LEGISLATIVE ASSEMBLY OF MANITOBA

THE STANDING COMMITTEE ON PUBLIC ACCOUNTS

Monday, June 20, 2022


TIME – 10 a.m.

LOCATION – Winnipeg, Manitoba

CHAIRPERSON – Mr. Jim Maloway (Elmwood)

VICE‑CHAIRPERSON – Mr. James Teitsma (Radisson)

ATTENDANCE – 9     QUORUM – 6

Members of the committee present:

Messrs. Isleifson, Lamont, MLA Lindsey, Messrs. Maloway, Martin, Michaleski, Ms. Naylor, Messrs. Smook, Teitsma

APPEARING:

Mr. Tyson Shtykalo, Auditor General

WITNESSES:

Mr. Richard Groen, Deputy Minister of Finance

Mr. Scott Sinclair, Deputy Minister of Labour, Consumer Protection and Government Services

Ms. Kathryn Durkin‑Chudd, Assistant Deputy Minister, Consumer Protection Division, De­part­ment of Labour, Consumer Pro­tec­tion and Gov­ern­ment Services (by leave)

Mr. Curtis Peters, Program Manager, Comptroller­ship and Compliance, De­part­ment of Health (by leave)

Ms. Andrea Saj, Prov­incial Comptroller (by leave)

Ms. Ann Ulusoy, Secretary to Treasury Board (by leave)

MATTERS UNDER CONSIDERATION:

Auditor General's Report – Vital Statistics Agency, dated September 2020

Auditor General's Report – Physicians' Billings, dated January 2021

* * *

Mr. Chairperson: Good morning. Will the Standing Com­mit­tee on Public Accounts please come to order.

      Before we get started with our busi­ness today, I would like to inform the com­mit­tee that a resig­na­tion letter from Mr. Nesbitt as Vice‑Chairperson and as a member of the com­mit­tee was received. Mr. Isleifson is the re­place­ment PAC member for the remainder of this Legislature, and I welcome him to his first meeting this morning.

      Our next item of busi­ness is the election of a Vice-Chairperson. Are there any nominations?

Mr. Dennis Smook (La Vérendrye): I nominate Mr. Teitsma.

Mr. Chairperson: Thank you. Mr. Teitsma has been nominated.

      Are there any other nominations?

      Hearing no other nominations, Mr. Teitsma is elected as Vice-Chairperson.

      This meeting has been called to consider the following: Auditor General's Report–Vital Statistics Agency, dated September 2020; Auditor General's Report–Physicians' Billings, dated January 2021.

      Are there any sug­ges­tions from the com­mit­tee as to what order we should consider the reports and how long we should sit for this morning?

Ms. Lisa Naylor (Wolseley): I propose that we consider the reports in the order that they are listed on the agenda, and that we call the question at 11 o'clock for Vital Statistics and then at 12 o'clock for Physicians' Billings.

Mr. Chairperson: It has been suggested by Ms. Naylor that–as Ms. Naylor–that we follow the reports as it's written. Then we do questions on the first report at 11 o'clock, questions on the second report at 12 o'clock. Agreed?

Mr. Brad Michaleski (Dauphin): Mr. Chair, these are two significant reports. We have a one-hour window on both. I would–you know, I'm not dis­agreeing with, you know, an hour per report, but a hard ask on that question at 11, I would just say let's have a little bit of latitude at that time. If we're getting into a line of questions, we want to make sure that that gets done.

Mr. Chairperson: Let's–duly noted, and I will test the–[interjection]–oh. So there's a sug­ges­tion of a new agree­ment, that we show some flexibility. [interjection] Yes, revisit–we will revisit at 11 o'clock as to whether we want to proceed that way. Thank you.

* (10:10)

      Okay, we will now consider the Auditor General's report titled Vital Statistics Agency, dated September 2020. An action plan was provided by the de­part­ment, and I table this now.

      Does the Auditor General wish to make an opening statement?

Mr. Tyson Shtykalo (Auditor General): I will introduce the staff I have with me this morning: Stacey Wowchuk, assist­ant auditor general; Wade Bo-Maguire, executive director of IT audit and innovation; and Ganesh Sharma, who was the en­gage­ment leader, the principal, on the Vital Stats audit.

      Mr. Chair, Vital Statistics plays a critical role in Manitoba, holding millions of records of vital events dating back to 1882. This includes records of births and deaths, among others.

      All Manitobans have a vested interest in ensur­­ing this infor­ma­tion is properly protected against unauthor­ized access, use, disclosure or destruction. Failure to offer ap­pro­priate pro­tec­tions could com­pro­mise the integrity of our vital events infor­ma­tion and create sig­ni­fi­cant privacy concerns.

      Mr. Chair, in this audit, we found weaknesses in the way the Vital Stats managed vital events infor­ma­tion. More spe­cific­ally, we found the infor­ma­tion security controls were in need of im­prove­ment. These are controls intended to protect infor­ma­tion and infor­ma­tion systems against unauthorized access or modi­fication.

      We noted there was no regular review of staff access to registry software. Periodically reviewing users' access rights and withdrawing unneeded access ensures access to infor­ma­tion is appropriately restricted.

      We also noted some weaknesses in the physical security controls intended to protect vital events certificates and docu­ments at the Vital Stats office.

      I was encouraged to see there were controls in place to ensure the vital events certificates accurately reflected the infor­ma­tion found in the vital events registry. However, the process to ensure the accuracy of the registry infor­ma­tion needs im­prove­ment.

      This report includes 19 recom­men­dations for im­prove­ments for managing the security, privacy risks and integrity of vital events infor­ma­tion. I'm pleased that the Vital Statistics Branch has accepted the findings of our audit.

      In conclusion, I'd like to thank the manage­ment and staff at Vital Statistics and everyone we worked with on the audit for both their co‑operation and assist­ance. I look forward to the discussion today on the report.

Mr. Chairperson: Thank you.

      Does the deputy minister wish to make an opening statement, and would they please intro­duce their staff joining them here today?

Mr. Scott Sinclair (Deputy Minister of Labour, Consumer Pro­tec­tion and Gov­ern­ment Services): Thanks for having us today.

      I don't have an opening statement other than just to intro­duce the other staff with me: Kathryn Durkin-Chudd, who's the assist­ant deputy minister for Consumer Pro­tec­tion, which includes the Vital Statistics program.

Mr. Chairperson: Thank you.

      Is there leave to allow the staff intro­duced in the deputy minister's opening statement to speak on the record, if required? [Agreed]

      Before we proceed further, like to present the com­mit­tee–or remind the com­mit­tee of the process that is under­taken with regards to outstanding questions. At the end of every meeting, the research officer reviews the Hansard for any outstanding questions that the witness commits to provide an answer to and will draft the questions-pending-response docu­ment to send to the deputy minister. Upon receipt of the answers to those questions, the research officer then forwards the responses to every PAC member and to every other member recorded as attending that meeting.

      Before we get into questions, I would like to remind members that only questions of an admin­is­tra­tive nature are to be placed to the witness and that witnesses–and that policy questions will not be entertained and are better left for another forum.

      The floor is now open for questions.

Mr. Michaleski: Thank you for the op­por­tun­ity to–and everybody for showing up here today to talk about this Vital Statistics report.

      There's a lot of stuff in here that concerns me, to say the least, and I guess I just–I'm looking at this report not so much as the details, but just the 30,000‑foot look at what's going on here.

      And I'm just–got a bit of a preamble and I just–so that it's clear in my head, I'll just kind of go through it, and if you could correct me or put me in the wrong–on the right track if I'm off, that would be fine.

      So we had–up to 1998, there was a paper-based system, and in 1998 there was an intro­duction of electronic data, and it was sort of converting at that time. So, right now, we have an electronic data system that is going back and forth, I guess, into pre-1998, which may or may not have corrupted infor­ma­tion or, you know, because I guess tech­no­lo­gy can have a way of finding that stuff and reconciling things.

      So I look at these timelines, you know, at the 1998 and where we are currently, and, again, new tech­no­lo­gy–again, I'm not totally familiar, other than I know that there's–in the report they talk about an electronic database proprietary system.

      So, but going back into that old data, again, you can find and discover discrepancies. And I think the auditor's report highlights those things, different areas of risk, whether it's mistakes or errors, changing of dates, you know, stuff like that, right. There's a whole lot of sug­ges­tion where the database can be corrupted.

      So I would say–again, so we're–in the real world right now, we have–of course, I'm hearing my con­stit­uents talking about extended delays on receiving infor­ma­tion back. So that suggests to me that, you know, it could be an internal problem sorting this stuff out and that there could be issues with the database.

      And, of course, the Auditor General's report has high­lighted a number of issues regarding manage­ment oversight. And, again, that's con­cern­ing. But also the point that there was a–essentially a private statement given, and it was on, if I remember the page–but it was from the AG with sensitive infor­ma­tion to de­part­ment and back, and it seems to be not disclosed.

