LEGISLATIVE ASSEMBLY OF MANITOBA
THE STANDING COMMITTEE ON PUBLIC ACCOUNTS
Monday, June 20, 2022
LOCATION – Winnipeg, Manitoba
CHAIRPERSON – Mr. Jim Maloway (Elmwood)
VICE‑CHAIRPERSON – Mr. James Teitsma (Radisson)
ATTENDANCE – 9 QUORUM – 6
Members of the committee present:
Messrs. Isleifson, Lamont, MLA Lindsey, Messrs. Maloway, Martin, Michaleski, Ms. Naylor, Messrs. Smook, Teitsma
APPEARING:
Mr. Tyson Shtykalo, Auditor General
WITNESSES:
Mr. Richard Groen, Deputy Minister of Finance
Mr. Scott Sinclair, Deputy Minister of Labour, Consumer Protection and Government Services
Ms. Kathryn Durkin‑Chudd, Assistant Deputy Minister, Consumer Protection Division, Department of Labour, Consumer Protection and Government Services (by leave)
Mr. Curtis Peters, Program Manager, Comptrollership and Compliance, Department of Health (by leave)
Ms. Andrea Saj, Provincial Comptroller (by leave)
Ms. Ann Ulusoy, Secretary to Treasury Board (by leave)
MATTERS UNDER CONSIDERATION:
Auditor General's Report – Vital Statistics Agency, dated September 2020
Auditor General's Report – Physicians' Billings, dated January 2021
* * *
Mr. Chairperson: Good morning. Will the Standing Committee on Public Accounts please come to order.
Before we get started with our business today, I would like to inform the committee that a resignation letter from Mr. Nesbitt as Vice‑Chairperson and as a member of the committee was received. Mr. Isleifson is the replacement PAC member for the remainder of this Legislature, and I welcome him to his first meeting this morning.
Our next item of business is the election of a Vice-Chairperson. Are there any nominations?
Mr. Dennis Smook (La Vérendrye): I nominate Mr. Teitsma.
Mr. Chairperson: Thank you. Mr. Teitsma has been nominated.
Are there any other nominations?
Hearing no other nominations, Mr. Teitsma is elected as Vice-Chairperson.
This meeting has been called to consider the following: Auditor General's Report–Vital Statistics Agency, dated September 2020; Auditor General's Report–Physicians' Billings, dated January 2021.
Are there any suggestions from the committee as to what order we should consider the reports and how long we should sit for this morning?
Ms. Lisa Naylor (Wolseley): I propose that we consider the reports in the order that they are listed on the agenda, and that we call the question at 11 o'clock for Vital Statistics and then at 12 o'clock for Physicians' Billings.
Mr. Chairperson: It has been suggested by Ms. Naylor that–as Ms. Naylor–that we follow the reports as it's written. Then we do questions on the first report at 11 o'clock, questions on the second report at 12 o'clock. Agreed?
Mr. Brad Michaleski (Dauphin): Mr. Chair, these are two significant reports. We have a one-hour window on both. I would–you know, I'm not disagreeing with, you know, an hour per report, but a hard ask on that question at 11, I would just say let's have a little bit of latitude at that time. If we're getting into a line of questions, we want to make sure that that gets done.
Mr. Chairperson: Let's–duly noted, and I will test the–[interjection]–oh. So there's a suggestion of a new agreement, that we show some flexibility. [interjection] Yes, revisit–we will revisit at 11 o'clock as to whether we want to proceed that way. Thank you.
* (10:10)
Okay, we will now consider the Auditor General's report titled Vital Statistics Agency, dated September 2020. An action plan was provided by the department, and I table this now.
Does the Auditor General wish to make an opening statement?
Mr. Tyson Shtykalo (Auditor General): I will introduce the staff I have with me this morning: Stacey Wowchuk, assistant auditor general; Wade Bo-Maguire, executive director of IT audit and innovation; and Ganesh Sharma, who was the engagement leader, the principal, on the Vital Stats audit.
Mr. Chair, Vital Statistics plays a critical role in Manitoba, holding millions of records of vital events dating back to 1882. This includes records of births and deaths, among others.
All Manitobans have a vested interest in ensuring this information is properly protected against unauthorized access, use, disclosure or destruction. Failure to offer appropriate protections could compromise the integrity of our vital events information and create significant privacy concerns.
Mr. Chair, in this audit, we found weaknesses in the way the Vital Stats managed vital events information. More specifically, we found the information security controls were in need of improvement. These are controls intended to protect information and information systems against unauthorized access or modification.
We noted there was no regular review of staff access to registry software. Periodically reviewing users' access rights and withdrawing unneeded access ensures access to information is appropriately restricted.
We also noted some weaknesses in the physical security controls intended to protect vital events certificates and documents at the Vital Stats office.
I was encouraged to see there were controls in place to ensure the vital events certificates accurately reflected the information found in the vital events registry. However, the process to ensure the accuracy of the registry information needs improvement.
This report includes 19 recommendations for improvements for managing the security, privacy risks and integrity of vital events information. I'm pleased that the Vital Statistics Branch has accepted the findings of our audit.
In conclusion, I'd like to thank the management and staff at Vital Statistics and everyone we worked with on the audit for both their co‑operation and assistance. I look forward to the discussion today on the report.
Mr. Chairperson: Thank you.
Does the deputy minister wish to make an opening statement, and would they please introduce their staff joining them here today?
Mr. Scott Sinclair (Deputy Minister of Labour, Consumer Protection and Government Services): Thanks for having us today.
I don't have an opening statement other than just to introduce the other staff with me: Kathryn Durkin-Chudd, who's the assistant deputy minister for Consumer Protection, which includes the Vital Statistics program.
Mr. Chairperson: Thank you.
Is there leave to allow the staff introduced in the deputy minister's opening statement to speak on the record, if required? [Agreed]
Before we proceed further, like to present the committee–or remind the committee of the process that is undertaken with regards to outstanding questions. At the end of every meeting, the research officer reviews the Hansard for any outstanding questions that the witness commits to provide an answer to and will draft the questions-pending-response document to send to the deputy minister. Upon receipt of the answers to those questions, the research officer then forwards the responses to every PAC member and to every other member recorded as attending that meeting.
Before we get into questions, I would like to remind members that only questions of an administrative nature are to be placed to the witness and that witnesses–and that policy questions will not be entertained and are better left for another forum.
The floor is now open for questions.
Mr. Michaleski: Thank you for the opportunity to–and everybody for showing up here today to talk about this Vital Statistics report.
There's a lot of stuff in here that concerns me, to say the least, and I guess I just–I'm looking at this report not so much as the details, but just the 30,000‑foot look at what's going on here.
And I'm just–got a bit of a preamble and I just–so that it's clear in my head, I'll just kind of go through it, and if you could correct me or put me in the wrong–on the right track if I'm off, that would be fine.
So we had–up to 1998, there was a paper-based system, and in 1998 there was an introduction of electronic data, and it was sort of converting at that time. So, right now, we have an electronic data system that is going back and forth, I guess, into pre-1998, which may or may not have corrupted information or, you know, because I guess technology can have a way of finding that stuff and reconciling things.
So I look at these timelines, you know, at the 1998 and where we are currently, and, again, new technology–again, I'm not totally familiar, other than I know that there's–in the report they talk about an electronic database proprietary system.
So, but going back into that old data, again, you can find and discover discrepancies. And I think the auditor's report highlights those things, different areas of risk, whether it's mistakes or errors, changing of dates, you know, stuff like that, right. There's a whole lot of suggestion where the database can be corrupted.
So I would say–again, so we're–in the real world right now, we have–of course, I'm hearing my constituents talking about extended delays on receiving information back. So that suggests to me that, you know, it could be an internal problem sorting this stuff out and that there could be issues with the database.
And, of course, the Auditor General's report has highlighted a number of issues regarding management oversight. And, again, that's concerning. But also the point that there was a–essentially a private statement given, and it was on, if I remember the page–but it was from the AG with sensitive information to department and back, and it seems to be not disclosed.
So we have a situation where we have a–major breaches on something that should be Fort Knox. If I'm not–if I'm wrong on that, then I would like clarification on that. But I think the intention of this vital static–it is very, very important data, and there should be protections. And I think, reading through the report, there is potential to leak like a sieve.
