This is the accessible text file for GAO report number GAO-14-39 
entitled 'Federal Employees Health Benefits Program: Oversight of 
Carriers' Fraud and Abuse Programs' which was released on December 
16, 2013. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

United States Government Accountability Office: 
GAO: 

Report to Congressional Requesters: 

November 2013: 

Federal Employees Health Benefits Program: 

Oversight of Carriers' Fraud and Abuse Programs: 

GAO-14-39: 

GAO Highlights: 

Highlights of GAO-14-39, a report to congressional requesters. 

Why GAO Did This Study: 

The FEHBP provides health care coverage to millions of federal 
employees, retirees, and their dependents through health insurance 
carriers that contract with OPM. Carriers offer plans in which 
eligible individuals may enroll to receive health care benefits. OPM 
negotiates these contracts; requires that each carrier establish a 
program to prevent, detect, and eliminate fraud and abuse; and 
oversees carriers’ fraud and abuse programs. Although the extent of 
fraud and abuse in the FEHBP is unknown, any fraud or abuse that does 
occur contributes to health care costs and may be reflected in the 
premiums for FEHBP enrollees. 

GAO was asked to review OPM’s oversight of FEHBP fraud and abuse 
programs. This report describes (1) oversight of fraud and abuse 
programs by OPM’s contracting office and (2) the OPM contracting 
office’s approach to measuring the effectiveness of FEHBP carriers’ 
fraud and abuse programs. To do so, GAO reviewed documents that 
specify program requirements and guidance, such as carrier contracts 
and letters from OPM to carriers; documents that assist oversight of 
fraud and abuse programs, such as annual reports that OPM requires 
from carriers; and documents demonstrating oversight of carriers, such 
as memos to carriers from OPM contracting office staff regarding 
carriers’ compliance. GAO also reviewed published work about measuring 
the effectiveness of antifraud programs. GAO interviewed OPM officials 
and officials from entities with expertise related to antifraud 
programs and measurement. 

What GAO Found: 

The Office of Personnel Management (OPM) Healthcare & Insurance—-
Federal Employee Insurance Operations office, which we refer to as 
OPM’s contracting office, monitors Federal Employees Health Benefits 
Program (FEHBP) carriers’ compliance with requirements and other 
guidance for preventing, detecting, and eliminating fraud and abuse. 
These requirements include establishing a program to assess 
vulnerability to fraud and abuse, reporting annually on program 
outcomes, reporting potential fraud to OPM’s Office of Inspector 
General (OIG), and implementing corrective actions to address 
deficiencies in fraud prevention programs. OPM’s guidance encourages 
carriers to implement certain program standards, such as formal fraud 
awareness training for all employees. To monitor carriers’ compliance 
with these requirements and other guidance, OPM’s contracting office 
staff conducts the following activities. 

* Review carriers’ annual reports: Staff review information contained 
in annual reports from carriers that describe the carriers’ fraud and 
abuse programs and their outcomes. Officials told us that they assess 
information in carriers’ annual reports against program requirements 
and guidance and follow up with carriers whose reports suggest 
possible noncompliance. 

* Conduct site visits: Staff also inspect and follow up on carriers’ 
fraud and abuse programs during periodic site visits. Using a risk 
based site selection strategy, OPM contracting office staff conducted 
site visits of 27 carriers whose plans covered about 70 percent of 
FEHBP enrollees in 2012. 

* Review and resolve OIG audit findings: Staff review and resolve OIG 
audit findings that identified areas of carriers’ noncompliance. 

* Review disputed claims and enrollee complaints: Staff review 
disputed claims and enrollee complaints to identify indicators of 
potential fraud or abuse, such as suspicious patterns of drug 
utilization. 

OPM contracting office staff review certain outcomes of carriers’ 
fraud and abuse programs, but several factors contribute to the 
challenge of assessing program effectiveness. Program outcomes in 2011 
included 29 criminal convictions and more than $23 million in 
recoveries to the FEHBP, but program outcomes do not provide complete 
information about program effectiveness because they do not measure 
the success of efforts to prevent or minimize fraud and abuse. OPM 
contracting office staff reported that they have not adopted specific 
measures of program effectiveness for FEHBP fraud and abuse programs 
because they have not identified an appropriate way to measure the 
effectiveness of antifraud programs. Several factors contribute to 
difficulties in assessing the effectiveness of health care antifraud 
programs. These factors include lack of information about the baseline 
amount of fraud and abuse, difficulty establishing a causal link 
between antifraud activities and the amount of fraud and abuse, and 
difficulty measuring the effect of efforts to prevent or deter fraud 
and abuse. 

OPM and the OPM OIG provided technical comments, which we incorporated 
as appropriate. 

What GAO Recommends: 

GAO made no recommendations. 

View [hyperlink, http://www.gao.gov/products/GAO-14-39]. For more 
information, contact Kathleen M. King at (202) 512-7114 or 
kingk@gao.gov. 

[End of section] 

Contents: 

Letter: 

Background: 

OPM's Contracting Office Monitors Compliance with Fraud and Abuse 
Program Requirements and Guidance by Reviewing Information and 
Conducting Site Visits: 

OPM Contracting Office Staff Review Fraud and Abuse Program Outcomes, 
but Several Factors Contribute to the Challenge of Assessing Program 
Effectiveness: 

Agency Comments: 

Appendix I: Requirements for Carriers and OPM to Report Information 
about Potential Fraud and Abuse: 

Appendix II: GAO Contact and Staff Acknowledgments: 

Figure: 

Figure 1: Requirements for Carriers to Report Potential Fraud or Abuse 
to OPM's Office of the Inspector General (OIG): 

Abbreviations: 

FBI: Federal Bureau of Investigation: 

FEHBP: Federal Employees Health Benefits Program: 

NHCAA: National Health Care Anti-Fraud Association: 

OIG: Office of the Inspector General: 

OPM: Office of Personnel Management: 

ROI: return on investment: 

[End of section] 

GAO:
United States Government Accountability Office: 
441 G St. N.W. 
Washington, DC 20548: 

November 14, 2013: 

The Honorable Thomas R. Carper: 
Chairman: 
Committee on Homeland Security: 
and Governmental Affairs: 
United States Senate: 

The Honorable Claire McCaskill: 
Chairman: 
Subcommittee on Financial and Contracting Oversight: 
Committee on Homeland Security and Governmental Affairs: 
United States Senate: 

The Federal Employees Health Benefits Program (FEHBP) provided health 
care coverage to about 8 million federal employees, retirees, and 
their dependents in 2012 through health insurance carriers that 
contracted with the federal government.[Footnote 1] Carriers offer 
plans through the program in which eligible individuals may enroll to 
receive health care benefits.[Footnote 2] The Office of Personnel 
Management (OPM) negotiates these contracts and requires that each 
carrier establish a program to prevent, detect, and eliminate fraud 
and abuse. Specifically, OPM's Healthcare & Insurance--Federal 
Employee Insurance Operations office, which we refer to as the 
contracting office, oversees carriers' performance, including their 
fraud and abuse programs.[Footnote 3] Although the extent of fraud and 
abuse in the FEHBP is unknown, any fraud or abuse that does occur 
contributes to health care costs and may be reflected in the premiums 
for FEHBP enrollees.[Footnote 4] Certain types of fraud and abuse may 
also result in harm to patients. 

In March 2012, OPM's Office of the Inspector General (OIG) issued a 
reportthat included a summary of its reviews of the fraud and abuse 
programs of the three largest FEHBP carriers and questioned their 
effectiveness.[Footnote 5] The results of the OIG's review of fraud 
and abuse programs raised concerns about carriers' compliance with 
fraud and abuse program requirements and OPM's oversight of these 
programs. You asked us to review OPM's oversight of FEHBP fraud and 
abuse programs. This report describes: 

1. Oversight of fraud and abuse programs by OPM's contracting office, 
and: 

2. The OPM contracting office's approach to measuring the 
effectiveness of FEHBP carriers' fraud and abuse programs. 

To describe the OPM contracting office's oversight of FEHBP fraud and 
abuse programs, we reviewed relevant laws, regulations, and OPM 
documents and we interviewed OPM officials. The OPM documents we 
reviewed included those that: 

* specify program requirements and guidance, such as carrier contracts 
and letters from OPM to carriers; 

* assist OPM in its oversight of carriers' fraud and abuse programs, 
such as annual reports from carriers, a questionnaire that OPM 
contracting office staff use when conducting site visits of carriers, 
and audit resolution guidelines that OPM contracting office staff use 
when resolving audits of carriers conducted by the OIG; and: 

* demonstrate OPM's oversight of carriers, such as correspondence 
among OPM contracting office staff, carriers, and the OIG regarding 
fraud and abuse program issues, and memos to carriers from OPM 
contracting office staff describing how OPM contracting office staff 
used information from oversight activities to reward or penalize 
carriers' compliance or noncompliance with fraud and abuse program 
requirements. 

