recommended reading

States didn't cooperate on Medicaid data repository, official says

The Health and Human Services Department missed its 2010 deadline to roll all Medicare and Medicaid claims information into a single, integrated data repository because of limited cooperation and a mishmash of data forms at the state level, officials told lawmakers Tuesday.

The integrated data repository, which was launched in 2006, was designed to be an easily searchable database that would help Medicare and Medicaid workers quickly spot suspicious claims and claw back about $21 billion in improper payments by 2016.

Five years in, it includes most data about Medicare claims but almost no data on Medicaid claims, according to a Government Accountability Office report released in connection with Tuesday's hearing of the Senate Homeland Security and Governmental Affairs panel on financial management.

That's because the federal government didn't give states a strong enough incentive to cooperate with the data storage program and states were unwilling to commit their own dwindling budgets to it, Centers for Medicare and Medicaid Services Deputy Administrator Peter Budetti told lawmakers.

"They also had their data in many different formats and systems so the integration of all those data into one place was complicated," he said.

Medicare is managed by the federal government and primarily funds hospital visits and prescription drug costs for elderly people. Medicaid is managed by state agencies and mostly funds medical costs for people with low incomes.

The two programs together made about $70 billion in improper payments during fiscal 2010, either to outright fraudsters or to genuine program recipients who should not have been reimbursed for that specific claim.

Budetti told lawmakers he expects to have Medicaid data integrated into the repository by the end of 2014. Joel Willemssen, the Government Accountability Office's managing director for information technology issues, applauded that overall goal but urged senators to impose stricter deadlines along the way.

"I'm a little bit concerned with the change of going from an incremental approach to state Medicaid data to now saying they'll do all 50 states in 2014," Willemssen said. "In our experience doing things in an incremental fashion is a prudent, risks-based approach . . . I think you've got to hold the agency's feet to the fire and the best way is by setting specific deadlines about when things are going to get done."

GAO also faulted CMS for having trained only 41 people to use the online portal developed to access repository data, as of October 2010. The center had planned to have more than 600 people trained in the system by that point, GAO said.

CMS has trained an additional 55 people to use the system and expects to finish teaching all eligible staff and contractors by the end this year, Budetti said. The 639 figure is several years out of date, he said, and the total number of people trained in the system is unlikely to be that high.

During Tuesday's hearing, Budetti also plugged a predictive modeling tool CMS implemented July 1 that assigns a risk score to new Medicare claims based on factors such as suspicious billing patterns or a great distance between the hospital where treatment occurred and the claimant's home address.

Once CMS has gathered enough data to ensure its predictive modeling is accurate, it will begin halting and investigating suspicious payments before they go out instead of investigating them once they're already been paid, Budetti said.

Medicare is required by law to pay claims quickly, usually within 14 to 30 days, he said, which, in the past, has prevented the center from stopping improper payments before they go out.

Medicare pays out about $1 billion from roughly 4.5 million claims every workday, according to Budetti's prepared testimony.

The predictive modeling tool was developed by Northrop Grumman Corp. with a $77 million contract, Budetti told lawmakers, and is based on a modeling tool that Verizon has used to detect fraud in credit card payments.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.