      So we have a situation where we have a–major breaches on some­thing that should be Fort Knox. If I'm not–if I'm wrong on that, then I would like clari­fi­ca­tion on that. But I think the in­ten­tion of this vital static–it is very, very im­por­tant data, and there should be pro­tec­tions. And I think, reading through the report, there is potential to leak like a sieve.

      So my question, then, is how is this data com­pro­mised, and is it useless? And if it is, how do we separate ongoing from this recon­ciliation of the past, because it can get very–very muddy and difficult to source and find clean data, if that's the case.

Mr. Sinclair: So, thanks for that question.

* (10:20)

      So, a couple things–there's a number of things in your question–so, you're talking about overall security of the system, the integrity of the existing data and whether some of that is contributing to service turnaround times, delays, that you're hearing from con­stit­uents. So we'll start with the first one.

      Manitoba's gone through a process of updating its system and moving from what used to be largely paper records, microfiche, to a digital system. We've gone through the process of digitizing the records, but all the data has not been uploaded to the system, so there's still data in two places.

      We are not aware that the data is corrupted or problematic. The infor­ma­tion is there. We've no evidence that the data that we have on events of sig­ni­fi­cance is wrong or incorrect. We're also not aware that the system has ever been com­pro­mised. There–I think the Auditor General's identified risks where it could be, and we've accepted those recom­men­dations and are working towards trying to address some of those risk points. But we're not aware of a com­pro­mise of the data that's happened.

      In terms of the delays, we certainly acknowl­edge that, historically, delays were–or the timelines to process were getting quite sig­ni­fi­cant, although that's improved sub­stan­tially over the last several months to a year. Those are not related to the system; it's not related to the data model, it's not related to the data system. Those were simply process issues that we needed to modernize, revise, refine, which we've done, and we're–I think we're now looking at–for online submissions we're looking at a week, one-week turnaround for marriage certificates and death certificates; birth certificates I think are about two weeks on that front, which is significantly better than it was.

      We still do, as I'm sure you do, get lots of complaints or concerns from citizens that it's still taking longer, and we–typically, we find that the reasons for those delays are not the processing, it's actually the completeness of the infor­ma­tion. When we follow up, there's missing infor­ma­tion or things weren't filled out correctly, which we work to resolve as fast as we can with the applicants so that we can have that infor­ma­tion process in a timely manner.

Mr. Michaleski: Just one follow-up question, and it's regarding the–on page 12, the final paragraph, and it talks about that cor­res­pon­dence between AG's office and the sensitive infor­ma­tion.

      I ap­pre­ciate your first answer, I do. But I guess I'm left guessing what of what that sensitive stuff is, right? And I don't think it's explained of what the context of that sensitive infor­ma­tion is. So I guess–and if I missed it, point it out to me.

      But my question, then, is you have–the response have been–it's a question to the Auditor General as well–if there's sensitive infor­ma­tion, like, what respon­si­bilities does the Auditor General have other than reporting it to de­part­ment? Or if there's some­thing that's not above board, let's say identify 'threft' has been–something has been found, is there a respon­si­bility to go beyond the de­part­ment if there's any sug­ges­tion of criminal activity? Just, you know, because that–very possible that whether it's hacked or internal or a breach of privacy, you know, it could've caused a knowingly criminal activity–could possibly be.

      So what does the AG–what's his respon­si­bility, and then what is the de­part­ment's respon­si­bility? Because it sounded like there was a con­ver­sa­tion going back and forth. So what is the respon­si­bility to PAC and the public to ensure that, you know, if there's some­thing going on like that, that we're made aware and we're able to effectively question these things?

Mr. Sinclair: I think the Auditor General's looking to respond to that one, actually.

Mr. Shtykalo: So recom­men­dation 11 in our report, we'd recom­mended that Vital Statistics Agency promptly implement the security control recom­men­dations presented in our letter to manage­ment–believe that's the cor­res­pon­dence that we're speaking about.

      We had not–our report did not include any breaches or indications that there was inappropriate access. However, we did note several areas where security could be improved to prevent this. Due to their sensitive nature, we included them in a manage­ment letter and provided them to the agency.

      When we perform our follow-up on the Vital Statistics audit–we haven't announced the date yet for that follow-up, but when we do, part of that process will be to revisit the recom­men­dations we reported–or we provided in the manage­ment letter and include an assessment of that progress on those recom­men­dations in that report.

      As the question to what Public Accounts can do at this moment, I believe a question to the de­part­ment on–without asking for specific risks that have been identified, could, you know, inquire as to the progress on the recom­men­dations made in that manage­ment letter and perhaps a timeline for completion, if not already completed.

Ms. Naylor: I think it's worth continuing to pursue some of the security questions, but I'm going to jump to the wait-list issue and thank you folks for being here today.

      I'd like to–you've referenced that the backlog has been significantly cleared at this point. I'd like to get more details on that. I've been an MLA for not quite three years, and from the time I've been elected, I've been hearing about the backlog from con­stit­uents. It's been a sig­ni­fi­cant issue.

      So, when you talk about the backlog being cleared, I'd like to understand, like, has it been in good shape for two weeks, two months? Like, what's the–how–and how has that happened? Like, what has made the difference?

      And as part of that question, I'd like you to separate out the backlog for the registrations of vital events and the actual issuing of certificates, because my under­standing is, from what I'm hearing in the com­mu­nity, is that there's still a sig­ni­fi­cant wait for that latter part of the process.

      So can you speak to that, please?

Mr. Sinclair: Thanks for that question.

      So I agree that this has been a focus and should be a focus of concern for both the com­mit­tee and for citizens, as it is an im­por­tant area of esta­blish­ing identity and other major events.

      So I can say as of, you know, April 22nd, 99.99 per cent of the backlog was cleared. So at one point there was 25,601 applications that needed–and those have completely been addressed and caught up. As a result, we're striving towards and maintaining our two-week turnaround, which we continue to meet, parti­cularly for online applications.

      I'll just note for the member that we do post online now the turnaround time. The infor­ma­tion I have here–and it's on our website–goes back to the first week of May, which shows the average turnaround time ranging anywhere from 2.3 weeks down to a low of one point–or one week about last week, so the times continue to come down.

      We did start posting this infor­ma­tion publicly November 2021, so this infor­ma­tion's been publicly available, holds us accountable and makes sure that the public has an awareness of the time it takes to register events.

      In terms of issuing certificates, we are ahead–excuse me–we are ahead this year from where we were last year. We continue to make im­prove­ments. We can continue to make im­prove­ments in that area, but sig­ni­fi­cant process im­prove­ments have been made with, you know, at least a 25 per cent increase in the rate at which we're issuing certificates going forward.

Ms. Naylor: So I didn't really hear in there how long people are waiting for the issuance of certificates.

      So I heard a 25 per cent im­prove­ment, but I'd like to know the average that people are waiting, and I'd like to understand what steps were taken to clear that–to clear the backlog that you described and how do we know that it will continue to stay clear.

* (10:30)

      Like, how–what has changed in the de­part­ment so that things can be processed in a timely manner?

Mr. Sinclair: So, the infor­ma­tion that I shared in terms of the turnaround times, that was the time to issue the certificate. So it takes a week to issue the certificate. It's the registration issue–where we're having–we continue to make im­prove­ments, but that's also from the registration of a no-error application.

      One of the challenges that we have and one of the public com­muni­cation piece we're having is to improve the error rate of the applications. We do see a sig­ni­fi­cant number of applications received with errors, which takes obviously more time back and forth with the individual client. It slows down the overall process, it slows down the individual transaction.

      So I see the casework that you see that's passed through to my office, and often the response back to myself and the individual looking for it is there is an error in the original application that requires remediation.

      So we do need to do more work to ensure that people are filling out the application fully, completely and correctly. We can't process a registration for obvious purposes when it contains errors or missing infor­ma­tion. So that contributes to the overall process that people are ex­per­iencing. But once we have an application that's fully completed, as of last week we were issuing certificates one week out.

      In terms of the steps that were taken to address the backlog–and I think you implied in your question–was how do we know we're not going to go back there–what have we done to do that? That was part of a sig­ni­fi­cant review of how the processes were under­taken. The Vital Statistics area was–has been around for a long period of time and had–like most organi­zations, you get into a state of we've always done it this way and a process that we'd–that would always happen.

      We reviewed all of our processes. We imple­mented a process im­prove­ment regime to ensure that those processes were, you know, as effective and efficient as they could be, as stream­lined as they could be. We removed elements of the process that weren't adding value or were holding back the timing of that.

      That continues to be the focus of the branch. That is not a one-time event. It's an–it's a culture change for an ongoing process im­prove­ment. The branch is continually reviewing its processes to ensure that they are as effective and efficient as possible so that we can deliver Manitobans the services that they need and ensure that we do have–that can keep the turnaround times that we have.

      As I think we get into–I anticipate some of the questions we will get into, which is around the IT piece. We continue to look at how can we modernize the process through IT invest­ments and we are continuing to plan for and implement some IT im­prove­ments to ensure that we have a more digital–2022 digital ex­per­ience for people to apply.

