fy 2009 top management and performance challenges identified by the office of the inspector general

8/7/2019 FY 2009 Top Management and Performance Challenges Identified by the Office of the Inspector General

http://slidepdf.com/reader/full/fy-2009-top-management-and-performance-challenges-identified-by-the-office 1/33

:.Jr'¡Ò'd3Q

DEPARTMENT OF HEALTH & HUMA SERVICES Offce of Inspector Gen

NOV 1 0 2009

Washington, D.C. 20201

TO: The SecretaryThrough: DS

COSES

FROM: Inspector General

SUBJECT: Top Management and Performance Challenges in the Deparment of

Health and Human Services for Fiscal Year 2009

This memorandum transmits the Offce ofInspector General's (OIG) list oftop

management and performance challenges facing the Department of Health and HumanServices (Department) in fiscal year (FY) 2009. The Reports Consolidation Act of

2000,

Public Law 106-531, requires OIG to identify these management challenges, assess theDeparent's progress in addressing each challenge, and submit this statement to theDeparment annually.

OIG's list of top management and performance challenges for FY 2009 includes the

following:

Par I: Integrity of Medicare, Medicaid, and Children's Health Insurance Program L. Integrity of Provider and Supplier Enrollment

. Integrity of Federal Health Care Program Payment Methodologies

. Promoting Compliance With Federal Health Care Program Requirements

. Oversight and Monitoring of Federal Health Care Programs

. Response to Fraud and Vulnerabilities in Federal Health Care Programs

. Quality of Care

Par II: Integrity of the Department's Public Health and Human Services Programs. Emergency Preparedness and Response

. Oversight of Food, Drugs, and Medical Devices

. Grants Management

Par II: Cross-Cutting Issues That Span the Deparment. American Recovery and Reinvestment Act

. Health Information Technology and Integrity of Information Systems

. Ethics Program Oversight and Enforcement



- The Secretary

OIG looks forward to continuing to work with the Deparment to identify and implement

strategies to protect the integrity of the Deparment's programs and the well-being of the

beneficiaries of these programs. If you have any questions or comments, please contactme, or your staff may contact Erin Lemire, Acting Director of External Affairs, at

(202) 205-9523 or Erin.LemireCioig.hhs.gov.~~.~Daniel R. Levinson

Attchment

~



FY 2009 Agency Financial Report

FY 2009 TOP MANAGEMENT AND PERFORMANCE CHALLENGES IDENTIFIED BY THE OFFICE OF THE INSPECTOR GENERAL

Pursuant to the Reports Consolidation Act of 2000 (P.L.106-531), each year the Office of Inspector General (OIG)summarizes what OIG considers to be the most significantmanagement and performance challenges facing theDepartment of Health and Human Services (Department)and the Department’s progress in addressing thosechallenges. The top management challenges for fiscal year(FY) 2009 are organized according to three broadcategories: (1) integrity of Medicare, Medicaid, and theChildren’s Health Insurance Program (CHIP); (2) integrityof the Department’s public health and human servicesprograms; and (3) cross-cutting issues that span theDepartment.

PART 1: INTEGRITY OF MEDICARE, MEDICAID,AND THE CHILDREN’S HEALTH INSURANCE

PROGRAM

For Federal health care programs to best servebeneficiaries and remain solvent for future generations, theGovernment must pursue a comprehensive strategy toprevent, detect, and remediate fraud, waste, and abuse.Based on its extensive experience in combating health carefraud, waste, and abuse, OIG has identified the followingfive principles that OIG believes should guide theDepartment’s integrity strategy for Medicare, Medicaid,and CHIP. These principles offer a useful framework forimplementing programs, as well as designing andimplementing integrity safeguards.

• Enrollment – Scrutinize individuals and entitiesthat seek to participate as providers and suppliersprior to their enrollment in health care programs.

• Payment – Establish payment methodologies thatare reasonable and responsive to changes in themarketplace.

• Compliance – Assist health care providers andsuppliers in adopting practices that promotecompliance with program requirements, includingquality and safety standards.

• Oversight – Vigilantly monitor programs forevidence of fraud, waste, and abuse.

• Response – Respond swiftly to detected fraud,impose appropriate punishment to deter others,and promptly remedy program vulnerabilities.

Consistent with these principles, OIG has applied thisframework to identify the top management challenges that

the Department faces in protecting the integrity of itshealth care programs, meeting the needs of beneficiaries,and keeping Federal health care programs solvent forfuture generations.

In addition, a sixth management challenge is ensuring thatthe beneficiaries of Federal health care program receivequality health care. This challenge has many dimensions,including overseeing providers’ compliance with quality-of-care standards, ensuring patient safety, and identifyingopportunities for improvements in quality of care.

Management Issue 1: Integrity of Provider and Supplier Enrollment

MANAGEMENT CHALLENGE AND ASSESSMENT OF

PROGRESS IN ADDRESSING THE CHALLENGE:

The large Federal Government expenditures on theMedicare and Medicaid programs attract certainindividuals and entities that seek to exploit the health caresystem for their own financial gain. Although the vastmajority of health care providers and suppliers are honestand well intentioned, the Department faces challengesensuring the integrity of the programs’ provider andsupplier enrollment processes. A small percentage of providers and suppliers intent on defrauding theseprograms have exploited weaknesses in the enrollmentprocess, causing significant harm. These providers and

suppliers drain resources that should be spent on providingneeded and appropriate care to beneficiaries. Therefore, itis imperative that Medicare and Medicaid provider andsupplier enrollment standards and screening processes bestrengthened to clarify that participation as a provider orsupplier is a privilege, not a right.

OIG’s extensive oversight and enforcement work hasidentified weaknesses in provider and supplier enrollmentthat enable unqualified, dishonest, and unethicalindividuals and entities to access a system they can easilyexploit. In addition, OIG identified weaknesses in theoversight of provider and supplier eligibility to receivecertain payments under Medicare and Medicaid. Morerigorous enrollment, screening, and transparency standardswould help the Government better know with whom it isdoing business. Protecting these programs and theirbeneficiaries from unqualified, fraudulent, or abusiveproviders and suppliers up front is more efficient andeffective than trying to recover payments or redress fraudor abuse after it occurs.

U. S. Department of Health and Human Services | III-39




Enrollment Process and Oversight Activities

Ensuring adequate and appropriate provider and supplierenrollment standards and screening is an essential first stepto strengthen the integrity of the Medicare and Medicaidprograms. OIG identified certain characteristics that mayindicate a provider’s increased potential for fraud.Examples of potential fraud or risk indicators includeinterest or ownership in other health services and relatedbusinesses with Medicare or Medicaid debt, other evidenceof financial instability, no evidence of a physical businessfacility, previous criminal history, suspension, or exclusionfrom participation in Federal health care programs, or othersanctions by State Medicaid agencies or other health careorganizations. Current provider enrollment standards andscreenings do not use all these fraud indicators todetermine a provider’s level of risk for fraudulent conduct.

OIG has identified significant vulnerabilities in theenrollment screening of durable medical equipment (DME)

suppliers and high rates of noncompliance with enrollmentstandards. In 2006, OIG conducted unannounced site visitsof 1,581 DME suppliers in three south Florida counties andfound that 31 percent did not maintain physical facilities orwere not open and staffed, contrary to Medicarerequirements. Similarly, in 2008, OIG inspected 905suppliers in Los Angeles County and found that 13 percentdid not have physical facilities or were not open duringrepeated unannounced site visits. In 2008, OIG examineda small random sample of DME suppliers withuncollectible Medicare debt and found that these supplierswere associated with other DME suppliers and home healthagencies (primarily through shared ownership,

management, or family relationships) that had receivedapproximately $58 million in Medicare payments. Theassociations are of interest because Federal investigatorssuspect, and have found in some cases, that individualsassociated with the Medicare debt may omit ownership ormanagement information on enrollment applications andinappropriately receive Medicare payments throughbusinesses publicly fronted by associates or familymembers.

To address these DME enrollment vulnerabilities, OIGrecommended more rigorous screening of provider andsupplier applicants. Heightened screening measures forhigh-risk items and services could include requiringproviders to meet accreditation standards; requiring proof of identity and licensure (e.g., fingerprinting, databasechecks, and in-person interviews); requiring proof of business integrity or surety bonds; periodic recertificationand onsite verification that conditions of participation havebeen met; and full disclosure of ownership and controlinterests, including disclosure of affiliations with otherproviders or suppliers with uncollected Medicare orMedicaid debt. As this additional screening would becostly for CMS to conduct, OIG suggested that CMS

consider charging application fees to cover the increasedcosts. In addition, OIG has suggested that establishing aprovisional enrollment period during which new Medicareand Medicaid providers and suppliers would be subject toenhanced oversight, such as prepayment review andpayment caps could reduce fraud vulnerabilities.

The Department has made progress in responding to thesevulnerabilities with measures aimed at enhancingenrollment standards for DME suppliers. On November 1,2007, the Centers for Medicare & Medicaid Services(CMS) began a demonstration project requiring DMEsuppliers in south Florida and southern California toreapply for participation to maintain their privileges. OnJanuary 25, 2008, CMS published regulations to clarifyand enhance supplier standards. CMS also stated that itwould consider seeking legislative authority to imposetemporary moratoriums on supplier enrollment. OnJanuary 1, 2009, CMS published regulations requiringcertain DME suppliers to obtain surety bonds as a

prerequisite for enrolling and maintaining enrollment in theMedicare program. OIG recognizes this progress andcontinues to recommend further improvements to oversightand enforcement of provider enrollment standards.

In other work, OIG investigations identified a fraudscheme involving foreign nationals who obtained Medicareprovider numbers that they subsequently used to submitfraudulent claims. Unknown individuals recruit foreignnationals who are in the United States on student visas toobtain Medicare provider numbers. These providernumbers are subsequently used to fraudulently billMedicare while the foreign nationals return to their home

countries. OIG alerted CMS to this fraud scheme andrecommended that CMS adopt guidelines with regard toforeign nationals obtaining Medicare provider numbers.CMS responded that it was unclear whether it had theauthority to implement the recommended actions and notedthat surveyors examine the Employment EligibilityVerification document (Form I-9) for the owner and keyemployees as part of the accreditation process. Until thevulnerabilities demonstrated by this fraud scheme areaddressed, Medicare continues to risk exposure tofraudulent claims by ineligible providers.

The Department also faces challenges stemming from the

variation in Medicaid provider and supplier enrollmentstandards, which can vary both across States and forproviders within a State. An OIG evaluation of StateMedicaid enrollment requirements for personal careattendants found that State Medicaid programs establishedmultiple sets of provider requirements for personal careattendants that often vary among programs and by deliverymodels within programs, resulting in 300 sets of providerrequirements nation-wide. An OIG audit of Medicaid

III-40 | U. S. Department of Health and Human Services




personal care services in New York City underscores theimportance of enrollment standards and oversight of personal care service attendants to ensure beneficiarysafety and quality of care. As part of the audit, OIGinterviewed 65 beneficiaries, of whom 40 reportedproblems with their personal care services attendant oragency or other problems. The reported problems rangedfrom personal care attendants’ engaging in activitiesunrelated to beneficiary care while on duty to beneficiaryabandonment to physical abuse.

In addition, OIG identified challenges related to nursinghome ownership transparency. (See also ManagementIssue 6.) Greater transparency in the enrollment processfor nursing homes would help the Government know withwhom it is doing business and whom to hold accountablein cases of noncompliance, fraud, or abuse. OIG hasongoing work determining whether nursing homes conductcriminal records background checks for employees andwhether nursing homes are protecting residents from

unqualified or excluded individuals.

Provider and Supplier Eligibility for Certain Payments

Eligibility requirements for certain types of payments helpensure that the providers furnishing items and services tobeneficiaries can be relied on to deliver the needed careand meet program criteria. OIG identified instances inwhich Medicare and Medicaid made payments to providerswho were improperly enrolled or were not eligible toreceive those payments. These conditions raise concernsabout enrollment oversight.

For example, in a review of Medicare capitaldisproportionate share hospital (DSH) payments madebetween FYs 2000 and 2006, OIG found that 397 hospitalsreceived $21.9 million in DSH payments for which theywere not eligible. Further, OIG reviewed States’compliance with Medicaid DSH payment requirements andfound that from July 2000 through June 2003, one Statepaid $142.3 million ($88.2 million Federal share) to threeState-owned psychiatric hospitals that were not eligible toreceive DSH payments.

OIG also determined that from July 1, 1996, through June30, 2007, one State paid $26.2 million ($16.3 millionFederal share) to a hospital that was not eligible to receiveMedicaid payments for in-patient psychiatric servicesbecause it did not demonstrate compliance with two specialMedicare conditions of participation requirements.

OIG audits at two Medicare fiscal intermediaries foundthat unallowable payments totaling $890,000 were made toproviders that were not eligible for payment because theservices were provided on or after the dates that theproviders were terminated from the Medicare program.

The Department responded to these vulnerabilities bydirecting the Medicare administrative contractors and fiscalintermediaries to assess capital DSH eligibility as part of their review process. CMS will also include an edit to thehospital cost report software to prevent ineligible hospitalsfrom claiming capital DSH payments on their cost reports.OIG continues to encourage the Department to implementpayment safeguards to ensure that payments are made onlyto eligible providers and suppliers.

Management Issue 2: Integrity of Federal Health Care Program Payment Methodologies

MANAGEMENT CHALLENGE AND ASSESSMENT OFPROGRESS IN ADDRESSING THE CHALLENGE:

The Federal Government should act as a prudent purchaserof health care. Medicare and Medicaid paymentmethodologies should ensure access to quality care withoutwasteful spending. This objective is of paramount

importance in maintaining an effective and efficient healthcare delivery system. The challenges associated withmeeting this objective are complex and evolving. Initialpayment methodologies must be set to reimburse fairly forappropriate care. Payment methodologies must also beresponsive to ensure that they remain reasonable andappropriate as the health care marketplace and medicalpractice evolve. Finally, CMS should anticipate financialincentives and safeguard against fraud risks associatedwith each payment methodology established.

Setting Initial Payment Methodologies

As Federal health care programs are created, expanded, orrevised, it is critical to establish initial payment rates basedon the most accurate data available, as well as reasonableassumptions and projections. OIG has identified instancesin which issues with the initial data used in paymentmethodologies have resulted in increased expenditures byboth Medicare and its beneficiaries.

