St. Paul and St. Cloud, Minnesota areas, as well as south central Minnesota and west central Wisconsin. In conducting the audit, we determined that the FEHBP was overcharged $1,546,967 for inappropriate health benefit charges in 1998 through 2000. We also calculated an additional amount of $303,635 for lost investment income as provided for under the plan's agreement with OPM. As described in the previous audit summary, this income represents interest that would have accrued to the FEHBP on the amount of the overcharges our auditors ascer-tained during the audit. HealthPartners agrees that the FEHBP was overcharged, but believes that the FEHBP is due a lesser amount for inappropriate health benefit charges: $1,020,366. Using the plan's calculations would, of course, reduce the amount of lost investment income due the FEHBP since the computations for the latter are dependent on the former. Inappropriate Charges to FEHBP Total Over $1.5 Million Premium Rates A primary objective of the audit was to ascertain if the HealthPartners plan met its contractual obligation to provide the FEHBP the same premium rate discounts it gave to the two subscriber groups closest in size to the FEHBP. Another was to determine if specific health benefit premium charges not part of the plan's basic benefits package were fair and reasonable to the FEHBP. Defective pricing. The audit identified defective pricing in contract year 1998 through 2000. As discussed below, the major overcharges occurred in 1998 and 1999. In 1998, we found that one of the groups closest in size to the FEHBP received a 17.12 percent discount. However, the discount given to the FEHBP amounted to only 4.17 per- cent. In addition, the audit revealed that HealthPartners used the wrong pooling charge factor to its disadvantage in developing the FEHBP's rates. This technical reference applies to compensation the plan was to receive in contract year 1998 for excluding catastrophic claims from claims costs in determining FEHBP rates. In this case, the factor used did not provide adequate compensation to the plan. Our auditors redeveloped the FEHBP rates using the correct pooling charge factor and applying the more favorable 17.12 percent discount. The recalculations revealed that changing HealthPartners' pooling charge factor did not sufficiently offset the FEHBP's original discount disadvantage, resulting in an overcharge of $990,940 to the FEHBP for the contract year. In 1999, the audit showed the FEHBP received a 9.25 percent rate discount, which was slightly higher than the 9.24 percent discount HealthPartners gave to one of the two groups closest in size to the FEHBP. We also found that the plan applied a rate increase to the FEHBP's rates that exceeded the 30 percent maximum permitted under the plan's rating methodology. The FEHBP was entitled to have its rates adjusted by the appropriate rate increase and by using the 9.24 percent discount given to the other group. Using these two factors as a basis for recalculating the correct rates for 1999, we determined that the plan overcharged the FEHBP $513,399 that year. Lost Investment Income Inasmuch as our auditors were able to determine that the FEHBP received defective pricing for contract years 1998 through 2000, this entitled the FEHBP to recover lost investment income (interest) on the more than $1.5 million in overcharges. As required by federal regulation, we calculated the amount of lost interest, using the Department of the Treasury's semiannual cost of capital interest rates. Through December 31, 2001, the FEHBP was due $303,635 from HealthPartners representing this lost investment income. Additional amounts of lost investment income began to accrue starting January 1, 2002, and will continue until all questioned amounts have been returned to the FEHBP. FEHBP Due $303,635 in Lost Investment Income Experience-Rated Plans The Federal Employees Health Benefits Program offers a variety of experience-rated plans, including fee-for-service plans, the latter which constitute the majority of federal contracts in this category. Also included are employee organization plans that sponsor or operate health benefits plans. Certain comprehensive medical plans qualify as experience- rated HMOs rather than community-rated plans. For an overview of these rating categories and how they differ, refer to page 9 at the beginning of the Audit Activities section. The universe of experience-rated plans currently consists of approximately 100 audit sites. When auditing these plans, our auditors generally focus on three key areas: þ Appropriateness of contract charges and the recovery of applicable credits, including refunds, on behalf of the FEHBP. þ Effectiveness of carriers' claims processing, financial and cost accounting systems. þ Adequacy of internal controls to ensure proper contract charges and benefit payments. During this reporting period, we issued seven audit reports on experience-rated plans. These audits consisted of five Blue Cross and Blue Shield plans, one employee organization plan, and one experience-rated comprehensive medical plan. In these reports, our auditors recommended that OPM's contracting officer require the plans to return $13.9 million in inappropriate charges and lost investment income to the FEHBP related to these disallowed charges. Lost investment income represents those monies (interest) the FEHBP would have earned on these inappropriate charges. A brief description of these three experience-rated plan types can be found on the following pages, along with an audit summary from each plan category citing key findings associated with each and which, for the most part, are typical of our audit results. BlueCross BlueShield Service Benefit Plan This plan is a fee-for-service plan, administered by the BlueCross BlueShield Association (BCBS Association), which contracts with our agency on behalf of its numerous BCBS member plans across the country. Participating Blue Cross and Blue Shield plans throughout the United States indepen- dently underwrite and process the health benefits claims of their respective federal sub- scribers under the BCBS Service Benefit Plan, and report their activities to the national BCBS operations center in the Washington, D.C. area. Approximately 51 percent of all FEHBP subscribers are enrolled in Blue Cross and Blue Shield plans nationwide. While the BCBS Association's headquarters are in Chicago, Illinois, its Federal Employee Program (FEP) Director's Office is in Washington, D.C., and provides centralized management for the BCBS Service Benefit Plan. The BCBS Association, through its Washington office, oversees a national FEP operations center, whose activities include: þ Verifying subscriber eligibility. þ Approving or disapproving reimbursement of local plan FEHBP claims payments (using computerized system edits). þ Maintaining an FEHBP claims history file and an accounting of all FEHBP funds. As mentioned earlier, we issued five Blue Cross and Blue Shield experience-rated reports during the reporting period. In the aggregate, our auditors cited $9,002,199 in questionable contract costs charged to the FEHBP and an additional $149,806 in lost investment income (interest) on these questioned costs, for a total of $9,152,005 owed to the FEHBP. The BCBS Association agreed with substantially all the questioned costs in these reports. The following narrative describes the major findings from one of these BCBS reports. BlueCross BlueShield of Michigan in Detroit, Michigan Report No. 1A-10-32-02-003 February 10, 2003 Our audit of the FEHBP operations at BlueCross BlueShield of Michigan (BCBS of Michigan) took place at the plan's offices in Detroit, Michigan. We reviewed health benefit payments made by the plan from contract years 1998 through 2000, as well as administrative expenses, miscellaneous payments and credits and cash management. In performing this audit, our major objective was to determine whether the plan charged costs to the FEHBP and provided services to FEHBP members in accordance with the terms of the contract. As a result of the audit, our auditors found that BCBS of Michigan inappropriately charged $5,295,610 in health benefit charges and $156,872 in administrative charges to the FEHBP, the latter associated mainly with improper BCBS Association dues charges assessed the FEHBP. We verified that BCBS of Michigan's cash management practices were in accordance with the FEHBP contract and applicable laws and regulations. Lost investment income on the questioned costs totaled $28,486. As discussed elsewhere in this report, lost investment income represents interest the FEHBP would have earned on the questioned costs. Final calculations by our auditors regarding amounts owed to the FEHBP totaled $5,480,968. The BCBS Association agreed with substantially all of the questioned charges. Below is a brief discussion of how our auditors arrived at these totals. Auditors Determine $5,480,968 Owed the FEHBP Health Benefits From 1998 through 2000, BCBS of Michigan paid $232 million in actual FEHBP claim payments. In conducting our audit, we reviewed claim payments for proper pricing and payment, coordination of benefits with Medicare, and potential duplicate payments. We also reviewed specific financial and accounting areas, such as refunds, hospital settlements and other miscellaneous credits relating to FEHBP claim payments. Some of our significant findings included: Overstated provider payments. For the period January 1, 1998 through December 31, 2000, we selected multiple samples of claims to determine if BCBS of Michigan had paid claims properly. This review identified a system-wide error related to the calculation of certain hospital payments made by BCBS of Michigan to participating providers during this two-year period. BCBS of Michigan applied a regional factor to its rates to account for the average discount it negotiated with hospitals in those regions where its FEHBP enrollees received hospital care. Our auditors discovered that some of the claims processed did not include this regional factor, resulting in overpayments to the providers. For the period in question, our auditors identified 1,691 overstated claim payments, resulting in overcharges of $2,735,768 to the FEHBP represented by those payments. We recommended that OPM's contracting officer disallow these overcharges and direct the plan to make a conscientious effort to collect the monies involved and credit any amounts recovered to the FEHBP. Incorrect Payments to Providers Costs FEHBP $2,735,768 