We also reviewed standards for internal control to identify effective 
management practices for providing oversight, and we compared the 
standards with OPM's management practices for overseeing carriers' 
fraud and abuse programs.[Footnote 6] 

To describe the OPM contracting office's approach to measuring the 
effectiveness of FEHBP carriers' fraud and abuse programs, we reviewed 
fraud and abuse program information and data that OPM collects from 
carriers and interviewed officials from OPM's contracting office and 
its OIG. We also interviewed officials from the Department of Health 
and Human Services who are involved with the Health Care Fraud and 
Abuse Control Program, a federal program to enhance coordination among 
federal, state, and local programs related to health care fraud and 
abuse.[Footnote 7] To obtain further background information on the 
issues involved in measuring the effectiveness of antifraud efforts, 
we conducted interviews with three entities we selected judgmentally 
on the basis of relevant expertise: the Blue Cross and Blue Shield 
Association, the National Health Care Anti-Fraud Association (NHCAA), 
and the National Association of Insurance Commissioners. In addition, 
we reviewed published and unpublished work, including ongoing GAO work 
on measures of the effectiveness of health care antifraud efforts, the 
strengths and weaknesses of measures related to antifraud efforts, and 
challenges to assessing the effectiveness of antifraud efforts. 

We conducted this performance audit from February 2013 to November 
2013 in accordance with generally accepted government auditing 
standards. Those standards require that we plan and perform the audit 
to obtain sufficient, appropriate evidence to provide a reasonable 
basis for our findings and conclusions based on our audit objectives. 
We believe that the evidence obtained provides a reasonable basis for 
our findings and conclusions based on our audit objectives. 

Background: 

The FEHBP: 

The FEHBP is the largest employer-sponsored health insurance program 
in the country. In 2012, it provided $42.6 billion in health care 
benefits to about 8 million individuals.[Footnote 8] OPM contracts 
with carriers to provide this coverage. Carriers offer plans in which 
eligible individuals may enroll to receive health care 
coverage.[Footnote 9] For the 2012 plan year, FEHBP options included 
10 fee-for-service plans that were available nationwide, 4 plans 
available only to employees of certain federal agencies (e.g., the 
Foreign Service), 164 plans offered by health maintenance 
organizations that were available in certain regions (but not the 
entire country), 15 high-deductible plans, and 13 consumer-driven 
plans.[Footnote 10] Most enrollees could choose from about 6 to 15 
plans. The majority of FEHBP policyholders--more than 60 percent--were 
in plans offered by the Blue Cross and Blue Shield Association. 
[Footnote 11] The next largest carriers or groups of carriers in terms 
of FEHBP enrollment were GEHA and Kaiser Permanente, each with between 
5 percent and 10 percent of FEHBP policyholders.[Footnote 12] 

Premiums and Financing: 

Through their contributions toward premiums, the federal government 
and enrollees bear a portion of the cost of FEHBP fraud and abuse 
programs. Generally, as set by statute, the government pays 72 percent 
of the average premium across all FEHBP plans, but no more than 75 
percent of any particular plan's premium.[Footnote 13] Enrollees pay 
the balance. Premiums are intended to cover enrollees' health care 
costs, plans' administrative expenses (including expenses associated 
with fraud and abuse programs), reserve accounts specified by law, 
plan profits, and OPM's administrative costs. OPM negotiates plan 
premiums with carriers and establishes premiums in one of two ways: 

* Experience-rated carriers set their premiums based on their 
experience, that is, their actual costs of providing health care 
services and the costs of administrative services. Experience-rated 
carriers may offer fee-for-service plans or they may be local health 
maintenance organizations. Of the $42.6 billion in expenses incurred 
by the FEHBP in 2012, the majority--84 percent--was for the benefits 
and administrative expenses of experience-rated carriers. 

* Community-rated carriers are generally health maintenance 
organizations that set their FEHBP premiums based on a documented 
methodology that is applied to other groups of insured individuals in 
the same geographic community. These carriers receive fixed payments--
the premiums--for each enrollee, rather than receiving payments for 
services rendered. Administrative costs are included in the payment 
rate. In fiscal year 2012, the FEHBP paid $6.7 billion to community-
rated carriers. 

Carriers' costs for fraud and abuse programs are included with other 
administrative costs (for experience-rated carriers) or within the 
fixed payments (for community-rated carriers). As a result, the 
amounts that carriers spend to prevent, detect, or correct fraud and 
abuse are not clearly identifiable. 

OPM is required to administer contingency reserve funds for FEHBP 
carriers, which can help avoid major fluctuations in the FEHBP 
premiums from year to year. OPM administers a contingency reserve fund 
in the U.S. Treasury for each FEHBP plan, and unexpended contingency 
reserves are carried forward. Experience-rated carriers may draw upon 
their individual contingency reserve funds if claims are larger than 
anticipated, or, if the balance is large enough, to avoid or reduce a 
premium increase for the following year.[Footnote 14] For community-
rated carriers, OPM may negotiate an adjustment to the plan's rates 
under certain circumstances and use the contingency funds to pay for 
the adjustment. For example, if the community rate changes between the 
time the carrier estimated its rates (generally in spring) and the 
time that coverage through the plan became effective (the following 
January), OPM negotiates an adjustment.[Footnote 15] 

OPM can adjust carriers' profits based on performance, including the 
performance of fraud and abuse programs, using mechanisms that differ 
by the type of plan. There is no minimum profit. For experience-rated 
carriers, OPM negotiates the plan's profit rate by determining a 
service charge using a process outlined in regulation that takes the 
plan's performance into consideration.[Footnote 16] The service charge 
(or profit) for experience-rated carriers may not exceed 1.1 percent 
of the plan's projected claims and administrative fees. For community-
rated carriers, profits reflect the difference between the premiums 
and the actual costs. Because they are not capped at a percentage of 
projected costs, profits for community-rated carriers may be greater 
than profits for experience-rated carriers.[Footnote 17] Regulations 
specify a process for OPM to consider a community-rated plan's 
performance and assess a penalty of up to 1 percent of the total 
premium payment.[Footnote 18] These penalties, which reduce the 
carrier's profits, may be assessed for noncompliance with contract 
requirements, including fraud and abuse program requirements. (Service 
charges apply only to experience-rated plans, while penalties apply 
only to community-rated ones.) 

Fraud and abuse in FEHBP plans affect the government, enrollees, and 
carriers because fraud and abuse can add to premium costs, reduce 
program reserves, or both.[Footnote 19] In general, however, carriers 
have an incentive to minimize fraud and abuse because raising premiums 
may make their plans less appealing to potential enrollees than plans 
offered by FEHBP carriers that have less fraud and abuse. Community-
rated carriers, which receive fixed payments for each enrollee rather 
than payments for services rendered, have an additional financial 
incentive to establish effective fraud and abuse programs because they 
can keep any savings above and beyond the cost of establishing and 
maintaining the programs. 

All carriers are susceptible to fraud and abuse, although the specific 
vulnerabilities vary by the type of carrier. Experience-rated carriers 
that offer fee-for-service plans are at particular risk for forms of 
fraud or abuse associated with excess payments for care, for example, 
through billing for services that are not medically necessary. 
Community-rated carriers, which receive fixed payments for each 
enrollee rather than payments for services rendered, are at particular 
risk for forms of fraud or abuse that reduce the costs of providing 
care, for example, through inappropriate dilution of medications. 

OPM's Offices with Responsibilities Involving Fraud and Abuse within 
the FEHBP: 

Two offices within OPM have key responsibilities involving fraud and 
abuse within the FEHBP. 

* The Healthcare & Insurance--Federal Employee Insurance Operations 
office, the contracting office, is responsible for administering the 
FEHBP, contracting with carriers, and overseeing carriers' compliance. 
Oversight of carriers' compliance with requirements and guidance 
related to fraud and abuse is part of the broader responsibility to 
ensure compliance. According to OPM officials, 7 contract officers, 16 
contract specialists, and 7 audit resolution staff within the 
contracting office have general and discrete oversight 
responsibilities, in addition to staff in the office's supporting 
branches (such as those providing program analyses and systems 
support). 