For example, aligning Part D payments by Medicare andbeneficiaries with plan sponsors’ actual costs has been achallenge. Currently, Medicare payments and beneficiarypremiums are determined based on bids submitted by plansponsors and approved by CMS before to the start of theplan year. Ongoing OIG work has found that plansexcluded some anticipated rebates from their bids,resulting in a higher net bid amount and therefore higherMedicare payments and beneficiary premiums than if theanticipated rebates had been included. In another review,OIG found that 25 percent of CMS’s bid audits of Part Dplans for 2006 and 2007 identified at least one materialerror. Although these audits may influence future bids,they are completed after the bids have been approved forthe current plan year. CMS does not adjust a plan’spayment amount or beneficiary premiums based on errors





or omissions identified after a bid has been approved. OIGhas recommended that CMS hold plans accountable for theaccuracy of their bids, and CMS stated that it wouldconsider OIG’s recommendation.

In 2006 and 2007, estimated costs in sponsors’ bids werehigher, in the aggregate, than their actual costs, whichresulted in higher Medicare payments and premiums.Medicare recoups a percentage of these higher paymentsthrough the reconciliation process following the plan year.Beneficiaries do not recoup any money paid in higherpremiums. In 2006, Part D sponsors owed Medicare a nettotal of $4.4 billion. In 2007, 154 sponsors owed Medicarea total of $1.81 billion and 97 sponsors were owed$1.79 billion from Medicare, resulting in a net total of $18 million owed to Medicare. Seventy-one percent of sponsors earned unexpected profits in 2007 large enough totrigger risk-sharing payments of $795 million due toMedicare. Statutory changes to risk sharing that beginwith the 2008 reconciliation will decrease the Federal

Government’s share of sponsors’ unexpected profits andlosses. Therefore, if sponsors continue to make largeunexpected profits in 2008 and beyond, they will return asmaller percentage to the Federal Government. Tomitigate this risk, OIG recommended that CMS determinewhether changes to the risk sharing are appropriate, and if so, to seek a statutory change.

In response, CMS agreed to ensure that sponsors’ bidsaccurately reflect the cost of providing benefits and notedthat it incorporates data submitted to CMS forreconciliation of prior years into its bid review process.CMS noted, however, that it does not believe that changes

to risk sharing are appropriate because plans now havesufficient data on Part D costs to develop bids that aremore accurate.

Concerns about the accuracy of Medicare’s prospectivepayments to hospitals also demonstrate the importance of setting appropriate initial reimbursement methodologies.For example, the Balanced Budget Act of 1997 requiredCMS to develop a prospective payment system for hospitalout-patient department services based on prior claims andcost report data. However, previous OIG work hadidentified unallowable costs in hospitals’ Medicare costreports and several areas of payment improprieties in

Medicare reimbursement for hospital out-patientdepartments. Because the hospital out-patient prospectivepayment system is based on data known to be problematic,OIG is concerned that the resulting payments areinaccurate.

OIG reviews have also determined that Medicare paymentsfor certain DME do not accurately reflect the costs of theseproducts. Before 1986, Medicare paid DME suppliers theamounts that the suppliers billed. In 1986, a DME fee

schedule was created, which was based on the averageprices that Medicare had paid (i.e., the billed amounts) foreach type of equipment. This system has resulted inMedicare payments that do not reflect market prices. Forexample, OIG found that Medicare allows more than$7,000 for 36 months of rental payments for oxygenconcentrators that cost $587, on average, to purchase. OIGhas recommended that CMS consider working withCongress to reduce the rental period so that Medicarepayments more accurately reflect market prices.

CMS’s main initiative to reduce beneficiary costs andimprove the accuracy of Medicare payments for certaincategories of DME is the Competitive Bidding AcquisitionProgram. Although CMS started to implement theprogram in 2008, legislation delayed its implementation.CMS plans to restart the program in 2009 in 10 areas,which CMS expects to result in an average 26-percentdecrease in the prices of medical equipment in these areas.

Payments to Medicare Advantage organizations may alsobe higher than necessary. Based on numerous reviews of the Medicare + Choice program (the predecessor toMedicare Advantage), OIG concluded that the data andestimates used as the basis to calculate monthly capitationpayments were flawed, resulting in higher payments. Thisinflated base year data continue to affect the currentpayments to Medicare Advantage plans, which have notbeen adjusted to take into account these problems with theunderlying data. OIG plans to further examine paymentsto Medicare Advantage organizations.

Responding to Changes in the Marketplace and Health Care

Practices

The Department also faces a substantial challenge to reactswiftly and appropriately to changes in the marketplaceand medical practices so that the programs continue toeffectively reimburse for quality care. OIG has conductedextensive reviews of Medicare and Medicaid paymentmethodologies and found that when reimbursementmethodologies do not respond to such changes, theprograms and their beneficiaries bear the cost.

Medicare payments for new wound therapy pumps provideone example of the costs of failing to update payments inresponse to market changes. OIG found that in 2007,

Medicare reimbursed suppliers for negative pressurewound therapy pumps based on a purchase price of morethan $17,000, but that suppliers paid, on average,approximately $3,600 for new models. When Medicarefirst covered wound pumps, it covered only one model,manufactured and supplied by one company, and Medicarebased the payment on that company’s purchase price.When Medicare expanded its coverage to several newpump models, it continued to reimburse suppliers for thesenew pumps based on the original pump’s purchase price,





which is more than four times the average price paid bysuppliers for new pumps.

OIG has also raised concerns regarding Medicaid andMedicare Part B prescription drug reimbursement. OIGstudies have revealed that published prices used to setMedicaid Federal upper limit (FUL) amounts for multiplesource (generic) drugs often exceeded prices available inthe marketplace. A new FUL reimbursement methodologyusing average manufacturer price, a sales-based price usedin the Medicaid drug rebate program, has been establishedbut not implemented because of a court injunction.Therefore, FUL amounts continue to exceed marketplaceprices. In addition, OIG work has demonstrated thatMedicare payment rates for some Part B drugs are higherthan other prices in the marketplace. Further, the Part Bdrug reimbursement methodology can result in temporarilyinflated payment amounts when newly available genericversions enter the market. To date, no changes have beenmade to Part B reimbursement as a result of OIG’s work.

Payment methodologies for other Medicare benefits alsopresent challenges in responding to marketplace changes.For example, OIG found that Medicare Part B paymentsfor laboratory tests, which were established over 20 yearsago, vary within and between Medicare contractors. Thesevariances did not appear to reflect geographic differencesin costs. To align payment methodologies, OIGrecommended that CMS seek legislation to establish a newprocess for setting accurate and reasonable payment rates.CMS did not concur with this recommendation. However,CMS stated that it would consider OIG’s recommendationas the agency continues to monitor the effects of its current

payment policies.

OIG also found that Medicare has paid physicians forevaluation and management (E&M) services that wereincluded in global fees for eye surgery but were notprovided during the global surgery periods. Thesemisalignments in global eye surgery payments areattributable, in part, to CMS not updating payments toreflect changes in medical practice. Over time, the averagenumber of E&M services provided during the global periodhas decreased, but payments continue to be based onestimates that a higher number of E&M services areprovided.

Payment Incentives and Risks of Fraud and Abuse

Payment methodologies inherently create incentives andrisks for fraud. For example, Fee-for-Service (FFS)payments create financial incentives to maximize thenumber and complexity of services provided, even whensuch services are not medically necessary. Conversely,under a fixed, prospective payment system, financialincentives encourage fewer services and patients may notreceive all of the care that they need and for which the

program is paying. For any payment methodology, it isimperative to identify the incentives and associated risksthat it creates and to implement necessary safeguards toremediate the negative incentives and reduce fraud risks.This challenge is compounded by the need to react swiftlyto new and unanticipated fraud and abuse schemes thatexploit vulnerabilities in established paymentmethodologies.

OIG’s work on Medicare and Medicaid outlier paymenthighlights the importance of this challenge. Recentinvestigations have identified abuses of CMS’s homehealth outlier payment methodology, which has resulted inproviders’ receipt of significant outlier payments to whichthey are not entitled. Ongoing OIG work is furtherexamining vulnerabilities related to this paymentmethodology. In response to evidence of abuse of homehealth outlier payments, CMS proposed a rule in July 2009that would lower the total amount of home health outlierpayments available and would cap outlier payments to

individual home health agencies. Implementation of thisrule could provide an important safeguard to prevent abuseof the home health outlier payment system.

Similarly, OIG found in prior work that Medicare paymentmethodologies for in-patient outlier payments hadloopholes whereby inflated charges submitted by hospitalsand delays in fiscal intermediary financial analysis of hospital data resulted in hundreds of millions of dollars of wasteful spending. Policy changes were subsequentlymade and financial settlements with selected hospitalgroups were reached. OIG has also completed work inseveral States that has shown that if the Medicaid programs

modified their outlier payment policies to mirror changesmade in the Medicare program, they could save tens of millions of dollars.

OIG has also found other instances in which paymentmethodologies have created incentives for providers toalter their practices to maximize reimbursement. Forinstance, Medicare had a policy of not paying for pre-admission diagnostic tests within 24 hours of the patient’sadmission to a hospital. OIG found that in response to thisrule, hospitals were performing the tests shortly in advanceof the 24-hour period. Although the timeframe wasextended based on OIG recommendations to within

72 hours of admittance, subsequent OIG work showed thathospitals responded to this change in payment policy byperforming the tests up to 2 weeks before the admittancedate so that they could bill separately for those tests.

Medicaid’s reliance on published prices as the basis fordrug reimbursement also creates fraud vulnerabilities. OIGinvestigations of allegations that pharmaceuticalmanufacturers have manipulated prices to increaseMedicaid drug reimbursement have resulted in significant





False Claims Act settlements. For example, in 2007,Aventis Pharmaceuticals, Inc., entered into a$182.82 million civil settlement to resolve allegations thatit falsified price reports and inflated its prices for productsthat it submitted to Federal health care programs. Becauseof the alleged illegal pricing, programs, includingMedicaid, overpaid for Aventis’s drug, Anzemet.

The Department’s challenge to react to paymentmethodology vulnerabilities is not limited to abuses byproviders and suppliers. OIG has found problems withStates’ implementation of financing mechanisms involvingcertain intergovernmental transfer of funds, which resultedin an inappropriate inflation of the Federal share of Medicaid payments. Through these arrangements, Statesoften retained funds that were intended to reimburseMedicaid providers. Another way in which States haveinappropriately increased the Federal share of Medicaidpayments involved States’ requirements that hospitalsreturn large portions of their disproportionate share

payments to the States. This practice is contrary to theprogram’s purpose to compensate hospitals that care forlarge percentages of Medicaid beneficiaries and uninsuredpatients.

As the Medicare and Medicaid populations grow, theimportance of establishing and maintaining the integrity of payment methodologies becomes more critical so thatscarce resources are not lost to fraud, waste, and abuse.

Management Issue 3: Promoting Compliance With Federal Health Care Program Requirements


Provider compliance with Federal health care programrequirements is essential to the integrity of the Medicareand Medicaid programs. Compliance with programrequirements prevents fraud, waste, and abuse in theprograms and promotes program efficiency and economy.To ensure compliance, the Department must partner withhealth care providers. The Medicare program pays for carefor 45 million beneficiaries rendered by 1.2 millionparticipating providers and suppliers, including hospitals,physicians, nursing homes, practitioners, DME companies,and others. CMS processes 1.2 billion Medicare FFSclaims annually, averaging 4.4 million claims eachworking day. In 2007, Medicare FFS payments totaled$431.2 billion. Medicare is required to pay submittedclaims within 30 days of receipt, and while all claims areprocessed electronically, Medicare contractors reviewfewer than 3 percent of claims before payment is made.

As a result, the Medicare and Medicaid programs rely onproviders and suppliers to submit legitimate and accurateclaims. Although most providers and suppliers are honest

and well intentioned, even honest providers and supplierscan make mistakes or fail to comply with the rules.Further, a small number of dishonest providers andsuppliers attempt to game the system by exploiting orcircumventing payment and coverage rules. Effectivelycombating fraud, waste, and abuse includes ensuring aprovider and supplier community that is well informedabout the rules and actively engaged in compliance efforts.

The Costs of Noncompliance

Assisting health care providers and suppliers to adoptpractices that promote compliance with program coverage,payment, and quality requirements must be an integral partof the Department’s program integrity strategy. Thebenefits of industry compliance include reduced risk of fraud and abuse, as well as billing and payment errors;higher quality of care; and an ethical culture that enhancespublic confidence in the system.

The risks associated with failing to create a culture of compliance and the costs of noncompliance are significant.CMS estimated that in 2009, improper FFS payments costMedicare $24.1 billion (7.8 percent error rate). OIG hasidentified inappropriate Medicare payments for specificservices and products. (See also Management Issues 1, 2,4, and 5.) For example, OIG found that 63 percent of Medicare-allowed claims for facet joint injections (used todiagnose or treat back pain) did not meet programrequirements, resulting in $129 million in improperpayments. In the Medicaid program, OIG found that NewYork’s Medicaid program paid more than $545.4 million($275.3 million Federal share) to providers in New York

City for personal care services claims that did not meetprogram requirements. Error rates and improper paymentestimates include paid claims that do not meet programrules, whether because of error, fraud, or other factors.

OIG has also identified fraud schemes that have resulted insubstantial costs to Federal health care programs. Forexample, investigations of alleged illegal marketing tacticsby drug manufacturers have resulted in False Claims Act

settlements of up to $2.3 billion. (See Management Issue8.) Further, noncompliance with standards of care can beso egregious as to constitute a failure of care andjeopardize patient health and safety. (See ManagementIssue 6.) When settling allegations of fraud and abuse,OIG often requires health care providers to enter intoCorporate Integrity Agreements (CIA) in exchange forOIG’s agreement not to exclude the provider fromparticipation in Federal health programs. OIG tailors theseCIAs based on the conduct and circumstances of the case.However, CIAs generally require providers to implementcompliance programs that include a compliance officer orcommittee, written standards and policies, employeetraining programs, confidential disclosure mechanisms,





reviews by an independent reviewer, and various reportingrequirements.

Education and Guidance Efforts

Provider education and guidance are important tools forpreventing noncompliance. However, several factorscreate challenges to promoting industry compliance withprogram rules through education efforts. The Federalhealth care programs are governed by complex statutes,regulations, and subregulatory guidance. There arenational rules, such as statutes, regulations, and nationalcoverage determinations, and local rules, including localmedical review policies. The rules and regulations arefrequently updated or changed by law or by administrativeaction. In a complex programmatic environment, it is achallenge to ensure that guidance is clear, informed,complete, and audience appropriate.

Further, the audience for compliance education is diverse

in terms of sophistication, size, and resources. Medicareproviders range from sophisticated health care corporationsthat hire top legal and management advisors to smalloperations with minimal legal or regulatory expertise.Some are integrated delivery systems that need to masterthe rules and regulations for multiple benefit categories,while others are purveyors of only one item or a few itemsand services. In addition, some providers may havelimited resources to devote to compliance, which competeswith other priorities, such as providing care, managingbusiness operations, and earning a profit. Others areaffiliated with well-established, large multifacilityorganizations with a widely dispersed workforce and

significant resources to devote to compliance.