As mentioned on page 15, the BCBS Association has established a Federal Employee Program Director's Office (FEP) in Washington, D.C., to provide centralized manage- ment for the BCBS Service Benefit Plan. One of its specific responsibilities is to facilitate transfer of payments between the individual local BCBS plans and the FEHBP. One such transfer involves hospital settlement monies. FEHBP funds not returned. Our audit revealed that the BCBS Association's FEP office did not properly return to the FEHBP all the hospital settlement monies BCBS of Michigan had previously transferred to FEP in contract year 2000. The standard process with money transfers involving the FEHBP is for the local plan to notify the BCBS's office in Washington, D.C., that a transfer is being made. After the transfer has been verified, the FEP is responsible for ensuring that these funds are promptly and properly returned to the FEHBP. These money transfers usually represent overpayments made by the plan that are now due the FEHBP for various reasons, such as provider or patient refunds or hospital settlements. Hospital settlements are provided for in contracts negotiated between individual hospital providers and BCBS plans because of the time lag between the initial submission of claims to the BlueCross BlueShield FEP Operations Center and when the actual net cost of benefits can be determined. At the end of the year, a BCBS plan will determine its final liability with various hospital providers for all claims incurred during that contract period and make a final payment to-- or receive a refund from--those providers for any difference between that liability and all payments it made to them throughout the year. The FEHBP's portion of these settlements may be determined on a claim-by-claim basis or using a reasonable allocation method. Prior to the audit, we were advised by the FEP office in Washington, D.C., that BCBS of Michigan had miscalculated hospital settlement monies due the FEHBP for the period June 1997 through December 1999. It was further disclosed that the total amount approached $30 million, with additional lost investment income to the FEHBP of almost $3 million. Recognizing its FEHBP contract responsibilities, and following the BCBS Association's standard procedure in transferring FEHBP funds via the FEP office in Washington, BCBS of Michigan notified the FEP office of its plans to transfer these substantial amounts over a period of time. However, our audit revealed that BCBS of Michigan made the transfers in 2000, but the FEP office in Washington inexplicably failed to transfer $1,964,070 of these funds to the FEHBP's investment account. FEP agreed with the finding and promptly credited the funds to the FEHBP. BCBS Director's Office Fails to Return $1,964,070 Due FEHBP Employee Organization Plans Employee organization plans also fall into the category of experience-rated, and operate or sponsor participating health benefits programs. These fee-for-service plans allow members to obtain treatment through facilities or providers of their choice. The largest types of employee organizations are federal employee unions and associations. Some examples are: the American Postal Workers Union, the National Association of Letter Carriers, the Government Employees Hospital Association and the Special Agents Mutual Benefit Association. During the reporting period, we issued one employee organization plan audit report relating to the National Alliance of Postal and Federal Employees (NAPFE) as sponsor for the Alliance Health Benefit Plan. A summary of the report, including our major audit findings, follows. National Alliance of Postal and Federal Employees as Sponsor for the Alliance Health Benefit Plan in Washington, D.C. Report No. 1B-YQ-00-02-028 February 11, 2003 Alliance Health Benefit Plan (Alliance) is an employee organization plan headquartered in Washington, D.C., and is sponsored by the National Alliance of Postal and Federal Employees (NAPFE). Enrollment in this fee-for-service plan is open to federal employees and annuitants who are members or associate members of NAPFE. As of March 31, 2001, membership totaled approximately 4,500 federal enrollees. Our audit covered contract years 1998 through 2001. We reviewed administrative expenses for 1998 through 2000 and cash management for 1998 through 2001. We specifically wanted to determine whether NAPFE charged costs to the FEHBP and provided services to FEHBP members in accordance with the terms of its contract. As a result of the audit, our auditors questioned $1,613,581 in administrative expenses and $2,197,012 in cash management activities charged against the FEHBP contract. Since the FEHBP is entitled to receive lost investment income on these unallowable charges, we calculated an additional $495,370 associated with these amounts. Final calculations by our auditors regarding amounts owed to the FEHBP totaled $4,305,963. FEHBP Owed $4,305,963 in Inappropriate Charges Administrative Expenses For contract years 1998 through 2000, NAPFE charged the FEHBP $7.7 million in administrative expenses. Of this amount, we determined $1,613,581 of these expenses were not allowable under its contract. The most significant overcharge to the FEHBP was for overhead allocations, totaling $1,192,150. Overhead expenses: In contract years 1998 and 1999, NAPFE allocated and charged $1,011,419 and $1,057,106, respectively, to the FEHBP for overhead expenses. NAPFE, however, could not provide the required documentation to support the charges. Our auditors could not determine if the overhead expenses were allowable without it, which led to our questioning those expenses in our draft audit report. Subsequently, NAPFE recalculated its 1998 and 1999 overhead expenses and acknowl- edged an overcharge to the FEHBP of $482,136 and $504,652, respectively, for those years. Our auditors reviewed NAPFE's documentation for these expenses and accepted its calculations. For contract year 2000, NAPFE allocated and charged $581,824 to the FEHBP for over- head expenses. In this instance, we noted that NAPFE had included expenses in the over- head allocation that were unallowable and/or did not benefit the FEHBP as required by FEHBP regulations. Some of the disallowed overhead expenses were for advertising, taxes, depreciation and promotional items. NAPFE agreed to reduce the overhead expenses accordingly. However, at some point during the plan's recalculations of these expenses, it determined that it was appropriate to increase the percentage of FEHBP's share of the overhead expenses for the contract year. NAPFE, however, could not provide sufficient documentation to support such a significant increase, a change from 22.32 to 32.33 percent. We subsequently recalculated the plan's overhead expenses, taking out the unallowable overhead expenses previously referenced and using the original percentage provided by the plan. The difference in the recalculations by our auditors and NAPFE was striking. We determined NAPFE overcharged the FEHBP $205,362 in contract year 2000, while the plan stated FEHBP overcharges totaled only $5,202. For contract years 1998 through 2000, we recommended that the contracting officer disallow $1,192,150 in overhead expenses incorrectly charged to the FEHBP. Cash Management NAPFE did not comply with federal regulations nor contract terms concerning withdrawal of FEHBP funds from its letter of credit (LOC) account. All fee-for-service plans participating in the FEHBP use letter of credit accounts as the financial conduit through which they access FEHBP monies to reimburse themselves for health benefit payments made on behalf of federal enrollees or for crediting the FEHBP for monies due. It is a legal requirement that FEHBP monies be made available for payment to a participating plan using this LOC arrangement, but only after checks made out to health providers are presented and paid by a bank. In addition to health benefit claims, all fee-for-service plans may withdraw funds from their respective LOC accounts for certain administrative expense charges, service charges, and other reimbursements, so long as these are allowable under their FEHBP contracts and federal regulation. We determined NAPFE was not in compliance with its LOC account activities for contract years 1998-2001. Specifically, we found that NAPFE withdrew $2,197,012 more for expenses than allowed under its FEHBP contract. We recommended in our report that the contracting officer direct NAPFE to credit the FEHBP the full amount to compensate the FEHBP for these excessive withdrawals. Plan Cash Mangement Practices Cost FEHBP $2,197,012 Experience-Rated Comprehensive Medical Plans Comprehensive medical plans (HMOs) fall into one of two categories: community-rated or experience-rated. As we previously explained in more detail on page 9 of this section, the key difference between the two categories stems from how premium rates are calculated for each. Like other health insurance plans participating in the FEHBP, experience-rated HMOs offer what is termed a point of service product. Under this option, members have the choice of using a designated network of providers or using non-network providers. A member's choice in selecting one health provider over another has obvious monetary and medical implications. For example, if a member chooses a non-network provider, the member will pay a substantial portion of the charges and the benefits available may be less comprehensive. During this reporting period, we issued one experience-rated comprehensive medical plan audit report. Our findings for that audit are summarized below. KPS Health Plans in Bremerton, Washington Report No. 1D-VT-00-02-004 November 25, 2002 KPS Health Plans (KPS), formally Kitsap Physician Services, is a comprehensive medical plan (experience-rated HMO) that provides health benefits to federal enrollees and their families in the following Washington counties: Kitsap, Jefferson, and Mason. We reviewed health benefit payments, as well as miscellaneous payments, administra- tive expenses and cash management practices covering contract years 1998 through 2000. At the conclusion of this audit, we reported inappropriate charges to the FEHBP totaling $409,298, including $397,043 for health benefit charges; $10,918 in administrative expense charges; and $1,337 for lost investment income. KPS agreed with $371,028 of the charges our auditors questioned. KPS Health Plans Owes $409,298 to the FEHBP Health Benefits From 1998 through 2000, KPS paid $59 million