This is the accessible text file for GAO report number GAO-12-399R entitled 'Group Purchasing Organizations: Federal Oversight and Self- Regulation' which was released on April 30, 2012. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. GAO-12-399R: United States Government Accountability Office: Washington, DC 20548: March 30, 2012: The Honorable Herb Kohl: Chairman: Special Committee on Aging, and Chairman Subcommittee on Antitrust, Competition Policy and Consumer Rights: Committee on the Judiciary: United States Senate: The Honorable Charles E. Grassley: Ranking Member: Committee on the Judiciary: United States Senate: The Honorable Tom Coburn: United States Senate: Subject: Group Purchasing Organizations: Federal Oversight and Self- Regulation: Increases in health care expenditures in recent years have intensified congressional scrutiny of the costs of medical care. Federal spending for health care services provided though Medicare and Medicaid in fiscal year 2010 totaled $793.2 billion--an increase from $514.3 billion in 2005.[Footnote 1] Federal spending for health care services is expected to continue to rise. The increase in federal spending for health care services can be attributed, in part, to the growth in health care costs, and an important component of those costs is the cost of products that hospitals and other health care providers purchase to provide care. Hospitals and other health care providers, including those that participate in Medicare and Medicaid, have faced pressures to address rising health care costs. These providers have increasingly relied on purchasing intermediaries known as group purchasing organizations (GPO). The GPOs, on behalf of their customers--hospitals and other providers--negotiate contracts for products and services with vendors such as manufacturers, distributors, and other suppliers. The types of goods and services hospitals and other providers purchase through these GPO-negotiated contracts range from commodities, such as cotton balls and bandages to high-technology medical devices, such as pacemakers and stents.[Footnote 2] Vendors pay fees to GPOs, known as "contract administrative fees," which are typically based on a percentage of the costs of the products that GPO customers purchase through GPO-negotiated contracts. These fees are GPOs' main source of operating revenue, which they are allowed to collect if they meet the requirements of a safe harbor to the "anti-kickback" provision of the Social Security Act--known as the Anti-Kickback statute--which would otherwise prohibit such fees.[Footnote 3] Previously, some questions were raised about whether or to what extent the fees GPOs receive from vendors create a financial incentive for GPOs that is inconsistent with obtaining the lowest possible prices on behalf of their customers and by extension, federal payers of health care. In recent years, members of Congress have raised questions about GPOs and we have issued several reports. We were asked about certain potentially anticompetitive business practices of GPOs[Footnote 4] and in July 2003, we reported that selected GPOs had adopted or revised codes of conduct in response to questions about their business practices.[Footnote 5] Later, we were asked about whether GPOs are saving their customers money, and in January 2010, we reported that we were unable to identify any published peer-reviewed studies that included an empirical analysis of pricing data that indicated whether or not GPO customers obtain lower prices from vendors.[Footnote 6] Finally, we were asked to describe the types of services that GPOs provide to their customers and how GPOs fund these services. In August 2010, we described the range of contracting and other types of services that certain GPOs reported providing to their customers, and the extent to which these services were funded using contract administrative fees or by charging customers directly for the service. This report also included updated information on initiatives implemented by GPOs to address continuing questions about their business practices, including the activities of a voluntary GPO membership association, the Healthcare Group Purchasing Industry Initiative (HGPII), which GPOs formed in 2005 in order to promote best practices and public accountability among member GPOs.[Footnote 7] Since the establishment of HGPII, questions have continued to be raised about the oversight of GPOs. This oversight includes GPO efforts to self-regulate through HGPII initiatives as well as the oversight provided by federal agencies: the Department of Health & Human Services (HHS), which has enforcement responsibilities under the Anti-Kickback statute;[Footnote 8] the Federal Trade Commission (FTC), which is responsible for enforcing federal antitrust laws; and the Department of Justice (DOJ), which is responsible for enforcing both the Anti-Kickback statute and federal antitrust laws. For this report, you asked us to describe the oversight of GPOs. We describe (1) HHS, DOJ, and FTC oversight of GPOs since 2004; and (2) GPO self-regulation through HGPII. To describe HHS, DOJ, and FTC oversight of GPOs since 2004, we reviewed publicly available guidance, reports, laws and regulations, and literature on GPO activities--the period after a congressional hearing examining the oversight of GPOs. We also conducted interviews and reviewed supporting documents from HHS, DOJ, and FTC to obtain information about federal agency oversight activities and enforcement actions related to GPOs that the agencies have taken. To examine GPO self-regulation through HGPII, we interviewed officials from HGPII and reviewed supporting documents from the association to update our August 2010 report, including information about HGPII initiatives to promote, monitor, and increase the transparency of GPO business practices. We also conducted interviews with representatives from the Medical Device Manufacturers Association and the American Hospital Association to obtain their views related to GPO efforts to self-regulate through HGPII. We conducted this performance audit from October 2011 through March 2012 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Results in Brief: GPOs are subject to certain federal laws that HHS, DOJ, and FTC are responsible for enforcing. According to HHS Office of Inspector General (HHS-OIG) officials, since 2004, the office has not routinely exercised its authority to request and review disclosures related to GPOs' contract