To address these challenges, the Department must work toensure that it is providing guidance that assists providersand suppliers in understanding and complying withprogram requirements; educating providers and supplierseffectively about program requirements; and promotingindustry adoption of effective internal controls and othercompliance measures. The Department must also ensurethat its contractors are knowledgeable about programrequirements, that the contractors provide useful guidanceon their policies, and that they offer adequate education forthe providers and suppliers whose claims they process.

The Department has a variety of tools and approachesavailable for this effort. These include regulatory andsubregulatory issuances (including manuals, frequentlyasked questions, advisory opinions, and other materials);provider listservs; Web sites (such as the MedicareLearning Network); and live educational opportunities(such as open door forums and CMS-sponsored educationprograms on requirements of the Medicare Prescription

Drug Improvement and Modernization Act of 2003). CMS

is also exploring the use of new media, such as podcastsand RSS feeds, to reach provider and supplier audiences.

The Department also partners, and should continue topartner, with the private sector to promote compliance.For example, CMS has a Provider Partnership Programthrough which it shares Medicare FFS information withnational organizations that are Medicare billers or serve asintermediaries for Medicare billers. Through the MedicaidIntegrity Program, CMS funds contracts for educatinghealth care providers and suppliers, managed care entities,and beneficiaries to promote payment integrity and qualityof care. OIG also collaborates with health care providersto promote compliance. For example, as noted inManagement Issue 6, OIG has worked with nursing homeproviders through roundtables that focus on how boards of directors can better monitor and ensure quality of care.

A challenge going forward is to determine which tools andapproaches are the most cost effective, which are best

suited to a diverse and rapidly evolving health careindustry, and which produce the greatest benefit forincreasing compliance.

Provider and Supplier Adoption of Compliance Programs

Implementation of effective compliance programs areanother method of fostering an industry culture of compliance and an ongoing commitment to deliveringquality health care. Successful compliance programsshould establish internal controls to decrease providers’and suppliers’ risk of practices that result in billing errors,fraud, and abuse. Quality assurance and improvement

programs should ensure compliance with Federal healthcare program requirements and result in tangible benefitsto the organization and program beneficiaries that it serves.

One challenge, however, is that implementation of compliance programs is largely voluntary. Most Medicareand Medicaid providers are not required to adoptcompliance programs. Three notable exceptions areMedicaid providers in New York, which are required bythe State to implement effective compliance plans as acondition of Medicaid participation; Medicare Part D drugplan sponsors, which are required by statute to implementcompliance plans; and individuals and entities that haveentered into CIAs with OIG. In addition, several Statelaws impose compliance plan requirements on certaintypes of health care providers or entities. In some sectorsof the health care industry, such as hospitals, voluntarycompliance programs are widespread and can be verysophisticated; other sectors have been slower to adoptinternal compliance practices and may have fewerresources to devote to compliance.





OIG has recommended that all Medicare and Medicaidproviders and suppliers be required to adopt complianceprograms as a condition of participating in the Medicareand Medicaid programs. Currently, voluntary complianceprogram efforts are supported through OIG’s complianceprogram guidance (CPGs). CPGs give health careproviders, suppliers, and organizations comprehensiveframeworks, standards, and principles by which toestablish and maintain effective internal complianceprograms. In addition, CPGs strongly encourage providersto identify and focus their compliance efforts on thoseareas of potential concern or risk that are most relevant totheir organizations.

Where compliance programs are required, the Departmentfaces challenges with overseeing adherence to andimplementation of program requirements. For example,OIG has found that CMS has not provided sufficientoversight to ensure that Part D sponsors have implementedsufficient compliance plans. Specifically, OIG found that

as of January 2006, all prescription drug plan sponsors hadcompliance plans in place but that only 7 of 79 plansponsors met all CMS requirements for compliance plans.Sponsors’ compliance plans contained only broad outlinesof fraud and abuse plans and did not include details ordescribe specific processes. In its response to OIG’sreports on drug plan sponsors’ compliance plans, CMSindicated that it planned to conduct routine audits of Part Dsponsors’ compliance plans beginning in 2007. However,as of July 2009, CMS had conducted only a limitednumber of compliance plan audits.

Failure to implement effective compliance programs can

be a contributing factor that enables fraud and abuse to gounaddressed. In follow-up to its Part D compliance planreview, OIG found evidence suggesting that plan sponsorsneed to improve the effectiveness of compliance programsin detecting and responding to potential fraud and abuse.Specifically, OIG found that in the first 6 months of 2007,24 of 86 plan sponsors did not identify any potential fraudand abuse incidents, while a small number of sponsorsidentified hundreds of incidents. Seven plan sponsorsaccounted for 90 percent of the incidents identified.Further, OIG found that not all plan sponsors thatidentified potential fraud and abuse incidents conductedinquiries, initiated corrective actions, or made referrals for

further investigation.

Looking forward, the benefits of promoting compliance—and the costs of noncompliance—will grow as beneficiarypopulations and health care costs increase. TheDepartment faces challenges to effectively assist a largeand diverse population of Medicare and Medicaidproviders and suppliers in complying with programrequirements. However, CMS is implementing severalprovider education efforts and exploring others. OIG will

also continue to provide compliance tools and resources tothe provider community and work with the Department tomeet this challenge.

Management Issue 4: Oversight and Monitoring of Federal Health Care Programs


The Department’s health care programs have been foundedlargely on a system of trust. Although most providers arehonest and well intentioned, a trust-based system isvulnerable to exploitation by a minority of providers intenton gaming or defrauding the system. Thus, oversight andmonitoring to detect potential fraud, waste, and abuse arecritically important. However, a tension exists betweenpreventing and detecting fraud, waste, and abuse andmaking timely payments to legitimate providers.

The Department is further challenged to provide effectiveoversight and monitoring of the Federal health careprograms because they are large and complex, withincreasing expenditures and growing beneficiarypopulations. The large size of the programs means thatfraud, waste, and abuse in payments can result insubstantial financial losses. Additionally, fraud, waste, andabuse schemes have become increasingly sophisticated,and criminals constantly adapt to the latest oversightefforts to avoid detection.

A key method to effectively identify fraud, waste, andabuse is the analysis of claims data. Although each

program compiles an enormous amount of data onbeneficiaries, providers, and the delivery of services,failing to effectively use these data for oversight andmonitoring can result in the loss of scarce Federal healthcare dollars. Claims-processing and payment systems havetraditionally relied upon claim-by-claim review. However,in many cases, fraud or abuse can be detected only byreviewing aggregated claims and billing patterns becauseeach individual claim may appear on its face to belegitimate. OIG has identified opportunities for theDepartment to improve its collection, analysis, andmonitoring of data to better prevent, detect, and respond tofraud, waste, and abuse. As discussed in more detail laterin this Management Issue, CMS plans to enhance the dataavailable to monitor payment accuracy and integrity acrossthe Medicare and Medicaid programs.

Measuring Error Rates

Measuring error rates is key to monitoring programintegrity and the scope of inappropriate payments. In itsreviews of CMS’s Comprehensive Error Rate Testing(CERT) program, OIG has raised concerns that theMedicare error rates for certain provider types may be





understated. For example, in FY 2006, CMS’s CERTcontractor estimated the Medicare error rate for DME to be7.5 percent. However, in our review of the CERTprogram, we estimated the error rate in the CERT DMEsample at 17.3 percent using the same methodology asCMS’s CERT contractor. Further, using a differentmethodology, which entailed reviewing additionaldocumentation, OIG found additional errors and estimateda 28.9-percent error rate of the sample. OIG attributedthese review discrepancies to the CERT contractor’sinadequate review of available documentation and relianceon clinical inference, CMS’s inconsistent policiesregarding proof-of-delivery documentation, and theagency’s lack of procedures for obtaining information onhigh-risk DME items from beneficiaries. Similar problemsaffected the FY 2008 DME error rate. An independentcontractor identified 142 additional errors that the CERTcontractor had not counted as errors in a sample of 250 claims from the FY 2008 DME CERT sample. CMSreported that to address these problems, it will revise its

manuals to clarify requirements and promote uniforminterpretation of its policies by Medicare contractors, it hasprovided direction to the CERT contractor regarding theuse of clinical judgment, and it plans to incorporate thisclarification into the “Program Integrity Manual.”

Measuring payment errors and their causes in the Medicaidand CHIP programs is particularly challenging because of the diversity of State programs and the variation in theiradministrative and control systems. CMS’s Payment ErrorRate Measurement (PERM) program was designed tomeasure error rates for three components of Medicaid andCHIP: FFS, managed care, and eligibility.

Error rate reviews can identify important oversightvulnerabilities that result in improper payments. Forexample, OIG found that for the 6-month period endingJune 30, 2006, approximately $363 million (Federal share)in Medicaid payments and $67.2 million (Federal share) inCHIP payments were made on behalf of beneficiaries whodid not meet Federal and State eligibility requirements inthree States. OIG has also identified CHIP eligibilityerrors outside the PERM process. Children eligible forMedicaid are not eligible for CHIP. OIG estimated that in2006, at least 4 percent of children enrolled in separateCHIP programs in 36 States were eligible for Medicaid.

The Federal matching rate for CHIP is higher than that forMedicaid. Enrollment errors can result in the inappropriateuse of Federal matching funds and the expenditure of limited CHIP resources on Medicaid-eligible children.

Oversight Through Effective Analysis of Data

The health care system compiles an enormous amount of data on patients, providers, and the delivery of health careitems and services. However, OIG has identifiednumerous examples in which the Federal health care

programs have failed to use claims-processing edits andother information technology effectively to preventimproper claims. The following are examples of howvigilant claims analysis could assist the Department withmonitoring programs for fraud, waste, and abuse.

Claims analysis can reveal providers’ improper use of service and diagnostic codes to defraud programs. Forexample, OIG found that Regenerations, Inc., purportedlya mental-health-counseling agency employing high- andmid-level psychologists and counselors, billed for84,000 psychotherapy services that were never rendered.Varnador K. Sutton, the sole owner and operator, used theidentities of 2,500 Medicaid beneficiaries to defraud theMedicaid program. Sutton usually billed the same servicecode with the same diagnostic code for all the Medicaidbeneficiaries. Once the fraud was detected, theinvestigation led to Sutton’s conviction and sentencing to10 years in prison and an order to pay $3.3 million inrestitution.

Claims analysis can also reveal instances when providersbill for more services than are physically possible. Forexample, in one of the largest civil fraud recoveries everagainst a single U.S. hospital, Staten Island UniversityHospital agreed to pay $88,916,448 in a global settlementresolving allegations that it defrauded Medicare andMedicaid. The OIG investigation identified potentialfraudulent billing, among other allegations, of in-patientalcohol and substance abuse detoxification treatment formore beds than the facility was authorized by the State of New York.

Additionally, claims analysis can detect erroneous place-of-service or discharge codes, and implementing claimsedits can reduce inappropriate payments resulting fromsuch miscoding. In 2003, OIG identified over $100million in improper payments made to hospitals forerroneously coded claims that indicated patients weredischarged to home when they actually were transferred topost-acute care. Medicare makes higher payments tohospitals on behalf of patients who are discharged to homecompared to those on behalf of patients discharged to othersettings, such as skilled nursing facilities. Consistent withOIG’s recommendation, CMS implemented an edit todetect transfers improperly coded as discharges. In follow-

up work, OIG determined that such overpayments weresubstantially lower following CMS’s implementation of this edit.

Further, claims analysis can identify particular serviceareas in which providers submit questionable claims. Forexample, OIG found that in 2007, 20 counties that hadonly 6 percent of Medicare beneficiaries accounted for16 percent of Medicare Part B spending on ultrasoundservices, suggesting possible fraudulent billing by





providers in these counties. Further, nearly one in fiveultrasound claims nation-wide had characteristics, such asthe lack of a prior office visit or other service claim fromthe physician who ordered the ultrasound service, that raiseconcern about whether the claims for $403 million in PartB charges were appropriate. CMS concurred with OIG’srecommendations to increase its monitoring of ultrasoundclaims and to further review questionable claims.

Through use of historical program data, OIG has identifiedimproper Medicare and Medicaid payments and associatedprogram vulnerabilities and recommended correctiveactions. For instance, OIG found that five State Medicaidprograms had claims from providers for more than24 hours of personal care services in a day. Other recentfindings include personal care services inappropriatelybilled during institutional stays, duplicate Medicare andMedicaid home health payments for medical supplies andtherapeutic services, and improper FFS payments forservices covered by capitated Medicaid managed care.

Challenges To Using Data Effectively

In some cases, program data are insufficient to supporteffective oversight and monitoring. For example, OIGfound that Medicare data are insufficient to determineconsistently whether Medicare Part B chemotherapyadministration payments are appropriate. Specifically, PartB data do not identify drugs that are not billed to theprogram even when their administration is billed to Part B.In these cases, when there is no matching drug claim, thedata alone cannot be used to determine whether theadministration fee has been appropriately billed for

administering a qualifying drug. Additionally, OIG foundthat hospice claims do not collect information needed todetermine whether hospice agencies comply with therequirement that they not be reimbursed for more than5 consecutive days of respite care at a time. In anotherexample, CMS and States do not maintain a primary level-of-care designation for nursing homes that could facilitateaccurate claim submission by suppliers and proper claimadjudication by payment contractors.

In other cases, CMS does not effectively use the safeguardsavailable to monitor claims. Unique provider identifiersare a primary tool for ensuring that Medicare services andproducts are ordered by qualified, legitimate providers.However, OIG work has uncovered vulnerabilities relatedto the misuse of physician identifiers with respect to DME,and OIG is looking into potential vulnerabilities inprescriber identifiers in Medicare Part D records. An OIGstudy found that Medicare allowed over $6 million forDME claims with invalid Unique Physician IdentificationNumbers (UPIN) in 2007 of referring physicians. OIGalso found that Medicare allowed almost $28 million forclaims with inactive referring physician UPINs, including$5 million for claims with dates of services after the dates

of death of the referring physicians. In 2008, CMScompleted its transition from UPINs to a new NationalProvider Identification (NPI) system for Medicare claimsprocessing. However, OIG has concerns that thevulnerabilities associated with the UPIN system may alsoaffect the integrity of the new NPI system. In ongoingwork, OIG is also examining whether prescription drugevent records representing Medicare Part D claims includevalid prescriber identifiers.