in actual FEHBP claim payments. In performing this audit, we selected claims for examination at random, as well as in specific health benefit categories, principally those concerning coordination of benefits (COB) with Medicare and potential duplicate claim payments. We also reviewed specific financial and accounting areas, such as refunds and other miscellaneous credits relating to FEHBP claim payments. Based on our review of these areas, we determined that inappropriate health benefit charges to the FEHBP totaled $397,043 during contract years 1998 through 2000. The most significant findings included: Coordination of benefits. For the period 1998 through 2000, our auditors identified 306 hospital claim payments, totaling $150,729, and 388 physician claim payments, totaling $23,207, wherein the FEHBP paid as primary insurer when Medicare Part A or B should have picked up these claim costs as the primary insurer. Verifying whether Medicare is the primary insurer before incurring unnecessary claims costs to the FEHBP is a common administrative error made by fee-for-service plans. For the period covered by this audit, we estimated that KPS overcharged the FEHBP $173,936 for the 694 hospital and physician payments simply by failing to ascertain that Medicare was the primary insurer and the FEHBP the secondary insurer. We recommended that the contracting officer disallow the uncoordinated claim payments we noted and instruct KPS to make a diligent effort to recover the over- payments, crediting all amounts recovered to the FEHBP. Lack of COB Compliance Costs FEHBP $173,936 Refunds. KPS did not credit the FEHBP for refunds totaling $125,786 that it received prior to June 2000. Federal regulations require the carrier to credit refunds relating to health benefit payments to the FEHBP. Consequently, we recommended that the contracting officer direct KPS to credit the FEHBP the entire amount of the overcharge. Information Systems Audits In accordance with the Inspector General Act of 1978, as amended, we conduct and supervise independent and objective audits of agency programs and operations to prevent and detect fraud, waste and abuse. To assist in fulfilling this mission, we perform information systems audits of health and life insurance carriers that participate in the Federal Employees Health Benefits Program (FEHBP) and the Federal Employees' Group Life Insurance program (FEGLI). We also audit elements of the agency's computer security environment. The information systems audits function provides a valuable service to our customers by auditing the computer security and information systems of our agency and health insurance carriers participating in the Federal Employees Health Benefits Program (FEHBP). The need for this type of oversight lies in the federal government's heavy reliance on information systems to administer federal programs, manage federal resources, and accurately report costs and benefits. Any breakdown in federal computer systems, including systems of federal contractors, can compromise the government's efficiency and effectiveness, increase the costs of federal projects and programs, and threaten the safety of United States citizens. Malicious attacks on public and private computer systems continue to increase and thus underscore the importance of this issue. These threats include outbreaks of destructive computer viruses, defacements on Web sites, sabotage, and theft of valuable or sensitive information in computer databases. Our office seeks to minimize information system security risks at OPM through auditing various internal security-related activities and computer systems development. We also perform general and applications controls audits associated with the computer systems at health carriers that contract with OPM to provide health benefits under the FEHBP. General controls refer to the policies and procedures that apply to an entity's overall com- puting environment. Application controls are those directly related to individual computer applications, such as a carrier's payroll system or benefits payment system. General controls provide a secure setting in which computer systems can operate, while application controls ensure that the systems completely and accurately process transactions. OIG Audits Assist OPM in Reducing Program Computer Systems Security Risks During this reporting period, we completed an audit of Merck-Medco Managed Care (Merck-Medco), a BlueCross BlueShield Association contractor. This audit covered Merck-Medco's general information system controls environment and application controls over its prescription drug home delivery and customer service systems. A summary of our audit findings and recommendations are described on the following pages. Audit of Information System General and Application Controls at Merck-Medco Managed Care (presently, Medco Health Solutions, Inc.) in Franklin Lakes, New Jersey Report No. 1A-10-00-02-039 February 4, 2003 Merck-Medco Managed Care (Merck-Medco) manages the mail order prescription drug program for the BlueCross BlueShield Association (BCBS Association) under the BCBS Service Benefit Plan federal contract. Through its local Blue Cross and Blue Shield plans, the BCBS Association serves approximately 51 percent of all federal subscribers participating in the Federal Employees Health Benefits Program At the time of our audit, Merck-Medco Managed Care was an independently managed subsidiary of Merck & Company, Inc. However, Merck-Medco Managed Care separated from its parent company on July 15, 2002, and became Medco Health Solutions, Inc. Since our audit activity was completed prior to this organizational change, we retained the Merck-Medco Managed Care designation for reporting purposes. We did this because we were uncertain whether the organizational change resulted in significant information system control changes. Our audit covered Merck-Medco's general information system controls environment and application controls over its mailed prescription drug services provided to federal BCBS subscribers. The goal of the audit was to obtain reasonable assurance that Merck- Medco had implemented proper controls over the confidentiality, integrity and availability of computerized data associated with its BlueCross BlueShield Association contract in providing these services. Prior to our audit, the certified public accounting firm of PricewaterhouseCoopers LLP (PWC) completed a review of Merck-Medco's computer systems general controls environment. Based on the results of the PWC examination, we did not review controls related to the areas of system software and service continuity. We also limited the scope of our access control review to the application level security for the prescription drug home delivery and customer service applications. Merck-Medco Managed Care's corporate center and system security personnel are located in Franklin Lakes, New Jersey. The company's application computer programmers are located in Montvale and Parsippany, New Jersey, while the data center is in Fair Lawn, New Jersey. The front-end processing of drug orders, as well as most other prescription drug customer services, occurs in Tampa, Florida. In addition, Merck-Medco operates five other customer service facilities located throughout the United States. In 2001, federal enrollee prescription drugs were dispensed from three locations. The Willingboro, New Jersey pharmacy, which became operational in October 2001, proc- essed 7.5 percent of the total prescriptions; the Las Vegas, Nevada pharmacy dispensed 17.8 percent; and the remaining 74.7 percent were dispensed from the Tampa, Florida pharmacy. We evaluated Merck-Medco's information system general controls with guidance from the U.S. General Accounting Office's Federal Information System Controls Audit Manual, industry best practices, and pertinent federal law and regulations. We also audited the application controls in place to ensure that the computerized prescription drug delivery system was processing all transactions accurately and completely. In reviewing the company's general information systems controls, we examined how well they were managing security policy, along with application development and software change controls. Our auditors also assessed whether there was an appropriate segregation of duties among Merck-Medco's employees having access to the plan's information systems. The second portion of our audit was a limited examination of Merck-Medco Managed Care's prescription drug home delivery and customer service applications. We wanted to determine if Merck-Medco Managed Care had controls in place to ensure that trans- actions were valid, properly authorized, and accurately processed in all respects. We found that Merck-Medco had a number of controls in place that helped promote a secure computer environment. These included: þ Ongoing information technology risk assessments. þ A company-wide computer security policy. þ User identification and access authority controls. þ Physical safeguards limiting access to company information technology facilities. þ Testing practices and approval methods for newly developed software. þ Library management software. Review by OIG Highlights Systems Control Safeguards at Merck-Medco On the other hand, we noted several areas where we believe Merck-Medco Managed Care's management should strengthen their controls. While the parent company, Merck & Company, Inc., has a clearly defined centralized information technology security management structure, Merck-Medco employs a potentially less effective decentralized approach. Merck-Medco management has divided its information technology security responsibilities into three separate and distinct organizations. With the split from Merck, we are concerned about the company's ability to develop, implement and maintain effective security policies and procedures. Accordingly, we have recommended that management consider implementing a centralized security management structure. In the area of access controls, we recommended that Merck-Medco install and implement stronger password requirements for users of Windows NT. Another recommendation our auditors made was to change the Windows NT Minimum Password Age setting to prevent users from continuously reusing a favorite password. Implementing this control reduces the risk of having a password decoded by an external entity. Application controls was another area we addressed in our recommendations. Specifically, we recommended that Merck-Medco strengthen these controls