* The OIG has responsibilities that involve two aspects of FEHBP fraud 
and abuse efforts. First, as a law enforcement agency, the OIG's 
Office of Investigations may investigate potential fraud and abuse 
within the FEHBP. (Appendix I provides information on carrier and OIG 
fraud and abuse reporting requirements.) Second, as an oversight 
entity, the OIG's Office of Audits conducts audits of FEHBP carriers. 
OIG officials told us that until recently the OIG's audits of FEHBP 
carriers generally focused on audits of carriers' claims and payments 
and not on the extent to which the plans comply with fraud and abuse 
program requirements. The OIG has begun including an in-depth 
examination of a carrier's fraud and abuse program in some of its 
audits.[Footnote 20] These audits have included reviews of policies 
and procedures and reviews of files to determine whether potential 
fraud and abuse cases were reported as required. After conducting in-
depth audits of the fraud and abuse programs of three of the larger 
FEHBP experience-rated carriers, the OIG questioned their 
effectiveness, in part because the programs' outcomes, in terms of the 
prosecution of fraud cases and recovery of defrauded funds, were 
minimal.[Footnote 21] The OIG's findings from these audits included 
instances of failure to provide required notice of potential fraud or 
abuse, failure to report the amount of all recoveries of defrauded 
funds, and failure to include all relevant expenseswhen reporting the 
cost of anti-fraud activities.


OPM's Requirements and Guidance for FEHBP Carriers' Fraud and Abuse 
Programs: 

OPM requires FEHBP carriers to establish programs to prevent, detect, 
and eliminate fraud and abuse.[Footnote 22] FEHBP contracts contain 
minimum requirements for fraud and abuse programs; according to 
officials from OPM's contracting office, these requirements 
accommodate differences in carrier characteristics and so allow 
flexibility in fraud and abuse program implementation. Each carrier is 
required by contract to: 

* conduct a program to assess vulnerability to fraud and abuse; 

* operate a system designed to detect, eliminate, and follow up on 
fraud and abuse; 

* submit a report on fraud and abuse by March 31 of each year; 

* demonstrate that a statistically valid sampling technique is used 
routinely to compare FEHBP claims against the carrier's quality 
assurance standards and its fraud and abuse prevention standards; 

* maintain records of fraud prevention activities; 

* implement any corrective actions ordered by an OPM contracting 
officer to correct a deficiency in its fraud prevention program; 

* provide timely notification to the OIG of credible evidence of a 
violation of federal criminal law involving fraud found in Title 18 of 
the U. S. Code by a principal, employee, agent, or subcontractor; and: 

* provide timely notification to the contracting officer of any 
significant event, including fraud, that might reasonably be expected 
to have a material effect on the carrier's ability to meet its 
obligations.[Footnote 23] 

OPM also uses letters to carriers to issue requirements and guidance. 
[Footnote 24] For example, one carrier letter imposes requirements for 
reporting potential fraud and abuse when a carrier has a reasonable 
suspicion that fraud against the FEHBP has occurred or is occurring. 
[Footnote 24] (As indicated above, appendix I provides more 
information on carrier and OIG fraud and abuse reporting 
requirements.) Another carrier letter presented guidance on certain 
nonrequired standards for fraud and abuse programs. Specifically, OPM 
identified a set of eight industry standards for fraud and abuse 
programs (see text box), and in 2003, it issued a letter to carriers 
indicating that it would like carriers to implement these 
standards.[Footnote 26] 

OPM’s List of Industry Standards for Fraud and Abuse Programs: 

* Anti-fraud policy statement: Publish a policy statement providing 
the corporate strategy for addressing fraud and abuse and make this 
policy statement available to employees, enrollees, providers, and 
subcontractors. 

* Written plan and procedures: Establish written policies and 
procedures to be followed by all personnel for deterrence and 
detection of fraud. 

* Formal training: Conduct fraud awareness training for all employees, 
underwriting departments, and subcontractors. 

* Fraud hotlines: Establish hotlines for reporting allegations of 
fraud both internally and externally. Hotlines should be available to 
employees, enrollees, providers, and others. Carriers are to prohibit 
retaliation against whistleblowers. 

* Education: Inform enrollees about fraudulent and abusive practices 
using newsletters, web sites, or other means. 

* Technology: Use fraud protection software to analyze claims data, 
including both prospective claim-by-claim evaluations and 
retrospective analysis of claim trends from either providers or 
members. 

* Security: Put safeguards in place to protect information about 
claims, members, or providers from unauthorized use or access. 

* Patient safety: Address any patient safety issues that arise through 
fraud or abuse. 

OPM's Contracting Office Monitors Compliance with Fraud and Abuse 
Program Requirements and Guidance by Reviewing Information and 
Conducting Site Visits: 

OPM's contracting office staff conduct several activities to monitor 
carriers' compliance with fraud and abuse program requirements and 
agency guidance, including reviewing carriers' annual reports to OPM's 
contracting office, conducting site visits, reviewing and resolving 
OIG audit findings, and reviewing disputed claims and enrollee 
complaints. Contract officers use the information from these efforts 
to oversee carriers and to determine carriers' service charges and 
penalties. 

Reviews of Annual Reports Submitted to OPM's Contracting Office: 

Officials from OPM's contracting office told us that contracting 
office staff assess carriers' compliance with fraud and abuse program 
requirements and guidance, and monitor carriers' performance by 
reviewing annual reports from carriers.[Footnote 27] 

* In one routinely submitted report, the carrier describes its fraud 
and abuse program, including operational information; organizational 
structure; certain budget and cost allocation information; and 
performance indicators, such as how the carrier measures the 
performance of its antifraud efforts. Officials from OPM's contracting 
office told us that they review this report and assess the information 
contained in the report against fraud and abuse program requirements 
to determine the extent to which carriers met, and were thus in 
compliance with, requirements. For example, OPM contracting office 
staff assess the reported information, such as the criteria the 
carrier uses for notifying the OIG of a potential fraud case, against 
OPM's requirements for reporting cases of potential fraud to the OIG. 

* A second report, specifically required by contract, provides 
additional information about the carrier's fraud and abuse program and 
the carrier's fraud and abuse activities and outcomes involving the 
FEHBP during the year.[Footnote 28] The report contains a checklist 
showing which of the nonrequired fraud and abuse industry standards 
the carrier and any subcontractors implemented. Officials from OPM's 
contracting office told us that they assess this information against 
the fraud and abuse program guidance to determine the extent to which 
carriers implemented the recommended standards and to follow up with 
those that have not implemented them. For example, according to 
officials from OPM's contracting office, a contracting officer 
contacts a carrier whose report indicates that it did not implement 
one of the components of a fraud and abuse program, such as having an 
antifraud policy statement. In following up with the carrier, the 
contracting officer indicates that OPM expects the carrier to 
implement the component and may conduct a site visit, request an OIG 
audit, or meet with the carrier to review evidence to confirm that the 
carrier has come into compliance with OPM's expectation. 

Our review of a summary of carriers' reports containing their 
responses to the industry standards checklist for 2012 indicated that 
most carriers submitted the report as required and their responses 
indicated compliance with fraud and abuse program guidance. Officials 
from OPM's contracting office told us that, as part of their 
oversight, contracting officers follow up with carriers whose reports 
suggest possible noncompliance for the purpose of bringing them into 
compliance. However, OPM contracting office staff did not follow up 
with carriers that had not submitted their reports or whose reports 
indicated program deficiencies until July 2013, after we inquired 
about these carriers' reports. Specifically, although 5 carriers did 
not submit reports by March 31, as required by contract, OPM 
contracting office staff did not begin following up with 4 of these 
carriers until July 2013, in response to our inquiry about OPM's 
follow-up actions to obtain these reports. Based on 2011 enrollment 
data, we estimate that these carriers together accounted for about 0.1 
percent of FEHBP enrollees. Most carriers submitted timely reports 
indicating that either they or a subcontractor had implemented the 
recommended, nonrequired industry standards for fraud and abuse 
programs. However, 7 carriers submitted reports indicating that 
neither they nor a subcontractor had implemented one or more of those 
standards. For example, 2 of the 7 carriers indicated that neither 
they nor a subcontractor had implemented a strategy for educating 
enrollees about fraudulent and abusive practices and 1 of these 
carriers had not published an antifraud policy statement or conducted 
formal fraud awareness training with all its employees. Based on 2011 
enrollment data, we estimate that these 7 carriers together accounted 
for 0.8 percent of FEHBP enrollees. OPM contracting staff did not 
begin following up with these carriers until July 2013, after our 
inquiry, and as of August 2013 were still following up with 1 of these 
carriers. 

