PROGRAM MANAGEMENT

INFORMATION TECHNOLOGY

CMS faces four major IT challenges over the next several years:

1. Securing critical and sensitive data at CMS's Medicare contractors to prevent unauthorized access to and use of beneficiary and financial data.

2. Modernizing CMS's Medicare fee-for-service claims processing environment to effectively support CMS's transaction processing responsibilities under Medicare.

3. Modernizing CMS's database environment to effectively support Medicare transaction processing, program integrity, quality of care, and program administration responsibilities to effectively manage both Medicare and Medicaid.

4. Investing in CMS's aged infrastructure to support e-gov activities and to prevent disruptions in services from an aging infrastructure.

Highlights of the Budget Estimates

Systems Security Risk Mitigation

Since 2000, CMS has been making significant progress in improving information systems security at the Medicare contractor sites. This progress has increased the safeguards in place to protect the health care information processed and generated by the Medicare contractors through the Medicare claims process. These safeguards are essential to ensuring the confidentiality and privacy of the health care information of Medicare beneficiaries, as required by both Federal law and regulation.

Despite this progress and CMS's best efforts, recent self-assessments as well as audits initiated by the Office of the Inspector General have revealed that the Medicare contractors fall substantially short of meeting a set of core security requirements based on various Federal laws and regulations. In FY 2001, CMS conducted a comprehensive security assessment at its Medicare contractors to determine compliance with NIST, GAO, OMB, and legislative requirements and to assess security risks and vulnerabilities. That assessment identified numerous systems control weaknesses. These weaknesses were documented in the HHS Inspector General's Report on the HHS Consolidated/Combined Financial Statements for FY 2001, with specific problems related to access controls and systems software issues. As noted during a hearing of the House Energy and Commerce Committee in 2001, CMS's systems security must be held to a higher standard than other government agencies because of the volume and sensitivity of personally identifiable data.

CMS's FY 2004 President's Budget request includes $34 million to enable CMS and Medicare contractors to address the most serious known security risks and vulnerabilities, develop systems security plans, and implement a robust, ongoing security program.

Modernize Fee-for-Service Claims Processing Systems

CMS's fee-for-service (FFS) systems face major challenges as CMS fulfills its responsibility to process and pay claims rapidly and, more importantly, to make the correct payment determination while managing immense volumes of data. The Medicare claims processing systems support the annual processing of 1 billion Medicare FFS claims, representing over $250 billion in program payments. The volume of transactions is increasing and the process is becoming more complex. Moreover, Medicare claims processing systems are a major source of data for national healthcare research; fraud, waste, and abuse prevention programs; and the evaluation of demonstrations, clinical trials, and other program development initiatives.

CMS's FY 2004 budget includes $17.8 million to initiate a Medicare data center contracting strategy, begin a redesign of the Common Working File (CWF) and Medicare claims processing systems, and begin modernization of the Medicare enrollment database (EDB). These investments will enable CMS and our partners to meet increasing business demands, improve the management of Medicare claims processing, and provide improved reliability.

Modern Data Warehousing Environment

While continuing its operational and transactional (e.g., enrollment, payment) responsibilities under Medicare, CMS has been uniquely entrusted with massive oversight and stewardship responsibilities for data regarding its programs and beneficiaries. Diverse activities including transaction processing (e.g., claims review and payment), beneficiary education and communication, program integrity, policy analysis and decision-making in a complex program environment such as Medicare and Medicaid, all require appropriate levels of investments in IT infrastructure to support data quality and maintenance, transaction processing against central data warehouses, and data analysis and information dissemination.

PROGRAM MANAGEMENT

The current (legacy) data environment, which supports CMS business operations, has become increasingly difficult and costly to support. Furthermore, these legacy databases do not satisfy technical and data management requirements for the future.

Modernization of CMS's database environment is required to meet the future needs of the agency. The FY 2004 President's budget includes $11.2 million to support implementation of an integrated, relational data warehouse environment that supports CMS transaction and information processing needs under Medicare and Medicaid. Supported activities include conversion of remaining legacy systems from M204 to DB2 and development of the architecture for "data marts" to provide mission-critical information and decision support tools for Medicare and Medicaid.

E-gov and Aging Infrastructure

CMS's internal systems (infrastructure) reflect aging technology. Key technology components that support CMS's day-to-day operations must be modernized to avoid service disruptions. CMS's e-mail system and document management systems, both of which are key not only to internal business operations but also our responsiveness to the public and Congress, will be improved as a result of this initiative. Investments in authentication and encryption methods/tools, role-based access controls, electronic signatures, and other security investments are necessary to support a robust e-gov/e-commerce environment.

The budget includes $2 million to support investments in e-gov security infrastructure and related infrastructure modernization. E-gov investments include development of authentication and encryption architecture, internal pilots of electronic signatures, and penetration testing of security infrastructure. Modernization activities planned for FY 2004 include identification of a preferred technology solution and development of an implementation strategy.

OTHER APPROPRIATED ACCOUNTS

Medicaid

Appropriation Language

For carrying out, except as otherwise provided, titles XI and XIX of the Social Security

Act, $124,892,197,000 to remain available until expended.

For making, after May 31, 2004, payments to States under title XIX of the Social Security Act for the last quarter of fiscal year 2004 for unanticipated costs, incurred for the current fiscal year, such sums as may be necessary.

For making payments to States or in the case of section 1928 on behalf of States under title XIX for the first quarter of fiscal year 2005, $58,416,275,000 to remain available until expended.

Payment under title XIX may be made for any quarter with respect to a State plan or plan amendment in effect during such quarter, if submitted in or prior to such quarter and approved in that or any subsequent quarter.