by developing and implementing a system development life cycle methodology that details the procedures to be followed when applications are being designed and developed, as well as when they are subsequently modified. We also recommended that Merck-Medco Managed Care implement a systematic reporting function to monitor and analyze the integrity of the prescription cancellation process. Cases of potentially inappropriate cancellations would then be submitted to responsible company officials having the authority to act on the information. Another key recommendation we made in our report was for Merck-Medco to provide training in general security awareness, a requirement under corporate policy and security standards. Merck-Medco Managed Care management agreed to implement our recommendations. When these are implemented, we believe this can only enhance the information system controls at Merck-Medco, thereby safeguarding the confidential medical records of the BlueCross BlueShield Association enrollees under the Federal Employees Health Benefits Program. Merck-Medco's efforts will also ensure the reliability and continued availability of the company's critical automated information. Merck-Medco Agrees to Institute OIG Audit Recommendations OTHER EXTERNAL AUDITS We conduct audits of the local organizations of the Combined Federal Campaign (CFC), the only authorized fundraising drive conducted in federal installations throughout the world. Also, at the request of Office of Personnel Management procurement officials, our office performs pre- and post-award contract audits relating to the acquisition of goods and services by agency program offices. Combined Federal Campaign Under Executive Order 10927, issued August 18, 1961, the U.S. Civil Service Commis- sion (OPM's predecessor) was given the responsibility for arranging national voluntary health and welfare agencies to solicit funds from federal employees and members of the armed services at their places of employment. Since then, OPM's role has been further defined through additional executive orders, one public law (P.L. 100-202), and new federal regulations (5 CFR 950). Key responsibilities include: þ Providing eligibility guidelines for national and local organizations and charities participating in the Combined Federal Campaign (CFC). þ Specifying the role of local CFCs. þ Identifying OPM's specific oversight responsibilities pertaining to the CFC. An estimated 360 campaigns operating nationwide and overseas participated in the 2001 Combined Federal Campaign, the most recent year for which statistical data is available. Federal employee contributions reached $242 million for the 2001 CFC, while campaign expenses totaled $20.5 million. Our audits ordinarily cover two consecutive campaign years. Campaigns are identified by geographical areas as specific as a single city, several cities or counties. Our auditors look closely at the eligibility of participating charities associated with a given campaign, whether these charities have complied with federal regulations and OPM guidelines, and if any irregularities appear in their financial records. In addition, all CFC organizations are required by regulation to have an independent public accounting firm conduct an audit of their respective financial activities. One of the CFC organizations we audit carries the technical designation of principal combined fund organization (PCFO). Among the key activities of a PCFO is collecting and distributing CFC charitable funds, training volunteers, and maintaining a detailed schedule of CFC administrative expenses incurred during a given campaign. More PCFO activities are listed on page 29 of this section under our discussion of the United Way of the National Capital Area audit findings. We also audit national charitable federations that participate in the CFC. A national charitable federation provides common fundraising, administrative and management services to its members--those being other charitable organizations with similar interests. For example, the Children's Charities of America is a national federation providing services to other charities concerned with the welfare of children. During federation audits, we focus on the eligibility of federation member charities and how funds are distributed and expenses allocated to them. Millions Contributed by Federal Employees During Annual CFC Drive Combined Federal Campaign audits will not ordinarily identify savings to the govern- ment, because the funds involved are charitable donations made by federal employees, not federal entities. While infrequent, our audit efforts can result in an internal referral to our OIG investigators for potential fraudulent activity. Refer to pages 45-47 under our Investigative Activities section for a case narrative relating to a major CFC fraud case. On pages 29-31, we discuss in depth an audit of the United Way of the National Capital Area (United Way) we conducted. This was a particularly significant audit in that it covered a recent four-year period when United Way operated as a federation and PCFO simultaneously for the largest CFC in the country, whose contributors are members of the federal workforce in the Washington, D.C. metropolitan area. In addition to this CFC audit, we issued 11 other final CFC reports. The key results from those 11 CFC audits are summarized below. þ Four campaigns did not distribute campaign receipts within the time frame required by the regulations. þ Four campaigns local application files did not include all of the required documentation to support the eligibility of the approved charities. þ Three campaigns could not provide support for certain expenses charged to the campaign. þ One campaign received amounts that exceeded pledges for two campaign years. A listing of these 12 CFC reports can be found on pages 61-62 in Appendix VI. Combined Federal Campaign Controls Need Improvement 1997-2000 Combined Federal Campaigns for the National Capital Area and the CFC Operations of the United Way of the National Capital Area Federation Report No. 3A-CF-00-02-100 November 19, 2002 The United Way of the National Capital Area (United Way) has served for many years as the PCFO (principal combined fund organization) for the CFC conducted in the Washington, D.C. metropolitan area. That campaign, officially referred to as the National Capital Area Combined Federal Campaign, covers the largest concentration of federal employees in the nation. It is also the largest individual campaign in terms of federal employee participation and charitable donation figures. For example, in the most recent campaign year our OIG audited (2000), the National Capital Area CFC had receipts of almost $44 million, representing approximately 18 percent of the total receipts of the entire federal Combined Federal Campaign conducted around the world. The Washington, D.C.-based United Way has been responsible for conducting the local campaign in the national capital region for a number of years. As the PCFO, United Way has overseen the following : þ Coordinating keyworkers and other volunteers training. þ Preparing pledge cards and brochures. þ Distributing campaign materials. þ Collecting and distributing campaign contributions. þ Maintaining a detailed schedule of CFC administrative expenses incurred for each yearly campaign. Our audit of the United Way of the National Capital Area focused on the organization's operations in its dual capacity as a federation and as a PCFO campaign coordinator for all four years we audited (1997-2000). In its federation capacity, United Way was responsible for ensuring the eligibility of its member charities and for the appropriate distribution of federation member campaign receipts. Its federation receipts totaled over $15 million for the 2000 campaign. Our initial scope for this audit was the 1999 and 2000 campaigns. However, we decided to expand the scope to include financial areas of the 1997 and 1998 campaigns after considering the following factors: þ Initial findings in our work on the 1999 and 2000 campaigns. þ Media reports of financial control weaknesses within this particular United Way organization. þ Heightened interest in the audit from internal and external sources, the Office of the Director and Congress, respectively. The objective of our audit was to determine if the campaigns were in compliance with the regulations governing CFCs and federations, cited in the Code of Federal Regulations under 5 CFR 950. Specific areas of the regulations we focused on included: þ Eligibility of local charitable organizations participating in the campaigns and federation members of United Way. þ Receipt and distribution of funds by United Way to local participating charities and, as a federation, to its members. þ Expense charges by United Way to the campaigns for all four years as to reason- ableness, supportability, comparisons to budget, and proper allocations to charities. Poor Internal Controls Result in Undistributed CFC Charity Funds At the conclusion of our audit, we reported that United Way had insufficient accounting controls. Key findings in this area included: þ Duplicate and excessive reimbursements made to United Way staff for travel and other expenses. þ Underdistribution of CFC funds to charities. þ Unauthorized loan of $3 million made to United Way's federation account. þ Justification for CFC-related expenses in the amount of $120,000 as well as a separate amount of $14,000 was not provided. In addition, we reported the following findings from our audit of United Way in its federation capacity: þ Over $1.3 million in CFC funds were never distributed by United Way federation to its members for the four campaign years 1997-2000 audited. þ The federation does not have a documented financial agreement with its member agencies regarding administrative fees. As a result of our audit, and reviews by other groups of the activities of United Way, questioning their internal operations, United Way's Board of Directors has embarked on a significant restructuring of those operations. It also did not apply to be the PCFO for the 2003 National Capital Area CFC. Since the end of the reporting period, the federal group responsible for selecting the PCFO each year for the Washington, D.C. metropolitan area made a decision to award the local 2003 CFC contract to a non-United Way group based in Alexandria, Virginia. This group has had experience running the CFC that serves federal employees and members of the military at duty stations throughout the