Site Visits of Carriers: 

OPM contracting office staff also assess carriers' compliance with 
fraud and abuse program requirements and guidance during periodic site 
visits. In contrast to the reviews of annual reports, which are 
performed remotely, site visits provide an opportunity for contracting 
office staff to collect, inspect, and follow up on fraud and abuse 
program information on-site.[Footnote 29] During site visits, OPM 
contracting office staff review carriers' fraud and abuse program 
documents and information systems, conduct face-to-face meetings with 
carrier staff, and evaluate the extent to which the carrier's program 
meets fraud and abuse program requirements and guidance. For example, 
during a site visit, OPM contracting office staff may review the 
carrier's program and system for fraud prevention and detection, 
staffing, fraud awareness training, and examples of fraud and abuse 
program activities. As a result of their review, contracting office 
staff may recommend areas for improvement or note best practices. 
[Footnote 30] 

OPM contracting office staff conducted site visits that covered 96 
carriers' plans from 2008 through 2012 using a risk-based site 
selection strategy that included carrier type, enrollment, and special 
circumstances.[Footnote 31] Officials from OPM's contracting office 
told us that although contracting officers select experience-rated 
carriers for site visits every 3 to 5 years, they may also select any 
experience-rated carrier for a site visit if the carrier experiences 
consistent or urgent problems. According to officials from OPM's 
contracting office, in 2012, the 20 experience-rated carriers selected 
for site visits accounted for 69 percent of FEHBP enrollment.[Footnote 
32] In addition, the officials told us that OPM contracting office 
staff select community-rated carriers, which generally have smaller 
enrollments, for site visits at their discretion and as OPM resources 
allow.[Footnote 33] In 2012, the 7 community-rated carriers selected 
for site visits accounted for 0.55 percent of FEHBP enrollment, 
according to OPM contracting office officials. 

Review and Resolution of OIG Audit Findings: 

OPM contracting office staff review and resolve OIG audit findings as 
part of their oversight of carriers' fraud and abuse programs. In 
comparison to reviews of annual reports of carriers' self-reported 
compliance by OPM contracting office staff, OIG audit findings 
identify areas of noncompliance through an independent, on-site 
evaluation. Although site visits by both OPM contracting office staff 
and the OIG assess carrier compliance, only OIG audits assess the 
extent to which requirements and guidance have been implemented as the 
agency intended, according to OPM contracting office and OIG 
officials. OIG audits may also result in recommendations to OPM 
contracting officers to oversee carriers' implementation of corrective 
actions intended to bring carriers into compliance. OPM contracting 
office staff provide input to the OIG on planned audits as part of the 
OIG's risk-based audit selection strategy and may also request that 
the OIG conduct a special audit on an area of concern. For example, 
OPM contracting staff asked the OIG to assess one carrier's internal 
controls for preventing and detecting illegal practices and made a 
request for a special audit to ensure one carrier's compliance with 
contractual requirements. In June 2013, OIG officials told us that 
they had conducted eight audits that included findings related 
specifically to a carrier's compliance with fraud and abuse program 
requirements.[Footnote 34] 

OPM contracting office staff address audit recommendations by 
overseeing carriers' implementation of corrective action(s) in 
response to audit findings. To do so, contracting office staff review 
OIG audit findings and carriers' responses to audit findings, 
including corrective actions and documentation supporting their 
implementation. For example, in one audit we reviewed, the OIG 
recommended that an OPM contracting officer verify that a carrier 
implements current policies and procedures regarding communication of 
information about potential fraud and abuse and develops and 
implements criteria for follow-up actions on reported cases of 
potential fraud or abuse. Officials from OPM's contracting office told 
us that the carrier provided extensive documentation of its corrective 
actions in response to audit findings. The officials also reported 
that OPM contracting office staff are working with other carriers to 
address findings from recent audits and close the resulting 
recommendations. 

In addition to oversight of individual carriers, officials from OPM's 
contracting office told us that audit findings and recommendations 
help them identify fraud and abuse program areas to focus on more 
broadly. For example, OPM contracting office staff identified 
carriers' sharing of information about potential fraud and abuse as an 
area of concern after audit findings indicated that certain carriers 
were not communicating information about their fraud and abuse program 
activities as required. As a result, officials from OPM's contracting 
office told us that they are reviewing documents from the OIG related 
to reporting and are in the process of working to determine whether 
the current reporting requirements are sufficient. As of August 2013, 
officials did not have a timeline for completion of this activity. 

Reviews of Disputed Claims and Enrollee Complaints: 

OPM contracting office staff review disputed claims and enrollee 
complaints to identify indicators of potential fraud or abuse, among 
other things.[Footnote 35] Officials told us that contracting 
officers' reviews of disputed claims may reveal suspicious patterns of 
drug utilization, multiple complaints involving a single provider, or 
other indicators of potential fraud or abuse.[Footnote 36] In addition 
to reviews of enrollees' disputed claims, OPM contracting office staff 
review enrollees' complaints about other aspects of the FEHBP, which 
could also indicate potential fraud or abuse, and they intervene as 
necessary. For example, in response to an FEHBP enrollee's complaint 
regarding a carrier's request for sensitive information, OPM 
contracting office staff examined and confirmed the legitimacy of the 
request. 

OPM Contracting Office Staff Use Information from Monitoring 
Activities When Determining Carriers' Service Charges or Penalties: 

OPM's contracting office staff use information from their monitoring 
activities--including their reviews of carriers' annual reports, site 
visits, reviews of OIG audit findings, and reviews of disputed claims 
and enrollee complaints--when they determine carriers' service charges 
or penalties. Officials from OPM's contracting office told us that 
service charges or penalties may be adjusted to reflect noncompliance 
with fraud and abuse program requirements. For experience-rated 
carriers, up to 45 percent of the service charge is based on 
contractor performance, which includes failure to comply with 
contractual requirements. For community-rated carriers, 30 percent of 
the penalty determination is based on compliance with contractual 
requirements, with about half of that based on the timeliness of 
report submissions, including submissions of fraud and abuse reports. 
Officials from OPM's contracting office provided us with several 
examples of their use of information from their monitoring activities 
when determining service charges: 

* OPM contracting office staff used an experience-rated carrier's 
failure to meet site visit scheduling, goals, and turn-around time as 
a negative factor and the carrier's reduction in the total number of 
disputed claims submitted to OPM as a positive factor when determining 
the carrier's 2012 service charge. 

* OPM contracting office staff used the OIG's audit findings that a 
carrier was not in compliance with fraud and abuse reporting 
requirements as a negative factor when determining the service charge 
for that carrier in 2013. 

OPM Contracting Office Staff Review Fraud and Abuse Program Outcomes, 
but Several Factors Contribute to the Challenge of Assessing Program 
Effectiveness: 

OPM contracting office staff review certain outcomes of carriers' 
fraud and abuse programs, but program outcomes do not provide complete 
information about program effectiveness. Instead, the program outcomes 
that OPM contracting office staff review provide partial information 
about carriers' fraud and abuse programs and may be useful for 
reporting program accomplishments.[Footnote 37] For example, in 2011, 
carriers reported that the outcomes of their fraud and abuse programs 
included 29 criminal convictions and more than $23 million in 
recoveries to FEHBP.[Footnote 38] However, program outcomes do not 
measure the success of strategies intended to prevent or minimize 
fraud and abuse such as systems for preauthorization or 
precertification. OPM officials reported that although they are 
concerned about program outcomes that reflect the past, they place 
emphasis on ensuring that carriers have preventive antifraud 
strategies, such as prepayment controls (including system edits, 
preauthorizations, and precertifications), in place to prevent future 
occurrences of fraud and abuse. OPM contracting office staff also 
collect information about how carriers assess their antifraud 
activities, in part to determine whether carriers routinely assess 
their own antifraud programs. 