administrative fees, but it has collected information on GPOs' contract administrative fees while conducting audits of hospitals' cost reports. While HHS-OIG is responsible for enforcing the Anti-Kickback statute, the law and regulation do not require routine monitoring of GPO written agreements and disclosures. HHS-OIG officials told us that even if they requested this information from GPOs, it would not necessarily be sufficient to determine whether a GPO violated the Anti-Kickback statute. Officials from HHS-OIG also told us that, since 2004, it participated in two case investigations with DOJ that involved allegations that certain GPOs did not comply with safe harbor requirements and violated the Anti-Kickback statute. Officials told us that HHS-OIG has not imposed administrative penalties on any GPOs since 2004. DOJ and FTC have investigated complaints related to federal antitrust laws, and we identified one lawsuit filed by DOJ against a GPO in 2007. FTC officials told us that while the agency has investigated GPOs to determine whether their behavior was anticompetitive, the agency has not taken any enforcement action against a GPO since 2004. The voluntary GPO association--HGPII--has continued its activities for GPOs to self-regulate their business practices, and also added some new activities since our 2010 report.[Footnote 9] HGPII members are required to follow a set of principles of ethics and business conduct. HGPII members continue to be required to have a written code of business conduct, be accountable to the public by completing an annual public accountability questionnaire, and share best practices through an annual best practices forum. Subsequent to our August 2010 report, HGPII officials told us that the association formed an ethics advisory council in 2010 to provide advice to its steering committee and member GPOs on best practices and other HGPII activities. In addition, to address the concerns of vendors, HGPII implemented a vendor grievance process in 2010 that allows complaints to be reviewed by a third party provided by the American Arbitration Association. We provided a draft of this report to HHS, DOJ, and FTC for comment. We also provided sections of the draft report to HGPII for comment. HHS, DOJ, and HGPII provided technical comments that were incorporated, as appropriate. FTC responded that it did not have any comments on the draft report. Background: GPOs are organizations that act as purchasing intermediaries that negotiate contracts between their customers--health care providers, such as hospitals--and vendors of medical products and services. The Healthcare Supply Chain Association, an association representing 15 GPOs, estimates that hospitals across the United States use, on average, 2 to 4 GPOs per facility, and about 72 percent of purchases that hospitals make are done using GPO contracts.[Footnote 10] While over 600 GPOs are active in the United States,[Footnote 11] a relatively small number of GPOs dominate the market for products sold through GPO contracts. The Health Industry Distributors Association reported that the 6 largest GPOs in 2007 by reported purchasing volume accounted for nearly 90 percent of the GPO market.[Footnote 12] In recent years, the GPO market has become more consolidated because some large GPOs have merged.[Footnote 13] See table 1 for a list of the 5 largest GPOs and their 2011 self-reported purchasing volumes. Table 1: The Five Largest Group Purchasing Organizations (GPO) and Their Fiscal Year 2011 Self-reported Purchasing Volumes: GPO: MedAssets; Fiscal year 2011 purchasing volume: $45.0 billion. GPO: Premier; Fiscal year 2011 purchasing volume: $43.0 billion. GPO: Novation; Fiscal year 2011 purchasing volume: $40.1 billion. GPO: HealthTrust; Fiscal year 2011 purchasing volume: $19.0 billion. GPO: Amerinet; Fiscal year 2011 purchasing volume: $7.6 billion. GPO: Total; Fiscal year 2011 purchasing volume: $154.7 billion. Source: GPO Facts & Figures; Largest Group Purchasing Organizations; Healthcare Purchasing News research, October 2011. [End of table] GPOs' main source of operating revenue comes from contract administrative fees that they receive from vendors that contract through the GPOs. Contract administrative fees are typically calculated as a percentage of each GPO customer's purchases through the GPO contracts. In August 2010 we reported that, among the six largest GPOs at the time, the average contract administrative fees paid by vendors in 2008, weighted by purchasing volume, ranged from 1.22 percent of purchases to 2.25 percent of purchases.[Footnote 14] The GPOs in our review also reported receiving individual contract administrative fees that ranged from a low of 0.09 percent to a high of 10 percent of a product's purchase price. GPOs use these contract administrative fees, in part, to fund their operating expenses. In August 2010 we reported that the GPOs in our review also used contract administrative fees to fund services for their customers that were not related to contract negotiations. For example, some of the GPOs reported providing clinical evaluation and standardization of products, assessments of new technology, electronic commerce, and benchmarking data services. We also reported in August 2010 that the six largest GPOs reported distributing a portion of their revenue--including revenue from contract administrative fees--to their customers and owners.[Footnote 15] These GPOs reported distributing a total of about $1.1 billion in 2008--about 53 percent of their total revenue that year. GPOs' provider owners and customers are required to account for this revenue and any rebates[Footnote 16] they receive from vendors on their Medicare cost reports.[Footnote 17] See enclosure I for an analysis of the potential ways that GPOs could affect Medicare payment. HHS, DOJ, and FTC Responsibilities Related to GPOs: GPOs are subject to certain federal laws, which HHS, DOJ, and FTC are responsible for enforcing. HHS: HHS-OIG is responsible for enforcing the Anti-Kickback statute. [Footnote 18] The Anti-Kickback statute generally prohibits the knowing or willful receipt or payment of fees in exchange for the purchase of an item or service for which payment may be made under a federal health care program.[Footnote 19] In 1986 Congress added a "safe harbor" provision to the Anti-Kickback statute to allow for fees paid by vendors to a GPO.