world. Federal Group Selects New Coordinator for 2003 National Capital Area CFC Agency Contract Audits Our office conducts two types of agency contract audits. We perform pre-award contract audits to: þ Ensure that a bidding contractor is capable of meeting contractual requirements. þ Assess whether estimated costs are realistic and reasonable. þ Determine if the contract complies with all applicable federal regulations. We also conduct post-award contract audits to ensure that costs claimed to have been incurred under the terms of an existing contract are accurate and in accordance with pro- visions of federal contract regulations. These audits provide OPM procurement officials with the best information available for use in contract negotiations and oversight. In the case of post-award contract audits, for example, the verification of actual costs and performance charges may be useful in negotiating future contract modifications pertaining to cost-savings and efficiency. During this reporting period, we did not issue any audit reports on agency contracts. OPM INTERNAL AUDITS We conduct and supervise independent and objective audits of the Office of Personnel Management's (OPM) programs and administrative operations. We also perform evaluations and inspections of agency programs and operations. Two critical areas of ongoing audit activity include OPM's consolidated financial statements required under the Chief Financial Officers Act (CFO Act of 1990), as well as the agency's work required under the Government Performance and Results Act of 1993 (GPRA). The success of OPM's mission and achieving its program goals provide the basis for our internal auditing activities. This success is founded, in part, on a key management principle related to operational controls. These internal controls are in place to provide reasonable assurance that program operations will: þ Be effective and efficient. þ Be characterized by reliable financial reporting. þ Maintain compliance with applicable laws and regulations. Our auditors and program evaluators provide recommendations for improving the efficiency and effectiveness of our agency operations and their corresponding internal controls. We use a risk-based methodology to assess OPM's activities and establish annual work agendas. Our risk-based methodology includes such factors as program dollars, number of staff, the date of our last audit, computerized or manual information systems, laws and regulations, organizational culture of the work place, and governmental concerns. We have found by identifying and concentrating on agency programs and operations with high risk, the OIG can provide the most benefit to the agency. We carefully plan and conduct our activities involving audits or evaluations and inspec- tions in accordance with government auditing standards. We include OPM program managers in every step of the audit process to ensure that we have met their needs, addressed concerns and received feedback on how we can improve the value of our services. We believe this cooperative spirit ensures that all parties involved with our activities will obtain the maximum benefit and that we will continually improve our level of services. Our internal audit activities covered the following areas during the reporting period: þ Agency performance audits. þ Agency consolidated financial statements audits. þ Agency Federal Managers' Financial Integrity Act of 1982 (FMFIA) compliance reviews. Agency Performance Audits As an independent OIG, our performance auditing plays an important role in OPM program accountability, because it provides an external and objective assessment of the performance of OPM's programs and activities. In turn, the information and recommendations we provide through these audits can aid in decision-making by managers and other OPM officials responsible for overseeing and initiating corrective action. We issued four performance audit reports and one evaluation report during this reporting period. The following narratives describe the results contained in two of the audits and the one evaluation report we issued this reporting period. Audit of Federal Employees' Group Life Insurance Program Report No. 4A-RI-00-02-024 January 27, 2003 The FEGLI program was created in 1954 after enactment of the Federal Employees' Group Life Insurance Act. The overall responsibility for the administration of FEGLI has resided with OPM's Retirement and Insurance Service (RIS). Recently, this program office was renamed the Center for Retirement and Insurance Services. Since our audit was issued prior to this reorganization, we will continue to refer to this program office as RIS for purposes of this summary. Specific responsibilities include publishing program regulations and agency guidance, as well as the receipt, payment and investment of agency withholdings and contributions. RIS currently contracts with the Metropolitan Life Insurance Company (MetLife) to provide group life insurance coverage to federal employees, annuitants and their family members. MetLife oversees processing and payment of claims, determining eligibility for living benefits, processing requests for changing coverage, and reviewing applications to determine an employee's eligibility to elect life insurance. The FEGLI program consists of basic life insurance coverage plus three options. Most federal employees are automatically covered by the basic insurance unless they decline. FEGLI currently covers over 4 million federal employees and annuitants, representing about 90 percent of those eligible. In contrast to the Federal Employees Health Benefits Program, wherein the government picks up nearly three quarters of the monthly premium payment, the government contributes approximately one third of the monthly FEGLI premium for enrollees selecting basic life insurance coverage. The government does not contribute to the cost of any optional coverage a federal employee or annuitant may purchase. For fiscal year 2000, FEGLI paid out approximately $1.8 billion on 79,000 claims. Our overall audit objective was to determine if the FEGLI program was being administered efficiently, effectively, economically and as intended under the Act. We focused our efforts on determining whether controls over contract administration and quality assurance reviews were effective. As a result of our audit, we identified two specific areas in which we believe RIS needs to improve its internal controls. Updated contract. OPM's contract with MetLife to provide life insurance benefits to federal employees, annuitants and dependents was first negotiated in 1954. Since that time, there have been about 70 amendments to the contract, and periodically these amendments have been incorporated into it. However, OPM and MetLife have not updated this contract since October 1988. Claims matching process. The second area of concern relates to RIS' s administration of the match of FEGLI's paid-claims file against OPM's annuity master file. The purpose of this match is to determine if the amount and level of benefits paid by MetLife are in agreement with the information shown on the annuity master file. While we acknowledge this match represents a beneficial and necessary control, the process needs improvment. For example, follow-up procedures need to be implemented to ensure that errors identified are being corrected. RIS needs to develop clear policies, procedures, goals and objectives to govern the claims match process. RIS officials agree that its internal controls in both areas need to be addressed and are taking corrective action. RIS Should Update MetLife FEGLI Contract OPM's FY 2002 through FY 2007 Strategic Plan Report No. 4A-CF-00-02-099 February 14, 2003 The Government Performance and Results Act of 1993, also widely called the Results Act, was enacted to improve government performance and accountability through better planning and reporting of government-wide agency results. The Act seeks to improve the efficiency, effectiveness, and public accountability of federal agencies as well as improve congressional decision-making. The main elements of the Results Act are threefold: (1) strategic plans; (2) annual performance plans; and (3) annual program performance reports. These elements create a recurring cycle of first setting a strategic direction; then defining annual goals and measures; and, finally, reporting on performance. Like all agencies, OPM must develop its own strategic plan, which provides the frame- work for implementing the Results Act and setting a course of action and accomplish- ment over an extended time period. As required by the Act, each agency's plan is designed with a six-year strategic focus, containing specific goals and objectives. OPM's strategic plan is implemented through an annual performance plan that includes goals and measures for key program offices. OPM revised its strategic plan earlier than the required deadline of September 2003 as part of its goal to receive a "green" rating in the budget and performance area of the President's Management Agenda Scorecard. The scorecard involves a simple "traffic- light" grading system common in today's business world. The primary objective of our audit was to evaluate OPM's compliance with the Office of Management and Budget (OMB) Circular A-11 in preparing the agency's strategic plan. We determined that OPM was in compliance. We also noted that the strategic plan could be improved by including: þ Details for each step listed to resolve mission-critical management problems. þ Government-wide performance indicators for measures relating to reduced turnover and recruiting successes. þ Descriptions of all five electronic government (e-Gov) initiatives--One-Stop/USA JOBS being one. Note: Through these initiatives, OPM seeks to improve employment information available in databases and via the Internet, helping federal agencies select and retain a highly skilled work force, while attracting the public to federal service. þ Description of how or if personnel appraisals are tied to program or organizational performance. þ Details regarding significant risks and actions that the agency is taking relating to internal agency operations. OPM's Strategic Plan Complies with OMB Circular A-11 Performance-Based Service Contracts Report No. 4A-CA-00-02-036 October 15,2002 OPM's Office of Contracting and Administrative Services (OCAS) provides adminis- trative support to the agency. OCAS is responsible for acquiring the products and services program offices need to accomplish their duties. In 