Maine’s Medicaid Mistakes

On Friday, Jan. 21, 2005,the state of Maine cut the ribbon on its new, Web-based Maine Medicaid Claims System for processing $1.5 billion in annual Medicaid claims and payments. The new $25 million program, which replaced the state’s old Honeywell mainframe, was hailed as a more secure system that would clear claims faster, track costs better and give providers more accurate information on claims status.

But within days of turning on the new system, Craig Hitchings knew that something was seriously wrong.

There had been problems right from the start—an unusually high rate of rejected claims—but Hitchings, director of information technology for the state of Maine’s Department of Human Services (DHS), had assumed they were caused by providers using the wrong codes on the new electronic claim forms. By the end of the month, he wasn’t so sure. The department’s Bureau of Medical Services, which runs the Medicaid program, was being deluged with hundreds of calls from doctors, dentists, hospitals, health clinics and nursing homes, angry because their claims were not being paid. The new system had placed most of the rejected claims in a “suspended” file for forms that contained errors.

Tens of thousands of claims representing millions of dollars were being left in limbo.

Hitchings’ team—about 15 IT staffers and about 4 dozen employees from CNSI, the contractor hired to develop the system—were working 12-hour days, writing software fixes and performing adjustments so fast that Hitchings knew that key project management guidelines were beginning to fall by the wayside. And nothing seemed to help.

Day after day, the calls kept coming. The bureau’s call center was so backed up that many providers could not get through. And when they did, they had to wait on the phone for a half hour to speak to a human.

By the end of March, the number of Medicaid claims in the suspended bin had reached approximately 300,000, and the state was falling further and further behind in its ability to process them. With their bills unpaid, some of Maine’s 262,000 Medicaid recipients were turned away from their doctors’ offices, according to the Maine Medical Association. Several dentists and therapists were forced to close their doors, and some physicians had to take out loans to stay afloat. With the Medicaid program accounting for one-third of the entire state budget, Maine’s finances were in shambles, threatening the state’s financial stability and its credit rating. Yet Hitchings was at a loss to explain what was causing all the suspensions.

And every day brought hundreds more.

Today, more than a year later, it’s fair to say that the Maine Medicaid Claims System project has been a disaster of major proportions. Since the new system went live, it has cost the state of Maine close to $30 million. The fallout has been broad and deep. In December 2005, Jack Nicholas, the commissioner of the DHS who oversaw the project, resigned.

As of press time, Maine is the only state in the union not in compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA)—a striking irony given that the new system was designed to facilitate that compliance. Although federal authorities have said they will work with the state in extending the deadline, the failure has been a black eye on Maine’s ability to manage the health of hundreds of thousands of its residents. And it has become an issue in this year’s race for governor.

State IT officials say they have fixed most of the bugs in the new Web services system and that it is now processing 85 percent of claims (although physician groups dispute this). With 20/20 hindsight, they can now look back and see where the project went wrong. Hiring a vendor, CNSI, that had no experience in developing Medicaid claims systems was the first mistake. And that was compounded by the decision to build a new and relatively unproven technology platform for the entire system rather than, as other states have done, integrating a Web-based portal with back-end legacy systems. Thirdly, IT switched over to the new system overnight with no backup system in case something went wrong. And making matters worse, no end-to-end testing or training was conducted before the switch over. Indeed, the story of the Maine Medicaid Claims System is a classic example of how not to develop, deploy and manage an advanced Web services system.

“By the first of March, it was clear that we were missing any sort of basic management of this project and were in complete defensive mode,” recalls Dick Thompson, then head of procurement for the state of Maine and now its CIO.

“We could not see our way out of this.”

Out with the Old

In the late 1990s, states were moving fast to overhaul their Medicaid claims processing systems. Driving the transformation was HIPAA, which required numerous changes in managing patient health and records, the most significant of which was protecting patient privacy. Maine, like other states, had to upgrade its systems to better secure Medicaid patient records. Under HIPAA, the state had until Oct. 1, 2002, to have a system in place that would secure and limit access to that information.

At the same time, the federal Medicaid program was becoming more complex. As additional health services were added, the number of codes and subcodes for services grew, and payments to doctors and hospitals were parsed accordingly. Maine also needed to give providers a way to check the eligibility of Medicaid patients and the status of their claims. Making this information available online, they hoped, would cut down on the number of calls to the state Bureau of Medical Services, thereby saving the state money.