[Footnote 20] In addition, in 1991 HHS-OIG issued a regulation establishing the requirements that GPOs must meet in order to quality for safe harbor protection under the Anti-Kickback statute.[Footnote 21] Under the regulation, a GPO must: * have a written agreement with its customers either stating that the contract administrative fees are to be 3 percent or less of the purchase price, or specifying the amount or maximum amount that each vendor will pay; and: * disclose in writing to each customer, at least annually, and to the Secretary of HHS upon request, the amount of contract administrative fees received from each vendor with respect to purchases made by or on behalf of the customer.[Footnote 22] GPOs that meet the safe harbor's requirements are allowed to collect contract administrative fees from vendors, which could otherwise be considered unlawful under the Anti-Kickback statute. The safe harbor provision and regulation do not require HHS-OIG to routinely review or monitor GPO written agreements and disclosures. However, HHS-OIG has the authority to investigate potential violations of the Anti-Kickback statute. HHS-OIG also has the authority to impose administrative penalties, including civil money penalties, and exclusion from federal health care programs on GPOs that violate the statute.[Footnote 23] HHS-OIG also may refer such violations to DOJ, which in turn may bring criminal actions against GPOs that it determines to have violated the Anti-Kickback statute.[Footnote 24] Because GPOs do not directly participate in Medicare and, therefore, do not enter provider agreements with the Centers for Medicare & Medicaid Services (CMS), HHS-OIG does not have general oversight authority over GPOs. DOJ and FTC: DOJ and FTC are responsible for enforcing federal antitrust laws, which GPOs are required to follow.[Footnote 25] The agencies have the authority to investigate a GPO's potential violation of federal antitrust laws, identified either through a complaint filed with the agencies, through notification of a merger, or through information obtained through the agencies' own efforts. The agencies have the authority to resolve violations in a number of ways ranging from compliance under a consent order, to an administrative complaint, to filing a criminal or civil suit.[Footnote 26] In addition to its antitrust enforcement authority, DOJ also has the authority to bring criminal actions against GPOs that it determines to have violated the Anti-Kickback statute. DOJ and FTC issued guidance in 1996 that can be used by the agencies, as well as GPOs, to determine whether a particular GPO arrangement is likely to raise antitrust concerns. This guidance, known as Statement 7 of the Statements of Antitrust Enforcement Policy in Health Care, describes an "antitrust safety zone," under which the agencies generally will not challenge GPO or other joint purchasing arrangements that satisfy certain criteria.[Footnote 27] However, the agencies have authority to examine and bring an enforcement action against any conduct that reduces competition, regardless of whether it does or does not fall within the safety zone.[Footnote 28] *The Formation of HGPII: In 2005, nine GPOs, including the five largest, established HGPII following a 2004 congressional hearing on the federal oversight of GPOs and concerns about their business practices.[Footnote 29] HGPII is focused on promoting best practices and public accountability among its member GPOs. HGPII's governance structure includes a Steering Committee, or governing body comprised of the founding GPO chief executive officers; a Working Group which includes a representative nominated by each of the GPOs on the Steering Committee that monitors the daily activities of the association; and a Coordinator who serves as the executive officer. HHS, DOJ, and FTC Have Overseen Aspects of GPO Activities: According to HHS-OIG officials, since 2004, the office has not routinely exercised its authority to request and review disclosures related to GPOs' contract administrative fees, but it has collected information on GPOs' contract administrative fees while conducting audits of hospitals' cost reports. DOJ and FTC have investigated complaints against GPOs, and we identified one lawsuit filed by DOJ against a GPO in 2007. FTC officials told us the agency has not taken any enforcement action against a GPO since 2004. HHS: HHS-OIG officials told us that, since 2004, the office has not, as a routine matter, requested that GPOs disclose to the Secretary of HHS the amount of contract administrative fees received from each vendor with respect to purchases made by or on behalf of GPOs' customers. While HHS is responsible for enforcing the Anti-Kickback statute, the law and regulation do not require routine monitoring of GPO written agreements and disclosures for possible violations. HHS-OIG officials told us that they have not regularly monitored these disclosures because of limited funding available for the collection of information outside of investigations and audits of specific GPOs. The officials also told us that even if they requested this information from GPOs, the information would not necessarily be sufficient to determine whether a GPO violated the Anti-Kickback statute. Although HHS-OIG does not routinely request this information from GPOs, officials told us that they would collect this information during an investigation or an audit. Officials from HHS-OIG also told us that, since 2004, it participated in two case investigations with DOJ that involved allegations that certain GPOs did not comply with safe harbor requirements and violated the Anti-Kickback statute.[Footnote 30] HHS-OIG officials told us that, in audits conducted prior to one of the case investigations, they exercised their authority to request the amounts of administrative fees paid to GPOs and copies of GPO contracts with customers. However, this occurred prior to 2004.[Footnote 31] Officials told us that HHS-OIG has not imposed administrative penalties on any GPOs since 2004.[Footnote 32] While HHS-OIG has not routinely exercised its authority to request and review disclosures related to GPOs' contract administrative fees, it has collected information on GPOs' contract administrative fees while conducting audits of hospitals' cost reports. HHS-OIG conducted two audits in 2005 in which it reviewed the contract administrative fees that six national GPOs received from vendors and how selected customers of the GPOs accounted for revenue distributions from the GPOs on their Medicare cost reports.