1991, the Office of Management and Budget established the policy of using performance-based methods in service contracts. Performance-based service contracts emphasize objective, measurable performance requirements and quality standards in developing statements of work for contractors. The basic developmental elements of performance-based service contracts include a statement of work, a quality assurance plan and appropriate financial incentives. This evaluation covered 130 contracts awarded in fiscal year 2001. The objectives of our evaluation were to determine: þ If OPM was using performance-based techniques in service contracts over $25,000. þ If OPM had developed policies and procedures for implementing performance-based service contract elements in accordance with OMB guidance and federal regulations. Of those 130 service contracts awarded in fiscal year 2001 that exceeded $25,000, we reviewed supporting documentation for nine contracts. Our evaluation of the nine service contracts showed that OCAS was in compliance with OMB guidance and the Federal Acquisition Regulation (FAR), governing procurement contracts for services and products. However, we did determine that six of the nine service contracts could be improved by including a complete quality assurance plan described in the FAR. Service Contracts Need Complete Quality Assurance Plans OCAS agreed and indicated that it will write future contracts with a separate quality assur-ance section to include all required components of a quality assurance surveillance plan. OPM's Consolidated Financial Statements Audits As we have described in previous semiannual reports, our agency contracts with an independent public accounting (IPA) firm, KPMG LLP, to perform OPM's consolidated financial statements audits annually under the requirements of the Chief Financial Officers' Act of 1990 (CFO Act). We oversee the conduct of these audits for compliance with KPMG's contract and applicable auditing standards. In performing these audits, KPMG is responsible for providing audit reports that contain KPMG's opinion as to the fair presentation (absence of material misstatements) of OPM's consolidated financial statements and their conformance with generally accepted accounting principles. KPMG also reports on OPM's internal control efforts concerning financial reporting and OPM management's compliance with laws and regulations that could have a direct and material effect on the determination of financial statement amounts. OPM's consolidated financial statements include the retirement, health and life insurance benefit programs, and the revolving fund (RF) and salaries and expenses accounts (S&E). The RF programs provide a variety of human resource-related services to other federal agencies, such as pre-employment testing, security investigations, and employee training. The S&E accounts are used by OPM to cover the costs of administering the operations of the agency. Our office monitors KPMG's performance during these audits to ensure that all work is conducted in accordance with the terms of the contract and in compliance with govern- ment auditing standards and other authoritative references pertaining to OPM's financial statements. Specifically, we are involved in the planning, performance and reporting phases of the audit through participation in key meetings and reviewing KPMG's work papers and reports. Based on these efforts, we found no instances where KPMG did not comply with the terms of the contract and government auditing standards. A summary relating to the audit report issued follows. OIG Continues to Monitor KPMG's Consolidated Financial Statements Audits OPM's FY 2002 & FY 2001 Consolidated Financial Statements Report No. 4A-CF-00-02-107 January 24, 2003 Under a contract monitored by our office, the international accounting firm of KPMG, LLP (KPMG) performed audits of OPM's FY 2002 and FY 2001 consolidated financial statements. KPMG's audit covered the retirement, health and life insurance benefit programs; revolving fund (RF); and salaries and expenses accounts (S&E). KPMG also performed audits of the individual benefits programs financial statements. As we have mentioned in previous semiannual reports, the benefits programs are key to the flow of benefits to federal civilian employees, annuitants, and their respective dependents, and operate under the following names: þ Civil Service Retirement System þ Federal Employees Retirement System þ Federal Employees Health Benefits Program þ Federal Employees' Group Life Insurance program Consolidated & Benefits Programs Financial Statements KPMG determined that the fiscal years 2002 and 2001 consolidated financial statements, and the individual statements of the three programs that govern the health, life and retirement benefits of federal employees and retirees, were presented fairly in all material respects and were prepared in conformance with generally accepted accounting principles. OPM's Financial Statements Receive "Clean" Audit Opinion KPMG noted four reportable conditions in the internal control environments of the benefits programs and the RF and S&E accounts during fiscal year 2002. Three of these conditions existed in the prior year and remain uncorrected. Reportable conditions are defined as items that if left uncorrected could jeopardize the agency's ability to record, process, summarize and report financial data accurately. However, they would not result in material misstatements to the consolidated financial statements if not corrected. If the items would result in material misstatements, then they are called material weaknesses. Table 1 on the next page includes reportable conditions that KPMG identified during its audit work on the financial statements for FYs 2002 and 2001. It is significant to note that this is the third consecutive year that none of the reportable conditions identified during the audit was considered to be material weaknesses in the agency's internal controls over financial reporting. Specifically, KPMG reported the following conditions in the internal controls over financial reporting that needed improvement: þ Information systems general control environment. þ Financial management and reporting processes of the Office of the Chief Financial Officer (OCFO). þ Quality control over annual financial statement preparation. þ Segregating duties involving the letter of credit system used by FEHBP experience- rated health carriers. KPMG reported no instances of non-compliance that are required to be reported under government auditing standards or Office of Management and Budget Bulletin No. 01- 02, Audit Requirements for Federal Financial Statements, except for the standard general ledger at the transaction level (RF and S&E only), where OPM's financial management systems did not substantially comply with the requirements of the Federal Financial Managers' Improvement Act. The following table lists the internal control weaknesses reported for FY 2002 and the programs to which they apply. Table 1. Not available in the accessible version. No Material Weaknesses Reported for Third Consecutive Year Investigative Activities The Office of Personnel Management (OPM) administers benefits from its trust funds for all fed- eral civilian employees and annuitants participating in the federal government's retirement, health and life insurance programs. These trust fund programs cover approximately nine million current and retired federal civilian employees, including eligible family members, and disburse about $69 billion annually. While we investigate employee misconduct and other wrongdoing brought to our attention, the majority of our OIG investigative efforts is spent examining potential fraud involving these trust funds. As a result of this office's investigative activities, we realized a significant number of judicial and administrative successes during this reporting period, including monetary recoveries totaling $2,526,375. Overall, we opened 37 investigations and closed 36, with 36 still in progress at the end of the period. Our investigations also led to seven arrests and six convictions. For a com- plete statistical summary of our office's investigative activity in this reporting period, refer to Table 1 on page 50 of this section, along with the OIG's productivity indicators listed at the beginning of this report. As mentioned in the shadow box above, most of our case work relates to the federal health, life and retirement trust fund programs our agency administers on behalf of millions of federal employees, retirees, their spouses and dependents. Our office aggressively pursues individuals and corporate entities seeking to defraud these trust funds upon which our federal employees, retirees, their spouses and dependents rely. Over the years, our OIG has worked a number of annuity fraud cases involving the Civil Service Retirement and Disability trust fund. This trust fund program covers all civilian federal employees who contributed to the Civil Service Retirement System (CSRS) and/or the newer Federal Employees Retirement System (FERS). FERS was established by Congress in 1983. At that time, federal employees were given the opportunity to remain in CSRS or switch to the new program. All federal government employees hired on or after January 1, 1984, were automatically placed in the FERS retirement program. With CSRS being the older of the two systems, more people have retired under this system, creating a greater chance for annuity fraud under it than FERS. Our office long ago assumed a proactive stance in identifying individual cases upon which to base annuity fraud investigations. We identify fraud in this area by routinely reviewing CSRS annuity records for any type of irregularity, including excessive age. We receive additional information from our agency's Retirement and Insurance Service (RIS) through the computer matches it performs using OPM's annuity rolls and the Social Security Administration's death records. Recently, RIS was renamed the Center for Retirement and Insurance Services following an agency-wide reorganization. These computer matches have proven very helpful to OPM since many CSRS annuitants or those receiving CSRS survivor benefits are also eligible for Social Security benefits. RIS also provides our office other annuity data in support of our investigative activities. Other useful tools to help our office in its efforts to uncover and expose fraud and abuse are the OIG's health-care fraud hotline and retirement and special investigations