So my question, then, is how is this data compromised, and is it useless? And if it is, how do we separate ongoing from this reconciliation of the past, because it can get very–very muddy and difficult to source and find clean data, if that's the case.
Mr. Sinclair: So, thanks for that question.
* (10:20)
So, a couple things–there's a number of things in your question–so, you're talking about overall security of the system, the integrity of the existing data and whether some of that is contributing to service turnaround times, delays, that you're hearing from constituents. So we'll start with the first one.
Manitoba's gone through a process of updating its system and moving from what used to be largely paper records, microfiche, to a digital system. We've gone through the process of digitizing the records, but all the data has not been uploaded to the system, so there's still data in two places.
We are not aware that the data is corrupted or problematic. The information is there. We've no evidence that the data that we have on events of significance is wrong or incorrect. We're also not aware that the system has ever been compromised. There–I think the Auditor General's identified risks where it could be, and we've accepted those recommendations and are working towards trying to address some of those risk points. But we're not aware of a compromise of the data that's happened.
In terms of the delays, we certainly acknowledge that, historically, delays were–or the timelines to process were getting quite significant, although that's improved substantially over the last several months to a year. Those are not related to the system; it's not related to the data model, it's not related to the data system. Those were simply process issues that we needed to modernize, revise, refine, which we've done, and we're–I think we're now looking at–for online submissions we're looking at a week, one-week turnaround for marriage certificates and death certificates; birth certificates I think are about two weeks on that front, which is significantly better than it was.
We still do, as I'm sure you do, get lots of complaints or concerns from citizens that it's still taking longer, and we–typically, we find that the reasons for those delays are not the processing, it's actually the completeness of the information. When we follow up, there's missing information or things weren't filled out correctly, which we work to resolve as fast as we can with the applicants so that we can have that information process in a timely manner.
Mr. Michaleski: Just one follow-up question, and it's regarding the–on page 12, the final paragraph, and it talks about that correspondence between AG's office and the sensitive information.
I appreciate your first answer, I do. But I guess I'm left guessing what of what that sensitive stuff is, right? And I don't think it's explained of what the context of that sensitive information is. So I guess–and if I missed it, point it out to me.
But my question, then, is you have–the response have been–it's a question to the Auditor General as well–if there's sensitive information, like, what responsibilities does the Auditor General have other than reporting it to department? Or if there's something that's not above board, let's say identify 'threft' has been–something has been found, is there a responsibility to go beyond the department if there's any suggestion of criminal activity? Just, you know, because that–very possible that whether it's hacked or internal or a breach of privacy, you know, it could've caused a knowingly criminal activity–could possibly be.
So what does the AG–what's his responsibility, and then what is the department's responsibility? Because it sounded like there was a conversation going back and forth. So what is the responsibility to PAC and the public to ensure that, you know, if there's something going on like that, that we're made aware and we're able to effectively question these things?
Mr. Sinclair: I think the Auditor General's looking to respond to that one, actually.
Mr. Shtykalo: So recommendation 11 in our report, we'd recommended that Vital Statistics Agency promptly implement the security control recommendations presented in our letter to management–believe that's the correspondence that we're speaking about.
We had not–our report did not include any breaches or indications that there was inappropriate access. However, we did note several areas where security could be improved to prevent this. Due to their sensitive nature, we included them in a management letter and provided them to the agency.
When we perform our follow-up on the Vital Statistics audit–we haven't announced the date yet for that follow-up, but when we do, part of that process will be to revisit the recommendations we reported–or we provided in the management letter and include an assessment of that progress on those recommendations in that report.
As the question to what Public Accounts can do at this moment, I believe a question to the department on–without asking for specific risks that have been identified, could, you know, inquire as to the progress on the recommendations made in that management letter and perhaps a timeline for completion, if not already completed.
Ms. Naylor: I think it's worth continuing to pursue some of the security questions, but I'm going to jump to the wait-list issue and thank you folks for being here today.
I'd like to–you've referenced that the backlog has been significantly cleared at this point. I'd like to get more details on that. I've been an MLA for not quite three years, and from the time I've been elected, I've been hearing about the backlog from constituents. It's been a significant issue.
So, when you talk about the backlog being cleared, I'd like to understand, like, has it been in good shape for two weeks, two months? Like, what's the–how–and how has that happened? Like, what has made the difference?
And as part of that question, I'd like you to separate out the backlog for the registrations of vital events and the actual issuing of certificates, because my understanding is, from what I'm hearing in the community, is that there's still a significant wait for that latter part of the process.
So can you speak to that, please?
Mr. Sinclair: Thanks for that question.
So I agree that this has been a focus and should be a focus of concern for both the committee and for citizens, as it is an important area of establishing identity and other major events.
So I can say as of, you know, April 22nd, 99.99 per cent of the backlog was cleared. So at one point there was 25,601 applications that needed–and those have completely been addressed and caught up. As a result, we're striving towards and maintaining our two-week turnaround, which we continue to meet, particularly for online applications.
I'll just note for the member that we do post online now the turnaround time. The information I have here–and it's on our website–goes back to the first week of May, which shows the average turnaround time ranging anywhere from 2.3 weeks down to a low of one point–or one week about last week, so the times continue to come down.
We did start posting this information publicly November 2021, so this information's been publicly available, holds us accountable and makes sure that the public has an awareness of the time it takes to register events.
In terms of issuing certificates, we are ahead–excuse me–we are ahead this year from where we were last year. We continue to make improvements. We can continue to make improvements in that area, but significant process improvements have been made with, you know, at least a 25 per cent increase in the rate at which we're issuing certificates going forward.
Ms. Naylor: So I didn't really hear in there how long people are waiting for the issuance of certificates.
So I heard a 25 per cent improvement, but I'd like to know the average that people are waiting, and I'd like to understand what steps were taken to clear that–to clear the backlog that you described and how do we know that it will continue to stay clear.
* (10:30)
Like, how–what has changed in the department so that things can be processed in a timely manner?
Mr. Sinclair: So, the information that I shared in terms of the turnaround times, that was the time to issue the certificate. So it takes a week to issue the certificate. It's the registration issue–where we're having–we continue to make improvements, but that's also from the registration of a no-error application.
One of the challenges that we have and one of the public communication piece we're having is to improve the error rate of the applications. We do see a significant number of applications received with errors, which takes obviously more time back and forth with the individual client. It slows down the overall process, it slows down the individual transaction.
So I see the casework that you see that's passed through to my office, and often the response back to myself and the individual looking for it is there is an error in the original application that requires remediation.
So we do need to do more work to ensure that people are filling out the application fully, completely and correctly. We can't process a registration for obvious purposes when it contains errors or missing information. So that contributes to the overall process that people are experiencing. But once we have an application that's fully completed, as of last week we were issuing certificates one week out.
In terms of the steps that were taken to address the backlog–and I think you implied in your question–was how do we know we're not going to go back there–what have we done to do that? That was part of a significant review of how the processes were undertaken. The Vital Statistics area was–has been around for a long period of time and had–like most organizations, you get into a state of we've always done it this way and a process that we'd–that would always happen.
We reviewed all of our processes. We implemented a process improvement regime to ensure that those processes were, you know, as effective and efficient as they could be, as streamlined as they could be. We removed elements of the process that weren't adding value or were holding back the timing of that.
That continues to be the focus of the branch. That is not a one-time event. It's an–it's a culture change for an ongoing process improvement. The branch is continually reviewing its processes to ensure that they are as effective and efficient as possible so that we can deliver Manitobans the services that they need and ensure that we do have–that can keep the turnaround times that we have.
As I think we get into–I anticipate some of the questions we will get into, which is around the IT piece. We continue to look at how can we modernize the process through IT investments and we are continuing to plan for and implement some IT improvements to ensure that we have a more digital–2022 digital experience for people to apply.
Mr. Shannon Martin (McPhillips): Just–questions related around–to the security of the data insofar as the inputting of the data. I noticed that the Auditor General had previously suggested or made the recommendation that no single user is able to complete a transaction form from beginning to end.
Obviously, on one hand, you could see where that might, you know, lengthen the process. Although I would think, though, that the implementation of that policy would have more to do with the security of the information and in ensuring the integrity.
So I just want to know whether or not Vital Statistics has made that implementation.
Mr. Sinclair: So, thanks for asking the question.