State officials knew that upgrading the old system would be a Herculean task. Maine processes more than 120,000 Medicaid claims per week, and the existing claims processing system—a 1970s vintage Honeywell mainframe—was not up to the job, nor could it meet HIPAA’s demands or provide online access. The state’s IT managers reasoned that a new end-to-end system would be easier and cheaper to maintain. (Other states reached different conclusions. Massachusetts, for example, decided to build a new front-end Web portal for providers and Medicaid patients that could be integrated with the state’s existing legacy systems. For more on this, read “Opening a Virtual Gateway to Better Health,” online at www.cio.com/031506.)

The development of the new system was assigned to the IT staff in the DHS, which decided it wanted a system built on a rules-based engine so that as Medicaid rules changed, the changes could be programmed easily into the system.

Some service providers, such as EDS, offered states the opportunity to outsource claims processing systems. But the DHS staff believed building its own system would give it more flexibility. The staff also believed it could manage the system better than an outsourcer. “We had a track record of running the old system for 25 years,” Thompson explains.

In April 2001, the state of Maine issued an RFP for the new system. But by the end of the year, the state had received only two proposals: one from Keane (for $30 million) and another from CNSI (for $15 million).

Typically, agencies like to see several bids within a close range. That way, procurement officials are confident that the requirements are doable and the bids realistic. In this case, the low bidder, CNSI, had no experience in building Medicaid claims processing systems. In contrast, Keane had some experience in developing Medicaid systems, and the company had worked on the Maine system for Medicaid eligibility.

The paucity of bidders and the 100 percent difference in price between the two bids should have been red flags, says J. Davidson Frame, dean of the University of Management and Technology in Arlington, Va. “Only two bidders is a dangerous sign,” he says, adding that the low response rate indicated that potential bidders knew the requirements of the RFP were unreasonable. “Thompson should have realized immediately something was wrong with the solicitation, and redone it,” Frame says. “Even if they missed the [HIPAA] deadline, it would have saved time and money in the long run.”

The Seeds of Failure

CNSI proposed building the new system with J2EE software language, arguing that it was needed to get the scalability state officials were asking for, according to Hitchings. J2EE is a powerful programming language, the Ferrari of software code, which some of the largest corporations are now using to run their global operations. Experts say deploying such advanced technology, especially in state government, increased the risk in an already risky project. Most Medicaid claims systems contain bundles of code that have been tinkered with for decades to adjust rates, services and rules. Attempting to translate all of that human intelligence, gathered over thousands of person-years, into a system built from the ground up, was, at best, problematic. “It was a big misstep,” Frame says.

But Thompson argues that the state was in a corner. Maine’s budget was tight. State revenue was dropping, and saving money was critical. Also, the deadline to become compliant with HIPAA was looming, and Thompson decided that the six months that would have been needed to redo the RFP was too much. “We had a requirement to get something in place soon,” Thompson says.

In October 2001, the state awarded the contract to CNSI, giving the company 12 months to build and deploy a new high-end processing system by the HIPAA deadline of Oct. 1, 2002. As head of procurement, Thompson signed off on the contract.

Almost immediately, it became evident that the state was not going to meet the deadline. To begin with, the 65-person team composed of DHS IT staffers and CNSI representatives assigned to the project had difficulty securing time with the dozen Medicaid experts in the Bureau of Medical Services to get detailed information about how to code for Medicaid rules. As a result, the contractors had to make their own decisions on how to meet Medicaid requirements. And then they had to reprogram the system after consulting with a Medicaid expert, further slowing development.

The system also was designed to look at claims in more detail than the old system in order to increase the accuracy of payments and comply with HIPAA security requirements. The legacy system checked three basic pieces of information: that the provider was in the system, the eligibility of the patient and whether the service was covered. The new system checked 13 pieces, such as making sure the provider was authorized to perform that service on the date the service was provided, and the provider’s license. “There were a lot more moving parts,” Thompson explains.

Looking back, Thompson says the DHS team was seriously understaffed. But Thompson says he was afraid to ask for more resources. “That is a significant problem in government,” Thompson says. “If I say I need 60 to 70 percent more staff because we need to work this project for two years, the response would be, ‘What, are you crazy?’ So, we just couldn’t make the turnaround times.”

In the fall of 2002, just months away from the HIPAA deadline, the DHS team got a reprieve. The federally run Center for Medicare and Medicaid Services pushed back the deadline to Oct. 1, 2003.

For the next two years, CNSI and Maine’s DHS IT shop worked long hours writing code. Errors kept cropping up as programmers had to reprogram the system to accept Medicaid rule changes at the federal and state levels. The changes created integration problems. The developers also had to add more storage capacity and computing power to accommodate the increase in information generated by the new rules, and that further delayed the development.