hotline, along with mailed-in complaints. Formal complaints and calls we receive on these hotlines totaled 548 during this reporting period. Additional information, including specific activity breakdowns for each hotline, can be found on pages 48-49 in this section. In keeping with the emphasis that Congress and various departments and agencies in the executive branch have placed on combating health care fraud, we coordinate our investigations with the Department of Justice (DOJ) and other federal, state and local law enforcement agencies. At the national level, we are participating members of DOJ's health-care fraud working group. We actively work with the various U.S. Attorney's offices in their efforts to further consolidate and increase the focus of investigative resources in those regions that have been particularly vulnerable to fraudulent schemes and practices engaged in by unscrupulous health care providers. In addition to our responsibility to detect and investigate fraud perpetrated against OPM's trust funds, this office conducts investigations of serious criminal violations and misconduct by OPM employees. These cases may involve the theft or misuse of government funds and property. On the following pages, we have provided narratives relating to health care and retire- ment fund fraud investigations we conducted or concluded during the reporting period, along with one Combined Federal Campaign investigation While these summaries represent only a small portion of our total recoveries, they are indicative of the various types of fraud we encounter in our investigations and the penalties and sanctions individuals face when involved in wrongdoing affecting OPM programs. Health Care-Related Fraud and Abuse Our OIG special agents are in regular contact with the numerous health insurance carriers participating in the Federal Employees Health Benefits Program to provide an effective means for reporting instances of possible fraud by health care providers and FEHBP subscribers. Our office also maintains liaison with federal law enforcement agencies involved in health care fraud investigations and participates in several health-care fraud working groups on both national and local levels. Additionally, we work closely with our own Office of Audits when fraud issues arise during the course of health carrier audits, as well as with the OIG debarring official when investigations of health care providers reveal evidence of violations that warrant consideration of possible administrative sanctions. The following two narratives describe major cases we concluded in the area of health care fraud during this reporting period. West Texas Doctor Involved in Billing Fraud Against Federal Health Programs We have been conducting a series of health-care fraud investigations with the FBI. In November 2000, we received information from the FBI in Midland, Texas, that a west Texas doctor, owner and operator of a clinic in Big Springs, Texas, may have been improperly billing three major federal health care programs for services not rendered. The federal programs were Medicare, the Federal Employees Health Benefits Program (FEHBP) administered by our agency, and the federal-state Medicaid program that serves the poor. The Texas Rangers had also advised the FBI that this doctor might be implicated in illegal drug activity, along with prescribing and selling controlled substances. That information prompted a separate joint investigation involving our OIG, the FBI, the U.S. Drug Enforcement Agency, the Texas Medicaid fraud control unit, and the Texas Rangers. Regarding the health care fraud issue, we learned that the doctor routinely instructed his staff to select at random 13 to 15 patient files per week to use to create phantom billings later sent to the above-referenced health care programs. We were able to substantiate that in no instance did the billings relate to patients the doctor had seen or treated for the services identified or on the dates indicated. On April 17, 2002, the doctor was indicted by a federal grand jury in U.S. District Court in Midland, Texas, on health care fraud charges related to the FEHBP, Medicare and Medicaid. He also was indicted on charges stemming from illegal activity involving prescription drugs. The latter charges were later dismissed after a plea bargain. In addition to the federal charges, the state of Texas has indicated that it will pursue its own investigation, which most likely will lead to additional charges. Approximately four months after this indictment, on August 9, 2002, the doctor pleaded guilty to one count of health care fraud and one count of money laundering. The doctor's sentencing hearing was held on October 18, at which time he was ordered to serve five years in prison and to repay approximately $4.1 million to the defrauded health care programs. Of that amount, the FEHBP will receive $60,472. Our investigators also referred this case internally to the OIG's debarring official, who oversees the administrative sanctions program associated with the FEHBP we administer on behalf of OPM. In this particular case, the OIG debarring official proposed a 20-year debarment based on these and other facts. More details about this doctor, his suspension and proposed debarment from the FEHBP can be found on page 8 in the Statutory and Regulatory Review section of this report. Texas Doctor Receives Five Years in Prison for Defrauding Federal Health Programs Dermotologist Defrauds FEHBP & Other Federal Medical Benefits Programs On July 31, 2000, a qui tam civil false claims complaint was filed with the Department of Justice (DOJ) by a former employee of a physician who owned and operated a series of dermatology clinics known as Advanced Dermatology Centers. These clinics were located throughout southern California and Arizona. The judicial venue for this lawsuit was the U.S. District Court in San Diego, California. In accordance with the qui tam provisions of the False Claims Act, a private party can file an action on behalf of the United States and receive a portion of the settlement if the government takes over the case and reaches a monetary agreement with the defendant(s). This investigation, supervised by the DOJ, addressed allegations of fraud against all the major federal health care programs, including Medicare; TRICARE, which coordinates medical benefits for our military personnel and their dependents; and the Federal Employees Health Benefits Program administered by our agency. Our investigative efforts included the collection and analysis of thousands of claims submitted by the physician to the various health plans participating in the FEHBP. The results of this OIG staff work were forwarded to the U.S. Attorney's office in charge of the case. On July 30, 2002, the Department of Justice decided the case warranted intervention by the federal government. The DOJ pursued a civil action regarding allegations that this doctor misrepresented the identity of the rendering physician when seeking payment from the above-referenced federally funded programs. Previously, the investigation had revealed that numerous billed services were provided by the dermatologist's physician's assistant (PA), not himself. The significance of this information was that the doctor was entitled to receive a higher reimbursement for his services than those provided by his PA. By falsifying claims regarding who performed the services, the doctor received federal funds to which he was otherwise not entitled. On January 15, 2003, the physician agreed to settle this case with the Department of Justice in the amount of $500,000. Two-thirds of this amount was to be returned to the defrauded federal programs, with the FEHBP receiving $23,000 as its share. Physician Reaches $500,000 Settlement in Federal Health Care Fraud Case Combined Federal Campaign Investigations OPM administers the Combined Federal Campaign program on behalf of the federal government. Our investigators work closely with our audit counterparts within the OIG when possible fraud or abuse in the CFC program is detected. These investigations usually concentrate on the operations of the local CFC organizations that collect and distribute federal contributions to designated charities around the country. The following narrative summarizes a case closed during this reporting period describing one type of irregularity that can occur involving CFC operations at the local CFC organization level. Executive Director of Local CFC Convicted of Theft In January 1999, our agency's Combined Federal Campaign Operations office requested our OIG initiate an audit of the Maricopa County Combined Federal Campaign (CFC) in Arizona to review its CFC activities for campaign years 1995-1996, 1996-1997, and 1997-1998. The Office of Personnel Management oversees the national Combined Federal Campaign, the name given to the federal government's annual charity drive conducted among all civilian and military personnel stationed around the world. See pages 27-28 in our Audit Activities section for more detailed information on the purpose, activities and organizational structure of the Combined Federal Campaign. In this instance, OPM received a complaint from one of the participating charities work- ing with the local Maricopa County CFC, whose headquarters are in Phoenix, Arizona. That complaint concerned the charity not receiving funds previously designated for it through the local Maricopa CFC. Our OIG auditors, who routinely perform CFC audits, followed up on this complaint. During their initial visit, the auditors requested the executive director of the Maricopa County CFC to produce the necessary documentation to account for thousands of dollars in local CFC expenses charged to the campaign. He was unable to comply with the request. At this juncture, this matter was referred internally to our OIG investigators to conduct a criminal investigation. In a joint investigation with the FBI, our OIG investigators focused on the use of contributed CFC funds for the period beginning March 1995 through April 2000. We learned during the investigation that the executive director had been successful in manipulating one of the key CFC oversight components, the independent auditor(s), who annually check the local CFC financial records for irregularities and discrepancies. As part of CFC procedures, the executive director is required to select the auditing firm who conducts this annual CFC audit and to oversee its work. In this instance, the Mari- copa County CFC executive director