The Medicaid program has unique data challenges becausekey functions of program operations occur in States, ratherthan on a national level. The Medicaid StatisticalInformation System (MSIS) is currently the only source of nation-wide Medicaid claims information, and weaknessesin MSIS data limit its usefulness for oversight andmonitoring of the program. For example, OIG found thatCMS accepted submissions to MSIS from 15 StateMedicaid agencies that lacked required managed careencounter data. Encounter data are the primary record of

Medicaid services provided to beneficiaries enrolled incapitated Medicaid managed care. Further, OIGdetermined that during FYs 2004 through 2006, MSIS datawere an average of 1.5 years old when CMS released thedata to users for data analysis purposes. Moreover, MSISdid not capture many of the data elements that can assist infraud, waste, and abuse detection. CMS did not fullydisclose or document information about the accuracy of MSIS data; however, CMS maintains a DataAnomalies/State Issues document, which identifies State-specific data issues by file type and year.

OIG has also identified opportunities for State Medicaid

agencies to improve their monitoring and oversight of claims. For example, in 2006 OIG found that providers in8 of 10 audited States received an estimated total of $27.3 million in Medicaid overpayments, which the Statesnever recovered, for services claimed to have beenprovided after beneficiaries’ deaths. Prepayment screeningby some States did not successfully identify theoverpayments because the States did not use all availableinformation sources to identify deceased beneficiaries andtheir payment systems had data entry, matching, andprocessing problems.

Recent and Planned Oversight Enhancements

The Department is making progress in improving theoversight and monitoring of Federal health care programs.CMS is augmenting its oversight capabilities bycontracting with outside entities to perform many oversightand monitoring functions for both Medicare and Medicaid.Additionally, CMS has plans to enhance data systemsavailable for use by these contractors.

For Medicare, CMS is transitioning program safeguardfunctions from its current Program Safeguard Contractors





and Medicare Drug Integrity Contractors to Zone ProgramIntegrity Contractors (ZPIC). These new contractors willbe responsible for ensuring the integrity of all Medicare-related claims under Parts A and B (e.g., hospital, skillednursing, home health, physician, and DME claims); Part C(Medicare Advantage health plans); and Part D(prescription drug data) and for coordinating Medicare-Medicaid data matches (Medi-Medi). As of October 2009,CMS had awarded four ZPIC contracts, with threeadditional contracts planned. While CMS expects that thenew ZPIC model will have advantages over the previousmodel, transitioning from one model to another presentsimplementation challenges in contracting and intransferring data and responsibilities from one contractor toanother.

In 2003, Congress authorized the Department to establish ademonstration program for Recovery Audit Contractors(RACs) for the purpose of identifying underpayments andoverpayments and recouping overpayments under part A or

B of the Medicare program. Under this authority,Congress provided for payments to RACs on a contingentbasis for detecting and correcting overpayments andunderpayments. In 2006, Congress mandated that theDepartment implement RACs on a nation-wide andpermanent basis. These RACs will cover all 50 States by2010. CMS reported that the RAC demonstration projectsuccessfully returned almost a billion dollars to Medicare,represented a new mechanism for detecting improperpayments, and provided CMS with a tool for preventingfuture improper payments. CMS will require RACs to helpdevelop plans designed to address vulnerabilities identifiedduring their reviews. OIG is determining whether the

demonstration RACs have referred cases to lawenforcement. OIG and CMS are working together toensure appropriate referrals of suspected fraud under thepermanent RAC program.

As part of the Medicaid Integrity Program, CMS hasrecently hired contractors to perform data analysis to detectaberrant billing patterns and to audit claims to identifyimproper payments. In addition, the Medicaid IntegrityGroup is working to develop a Medicaid data engine tocombine State Medicaid claims data to facilitate detectionof fraud, waste, and abuse. Further, CMS plans to enhancethe data available to monitor payment accuracy and

integrity across the Medicare and Medicaid programs. Tothis end, CMS is working to develop an Integrated DataRepository (IDR), which would warehouse data onMedicare Parts A, B, and D and DME, as well asMedicaid. To this end, in 2007 CMS began developing anIntegrated Data Repository (IDR), which CMS indicateswill eventually contain all Part A, Part B, DME, HHA, andkey Part D data, as well as Medicaid. The prospect of sucha comprehensive data warehouse holds considerable

promise for detecting and preventing fraud, waste, andabuse; however, the system is still under development.

Despite the progress described and plans for futureenhancements, the Department needs to make continuedimprovements in oversight and monitoring to meet thechallenges identified. As fraud schemes become moresophisticated and migratory, the use of advanced dataanalysis to monitor claims and provider characteristicsbecomes even more important. (See ManagementIssue 5 for further discussion of this issue.) Neededimprovements in using data analysis to support programoversight include sufficient access to data forinvestigations and analysis; uniform, comprehensive dataelements; more timely collection and validation of data;robust reporting of program data by States and others;interoperability of systems; consistent data extractionmethods; and the ability to draw and analyze claims andprovider data across Medicare Parts A, B, C, and D andMedicaid.

Management Issue 5: Response to Fraud and Vulnerabilities in Federal Health Care Programs MANAGEMENT CHALLENGE AND ASSESSMENT OFPROGRESS IN ADDRESSING THE CHALLENGE:

Responding to fraud and program vulnerabilities requires ahigh degree of coordination and collaboration betweenmultiple Federal and State agencies and contractors.Federal health care programs are built upon an extensiverange of regulations, program requirements, and paymentmethodologies, which are often the result of detailed

rulemaking and programmatic balancing of competingstakeholder interests. The size and complexity of Federalhealth care programs also make implementing acomprehensive and swift response to fraud andvulnerabilities difficult. Adding to this complexity, theMedicare administration and program integrityresponsibilities are divided among a variety of contractors.Similarly, Medicaid and CHIP have their own uniquesystems and contractors. Further, the programscollectively compile an enormous amount of data onpatients, providers, and the delivery of health care itemsand services, which are often housed in many locationswith different data infrastructures. Operating within thiscomplex framework, it is often difficult for the programs torespond nimbly in the face of an identified vulnerability,which can result in significant monetary losses before anappropriate remedy or sanction is applied.

OIG’s work has identified fraud and vulnerabilities acrossmany areas of the Department’s health care programs. Seealso Management Issues 1-4. It is a challenge for theDepartment to prioritize and respond to the most seriousvulnerabilities in the face of limited resources toimplement the response. Further, once perfected, many





fraudulent schemes are easily replicated and moved virallythrough communities and across the country. Lawenforcement may respond with criminal prosecutions inone jurisdiction only to see the scheme transplanted andreplicated in another part of the country. Fraud schemesare also becoming increasingly sophisticated and oftenevolve in response to Government’s detection andenforcement efforts. An effective response must be swift;too often, program funds are lost and unrecoverable by thetime data are analyzed and the fraud scheme is detected.

These and other factors create conditions that are ripe forthose who would take advantage of the Federal health careprograms. In the face of this significant managementchallenge, the Department brings to bear a lawenforcement response through OIG and a programmaticresponse through CMS.

Law Enforcement Response

On May 20, 2009, the Secretary and the Attorney Generalfor the United States Department of Justice announced thecreation of the Health Care Fraud Prevention andEnforcement Action Team (HEAT) joint task force tocombat health care waste, fraud, and abuse. Among otheractivities, HEAT is building on the successful MedicareFraud Strike Force initiated in south Florida by expandingStrike Forces to other metropolitan areas across thecountry. These Strike Forces use advanced data analysistechniques to identify criminals operating as health careproviders and detect emerging or migrating fraud schemes.

One goal of the Strike Forces is to decrease the time

between the Government’s detection of a fraudulentscheme and the arrest and prosecution of the offenders.The Strike Force model is designed specifically to addressthe challenges to quick response and has proven to beparticularly effective against schemes that have beenspread quickly and virally in local communities, wherecriminals have discovered how to circumvent programcontrols and then quickly replicate the schemes. Bycreating organized teams of prosecutors and Federal, State,and local, the Strike Force brings a high level of coordination among law enforcement authorities. Thisincreased coordination, combined with rapid Medicarebilling analysis and close relations with financialinstitutions, is intended specifically to accelerate theGovernment’s response to fraud schemes. Equallyimportant, the Strike Force attempts to identify programweaknesses and lessons drawn from these cases and tocommunicate rapidly those program vulnerabilities, alongwith recommendations for improvement, to CMS. StrikeForce teams are operating in Miami, Los Angeles, Detroit,and Houston. As of September 30, 2009, Strike Forceefforts have resulted in the filing of charges against423 individuals or entities, 187 convictions, and $226million in investigative receivables.

The Strike Force model provides significant benefits andhas produced substantial results and return on investment;yet, even this model continues to face challenges inresponding quickly and effectively to fraud. For example,the success of a Strike Force depends upon having timelyaccess to claims data, which enables law enforcement torespond quickly to stop fraudulent billing and recoverstolen funds before the perpetrators have fled. However, insome cases, timely access to data has been impeded byvariations between how quickly contractors can respond,contract limitations, competing data requests, and otheroperational challenges. In some cases, data may not existin a usable form across different service areas, making itharder to identify fraud schemes. Although efficient, theStrike Forces depend upon having prosecutors and agentsavailable to pursue the cases and resources are limited.

In addition, not all types of fraud may lend themselves to aStrike Force model of enforcement. The model appears

most effective when fraud is concentrated geographicallyand among particular services and provider types. Thistends to occur among providers/services with low barriersto entry, such as DME, home health, physical/occupationaltherapy, and infusion therapy, and often includesfraudulent schemes, such as billing for services notrendered and kickbacks to providers or beneficiaries. Yetlaw enforcement responds to many other types of healthcare fraud and vulnerabilities, including complex corporatefrauds; document-intensive cases against pharmaceuticalmanufacturers for false claims arising from off-label drugmarketing and other violations; serious quality-of-careviolations; cases involving difficult issues of medical

necessity; and cases arising in rural, as well as urban, areasacross the country.

Federal Health Care Program Responses

Law enforcement alone will not eliminate fraud and abuse;yet even where vulnerabilities are accurately identified, itcan be a significant challenge for the Department torespond effectively and ensure that the problems arecorrected. For example, during the 2007 unannounced sitevisits to DME suppliers in south Florida (described inManagement Issue 1), OIG found that 491 of the suppliersfailed to meet Medicare standards; CMS revoked thesesuppliers’ billing privileges. Nearly half of these suppliersappealed the revocations and received hearings and91 percent had their billing privileges reinstated. Two-thirds of those suppliers have subsequently had theirprivileges revoked, and some individuals connected toreinstated suppliers have been indicted. OIG found thatbecause there are no criteria regarding the types of evidence necessary to reinstate providers’ billingprivileges, hearing officers made their decisions based on avariety of evidence. CMS agreed that it should considerestablishing consistent guidelines regarding the evaluation





of evidence that a hearing officer will review during theappeal process, and this will be a challenge for theDepartment going forward. OIG intends to assess otherMedicare contractors’ use of enrollment screeningmechanisms and post-enrollment monitoring activities toidentify DME and home health agency applicants that posea risk of fraud to Medicare and will determine the extent towhich applicants omitted ownership information onenrollment applications, potentially circumventing theprogram’s safeguards in this area.

In a 2007 review, OIG found that CMS had limited successin controlling the aberrant billing practices of south Floridainfusion therapy providers. CMS and its contractors haveused multiple approaches, but none has proven effectiveover time. CMS may take action against a particularprovider billing number, such as a payment suspension,billing number revocation, or requirement for prepaymentreview. Each of these tools has limitations with respect toits administrative burden and its ability to prevent payment

for fraudulent claims. One limitation of all these tools isthat they apply to specific provider billing numbers;however, fraudulent providers often bill using multiplebilling numbers, sometimes steal billing numbers fromlegitimate providers, and may reapply for new billingnumbers using false information (see related discussions inManagement Issues 1 and 4). Further, claims-processingedits have been effective in responding to aberrant billingin the short term but have not had lasting effects. Althoughedits have reduced payments for particular codes, aberrantbillers tend to switch to new codes, undermining the edits’overall effectiveness.

Another challenge for the Department is to respond todetected vulnerabilities by suspending payments toproviders upon credible evidence of fraud. Paymentsuspension must be used judiciously with safeguards toprotect the rights of providers while also protecting theprograms. This is critical in an environment where claimsare submitted electronically and paid electronically andlarge sums of money may be paid by the Government in avery short period of time if the payment suspension is notimplemented in a timely manner. This challenge isheightened because when defendants challenge CMS’slegal authority to suspend payments, the Government oftencannot reveal the source of its investigative information to

the target in the midst of the fraud investigation.

The Department, including OIG, must continue to work with its many partners to respond to vulnerabilities in thecurrent Federal health care programs. The Departmentmust work to reduce improper Medicare and Medicaidpayments resulting from fraud, waste, and abuse across allservice areas by addressing known vulnerabilities andweaknesses. OIG’s “Compendium of UnimplementedRecommendations” includes many significant

vulnerabilities and recommended responses requiringaction by the Department or Congress. The Department,including OIG, must also continually identify new risksposed by the changing dynamics of Federal health careprograms and the evolving nature of fraud and abuseschemes as well as effective responses to remediate thoserisks.

Management Issue 6: Quality of Care


Ensuring quality of care for beneficiaries of Federal healthcare programs continues to be a significant challenge forthe Department. This challenge has many facets, such asensuring that the Department adequately oversees healthcare providers’ compliance with quality-of-care standardsand ensuring that beneficiaries of the Federal health careprograms do not receive substandard care and are not

subject to abuse and neglect. The Department also faceschallenges in adopting tenets of the patient safetymovement, which focuses on improving care deliverysystems through quality improvement initiatives,measurement, and reporting.

Oversight of Compliance with Existing Quality Standards

Overseeing compliance with existing quality standardsthrough certification and accreditation processes representsa challenge for the Department. Ensuring that hospitals,skilled nursing facilities, and home health agencies, amongother provider types, meet those standards is an enormous

undertaking, but necessary to afford the public someexternal assurances about the adequacy of care practices,systems, and physical facilities.

Ensuring quality care for nursing home residents continuesto be a significant challenge. For example, in 2008, OIGdetermined that over 90 percent of nursing homes surveyedfor compliance with Federal regulations were cited fordeficiencies, most commonly for quality of care, residentassessment, and quality of life. OIG is currentlyconducting a related study looking at skilled nursingfacilities’ compliance with regulations regarding residentassessment, care planning, and discharge planning. Inother ongoing work, OIG is examining atypicalantipsychotic drugs that are prescribed for nursing homeresidents.

In addition, OIG is examining quality of care issues inhome and community-based settings. In 2008, OIGreviewed home health agencies with patterns of noncompliance. Fifteen percent of home health agencieswere cited for the same deficiency on three consecutivesurveys. OIG also found that CMS oversight could beimproved by using historical information about





deficiencies to identify at-risk home health agencies. OIGis currently reviewing whether Medicaid-funded home-and community-based waiver programs and assisted livingfacilities comply with State and Federal requirements toensure the health and welfare of service recipients.