OPM contracting office staff reported that they have not adopted 
specific measures of program effectiveness for FEHBP fraud and abuse 
programs because they have not identified an appropriate way to 
measure the effectiveness of antifraud programs. Several factors 
contribute to difficulties in developing a measure of the 
effectiveness for health care antifraud programs. These factors 
include the following: 

* A lack of information about the baseline amount of fraud and abuse 
in health care. We have previously reported that there is no reliable 
baseline estimate of the amount of health care fraud in the United 
States.[Footnote 39] Similarly, officials from OPM's contracting 
office told us that they cannot estimate the amount of fraud within 
FEHBP. A baseline estimate could provide an understanding of the 
extent of fraud and, with additional information on fraud and abuse 
program activities, could help to clarify the effectiveness of 
antifraud program activities. 

* The difficulty of establishing a causal link between antifraud 
activities and the amount of health care fraud or abuse. Although the 
efforts of federal agencies and nongovernment entities may help to 
reduce health care fraud, it is difficult to isolate the effect of any 
individual action or to clearly establish that any change in the 
amount of fraud was due to any specific cause. Thus, for example, a 
carrier's implementation of a specific fraud detection strategy may 
deter certain types of fraud, but a reduction in those types of fraud 
could also have been due to other causes, such as changes in laws or 
in prosecutorial practice. 

* The difficulty of measuring the effect of efforts to prevent or 
deter fraud and abuse. Officials from OPM's contracting office 
reported that they believe that FEHBP fraud and abuse program 
requirements and their oversight of these programs have helped to 
limit the amount of fraud in FEHBP. Officials and industry experts 
said, however, that it is difficult to measure how much fraud or abuse 
is deterred or prevented.[Footnote 40] For example, FEHBP carriers may 
place restrictions on their provider networks to prevent individuals 
who are intent on fraud from enrolling as providers, but it is 
difficult to measure the amount of fraud or abuse that was prevented 
as a result of such restrictions.[Footnote 41] 

Despite the challenges involved in assessing the effectiveness of 
antifraud activities, OPM officials acknowledged the importance of 
ensuring the prevention, detection, and correction of fraud and abuse 
within the FEHBP. Others in the health care sector also acknowledge 
the importance of measuring the effectiveness of antifraud activities 
and are working to develop appropriate measures. For example, CMS 
recently began an effort to estimate probable fraud involving specific 
home health care services in Medicare that could provide information 
on the extent of fraud that currently exists and, in coming years, how 
it has changed over time. Establishing a baseline may make it feasible 
to study how antifraud activities affect the level of home health care 
fraud. In addition, OPM told us that they are continuing to monitor 
public and private sector efforts to develop measures of the 
effectiveness of antifraud activities. If reliable and valid measures 
of the effectiveness of antifraud programs are identified, it will be 
important for OPM to determine whether those measures are appropriate 
for the FEHBP. 

Agency Comments: 

OPM and the OPM OIG reviewed a draft of this report and provided 
technical comments, which we incorporated as appropriate. 

As agreed with your office, unless you publicly announce the contents 
of this report earlier, we plan no further distribution until 30 days 
from the report date. At that time, we will send copies of this report 
to the Acting Director of OPM, appropriate congressional committees, 
and other interested parties. The report also will be available at no 
charge on the GAO website at [hyperlink, http://www.gao.gov]. 

If you or your staffs have any questions about this report, please 
contact me at (202) 512-7114 or kingk@gao.gov. Contact points for our 
Offices of Congressional Relations and Public Affairs may be found on 
the last page of this report. GAO staff who made major contributions 
to this report are listed in appendix II. 

Signed by: 

Kathleen M. King: 
Director, Health Care: 

[End of section] 

Appendix I: Requirements for Carriers and OPM to Report Information 
about Potential Fraud and Abuse: 

There are requirements and procedures for reporting potential fraud 
and abuse that apply to both the carriers that offer health care plans 
through the Federal Employees Health Benefits Program (FEHBP) and the 
Office of Personnel Management (OPM). These requirements and 
procedures include communication between the carriers and OPM as well 
as communication with law enforcement agencies and others, such as 
Congress. 

Requirements and Procedures for Reporting by Carriers: 

Carriers are required to report to both OPM's Office of the Inspector 
General (OIG) and OPM's Healthcare & Insurance--Federal Employee 
Insurance Operations office, which we refer to as the contracting 
office. 

Reporting to the OIG: 

Carriers are required to report potential fraud and abuse to the OIG. 
[Footnote 41] According to a letter OPM sent to carriers in 2011, 
carriers are required to provide written notice to the OIG within 30 
working days of becoming aware of possible fraud or abuse.[Footnote 
42] Carriers are to notify the OIG regardless of the amount of money 
involved and without waiting to determine whether there is sufficient 
evidence to substantiate the allegation. The notice is generally to 
include information about the identity of the suspected health care 
provider(s) or enrollee(s) and a brief description of the allegation, 
among other things. The notice may request that the OIG monitor a case 
being developed in preparation for a pending referral, or it may 
request that the OIG decline the case so that the carrier may 
participate in a class action lawsuit.[Footnote 43] According to OIG 
officials, the notice may also include a referral to the OIG (i.e., a 
request that the OIG evaluate the case). 

As shown in figure 1, the carrier's reporting requirements after 
providing initial notice of potential fraud or abuse depend on the 
OIG's response: 

* If the OIG decided to monitor the case and asked the carrier to 
continue its investigation, then the carrier is to provide the OIG 
with written status updates when it has additional information to 
substantiate or refute the allegation. 

* If the OIG declined the case, the carrier may proceed with its 
investigation without further contact with the OIG unless (1) the 
carrier develops significant new information and believes that the OIG 
should reconsider; (2) the case is accepted for investigation by one 
or more other federal, state, or local law enforcement agencies; or 
(3) the case is accepted for prosecution at the federal level, such as 
by a U.S. Attorney's Office or by the Department of Justice. If any of 
these events occurs, the carrier is to provide the OIG with a written 
status update. 

* If the OIG requested a referral, the carrier is to submit the 
referral within 120 days or to provide monthly status updates starting 
on day 121.[Footnote 44] 

Upon request, all carriers must furnish the OIG with FEHBP claims 
information and supporting documentation relevant to open criminal, 
civil, or administrative investigations and, absent extenuating 
circumstances, must do so within 30 calendar days. The carrier may 
refer the case to the OIG at any time and does not need a request from 
the OIG to do so. 

Figure 1: Requirements for Carriers to Report Potential Fraud or Abuse 
to OPM's Office of the Inspector General (OIG): 

[Refer to PDF for image: process illustration] 

1. Carrier becomes aware of possible fraud or abuse within the Federal 
Employees Health Benefits Program (FEHBP). 

2. Carrier provides written notice of potential fraud or abuse to the 
OIG within 30 working days (and may request that the OIG monitor or 
decline the case).[A] The carrier may continue to develop information 
about the case and may refer it to the OIG at any time.[B] 

3. The OIG provides a written response to the carrier within 30 
calendar days of receipt of information from the carrier. The OIG 
may[C]: 

* Monitor the case, with a request that the carrier continue to 
investigate. Carrier submits a status updatee when it has additional 
information to substantiate or refute the allegation. Return to #3. 

* Decline the case. Carrier proceeds with its investigation without 
further contact with the OIG: 
- Trigger event occurs[F]; (If no trigger event[F] occurs, the carrier 
proceeds with its investigation without further contact with the OIG.) 
Carrier submits a status update to the OIG. Return to #3. 

* Request a referral[D]: 
- Carrier submits a written referral within 120 days; 
- Carrier begins submitting monthly status updates[E] on day 121. 
Return to #3. 

Source: GAO analysis of information from OPM. 

[A] The carrier may request that the OIG decline a case so that the 
carrier may participate in a class action lawsuit. According to OIG 
officials, their response to such a request would involve 
consideration of whether the case is already being addressed through 
other avenues, whether it is likely to meet the threshold for criminal 
or civil prosecution, and whether the FEHBP might be better served by 
allowing the carrier to enter into a class action lawsuit, thereby 
potentially recovering monetary damages. Carriers are also to report 
suspected waste. 

[B] Upon request, all carriers must furnish the OIG with FEHBP claims 
information and supporting documentation relevant to open criminal, 
civil, or administrative investigations and, absent extenuating 
circumstances, must do so within 30 calendar days. 