was able to place restrictions on the scope of the independent auditors' work by having those auditors review and account for CFC contributions only, effectively excluding a review of the local CFC's administrative expenses. Absent an administrative expense review by these independent auditors, the executive director was in a position to charge phantom CFC administrative expenses in excess of actual expenses. Administrative expenses are legally paid out of federal employee donations to cover routine CFC operations. The net effect was that the executive director was able to direct the money collected by the local CFC to pay for his personal business expenses. Not only was he successful in hiding this financial ruse from the independent auditors, but from the local federal coordinating committee (LFCC) as well. Every local CFC has a governing LFCC, which is responsible for organizing the CFC, determining the eligibility of local charities, supervising CFC-related activities generally, and acting upon any problems relating to a local charity's noncompliance with the policies and procedures of the national Combined Federal Campaign. Our investigation did not indicate that the LFCC was ever made aware of the limits placed on the independent auditors' review of the local CFC's financial records until after our investigation took place. We uncovered additional facts surrounding this executive director's fraudulent activities. Not only was he able to mask personal expenses as CFC administrative expenses, he later gained complete control over the local CFC's bank accounts, accounts originally set up as dual-signature accounts with LFCC members. Without this secondary approval by LFCC members, the executive director was able to move contributed funds with impunity into his personal and business bank accounts from the CFC bank accounts. He accomplished this by befriending bank employees, gaining their confidence and trust to the extent that they allowed him to bypass the dual-signature requirement. There was not enough evidence, however, to bring criminal charges against the bank employees. This joint investigative effort proved fruitful. The executive director was arrested on June 21, 2002, for embezzlement. Later that year, on October 22, he pleaded guilty to embezzling $128,000 from the local CFC over a five-year period, beginning April 1995 through April 2000. On February 7, 2003, he appeared in U.S. District Court in Phoenix, Arizona, for sentencing. He received a prison sentence of 43 months for his role in the theft of these funds, and was ordered to make restitution to OPM for the entire amount on behalf of the local Maricopa County CFC and its participating charities. Appropriate distribution was to follow at a later date. Executive Director of Local CFC Guilty of Embezzling Funds Retirement Fraud and Special Investigations As previously stated, in accordance with our mission to prevent and detect fraud, OIG special agents routinely review CSRS annuity records for indications of unusual circum- stances. For example, using excessive annuitant age as an indication of potential fraud, our investigators attempt to contact the annuitants and determine if they are alive and still receiving their benefits. In addition, we receive inquiries from OPM program offices, other federal agencies and private citizens that prompt us to investigate cases of potential retirement fraud or alleged misconduct by OPM employees and contractors. Below is the summary of a case we completed during this reporting period that indicates the type of vigilance necessary to combat federal annuity fraud. Deceased Annuitant's Daughter Forges U.S. Treasury Checks Our office concluded a joint investigation with the U.S. Secret Service during the report-ing period involving the daughter of a deceased annuitant who continued to receive her mother's annuity funds after the mother's death. Our investigation began in November 2001 after we had conducted a routine review of OPM's annuity records for potential fraud. We found that a deceased annuitant had been receiving two federal retirement annuities, one as a federal retiree and the other as a survivor annuitant. Both annuities were issued under the Civil Service Retirement Service program (CSRS) administered by our agency. For several years prior to her death, the mother had lived in San Bernardino, California. In 1996, the annuitant requested she receive hard copy checks at a U.S. Postal Service post office box located in the same city. The mother subsequently died on April 28, 1998, but the daughter did not report the death to our agency as required. As a result of our efforts, we determined that after the annuitant's death, 46 U.S. Treasury checks were sent to her post office box address. Upon examining each of these checks, we also discovered the annuitant's name had been forged and the checks deposited to a joint bank account in the annuitant's and daughter's names. The account in question was opened in 1996 by the annuitant at a local bank in San Bernardino, California. The daughter was able to access the joint account and use the deposited funds for her own personal gain. Those 46 U.S. checks totaled $89,400. Not long after the annuity fraud was confirmed, and at OPM's request, the U.S. Depart- ment of the Treasury was able to put a hold on the joint bank account and reclaim $26,000 of the amount owed to the CSRS trust fund. In February 2001, the daughter was interviewed and admitted forging her mother's name to all the checks in question. On August 5, 2002, the daughter pleaded guilty to two counts of forgery. Sentencing occurred on October 28, 2002, in the U.S District Court located in Riverside, California. The daughter received three years' probation and was ordered to make full restitution to the CSRS trust fund in the amount of $63,400, the balance of what was not reclaimed earlier from the joint bank account. Deceased Annitant's Daughter Defrauds CSRS Trust Fund of $89,400 OIG Hotlines and Complaint Activity The information we receive on our OIG hotlines is generally concerned with FEHBP health care fraud, retirement fraud and other complaints that may warrant special investigations. Our office receives inquiries from the general public, OPM employees, contractors and others interested in reporting waste, fraud and abuse within OPM and the programs it administers. In addition to hotline callers, we receive information from individuals through the mail or who appear in our office. Those who report information can do so openly, anonymously and confidentially without fear of reprisal. Retirement Fraud and Special Investigations The Retirement and Special Investigations hotline provides the same assistance as tradi- tional OIG hotlines in that it is used for reporting waste, fraud and abuse within the agency and its programs. The Retirement and Special Investigations hotline and complaint activity for this report- ing period included 35 telephone calls, 55 letters, 25 agency referrals, 2 walk-ins, and 25 complaints initiated by the OIG, for a total of 142. Health Care Fraud The primary reason for establishing an OIG hotline was to handle complaints from subscribers in the Federal Employees Health Benefits Program administered by our agency. The hotline number is listed in the brochures for all the health insurance plans associated with the FEHBP, as well as on our OIG Web site (www.opm.gov/oig). While the hotline was designed to provide an avenue to report fraud committed by sub- scribers, health care providers or FEHBP carriers, frequently callers have requested assistance with disputed claims and services disallowed by the carriers. Each caller receives a follow-up call or letter from either the OIG hotline coordinator, the insurance carrier or another OPM office as appropriate. The Health Care Fraud hotline and complaint activity for this reporting period involved 231 telephone calls and 175 letters, for a total of 406. During this period, the administrative monetary recoveries pertaining to health care fraud complaints totaled $311,664. OIG-Initiated Complaints As illustrated earlier in this section, we respond to complaints reported to our office by individuals, government entities at the federal, state and local levels, as well as FEHBP health care insurance carriers and their subscribers. We also initiate our own inquiries as a means to respond effectively to allegations involving fraud, abuse, integrity issues and, occasionally, malfeasance. Our office will initiate an investigation if complaints and inquiries can be substantiated. An example of a specific type of complaint that our office will initiate involves retirement fraud. This might occur when our agency has already received information indicating an overpayment to an annuitant has been made. At that point, our review would determine whether there were sufficient grounds to justify our involvement due to the potential for fraud. There were 28 such complaints associated with agency inquiries during this reporting period. Another example of an OIG-initiated complaint occurs when we review the agency's auto- mated annuity records system for certain items that may indicate a potential for fraud. If we uncover some of these indicators, we initiate personal contact with the annuitant to determine if further investigation is warranted. We believe that these OIG initiatives complement our hotline and outside complaint sources to ensure that our office can continue to be effective in its role to guard against and identify instances of fraud, waste and abuse. Investigative Activity Tables TABLE 1: Investigative Highlights Judicial Actions: Arrests total 7 Indictments total 10 Convictions total 6 Administrative Actions:1 total 4 Judicial Recoveries: Fines, Penalties, Restitutions and Settlements total $2,503,762 Administrative Recoveries: Settlements and Restitutions total $22,613 Total Funds Recovered. . . . . . . $ 2,526,375 1Includes suspensions, reprimands, demotions, resignations, removals, and reassignments. TABLE 2: Hotline Calls and Complaint Activity Retirement and Special Investigations Hotline and Complaint Activity: Retained for Investigation total 22 Referred to: OIG Office of Audits total 2 OPM Groups and Offices total 70 Other Federal Agencies total 48 Total 142 Health Care Fraud Hotline and Complaint Activity: Retained for Investigation total 123 Referred to: OPM Groups and Offices total 93 Other Federal/State Agencies total 119 Health Insurance Carriers or Providers total 71 Total 406 Total Contacts 548