[Footnote 33] The cost reports are used, in part, to set payment rates for Medicare. HHS-OIG found that some of the GPO customers did not fully account for revenue distributions from the GPOs on their Medicare cost reports. For example, in a January 2005 report, HHS-OIG reported that none of the 21 GPO customers it reviewed fully accounted for revenue distributions they received from the GPOs on their Medicare cost reports--while customers of one GPO offset 92 percent of distributions, customers of another GPO offset only 54 percent. HHS-OIG reported that in total, the 21 customers offset on their Medicare cost reports $200 million of the $255 million distributed by the GPOs. In addition, in May 2005, HHS-OIG reported that one of the seven health care systems it reviewed--representing 6 of the 38 hospitals reviewed--also did not fully account for distributions from GPOs on its cost reports. HHS-OIG reported that as a result, contract administrative fees of about $5 million out of $123 million were not offset on Medicare cost reports. In response to these findings, HHS-OIG recommended that CMS provide specific guidance on the proper treatment of revenue distributions received from GPOs on Medicare costs reports. CMS issued an update to its provider manual specifying that these distributions must be properly accounted for on the cost reports. Officials from HHS-OIG told us that, since 2005, they have not conducted additional audits to determine the adequacy of GPOs' customers' reporting of the revenue distributions from national GPOs on their Medicare cost reports. [Footnote 34] In addition to these audits, HHS issued a proposed rule on December 14, 2011, that describes procedures for GPOs to report information to HHS on ownership and investment interests in GPOs held by physicians. HHS was required by the Patient Protection and Affordable Care Act to establish these procedures, and granted this authority to CMS, an agency within HHS.[Footnote 35] DOJ and FTC: DOJ and FTC are responsible for enforcing federal antitrust laws and have investigated complaints against GPOs. We identified one lawsuit filed by DOJ against a GPO, while FTC officials told us the agency has not taken any enforcement action against a GPO since 2004. In 2007, DOJ challenged actions by a GPO for temporary nursing services and its member hospitals, alleging that the GPO caused the wages paid to temporary nurses in Arizona to fall below competitive levels.[Footnote 36] In addition to this lawsuit, officials from DOJ said that the agency received a complaint in 2010 from certain medical device manufacturers questioning the general structure of the industry and how the industry operates. According to the officials, although DOJ spoke with the complainants, DOJ did not open an investigation because the complainants did not provide information showing possible anticompetitive behavior. FTC officials noted that their agency generally receives one complaint each year about GPOs. Officials said that while FTC has investigated GPOs to determine whether their behavior was anticompetitive, the agency has not brought any cases to court or issued any consent orders. An FTC official told us that, in order to take enforcement action against a GPO, FTC would need to determine that a GPO violated the law and an enforcement action was in the public interest.[Footnote 37] FTC officials also told us that they do not comment on nonpublic investigations, including GPO mergers; therefore, it is unclear whether the agencies have reviewed potential GPO mergers since 2004.[Footnote 38] While the oversight of GPOs is conducted through the exercise of investigatory authorities of HHS, DOJ, and FTC and does address some of the questions raised about GPOs activities--such as whether GPOs employ potentially anticompetitive business practices--this oversight does not address other key questions that have previously been raised about GPOs' activities. For example, inasmuch as the collection of contract administrative fees is permitted under the safe harbor provision to the Anti-Kickback statute and safe harbor regulation, this oversight cannot address whether or to what extent these fees create a financial incentive that is inconsistent with GPOs obtaining the lowest prices for their customers. GPOs Continue to Self-Regulate through HGPII: HGPII has continued its activities for GPOs to self-regulate their business practices, and also added some new activities in 2010. As we previously reported, GPOs self-regulate their business practices through HGPII.[Footnote 39] HGPII members continue to be required to follow a set of principles of ethics and business conduct. These include having a written code of business conduct, being accountable to the public by completing an annual public accountability questionnaire, and sharing best practices through an annual forum. As part of its self-governance approach, an HGPII official told us that the association can revoke a GPO's membership if the GPO violates HGPII's standards, although this provision has never been used. As of October 2011, 11 GPOs, including the 5 largest GPOs, were members of HGPII. In order to monitor GPOs' adherence to these principles, HGPII continues to require its members to annually report information on their policies and business practices using a public accountability questionnaire, as we reported in 2010. This questionnaire includes over 100 questions that ask member GPOs to describe, for example, their codes of conduct and conflict of interest policies, policies on contracting practices such as sole-source and bundled product contracts, contract administrative fees, including the reporting of fees to GPOs' customers, their supplier grievance process, and activities to ensure compliance with their policies.[Footnote 40] An HGPII representative first reviews each GPO's questionnaire to ensure that the responses are sufficient and complete, as in 2010.[Footnote 41] The GPOs' responses are then posted to an internal members-only section of the HGPII website for member GPOs to review and comment on before HGPII's analysis of the responses are presented in its annual report which is posted on its website. In its most recent annual report, published in August 2011, HGPII reported that all member GPOs have a written code of conduct and conflict of interest policy, that its members have established standards for open, competitive contracting and policies on sole-source contracts, and that most members annually report vendor fees to customers.