The Department has made some progress in ensuring thatproviders comply with existing quality standards. Forexample, CMS continues to expand its Special FocusFacility (SFF) program and plans to increase the number of SFF nursing homes beginning in FY 2010. Under the SFFprogram, nursing homes with the worst surveyperformance undergo enhanced monitoring. OIG plans toreview CMS oversight of poorly performing nursinghomes, including SFFs. CMS has also tasked its QualityImprovement Organizations (QIO) to work with providerson improving their performance on specific clinicalmeasures related to patient safety and disease prevention.The agency is rolling out a revised nursing home surveyprocess, called the Quality Indicator Survey. CMS reports

that 16 States are using this enhanced, data-driven surveyprocess. CMS also reports that it has drafted a proposedrule that will establish requirements for unannounced,standard, and extended surveys of home health agenciesand provide for various intermediate sanctions

Protecting Beneficiaries From Substandard Care and From Abuse and Neglect

Protecting beneficiaries of Federal health care programsfrom substandard care and from abuse and neglect byproviders is an ever-present challenge for the Department.Identifying and addressing instances of substandard care is

a central part of this challenge.

OIG investigations and enforcement cases demonstrate thatsome beneficiaries receive substandard care or are abusedand neglected by providers. To illustrate, in August 2008,Grant Park Care Center, a skilled nursing facility in theDistrict of Columbia, agreed to pay $2 million to resolveOIG allegations that it failed to provide basic nursing careto many residents, resulting in serious patient harm. InJune 2008, OIG alleged that Ivy Ridge Personal CareCenter in Pennsylvania physically abused residents anddenied them necessary food and medicine. As a result of OIG’s investigation, the home was closed and OIGexcluded the owner from participating in Federal healthcare programs.

Complex ownership arrangements that include multiplelayers of entities present a particular challenge for holdingnursing home owners accountable for substandard care.OIG investigations have found instances in which nursinghome owners have used such arrangements to avoidaccountability for failing to provide necessary and requiredcare. Through these complex corporate structures, ownersdivert funds from resident care. While investigating

nursing homes for substandard care, OIG found 1 facilitywith as many as 17 limited liability companies that playeda role in the facility’s operations and ownership.

The Department’s primary program for addressingsubstandard care is Medicare’s QIO program. The QIOprogram includes, among other things, medical review of beneficiary complaints and quality improvement activities.However, in a 2007 report, OIG found that only 11 percentof cases reviewed by QIOs were for quality-of-careconcerns and that QIOs rarely initiated sanction activityafter confirming a quality-of-care concern. Moreover, inOIG’s experience, QIOs routinely fail to respond to OIGreferrals regarding beneficiary care.

The Department has several other programs and initiativesto help ensure that beneficiaries are free from abuse andneglect. The Department relies, in part, on the StateMedicaid Fraud Control Units, which are funded on a75-percent matching basis by the Department, to

investigate and address abuse and neglect in State-regulated Medicaid facilities. In addition, Congressrecently renewed and expanded CMS’s seven-StateBackground Check Pilot Program, which is intended toidentify efficient, effective, and economical procedures forchecking the backgrounds of employees with direct accessto patients. OIG is currently evaluating whether and towhat extent nursing facilities employ individuals withcriminal convictions.

The Patient Safety Movement and Incentives for Quality Improvement

The Department faces challenges in adopting tenets of thepatient safety movement, which focuses on qualityimprovement, measurement, root cause analysis, andpublic reporting, in a manner consistent with its ownmission and responsibilities as a purchaser of health care.

OIG’s recent work underscores the significance of thischallenge. For example, OIG reported on the extent towhich States have established adverse event reportingsystems, finding that only half the States have adoptedsystems. Further, States collect different types of eventsand lack consistent definitions, which create substantialchallenges to compiling State data to develop benchmarks.In a case study of two counties, OIG found that about15 percent of hospitalized Medicare beneficiariesexperienced adverse events that resulted in harm. OIG iscurrently expanding this work to calculate a nationalincidence rate of adverse events for the Medicarepopulation and will examine the incidence of adverseevents for Medicaid recipients. OIG is also assessingissues associated with public disclosure of adverse eventinformation and reviewing the early implementation of CMS’s nonpayment policy for select hospital-acquiredconditions.





The Department also faces a challenge in working withvarious types of health care providers to ensure that theyare knowledgeable about and consistently implementquality improvement processes. Recent OIG effortspromoted providers’ incorporation of quality assurance andimprovement into voluntary compliance programs. Forexample, OIG sponsored two roundtables, one with thelong-term care industry and one with the hospital industry,to explore how best to involve boards of directors andtrustees in quality matters. For providers with multiplelocations, OIG’s work has stressed the importance of company-wide and corporately driven quality assuranceand improvement systems, as opposed to relying solely onfacility-based programs.

The Department has implemented a number of programs aspart of the ongoing challenge to become a more prudentpurchaser of quality health care. For example, CMS’svalue-based purchasing initiative links enhanced payments

to reporting quality measures. To report these measurespublicly and move toward rewarding providers based onperformance, however, CMS must ensure that reporteddata are complete and accurate. Looking forward, OIGwill examine hospitals’ controls regarding the accuracy of data reported to CMS. OIG will also begin to reviewCMS’s pay-for-performance initiatives, which areunfolding in varied settings. As an increasing number of States implement pay-for-performance systems inMedicaid, OIG will also determine whether States havesufficient controls to ensure appropriate incentivepayments in Medicaid programs aimed at rewarding high-quality care.

CMS is also conducting demonstrations to improve carefor individuals with chronic diseases, to improve thequality of transitional care, and to prevent unnecessaryhospital readmissions. Looking forward, OIG will analyzehospital readmissions.

The Department continues to play a leadership role inmaking quality-related data, such as hospital, nursinghome, and dialysis ratings, available to consumers. In2009, CMS began posting its Five-Star Quality RatingSystem on the Nursing Home Compare Web site, whichrates nursing homes on a variety of quality measures. In

addition, QIOs provide technical assistance concerningquality improvement processes and best practices todifferent providers. The Agency for Healthcare Researchand Quality (AHRQ) has also made considerable progressin implementing Patient Safety Organizations, which willplay an important role in collecting and studying dataregarding adverse events. CMS reports that in Medicaidand CHIP, CMS is are working with AHRQ to increase thequality and transparency of information available regarding

children’s health care and identifying children’s measuresthat can be reported from a hospital setting.

Future Challenges

The population is aging and the delivery of health care isevolving because of new technologies and evolvingpayment methodologies. As a result, ensuring thatbeneficiaries receive quality care in all settings willbecome even more complex in the years ahead. Theincreased use of health information technology andelectronic health records also holds promise to improve thequality of care within and across settings. CMS reportsthat health information technology and electronic healthrecords are a focus for Medicare, Medicaid and CHIP.However, these developments may also present their ownunique challenges that have yet to be identified. For moreinformation on issues associated with health informationtechnology, see Management Issue 11.

PART 2: INTEGRITY OF THE DEPARTMENT’SPUBLIC HEALTH AND HUMAN SERVICESPROGRAMS

The Department also faces challenges in ensuring theintegrity of its public health and human services programs.These include efforts to effectively prepare for and respondto a public health emergency; oversight systems forensuring the safety of food, drugs, and medical devices;and oversight of the awarding, appropriate use, andeffectiveness of departmental grants.

Management Issue 7: Emergency Preparedness and

Response


Events like Hurricanes Katrina and Rita, and more recentlythe outbreak of the H1N1 virus, highlight the importanceof a comprehensive national public health infrastructurethat is prepared to respond rapidly and capably to publichealth emergencies. The ability to effectively prepare forand respond to a public health emergency requiresplanning, coordination, and communication across a widerange of entities, including Federal agencies; States,localities, and tribal organizations; the private sector;individuals and families; and international partners. Thiscombination of organizations with significantly differentroles and organizational structures poses unique andunprecedented demands on the Department.

Since 2002, the Department has provided over $8 billion toStates and localities through various programs to enhancetheir emergency preparedness activities and to betterenable them to respond to large-scale, natural or man-madepublic health emergencies, such as acts of bioterrorism or





infectious disease outbreaks. (See Management Issue 8 fordiscussions of preparedness for and response to food-borneillness and related emergencies.) In its January 2009Pandemic Influenza Preparedness Spending Report toCongress, the Department cited its progress in enhancingthe Nation’s pandemic preparedness by making strides inthe development and production of vaccine antigen andnew adjuvants for avian influenza (H5N1), which was thefocus of pandemic influenza planning prior to the April2009 outbreak of the H1N1 virus. The Department hasalso continued to work with States to improve theirpreparedness. However, OIG work assessing preparednessas recently as summer of 2008 shows both progress and theneed for significant improvements to the public and privatesectors’ preparedness and response to public healthemergencies.

State and Local Emergency Preparedness Planning

The Department provides guidance to States and localities

on the development of emergency preparedness plans.Documented emergency preparedness plans that arecohesive and contain sufficient detail are critical forensuring that States and localities are prepared for a publichealth emergency. However, variations in State and localhealth department structures and the size of populationsthey serve make it difficult to provide Federal guidance toprepare for an event, such as an influenza pandemic.

In its evaluation of the Nation’s pandemic influenzapreparedness, OIG found that the majority of States andlocalities OIG reviewed had begun emergencypreparedness planning efforts; however, more planning is

needed. For example, in its evaluation of the States’ andlocalities’ medical surge preparedness, OIG found thatmost of the selected localities had not identified guidelinesfor altering triage, admission, and patient care during apandemic, as recommended. In its evaluation of preparedness to distribute and dispense vaccines andantiviral drugs during a pandemic, OIG found that selectedlocalities had not addressed in their planning documentsmost of the items identified in Department guidance.Based on the findings from its pandemic influenzapreparedness work, OIG recommended that theDepartment work with States to help localities improvetheir preparedness. In response to these recommendations,the Office of the Assistant Secretary for Preparedness andResponse (ASPR) stated that it has undertaken a number of activities to improve States’ and localities preparednessincluding updating its Medical Surge Capacity andCapability Handbook to further assist State health caresystem planning efforts in the event of a pandemic.

Some States and localities have established adequateplanning documents; however, they vary in the extent towhich they exercise their emergency plans and addresslessons learned. For instance, in its review of States’ and

localities’ medical surge readiness, OIG found that all of the selected localities conducted medical surge exercises;however, none consistently documented the lessonslearned from these exercises. OIG had similar findings inits review of vaccine and antiviral drug distribution anddispensing. As a result, OIG recommended that theDepartment ensure that States and localities consistentlydocument their exercises and lessons learned from theexercises to improve their preparedness. ASPR stated inFY 2009 that it implemented a new standardized reportingtemplate to improve health care system exercisedocumentation and data collection.

In its audit of State agencies’ pandemic influenza fundingexpenditures in three States, OIG found that the States hadspent 51 percent (approximately $13.6 million) of theirtotal funding as of June 2008. States cited delays inCenters for Disease Control and Prevention (CDC)guidance and funding, and timing problems with theState’s fiscal year as the reasons why they spent only

roughly half of their total funds. States that OIG reviewedgenerally complied with most, but not all, Federal costrequirements. The three States spent approximately$1.2 million in unallowable or unsupported costs.

Federal and State Drug Storage and Laboratory Capability and Security

Early and accurate detection and reporting of biologicaland chemical agents are critical components of a nationalresponse. These threats include anthrax, influenza, nerveagents, and food-borne pathogens that cause outbreakssuch as E. coli and salmonella. It is also important that the

drugs used to treat these agents be available and effectiveduring a public health emergency. However, findings fromOIG’s work reveal potential vulnerabilities in the Nation’spreparedness to respond to these biological and chemicalthreats.

For example, weaknesses exist in our Nation’s laboratorysystem capability and security. CDC provides funds toStates, in part, to improve public health laboratorypreparedness. State public health laboratories rely onprivate clinical laboratories, which are not under theauthority of the State, to perform diagnostic tests orderedby physicians. Yet in its review of laboratory capacity,OIG found that not all clinical laboratories have the abilityto conduct initial screenings and refer suspiciousspecimens to a State laboratory, which could confirm thepresence of public health threats. OIG recommended thatCDC continue to assist States in meeting the requirementto decrease the time needed to detect and report biologicalpublic health threats, and CDC concurred with that overallrecommendation.

Additionally, OIG reviewed Department and externallaboratories for compliance with the regulations governing


http://www.cdc.gov/

http://www.cdc.gov/




select agents (i.e., pathogens or biological toxins that posea severe threat to public health and safety) and found thatmany laboratories did not adequately safeguard the agentsagainst theft or loss. Further, in its audits at universities, aswell as public, private, and Department laboratories, OIGfound problems with recordkeeping, access controls, ortraining, among other findings. Moreover, through itsauthority to impose civil monetary penalties againstentities that violate select agent regulations, OIG hascollected approximately $1.8 million in civil monetarypenalties for violations, such as conducting unauthorizedresearch with select agents, taking inadequate precautionsin shipping select agents, storing toxins in an unsecuredarea before transfer, and allowing unauthorized individualsaccess to select agents.

OIG is currently reviewing CDC’s CHEMPACK project,which places nerve agent antidotes in monitored storagecontainers in cities and States for immediate use in theevent of a chemical emergency. In its review, OIG will

determine the extent to which nerve agent antidotes werestored at the temperatures required by the Food and DrugAdministration (FDA). OIG will also review the extent towhich the CDC implemented procedures to ensure thequality of nerve agent antidotes in the CHEMPACKproject.

Lessons Learned From Real-Life Events

It is important that both the public and private sectorsprepare for large-scale public health emergencies, and it isequally important that they execute their plans in responseto an emergency. Therefore, it is essential that Federal,

State, and local entities identify vulnerabilities in, anddetermine the lessons learned from, responses to real-lifeevents.

For example, as efforts continue in restoring the health careinfrastructure in and around New Orleans after the Gulf Coast hurricanes, OIG continues to examine theDepartment’s disaster response to these events to highlightpotential vulnerabilities and lessons learned. OIG reviewsof the response to the Gulf Coast hurricanes revealedweaknesses in certain health care entities’ ability torespond to a public health emergency. For instance, OIG’sreview of nursing homes in five Gulf Coast States foundthat all the nursing homes reviewed experienced problemswith implementing emergency plans or impromptudecision making. Specifically, problems in the nursinghomes arose because of ineffective emergency planning orfailure to execute the emergency plans properly.Administrators and staff from selected nursing homes didnot always follow emergency plans during hurricanesduring our period of review because plans were not up-to-date or did not include instructions for particularcircumstances. Further, plans often lacked componentssuggested by Department guidance. OIG recommended

that CMS consider strengthening Federal certificationstandards for nursing home emergency plans andencourage communication and collaboration betweenStates and localities and nursing homes. OIG is currentlyconducting a follow-up evaluation of this study.