And as I was getting ready for this, I had the same reaction, which is when you segregate responsibilities, it adds extra steps. However, we recognize the importance of those segregations. Those extra steps are important to ensure the integrity and the protection of the process.
I'm happy to report that that recommendation is on track. We have implemented a dynamic registry permission system where there is segregation responsibilities and no one person can take an event from beginning to end. The appropriate hand-offs have been identified and the segregation of those duties have been put in place.
There is still additional work to do in terms of eliminating some profiles, and we expect to have that done by fall of this year.
Mr. Martin: Now an external security question: In the media we've been reading and seeing more and more about ransomware attacks on hospitals, on schools, on large corporations that, in a lot of instances, actually, they go unreported due to the embarrassment of the facilities and that, and just the willing–or urge just to be done with it.
I'm just wondering, how do you see Vital Statistics–oh, what's the word I'm looking for–are you prepared for a ransomware attack? Do you have the necessary software in place and–to protect your data and, more importantly, to protect Manitobans?
Mr. Sinclair: A very good question in terms of preparedness for cybersecurity, and that doesn't just affect Vital Stats, it's a concern for all of our systems. The provincial government holds information and records and systems that touch many parts of our lives, which includes holding very critical personal information.
Manitoba has recently taken steps to establish what's known as the Manitoba centre for cybersecurity so that we can be in front of and on top of cybersecurity threats as they emerge. We are taking a whole-of-the-public-sector perspective and approach to this. We aren't looking at just one program. We're looking at the entirety of it, including how secure are our partners in terms of our Crown corporations or other reporting entities, including school divisions and the health-care sector and trying to ensure that we have as robust a cybersecurity program as possible.
The Vital Statistics Branch is a part of that program. It's within the Department of Labour, Consumer Protection and Government Services, so it's covered by that approach in terms of ensuring cybersecurity protection. That's not to say that we aren't always concerned about where we are in cybersecurity. We don't speak of or talk too publicly in terms of where we're at, not because we're trying to hide anything or anything, we just–two reasons: we don't want to talk about how we approach things to provide the blueprint for the bad guys, so to speak, to understand as to where we may or may not have vulnerabilities; and we also understand that the cyber-criminal world reacts to–or they make choices about where they target based on how confident one organization will be publicly around it. It's essentially waving a red flag in front of the bull.
So we do try to keep this close to our chest for good reasons. But that does not mean that we are not fully engaged in this, worried about it, looking at it, staying on top of it and making the right investments and protecting Manitobans' information.
Mr. Len Isleifson (Brandon East): So I know we've already talked about a lot of this already, but 'identifee'–pardon me–identity theft is a very serious issue. I know one in five Canadians are affected by identity theft at some point, including myself. And I understand that you've been doing a lot of work in mitigating the risk factors. And I would love to know the details, but I also understand where you're at in that area.
But I'm wondering if you have completed the process that you're going through as part of the recommendation in putting in place processes to mitigate that risk. And at the same time–and, again, in my case, I only found out about my identity theft when I found out fraudulent activities were going on. I was never notified where it happened to this day. I have no idea where the incident occurred. All I know is that three police departments are working hard for me right now in trying to figure it all out.
And so I'm just wondering if the department has any reporting function or a policy of notification that breaches have occurred if, unfortunately, they ever do happen.
Mr. Sinclair: Yes, so I think my first comment is that the Auditor General's report has gone a long way to give us a roadmap as to what we need to do in terms of providing protections and security and safety of the information that we hold in terms of the events that we register.
Just note that the responsibility of the Vital Statistics Branch is to register events and issue documentation around those events, but we don't have a lifelong relationship with the individual once those events are registered and the certificates–or certifications of that are provided. Once that information is out of the public domain, it becomes the responsibility of the individual to protect that information.
* (10:40)
Having said that, we–you know, part of what the Auditor General's report covers off, as well as what we're doing internally, is to ensure that the processes that we're responsible for don't contribute to a potential breach of information or theft of one's identity.
Particularly, recommendation No. 1, which is to conduct a comprehensive risk assessment, identify and assess the risks associated with vital events: that's a recommendation that is–that we've undertaken and it's on track. It's not completed. I'd also suggest it will never be completed. There will continually be something that we need to do to–as a part of that continuous improvement process I spoke about, as well as ensuring that the information is protected, that those risk assessments will continue to be done going forward.
If there were to be a–if the information were to be compromised within the system that we hold–so, for events that have been registered, that are in our system–if there was a breach around that, we would have obligations to report that to the Ombudsman, like any other program does in terms of an obligation or report a breach of personal information to the Ombudsman, and then would work with the Ombudsman office to communicate to those individuals whose information was breached in that and then find remediation to address that.
But unless the information was stolen or breached from within our system, we wouldn't have awareness and knowledge, and we have no notification capabilities to be able to go to somebody and say, hey, your identity's been breached. I think my understanding from it–I have–similar situation, although I know what happened; I lost–or somebody stole my wallet, and that's where it went–it typically happens through the credit cards and your SIN number, which are pieces that are outside of our responsibility, but.
Mr. Dougald Lamont (St. Boniface): Thank you very much for coming today.
I'll just start with a question about the backlogs, just because I think in terms of the–I mean, I guess it's been suggested that one of the reasons it's happening is because there were errors in application forms and so on. So–but in dealing with requests from the public, from constituents, it–you know, I think that there was an enormous growth in the backlog which couldn't–I don't think could be explained just by that alone, just by the fact that there were more mistakes in.
So I guess I–what are the steps that are being taken specifically to reduce that–are there steps being taken to, say, to correct these things at the time, to make applications easier? Are–is there a particular stumbling block or area where the same mistakes keep happening in terms of forms? If you could just explain what the specifics of sort of streamlining that process is looking–has looked like and where we're at.
Mr. Sinclair: Yes, thanks for that question.
So, just clarify one thing. So, the backlog is gone. I–and my comments weren't about–in terms of the errors leading–that's not–I wasn't suggesting that created the backlog. I think what I was suggesting was the frustrations that people see in terms of taking longer than they would like to see their applications is typically an issue with respect to the completeness of the application. That's a go-forward piece for our current time.
The backlog came about for a bunch of reasons that I'm not sure we have enough time to go into today. We got to a point, recognized that that was unacceptable, implemented these processes to ensure that that was cleared. Backlog is definitely now cleared.
Just by way of example, you know, as of, you know, six months ago we had almost 7,000 applications in the queue, so to speak, waiting to be processed. As of this week, we had under 1,000. So we're moving them through quickly. We're–we don't have nearly as many to process as we once did.
In terms of the–what are we–steps are we taking to ensure that we're helping citizens to complete an application fully and completely so that they can turn these around quickly within the two-week target or even within the one week that we're achieving right now, the primary approach that will be a move to a digital–I'm not going to say only–our preference would be only–but primarily digital platform.
I think everybody's aware that when you submit applications online, there's an ability to prevent you from moving forward if there's missing information or incorrect information or information isn't in the right format. We find in other areas where we have digital applications that it improves both the completeness and the accuracy of applications as well as the turnaround time significantly.
But we're also looking–for those individuals that will continue to submit in paper for the time being, we're looking at simplifying that process as much as we can, making it clearer. You know, government has historically over-asked for questions or done things overly complicated, and one of the principles of the process were taking place in a continuous improvement is to, again, not just take out steps that are not adding value, but eliminate questions or information or our processes that are confusing to the individual, that get in the way of doing things in efficient ways.
So, those two things combined will allow us to improve that significantly through a digital application as well as through simplifying the process as much as we possibly can.
Mr. Lamont: Yes, just–I think, if I could, it'd be great, I mean, per the point of view of lessons learned to have a–an–a bit of an understanding of how it went off the rails, so to speak. In part because, you know, clearly, that there had to be corrective steps that had to be taken, this was flagged as an issue.
So, if you could, I mean, I guess, partly for the record, but also so that, for the future, that we know not to do this again, to explain, you know, how we got into the–a little bit about how we got into the backlog and the specific steps that we're taking to recover from it?
Mr. Sinclair: So, again, I'm not sure that I could even, between us, could get into the specifics of that other than to say it was not an organization that focused on efficiency, it was an organization that focused on process and how to do things.