[Footnote 42] In order to encourage best practices, HGPII also requires its members to participate in an annual best practices forum to discuss ethical and business conduct practices with other GPO representatives and with representatives from other organizations. HGPII's 2011 best practices forum included sessions on expanding business opportunities for small, disadvantaged, and diverse vendors, trends in organizational ethics, current health care policy and legislative issues, and compliance programs. This forum also included a panel of representatives from six vendors who spoke about their experiences with GPOs. Subsequent to our 2010 report, HGPII officials told us that the association formed an ethics advisory council to provide advice to its steering committee and member GPOs on compliance best practices and other HGPII activities. Three individuals with experience in business ethics were designated by an HGPII internal committee to serve on its advisory council for no longer than 4 consecutive years.[Footnote 43] While HGPII requires the advisory council to participate in its annual best practices forum, as well as provide advice on best practices, an HGPII official told us that the specific roles of the advisory council have not yet been defined. To address the concerns of vendors, HGPII also created a vendor grievance process in 2010 that allows complaints to be reviewed by a third party provided by the American Arbitration Association if a vendor is unsatisfied with a GPO's decision resulting from its formal grievance process.[Footnote 44] If the third party determines that a GPO's contract process was not followed and as a result, the vendor was denied a contract award, HGPII documentation states that member GPOs must: (1) bid or rebid the product, (2) award a contract to the vendor, or (3) provide the finding to its member council to reevaluate the award decision. The HGPII Coordinator may review and discuss a third party's finding with the member GPO if the finding indicates the GPO did not meet HGPII's principles, or engaged in conduct that is not in the best interest of the organization; however, while the Coordinator may take action against the member GPO pursuant to HGPII's bylaws, such as revoking the GPO's membership in HGPII, the GPO is not bound by the third party's decision. HGPII requires its members to annually report in its public accountability questionnaire information on their grievance processes, including the outcomes of any grievance evaluated through HGPII's vendor grievance process. This information is to be summarized and made publicly available in HGPII's annual public report. An HGPII official told us that as of October 2011, the organization had not yet received any complaints. In addition, a representative of small medical device manufacturers that we interviewed was unaware that there was a new vendor grievance process at HGPII. Agency and Third Party Comments: We provided a draft of this report to HHS, DOJ, and FTC for comment. We also provided sections of the draft report to HGPII for comment. HHS, DOJ, and HGPII provided technical comments that were incorporated, as appropriate. FTC responded that it did not have any comments on the draft report. As agreed with your offices, unless you publicly announce the contents of this report earlier, we plan no further distribution until 30 days from the report date. At that time, we will send copies to the Secretaries of the Department of Health and Human Services, and Federal Trade Commission, and to the Attorney General of the United States. In addition, the report will be available at no charge on GAO's website at [hyperlink, http://www.gao.gov]. If you or your staff have any questions about this report, please contact me at (202) 512-7114 or kohnl@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. Major contributors to this report were Kristi Peterson, Assistant Director; Kelly DeMots; Krister Friday; Sandra George; and Kristin Helfer Koester. Signed by: Linda T. Kohn: Director, Health Care: Enclosure: [End of section] Enclosure I: Medicare's Payment Systems Indirectly Account for Prices Hospitals Pay for Products Purchased through Group Purchasing Organizations (GPO): Medicare's inpatient and outpatient payment systems indirectly account for the costs of medical supplies and services hospitals purchase through GPO contracts. This occurs when annual reviews are done by the Medicare Payment Advisory Commission (MedPAC) to assess the adequacy of payment rates to hospitals and to determine whether the payment rates should be increased.[Footnote 45] These analyses rely, in part, on information reported by hospitals that reflect their costs of medical supplies, including those purchased through GPOs. However, the potential impact of GPOs--whether they reduce or inflate the costs of the products and services that hospitals purchase through them--does not occur immediately, but gets incorporated into payment rates over time. Furthermore, the effect of GPOs is not isolated from other factors affecting the costs of care. Hospital Payments under Prospective Payment: Most hospitals are reimbursed under Medicare's prospective payment systems. For inpatient care, acute care hospitals are paid under the Inpatient Prospective Payment System (IPPS).[Footnote 46] For hospitals paid under IPPS, Medicare pays for each hospital stay using a fixed, predetermined payment amount that is based on classifying patients into 751 groupings known as Medicare-severity diagnosis- related groups (MS-DRGs). These groupings classify patients based on similar clinical conditions and the expected amount of required hospital resources.[Footnote 47] The actual payment is derived from the product of local area wage-adjusted "base rates," which reflect the operating and capital costs that efficient hospitals would be expected to incur in furnishing covered inpatient services, and a relative weight, which is the average costliness of a hospital stay for patients in the same MS-DRG compared to the average Medicare case. Payments to a hospital are also adjusted for other applicable factors, such as graduate medical education or the provision of services to a disproportionate share of low-income patients. The Centers for Medicare & Medicaid Services (CMS) recalibrates the MS-DRG weights annually, but this recalibration does not affect overall payments. For outpatient services, hospitals are also paid using a prospective payment system. Outpatient payment rates are based on ambulatory payment classifications (APC), a system that classifies services based on their similarity in terms of clinical characteristics and cost. For each of the approximately 800 APCs, Medicare makes a single bundled payment for the primary service and any ancillary or supportive services.