[C] In addition to providing a response to the notifying carrier, the 
OIG may share information with other potentially affected carriers. 
The OIG also has the option of taking action based on the notice 
provided by the carrier. According to OIG officials, they may begin to 
develop information about the allegation or coordinate with another 
law enforcement entity without waiting for further information from 
the carrier. 

[D] According to OIG officials, a referral is a request to evaluate 
the case. The OIG has the authority to pursue any allegations that 
involve the FEHBP and does not need a referral from a carrier to do 
so. Carriers may submit a referral without a prior request from the 
OIG. 

[E] Carriers are to submit a status update when (1) the carrier 
develops significant new information that it believes would aid the 
OIG in determining whether to request a referral or decline the case; 
(2) the carrier determines that the allegations have no merit or that 
no false or fraudulent activity took place as alleged; (3) the OIG 
requests a status update; (4) the carrier closes its investigation or 
inquiry; or (5) the carrier wishes to proceed with administrative debt 
collection, recovery, or settlement of an FEHBP overpayment. 

[F] The trigger event could be: (1) the carrier develops new 
information and believes OIG should reconsider; (2) the case is 
accepted for investigation by another federal, state and/or local law 
enforcement agency; or (3) the case is accepted for prosecution at the 
federal level, such as by a U.S. Attorney's Office or by the 
Department of Justice. 

[End of figure] 

Carriers are to submit status updates, which summarize new 
information, to the OIG when: 

* the carrier develops significant new information that the carrier 
believes would aid the OIG in determining whether to request a 
referral or decline the case; 

* the carrier determines that the allegation had no merit or that no 
false or fraudulent activity took place as alleged; 

* the carrier closes its inquiry; 

* the carrier wishes to proceed with administrative debt collection, 
recovery, or settlement of an FEHBP overpayment; or: 

* the OIG requests a status update. 

When the carrier refers the case to the OIG (whether the referral was 
solicited by the OIG or not), the referral is to be in writing and to 
include (among other things) information about the identity of the 
suspected health care provider(s) or enrollee(s); a comprehensive 
description of the suspected fraud or abuse; and copies of any 
analyses, documents, or other information the carrier has that is 
relevant to the allegation. 

Reporting to the Contracting Office: 

Each carrier files two annual reports with the OPM contracting office; 
these reports provide information about the carrier's fraud and abuse 
program and summarize relevant activities. 

* In one report, the carrier is to respond to a questionnaire that 
OPM's contracting office staff use to obtain information about the 
carrier's procedures for reporting potential fraud, including its 
criteria for notifying law enforcement agencies and the OIG of 
potential fraud and how it manages referrals from hotlines, law 
enforcement agencies, and others. (This annual report also covers 
other aspects of the carrier's fraud and abuse program--its 
organization, certain budget information, performance indicators, and 
other operational information). 

* A second report provides additional information about the fraud and 
abuse program and covers the carrier's fraud and abuse activities and 
outcomes involving the FEHBP during the year--the number of cases it 
opened, dollars recovered, number of criminal convictions, and so 
forth.[Footnote 45] 

Requirements and Procedures for Reporting by OPM: 

OPM is required to provide information to the carriers that notified 
it of potential fraud or abuse and, depending on the case, may be 
required to report information to other law enforcement entities. In 
addition, OPM may share information about fraud or abuse with other 
carriers and antifraud entities. 

Reporting to Carriers That Notified the OIG of Potential Fraud or 
Abuse: 

When the OIG receives a carrier's notification of potential fraud or 
abuse, or when the OIG receives a status update about an instance of 
potential fraud and abuse from a carrier, the OIG is to respond in 
writing within 30 calendar days to inform the carrier of its level of 
interest in the case.[Footnote 46] Specifically, the OIG may (1) 
monitor the case, asking the carrier to continue investigating and 
provide status updates as appropriate, (2) decline the case, or (3) 
request a referral. (The OIG does not need a referral from a carrier 
to pursue a case; it has the authority to pursue any allegations of 
fraud or abuse that involve the FEHBP.) According to OIG officials, 
when reaching a decision about its response to the carrier, the OIG 
weighs information about patient safety; the type of fraud that is 
potentially at issue (e.g., whether it seems to involve a pattern of 
potentially fraudulent activity or not and whether it seems to be 
local or is potentially widespread); the evidence in support of the 
allegation; the dollar value of the alleged fraud or abuse; the 
resources that would likely be required to pursue the case; and 
whether a prosecutor is likely to pursue the case. 

Reporting to Other Law Enforcement Entities: 

Depending on the case, there may be requirements or procedures for the 
OIG to report information about potential fraud or abuse to other law 
enforcement entities, including the Federal Bureau of Investigation 
(FBI), U.S. Attorneys, or state or local prosecutors. According to the 
OIG's investigative manual, preliminary evaluation of information 
regarding potential health care fraud involves determining whether 
there is enough risk of patient harm or enough risk of financial 
exposure to continue investigating the allegation.[Footnote 47] The 
OIG may also initiate a preliminary inquiry proactively, for example, 
when its review of information about a program yields information that 
suggests potential fraud or abuse. If a preliminary inquiry indicates 
credible evidence that a criminal, civil, or administrative violation 
may have occurred, the OIG decides whether to initiate an 
investigation, refer the allegation to another law enforcement agency, 
or seek to conduct a joint investigation with another law enforcement 
agency. 

The OIG may refer the allegation to another law enforcement agency 
when (1) the subject matter is by law investigated by another agency; 
(2) the allegation does not involve OPM employees, contractors, 
programs, or property; (3) the allegation involves OPM indirectly, 
while having a major impact on another agency; or (4) the allegation 
involves a threat to the safety of a high government 
official.[Footnote 48] According to the OIG's investigative manual, 
these referrals are to include a presentation of the complaint or 
allegation and any facts developed by the OIG.[Footnote 49] 

* Reporting to the FBI. According to the OIG's investigative manual, 
the OIG is to refer a case to the FBI when appropriate. In addition, 
if the OIG determines that there is sufficiently credible evidence to 
convert a preliminary inquiry into a criminal investigation, guidance 
from the Office of the Attorney General specifies that the OIG is to 
notify the FBI within 30 days, absent exigent circumstances.[Footnote 
50] According to OIG officials, when reaching a decision about whether 
to convert a preliminary inquiry into a criminal investigation, the 
OIG weighs patient safety, the extent of likely FEHBP exposure, the 
extent to which the allegations appear to be supportable, and the 
likelihood of prosecution (either criminal or civil).[Footnote 51] 

* Reporting to U.S. Attorneys. According to the OIG's investigative 
manual, if the OIG determines that a case should be referred to a U.S. 
Attorney's Office, a formal presentation normally occurs after the OIG 
has completed its investigation. The OIG expects its agents to 
establish and maintain working relationships with U.S. Attorneys' 
Offices, and expects them to consult as soon as they have information 
that indicates that an investigation may corroborate an allegation. 
According to the OIG, early consultation allows the OIG to focus its 
investigative efforts on and support prosecutive potential. If early 
consultation results in acceptance of a case for prosecution, the OIG 
is to provide the prosecutor with a preliminary investigation report. 

* Reporting to state or local prosecutors. If a case is declined by 
U.S. Attorneys, the OIG may refer the case to state or local 
prosecutors. 

Reporting to Congress and Federal Agencies: 

Under the Inspector General Act of 1978, as amended, the OIG is 
required to report its activities and accomplishments (including those 
related to fraud and abuse) to Congress semiannually, and the agency 
is required to submit a response to each semiannual report.[Footnote 
52] The OIG may also prepare reports in response to requests from 
other federal agencies (including GAO) or from congressional 
committees or members. 

Communication with Carriers and Antifraud Entities: 

The OIG may notify multiple carriers of suspected fraud or abuse and 
may share information about potential fraud and abuse through 
participation in interagency health care fraud task forces or other 
fraud detection and prevention organizations. 

Consistent with the Health Insurance Portability and Accountability 
Act, which encourages coordination and information sharing between 
federal, state, and local law enforcement programs to control health 
care fraud and the sharing of related information with the private 
sector,[Footnote 53] OPM shares information with several antifraud 
entities: 

* The OIG participates as a law enforcement liaison to the National 
Health Care Anti-Fraud Association (NHCAA). According to OIG 
officials, the OIG works with the NHCAA and its members (which include 
many FEHBP carriers) on training, education, and sharing information 
about trends in health care fraud and participates in NHCAA-sponsored 
training and conferences, and the OIG liaison to the NHCAA 
participates on NHCAA committees and meets with the NHCAA on a regular 
basis. 