One of the things that we've undertaken, as well as, you know, governments around the world have undertaken, is a commitment to look at processes from a citizen-centric perspective and ensure that we're doing things not because we feel they need to be done that way but because it helps the citizen get the service that they need.
So, you know, I–and I don't mean to gloss over, but I think it's fair to say that we–that the organization got to a place where this–the processes simply were no longer efficient, effective, meeting the needs of citizens. We've undertaken the process to, you know, use lean approaches to review our processes, these tools that we've borrowed from the manufacturing sector that have proven quite effective in ensuring efficiencies there and have done quite well in certain areas in government to ensure that we're much more efficient, particularly in areas that are very process heavy, like Vital Stats, to make those improvements, as well as a culture change, where we've introduced this concept of citizen-first, citizen-centric, and ensuring that we're doing things from the citizen's perspective, and change the culture of the organization so, again, that they're always looking for the opportunities to improve process and improve service delivery times and improve the overall service experience to Manitobans.
So, just an overall–so, the processes weren't efficient, it got to a place where it just simply couldn't keep up with the demand and the way that it was being done. We had to take a break from the past and implement a new way going forward, which I think we've done quite well in terms of meeting timelines. Again, as of this week we're turning around times in one week with a fully complete application.
MLA Tom Lindsey (Flin Flon): So, I just want to follow up a little bit on what Mr. Lamont was asking.
We know that at one point in time, the system seemed to be working. People were getting the certificates in a timely fashion, and then it seems rather suddenly, perhaps, that they weren't getting them. Something changed either within your department or something external to your department that led to the backlog happening.
And you've talked about changing processes to try and rectify that, but what changed at that point in time that really led to that backlog? Were there that many more births and deaths? There has to be something–because you can't fix it if it you don't know what caused it, right?
* (10:50)
So, talk a little bit about the cause that got us to that point that you're still in the process of trying to fix now.
Mr. Sinclair: So I don't think there was any one event that triggered the backlog. I think it's–that this–the backlog didn't just appear one day, that this was a growing problem over a period of time that, you know, year after year, year over year, we got further and further behind. And this issue goes back, you know, a number of years. And I think we just simply got to the point where the weight of the backlog, or the size of the backlog, just caused the system to come to an end and a realization that this could no longer be sustained in this manner.
So it wasn't a–you know, a change was made, all of the sudden applications skyrocketed and–or the backlog skyrocketed and then we had to do something different. We also haven't seen a significant increase in birth or death events–it's outside of the natural growth and change in our population over that period of time. But it's that situation where you just get so over–well, you get to a point of such–being overwhelmed that it begins to, you know, weigh on you, and you just can't dig yourself out of that.
So a decision was made to say, look, we have to change the way we're doing things, we have to improve the way that we're doing things. That really happened in 2021, where we kind of hit our proverbial low point in that situation. And since then, we've had a–seen a significant increase and improvement in turnaround. The backlog's been eliminated, and we're back to a 'timefline' that we're comfortable with.
But there wasn't one event that led to the backlog. The backlog didn't show up overnight or over one year. It was something that accumulated over a significant period of time just due to that inability to look at, critically, how we do work, how we process our applications, how we deliver services to Manitobans, and that happened in the very recent times.
MLA Lindsey: I'm sure there's going to be more questions on that.
But, very specifically, are there different certificates that take different amounts of time? So, a death certificate averages this long, a birth certificate–is there a difference in how the information is received by your department and how the information is processed for each one of those individual certificates that you may issue?
Mr. Sinclair: Yes, so the complication or the process to issue a certificate–be it a birth certificate, a death certificate or otherwise–there are really no difference in terms of the time that it takes us to process or the time that somebody can expect to get one.
Again, I'm going to go back to, really, the time that it takes for an individual to get one right now is going to be tied to, is the application complete or not and did you submit it online or not. If you submit an online application that is free of errors and complete, those we can turn around very quickly. If you are submitting paper records where there's errors, that's going to take much longer.
The–different individuals fill out different applications for the events. Nurses fill out the birth registration at the hospital, or the point of birth if it's a midwife or wherever it is, and funeral directors fill out the death certificates at the funeral homes. So again, that's really where we are spending most of our time, focusing on trying to get people to understand, you know, where we can do better, of getting complete applications.
Just an example of one of the things that we've changed very recently that's improved significantly the ability to turn around applications–right now, we're in a–lots of attention's being focused on marriage certificates, for example, lots of people wanting to get back to weddings. The process was that the minister had to sign off on marriage commissioner–marriage certificates. That was delegated to me under the government organization act. We recently introduced a change to allow that to be delegated down into the branch so that everything wasn't coming on my desk and I was a bottleneck to getting these things done. So, just an example of how we can make some pretty easy changes to improve the turnaround time.
I wasn't adding any value. I didn't know who Jane Smith [phonetic] was in their application. I was just signing off because that was the process. The work is done at the point of the Vital Statistics Branch and–Vital Statistics Agency, and they're much better positioned to do that–so, things that we're doing to improve those turnaround times just by making small changes in the process that have always been.
Mr. Smook: One of the–the question that I had is, you had mentioned that it's taken between–right now, the backlog is down. It's taken a week to two weeks to get certificates out. Now, is that strictly for applications that are filled out properly and that?
And what percentage of applications do you receive that are filled out properly, and is there any specific region on the application that's not getting filled out properly, so–and is there anything being done to try to educate people on how important it is to fill that out properly?
Mr. Sinclair: So, yes.
Just to confirm the first part of your question, yes, that one week to two weeks is for a properly completed, fully completed, error-free application. Obviously, if there's errors, it–every application takes its own pathway at that point in terms of how quickly we can get a hold of the person that was submitting it, who needs to confirm information. If you can imagine, if there's a birth registry event, if the nurse that filled it out may or may not be available at any given time, well, we've got to try to track that person down to fill in some of the information, it can take a little extra time to do that.
In terms of how–what percentage we have to undertake that piece of work to find out how many applications are received error-free and how many are received with error and what those–the nature of those errors are, I'd have to say that there isn't one error that's glaringly saying that this one is always wrong. If we found that, we would be implementing changes.
But we are in regular communication with those key event-registering professionals–again, nurses, funeral directors–to ensure that they are filling out that information as accurately as possible at the point of the registration to reinforce that information–the accuracy of information matters, that we can't move forward with the registration of that event if there's errors in the information. So, we do work as close as we can with those individuals–those organizations that represent those individuals so that they can appreciate and understand the importance of getting the information correct.
Ms. Naylor: Yes, I have a question about the–just another security question.
There had–in the action plan that–we were told that you will be revising internal processes to manually validate an event registrar and that there'd be a plan in place by September 2023.
So I know that that's still a year away, but I would like to know if VSA has a complete list of event registrars and what the process is now for manually validating registrars, including how VSA will evidence that that validation has actually been performed.
Mr. Sinclair: So I'm happy to report that we do have the list completed. The next step is to then implement some of those manual and then automated checks of those pieces which, as you know, we are planning to and still on track to have those implemented in place for 2023.
Ms. Naylor: Thank you for that.
My follow-up question is actually still related to the wait times. I'll just follow-up on the question for my colleagues to my left.
I just want to get from when you were answering my question earlier, my understanding is that the average wait time–barring errors, the average wait time for registration is two weeks and for certificates to be sent out is one week, if I understood correctly. But I–but the website's still showing six to eight weeks for registrations.
* (11:00)
So can you speak to that discrepancy and then–and, like, be really clear, if there's no errors and it's an online application, what is the average time right now?
Mr. Chairperson: Okay. Could I have your attention, please.
It's now 11 o'clock, and we have to revisit what we suggested an hour ago. And the question is, could we have a suggestion from somebody as to how we proceed? We have all–two more people on the list.
Mr. Michaleski: Am I one of those two people?
Mr. Chairperson: You might be, yes.
Mr. Michaleski: Okay. Thank you, Mr. Chair, and I–again, I understand, appreciate the timeline, 11 o'clock.
I have a couple of questions I'd still like to ask, and I would also say that this report–we're just skipping the surface on this report. There's some issues in there that are–we've got action plan talking about–there's some timelines here that are really important.
So I think we need a little bit more room on this, and I would suggest rather than–and I would be willing to accept to get the questions on the record and allow the departments or the AGs a day or two to answer them if–instead of continuing on if we need to. I'm just throwing it out there. And then we can bring it back on record.