[Footnote 48] For example, the APC payment for a pacemaker implantation procedure represents a bundled payment for the pacemaker device, routine supplies, and the operating or procedure room. The APC relative weight measures the resource requirements of the service and is based on the median cost of services in the APC. CMS updates APC weights annually to account for any changes in the cost of outpatient care. An APC payment is calculated by multiplying an APC relative weight by the conversion factor, a dollar amount that translates the relative weight into dollar amounts. Annually, MedPAC assesses the adequacy of Medicare payments and recommends to Congress whether base payment rates should be changed. MedPAC's general approach is to ensure enough funding is available to ensure payments are adequate to cover the costs of an efficient provider and to improve payment accuracy among services and providers. Among several factors considered in this assessment are Medicare payment and provider costs for the current year using information reported by hospitals to CMS on their cost reports in order to examine the relationship between payments and costs. The annual assessment of payment adequacy also considers whether payments should be updated for the coming year based on anticipated changes in costs. One of the factors considered is input prices, measured using a market basket index, which measures the price increases of goods and services hospitals buy to produce patient care. The market basket index approximates how much a provider's costs would change in the coming year if the quality and mix of inputs used to furnish care remained constant. Potential Effect of GPOs on Medicare Payments to Hospitals: There are three ways that GPO activities could potentially affect payments to hospitals. The first way is through the annual recalibration of the weights for each MS-DRG or APC. To the extent that the prices for products and services negotiated by GPOs reduce or inflate medical costs, the relative weights for MS-DRGs or APCs could be affected. As noted, the recalibration of weights is part of improving accuracy of payment, but does not change overall payments. Furthermore, this assessment does not isolate the effect of GPOs but looks generally at the weights for MS-DRGs and APCs. The second way that the potential impact of GPOs is incorporated into Medicare payment methods is through the inclusion of GPO revenue distributions to hospitals on the hospital cost reports. However, the GPO revenue distributions are included with other nonpatient care revenue. According to CMS policy, cost reports are to reflect adjustments, such as purchase discounts, allowances, rebates, and revenues from administrative fees, including those from GPOs. GPO revenue distributions to hospitals are considered a reduction in the cost of care. When MedPAC conducts its annual assessment of base payment adequacy, it looks at the relationship between payments and costs. Because the inclusion of GPO revenue distributions potentially changes hospitals' reported costs, these distributions may affect analyses of the adequacy of payment rates. As this report notes, the six largest GPOs provided total revenue distributions to hospitals of $1.1 billion in 2008. The third way that the potential impact of GPOs is incorporated into Medicare payment methods is through MedPAC's annual assessments of changes in the costs of providing care to help determine whether payments should be increased. One component of the market basket index is goods and services hospitals buy. To the extent that GPOs' effect on the prices that hospitals pay disproportionately affects some cost categories more than others, the weights applied to the market basket elements could change. This, in turn, could have an impact on the overall estimated change in the cost of the market basket. [End of Enclosure] Footnotes: [1] Medicare is the federal health care financing program for the elderly and disabled individuals and individuals with end stage renal disease. Medicaid is the joint federal-state health care financing program for certain categories of low-income individuals. [2] A stent is a device used to provide support for tubular structures like blood vessels. It can be made of rigid wire mesh or may be a metal wire or tube. [3] The Anti-Kickback statute prohibits the knowing or willful solicitation, receipt, offer, or payment of fees, or other remuneration, to induce the purchase of an item or service for which payment may be made under a federal health care program. See 42 U.S.C. § 1320a-7b(b) (2006). [4] Examples of potentially anticompetitive business practices include contracting with only one vendor for a given product when multiple vendors of comparable products are available; linking price discounts to purchases of a specified group of products; and limiting customer access to new and innovative technology. [5] See GAO, Group Purchasing Organizations: Use of Contracting Processes and Strategies to Award Contracts for Medical-Surgical Products, [hyperlink, http://www.gao.gov/products/GAO-03-998T] (Washington, D.C.: July 16, 2003). [6] See GAO, Group Purchasing Organizations: Research on Their Pricing Impact on Health Care Providers, [hyperlink, http://www.gao.gov/products/GAO-10-323R] (Washington, D.C.: Jan. 29, 2010). [7] See GAO, Group Purchasing Organizations: Services Provided to Customers and Initiatives Regarding Their Business Practices, [hyperlink, http://www.gao.gov/products/GAO-10-738] (Washington D.C.: Aug. 24, 2010). [8] HHS Office of Inspector General is specifically responsible for enforcing the Anti-Kickback statute, in conjunction with the Department of Justice. [9] [hyperlink, http://www.gao.gov/products/GAO-10-738]. [10] Healthcare Supply Chain Association, Frequently Asked Questions, accessed Dec. 14, 2011, [hyperlink, http://www.supplychainassociation.org/?page=FAQ]. Healthcare Supply Chain Association, A Primer on Group Purchasing Organizations, accessed Dec. 14, 2011, [hyperlink, http://www.supplychainassociation.org/?page=GPO101]. The Healthcare Supply Chain Association