Mr. Shannon Martin (McPhillips): Just–questions related around–to the security of the data insofar as the inputting of the data. I noticed that the Auditor General had previously suggested or made the recom­men­dation that no single user is able to complete a transaction form from begin­ning to end.

      Obviously, on one hand, you could see where that might, you know, lengthen the process. Although I would think, though, that the imple­men­ta­tion of that policy would have more to do with the security of the infor­ma­tion and in ensuring the integrity.

      So I just want to know whether or not Vital Statistics has made that imple­men­ta­tion.

Mr. Sinclair: So, thanks for asking the question.

      And as I was getting ready for this, I had the same reaction, which is when you segregate respon­si­bilities, it adds extra steps. However, we recog­nize the importance of those segregations. Those extra steps are im­por­tant to ensure the integrity and the pro­tec­tion of the process.

      I'm happy to report that that recom­men­dation is on track. We have imple­mented a dynamic registry permission system where there is segregation respon­si­bilities and no one person can take an event from begin­ning to end. The ap­pro­priate hand-offs have been identified and the segregation of those duties have been put in place.

      There is still ad­di­tional work to do in terms of eliminating some profiles, and we expect to have that done by fall of this year.

Mr. Martin: Now an external security question: In the media we've been reading and seeing more and more about ransomware attacks on hospitals, on schools, on large cor­por­ations that, in a lot of instances, actually, they go unreported due to the embar­rass­ment of the facilities and that, and just the willing–or urge just to be done with it.

      I'm just wondering, how do you see Vital Statistics–oh, what's the word I'm looking for–are you prepared for a ransomware attack? Do you have the necessary software in place and–to protect your data and, more im­por­tantly, to protect Manitobans?

Mr. Sinclair: A very good question in terms of preparedness for cybersecurity, and that doesn't just affect Vital Stats, it's a concern for all of our systems. The prov­incial gov­ern­ment holds infor­ma­tion and records and systems that touch many parts of our lives, which includes holding very critical personal infor­ma­tion.

      Manitoba has recently taken steps to esta­blish what's known as the Manitoba centre for cyber­security so that we can be in front of and on top of cybersecurity threats as they emerge. We are taking a whole-of-the-public-sector perspective and approach to this. We aren't looking at just one program. We're looking at the entirety of it, including how secure are our partners in terms of our Crown cor­por­ations or other reporting entities, including school divisions and the health-care sector and trying to ensure that we have as robust a cybersecurity program as possible.

      The Vital Statistics Branch is a part of that program. It's within the De­part­ment of Labour, Consumer Pro­tec­tion and Gov­ern­ment Services, so it's covered by that approach in terms of ensuring cybersecurity pro­tec­tion. That's not to say that we aren't always concerned about where we are in cybersecurity. We don't speak of or talk too publicly in terms of where we're at, not because we're trying to hide anything or anything, we just–two reasons: we don't want to talk about how we approach things to provide the blueprint for the bad guys, so to speak, to understand as to where we may or may not have vul­ner­abilities; and we also understand that the cyber-criminal world reacts to–or they make choices about where they target based on how confident one organi­zation will be publicly around it. It's essentially waving a red flag in front of the bull.

      So we do try to keep this close to our chest for good reasons. But that does not mean that we are not fully engaged in this, worried about it, looking at it, staying on top of it and making the right invest­ments and protecting Manitobans' infor­ma­tion.

Mr. Len Isleifson (Brandon East): So I know we've already talked about a lot of this already, but 'identifee'–pardon me–identity theft is a very serious issue. I know one in five Canadians are affected by identity theft at some point, including myself. And I understand that you've been doing a lot of work in mitigating the risk factors. And I would love to know the details, but I also understand where you're at in that area.

      But I'm wondering if you have completed the process that you're going through as part of the recom­men­dation in putting in place processes to mitigate that risk. And at the same time–and, again, in my case, I only found out about my identity theft when I found out fraudulent activities were going on. I was never notified where it happened to this day. I have no idea where the incident occurred. All I know is that three police de­part­ments are working hard for me right now in trying to figure it all out.

      And so I'm just wondering if the de­part­ment has any reporting function or a policy of notification that breaches have occurred if, unfor­tunately, they ever do happen.

Mr. Sinclair: Yes, so I think my first comment is that the Auditor General's report has gone a long way to give us a roadmap as to what we need to do in terms of provi­ding pro­tec­tions and security and safety of the infor­ma­tion that we hold in terms of the events that we register.

      Just note that the respon­si­bility of the Vital Statistics Branch is to register events and issue docu­men­ta­tion around those events, but we don't have a lifelong relationship with the individual once those events are registered and the certificates–or certifi­cations of that are provided. Once that infor­ma­tion is out of the public domain, it becomes the respon­si­bility of the individual to protect that infor­ma­tion.

* (10:40)

      Having said that, we–you know, part of what the Auditor General's report covers off, as well as what we're doing internally, is to ensure that the processes that we're respon­si­ble for don't contribute to a potential breach of infor­ma­tion or theft of one's identity.

      Parti­cularly, recom­men­dation No. 1, which is to conduct a com­pre­hen­sive risk assessment, identify and assess the risks associated with vital events: that's a recom­men­dation that is–that we've under­taken and it's on track. It's not completed. I'd also suggest it will never be completed. There will continually be some­thing that we need to do to–as a part of that continuous im­prove­ment process I spoke about, as well as ensuring that the infor­ma­tion is protected, that those risk assessments will continue to be done going forward.

      If there were to be a–if the infor­ma­tion were to be com­pro­mised within the system that we hold–so, for events that have been registered, that are in our system–if there was a breach around that, we would have obligations to report that to the Ombudsman, like any other program does in terms of an obligation or report a breach of personal infor­ma­tion to the Ombudsman, and then would work with the Ombudsman office to com­muni­cate to those individ­uals whose infor­ma­tion was breached in that and then find remediation to address that.

      But unless the infor­ma­tion was stolen or breached from within our system, we wouldn't have awareness and knowledge, and we have no notification capabil­ities to be able to go to somebody and say, hey, your identity's been breached. I think my under­standing from it–I have–similar situation, although I know what happened; I lost–or somebody stole my wallet, and that's where it went–it typically happens through the credit cards and your SIN number, which are pieces that are outside of our respon­si­bility, but.

Mr. Dougald Lamont (St. Boniface): Thank you very much for coming today.

      I'll just start with a question about the backlogs, just because I think in terms of the–I mean, I guess it's been suggested that one of the reasons it's happening is because there were errors in application forms and so on. So–but in dealing with requests from the public, from con­stit­uents, it–you know, I think that there was an enormous growth in the backlog which couldn't–I don't think could be explained just by that alone, just by the fact that there were more mistakes in.

      So I guess I–what are the steps that are being taken spe­cific­ally to reduce that–are there steps being taken to, say, to correct these things at the time, to make applications easier? Are–is there a parti­cular stumbling block or area where the same mistakes keep happening in terms of forms? If you could just explain what the specifics of sort of stream­lining that process is looking–has looked like and where we're at.

Mr. Sinclair: Yes, thanks for that question.

      So, just clarify one thing. So, the backlog is gone. I–and my comments weren't about–in terms of the errors leading–that's not–I wasn't suggesting that created the backlog. I think what I was suggesting was the frustrations that people see in terms of taking longer than they would like to see their applications is typically an issue with respect to the completeness of the application. That's a go-forward piece for our current time.

      The backlog came about for a bunch of reasons that I'm not sure we have enough time to go into today. We got to a point, recog­nized that that was unaccept­able, imple­mented these processes to ensure that that was cleared. Backlog is definitely now cleared.

      Just by way of example, you know, as of, you know, six months ago we had almost 7,000 applications in the queue, so to speak, waiting to be processed. As of this week, we had under 1,000. So we're moving them through quickly. We're–we don't have nearly as many to process as we once did.

      In terms of the–what are we–steps are we taking to ensure that we're helping citizens to complete an application fully and completely so that they can turn these around quickly within the two-week target or even within the one week that we're achieving right now, the primary approach that will be a move to a digital–I'm not going to say only–our preference would be only–but primarily digital plat­form.

      I think everybody's aware that when you submit applications online, there's an ability to prevent you from moving forward if there's missing infor­ma­tion or incorrect infor­ma­tion or infor­ma­tion isn't in the right format. We find in other areas where we have digital applications that it improves both the completeness and the accuracy of applications as well as the turnaround time significantly.

      But we're also looking–for those individuals that will continue to submit in paper for the time being, we're looking at simplifying that process as much as we can, making it clearer. You know, gov­ern­ment has historically over-asked for questions or done things overly complicated, and one of the principles of the process were taking place in a continuous improvement is to, again, not just take out steps that are not adding value, but eliminate questions or infor­ma­tion or our processes that are confusing to the individual, that get in the way of doing things in efficient ways.

      So, those two things combined will allow us to improve that significantly through a digital appli­cation as well as through simplifying the process as much as we possibly can.