Similarly, in its review of the United States Public HealthService Commissioned Corp’s response to HurricanesKatrina and Rita, OIG found that the Corps providedvaluable support to the States but that it could improve itsresponse to public health emergencies. Particularly, OIGfound that many deployed officers met Corps readinessstandards but lacked experience, effective training, andfamiliarity with response plans. OIG recommended thatthe Corps stagger deployments to ensure that experiencedofficers were in the field. OIG also recommended that theCorps implement more training for Corps officers. As of March 2009, the Corps had implemented all therecommendations noted in this evaluation, includingdeveloping more effective officer training programs and

staggering deployments to ensure continuity of operations.

Overall, the Department has made progress inimplementing some of OIG’s recommendations forimprovements to the Nation’s preparedness for andresponse to public health emergencies. However, tomitigate the vulnerabilities noted regarding thismanagement issue, the Department should provideadditional guidance to States and localities to improve theirpublic health emergency preparedness.

Management Issue 8: Oversight of Food, Drugs, and Medical Devices


Ensuring the safety and security of the Nation’s foodsupply, human and veterinary drugs, and medical devicesrepresents a significant challenge for the Department. Thatchallenge includes responding to emergencies related tofood safety, which often involves multiple State andFederal public health agencies. It also includes protectingthe rights, safety, and well-being of human subjects whoparticipate in clinical trials conducted here and abroad forthe products the Department regulates. It also includesensuring that medical products, once proven to be safe andeffective, and foods that are safe and lawful, are labeledand advertised appropriately. The increasingly globalizedmarket for food, drugs, and medical devices elevates thesignificance of these challenges.

Oversight of Food Safety

OIG reports have underscored the challenges that FDAfaces in tracing food through the distribution chain duringa food emergency and in monitoring food recalls. For





example, OIG conducted a food traceability exercise andfound that only 5 of the 40 products that OIG purchasedcould be traced through each stage of the food supply chainback to the farm or border. In addition, 59 percent of selected food facilities did not comply with FDA’srecordkeeping requirements, and those requirements wereinsufficient to ensure the traceability of the food supply. Inanother review, OIG found that FDA lacks the statutoryauthority to require manufacturers to initiate pet foodrecalls and did not always follow its procedures inoverseeing the recall of pet food tainted with melamine.Furthermore, FDA’s procedures were not always adequatefor monitoring recalls as large as those required in the petfood incident. These challenges related to recordkeeping,traceability, and recalls are significant because more than300,000 Americans are hospitalized and 5,000 die yearlyafter consuming contaminated foods and beverages. In afood emergency, FDA is responsible for finding thecontamination source and overseeing the voluntaryremoval by the manufacturers of the food products from

the supply chain.

Looking forward, OIG is reviewing FDA’s inspections of food facilities, its oversight of contractors that conductthose inspections, its oversight and operations related toimported food and feed products, its recall procedures forhuman food, and the extent to which it tested human foodfor contamination from melamine and other contaminants.

The Department has made progress toward ensuring thesafety of our Nation’s food supply, and toward that end, inMarch 2009, the President created the Food SafetyWorking Group. The group, chaired by the Secretaries of

this Department and the Department of Agriculture, willfoster coordination throughout the Government and work toward modernization of food safety laws for the 21stcentury by building collaborative partnerships withconsumers, industry, and regulatory agencies. Among itspriorities is establishing an incident command system tolink relevant agencies in emergencies. In addition, FDAopened field offices in China, India, and Costa Rica toconduct more inspections and work with local officials toimprove the safety of foods exported to the United States.

Oversight of Drugs and Medical Devices

OIG’s recent work highlighted the challenges FDA faces inreviewing generic drug applications in a timely manner.Generic drug applications increased at more than doublethe rate of FDA’s review resources in the last 5 years. In a2008 report, OIG found that FDA disapproved 96 percentof original generic drug applications under review in2006 because they did not meet FDA review standards.Furthermore, FDA exceeded the 180-day review for nearlyhalf of the original generic applications. FDA hasimplemented some changes that are consistent with OIGrecommendations to improve the generic drug approval

process. Specifically, FDA recently published a final rulethat required all its review divisions to review generic drugapplications and describe all deficiencies to the applicantwithin 180 days and issued additional guidance on whatinformation to include in their applications.

Other OIG work relates to the Department’s challenge inensuring that drugs, once determined to be safe andeffective, are marketed appropriately. For example, inSeptember 2009, Pfizer, Inc. and its subsidiary Pharmacia& Upjohn, Inc. (Pfizer), agreed to pay $2.3 billion toresolve criminal and civil liability arising from allegedillegal promotion of certain drugs. Pharmacia & Upjohn,Inc. agreed to plead guilty to a felony violation of theFood, Drug, and Cosmetic Act for misbranding Bextra, ananti-inflammatory drug pulled from the market in 2005,with the intent to defraud or mislead. The criminal fineand related forfeiture total $1.3 billion. Pfizer agreed topay $1 billion in a civil settlement to resolve allegations of illegal promotion of Bextra and three additional drugs. As

part of the settlement, Pfizer also has agreed to enter intoan expansive CIA with OIG. That agreement requires theimplementation of procedures and reviews to avoid andpromptly detect similar conduct.

In another example, in January 2009, Eli Lilly andCompany (Lilly) entered a $1.4 billion global criminal,civil, and administrative settlement to resolve allegationsthat it illegally marketed its antipsychotic drug Zyprexa. Inits plea agreement, Lilly admitted that from September1999 to March 31, 2001, it promoted Zyprexa forunapproved uses in elderly populations as treatment fordementia, including Alzheimer’s dementia. Lilly entered

into a 5-year CIA with OIG.

The scope of potential off-label marketing violations isvast. OIG is currently investigating many more allegationsof fraudulent marketing and promotional practices in thepharmaceutical and medical device industries and isreviewing over 100 sealed qui tam complaints involvingpharmaceutical and medical device fraud and abuse. Inaddition, OIG is increasingly using its administrativeauthorities to sanction individuals and entities engaged infraudulent and abusive practices in the pharmaceutical andmedical device industries. Even as cases are investigatedand enforcement remedies are pursued, the Department

faces the task of identifying systemic responses that canmitigate against off-label marketing.

OIG’s work has also increasingly focused attention on howthe Department oversees the safety of medical devices.FDA receives about 200,000 adverse event reports eachyear regarding medical devices. In a 2009 report, OIGfound that FDA does not use these reports in a systematicmanner to detect and address safety concerns aboutmedical devices. In future work, OIG will review FDA’s





oversight of medical device post-marketing surveillancestudies.

Oversight of Human Subject Protections in Clinical Trials

The Department’s ability to protect human subjectsenrolled in clinical trials remains a challenge that OIGcontinues to monitor. OIG is determining the extent towhich drugs marketed in the United States are approvedbased on data from foreign clinical trials. That work isalso determining the extent to which FDA oversees thosetrials. In 2007, OIG found that the lack of a clinical trialregistry and inconsistencies in inspection classificationsinhibited FDA’s ability to manage its oversight of clinicaltrials. OIG also found that FDA inspected only about1 percent of clinical trial sites during the FY 2000-2005period. FDA has taken steps to improve its oversight of clinical trials by recently finalizing rules to establish aregistry for institutional review boards.

As the agency tasked with ensuring the safety and efficacyof food, cosmetics, drugs, biological products, medicaldevices, and products that emit radiation, FDA facesimportant challenges with respect to these increasinglyglobalized markets. Despite the progress described, andplans for future enhancements, FDA needs to makecontinued improvements in oversight and monitoring withrespect to food safety, medical devices, and clinical trialsto meet the challenges identified. Looking forward, theDepartment will be further challenged by its new authorityto regulate the content, marketing, and sale of tobaccoproducts. FDA will need to collaborate with public healthleaders to develop and implement an effective public

health strategy that reduces the burden of illness caused bytobacco products.

Management Issue 9: Grants Management


The Department is the largest grant-awarding agency in theFederal Government. In FY 2008, the Departmentawarded $264 billion in grants. Almost 70 percent of themoney was for health care coverage under Medicaid andCHIP. The remaining 30 percent funded health and socialservice programs administered by the Administration forChildren and Families (ACF), the Health Resources andServices Administration (HRSA), the National Institutes of Health (NIH), and other Department agencies. Moreover,the American Recovery and Reinvestment Act of 2009

(Recovery Act ) provided a total of $27 billion for thetemporary expansion of these health and social serviceprograms for FYs 2009 and 2010. The size and scope of the Department’s grant expenditures make grantsmanagement a significant challenge for the Department.(See also Management Issue 10 for a discussion of broader

departmental challenges related to the oversight andimplementation of the Recovery Act . Challenges related tothe Medicaid and CHIP programs are discussed inManagement Issues 1 through 6.)

Adding to this challenge is the fact that unlike otherGovernment expenditures, the responsibility forperformance and management of a grant rests primarilywith the grantee, with limited Federal Governmentinvolvement in the funded activity. However, the grant-awarding agency retains oversight responsibility forensuring that funds are awarded and used appropriately andthat grantees comply with grant requirements. Recentstatutory changes, most notably through the Recovery Act ,have increased Federal agencies’ responsibilities forgrantee oversight.

OIG’s work in reviewing grant programs administered byACF, HRSA, and NIH has highlighted grants managementvulnerabilities and opportunities for improvements in the

Department’s oversight of grant funds and granteecompliance.

Improper Payments

Ensuring the appropriate use of grant funds is a challengefor the Department. OIG has identified improper paymentsmade under ACF’s Temporary Assistance for NeedyFamilies (TANF) and foster care programs, as well asHRSA’s Ryan White Comprehensive AIDS Resources

Emergency (CARE) Act program.

The Office of Management and Budget (OMB) lists TANF

as one of the programs that may be susceptible tosignificant erroneous payments. To assist ACF and theDepartment in establishing an improper payment rate asrequired by the Improper Payments Information Act of

2002 (IPIA), OIG statistically selected eight States toreview in FY 2008. The improper payment rates for sevenof these States ranged from 6 to 29 percent of the Federaldollars expended for the 1-year audit period, and OIGestimated that improper payments totaled $190 million.The eighth State did not cooperate with OIG, andnegotiations between that State, OMB, and the Departmentto conduct the improper payment review in 2009 failed.As a result, the Department will not be able to report animproper payment rate in the FY 2009 Agency Financial

Report or comply with IPIA requirements for the TANFprogram.

Similarly, OIG has identified improper payments withinthe foster care program. At the beginning of FY 2009, forexample, OIG and ACF officials recommended that theDepartment disallow $409.1 million in foster carepayments to one State. This amount included:





• $78.4 million in unallowable maintenance paymentsclaimed for unlicensed facilities or ineligible childrenthat OIG identified for the period October 1997through September 2002;

• $111.9 million related to issues with the per diem ratesused to charge the Federal Government for providing

foster care services. The time period for thisdisallowance was October 1997 through September2002; and

• $218.8 million in a projection made by ACF for theperiod October 2002 through June 2008, based ondisallowed amounts between October 1997 andSeptember 2002.

The Department agreed that the State should repay the$409.1 million in disallowed costs. However, as of August2009, the disallowance letter to the State has not been sent.

OIG has also identified improper payments made underHRSA’s Ryan White CARE Act program. During a2008 pilot review of a single territory, OIG determined thatover $24 million in services paid for with Ryan Whitegrant funds should have been covered by other healthinsurance. OIG extended this review to eight more States,and the combined draft and final results from 2009 haveuncovered an additional $10.2 million in overpayments fora 2-year period.

Other Grants Oversight Challenges

In addition to ensuring the appropriate use of grant funds,the Department is responsible for ensuring the integrity of the grants award processes and grantee compliance with

program requirements. However, OIG has identifiedvulnerabilities in these areas.

For example, OIG conducted risk assessments as part of itswork with the Department to ensure that agencies meettheir Recovery Act responsibilities. OIG’s risk assessmentof ACF highlighted the need for greater internal controlsfor TANF. OIG’s interim results indicate that the programmay be vulnerable to States manipulating caseloads toqualify for additional assistance. Furthermore, the recentbreakdown in controls in New York State’s release of TANF emergency funds for school supplies indicates thatadministrators may not have a full understanding of

Recovery Act requirements, nor have they implementedsuitably designed processes to ensure that clear guidance isprovided to recipients and Recovery Act funds areappropriately used.

OIG has also identified risks related to granteenoncompliance. For example, OIG found that althoughNIH’s National Cancer Institute had implementedprocesses to ensure the completeness and accuracy of grantees’ progress reports, 41 percent of progress reports

were received late. OIG also identified deficiencies inNIH’s financial oversight of grants and delays in closingout some grants. NIH agreed with OIG’srecommendations to initiate earlier and more frequentfollow-up with grantees to obtain required documents andto improve its grants monitoring, including by annuallyverifying grantees’ self-reported fund balances withexternal sources. In another example, OIG is concernedabout whether Head Start and Early Head Start programgrantees can provide safe environments, as required, as thenumber of enrolled children increases through theRecovery Act expansions of these programs. OIG isinitiating reviews in eight States to assess this issue.

Without proper controls to ensure the appropriate use of Federal funds and to oversee grantees, the Department’sgrant programs are at risk of fraud, waste, abuse, andineffectiveness. Expansions in the number and size of grants awarded by the Department will only magnify grantoversight vulnerabilities. OIG will continue to monitor

grants management challenges and recommendimprovements to the Department’s grants oversight, aswarranted.

PART 3: CROSS-CUTTING ISSUES

OIG has also identified three other Department-wide issuesthat are top management challenges. These includeassessing whether the Department is using Recovery Act

funds in accordance with legal and administrativerequirements and is meeting the accountability objectivesdefined by OMB; developing and maintaining adequateinternal controls over its information systems; and

effectively overseeing its ethics program.

Management Issue 10: American Recovery and Reinvestment Act Accountability and Transparency


As the Nation faced what is generally reported to be themost serious economic crisis since the Great Depression,the Recovery Act was enacted to promote economicrecovery and ameliorate the impacts of the recession. TheRecovery Act’s combined spending and tax provisions areexpected to cost $787 billion over 10 years, including morethan $499 billion in additional Federal spending and$288 billion in tax relief. The objectives of the Recovery

Act include preserving and maintaining jobs, assistingthose most affected by the recession, increasing economicefficiency by investing in technological advances inscience and health, and stabilizing State and local budgets.