changed its name from the Health Industry Group Purchasing Association in October 2011. [11] Healthcare Supply Chain Association, Frequently Asked Questions, accessed Dec. 14, 2011, [hyperlink, http://www.supplychainassociation.org/?page=FAQ]. [12] Health Industry Distributors Association, Group Purchasing Organization & Integrated Delivery Network: Market Brief (Alexandria, Va.: July 2009). [13] For example, in 2007, Consorta became an equity owner in HealthTrust Purchasing Group (HealthTrust). HealthTrust took over the purchasing services for Consorta. In addition, in 2010, MedAssets purchased The Broadlane Group. MedAssets' purchasing volume increased from about $24 billion in 2009 to $45 billion in 2011. [14] [hyperlink, http://www.gao.gov/products/GAO-10-738]. [15] GPOs vary in their organizational and ownership structures. For example, while some GPOs are owned by their customers--which include hospitals and other health care providers--other GPOs do not have an ownership relationship with their customers. [16] A rebate is a form of a discount provided by vendors to GPO customers following the purchase of products and services. [17] Medicare-certified institutional providers, such as hospitals, are required to submit certain information using Medicare cost reports. Federal regulation and policy require GPO customers to offset purchase discounts, allowances, and refunds of expenses against expenses on their Medicare cost reports. See 42 C.F.R. § 413.98 (2010); Provider Reimbursement Manual, Part I, § 805 (Dec. 2011). [18] HHS-OIG shares this responsibility with DOJ. [19] The statute specifically prohibits the knowing or willful solicitation, receipt, offer, or payment of fees, or other remuneration, to induce the purchase of an item or service for which payment may be made under a federal health care program. [20] Omnibus Budget Reconciliation Act of 1986, Pub. L. No. 99-509, § 9321(a), 100 Stat. 1874, 2016 (codified at 42 U.S.C. § 1320a- 7b(b)(3)(C) (2006)). [21] See 42 C.F.R. § 1001.952(j) (2010). In 1987, Congress directed HHS to issue regulations designating safe harbors for various payment and business practices that would be protected from enforcement under the Anti-Kickback statute, including GPOs. Medicare and Medicaid Patient and Program Protection Act of 1987, Pub. L. No. 100-93, § 14, 101 Stat. 680, 697. HHS-OIG refers to the statutory provision as an "exception" and the regulation as a "safe harbor." In this report, we refer to each as a "safe harbor." [22] To be eligible for safe harbor protection, a GPO may not wholly own any Medicare, Medicaid, or other federal health care program provider or supplier for which it is acting as a purchasing agent, nor may it be the wholly owned subsidiary of a parent corporation that wholly owns such a provider or supplier, either directly or indirectly. See 42 C.F.R. § 1001.952(j) (2010). GPOs that are uncertain as to whether their arrangements qualify for safe harbor protection may request an advisory opinion from HHS-OIG. 42 U.S.C. § 1320a-7d(b) (2006). [23] See 42 U.S.C. §§ 1320a-7(b)(7), 1320a-7a(a)(7) (2006). [24] DOJ also may bring civil actions against GPOs that violate the Anti-Kickback statute under the False Claims Act. The False Claims Act is a federal fraud and abuse law that prohibits knowingly presenting, or causing to be presented, a false or fraudulent claim for federal payment. 31 U.S.C. §§ 3729-3733 (2006). A Medicare claim that results from a kickback may render it false or fraudulent, creating liability under the civil False Claims Act as well as the Anti-Kickback statute. See 31 U.S.C. §§ 3729-3733. [25] The Sherman Act is enforced by DOJ and prohibits restraints of trade and monopolization. See 15 U.S.C. §§ 1-7 (2006). The Federal Trade Commission Act, enforced by FTC, bans unfair methods of competition and unfair or deceptive acts or practices. See 15 U.S.C. §§ 41-58 (2006). The Clayton Act, jointly enforced by DOJ and FTC, regulates mergers and acquisitions, among other things, and gives DOJ and FTC, under the Hart-Scott-Rodino Amendments to the Clayton Act, the authority to review certain proposed mergers before they occur. See 15 U.S.C. §§ 12-27 (2006). [26] A consent order is a voluntary settlement agreement entered into by FTC and an individual or entity that the agency has alleged is engaged in activity that violates the Federal Trade Commission Act or the Clayton Act. See 16 C.F.R. §§ 2.31-2.34 (2010). Voluntary settlement agreements entered into by DOJ, often known as consent decrees, are filed in federal district court to resolve a legal challenge by DOJ and are approved by the court upon a finding that they are in the public interest. 15 U.S.C. § 16 (b)-(h) (2006). [27] DOJ and FTC, Statements of Antitrust Enforcement in Health Care, Statement 7: Enforcement Policy on Joint Purchasing Arrangements Among Health Care Providers (Washington, D.C.: August 1996). Essentially, the criteria are as follows: (1) purchases through the GPO account for less than 35 percent of the total sales of the product in the relevant market, and (2) the cost of the products purchased through the GPO accounts for less than 20 percent of the total revenues from all products sold by each GPO customer. [28] In addition to these enforcement authorities, DOJ and FTC, in certain circumstances, may be asked to review proposed business conduct and state the agencies' present enforcement intentions. DOJ issues such statements through business review letters; FTC issues such statements through advisory opinions. 