Mr. Lamont: Yes, just–I think, if I could, it'd be great, I mean, per the point of view of lessons learned to have a–an–a bit of an under­standing of how it went off the rails, so to speak. In part because, you know, clearly, that there had to be corrective steps that had to be taken, this was flagged as an issue.

      So, if you could, I mean, I guess, partly for the record, but also so that, for the future, that we know not to do this again, to explain, you know, how we got into the–a little bit about how we got into the backlog and the specific steps that we're taking to recover from it?

Mr. Sinclair: So, again, I'm not sure that I could even, between us, could get into the specifics of that other than to say it was not an organi­zation that focused on efficiency, it was an organi­zation that focused on process and how to do things.

      One of the things that we've under­taken, as well as, you know, gov­ern­ments around the world have under­taken, is a commit­ment to look at processes from a citizen-centric perspective and ensure that we're doing things not because we feel they need to be done that way but because it helps the citizen get the service that they need.

      So, you know, I–and I don't mean to gloss over, but I think it's fair to say that we–that the organi­zation got to a place where this–the processes simply were no longer efficient, effective, meeting the needs of citizens. We've under­taken the process to, you know, use lean approaches to review our processes, these tools that we've borrowed from the manufacturing sector that have proven quite effective in ensuring efficiencies there and have done quite well in certain areas in gov­ern­ment to ensure that we're much more efficient, parti­cularly in areas that are very process heavy, like Vital Stats, to make those im­prove­ments, as well as a culture change, where we've intro­duced this concept of citizen-first, citizen-centric, and ensuring that we're doing things from the citizen's perspective, and change the culture of the organi­zation so, again, that they're always looking for the op­por­tun­ities to improve process and improve service delivery times and improve the overall service ex­per­ience to Manitobans.

      So, just an overall–so, the processes weren't efficient, it got to a place where it just simply couldn't keep up with the demand and the way that it was being done. We had to take a break from the past and implement a new way going forward, which I think we've done quite well in terms of meeting timelines. Again, as of this week we're turning around times in one week with a fully complete application.

MLA Tom Lindsey (Flin Flon): So, I just want to follow up a little bit on what Mr. Lamont was asking.

      We know that at one point in time, the system seemed to be working. People were getting the certificates in a timely fashion, and then it seems rather suddenly, perhaps, that they weren't getting them. Some­thing changed either within your de­part­ment or some­thing external to your de­part­ment that led to the backlog happening.

      And you've talked about changing processes to try and rectify that, but what changed at that point in time that really led to that backlog? Were there that many more births and deaths? There has to be some­thing–because you can't fix it if it you don't know what caused it, right?

* (10:50)

      So, talk a little bit about the cause that got us to that point that you're still in the process of trying to fix now.

Mr. Sinclair: So I don't think there was any one event that triggered the backlog. I think it's–that this–the backlog didn't just appear one day, that this was a growing problem over a period of time that, you know, year after year, year over year, we got further and further behind. And this issue goes back, you know, a number of years. And I think we just simply got to the point where the weight of the backlog, or the size of the backlog, just caused the system to come to an end and a realization that this could no longer be sustained in this manner.

      So it wasn't a–you know, a change was made, all of the sudden applications skyrocketed and–or the backlog skyrocketed and then we had to do some­thing different. We also haven't seen a sig­ni­fi­cant increase in birth or death events–it's outside of the natural growth and change in our popu­la­tion over that period of time. But it's that situation where you just get so over–well, you get to a point of such–being overwhelmed that it begins to, you know, weigh on you, and you just can't dig yourself out of that.

      So a decision was made to say, look, we have to change the way we're doing things, we have to improve the way that we're doing things. That really happened in 2021, where we kind of hit our proverbial low point in that situation. And since then, we've had a–seen a sig­ni­fi­cant increase and im­prove­ment in turnaround. The backlog's been eliminated, and we're back to a 'timefline' that we're comfortable with.

      But there wasn't one event that led to the backlog. The backlog didn't show up over­night or over one year. It was some­thing that accumulated over a sig­ni­fi­cant period of time just due to that inability to look at, critically, how we do work, how we process our applications, how we deliver services to Manitobans, and that happened in the very recent times.

MLA Lindsey: I'm sure there's going to be more questions on that.

      But, very spe­cific­ally, are there different certifi­cates that take different amounts of time? So, a death certificate averages this long, a birth certificate–is there a difference in how the infor­ma­tion is received by your de­part­ment and how the infor­ma­tion is processed for each one of those individual certificates that you may issue?

Mr. Sinclair: Yes, so the complication or the process to issue a certificate–be it a birth certificate, a death certificate or otherwise–there are really no difference in terms of the time that it takes us to process or the time that somebody can expect to get one.

      Again, I'm going to go back to, really, the time that it takes for an individual to get one right now is going to be tied to, is the application complete or not and did you submit it online or not. If you submit an online application that is free of errors and complete, those we can turn around very quickly. If you are submitting paper records where there's errors, that's going to take much longer.

      The–different individuals fill out different applications for the events. Nurses fill out the birth registration at the hospital, or the point of birth if it's a midwife or wherever it is, and funeral directors fill out the death certificates at the funeral homes. So again, that's really where we are spending most of our time, focusing on trying to get people to understand, you know, where we can do better, of getting complete applications.

      Just an example of one of the things that we've changed very recently that's improved significantly the ability to turn around applications–right now, we're in a–lots of attention's being focused on marriage certificates, for example, lots of people wanting to get back to weddings. The process was that the minister had to sign off on marriage com­mis­sioner–marriage certificates. That was delegated to me under the gov­ern­ment organi­zation act. We recently intro­duced a change to allow that to be delegated down into the branch so that every­thing wasn't coming on my desk and I was a bottleneck to getting these things done. So, just an example of how we can make some pretty easy changes to improve the turnaround time.

      I wasn't adding any value. I didn't know who Jane Smith [phonetic] was in their application. I was just signing off because that was the process. The work is done at the point of the Vital Statistics Branch and–Vital Statistics Agency, and they're much better positioned to do that–so, things that we're doing to improve those turnaround times just by making small changes in the process that have always been.

Mr. Smook: One of the–the question that I had is, you had mentioned that it's taken between–right now, the backlog is down. It's taken a week to two weeks to get certificates out. Now, is that strictly for applications that are filled out properly and that?

      And what percentage of applications do you receive that are filled out properly, and is there any specific region on the application that's not getting filled out properly, so–and is there anything being done to try to educate people on how im­por­tant it is to fill that out properly?

Mr. Sinclair: So, yes.

      Just to confirm the first part of your question, yes, that one week to two weeks is for a properly completed, fully completed, error-free application. Obviously, if there's errors, it–every application takes its own pathway at that point in terms of how quickly we can get a hold of the person that was submitting it, who needs to confirm infor­ma­tion. If you can imagine, if there's a birth registry event, if the nurse that filled it out may or may not be available at any given time, well, we've got to try to track that person down to fill in some of the infor­ma­tion, it can take a little extra time to do that.

      In terms of how–what percentage we have to under­take that piece of work to find out how many applications are received error-free and how many are received with error and what those–the nature of those errors are, I'd have to say that there isn't one error that's glaringly saying that this one is always wrong. If we found that, we would be imple­men­ting changes.

      But we are in regular com­muni­cation with those key event-registering pro­fes­sionals–again, nurses, funeral directors–to ensure that they are filling out that infor­ma­tion as accurately as possible at the point of the registration to reinforce that infor­ma­tion–the accuracy of infor­ma­tion matters, that we can't move forward with the registration of that event if there's errors in the infor­ma­tion. So, we do work as close as we can with those individuals–those organi­zations that represent those individuals so that they can ap­pre­ciate and understand the importance of getting the infor­ma­tion correct.

Ms. Naylor: Yes, I have a question about the–just another security question.

      There had–in the action plan that–we were told that you will be revising internal processes to manually validate an event registrar and that there'd be a plan in place by September 2023.

      So I know that that's still a year away, but I would like to know if VSA has a complete list of event registrars and what the process is now for manually validating registrars, including how VSA will evidence that that validation has actually been performed.

Mr. Sinclair: So I'm happy to report that we do have the list completed. The next step is to then implement some of those manual and then automated checks of those pieces which, as you know, we are planning to and still on track to have those imple­mented in place for 2023.

Ms. Naylor: Thank you for that.

      My follow-up question is actually still related to the wait times. I'll just follow-up on the question for my colleagues to my left.

      I just want to get from when you were answering my question earlier, my under­standing is that the average wait time–barring errors, the average wait time for registration is two weeks and for certificates to be sent out is one week, if I understood correctly. But I–but the website's still showing six to eight weeks for registrations.

* (11:00)

      So can you speak to that discrepancy and then–and, like, be really clear, if there's no errors and it's an online application, what is the average time right now?

Mr. Chairperson: Okay. Could I have your attention, please.

      It's now 11 o'clock, and we have to revisit what we suggested an hour ago. And the question is, could we have a sug­ges­tion from somebody as to how we proceed? We have all–two more people on the list.

Mr. Michaleski: Am I one of those two people?

Mr. Chairperson: You might be, yes.