But we–you know, I want–I'd like answers fairly promptly, just because we're–we don't have the time. So I'm making that suggestions. But know that I have two questions that I'd like to ask.
Mr. Chairperson: All right. So the suggestion by the member is that anybody who wants to ask questions can ask them, and we would give them two days to respond in writing with the answers.
Would that be acceptable? Is that agreed by the committee? Agreed? [interjection]
So, the deputy minister has suggested that he would like 'til this Friday to provide the answers to the questions. Are we–is that agreed?
An Honourable Member: No, I have a question.
Mr. Chairperson: Mr. Lindsey.
MLA Lindsey: So my question is: If we don't pass the report today, we get to call the deputy minister and the department back?
Is there a reasonable time frame that we could suggest to call the report back to have further discussions as opposed to written submissions?
Mr. Chairperson: So we have to establish, are we going to put questions to the deputy minister and then allow him to respond by the end of the week in writing?
Mr. Michaleski: Mr. Chair, just getting a sense of where this thing's going, and my questions–if I was just asked–able to ask the question with preamble, I might burn up two minutes.
So, you know, and I don't know about everybody else, but just for a frame of reference on this, I don't mind the reply back in two days. I'm a little concerned about the 10-day delay and this report coming back because of things that, I think, are time-sensitive in this report.
Mr. Chairperson: Well, can I suggest to the committee that perhaps we just take some questions from the two members who want to ask them at the moment, anybody else, and maybe it will–people will be satisfied in 10 minutes. [interjection] Yes. So, okay, we can agree then, we'll set another 10 minutes, and we'll try to get as many questions answered as possible, or take it as notice as possible. Mr. Sinclair will decide whether he could answer them in 30 seconds or whether he needs to–time to respond in writing by Friday.
Okay, so are we agreed to that? [Agreed]
Okay, Mr. Michaleski, it's your turn.
Mr. Michaleski: Thank you, Mr.–
An Honourable Member: Wait, sorry. They hadn't answered my question yet.
Mr. Chairperson: Ms. Naylor.
Ms. Naylor: They were in the middle of–
Mr. Chairperson: That's right, yes.
Ms. Naylor: Good try, though.
Mr. Sinclair: I was trying to get my answer together while you were deciding this–I got a little extra time.
So the–so, we post six to eight weeks, so that's the expected interval from the time that you submit to the time that you expect to get your certificate. If we're tracking two weeks on average to issue certificates, then it's about four weeks do the registers.
Two events, that's you have to–we have to register it, and then we certify or issue a certificate around that. So it's about four weeks, roughly, to do that and then two weeks to issue the certificate after that. So that's why the six to eight, there's two pieces that have to happen.
Mr. Chairperson: Ms. Naylor, do you have another question then?
Ms. Naylor: That was my second question, thanks.
Mr. Michaleski: Thank you for the latitude of the timeline on this report, and I do thank everybody for their answers.
Going to go back to my line of questioning and just follow up on some of the comments on my last question, which the Auditor General answered. And you referred me to item No. 11 on the action plan, which, again, without a ton of detail, but it does suggest prompt language–urgency is what's being suggested here on 11. And that is, of course, dealing with implementing security. So, again, that's a pretty big word that could involve a lot of stuff.
So I'm going to ask my question again–one of two questions that, of course, the Auditor General referred me to 11. I'd like a departmental response on that as well, and I'm going to take the advice of the Auditor General here and his direction towards getting an update on No. 11 and ask the department if they can provide a more–11 and relevant action plan has to deal with security measures and the progress of–if you can create and provide this committee a very fulsome report on the progress of where you are on 11 and anything that's related to that, because, again, it's suggesting here urgency in the comments.
So, is that possible?
Mr. Sinclair: So, as I alluded to in some of my previous answers, that many of the security controls that we implement are not things that we want to–or you would want us to–disclose publicly.
* (11:10)
I think there's a way that we could do that on a confidential basis and probably a written report of some sort that we could provide back to the committee about what's actually happened. But, you know, just the nature of this environment and the public nature of the Hansard is probably not ideal to disclose specific details.
I can say, though, that elements of that recommendation that the Auditor General identified were implemented very quickly. So, particularly around some of the elements that were focused on, we've implemented those, and the remainder of those will be in place by September of this year.
But I think we can undertake to provide the information you're looking for, just in a different way other than an oral question in this environment.
Mr. Michaleski: I appreciate that answer, and I completely understand, you know, this–the sensitive nature of this thing. So, again, I very much appreciate–because, again, it gets into, you know, questions of integrity and access and all these things and, anyway, I will just say I appreciate that answer.
On–my second question is regarding the building and that–there's a portion of that in that report. We have a picture of it in the report. It's quite a magnificent-looking building. But today–and I don't know what's needed by Vital Statistics in terms of technology space, data storage, archive, that type of thing, and is that building the right building? Because it–in reading the report, it looks like there's pretty extensive renovations that are required for that, and I think, technology today, probably don't need that building, and I would just say there's probably lots of locations that are suitable, especially if we're going to a digital platform, more that–not saying we don't need physical archives or those types of things, but operationally–see, I suppose you know where I'm going.
What is being talked about in terms of a go-forward plan for the building, operating–there's risks with having one location doing everything, so–and there's, again, platforms, high-security platforms that you can piggyback on top of and all sorts of things.
So, is there anything that you can say go-forward on the building?
Mr. Sinclair: So I can–I–so, the Auditor General looked at not just the IT component or the security, they also looked at the physical security around the operations of Vital Statistics in the province. There were a number of recommendations in that report that spoke to physical security improvements and physical layout improvements that would need to happen at that location.
You're correct, it's an older building, it's a heritage building, it comes with–heritage building status comes with lots of challenges and limitations around that.
Having said that, I–you know, at this juncture, we've moved beyond discussions, we've actually implemented the majority of those physical changes. Those changes and renovations will be completed this week, I believe, or next–[interjection] Oh, we're down to–okay. It's off by about a month, we're looking at first week of August, now, that those will concluded and completed. We're all looking forward to those being done.
The only one that couldn't be implemented as written was the Auditor General did recommend a sprinkler system to–fire suppression system to protect the people and the documents in there. I mention this because of the heritage status of the building, you can't sprinkle that building because of heritage status, but there are other ways that we–have been found to deal with that. So, spirit of the Auditor's recommendation was, I think, achieved through different mechanisms representing and recognizing the heritage nature of that building. So the building itself will be meeting modern standards in terms of its physical layout, security, all those sorts of things.
The question around where do we store and where do we archive, that's a much bigger question that isn't just one for Vital Stats. We are–in my other–rest of my portfolio, that's a piece that we're looking at and following up on fairly significantly as to, where do we store our information? Is it paper-based, is it electronic?
You quite rightly pointed out, majority of our records are moving to an electronic nature, that's a different storage requirement, requires different security. That will be a–that project will address the pieces of the Vital Stats–recognizing that Vital Stats also needs real-time access to its historical information because they need to be able to process if somebody asks for my birth event from 1930, you know, we want to–we need to have access to that in a fairly quick and ready way to do that.
So the issue of where we archive, how we archive and the securities around that is a part of a much bigger project that we're undertaking, that Vital Stats will be a part of.
Mr. Chairperson: We previously agreed to 10 minutes. There is one member left with one more question. So, can we agree to let this member ask the question–his question? [Agreed]
Mr. Lamont, you have the floor.
Mr. Lamont: Yes, I just wanted to ask a question about the fire safety and security, especially at the building, in a couple of ways: (1) I know that it's been flagged and that there are challenges because it's an older building. So if you could talk a bit about what the plans are and how they're progressing in terms of fire safety.
And the other related question is that if you've got a bunch of archives that essentially are paper and some that are digital, where are we at with a secure remote backup, or does such a thing exist, or is it contemplated?
Mr. Sinclair: So, if you'll recall back to an earlier statement I made, that we have digitized the records but we haven't completed the process of uploading them into the system. Once we get that completed, our servers are–they're not on premise, in that language. The Vital Stats doesn't have servers on site.
The servers are a part of our broader network which are in an undisclosed location that is fully secured, protected and with appropriate cooling and fire suppression around that. We don't have our own servers anymore. They are–they're–it's a server that's provided–it's a service that's provided to us in an appropriate, server-managed environment that covers all the security issues that you would expect and hope for.