28 C.F.R. § 50.6 (2010); 16 C.F.R. § 1.1 (2010). [29] Hospital Group Purchasing: How to Maintain Innovation and Cost Savings, Committee on the Judiciary, Subcommittee on Antitrust, Competition Policy and Consumer Rights, U.S. Senate, 108TH Cong. September 14, 2004. [30] U.S. ex rel. Westmoreland v. Amgen, Inc. et al., No. 1:2006-cv- 10972 (D. Mass. Sept. 15, 2011) (ordering case closed without entry of judgment); U.S. ex rel. Fitzgerald v. Novation, LLC et al., No. 3:03- cv-1589 (N.D. Tex. Apr. 9, 2010) (order granting dismissal of claims as a result of parties' settlement agreement). Both lawsuits were brought by private citizens on behalf of the United States under the False Claims Act. DOJ may intervene in such an action, known as a "qui tam" action, and litigate the case along with the private party; in each of these cases, DOJ declined to intervene. [31] The U.S. Attorney's Office for the Northern District of Texas opened a criminal inquiry in March 2003 into the business practices of a GPO as a result of a referral by HHS-OIG. The government's investigation terminated in late 2007. [32] HHS-OIG is also required to issue advisory opinions, in consultation with DOJ, to GPOs and other organizations that request guidance on the applicability of the Anti-Kickback statute and safe harbor regulations to their business arrangement. Agency officials told us that HHS-OIG has issued one advisory opinion regarding GPO arrangements or activities since 2004. This advisory opinion, issued in March 2012, stated that although the proposed GPO arrangement could potentially generate prohibited remuneration under the Anti-Kickback statute, HHS-OIG would not impose administrative sanctions on the GPO because the proposed arrangement presents an acceptably low risk of fraud and abuse in connection with the Anti-Kickback statute. Department of Health and Human Services Office of Inspector General, OIG Advisory Opinion No. 12-01 (issued Mar. 8, 2012). [33] See Department of Health and Human Services Office of Inspector General, Review of Revenue From Vendors at Three Group Purchasing Organizations and Their Members (A-05-03-00074 (Washington, D.C.: January 2005)) and Review of Revenue From Vendors at Three Additional Group Purchasing Organizations and Their Members (A-05-04-00073 (Washington, D.C.: May 2005)). [34] Officials from HHS-OIG told us that they issued a restricted report in 2006 regarding the revenue distributions for regional GPOs. [35] See Patient Protection and Affordable Care Act, Pub. L. No. 111- 148, § 6002, 124 Stat. 119, 689 (2010). GPOs and pharmaceutical and medical device manufacturers are required to report certain information regarding the ownership or investment interest held by a physician in the GPO or manufacturer to the Secretary of HHS annually beginning March 31, 2013. [36] The complaint alleged that the GPO and its member hospitals mandated that the member hospitals could only contract with approved nursing staff agencies that agreed to uniform and lower wage rates set by the GPO. In May, 2007, DOJ reached a settlement with the GPO, which prohibits the GPO and its hospital members from agreeing on competitively sensitive contract terms between hospitals and nursing staff agencies, including uniform bill rates paid to nursing staff agencies. The consent decree also prohibits the GPO from circumventing the settlement by engaging in anticompetitive activity, such as boycotts or other discriminatory conduct, against nonparticipating nursing agencies or any hospitals that sought to use them. See U.S. v. Ariz. Hosp. and Healthcare Assn., CV07-1030-PHX (D.Ariz. filed May 22,2007). [37] See 15 U.S.C. § 5(b). [38] Although FTC declined to confirm whether it had reviewed any potential GPO mergers, according to a Federal Register Notice, FTC received advance notice of the MedAssets merger with The Broadlane Group and took action to terminate the statutory premerger waiting period to allow the transaction to occur. 75 Fed. Reg. 69666 (Nov. 15, 2010). FTC and DOJ may terminate the waiting period if neither agency intends to take any enforcement action during the waiting period. [39] In August 2010, we issued a report describing the services provided by six GPOs and the business practice initiatives undertaken by these GPOs in response to questions about their business practices. See [hyperlink, http://www.gao.gov/products/GAO-10-738]. [40] According to HGPII, the first GPO public accountability questionnaires were submitted in 2005. See Healthcare Group Purchasing Industry Initiative, HGPII Sixth Annual Report to the Public, (December 1, 2010 through June 2011) (Washington, D.C.: August 2011). [41] A GPO representative told us that the GPO was asked by HGPII to provide additional detailed information for one of HGPII's questions. [42] In its Sixth Annual Report to the Public, HGPII reports that two GPOs did not report vendor administrative fees since these GPOs are funded through their customers. See HGPII Sixth Annual Report to the Public (December 1, 2010 through June 2011) (Washington, D.C.: August 2011). [43] Under HGPII's Steering Committee's discretion, a member of its Advisory Council may serve longer than 4 years. [44] HGPII defines three types of vendor complaints that may be reviewed: (1) the vendor is notified that it will not receive a GPO contract award prior to the GPO's award announcement, (2) the vendor is notified that it will not receive a GPO contract award concurrently or following the GPO's award announcement, and (3) the vendor is denied a GPO contract award following the submission request for a New Technology contract award. See HGPII Sixth Annual Report to the Public (December 1, 2010 through June 2011) (Washington, D.C.: August 2011). [45] MedPAC is an independent congressional agency established by the Balanced Budget Act of 1997 (P.L. 105-33) to advise Congress on issues affecting the Medicare program. Pub. L. No. 105-33, § 4022, 111 Stat. 251, 350, codified at 42 U.S.C. § 1395b-6. [46] Hospitals not paid under IPPS include, for example, long-term care hospitals and rehabilitation hospitals. [47] MS-DRGs classify inpatient stays according to both patients' clinical conditions (the primary diagnosis along with any secondary illnesses and complications developed during the stay). See GAO, Medicare: Lack of Price Transparency May Hamper Hospitals' Ability to be Prudent Purchasers of Implantable Medical Devices, [hyperlink, http://www.gao.gov/products/GAO-12-126] (Washington, D.C.: Jan. 13, 2012). [48] Physician services are paid for separately. [End of section] GAO’s Mission: The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO’s website [hyperlink, http://www.gao.gov]. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, go to [hyperlink, http://www.gao.gov] and select “E- mail Updates.” Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO: Connect with GAO on facebook, flickr, twitter, and YouTube. Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts. Visit GAO on the web at [hyperlink, http://www.gao.gov]. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; E-mail: fraudnet@gao.gov; Automated answering system: (800) 424-5454 or (202) 512-7470. Congressional Relations: Katherine Siggerud, Managing Director, siggerudk@gao.gov, (202) 512-4400 U.S. Government Accountability Office, 441 G Street NW, Room 7125 Washington, DC 20548. Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, DC 20548.