* The OIG organizes and operates an FEHBP Carrier Task Force that 
includes the OIG and representatives of the largest FEHBP carriers. 
According to OIG officials, this task force meets on a quarterly basis 
to share information about cases and fraud trends and to discuss 
emerging fraud-related issues. 

[End of section] 

Appendix II: GAO Contact and Staff Acknowledgments: 

GAO Contact: 

Kathleen M. King, (202) 512-7114 or kingk@gao.gov: 

Staff Acknowledgments: 

In addition to the contact named above, key contributors to this 
report were Kristi Peterson, Assistant Director; Kristen Joan 
Anderson; George Bogart; and Jennel Lockley. 

[End of section] 

Footnotes: 

[1] A carrier is generally defined as a voluntary association, 
corporation, partnership, or other nongovernmental organization 
engaged in providing, paying for, or reimbursing the cost of health 
services, in consideration of premiums or other periodic charges 
payable to the carrier. See 5 USC § 8901(7). 

[2] Eligible individuals include federal employees, retirees, and 
their dependents. 

[3] Fraud involves an intentional act of deception with knowledge that 
the action or representation could result in an inappropriate gain. 
Abuse involves an action that is inconsistent with acceptable business 
or medical practices. See, for example, GAO, Medicare and Medicaid 
Fraud, Waste, and Abuse: Effective Implementation of Recent Laws and 
Agency Actions Could Help Reduce Improper Payments, [hyperlink, 
http://www.gao.gov/products/GAO-11-409T] (Washington, D.C.: Mar. 9, 
2011). Among others consequences for those engaging in fraud or abuse 
while participating in the FEHBP, providers of health care services or 
supplies who engage in fraud or abuse may be subject to civil monetary 
penalties or barred from participating in the FEHBP. See 5 U.S.C. § 
8902a. 

[4] Fraud and abuse contribute to improper payments, which are 
payments that are made in an incorrect amount (overpayments or 
underpayments) or should not have been made at all. Although it is 
difficult to estimate the proportion attributable to fraud or abuse, 
OPM estimated that total improper payments for the FEHBP were $213 
million in fiscal year 2012. This amount represents an improper 
payment error rate of 0.50 percent in fiscal year 2012. Of the $213 
million, $155 million represents three settlements that covered 
offenses involving pharmaceutical fraud that occurred as far back as 
1999 and were reported in fiscal year 2012, when the recoveries were 
realized. 

[5] Office of Personnel Management, Office of the Inspector General, 
Semiannual Report to Congress, October 1, 2011 through March 31, 2012 
(Washington, D.C.: March 2012). The audits of the three largest FEHBP 
carriers summarized in this report were conducted in fiscal years 2010 
and 2011. Between fiscal years 2010 and 2013, the OIG told us that 
they conducted a total of 8 audits that reviewed the fraudand abuse 
programs of carriers. 

[6] The five standards for internal control are (1) the control 
environment; (2) risk assessment; (3) control activities, such as 
review of performance measures; (4) information and communications; 
and (5) monitoring. See GAO, Standards for Internal Control in the 
Federal Government, [hyperlink, 
http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.: 
Nov. 1, 1999). 

[7] The Health Insurance Portability and Accountability Act of 1996 
required the Department of Health and Human Services, acting through 
its Office of the Inspector General, and the Department of Justice to 
establish a federal Health Care Fraud and Abuse Control Program to, 
among other things, coordinate federal, state, and local programs to 
control fraud and abuse with respect to health plans and facilitate 
the enforcement of health care fraud and abuse laws. Pub. L. No. 104-
191, § 201, 110 Stat. 1936, 1992 (codified as amended at 42 U.S.C. § 
1320a-7c). 

[8] Administrative costs are included with health care benefits in the 
$42.6 billion. 

[9] Although they may differ in the specific benefits they provide, 
all FEHBP plans cover basic hospital, surgical, physician, emergency, 
and mental health care, as well as childhood immunizations and certain 
prescription drugs. 

[10] Consumer-driven plans include a range of options designed to give 
enrollees greater incentives to control the cost of either their 
health care benefits or their health care than other types of plans. 
Enrollees in these plans have greater freedom in spending health care 
dollars up to a designated amount, and they receive full coverage for 
in-network preventive care. In return, these enrollees assume 
significantly higher cost sharing expenses after using the designated 
amount. 

[11] The Blue Cross and Blue Shield Association is a group of carriers 
that includes both nonprofit national carriers that the association 
operates and nonprofit local carriers, which are typically organized 
at the state level. 

[12] Some carriers are subsidiaries of a parent organization, that is, 
a company that owns all or enough of the subsidiary to control its 
management. The parent organization may have multiple FEHBP carriers, 
forming a group of carriers. For example, Kaiser Permanente is a group 
of carriers--a parent organization with multiple FEHBP carriers. 

[13] See 5 U.S.C. § 8906(b). 

[14] OPM retains control over these funds and uses letters of credit 
to make funds available to experience-rated carriers as appropriate. 

[15] OPM uses a reconciliation process to determine the 
appropriateness of the payment rates for each community-rated plan and 
settles with the carrier accordingly. 

[16] See 48 CFR § 1615.4 (2012). 

[17] Community-rated carriers also risk greater loss than experience-
rated carriers. 

[18] See 48 CFR § 1609.71 (2012). The regulation uses the term 
"performance factor" to refer to a percentage factor that will be 
applied to the total premium when a community-rated carrier does not 
meet specified performance standards. We refer to this performance 
factor as a "penalty." 

[19] If a carrier's reserves are insufficient to cover its costs, 
including costs associated with fraud or abuse, the carrier must fund 
its losses. According to OPM officials, losses due to fraud and abuse 
would have to be substantial relative to legitimate costs for a 
carrier's reserves to prove insufficient. 

[20] Between fiscal years2010 and 2013, the OIG told us that they 
conducted 8 audits that reviewed the fraud and abuse programs of 
carriers. 

[21] See OPM OIG, Semiannual Report to Congress. 

[22] Prior GAO work determined that well-designed fraud and abuse 
programs include three crucial elements: (1) up-front preventive 
controls, (2) detection and monitoring, and (3) investigations and 
prosecutions. Upfront preventive controls can help screen out fraud, 
and are generally the most effective and efficient means to minimize 
fraud, waste, and abuse. Detection and monitoring, and aggressive 
prosecution of individuals committing fraud, while also crucial 
elements of an effective system, are generally less effective and cost 
more. See, for example, GAO, Individual Disaster Assistance Programs: 
Framework for Fraud Prevention, Detection, and Prosecution, 
[hyperlink, http://www.gao.gov/products/GAO-06-954T] (Washington, 
D.C.: July 12, 2006). 

Federal Acquisition Regulations require that each FEHB carrier must 
perform the contract in accordance with prudent business practices, 
which include use of legal and ethical business and health care 
practices; compliance with the terms of its FEHBP contract, 
regulations, and statutes; and establishment and maintenance of a 
system of internal controls that provides reasonable assurance that 
FEHBP funds, property, and other assets are safeguarded against waste, 
loss, unauthorized use, or misappropriation. See 48 CFR 1609.7001(b) 
(2012). 

[23] According to OPM contracting office officials, the basic 
contractual requirements listed here are the same for all carriers, 
although there may be some variation across plans based on prior 
corrective actions or plan benefits and services. (See sample FEHBP 
contracts on OPM's website at [hyperlink, 
http://www.opm.gov/healthcare-
insurance/healthcare/carriers/#url=Carrier-Application].)

[24] Federal Acquisition Regulations require that each FEHB carrier 
must perform the contract in accordance with prudent business 
practices, which include timely compliance with OPM instructions and 
directives. 48 C.F.R. § 1609.7001(b)(1), (c)(4). Therefore, carriers 
must comply with requirements contained in carrier letters. 

[25] OPM, FEHB Program Carrier Letter No. 2011-13 (Washington D.C.: 
June 17, 2011). 

[26] OPM, FEHB Program Carrier Letter No. 2003-23 (Washington D.C.: 
June 18, 2003). Guidance provides further detail to reflect OPM's 
expectations regarding carriers' fraud and abuse programs, but does 
not require carriers to act. An official from the contracting office 
told us that they expect to make implementation of these industry 
standards mandatory in the future; however, as of August 2013, they 
did not have a time frame for doing so. 