Mr. Michaleski: Okay. Thank you, Mr. Chair, and I–again, I understand, ap­pre­ciate the timeline, 11 o'clock.

      I have a couple of questions I'd still like to ask, and I would also say that this report–we're just skipping the surface on this report. There's some issues in there that are–we've got action plan talking about–there's some timelines here that are really im­por­tant.

      So I think we need a little bit more room on this, and I would suggest rather than–and I would be willing to accept to get the questions on the record and allow the de­part­ments or the AGs a day or two to answer them if–instead of continuing on if we need to. I'm just throwing it out there. And then we can bring it back on record.

      But we–you know, I want–I'd like answers fairly promptly, just because we're–we don't have the time. So I'm making that sug­ges­tions. But know that I have two questions that I'd like to ask.

Mr. Chairperson: All right. So the sug­ges­tion by the member is that anybody who wants to ask questions can ask them, and we would give them two days to respond in writing with the answers.

      Would that be acceptable? Is that agreed by the com­mit­tee? Agreed? [interjection]

      So, the deputy minister has suggested that he would like 'til this Friday to provide the answers to the questions. Are we–is that agreed?

An Honourable Member: No, I have a question.

Mr. Chairperson: Mr. Lindsey.

MLA Lindsey: So my question is: If we don't pass the report today, we get to call the deputy minister and the de­part­ment back?

      Is there a reasonable time frame that we could suggest to call the report back to have further discus­sions as opposed to written submissions?

Mr. Chairperson: So we have to esta­blish, are we going to put questions to the deputy minister and then allow him to respond by the end of the week in writing?

Mr. Michaleski: Mr. Chair, just getting a sense of where this thing's going, and my questions–if I was just asked–able to ask the question with preamble, I might burn up two minutes.

      So, you know, and I don't know about everybody else, but just for a frame of reference on this, I don't mind the reply back in two days. I'm a little concerned about the 10-day delay and this report coming back because of things that, I think, are time-sensitive in this report.

Mr. Chairperson: Well, can I suggest to the com­mit­tee that perhaps we just take some questions from the two members who want to ask them at the moment, anybody else, and maybe it will–people will be satisfied in 10 minutes. [interjection] Yes. So, okay, we can agree then, we'll set another 10 minutes, and we'll try to get as many questions answered as possible, or take it as notice as possible. Mr. Sinclair will decide whether he could answer them in 30 seconds or whether he needs to–time to respond in writing by Friday.

      Okay, so are we agreed to that? [Agreed]

      Okay, Mr. Michaleski, it's your turn.

Mr. Michaleski: Thank you, Mr.–

An Honourable Member: Wait, sorry. They hadn't answered my question yet.

Mr. Chairperson: Ms. Naylor.

Ms. Naylor: They were in the middle of–

Mr. Chairperson: That's right, yes.

Ms. Naylor: Good try, though.

Mr. Sinclair: I was trying to get my answer together while you were deciding this–I got a little extra time.

      So the–so, we post six to eight weeks, so that's the expected interval from the time that you submit to the time that you expect to get your certificate. If we're tracking two weeks on average to issue certificates, then it's about four weeks do the registers.

      Two events, that's you have to–we have to register it, and then we certify or issue a certificate around that. So it's about four weeks, roughly, to do that and then two weeks to issue the certificate after that. So that's why the six to eight, there's two pieces that have to happen.

Mr. Chairperson: Ms. Naylor, do you have another question then?

Ms. Naylor: That was my second question, thanks.

Mr. Michaleski: Thank you for the latitude of the timeline on this report, and I do thank everybody for their answers.

      Going to go back to my line of questioning and just follow up on some of the comments on my last question, which the Auditor General answered. And you referred me to item No. 11 on the action plan, which, again, without a ton of detail, but it does suggest prompt language–urgency is what's being suggested here on 11. And that is, of course, dealing with imple­men­ting security. So, again, that's a pretty big word that could involve a lot of stuff.

      So I'm going to ask my question again–one of two questions that, of course, the Auditor General referred me to 11. I'd like a de­part­mental response on that as well, and I'm going to take the advice of the Auditor General here and his direction towards getting an update on No. 11 and ask the de­part­ment if they can provide a more–11 and relevant action plan has to deal with security measures and the progress of–if you can create and provide this com­mit­tee a very fulsome report on the progress of where you are on 11 and anything that's related to that, because, again, it's suggesting here urgency in the comments.

      So, is that possible?

Mr. Sinclair: So, as I alluded to in some of my previous answers, that many of the security controls that we implement are not things that we want to–or you would want us to–disclose publicly.

* (11:10)

      I think there's a way that we could do that on a con­fi­dential basis and probably a written report of some sort that we could provide back to the com­mit­tee about what's actually happened. But, you know, just the nature of this environ­ment and the public nature of the Hansard is probably not ideal to disclose specific details.

      I can say, though, that elements of that recom­men­dation that the Auditor General identified were imple­mented very quickly. So, parti­cularly around some of the elements that were focused on, we've imple­mented those, and the remainder of those will be in place by September of this year.

      But I think we can under­take to provide the infor­ma­tion you're looking for, just in a different way other than an oral question in this environ­ment.

Mr. Michaleski: I ap­pre­ciate that answer, and I completely understand, you know, this–the sensitive nature of this thing. So, again, I very much ap­pre­ciate–because, again, it gets into, you know, questions of integrity and access and all these things and, anyway, I will just say I ap­pre­ciate that answer.

      On–my second question is regarding the building and that–there's a portion of that in that report. We have a picture of it in the report. It's quite a magnificent-looking building. But today–and I don't know what's needed by Vital Statistics in terms of tech­no­lo­gy space, data storage, archive, that type of thing, and is that building the right building? Because it–in reading the report, it looks like there's pretty extensive renovations that are required for that, and I think, tech­no­lo­gy today, probably don't need that building, and I would just say there's probably lots of locations that are suitable, especially if we're going to a digital plat­form, more that–not saying we don't need physical archives or those types of things, but operationally–see, I suppose you know where I'm going.

      What is being talked about in terms of a go-forward plan for the building, operating–there's risks with having one location doing every­thing, so–and there's, again, platforms, high-security platforms that you can piggyback on top of and all sorts of things.

      So, is there anything that you can say go-forward on the building?

Mr. Sinclair: So I can–I–so, the Auditor General looked at not just the IT component or the security, they also looked at the physical security around the operations of Vital Statistics in the province. There were a number of recom­men­dations in that report that spoke to physical security im­prove­ments and physical layout im­prove­ments that would need to happen at that location.

      You're correct, it's an older building, it's a heritage building, it comes with–heritage building status comes with lots of challenges and limitations around that.

      Having said that, I–you know, at this juncture, we've moved beyond discussions, we've actually imple­mented the majority of those physical changes. Those changes and renovations will be completed this week, I believe, or next–[interjection] Oh, we're down to–okay. It's off by about a month, we're looking at first week of August, now, that those will concluded and completed. We're all looking forward to those being done.

      The only one that couldn't be imple­mented as written was the Auditor General did recom­mend a sprinkler system to–fire suppression system to protect the people and the docu­ments in there. I mention this because of the heritage status of the building, you can't sprinkle that building because of heritage status, but there are other ways that we–have been found to deal with that. So, spirit of the Auditor's recom­men­dation was, I think, achieved through different mechanisms repre­sen­ting and recog­nizing the heritage nature of that building. So the building itself will be meeting modern standards in terms of its physical layout, security, all those sorts of things.

      The question around where do we store and where do we archive, that's a much bigger question that isn't just one for Vital Stats. We are–in my other–rest of my portfolio, that's a piece that we're looking at and following up on fairly significantly as to, where do we store our infor­ma­tion? Is it paper-based, is it electronic?

      You quite rightly pointed out, majority of our records are moving to an electronic nature, that's a different storage require­ment, requires different security. That will be a–that project will address the pieces of the Vital Stats–recog­nizing that Vital Stats also needs real-time access to its historical infor­ma­tion because they need to be able to process if somebody asks for my birth event from 1930, you know, we want to–we need to have access to that in a fairly quick and ready way to do that.

      So the issue of where we archive, how we archive and the securities around that is a part of a much bigger project that we're under­taking, that Vital Stats will be a part of.

Mr. Chairperson: We previously agreed to 10 minutes. There is one member left with one more question. So, can we agree to let this member ask the question–his question? [Agreed]

      Mr. Lamont, you have the floor.

Mr. Lamont: Yes, I just wanted to ask a question about the fire safety and security, especially at the building, in a couple of ways: (1) I know that it's been flagged and that there are challenges because it's an older building. So if you could talk a bit about what the plans are and how they're progressing in terms of fire safety.

      And the other related question is that if you've got a bunch of archives that essentially are paper and some that are digital, where are we at with a secure remote backup, or does such a thing exist, or is it contemplated?

Mr. Sinclair: So, if you'll recall back to an earlier statement I made, that we have digitized the records but we haven't completed the process of uploading them into the system. Once we get that completed, our servers are–they're not on premise, in that language. The Vital Stats doesn't have servers on site.

