Contractor CGI recently won a contract from the Centers for Medicare and Medicaid Services. The task is to build an application programming interface, or API, gateway. It’ll be part of the agency’s efforts to reduce waste, fraud and abuse in payouts for Medicare and Medicaid. With how it’s expected to work, Federal Drive with Tom Temin turned to CGI’s vice president for health and social services, Brad Schoffstall.
Tom Temin: Mr. Schoffstal, good to have you on.
Insight by Okta: This exclusive e-book highlights how identity and access management will continue to evolve as agencies face more aggressive cyber threats while keeping data and systems accessible.
Brad Schoffstall: Thank you, Tom, glad to be here.
Tom Temin: And what precisely is CMS asking you to do here? API gateway sounds like a big bunch of programming.
Brad Schoffstall: Right. Well, so CMS has the responsibility to vet Medicare providers. So there’s a whole series of processes that a provider has to go through in order to be certified to actually do Medicare Services and billing. And so PECOS is the provider enrollment system that has that data. And then there’s additional systems that CMS that have additional data. And all that data together is needed to really ensure that providers are good providers, and they’re doing the right thing. So since the data is in multiple different systems, CMS wanted to have an API gateway to bring all that data together. So one place you can have a 360 view of a Medicare provider that’s available for a variety of stakeholders and purposes.
Tom Temin: So the data would therefore include not only just who they are as self identified providers of health care throughout the country, but also the payouts going to them, the records they submit to get paid back and so forth, that kind of thing?
Brad Schoffstall: Right. The records they submit, they have to submit their licensure and other information, all of their facilities where they practice, what states they practice in, every license per state. Also, if they’re a doctor that has different specialties, they have to have licenses for each one. So all that gets submitted to Medicare, and all gets vetted through PECOS and associated systems in the Center for Program Integrity, CPI, part of CMS. And that information then feeds the actual claims systems that pay the claims. And so the claim system use that data to verify that yes, this provider is in fact, an approved Medicare provider.
Tom Temin: All right. So how will this API to all of these different data sets, how will that help detect fraud and reduce the improper payments> Because I guess CMS is the single largest contributor to the total federal improper payment total every year.
Brad Schoffstall: So a variety of ways, most of the data at this point in time, is sent from Pecos to other systems in the form of extracts, while this gateway enables that to be a real time data sharing with those other systems. So it’s available through API. So she said, so a programming interface or restful interface to get that data versus getting a file sent to you, and then pulling out of that file, what you need to verify that provider. So it improves the access to the data, or real time data. So it’s a system to system type of setup, but there’s also a portal. So users, let’s say that are the OG or IG or FBI, whatever organization is involved in really looking at stopping the fraud, can use the portal on the CMS internal network, there’s ways for them to get in there, approved ways, so that they can actually pull up that data for that provider. And then go through their processes to vet out fraud.
Tom Temin: Having followed some of the cases of big fraud that have happened, in many cases the CMS is paying people who are actually qualified, they are actual doctors and nurses and so forth of real providers, but they simply fabricate large numbers of identical types of claims, this type of thing goes on. That is to say, they’re real but they’re not acting in a legal way. Will this enable people like the FBI, or the program integrity office or the Inspector General, to be able to spot those sooner than they could now?
Brad Schoffstall: Yes, that is the idea for sure, is to have the data available on the provider side, a 360 view of the provider available real time. So then that can be matched up with, again, use case that you’ve mentioned, to have that data available to match it up with other providers, beneficiaries, other billers or service receivers to vet out if this is a scheme that’s going on. So that takes a lot of research. And it’s not just a simple query that figures out something like that, right.
Tom Temin: Sure. We’re speaking with Brad Schoffstal, he is vice president for health and social services at CGI. And what is required of CGI to do this, to create an API and a portal? It sounds like two components to the total system here.