In January 2003, John Baldacci was inaugurated governor. One of Baldacci’s campaign promises was to streamline state government, and part of the plan called for merging Maine’s Department of Behavioral and Developmental Services with the Department of Human Services to create the Department of Health and Human Services (HHS). That meant consolidating systems and databases that had resided in both departments and creating new business processes, diverting crucial resources from the development of the claims system. Thompson says the merger also diverted executives’ attention. Meanwhile, the cost of the project rose, increasing 50 percent to more than $22 million.

The IT staff could not meet the extended HIPAA deadline. In an attempt to catch up, they began to cut corners. For example, testing the system from end to end was dismissed as an option. The state did conduct a pilot with about 10 providers and claims clearinghouses, processing a small set of claims. But the claims were not run through much of the system because it was not ready for testing. Beyond a few fliers announcing the new system and new provider ID codes, HHS offered little or no guidance to providers on the use of the system. And there was no training for the staff who would have to answer providers’ questions.

“We kept saying, ‘Gosh, let’s keep our head down; we can work through this,’” Thompson recalls. Instead, he acknowledges, he and other top officials should have taken a step back and analyzed the risks that the new system might pose for the state’s Medicaid providers and their patients.

Early Warnings

Hitchings and his staff made the decision to go live in January 2005. The switch to the new system would be made in a flash cutover in which the legacy system would be shut down for good and the new system would take over. Codes identifying providers (tax identifier numbers) and Medicaid patients (Social Security numbers) had to be changed to meet HIPAA guidelines, and the legacy system would not be able to recognize the new numbers. Nor could it read the new electronic claim forms. HHS dismissed the idea of running a parallel system as too costly and complicated.

Maine officials did have one contingency plan: They would pay providers for two to four weeks if the new system failed. Under the interim payment plan, if a provider’s claims were not being processed in a timely manner, the provider would receive a payment based on the average monthly payment the provider had received the five weeks prior to the new system coming on.

On Jan. 21, Hitchings arrived at his office to find the claims system up and running. The initial reports from the contractor and his staff were that the system was humming along, quickly moving through Medicaid claims.

But the following Monday morning, Hitchings sat down with CNSI contractors to go over the file statistics for the system’s first three days. Something wasn’t right. The system had sent about 50 percent of the claims—24,000 in the first week alone—into a “suspended” file, a dumping ground for claims that have an error that is not significant enough to reject the claim outright but that are not accurate enough for payment. Typically, the error can be fixed fairly quickly by a claims processor. But the 50 percent rate was very high; the legacy system had suspended only about 20 percent of claims.

By the end of the month, angry calls from providers were mounting. One of the calls came from Kevin Flanigan, the only internist and pediatrician in Pittsfield, a town of 4,000 people in south central Maine. Early one morning at the end of January, Dr. Flanigan sat down with his business manager to go over the Medicaid payments that had arrived in that day’s mail. Flanigan sliced open an envelope, pulled out the statement, and read “rejected.” In the amount paid column, he saw “0.00.” His manager opened a statement. Zero amount paid. “One after the other it said zero, zero, zero,” Flanigan recalls. “My first reaction was that the state blew it, and it was no big deal. I could just call them up, straighten it out, and they’ll send me a check.”

Flanigan called HHS. He was told the problem was a computer glitch. The state would have it fixed in one or two weeks.

Flanigan went back to seeing his patients.

The glitch, however, kept sending tens of thousands of claims to the suspended file. Hitchings discovered that the system was suspending duplicate claims—claims from the same provider who had filed the claim a second time after learning the first had been suspended. The system was programmed to reject the second claim if it was identical to one already in suspension. With the capacity to work off only 1,000 claims a week, it would take the Bureau of Medical Services more than six months to clear all of them.

Hitchings and CNSI began to look at the code and the design of the system. They found numerous problems. For example, without adequate guidance from Medicaid experts, the system had been designed to accept files with up to 1,000 lines of claim data. But many claims were much larger, some containing up to 10,000 lines, and the server was rejecting them automatically. The Medical Bureau staff asked providers to submit smaller files. In the meantime, the IT staff would try to rewrite the software.

At the same time, other errors began popping up. The state now owed health-care providers as much as $50 million in Medicaid payments, and the backlog of claims had reached almost 100,000. Providers couldn’t get through to HHS. When they didn’t get a busy signal, the wait to talk to a staff person at MaineCare (formerly the Bureau of Medical Services) was a half hour or more. Providers began calling state legislators. A press conference was held on the steps of the state capitol Feb. 16, declaring a financial crisis for Maine health-care providers.