      The servers are a part of our broader network which are in an undisclosed location that is fully secured, protected and with ap­pro­priate cooling and fire suppression around that. We don't have our own servers anymore. They are–they're–it's a server that's provided–it's a service that's provided to us in an ap­pro­priate, server-managed environ­ment that covers all the security issues that you would expect and hope for.

      So, once they're digitized, they'll be in a–with the ap­pro­priate backups and all those other things, but.

Mr. Lamont: Where are we at with the fire safety around the building?

Mr. Sinclair: So, again, as I referenced fire–to install a traditional fire suppression mechanism, sprinklers, is not an option within that building. It's–the heritage folks said you can't do it. We are looking at options within our–you know, thankfully or not, I've also got our asset manage­ment ac­com­moda­tions piece.

      So we're working very closely with the–with our building folks as well as our engineers to identify alter­na­tive options that will work within that heritage environ­ment that don't include traditional sprinkled systems. We don't have that solution yet, but it's on our capital plan that once we design the solution that we'll be imple­men­ting that one.

Mr. Chairperson: Hearing no further questions or comments, I will now put the question on the report.

      Auditor General's report, titled Vital Statistics Agency, dated September 2020–pass.

      We now–[interjection] Oh. So, we have to recess at this point for two minutes because we have a switch-out of deputy ministers. Agreed? [Agreed]

The committee recessed at 11:18 a.m.

____________

The committee resumed at 11:26 a.m.

Mr. Chairperson: Will the com­mit­tee come to order.

      We will now consider the Auditor General's report, titled Physicians' Billings, dated January 2021. An action plan was provided by the de­part­ment, and I table this now.

Ms. Naylor: I have a sug­ges­tion that since we're starting the second half of our meeting late, that we would agree to extend this segment until 12:30 to break for lunch.

Mr. Chairperson: It's been suggested by Ms. Naylor that we extend the second session 'til 12:30. Are we agreed? [Agreed]

      Does the Auditor General wish to make an opening statement?

Mr. Shtykalo: Mr. Chair, over 3,000 physicians in Manitoba are paid through a fee-for-service process when eligible services are performed on Manitobans. Physicians are paid by Manitoba Health, Seniors and active living with the assumption that these billings are accurate, legitimate and can be supported by records and docu­ments held by the physician.

      The process of billing for services is complicated. There are hundreds of tariffs and precise circum­stances under which they are allowed. Navigating these circum­stances can be a challenge and it's understandable that errors, including overpayments, do occur. Prompt com­muni­cation and correction of these errors is key to improving performance.

      The current economic climate requires more than ever that public funds are spent carefully and in accordance with program guide­lines. In situations where it is confirmed that a physician was overpaid, it is im­por­tant that the de­part­ment undertakes a prompt recovery of the overpayment. Unfor­tunately, this step is not being taken.

      During the five-year period covered by our audit, the de­part­ment's audit and in­vesti­gation unit identified over $1 million in potential overbillings by phys­icians, and in almost all circum­stances the gov­ern­ment did not pursue recovery. In fact, we found that just over $10,000 was recovered during this period.

      I note that since our audit was conducted, the audit in­vesti­gations unit has been moved to the comptrollership and compliance unit under the Treasury Board Secretariat. These changes should not diminish the importance of recovering the full amount of overpayments made to physicians.

      This report contains six recom­men­dations. I'm pleased that the de­part­ment agrees with the recom­men­dations and is committed to resolving the issues we identified. I'd like to thank everyone for their co‑operation and ac­com­moda­tion during the course of this audit, and I look forward to the con­ver­sa­tion.

Mr. Chairperson: Thank you.

      Does the deputy minister wish to make an opening statement, and would he please intro­duce his staff joining him here today?

* (11:30)

Mr. Richard Groen (Deputy Minister of Finance): I'd like to make an opening statement, and I'll intro­duce the staff present with me today.

      To my right is Curtis Peters. He's the program manager of the comptrollership and compliance unit that the Auditor General just identified in his opening remarks. Behind me to my left is Andrea Saj, the Prov­incial Comptroller; and behind me to the right is Ann Ulusoy, secretary to Treasury Board.

      I would like to thank the com­mit­tee for the op­por­tun­ity to provide some brief comments in relation to the actions of the De­part­ment of Finance in fiscal year ending March 31st, 2022, in response to the OAG's audit of Physicians' Billings 2021.

      Physician remuneration audit is a large expendi­ture area. It would be the fifth largest de­part­ment if stand-alone; of approximately $1.3 billion in annual expenditures, of which approximately $850 million are related to fee-for-service billings by medical prac­ti­tioners.

      As reflected in the OAG's report, in­de­pen­dent oversight over fee-for-service medical expenditures is very im­por­tant in the interest of fiscal account­ability. In 2021, the Auditor General released its report on physicians' building–billings, which included six recom­men­dations, identifying the need for im­prove­ment in the following six areas: audit training, financial risk analysis, trans­par­ency, timeliness of the process, en­force­ment of financial recoveries and strict timelines for the arbitration process.

      The report also commented on legis­lative provisions relating to the audit process in The Health Services Insurance Act and the importance of effect­ively pursuing audit recoveries.

      During the period of the OAG's review and prior to the release of the report in 2021, actions were already being taken to redesign and improve the audit process, to improve the legis­lative basis of the audit function and to provide in­de­pen­dence of the audit function from the physician bargaining process.

      Sig­ni­fi­cant amend­ments were made to The Health Services Insurance Act in 2021 to clarify the minis­ter's legis­lative author­ity, which came into effect on January 2022, including author­ity related to audit recoveries and collection.

      As indicated by the Auditor General, in December of 2020, the audit function was relocated from the De­part­ment of Health to the De­part­ment of Finance in the comptrollership and compliance unit. As a result of these legis­lative changes and the organizational realignment, the comptrollership and compliance unit has been well positioned to positively respond to the OAG's findings through the design of a fair, con­sistent and thorough audit process and imple­men­ta­tion of the new process and operation of the CCU unit since December 2020.

      The CCU has been working closely with stake­holders and physician repre­sen­tatives to ensure that the perspective of Manitoba physicians is appropri­ately considered and in the interests of ensuring that the audit process is in accordance with the principles of procedural fairness and natural justice.

      The creation of the new CCU, with attention to the specific recom­men­dations of the OAG, has resulted in a vastly improved physician billings audit function, which addresses the issues raised by the Auditor General and is anticipated to provide increased billing compliance through effective en­force­ment and deterrence.

      We shall endeavour to answer all questions posed by the com­mit­tee in relation to the actions taken in relation to the OAG's report. As always, it is possible we may need to take questions as notice and provide a specific response to the question in writing later.

      Thank you.

Mr. Chairperson: Is there leave to allow the staff intro­duced in the deputy minister's opening statement to speak on the record if required? [Agreed]

      The floor is now open for questions.

Mr. Isleifson: Thank you for the infor­ma­tion in writing. It's easier to follow.

      But I do have a question–more looking for your feedback. Since the creation of the CCU and the imple­men­ta­tion of Bill 10, where, at that time, I believe your de­part­ment was very enthusiastic that the Bill 10 would help. Putting those two together, have we seen or have you seen much im­prove­ment in the renumeration collection of overbilling since that time?

Mr. Curtis Peters (Program Manager, Comptrollership and Compliance, Department of Health): For a little bit of context and back­ground in relation to–the question was essentially about findings and recoveries since January of 2022, so just in the past few months.

      It should be noted that audits take a con­sid­erable period of time to complete, and so we have quite a number of audits that are ongoing at the present time. The unit is fairly new and had some backlog of audits from the previous audit unit that we're still in need of completion, and as well as processes that needed to built and designed to get through this some­what sig­ni­fi­cant and long‑lasting audit process.

      So we have a number of audits that are about to result in final findings as a result of all of this work which we expect to, over the next few months, result in findings and recoveries in relation to those audits. All of that pending the arbitration process which can happen as a result of any issuance of findings.

Mr. Isleifson: I know it's new, so I didn't expect results imme­diately. I was just hoping that you found some benefit in the new de­part­ment with the new build because it's always nice, moving forward, when you have to be accountable to the public, that you have the proper tools.

      And when I talk about the tools, that leads me to my next question with the physicians them­selves. We know accidents occur. We know mistakes happen. And I'm just wondering if you have–what you have in place to follow up with a physician when you notify them of a require­ment of an overpayment for a reim­bursement, what process you have to follow up with them in the future when they make further claims.

* (11:40)

Mr. Peters: So the–just to reframe the question or to reiterate the question, if I may.

      The question was to whether or not there are processes in place to follow up with physicians based on the findings of the–of an ongoing or previous audit. And the answer, of course, is yes.

      We have been designing our process in such a way that it is an edu­ca­tional process for physicians sort of from the begin­ning of the process to the end, which includes issuance of preliminary findings before we go to our final findings phase so that physicians can understand the basis on which we are reviewing their infor­ma­tion and adjudicating their submissions. This allows them to understand what the framework is of the audit process so that they can understand in the future how better to improve their record keeping so that they can comply with the require­ments. This is then reiterated in our final findings after discussions with the physicians to make sure that we have the infor­ma­tion correct.