Brad Schoffstall: Oh, yeah. Well, there’s a whole software stack that we’ve worked with CMS to put in place that pulls this data from the different systems in a service, kind of enablement. So if you think of it, it’s like a virtualized data environment. So we have all these real databases across CMS and we’re combining them in a kind of a virtual way so that It looks like one big database, but no data is actually being copied anyplace. It’s really just pulled into memory, and it looks like one larger database and provides this 360 view. So there is a lot of software that goes into that for sure.
Tom Temin: And is this all in a cloud somewhere?
Brad Schoffstall: Well, it’s a combination. It’s in the AWS cloud, and also on the CMS data centers. So it’s a combination. And in fact, the data coming into this API gateway is coming from multiple data centers. So if you think about somebody having to go to different systems in different data centers, different logins one after the other and kind of piecing the data together manually, well, this does that for them in an automated fashion.
Tom Temin: Got it and give us a sense of the range of data types that are involved here. Because when you talk about different multiple data centers and applications, it could really be like the barroom on Mars type of image of data types coming in.
Brad Schoffstall: The data types, it’s it’s all structured data, for the most part. There is some images as far as like they actually take images of licenses and verify the licenses. CPI has a lot of different processes to root out fraud. So they do background checks of the providers, they do site visits for the actual sites – so they verify that the provider says they actually with facility in a certain place, they verify that it’s there, and that it can do the services that the provider says that they offer. So there is both systematic and actual on the ground checking that goes on.
Tom Temin: And for CGI, is their measure of success simply that the portal is up and running and it works or do they have some measure of, I don’t know, increased fraud detection as part of the performance here?
Brad Schoffstall: Yeah. So it really is that is defined by the stakeholders. So the stakeholders that use the system, they’re the ones that through their use cases define how good the system is working, how its fulfilling the mandates, if you will, of really the goals that CMS is putting forward. So it’s really up to them. This system is currently in the process of being put into production, it’ll be live by the end of the year. So we’re going through a lot of testing now. And users actually going through that process to say is this system really providing what we need. And so far, we’re getting very good feedback. And the user community is actually quite looking forward to having this in production to help them with the goal of stamping out Medicare fraud.
Tom Temin: Fair to say that you are developing this, that CGI is developing this in an agile manner such that you can test the functionality among the users and adjust it before they commit to runtime finished code?
Brad Schoffstall: Oh, yeah, absolutely. It’s all safe agile. So we are product owners, and they’re involved in multiple times a week with stand up meetings and all the other activities that go into the agile process.
Tom Temin: Will it be something that you deliver and then you’re done? Or will you operate it for them and have continued development as time goes on?
Brad Schoffstall: Yes, we’re in the first phase, there are several phases planned after this first phase. So initially, they’re starting out with three or four systems, something like that, I think it’s going to be three when they actually go live. But then they’re looking to add five additional systems every year going forward, plus multiple users, 20-to-30 new stakeholder bodies every year also. So the idea is that this could be available across CMS. Also available even to Medicaid stakeholders in the different states.
Tom Temin: I was gonna say most of this money is expended by the states, so they would have a stake in the whole thing too, wouldn’t they?
Brad Schoffstall: Oh, yeah. CMS is very much of the mind that they want to provide services for Medicare and Medicaid, and to have transparency on both sides so that there isn’t any situation where – somebody falling through the cracks is terrible. But then also making sure that somebody is not getting double the benefits that they really should be getting.
Tom Temin: And do you think that the architecture and maybe perhaps some of the code itself of the system you’re developing is reusable by other agencies that have all these different programs that go out to stakeholders, farmers or whatever the case might be?
Brad Schoffstall: Yeah, well, the software that we’re using is available either through open source or commercial. So a stack could certainly be leveraged by whoever would like to go that way. As far as actually sharing the designs that CMS has put in place, I can’t really speak to that at this point.
Tom Temin: All right. Brad Schoffstall is vice president for health and social services at CGI. Thanks so much for joining me.
Brad Schoffstall: Sure. Thank you, Tom. I enjoyed it.