So, once they're digitized, they'll be in a–with the appropriate backups and all those other things, but.
Mr. Lamont: Where are we at with the fire safety around the building?
Mr. Sinclair: So, again, as I referenced fire–to install a traditional fire suppression mechanism, sprinklers, is not an option within that building. It's–the heritage folks said you can't do it. We are looking at options within our–you know, thankfully or not, I've also got our asset management accommodations piece.
So we're working very closely with the–with our building folks as well as our engineers to identify alternative options that will work within that heritage environment that don't include traditional sprinkled systems. We don't have that solution yet, but it's on our capital plan that once we design the solution that we'll be implementing that one.
Mr. Chairperson: Hearing no further questions or comments, I will now put the question on the report.
Auditor General's report, titled Vital Statistics Agency, dated September 2020–pass.
We now–[interjection] Oh. So, we have to recess at this point for two minutes because we have a switch-out of deputy ministers. Agreed? [Agreed]
The committee recessed at 11:18 a.m.
____________
The committee resumed at 11:26 a.m.
Mr. Chairperson: Will the committee come to order.
We will now consider the Auditor General's report, titled Physicians' Billings, dated January 2021. An action plan was provided by the department, and I table this now.
Ms. Naylor: I have a suggestion that since we're starting the second half of our meeting late, that we would agree to extend this segment until 12:30 to break for lunch.
Mr. Chairperson: It's been suggested by Ms. Naylor that we extend the second session 'til 12:30. Are we agreed? [Agreed]
Does the Auditor General wish to make an opening statement?
Mr. Shtykalo: Mr. Chair, over 3,000 physicians in Manitoba are paid through a fee-for-service process when eligible services are performed on Manitobans. Physicians are paid by Manitoba Health, Seniors and active living with the assumption that these billings are accurate, legitimate and can be supported by records and documents held by the physician.
The process of billing for services is complicated. There are hundreds of tariffs and precise circumstances under which they are allowed. Navigating these circumstances can be a challenge and it's understandable that errors, including overpayments, do occur. Prompt communication and correction of these errors is key to improving performance.
The current economic climate requires more than ever that public funds are spent carefully and in accordance with program guidelines. In situations where it is confirmed that a physician was overpaid, it is important that the department undertakes a prompt recovery of the overpayment. Unfortunately, this step is not being taken.
During the five-year period covered by our audit, the department's audit and investigation unit identified over $1 million in potential overbillings by physicians, and in almost all circumstances the government did not pursue recovery. In fact, we found that just over $10,000 was recovered during this period.
I note that since our audit was conducted, the audit investigations unit has been moved to the comptrollership and compliance unit under the Treasury Board Secretariat. These changes should not diminish the importance of recovering the full amount of overpayments made to physicians.
This report contains six recommendations. I'm pleased that the department agrees with the recommendations and is committed to resolving the issues we identified. I'd like to thank everyone for their co‑operation and accommodation during the course of this audit, and I look forward to the conversation.
Mr. Chairperson: Thank you.
Does the deputy minister wish to make an opening statement, and would he please introduce his staff joining him here today?
* (11:30)
Mr. Richard Groen (Deputy Minister of Finance): I'd like to make an opening statement, and I'll introduce the staff present with me today.
To my right is Curtis Peters. He's the program manager of the comptrollership and compliance unit that the Auditor General just identified in his opening remarks. Behind me to my left is Andrea Saj, the Provincial Comptroller; and behind me to the right is Ann Ulusoy, secretary to Treasury Board.
I would like to thank the committee for the opportunity to provide some brief comments in relation to the actions of the Department of Finance in fiscal year ending March 31st, 2022, in response to the OAG's audit of Physicians' Billings 2021.
Physician remuneration audit is a large expenditure area. It would be the fifth largest department if stand-alone; of approximately $1.3 billion in annual expenditures, of which approximately $850 million are related to fee-for-service billings by medical practitioners.
As reflected in the OAG's report, independent oversight over fee-for-service medical expenditures is very important in the interest of fiscal accountability. In 2021, the Auditor General released its report on physicians' building–billings, which included six recommendations, identifying the need for improvement in the following six areas: audit training, financial risk analysis, transparency, timeliness of the process, enforcement of financial recoveries and strict timelines for the arbitration process.
The report also commented on legislative provisions relating to the audit process in The Health Services Insurance Act and the importance of effectively pursuing audit recoveries.
During the period of the OAG's review and prior to the release of the report in 2021, actions were already being taken to redesign and improve the audit process, to improve the legislative basis of the audit function and to provide independence of the audit function from the physician bargaining process.
Significant amendments were made to The Health Services Insurance Act in 2021 to clarify the minister's legislative authority, which came into effect on January 2022, including authority related to audit recoveries and collection.
As indicated by the Auditor General, in December of 2020, the audit function was relocated from the Department of Health to the Department of Finance in the comptrollership and compliance unit. As a result of these legislative changes and the organizational realignment, the comptrollership and compliance unit has been well positioned to positively respond to the OAG's findings through the design of a fair, consistent and thorough audit process and implementation of the new process and operation of the CCU unit since December 2020.
The CCU has been working closely with stakeholders and physician representatives to ensure that the perspective of Manitoba physicians is appropriately considered and in the interests of ensuring that the audit process is in accordance with the principles of procedural fairness and natural justice.
The creation of the new CCU, with attention to the specific recommendations of the OAG, has resulted in a vastly improved physician billings audit function, which addresses the issues raised by the Auditor General and is anticipated to provide increased billing compliance through effective enforcement and deterrence.
We shall endeavour to answer all questions posed by the committee in relation to the actions taken in relation to the OAG's report. As always, it is possible we may need to take questions as notice and provide a specific response to the question in writing later.
Thank you.
Mr. Chairperson: Is there leave to allow the staff introduced in the deputy minister's opening statement to speak on the record if required? [Agreed]
The floor is now open for questions.
Mr. Isleifson: Thank you for the information in writing. It's easier to follow.
But I do have a question–more looking for your feedback. Since the creation of the CCU and the implementation of Bill 10, where, at that time, I believe your department was very enthusiastic that the Bill 10 would help. Putting those two together, have we seen or have you seen much improvement in the renumeration collection of overbilling since that time?
Mr. Curtis Peters (Program Manager, Comptrollership and Compliance, Department of Health): For a little bit of context and background in relation to–the question was essentially about findings and recoveries since January of 2022, so just in the past few months.
It should be noted that audits take a considerable period of time to complete, and so we have quite a number of audits that are ongoing at the present time. The unit is fairly new and had some backlog of audits from the previous audit unit that we're still in need of completion, and as well as processes that needed to built and designed to get through this somewhat significant and long‑lasting audit process.
So we have a number of audits that are about to result in final findings as a result of all of this work which we expect to, over the next few months, result in findings and recoveries in relation to those audits. All of that pending the arbitration process which can happen as a result of any issuance of findings.
Mr. Isleifson: I know it's new, so I didn't expect results immediately. I was just hoping that you found some benefit in the new department with the new build because it's always nice, moving forward, when you have to be accountable to the public, that you have the proper tools.
And when I talk about the tools, that leads me to my next question with the physicians themselves. We know accidents occur. We know mistakes happen. And I'm just wondering if you have–what you have in place to follow up with a physician when you notify them of a requirement of an overpayment for a reimbursement, what process you have to follow up with them in the future when they make further claims.
* (11:40)
Mr. Peters: So the–just to reframe the question or to reiterate the question, if I may.
The question was to whether or not there are processes in place to follow up with physicians based on the findings of the–of an ongoing or previous audit. And the answer, of course, is yes.
We have been designing our process in such a way that it is an educational process for physicians sort of from the beginning of the process to the end, which includes issuance of preliminary findings before we go to our final findings phase so that physicians can understand the basis on which we are reviewing their information and adjudicating their submissions. This allows them to understand what the framework is of the audit process so that they can understand in the future how better to improve their record keeping so that they can comply with the requirements. This is then reiterated in our final findings after discussions with the physicians to make sure that we have the information correct.
And beyond that, the arbitration process will also be instructive, I believe, to help the physicians understand and help us understand the–what the optimal interpretation is of the contract deliverables that they are subject to when they're billing.