      And beyond that, the arbitration process will also be instructive, I believe, to help the physicians understand and help us understand the–what the optimal inter­pre­ta­tion is of the contract deliverables that they are subject to when they're billing.

      And a final step–and it might be multiple steps–is that if we find sig­ni­fi­cant findings, it is very likely that we will do yet another audit of that physician. So, essentially, up to now, we're working on sort of an initial audit basis, which is a sampling, in a sense, and then if we have sig­ni­fi­cant findings then we will have further audits which will yet provide further instruction to the physicians as to what the ex­pect­a­tions are.

MLA Lindsey: So it seems to me that you've identified that there's been sub­stan­tial financial over­billing. There hasn't been a big move to recover a lot of that. But what's the process? Help me understand that.

      There must be some sort of table that says, paid X number of dollars for this service, X number of dollars for that service. How does the mistake get made by the physician or the physician's office that they've overbilled in the first place? Is there a lapse in how the pay is structured in the first place that allows them to bill twice for the same thing or to bill so many hours more for a service that–is there guide­lines that set all that out, and how can they then overbill that?

      I guess that–simplify it for me.

Mr. Peters: Thank you for the question.

      So I'll begin by giving sort of a brief explanation of the physician billing process. I'll try and keep it as concise as possible and then describe how errors might be made in relation to that process.

      So every four years, typically, there's a negotia­tion process that happens between Doctors Manitoba and Manitoba Health. In that negotiation, the terms and con­di­tions of physician remuneration are esta­blished, and one of the things that comes from that, that flows from that, is the Manitoba Physician's Manual, which is a tariff guide, essentially a fee schedule for all of the fee‑for-service tariff codes that are used by Manitoba physicians in the province. That Physician's Manual has approximately 4,600 tariffs in it, so it is fairly complex. Of course, it has to–it's tailored some­what for each of the medical specialties, and it is expected to cover sort of the entire scope of physician practice in Manitoba on a fee-for-service basis. So it's a complicated guide and it has a lot of elements in it.

      The process, typically, for physician–when physicians bill fee-for-service, very often, you know, they will make notes and they will essentially–they provide the service–make notes and records in relation to that service which are then submitted to Manitoba Health electronically to the claims processing system. And the reason I mention this element of it is that very often there's a billing agent in between there, or this is–this work is done by physician's office clerks who make the submissions on behalf of the doctor. The doctor, ultimately, is respon­si­ble for what gets submitted, but that's just another element of the process.

      In terms of the Physician's Manual itself, some of the tariffs are very simple. It's quite straight­for­ward. You know, it's just, this is the service, this is how much you get paid. In a lot of other cases, though, there are terms and con­di­tions associated with each specific tariff. And to some degree, there–you know, you might have three tariffs associated with a parti­cular type of service.

* (11:50)

      I'll just give you the example of a visit service, a simple visit. Well, there are basic visits where–for which there are almost no require­ments. The patient sees the doctor, doctor sees the patient, and it pays. But for more complex visits, there might be a number of specific individual require­ments for the doctor to perform in order to get paid for that second level of visit. And then there's a complex visit that is beyond that again, where you run into some dif­fi­cul­ty on, you know, from–in terms of inter­pre­ta­tion, is, at which level spe­cific­ally does the service that was provided on that parti­cular day for that parti­cular patient end up being eligible for payment?

      So the point that I'm trying to make, essentially, is that the Physician's Manual is not a very simple, very clear docu­ment, it is a complex docu­ment with a lot of elements to it. That in itself creates the potential for physicians to make–have to make decisions about what they're going to bill. So, in some cases, without, you know, casting any aspersions on the physicians what­so­ever, they might choose a tariff that is at a slightly higher value than what we might find in our findings when we review the physician's records. In other cases, physicians may try and upcharge a little bit, maybe think, oh, well, I'll bill, you know, a group of these tariffs together, and then we look at it and we think perhaps that was not ap­pro­priate.

      So–and then, of course, there's the element of the physician provi­ding records to a billing agent or to a billing assistant who then makes the decision that might not even be the decision the physician would've made in terms of the billings. Nonetheless, from our perspective, if it's incorrect, then it's recoverable, and so we would pursue recovery of those claims.

      Doctors Manitoba's involvement in this, aside from being the bargaining agent for the physicians, in esta­blish­ing these tariffs in the first place and working through the–it's essentially every four years we go through another master agree­ment bargaining session. So Doctors Manitoba, of course, works on behalf of the physicians to esta­blish the increases. But they also provide infor­ma­tion to doctors with respect to what is expected and what has been agreed to in terms of the tariffs.

      Manitoba Health also provides infor­ma­tion back to the doctors in relation to their billings and their billing patterns to assist the doctors in under­standing what is expected in terms of claims submitted under the Physician's Manual.

      In brief, there are a number of different ways that physicians might arrive at a conclusion in terms of what they think is ap­pro­priate to bill, and there are a number of reasons why we might not agree with them. And they range from simple admin­is­tra­tive errors to contract inter­pre­ta­tion questions to simple complexity of the system.

MLA Lindsey: So it seems like it's a system that's been built that very spe­cific­ally allows this type of overbilling and, in fact, may actually encourage it to take place, that there's a lot of variables that would allow either the physician, the clerk or the billing agent to claim more than they should.

      Do you know where the majority of the mistakes–we'll call them for now–get made? Is it the local doctor's clerk that's doing the overbilling? Is it the billing agents that seem to have the bulk of the cases where there's overbilling? Is it family physicians? Is it more speciality-type doctors? Is it broken down into that, and do you have that kind of infor­ma­tion?

Mr. Peters: I think I'll start by sort of intro­ducing, again, the scope of the enterprise that we're looking at.

      In terms of risk identification, which I think is sort of the substance of the question, in this parti­cular area we're talking about approximately 27 million claims–individual claims that come in from physicians in a year. So it's a very large scale in terms of the audit process, and each individual audit is an audit of an individual physician and then yet, more spe­cific­ally, it's an audit of individual claims submitted by that individual physician.

      So the approach that we've taken–and this is in accordance with the recom­men­dations of the OAG–is to take a risk-based approach to auditing. The risks that we've identified as these primary risks at the present time–and this may change over time as we receive infor­ma­tion back that confirms whether or not we had findings on the basis of those risks–a number of them are, essentially, highest number of tariffs claimed by a physician in a year, so the physicians that essentially have the highest volumes–highest tariff dollar amount paid to the physician annually, physician outliers from usual practice patterns.

      And we have–essentially, there's a pattern of practice analysis system in Health that identifies physicians that have patterns of practice outside of the norm: high-risk tariff utilizations–so, essentially, tariffs that, in them­selves, we see over time as being overbilled or billed inappropriately, high incidence of anomalous billing–so, where we have sig­ni­fi­cant findings with a physician and then potentially do follow-up audits; as well as referrals and complaints from the college of physicians and surgeons or other physicians or the public and service delivery organi­zations.

      So that's where we start in terms of trying to identify where those risk areas are. Then, confirma­tion of that risk, of course, happens through the process of the audit itself. You know, do we have findings that correlate to what we expected in terms of our risk assessment?

* (12:00)

      Those risks and those assessments, once we've sort of identified where we think the risk lies, that infor­ma­tion can and will be shared with Doctors Manitoba in the–for the, you know, the purposes of them provi­ding further infor­ma­tion to their physicians about the process, about the risks and about what the ex­pect­a­tions are, and we hope that that will assist us in addressing these risks going forward and provide further edu­ca­tion to the physicians.

Mr. Lamont: Yes, just to follow up–thank you very much for that.

      Just to follow up on some of the questions where it comes to sort of using the risk-based audit approach, where are we at in terms of that proceeding? Just because I–in–just in looking at your comments, I mean, one of this is–there's $938 million in total fees, 3,000 fee-for-service positions, 27 million actual filed, but then those are the actual number of procedures.

      So when it–when the Auditor General says $1 million in overbillings were during the period that we're looking at, that's simply the amount that was captured, just to say, if I'm correct in saying that.

      And then the second part–well, I'll follow up with the second question, you know, just–so if you can just sort of make it clear, you know, where–if this is simply the amount that we know that was overbilled, or is that a total, or is that just simply from the result of the limited audits that you're able to pursue?

Mr. Peters: So, in relation to that period of time and the $1-million figure, essentially, that was the finding of the OAG in relation to the previous audit unit's work and it was in relation to a period of–it was a five-year period. So, essentially, over those five years, they had those findings.

      So the position we find ourselves in now is that we have a different process for approaching auditing, and that–those findings were not based on the same processes or on the risk-based approach that we are taking now. So the approach we're taking is to go back over those five years and work through that time period again. So, ultimately, the–what the final outcome of that is–remains to be deter­mined at this point.