The Recovery Act provides $166.6 billion to theDepartment to provide additional Federal assistance forhealth care, public health, and human services programs, as





well as to invest in research and health informationtechnology (health IT). The magnitude of expendituresand the potential impact of this funding on the economy,Federal and State budgets, program beneficiaries, andtaxpayers make it critical that Recovery Act funds are usedefficiently and effectively and are protected from fraud,waste, and abuse.

The Department’s Recovery Act funding spans across arange of agencies and programs. Some of the moresignificant funding is for:

• improving and preserving health care by providing an$87.5 billion temporary increase in the MedicaidFederal Medical Assistance Percentage (FMAP);

• accelerating the adoption of health IT through (1) theOffice of the National Coordinator for HealthInformation Technology ($2 billion) to coordinateFederal health IT policy and programs and foster theelectronic use and exchange of health information and(2) CMS ($44.7 billion) to make incentive payments toencourage physicians and hospitals to adopt and usecertified electronic health records in a meaningfulway;

• improving children and community services byproviding ACF with over $12.3 billion to temporarilyexpand the TANF, child support, Head Start, childcare development, and community services programs;

• strengthening scientific research and facilities byproviding $10.4 billion to NIH; and

• strengthening community health care services byproviding HRSA with $2.3 billion to construct andrenovate new centers, to expand health care services,and to train health care professionals.

The majority of the Department’s Recovery Act fundingincreases Federal funding for existing programs. OIG hasconducted extensive work and identified managementchallenges specific to these programs. Challenges relatedto Medicaid are discussed in detail in Management Issues1 through 6 of this document. Challenges related toprograms and grants administered by ACF, NIH, and

HRSA are presented in Management Issue 9. Finally,challenges related to health IT are discussed inManagement Issue 11.

Implementation and oversight to ensure accountability andtransparency of Recovery Act funding present significantmanagement challenges. The Recovery Act funds are to beawarded and distributed within short timeframes.Awarding and distributing funds quickly is important to theRecovery Act’s objectives to stimulate economic growth

and ameliorate the impacts of the recession. Expeditingthe awards process, however, also creates challenges forthe Department in ensuring that funds are distributed toqualified recipients and are used appropriately andeffectively. Further, creating or expanding programs mayincrease the number of new recipients that may lack experience with Federal requirements for grantees andcontractors.The Recovery Act also established new reportingrequirements related to the awarding and use of funds topromote transparency and accountability. Challengesassociated with the new reporting requirements includedeveloping the systems and infrastructure for collectingand reporting the required information, educatingrecipients about the reporting requirements, validating thereported information, and using the collected informationeffectively to monitor and oversee Recovery Act programsand performance. These new reporting requirements are inaddition to the information that some recipients of Recovery Act funds must also provide for similar activities

funded outside the Recovery Act , creating multiple andinconsistent reporting requirements.

Overseeing and protecting the integrity of Recovery Act

funds is a shared responsibility requiring coordinationamong agencies within the Department and with States andother entities. The Department has established the Officeof Recovery Act Coordination (ORAC), headed by aDeputy Assistant Secretary for Recovery ActCoordination. Department agencies administeringprograms and activities funded by the Recovery Act areresponsible for ensuring the appropriate awarding,distribution, use, and reporting of Recovery Act funds.

OIG is charged with overseeing the Department’sexecution of these responsibilities and with preventing anddetecting fraud, waste, and abuse. In addition, theRecovery Act established the Recovery Accountability andTransparency Board (RATB), consisting of 12 InspectorsGeneral, including the HHS Inspector General, tocoordinate and conduct oversight of funds distributedpursuant to the Recovery Act to prevent fraud, waste, andabuse and promote accountability and transparency. TheRATB administers the Government’s Recovery.gov Website. State agencies also have essential roles in overseeingRecovery Act funds, particularly those that increase Federalcontributions to State-administered programs, such as

Medicaid, TANF, and community services programs.Some States have raised concerns about having adequatefunds for the administrative costs associated with meetingRecovery Act oversight and reporting requirements.

Together, OIG and the Department are working to ensurethat the Department meets its Recovery Act responsibilities.Ongoing activities include minimizing risk; assessingcontrols for preventing fraud, waste, and abuse; andensuring program goals are achieved and stimulus funds





are accurately tracked and reported. Initial steps, forexample, include:

• outlining the process for obtaining meaningfulcoverage by single audits (the financial andcompliance audits required of all recipients of

$500,000 or more in Federal funding) to assist indetermining whether the accountability objectives aremet (i.e., that the recipients, uses, and benefits of allfunds are transparent to the public; funds are used forauthorized purposes; and instances of fraud, waste,error and abuse are mitigated);

• reviewing the spending plans for each Recovery Act

initiative with a focus on the purpose of funding,means of execution, method of selection, intendedrecipients, and accountability measures;

• conducting a risk assessment covering $72.7 billion of the $76.4 billion allocated to Health IT and non-Medicaid programs;

• reviewing the Department and State controls to ensurethat the temporary increase in the FMAP isimplemented as intended by the Recovery Act ;

• reviewing training and qualifications of Departmentalpersonnel responsible for overseeing Recovery Act

funds;

• reviewing the implementation plans for Recovery Act

initiatives or programs with a focus on objectives,performance measures, monitoring and evaluation,

transparency, accountability, and barriers to effectiveimplementation; and

• developing a screening process to identify applicantsfor Recovery Act funds that are under investigation byOIG.

In addition, the Recovery Act requires OIG to investigatealleged instances of retaliation against whistleblowers whodisclose the potential misuse of Recovery Act funds. OIGis preparing for a possible influx of complaints by updatingits hotline and tracking systems and training agents on theevaluation and investigation of such whistleblower

complaints.

Although the Department faces challenges in ensuring theaccountability and transparency of Recovery Act funds, theDepartment’s and OIG’s efforts underway, including theuse of risk assessments, may have long-term benefits forDepartment programs even beyond the expenditure of Recovery Act funding.

Management Issue 11: Health Information Technology and Integrity of Information Systems


Over the past decade, the development and implementationof interoperable health IT has become a national priority.The Federal Government has recognized the potential forhealth IT to revolutionize the delivery of medical care byboth improving quality and lowering costs. In 2004, thePresident issued Executive Order 13335 to create theOffice of the National Coordinator for Health IT (ONC)within the Department of Health and Human Services.ONC was tasked with the goal of achieving access to aninteroperable electronic medical record for mostAmericans by 2014. Since then, the public and privatesectors have worked together to advance the vision of thenation-wide adoption of interoperable health IT, whichincludes the use of electronic health records (EHR) and

electronic prescribing (e-prescribing).

The Department must balance the need to meet these goalswith its obligations to oversee the expenditure of Federalfunds in pursuit of health IT objectives. For example, theHealth Information Technology for Economic and Clinical

Health (HITECH) Act , as part of the Recovery Act ,includes a wide array of mandates, contracts, grants, loans,incentives, and penalties aimed at promoting thewidespread and secure use of interoperable health IT. TheHITECH Act also tasks the Department, with ONC as thelead, with adopting standards and establishing agovernance mechanism for the nation-wide health

information network (NHIN), through which health data,such as EHR and e-prescriptions, will be exchanged. Thegoals of these provisions are also supported byunprecedented funding to encourage the adoption of healthIT—an estimated $49 billion in spending over the nextseveral years.

Achieving the widespread use of electronic medicalrecords is an ambitious target, and it is imperative thatRecovery Act funds to support this goal be used efficientlyand effectively. The success of this massive undertaking,like that of any Government initiative, can be threatened byvulnerabilities created or overlooked during planning,funding, and implementation. In addition, with the pushfor increased adoption of health IT, there is also heightenedconcern among the public regarding the privacy andsecurity of their personal health information. Therefore,the Department must identify and address to the fullestextent possible, and as early as possible, suchvulnerabilities with respect to each of its health ITinitiatives.

The Department’s health IT management challengesidentified by OIG can be divided into two broad





categories: ensuring the integrity of the Department’sprograms to promote health information technology andensuring the integrity of information systems throughwhich health information is transmitted and stored.

Integrity of Health Information Technology Programs

Like any of the Department’s grants programs or contracts,Federal health IT initiatives are susceptible to potentialfraud, noncompliance, and inefficiency. Even before theenactment of the HITECH Act , OIG was engaged inmonitoring Federal health IT initiatives. For example, in2009 OIG initiated an assessment of Medicare Part D plansponsors’ implementation of CMS-mandated e-prescribingstandards. OIG found that most plan sponsors hadimplemented some of the mandated standards but that fewhad completely implemented all required standards.Another study, completed in 2008, examined the StateMedicaid Agencies’ health IT initiatives. OIGrecommended that States work with other Federal agencies

and offices in developing policies to protect patient privacyand data security and coordinate State Medicaid initiativeswith Federal health IT activities to ensure consistency withnational goals.

With the enactment of the HITECH Act , Federal initiativesto promote the use of health IT now include the adoptionof interoperability standards by the Secretary; payment of Medicare and Medicaid incentives for providers engagedin the “meaningful use” of health IT; HRSA grants for theacquisition of health IT; and ONC programs to facilitatethe adoption of health IT through health IT extensionprograms, State grants for health information exchange,

and development of an HIT workforce. OIG hasdeveloped a work plan to provide oversight to these areasto ensure that the estimated $49 billion in incentivepayments and health IT program funds are used in waysconsistent with the requirements in the HITECH Act andthe Department’s implementing regulations and policies.See Management Issue 10 for further discussion of challenges associated with the Recovery Act .

Integrity of Information Systems

The Department administers its wide array of programsthrough a mix of grants, contracts, and cooperativeagreements and as a payor of health benefits. As such, toaccomplish its mission, the Department relies on adistributed network environment that includes Federalagencies, State and local governments, grantees andcontractors, health care providers, and colleges anduniversities. This environment presents a significant

challenge for the Department to establish an informationsecurity program that protects critical infrastructure andassets and creates, monitors, and maintains an enterprise-wide baseline of core security requirements.

OIG has monitored the Department’s ability to meet thischallenge by determining whether the Department’sinformation system security controls are robust, as well asexamining its oversight over health care providers’compliance with the Health Insurance Portability and

Accountability Act of 1996 Security Rule (the applicabilityof which the HITECH Act has expanded and whoseenforcement been transferred from CMS to theDepartment’s Office for Civil Rights). OIG has performeddozens of independent audits of key departmental agencies,as well as audits of State and local governments,contractors, and hospitals. These audits have identifiedvulnerabilities in the areas of:

• network access and management;

• security program infrastructure, which includessecurity program documentation, contingency plandocumentation, accuracy of system inventory, andacknowledgment of management responsibilities;

• security training;

• personnel security, such as background checks anduser account management; contractor oversight;

• and the integration of security into major applications,which includes certification and accreditation,contingency plan testing, privacy impact statements,and annual self-assessments.

The HITECH Act will present a challenge to theDepartment’s processes for ensuring the confidentiality,integrity, and availability of critical systems and data. Inresponse, OIG will use the results of its risk assessments totarget its oversight and monitoring of the security controlsof the Department’s networks, as well as those of itscontractors and grantees.

Because of increasing recognition of the scope anddetrimental consequences of identity theft, OIG isincreasing its focus on medical identity theft, which canresult from breaches in information security. OIGinvestigations have uncovered an increasing number of fraud schemes involving stolen provider and beneficiary

identification numbers. In response, OIG issued aconsumer education brochure providing tips and resourcesto help beneficiaries protect themselves and Medicare frommedical identity theft and fraud. OIG will continue itswork in this area and make recommendations to theDepartment, as appropriate, regarding safeguards forpersonally identifiable information.





Management Issue 12: Ethics Program Oversight and Enforcement


The year 2008 marked the 30th anniversary of both theInspector General Act of 1978 and the Ethics in

Government Act of 1978, which established the Office of Government Ethics (OGE). Both statutes set the stage fora more robust framework and mechanism for ensuring theintegrity of the Federal workforce and Federal programs.

Government Ethics Programs and Conflicts of Interest of Department Employees

Pursuant to OGE regulations, the head of each Departmentand agency appoints a Designated Agency Ethics Official(DAEO) to oversee the ethics in government program. Atthe Department, OIG assists the DAEO, the Associate

General Counsel for Ethics, with oversight andenforcement of the Department’s ethics program. A keyfocus is ensuring that employees do not participate inofficial matters where they have a conflict of interest orwhere there may be impartiality concerns.

Monitoring for conflicts of interest continues to be achallenge for the Department. For example, OIG currentlyhas a study underway that will determine the extent towhich the CDC and its Special Government Employees(SGE) on Federal advisory committees complied withethics requirements. OIG is also planning to conductsimilar reviews of other Departmental agencies.

The Department has recently implemented some modelpractices, such as expanding oversight by monitoring thefinancial disclosure systems and the ethics trainingprogram department wide, providing instructor-led initialethics orientation to departmental employees, andproviding instructor-led annual ethics training to politicalemployees. The Department also provides face-to-faceinitial ethics orientation for incoming scholars and SGEadvisory committee members.

Another challenge for the Department is monitoring forconflicts of interest of a workforce that has becomeincreasingly reliant on contract workers. A recent revision

under the Federal Acquisition Regulation requirescontractors to have a written code of ethical conduct and topost information on how to report fraud. In response, OIGcreated an OIG hotline poster for use by Departmentcontractors. Also, as OGE releases guidance on conflict-of-interest considerations of contractor employees in theworkplace, OIG is developing internal training on thistopic to prepare for emerging issues involving contractorsworking in the Department. To examine the scope of thischallenge, OIG has plans to assess CMS’s process for

oversight and monitoring of contractors’ conflicts of interest.

OIG has also identified the lack of uniform procedures forresolving allegations of improper conduct as amanagement challenge within the Department. In 2008,OIG issued a report on how NIH handles allegations aboutemployee activities that might be criminal or improper.OIG’s evaluation found a lack of uniform procedures forhandling allegations and recommended that NIH develop aformal written policy for handling allegations. OIG alsorecommended that NIH maintain documentation detailinghow allegations are ultimately resolved. NIH concurredwith the recommendations and has since implementedthem in a new chapter of the “NIH Policy Manual.”

OIG also consulted with the Department regarding thenumber and quality of conflict-of-interest referrals that itwas receiving from across the various divisions in theDepartment. To improve the quality of referrals, OIG

created a comprehensive form for the DAEO and otherdepartmental ethics officials to use when referring conflict-of-interest cases. OIG’s ongoing relations with the Officeof General Counsel (OGC) Ethics Division, as well asregular interactions by OIG staff with the operating andstaff divisions, have yielded positive results with anincrease in the quality of the referrals, an increase in thenumber of referrals from various departmentalcomponents, and an increase in departmental officialsseeking input and guidance on conflict-of-interest matters.For example, OIG’s enforcement efforts in 2009 includedthe conviction of an employee of the National Library of Medicine, NIH, who was sentenced to 1 year probation and

160 hours of community service and ordered to pay a$200,000 fine as punishment for a felony violation relatingto conflict-of-interest regulations by failing to receiveapproval and failing to report finances from his outsideactivities. The employee admitted to receiving as much as$500,000 in unauthorized income from testifying as anexpert witness on toxicology issues in legal proceedings.

