Out with the Old

In the late 1990s, states were moving fast to overhaul their Medicaid claims processing systems. Driving the transformation was HIPAA, which required numerous changes in managing patient health and records, the most significant of which was protecting patient privacy. Maine, like other states, had to upgrade its systems to better secure Medicaid patient records. Under HIPAA, the state had until October 1, 2002, to have a system in place that would secure and limit access to that information.

At the same time, the federal Medicaid program was becoming more complex. As additional health services were added, the number of codes and subcodes for services grew, and payments to doctors and hospitals were parsed accordingly. Maine also needed to give providers a way to check the eligibility of Medicaid patients and the status of their claims. Making this information available online, they hoped, would cut down on the number of calls to the state Bureau of Medical Services, thereby saving the state money.

State officials knew that upgrading the old system would be a Herculean task. Maine processes more than 120,000 Medicaid claims per week, and the existing claims processing system - a 1970s vintage Honeywell mainframe - was not up to the job, nor could it meet HIPAA's demands or provide online access. The state's IT managers reasoned that a new end-to-end system would be easier and cheaper to maintain. (Other states reached different conclusions. Massachusetts, for example, decided to build a new front-end Web portal for providers and Medicaid patients that could be integrated with the state's existing legacy systems.

The development of the new system was assigned to the IT staff in the DHS, which decided it wanted a system built on a rules-based engine so that as Medicaid rules changed, the changes could be programmed easily into the system.

Some service providers, such as EDS, offered states the opportunity to outsource claims processing systems. But the DHS staff believed building its own system would give it more flexibility. The staff also believed it could manage the system better than an outsourcer. "We had a track record of running the old system for 25 years," Thompson explains.

In April 2001, the state of Maine issued an RFP for the new system. But by the end of the year, the state had received only two proposals: one from Keane (for $US30 million) and another from CNSI (for $US15 million).

Typically, agencies like to see several bids within a close range. That way, procurement officials are confident that the requirements are doable and the bids realistic. In this case, the low bidder, CNSI, had no experience in building Medicaid claims processing systems. In contrast, Keane had some experience in developing Medicaid systems, and the company had worked on the Maine system for Medicaid eligibility.

The paucity of bidders and the 100 percent difference in price between the two bids should have been red flags, says J Davidson Frame, dean of the University of Management and Technology. "Only two bidders is a dangerous sign," he says, adding that the low response rate indicated that potential bidders knew the requirements of the RFP were unreasonable. "Thompson should have realized immediately something was wrong with the solicitation, and redone it," Frame says. "Even if they missed the [HIPAA] deadline, it would have saved time and money in the long run."

The Seeds of Failure

CNSI proposed building the new system with J2EE software language, arguing that it was needed to get the scalability state officials were asking for, according to Hitchings. J2EE is a powerful programming language, the Ferrari of software code, which some of the largest corporations are now using to run their global operations. Experts say deploying such advanced technology, especially in state government, increased the risk in an already risky project. Most Medicaid claims systems contain bundles of code that have been tinkered with for decades to adjust rates, services and rules. Attempting to translate all of that human intelligence, gathered over thousands of person-years, into a system built from the ground up, was, at best, problematic. "It was a big misstep," Frame says.

But Thompson argues that the state was in a corner. Maine's budget was tight. State revenue was dropping, and saving money was critical. Also, the deadline to become compliant with HIPAA was looming, and Thompson decided that the six months that would have been needed to redo the RFP was too much. "We had a requirement to get something in place soon," Thompson says.