Mr. Lamont: I was just wondering what–you know, I mean, one of the recom­men­dations is that the de­part­ment publish the results of physician audits performed by the audit and in­vesti­gation unit. So I was just wondering, have there been steps to make this infor­ma­tion public, and does it–how does it match or reflect or disagree with the findings of the OAG? I mean, are we–do we have a sense–I mean, the Auditor General found that, you know, we had a certain amount of money and only a bit was being collected.

      Has there been a sub­stan­tial change in the amount of–either the amount of overbillings being discovered or–and has there been an im­prove­ment in getting them paid back?

Mr. Peters: So, there were two parts to this question, I think.

      The first one was about, essentially, transparency and information to the public and–in relation to audit out­comes. The–our approach to this has been to essentially consider and work toward disclosure of our results on a public-facing venue, an online presence, which is still under work.

* (12:10)

      The con­sid­era­tions that we have to take are in relation to the ap­pro­priate level of disclosure in terms of audit findings. We–it's im­por­tant to ensure that we demon­strate public account­ability and trans­par­ency while at the same time balancing that with the pro­tec­tion of privacy of the physician and of the physician's medical practice. So that–we are working toward that end and anticipate having results that will be pub­lished and publicly available within those parameters.

      In terms of the question about whether or not our findings are–I think, essentially, you were asking whether our findings are aligned with previous audit findings or whether we're finding that we're having sort of a different set of results. At this stage in the process, the two processes are–were significantly different based on different approaches to finding results and to approaching results as well. We've–so, it's difficult to see any direct alignment because, to some degree, we'd be comparing apples and oranges.

      That being said, it's also im­por­tant to note that we have–we find very different out­comes from one physician to the next. So, comparing this batch of physicians to a batch of physicians that were audited over a five-year period of time historically, it's hard to really assess whether or not there would be a lot of validity to direct comparison of those things.

      So I hope I've answered your question, subject to any follow-up questions you might have.

Mr. Smook: Thank you very much for being here today and answering our questions.

      In the opening comments, it was–it sounds like things have improved vastly over the last few years. And I'm just wondering–some of the questions were answered for–from when Mr. Lamont and what he had asked, but if another audit was to be held today, would you find that there would be a–again, a vast im­prove­ment on the results? Or is it because the audits would take a look at what was happening from different perspectives?

Mr. Peters: Thank you for the question.

      So, in relation to whether or not we would be likely to have improved findings if we conducted the same audits now as we had previously, there are a number of factors involved in that con­sid­era­tion. And a few of them are that essentially, over time, part of the audit process is intended to be instructional to physicians and to assist them in under­standing what billing practices are required, what is required in terms of compliance.

      So–and in addition to that, there may be a deterrent effect that results from physicians being audited and from a general awareness of physicians being audited. These things tend to–or might tend to change the physician behaviour over time in terms of repeated audits or audit of the same area. So, in that respect, the playing field changes slightly over time simply because of the nature of the process.

      It's also im­por­tant, I think, to note that the success of the audit process, it shouldn't be measured solely on the basis of findings. There's no preconceived notion that we are going to find anything or that there is a problem when we're auditing a physician. We are, essentially, objectively looking at what we're likely to find using a risk-based process. But, essentially, if there are no findings in relation to a physician, that's very good news. Essentially, it means that the physician is conducting their practice effectively and doing a good job of keeping their records and billing effectively.

      A large part of the focus of this process, ultimately–perhaps not the focus, but at least a con­se­quence of an audit process is that physicians learn from the process as well, as does Doctors Manitoba. And, hopefully, this will result, ultimately, in a deterrent effect that would reduce findings over time if we are doing our jobs effectively.

      I think those are my comments.

Mr. Smook: I guess those are all very valid points, and that's why I'm asking the question. Like, training and showing people how to do it properly, like, say, the–in the last–in the Auditor General's report, it stated about $1 million was out there.

      But that million dollars, like, what part of that million dollars was held, like, from mistakes or–on either side, whether it be the people auditing or the person billing? Like, you'd think that with time, it should improve, and that's basically what I was wondering about, what the im­prove­ments are.

* (12:20)

Mr. Peters: With respect spe­cific­ally to the $1 million of findings that are referenced, as our current processes were not in place at that time, it's difficult for us to comment on whether–or what proportion of those $1 million might have been as a result of one type of error or another type of error. So I can't speak spe­cific­ally to that.

      But what I can tell you is that the processes that we put in place in terms of our risk assessment process and the way that we're adjudicating physician records and submissions will allow us to be able to track spe­cific­ally which elements of which tariffs were not complied with and tally that at the end of an audit, and tally that at the end of a year for all physicians, as well as for us to track what sorts of errors appear to be simply admin­is­tra­tive errors or what proportion of them were–you know, we will have exact numbers in relation to each audit that's done on a claim-by-claim basis.

      So as long as we're working on a claim-by-claim basis, we'll be able to provide some–or have for our future risk assessment and design purposes very clear infor­ma­tion about the proportion of where the risk is. And that infor­ma­tion also, to the extent that it's shared by the physicians with Doctors Manitoba, will also assist in further edu­ca­tion for physicians going forward in terms of their–helping with their under­standing of what's required for compliance.

Ms. Naylor: Yes, I just have a question that goes back to the, like, the total of overbillings that were identified by the Auditor General in the original, like, in the 111 audits that were performed in the four-year period between 2015 and 2019, that there was over $1 million in overbillings.

      And so I had asked this question of the AG before, and I'm wondering if you can speak to it. It seems like that's just such a tiny, tiny fraction of audits that were actually done when you talk about 27 million claims in a year.

      And so, does your de­part­ment actually have any sense of, you know, on an annual basis, how much money in overbillings is spent of the public purse?

Mr. Peters: So, the question, essentially, about what our ex­pect­a­tions are, our assessment overall of what the risk levels might be across the province. With respect to that, essentially, that's the basis in–of how we formulate an annual audit plan, is in an attempt to arrive at some kind of an assessment of that.

      Now, the obstacles in our path, of course, are 27 million claims annually, which is a very large area to sample, and it's a non-homogenous popu­la­tion of claims as well, and of doctors. So, in terms of attempting to apply statistical methodology, there are complexities associated with this.

      We have CPA auditors who are experts in designing audit functions who are assisting us in developing our processes in that regard. And another complexity is the fact that we're approaching this from a risk-based assessment, which means that in a sense we're selecting a smaller sample of high risk and not looking at the entire province when we're making these–our annual audit plans, which–all of which adds sort of complexity to giving you a simple answer to that question.

      Ultimately, what we've found so far is that in the small samples–small number of samples relative to this massive popu­la­tion that we've looked at so far, all of which were selected on the basis of a high-risk methodology.

      So, again, this should not be considered to be reflective of any kind of an assessment of what's going on overall in the province, but we found that there have been findings, on average, between about 10 and 17 per cent of non-compliance in some of the–in the audits that we've done to date, and that's since 2020–December of 2020.

Mr. Chairperson: The hour is now 12:30. Our time allocated is expired.

      What is the will of the com­mit­tee? We have three more MLAs on the list.

MLA Lindsey: I think we have a lot more questions, so perhaps we'll just say no to passing this and reconvene another day.

Some Honourable Members: Agreed.

Mr. Chairperson: Agreed and so ordered.

      So, now we'll put the question on the report–hearing no further questions or comments, I will now put the question on the report.

      Shall the Auditor General's report titled physicians' buildings–billings, dated January 2021, pass?

An Honourable Member: No.

Mr. Chairperson: I hear a no. The report is accordingly not passed.

      And the hour being 12:30, what is the will of the com­mit­tee?

Some Honourable Members: Rise.

Mr. Chairperson: Com­mit­tee rise.

COMMITTEE ROSE AT: 12:31 p.m.


 

TIME – 10 a.m.

LOCATION – Winnipeg, Manitoba

CHAIRPERSON – Mr. Jim Maloway (Elmwood)

VICE‑CHAIRPERSON – Mr. James Teitsma (Radisson)

ATTENDANCE – 9     QUORUM – 6

Members of the committee present:

Messrs. Isleifson, Lamont,
MLA Lindsey,
Messrs. Maloway, Martin, Michaleski,
Ms. Naylor,
Messrs. Smook, Teitsma

APPEARING:

Mr. Tyson Shtykalo, Auditor General

WITNESSES:

Mr. Richard Groen, Deputy Minister of Finance

Mr. Scott Sinclair, Deputy Minister of Labour, Consumer Protection and Government Services

Ms. Kathryn Durkin‑Chudd, Assistant Deputy Minister, Consumer Protection Division, De­part­ment of Labour, Consumer Pro­tec­tion and Gov­ern­ment Services (by leave)

Mr. Curtis Peters, Program Manager, Comptroller­ship and Compliance, De­part­ment of Health (by leave)

Ms. Andrea Saj, Prov­incial Comptroller (by leave)

Ms. Ann Ulusoy, Secretary to Treasury Board (by leave)

MATTERS UNDER CONSIDERATION:

Auditor General's Report – Vital Statistics Agency, dated September 2020

Auditor General's Report – Physicians' Billings, dated January 2021

* * *