Oversight of Department Grantee and Researcher Conflicts of Interest

In addition to departmental employees and contractors,Federal grantees and non-Federal researchers playimportant roles in departmental programs, and theirconflicts of interest could bias these programs andultimately affect the public’s health and safety. Forexample, 80 percent of NIH research funding goes toextramural grantees, primarily to research universities thatundertake work pursuant to grants and contracts. Conflictsof interest among extramural grantees could compromisethe integrity of the research that the Department funds.Therefore, in addition to performing our work focused ondepartmental employees, OIG has also examined potential





conflicts of interest relating to Federal grantees and non-Federal researchers.

In a January 2008 report, OIG identified vulnerabilitiesassociated with NIH’s monitoring of conflict-of-interestreports submitted by external grantees in FYs 2004 through2006. OIG found that NIH’s Institutes and the Office of Extramural Research (OER) were unable to provide all theactual conflict-of-interest reports they received fromgrantee institutions and did not follow up with granteeinstitutions regarding reported conflicts of interest. OIGrecommended that NIH increase oversight of granteeinstitutions and require grantee institutions to providedetails regarding the nature of financial conflicts of interestand the ways in which they are managed, reduced, oreliminated and ensure that OER’s conflict-of-interestdatabase contains information on all conflict-of-interestreports provided by grantee institutions. Beginning in July2009, NIH began requiring all financial conflict-of-interestreports from grantees to be submitted electronically using a

uniform format in their systems.

In its follow-up, OIG examined the nature of financialconflicts of interest reported by grantee institutions to NIHand the ways in which grantee institutions managed,reduced, or eliminated these conflicts. OIG identifiedvulnerabilities, including grantee institutions’ reliance onresearchers’ discretion in reporting conflicts, failure torequire researchers to report amounts of compensation infinancial disclosures, and failure to routinely verifyinformation submitted by researchers. OIG continues torecommend that NIH request grantee institutions toprovide it with details regarding the nature of all reported

financial conflicts of interest and the ways in which theyare managed, reduced, or eliminated. OIG offeredadditional recommendations, including that NIH(1) require grantee institutions to collect all information onsignificant financial interests held by researchers and notjust those deemed by researchers to be reasonably affectedby the research; (2) require grantee institutions to collectinformation on specific amounts of equity andcompensation from researchers; (3) increase oversight of grantee institutions to ensure that financial conflicts of interest are reported and managed appropriately; and(4) develop regulations that address institutional financialconflicts of interest.

With regard to the last recommendation, OIG is currentlyundertaking a review to determine what policies andprocedures NIH grantee institutions have in place toaddress institutional conflicts of interest.

In considering potential changes to the Federal regulationsthat would address some of the current vulnerabilities, NIHsought to gain input from the public and researchcommunity on whether modifications are needed toFederal regulations addressing grantee conflicts of interest.In May 2009, NIH published an Advanced Note of Proposed Rulemaking on Promoting Objectivity inResearch. NIH invited public comments on all aspects of potential regulation in this area, particularly on thefollowing issues: (1) expanding the scope of the regulationand the disclosure of conflicts of interest, (2) the definitionof “significant financial interest,” (3) identification andmanagement of conflicts by grantee institutions, (4)assuring grantee institution compliance, (5) requiringgrantee institutions to provide additional information toNIH, and (6) broadening the regulations to addressinstitutional conflicts of interest.

OIG has also identified research conflict-of-interestvulnerabilities in other Department agencies. For example,

in 2009, OIG reported on vulnerabilities in FDA’soversight of clinical investigators’ financial interests.Clinical investigators lead clinical trials, recruit subjects,supervise trials, and analyze and report clinical trial resultsthat are submitted to FDA in new drug applications. TheOIG report highlighted vulnerabilities in the disclosureprocess and in FDA’s review of the disclosed financialinterests. OIG recommended that FDA ensure that newdrug sponsors submit complete financial information forall clinical investigators and that FDA consistently reviewand take action in response to disclosed financial interests.Finally, OIG recommended that sponsors submit financialinformation for their clinical investigators earlier in the

process. In its response to the report, FDA stated that itwill consider making changes to its “Guidance forIndustry: Financial Disclosure by Clinical Investigators.”It also updated its “Compliance Program GuidanceManual” chapter on Clinical Investigator inspections toensure that clinical investigators submit required financialinformation to sponsors. However, FDA did not agree thatsponsors should submit financial information for theirclinical investigators earlier as part of the pretrialapplication process.

Congress has passed conflict-of-interest statutes and OGEand the Department have promulgated ethics regulations to

help ensure that Department missions are not compromisedby conflicts of interest. Maintaining a heightened focus onethics in the Department will require a continued vigilanceby employees, grantees, and researchers.





[Page Intentionally Left Blank]




L e v i n s o n ~ z ~ f . 2r e t a r y FinMcial


DEPARTMENT’S RESPONSE TO THE OIG TOP MANAGEMENT AND PERFORMANCE CHALLENGES

Date: November 16, 2009

Richard J. Turman, Acting As for

To: Daniel R.

From: Resources and Chief Financial Officer

Subject: FY 2009 Top Management and Performance Challenges Identified by the Office of the Inspector General

This memorandum is in response to OIG’s FY 2009 Top Management and Performance Challenges, which summarized thetop management and performance challenges that the Department has faced over recent years.

We concur with OIG’s findings concerning the HHS top management and performance challenges. In response to OIG’sreport, we are providing the attached table which includes a brief summary of the top management challenges, management’sresponse, and future plans to address these challenges during FY 2010.

Our management is committed to working toward resolving these challenges, and looks forward to continued collaborationwith OIG to improve the health and well-being of the American people through our efforts.





FY 2009 Top Management and Performance Challenges Summary

Part I: Integrity of Medicare, Medicaid, Children’s Health Insurance Program

Management ChallengeIdentified by the OIG

OIG Progress Assessment Management ResponseFuture Plans to Address the

Challenge

1. Integrity of Provider and CMS has made progress in We agree with OIG’s Medicare administrative

Supplier Enrollment responding to enrollmentvulnerabilities, includingimplementing somemeasures aimed atenhancing enrollmentstandards for durablemedical equipment (DME)suppliers; additionalmeasures would furtherimprove integrity of providerand supplier enrollment.

assessment and are makingprogress to respond toenrollment vulnerabilities.CMS implemented newdurable medical equipment,orthotics, prosthetics, andsupplies (DMEPOS)suppliers AccreditationStandards and has alsoestablished a surety bondrequirement for allDMEPOS suppliers.

contractors and fiscalintermediaries are beingdirected to review capitaldisproportionate sharehospital (DSH) payments insupport of provider andsupplier eligibility. CMS isconfident it has thenecessary tools to ensure thatfuture DSH paymentscomply with all applicableFederal provider and

supplier requirements.2. Integrity of Federal HealthCare Program PaymentMethodologies

CMS is working to ensurethat payments are based onaccurate data, respond tochanges in the marketplaceand medical practice, andlimit the risk of fraud andabuse; however, many thepayment issues identified byOIG have not yet beenresolved.

CMS is making progress onissues with data used inpayment methodologies thathave affected both Medicareand its beneficiaries. CMSagrees it must be a prudentpurchaser of health care andmust work to ensure that theMedicare and Medicaidpayment methodologiesallow access to quality carewithout wasteful

overspending.

The Department is reactingto changes in themarketplace and medicalpractices so that theprograms continue toeffectively reimburse forquality care, while ensuringpayment incentives limit therisks of fraud and abuse.

3. Promoting Compliance CMS is partnering with CMS continues to participate Medicare and Medicaidwith Federal Health Care providers and suppliers in in the Provider Partnership providers are beingProgram Requirements adopting practices and

promoting compliance withprogram coverage, payment,and quality requirements.This includes education andguidance efforts, includingcontinued participation inthe Provider PartnershipProgram.

Program, and is partneringwith providers and suppliersin education and guidanceefforts.

encouraged to implementcompliance programs. CMSis creating an education,training, and outreachcampaign, which is designedto improve the plansponsor’s compliance withMedicare programrequirements.





Part I: Integrity of Medicare, Medicaid, Children’s Health Insurance Program (Continued)



Challenge

4. Oversight and Monitoringof Federal Health CarePrograms

CMS has efforts underway,including developingoversight tools such as theIntegrated Data Repository,to make neededimprovements to oversightand monitoring of Federalhealth care programs.

Progress continues as CMScontracts with outsideentities to perform oversightand monitoring functions forboth Medicare andMedicaid. Improving theintegrity of Medicare fee forservice payments is a toppriority at CMS.

CMS has plans to enhancedata systems available foruse by the contractors. CMSis committed to continuouslyimproving the Payment ErrorRate Measurement (PERM)program.

5. Response to Fraud and HHS is making progress in In conjunction with CMS will continue to work Vulnerabilities in Federal responding to fraud through accurately identified with its partners to respondHealth Care Programs law enforcement (through

OIG, in partnership with theDepartment of Justice) andby addressing programvulnerabilities (through

CMS). The Heath CareFraud Prevention andEnforcement Action Team(HEAT) is a collaborativeinitiative focused on fraudprevention and response.

vulnerabilities, CMSrevoked suppliers’ billingprivileges that failed to meetMedicare standards. CMSagrees that responding to

fraud and programvulnerabilities requires ahigh degree of coordinationand collaboration betweenFederal and State agencies.

to health care waste, fraud,and abuse.

6. Quality of Care CMS has made someprogress in ensuring thatproviders comply withquality standards, developinginitiative to protectbeneficiaries from abuse orneglect, and implementingpayment incentives linked toquality.

CMS continues to operate itsSpecial Focus Facility (SFF)program, monitoring nursinghomes with the worst surveyperformances. CMS agreesthat there are significantopportunities forimprovement in theBeneficiary ProtectionProgram and has launched aredesign of the program.

Quality ImprovementOrganizations (QIO) willwork with providers onimproving their performanceon specific clinical measures

related to patient safety in allStates.





Part II: Integrity of the Department’s Public Health and Human Services Programs



Challenge

7. Emergency Preparednessand Response

The Department workingwith State and local healthofficials has made progressin preparing for andresponding to public healthemergencies. They continueto work together in thedevelopment of emergencypreparedness and detectionplans for pandemicinfluenza, bioterroristattacks, and natural disasters.

The Department providedguidance to States andlocalities on the developmentof a tiered health careresponse structure, andseamless emergencypreparedness plandevelopment and integrationfor all-hazards health caresystem preparedness. Inaddition, an update to theMedical Surge Capacity andCapability Handbook wascompleted.

Progress continues towardhealth care systempreparedness, which requiresexercise and evaluationstrategies, includingevaluations of all tiers withinthe health care system.

8. Oversight of Food, Drugs, FDA has made progress in FDA opened field offices in FDA will continue toand Medical Devices ensuring the timely approval

and oversight of drugs andmedical devices. In FY2009, the Food SafetyWorking Group was createdto help ensure the safety of our Nation’s food supplyhowever; FDA continues toface challenges in tracingfood during foodemergencies.

China, India, and Costa Riceto conduct more inspectionsand work with local officialsto improve the safety of foods exported to the UnitedStates.

improve its generic drugapproval process in additionto its oversight of clinicaltrials.

9. Grants Management HHS made progress in

developing consistentpolicies and procedures tooversee Federal grantees andhas taken a key leadershiprole in the temporaryexpansion of health andsocial service programsunder the Recovery Act, dueto the Department’ssignificant grantexpenditures as the largestgrant-awarding agency in theFederal Government.

The Department continued to

establish practices regardingthe integrity of grant dataand its use, including granteereporting and closeoutprocedures. NIH created anew centralized processingcenter for the receipt of closeout documents, andreminds grantees of theirability to submit closeoutreports in the electronicresearch administration(eRA) Commons Closeout

Module.

Focus will continue on the

timely financial closeout of ended projects.





Part III: Cross-Cutting Issues that Span the Department



Challenge

10. American Recovery and The Recovery Act provided HHS established the Office The OIG and the DepartmentReinvestment Act. an estimated $167 billion

over 10 years to theDepartment to provideFederal assistance for healthcare, public health, andhuman services programs, aswell as to invest in researchand health informationtechnology (health IT). It iscritical that Recovery Act

funds are used efficientlyand effectively and areprotected from fraud, waste,and abuse.

of Recovery ActCoordination (ORAC) forensuring the appropriateawarding, distributing, use,and reporting of Recovery

Act funds. In addition theRecovery Act established theRecovery Accountability andTransparency Board(RATB), including the HHSInspector, to prevent fraud,waste, and abuse, whilepromoting accountability andtransparency.

will work together to ensurewe meet our Recovery Act

responsibilities. In addition,we will continue to preparefor a potential influx of complaints by updating ourOIG hotline and trackingsystems, and training agentson the evaluation andinvestigation of suchwhistleblower complaints.

11. Health InformationThe Department continues to The Office of the National Under the guidance of ONC,Technology and Integrity of make progress in ensuring Coordinator for Health IT the Department will continue

Information Systems the integrity of theDepartment’s programs topromote health informationtechnology, in addition toensuring the integrity of information systems throughwhich health information istransmitted and stored.

(ONC) provided nationalleadership in health ITadoption and electronichealth information exchange.The Health Information

Technology for Economic

and Clinical Health

(HITECH) Act highlightedONC’s leadership byproviding significant fundingand authority for theDepartment to promote the

use of health IT.

to improve health carequality, safety, andefficiency by establishingnew policies, and fosteringthe nation-wide healthinformation network (NHIN). The Departmentwill continue to collaboratewith partners with regards toprivacy, security, and datastewardship for electronicindividually identifiable

health information.12. Ethics Program NIH and FDA have The OGC Ethics Division HHS will adopt a number of Oversight and Enforcement implemented additional

measures to strengthen theirprocesses for reviewing andapproving outside activities.The OGC Ethics Divisioncontinues its ethics programoversight.

has responsibility foradministering theDepartment’s ethics programas it pertains to HHSemployees (including specialGovernment employees). Itcontinued to conduct internalreviews of OPDIV andSTAFFDIV ethics programsto ensure that these programsfunction effectively and that

conflicts of interest on thepart of HHS employees areidentified and resolved.

model practices to ensure thecontinued efficacy of theagency’s ethics programs,and will continue to work closely with the OIG in thehandling of referrals of conflict of interest violations.

fy 2009 top management and performance challenges identified by the office of the inspector general

Documents