[27] Each carrier is specifically required by contract to submit a 
report on its fraud and abuse program to OPM by March 31 of each year. 
Under the carrier contract, OPM may require the submission of 
additional routine reports as necessary to carry out its authority to 
implement the FEHBP. 

[28] Carriers report their fraud and abuse program activities, such as 
the number of cases the carrier opened or initiated within the 
calendar year. As discussed elsewhere in this report, OPM contracting 
office staff review this information, but do not use it as an 
indicator of program performance. 

[29] Contracting office staff collect fraud and abuse program 
information prior to the site visit via a site visit questionnaire 
completed by the carrier in which the carrier describes and provides 
supporting documentation related to its fraud and abuse program. For 
example, carriers describe and provide documentation related to their 
antifraud guidelines. The site visit questionnaire covers much of the 
same information about fraud and abuse programs as the two required 
annual reports, but in somewhat greater detail. 

[30] OPM contracting office staff may also conduct site visits to help 
carriers investigate potential fraud and abuse. For example, in 
response to a carrier's concerns, OPM contracting officers conducted a 
site visit to confirm the legitimacy of claims submitted by a 
laboratory. 

[31] OPM contracting officers conducted site-visits covering 69 
experience-rated carriers' plans and 27 community-rated carriers' 
plans between 2008 and 2012. According to officials, each site visit 
was conducted by multiple contracting office staff generally over 1 or 
2 days at each location. 

[32] This percentage includes all enrollees in the plans' parent 
organizations and all FEHBP enrollees in Blue Cross and Blue Shield 
Association plans and may not reflect the enrollees in the particular 
plans that were visited. 

[33] According to contracting office officials, community-rated 
carriers submit a site visit questionnaire to OPM every year 
regardless of whether a site visit is performed; this site visit 
questionnaire is in addition to the two previously described annual 
reports. Officials from OPM's contracting office told us that 
contracting officers review the questionnaire and conduct a site visit 
or follow up if the responses indicate a need to do so. 

[34] The OIG conducted a total of 255 audits of all types between 
April 2008 and March 2013. 

[35] Contracting office staff also review disputed claims to ensure 
carriers' compliance with the process to be followed if an enrollee 
disagrees with a carrier's denial of a claim. As articulated in each 
carrier's plan brochure, an enrollee must first appeal to the carrier 
before appealing to OPM. See 5 C.F.R. § 890.105 (2012). OPM 
contracting office staff review whether the carrier followed the terms 
of its FEHBP contract in denying the claim. 

[36] To support these efforts, officials told us that OPM contracts 
with claims examiners and medical reviewers. 

[37] OPM contracting office staff do not assess fraud and abuse 
program outcomes against a specific numeric or percentage goal for 
carriers to meet or exceed as an indicator of program performance. 
Although standard practices for internal controls indicate that 
ongoing performance monitoring should include comparison of 
performance indicator data against planned targets, other federal 
agencies, including the Department of Health and Human Services and 
Department of Justice, intentionally do not set performance targets 
for fraud and abuse program outcomes because such targets could cause 
the public to perceive law enforcement as engaging in "bounty hunting" 
or pursuing arbitrary targets merely to meet particular goals. 

[38] The appropriate interpretation of data regarding the outcomes of 
fraud and abuse programs is not always clear. For example, if a 
program reported a relatively low number of opened cases, it could 
mean that the program was not very effective in detecting potentially 
fraudulent activity. Conversely, it could mean that the program was 
highly effective in preventing fraudulent activity. 

[39] See GAO, Medicare: Progress Made to Deter Fraud, but More Could 
Be Done, [hyperlink, http://www.gao.gov/products/GAO-12-801T] 
(Washington, D.C.: June 8, 2012). 

[40] Return-on-investment (ROI)--the ratio of returns on investments 
in antifraud activities (e.g., dollars recovered) to investments in 
those activities (e.g., the cost of operating a special investigative 
unit)--is a measure that can provide a valuable tool for assessing a 
program's activities and for determining how best to target resources. 
ROI does not, however, provide clear information about effectiveness 
because of the difficulties in developing accurate estimates of 
savings associated with fraud prevention activities. OPM does not 
require carriers to calculate ROI for their fraud and abuse programs. 
Moreover, because of a lack of information about costs, it may not be 
possible for OPM or carriers to calculate a more narrowly defined ROI 
in which prevention and deterrence are ignored. According to OPM 
contracting office officials, the costs of a carrier's fraud and abuse 
program are included in the carrier's overall administrative costs and 
are not necessarily separately identified. 

[41] OPM officials reported that FEHBP member enrollment is a program 
vulnerability that the agency has been working on for several years. 
OPM currently has an enrollment reconciliation process that has 
identified cases of fraud involving erroneous enrollment. Individual 
federal agencies are responsible for managing FEHBP enrollment of 
employees; OPM manages FEHBP enrollment of annuitants. 

[42] Carriers may also be subject to reporting requirements based on 
state or local law. 

[43] See OPM, FEHB Program Carrier Letter No. 2011-13 (Washington, 
D.C.: June 17, 2011). The carrier must have a reasonable suspicion 
that fraud has occurred or is occurring. 

[44] According to OIG officials, their response to a request to 
decline the case so that a carrier may participate in a class action 
lawsuit would involve consideration of whether the case is already 
being addressed through other avenues, whether it is likely to meet 
the threshold for criminal or civil prosecution, and whether the FEHBP 
might be better served by allowing the carrier to enter into a class 
action lawsuit, thereby potentially recovering monetary damages. 

[45] The OIG also has the option of taking action based on the notice 
provided by the carrier. According to OIG officials, they may begin to 
develop information about the allegation or coordinate with another 
law enforcement entity without waiting for further information from 
the carrier. 

[46] This report is specifically required by the carrier's contract. 

[47] OPM, FEHB Program Carrier Letter No. 2011-13. 

[48] Information regarding potential health care fraud could come 
through a carrier's notification, a hotline complaint, referral from 
another law enforcement agency, or other source. 

[49] If an allegation is unlikely to lead to criminal prosecution or 
would not be likely to require complicated investigative techniques 
for resolution, the OIG may refer the case for action by responsible 
agency program officials, in which case the OIG would monitor and 
follow up as necessary. 

[50] Referrals are to be in writing except in urgent circumstances, in 
which case the referral may be made in person or by telephone, with 
written confirmation as soon as possible. 

[51] Attorney General Guidelines for Offices of Inspector General with 
Statutory Law Enforcement Authority (Dec. 8, 2003) (implementing 5 
U.S.C. § 4(d) app.). 

[52] OIG officials told us that they are developing a process for 
sharing information regarding fraudulent providers and other fraud-
related information with the FBI and the Department of Health and 
Human Services. 

[53] See 5 U.S.C. § 5 app. 

[54] See Pub. L. No. 104-191, § 201, 110 Stat. 1936, 1992 (codified as 
amended at 42 U.S.C. § 1320a-7c). 

[End of section] 

GAO’s Mission: 

The Government Accountability Office, the audit, evaluation, and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the 
performance and accountability of the federal government for the 
American people. GAO examines the use of public funds; evaluates 
federal programs and policies; and provides analyses, recommendations, 
and other assistance to help Congress make informed oversight, policy, 
and funding decisions. GAO’s commitment to good government is 
reflected in its core values of accountability, integrity, and 
reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO’s website [hyperlink, http://www.gao.gov]. Each 
weekday afternoon, GAO posts on its website newly released reports, 
testimony, and correspondence. To have GAO e-mail you a list of newly 
posted products, go to [hyperlink, http://www.gao.gov] and select 
“E-mail Updates.” 

Order by Phone: 

The price of each GAO publication reflects GAO’s actual cost of 
production and distribution and depends on the number of pages in the 
publication and whether the publication is printed in color or black 
and white. Pricing and ordering information is posted on GAO’s 
website, [hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or 
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card, 
MasterCard, Visa, check, or money order. Call for additional 
information. 

Connect with GAO: 

Connect with GAO on facebook, flickr, twitter, and YouTube.
Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts.
Visit GAO on the web at [hyperlink, http://www.gao.gov]. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 
Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; 
E-mail: fraudnet@gao.gov; 
Automated answering system: (800) 424-5454 or (202) 512-7470. 

Congressional Relations: 

Katherine Siggerud, Managing Director, siggerudk@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, DC 20548. 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, DC 20548. 

[End of document]