And a final step–and it might be multiple steps–is that if we find significant findings, it is very likely that we will do yet another audit of that physician. So, essentially, up to now, we're working on sort of an initial audit basis, which is a sampling, in a sense, and then if we have significant findings then we will have further audits which will yet provide further instruction to the physicians as to what the expectations are.
MLA Lindsey: So it seems to me that you've identified that there's been substantial financial overbilling. There hasn't been a big move to recover a lot of that. But what's the process? Help me understand that.
There must be some sort of table that says, paid X number of dollars for this service, X number of dollars for that service. How does the mistake get made by the physician or the physician's office that they've overbilled in the first place? Is there a lapse in how the pay is structured in the first place that allows them to bill twice for the same thing or to bill so many hours more for a service that–is there guidelines that set all that out, and how can they then overbill that?
I guess that–simplify it for me.
Mr. Peters: Thank you for the question.
So I'll begin by giving sort of a brief explanation of the physician billing process. I'll try and keep it as concise as possible and then describe how errors might be made in relation to that process.
So every four years, typically, there's a negotiation process that happens between Doctors Manitoba and Manitoba Health. In that negotiation, the terms and conditions of physician remuneration are established, and one of the things that comes from that, that flows from that, is the Manitoba Physician's Manual, which is a tariff guide, essentially a fee schedule for all of the fee‑for-service tariff codes that are used by Manitoba physicians in the province. That Physician's Manual has approximately 4,600 tariffs in it, so it is fairly complex. Of course, it has to–it's tailored somewhat for each of the medical specialties, and it is expected to cover sort of the entire scope of physician practice in Manitoba on a fee-for-service basis. So it's a complicated guide and it has a lot of elements in it.
The process, typically, for physician–when physicians bill fee-for-service, very often, you know, they will make notes and they will essentially–they provide the service–make notes and records in relation to that service which are then submitted to Manitoba Health electronically to the claims processing system. And the reason I mention this element of it is that very often there's a billing agent in between there, or this is–this work is done by physician's office clerks who make the submissions on behalf of the doctor. The doctor, ultimately, is responsible for what gets submitted, but that's just another element of the process.
In terms of the Physician's Manual itself, some of the tariffs are very simple. It's quite straightforward. You know, it's just, this is the service, this is how much you get paid. In a lot of other cases, though, there are terms and conditions associated with each specific tariff. And to some degree, there–you know, you might have three tariffs associated with a particular type of service.
* (11:50)
I'll just give you the example of a visit service, a simple visit. Well, there are basic visits where–for which there are almost no requirements. The patient sees the doctor, doctor sees the patient, and it pays. But for more complex visits, there might be a number of specific individual requirements for the doctor to perform in order to get paid for that second level of visit. And then there's a complex visit that is beyond that again, where you run into some difficulty on, you know, from–in terms of interpretation, is, at which level specifically does the service that was provided on that particular day for that particular patient end up being eligible for payment?
So the point that I'm trying to make, essentially, is that the Physician's Manual is not a very simple, very clear document, it is a complex document with a lot of elements to it. That in itself creates the potential for physicians to make–have to make decisions about what they're going to bill. So, in some cases, without, you know, casting any aspersions on the physicians whatsoever, they might choose a tariff that is at a slightly higher value than what we might find in our findings when we review the physician's records. In other cases, physicians may try and upcharge a little bit, maybe think, oh, well, I'll bill, you know, a group of these tariffs together, and then we look at it and we think perhaps that was not appropriate.
So–and then, of course, there's the element of the physician providing records to a billing agent or to a billing assistant who then makes the decision that might not even be the decision the physician would've made in terms of the billings. Nonetheless, from our perspective, if it's incorrect, then it's recoverable, and so we would pursue recovery of those claims.
Doctors Manitoba's involvement in this, aside from being the bargaining agent for the physicians, in establishing these tariffs in the first place and working through the–it's essentially every four years we go through another master agreement bargaining session. So Doctors Manitoba, of course, works on behalf of the physicians to establish the increases. But they also provide information to doctors with respect to what is expected and what has been agreed to in terms of the tariffs.
Manitoba Health also provides information back to the doctors in relation to their billings and their billing patterns to assist the doctors in understanding what is expected in terms of claims submitted under the Physician's Manual.
In brief, there are a number of different ways that physicians might arrive at a conclusion in terms of what they think is appropriate to bill, and there are a number of reasons why we might not agree with them. And they range from simple administrative errors to contract interpretation questions to simple complexity of the system.
MLA Lindsey: So it seems like it's a system that's been built that very specifically allows this type of overbilling and, in fact, may actually encourage it to take place, that there's a lot of variables that would allow either the physician, the clerk or the billing agent to claim more than they should.
Do you know where the majority of the mistakes–we'll call them for now–get made? Is it the local doctor's clerk that's doing the overbilling? Is it the billing agents that seem to have the bulk of the cases where there's overbilling? Is it family physicians? Is it more speciality-type doctors? Is it broken down into that, and do you have that kind of information?
Mr. Peters: I think I'll start by sort of introducing, again, the scope of the enterprise that we're looking at.
In terms of risk identification, which I think is sort of the substance of the question, in this particular area we're talking about approximately 27 million claims–individual claims that come in from physicians in a year. So it's a very large scale in terms of the audit process, and each individual audit is an audit of an individual physician and then yet, more specifically, it's an audit of individual claims submitted by that individual physician.
So the approach that we've taken–and this is in accordance with the recommendations of the OAG–is to take a risk-based approach to auditing. The risks that we've identified as these primary risks at the present time–and this may change over time as we receive information back that confirms whether or not we had findings on the basis of those risks–a number of them are, essentially, highest number of tariffs claimed by a physician in a year, so the physicians that essentially have the highest volumes–highest tariff dollar amount paid to the physician annually, physician outliers from usual practice patterns.
And we have–essentially, there's a pattern of practice analysis system in Health that identifies physicians that have patterns of practice outside of the norm: high-risk tariff utilizations–so, essentially, tariffs that, in themselves, we see over time as being overbilled or billed inappropriately, high incidence of anomalous billing–so, where we have significant findings with a physician and then potentially do follow-up audits; as well as referrals and complaints from the college of physicians and surgeons or other physicians or the public and service delivery organizations.
So that's where we start in terms of trying to identify where those risk areas are. Then, confirmation of that risk, of course, happens through the process of the audit itself. You know, do we have findings that correlate to what we expected in terms of our risk assessment?
* (12:00)
Those risks and those assessments, once we've sort of identified where we think the risk lies, that information can and will be shared with Doctors Manitoba in the–for the, you know, the purposes of them providing further information to their physicians about the process, about the risks and about what the expectations are, and we hope that that will assist us in addressing these risks going forward and provide further education to the physicians.
Mr. Lamont: Yes, just to follow up–thank you very much for that.
Just to follow up on some of the questions where it comes to sort of using the risk-based audit approach, where are we at in terms of that proceeding? Just because I–in–just in looking at your comments, I mean, one of this is–there's $938 million in total fees, 3,000 fee-for-service positions, 27 million actual filed, but then those are the actual number of procedures.
So when it–when the Auditor General says $1 million in overbillings were during the period that we're looking at, that's simply the amount that was captured, just to say, if I'm correct in saying that.
And then the second part–well, I'll follow up with the second question, you know, just–so if you can just sort of make it clear, you know, where–if this is simply the amount that we know that was overbilled, or is that a total, or is that just simply from the result of the limited audits that you're able to pursue?
Mr. Peters: So, in relation to that period of time and the $1-million figure, essentially, that was the finding of the OAG in relation to the previous audit unit's work and it was in relation to a period of–it was a five-year period. So, essentially, over those five years, they had those findings.
So the position we find ourselves in now is that we have a different process for approaching auditing, and that–those findings were not based on the same processes or on the risk-based approach that we are taking now. So the approach we're taking is to go back over those five years and work through that time period again. So, ultimately, the–what the final outcome of that is–remains to be determined at this point.
Mr. Lamont: I was just wondering what–you know, I mean, one of the recommendations is that the department publish the results of physician audits performed by the audit and investigation unit. So I was just wondering, have there been steps to make this information public, and does it–how does it match or reflect or disagree with the findings of the OAG? I mean, are we–do we have a sense–I mean, the Auditor General found that, you know, we had a certain amount of money and only a bit was being collected.
