The Centers for Medicare & Medicaid Services (CMS) launched its nursing home rating system in 2008, which has been widely used among patients, doctors and insurance companies. The system rates nursing homes based on a combination of CMSs inspection results and nursing homes self-reported measures. Prior research has shown that the rating system is subject to inflation in the self-reporting procedure, leading to biased overall ratings. Given the limited resources CMS has, it is important to optimize the inspection process and develop an effective audit process to detect and deter inflation. In this paper, we first examine if the domain that CMS currently inspects is the best choice in terms of reducing the percentage of nursing homes that can inflate and reducing the difficulty of detecting such inflators. We develop a novel graph-based approach and use publicly available data on nursing home ratings to show that CMSs current choice of inspection domain is not optimal if it intends to minimize the number of potential inflators, and CMS will be better off if it inspects the staffing domain instead. We also show that CMSs current choice of inspection domain is only optimal had there been an audit system in place to complement it. We then design an auditing system for CMS which will be coupled with its current inspection strategy. We analyze the performance of the audit system in terms of net audit budget and audit efficiency. To design the audit system, we consider nursing homes reactions to different audit policies, and conduct a detailed simulation study on the optimal audit parameter settings. Our result suggests that CMS should use a moderate audit policy in order to carefully balance the tradeoff between audit net budget and audit efficiency.

The basic premise of iterative and evolutionary project management is that a project is divided into early, frequent and short duration delivery steps. Each step attempts to deliver some real value to stakeholders. The increment size and iteration length usually depend on profitability, finance, deadline, etc. rather than consider the functions of a developing system. It is difficult to guarantee the correctness at every iteration step. In this paper, we propose a method of ensuring correctness of iterative design in terms of the functions of software. The method first obtains the correct (deadlock-free) atomic subsystems of a system using a decomposition approach. In the iterative development process, the method then requires that one atomic subsystem or the composition of multiple atomic subsystems is regarded as one increment. Every increment is naturally correct and can be completely independently developed, independently deployed and independently maintained. The currently released system in each iteration step is naturally guaranteed to be correct. It is not necessary for developers to consider the composition of the increment and the previously released system may cause flaws and errors. We also discuss the approach for ensuring correctness when design modifications are made at an iteration step. Finally we explore the automatic decomposition of a system into multiple atomic subsystems and present the corresponding algorithm. Cases demonstrate these results.