The calls were coming in so fast that Hitchings decided to man the phones himself. One call he remembers was from a woman in a provider’s billing office. She was frustrated because the system would not accept her claim, no matter what she did. Hitchings walked her through the process, making sure she had the correct billing and file name conventions. After 45 minutes, the system still wouldn’t accept the claim. Hitchings had to admit defeat.

“That was just so frustrating,” Hitchings says. “I just couldn’t fix the problem. I didn’t know what more we could do.”

In Pittsfield, Flanigan opened more claim statements with no checks. He began to make plans to draw on a line of credit that used his office building as equity.

Over the next nine months, Flanigan would take out $30,000 in loans to pay his bills.

A Call for Help

By early March 2005, Hitchings’ staff and CNSI were overwhelmed. For $860,000, the department hired XWave, an integrator and project management consultant, to take over the project. More people were hired to take phone calls. Gov. Baldacci, saying “enough is enough,” ordered Commissioner Nicholas to have the claims system operable and running smoothly by the end of March.

But March came and went, and nothing changed. Desperate, state officials decided to change the program’s management, and Rebecca Wyke, head of Maine’s financing department, appointed Thompson as CIO in late March, replacing Harry Lanphear, who is now CEO of the Kennebec Valley YMCA. Thompson was put in charge of the project, and ordered to right the system as quickly as possible. (Lanphear could not be reached for comment.)

By the end of the summer, 647,000 claims were clogging the suspended claims database, representing about $310 million in back payments. Interim payments were being made, but reconciling those payments with the claims was an accounting nightmare. Wyke hired the accounting firm Deloitte & Touche to audit the state books to determine if Maine would have enough money to pay Medicaid bills by the June 30 end of the fiscal year. The $7 million contract also called for Deloitte to consult on how to reconcile the Medicaid bills.

XWave set up a project management office and steering committee that met weekly to establish priorities and monitor the progress of system software fixes. The goal was to get the new system to process claims at the same rate that the legacy system had, sending 20 percent into a suspended or rejection file. Thompson hired Jim Lopatosky, an Oracle database specialist in the state’s Bureau of Information Services, as operations manager to act as a calming influence on the department’s battered IT division. When Lopatosky took over in June, he encountered a staff “running at 100 miles per hour,” trying to fix every software bug, with little direction on what was most important. “They couldn’t see the forest for the trees,” he recalls.

Lopatosky soon realized, as XWave had, that the system’s problems could be laid at the door of poor project management and worse communication among the HHS IT staff, contractors and business users. For instance, programmers for the state and those working for CNSI would work on parts of the system without telling each other what they were doing. Lopatosky prioritized tasks. He acted as a liaison between teams working on different functions. He directed the programmers to fix those software bugs that would resolve the largest number of suspended claims and postponed work on the portal through which providers could check on the status of claims. That could wait.

But the intricacies of the Medicaid program continued to thwart progress. Thompson needed a business owner who could clarify Medicaid business processes for the IT staff. Last October, Dr. Laureen Biczak, the medical director for MaineCare, agreed to take on that responsibility.

“This is what brought it all together,” Thompson says. “It was something we should have done from the start: have someone who knew the business [of Medicaid] working full-time on the project.”

With Biczak’s assistance, the Bureau of Information Services set up a triage process for the help desk. Medicaid business-process questions would be sent to the Medicaid specialists; software and hardware questions would be sent to IT program specialists. The triage process was implemented in January.

By the end of the month, Thompson claimed the new system could process 85 percent of claims as either pay or deny. “I can now see the light at the end of the tunnel,” he says.

For the provider community, however, that light is still the headlamps of an oncoming train. Gordon Smith, head of the Maine Medical Association, says the new claims system is still far from what was promised: an advanced system that would clear claims faster, track costs better and give providers more accurate information on claims status. Smith disputes Thompson’s claim, saying the new system still rejects 20 percent of the total claims, most of which meet accepted standards for payment. “Why are we comparing this system to a legacy system that wasn’t good enough in the first place?” he asks. “Why spend $25 million on a new system that isn’t any better?”

For doctors like Flanigan, the entire ordeal—the postponed payments, the lack of communication with providers, the system’s continued fallibility—will not easily be forgotten. Or forgiven. And it will certainly be on Flanigan’s mind when he and others like him go to the polls to vote for governor in November.

“They are supposed to be protecting the most-at-risk people in the state,” Flanigan says. “It goes beyond shock and dismay how utterly disrespectful the state has been to providers and patients.”