Has there been a substantial change in the amount of–either the amount of overbillings being discovered or–and has there been an improvement in getting them paid back?
Mr. Peters: So, there were two parts to this question, I think.
The first one was about, essentially, transparency and information to the public and–in relation to audit outcomes. The–our approach to this has been to essentially consider and work toward disclosure of our results on a public-facing venue, an online presence, which is still under work.
* (12:10)
The considerations that we have to take are in relation to the appropriate level of disclosure in terms of audit findings. We–it's important to ensure that we demonstrate public accountability and transparency while at the same time balancing that with the protection of privacy of the physician and of the physician's medical practice. So that–we are working toward that end and anticipate having results that will be published and publicly available within those parameters.
In terms of the question about whether or not our findings are–I think, essentially, you were asking whether our findings are aligned with previous audit findings or whether we're finding that we're having sort of a different set of results. At this stage in the process, the two processes are–were significantly different based on different approaches to finding results and to approaching results as well. We've–so, it's difficult to see any direct alignment because, to some degree, we'd be comparing apples and oranges.
That being said, it's also important to note that we have–we find very different outcomes from one physician to the next. So, comparing this batch of physicians to a batch of physicians that were audited over a five-year period of time historically, it's hard to really assess whether or not there would be a lot of validity to direct comparison of those things.
So I hope I've answered your question, subject to any follow-up questions you might have.
Mr. Smook: Thank you very much for being here today and answering our questions.
In the opening comments, it was–it sounds like things have improved vastly over the last few years. And I'm just wondering–some of the questions were answered for–from when Mr. Lamont and what he had asked, but if another audit was to be held today, would you find that there would be a–again, a vast improvement on the results? Or is it because the audits would take a look at what was happening from different perspectives?
Mr. Peters: Thank you for the question.
So, in relation to whether or not we would be likely to have improved findings if we conducted the same audits now as we had previously, there are a number of factors involved in that consideration. And a few of them are that essentially, over time, part of the audit process is intended to be instructional to physicians and to assist them in understanding what billing practices are required, what is required in terms of compliance.
So–and in addition to that, there may be a deterrent effect that results from physicians being audited and from a general awareness of physicians being audited. These things tend to–or might tend to change the physician behaviour over time in terms of repeated audits or audit of the same area. So, in that respect, the playing field changes slightly over time simply because of the nature of the process.
It's also important, I think, to note that the success of the audit process, it shouldn't be measured solely on the basis of findings. There's no preconceived notion that we are going to find anything or that there is a problem when we're auditing a physician. We are, essentially, objectively looking at what we're likely to find using a risk-based process. But, essentially, if there are no findings in relation to a physician, that's very good news. Essentially, it means that the physician is conducting their practice effectively and doing a good job of keeping their records and billing effectively.
A large part of the focus of this process, ultimately–perhaps not the focus, but at least a consequence of an audit process is that physicians learn from the process as well, as does Doctors Manitoba. And, hopefully, this will result, ultimately, in a deterrent effect that would reduce findings over time if we are doing our jobs effectively.
I think those are my comments.
Mr. Smook: I guess those are all very valid points, and that's why I'm asking the question. Like, training and showing people how to do it properly, like, say, the–in the last–in the Auditor General's report, it stated about $1 million was out there.
But that million dollars, like, what part of that million dollars was held, like, from mistakes or–on either side, whether it be the people auditing or the person billing? Like, you'd think that with time, it should improve, and that's basically what I was wondering about, what the improvements are.
* (12:20)
Mr. Peters: With respect specifically to the $1 million of findings that are referenced, as our current processes were not in place at that time, it's difficult for us to comment on whether–or what proportion of those $1 million might have been as a result of one type of error or another type of error. So I can't speak specifically to that.
But what I can tell you is that the processes that we put in place in terms of our risk assessment process and the way that we're adjudicating physician records and submissions will allow us to be able to track specifically which elements of which tariffs were not complied with and tally that at the end of an audit, and tally that at the end of a year for all physicians, as well as for us to track what sorts of errors appear to be simply administrative errors or what proportion of them were–you know, we will have exact numbers in relation to each audit that's done on a claim-by-claim basis.
So as long as we're working on a claim-by-claim basis, we'll be able to provide some–or have for our future risk assessment and design purposes very clear information about the proportion of where the risk is. And that information also, to the extent that it's shared by the physicians with Doctors Manitoba, will also assist in further education for physicians going forward in terms of their–helping with their understanding of what's required for compliance.
Ms. Naylor: Yes, I just have a question that goes back to the, like, the total of overbillings that were identified by the Auditor General in the original, like, in the 111 audits that were performed in the four-year period between 2015 and 2019, that there was over $1 million in overbillings.
And so I had asked this question of the AG before, and I'm wondering if you can speak to it. It seems like that's just such a tiny, tiny fraction of audits that were actually done when you talk about 27 million claims in a year.
And so, does your department actually have any sense of, you know, on an annual basis, how much money in overbillings is spent of the public purse?
Mr. Peters: So, the question, essentially, about what our expectations are, our assessment overall of what the risk levels might be across the province. With respect to that, essentially, that's the basis in–of how we formulate an annual audit plan, is in an attempt to arrive at some kind of an assessment of that.
Now, the obstacles in our path, of course, are 27 million claims annually, which is a very large area to sample, and it's a non-homogenous population of claims as well, and of doctors. So, in terms of attempting to apply statistical methodology, there are complexities associated with this.
We have CPA auditors who are experts in designing audit functions who are assisting us in developing our processes in that regard. And another complexity is the fact that we're approaching this from a risk-based assessment, which means that in a sense we're selecting a smaller sample of high risk and not looking at the entire province when we're making these–our annual audit plans, which–all of which adds sort of complexity to giving you a simple answer to that question.
Ultimately, what we've found so far is that in the small samples–small number of samples relative to this massive population that we've looked at so far, all of which were selected on the basis of a high-risk methodology.
So, again, this should not be considered to be reflective of any kind of an assessment of what's going on overall in the province, but we found that there have been findings, on average, between about 10 and 17 per cent of non-compliance in some of the–in the audits that we've done to date, and that's since 2020–December of 2020.
Mr. Chairperson: The hour is now 12:30. Our time allocated is expired.
What is the will of the committee? We have three more MLAs on the list.
MLA Lindsey: I think we have a lot more questions, so perhaps we'll just say no to passing this and reconvene another day.
Some Honourable Members: Agreed.
Mr. Chairperson: Agreed and so ordered.
So, now we'll put the question on the report–hearing no further questions or comments, I will now put the question on the report.
Shall the Auditor General's report titled physicians' buildings–billings, dated January 2021, pass?
An Honourable Member: No.
Mr. Chairperson: I hear a no. The report is accordingly not passed.
And the hour being 12:30, what is the will of the committee?
Some Honourable Members: Rise.
Mr. Chairperson: Committee rise.
COMMITTEE ROSE AT: 12:31 p.m.
LOCATION – Winnipeg, Manitoba
CHAIRPERSON – Mr. Jim Maloway (Elmwood)
VICE‑CHAIRPERSON – Mr. James Teitsma (Radisson)
ATTENDANCE – 9 QUORUM – 6
Members of the committee present:
Messrs.
Isleifson, Lamont,
MLA Lindsey,
Messrs. Maloway, Martin, Michaleski,
Ms. Naylor,
Messrs. Smook, Teitsma
APPEARING:
Mr. Tyson Shtykalo, Auditor General
WITNESSES:
Mr. Richard Groen, Deputy Minister of Finance
Mr. Scott Sinclair, Deputy Minister of Labour, Consumer Protection and Government Services
Ms. Kathryn Durkin‑Chudd, Assistant Deputy Minister, Consumer Protection Division, Department of Labour, Consumer Protection and Government Services (by leave)
Mr. Curtis Peters, Program Manager, Comptrollership and Compliance, Department of Health (by leave)
Ms. Andrea Saj, Provincial Comptroller (by leave)
Ms. Ann Ulusoy, Secretary to Treasury Board (by leave)
MATTERS UNDER CONSIDERATION:
Auditor General's Report – Vital Statistics Agency, dated September 2020
Auditor General's Report – Physicians' Billings, dated January 2021
* * *