(March 10, 2016): Has your practice, home health or hospice received an audit letter from a Zone Program Integrity Contractor (ZPIC)? If so, one of the first questions you are likely to ask is how did this ZPIC audit get started? Why is our practice being targeted in a ZPIC audit? As a review of the administrative enforcement landscape will show, there are a myriad of tools at the disposal of the government (and its contractors) to identify and target a health care physician provider or supplier for ZPIC audit or investigation. In this article, we will provide an overview of the primary targeting tools utilized by the government and its various Medicare contractors.
I. Primary Source of Information Used to Target a Medicare ZPIC Audit.
As Chapter 2, Sec. 2.4.C of the Medicare Program Integrity Manual (MPIM) reflects:
“Claims data is the primary source of information used to identify and target fraudulent, wasteful or abusive activities.”
ZPICs around the country have been given ready access to a wide variety of claims coding, billing and utilization databases and are expected to perform complex data analysis with this data in an effort to ferret out health care providers and suppliers whose billing history appears to suggest that improper coding and / or billing practices may be taking place. Frankly, that’s the problem with ZPIC targeting methods. If a health care provider’s claims utilization and billing practices are outside of the norm (making the provider an “outlier”), that provider is likely to be audited or investigated by a ZPIC or another contractor working for the Centers for Medicare and Medicaid Services (CMS).
II. Secondary Sources of Data Used by ZPICs to Identify and Target Fraud and Abuse.
As set out in the MPIM, Sec. 2.4.D, CMS has directed ZPICs to consider the following additional sources of data when determining whether further analysis against a health care provider or a specified set of claims is needed. These additional sources of data include, but are not limited to:
• OIG and Government Accountability Office (GAO) reports;
• Fraud Alerts;
• Beneficiary, physician and provider complaints;
• Appeals data from QICs, including appeals overturn rate for a particular type of claim;
• Referrals from the QIO, other contractors, CMS components, Medicaid fraud control units, Office of the U.S. Attorney, or other federal programs;
• Suggestions provided directly or implicit in various reports and other materials produced in the course of evaluation and audit activities, (e.g., contractor evaluations, State assessment, CMS-directed studies, contractor or State audits of providers);
• Referrals from medical licensing boards;
• Referrals from the CAC;
• Peer Review Reports such as the First look Analysis Tool for Hospital Outlier Monitoring (FATHOM) and Program to Evaluate Payment Patterns Electronic Report (PEPPER), and Comparative Billing Reports;
• Information on new technologies and new or clarified benefits;
• Provider cost reports;
• Provider Statistical and Reimbursement (PS&R) System data;
• Enrollment data;
• Overpayment data;
• Pricing, data analysis, and coding (PDAC) data;
• Referrals from other internal and/or external sources (e.g., MAC audit staff, audit staff or, MAC quality assurance (QA) staff);
• Medicare Learning Network–which includes MedLearn Matters articles and Quarterly Provider Compliance Newsletters;
• IBM Cognos support for the Part D and Drug Data Processing System (DDPS) using the Teradata data repository;
• CMS prepared data, such as a listing of distinct providers or suppliers and/or bills that require medical review; and
• CMS Chronic Conditions Data Warehouse (CCW).
III. When Facing a ZPIC Audit, the “Fix” is In – Guilty Until Proven Innocent.
Rather than reviewing a provider’s claims with no preconceptions in place, we believe that once a provider is identified as an outlier, there is a presumption on the part of ZPIC auditors and claims reviewers to find that the provider has engaged in improper billing activities. As the former General Counsel for one the ZPIC’s once stated:
“All of the claims audits we conduct are in connection with either a fraud case or a POTENTIAL fraud case.” (paraphrased).
Frankly, this statement says it all. ZPICs view themselves as an extension of law enforcement, despite the fact that they a merely a federal contractor working under the direction of CMS. This can place health care providers in a no-win situation. On the one hand, as a participating provider in the Medicare program, a health care provider has an obligation to cooperate with a ZPIC conducting a claims audit. Unfortunately, ZPIC investigators often request to interview physicians and other clinical staff. Since the ZPIC investigator is not technically a law enforcement official, witnesses are not advised of their rights against self-incrimination and may inadvertently make one or more statements that are not in their interests. This is especially important when you consider the fact that one of the factors currently being used as an evaluation metric when assessing the performance of ZPICs by CMS is whether the contractor has been making suspected fraud referrals to the Department of Health and Human Services, Office of Inspector General (HHS-OIG) and / or the U.S. Department of Justice (DOJ) for law enforcement review and prosecution. In fact, as HHS-OIG’s 2016 Work Plan states:
We will review the level of benefit integrity activity performed by Medicare benefit integrity contractors in CYs 2012 and 2013. This review will highlight trends in integrity activities and allow for a quick comparison of program results across years, across contractors, and across the parts of the Medicare program. CMS contracts with entities to carry out benefit integrity activities to safeguard Medicare against fraud, waste, and abuse. Activities that these contractors perform include analyzing data to identify aberrant billing patterns, conducting fraud investigations, responding to requests for information from law enforcement, and referring suspected cases of fraud to law enforcement for prosecution. (Emphasis added)
Regardless of whether the ZPIC investigator seeks to conduct interviews of your staff in an audit, after reviewing your medical documentation, the ZPIC may decide that its findings warrant referring the case to HHS-OIG or to DOJ for civil and / or criminal review and enforcement. In most cases, the ZPIC will likely find conclude that although an overpayment has been identified, the provider’s conduct does not warrant referring the case outside of the administrative appeals process. The ZPIC will then choose to treat the improper billing practices identified as an overpayment rather than as fraud.
IV. Responding to a ZPIC Audit.
In responding to a ZPIC audit, it is important to remember that although they may not technically be “bounty hunters,” it is to their benefit to find that an overpayment has occurred. These overpayments are often based on overlapping technical (such as an incorrect place of service code) and substantive (such as lack of medical necessity) reasons for denial.
Immediately upon learning of a ZPIC audit, regardless of whether the audit is a probe sample or appears to be an expanded sample of claims, we recommend that you contact legal counsel experienced in handling ZPIC audits and investigations. There are preemptive steps you may be able to take that can reduce the likelihood of a large overpayment. Addressing problematic claims on the front end may even held you avoid a situation where a ZPIC seeks to place your practice on prepayment review or recommend to CMS that you be suspended from the Medicare program. It may also stop the ZPIC from making a fraud referral to HHS-OIG or DOJ for review, assessment and possible prosecution.
Robert W. Liles, M.B.A., M.S., J.D., serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law. Liles Parker is a boutique health law firm, with offices in Washington DC, Houston TX, San Antonio TX, McAllen TX and Baton Rouge LA. Robert represents health care providers and suppliers around the country in connection with Medicare audits by ZPICs, SMERCs, RACs and other CMS-engaged specialty contractors. Our firm also represents health care providers in HIPAA Omnibus Rule risk assessments, privacy breach matters, State Medical Board inquiries and regulatory compliance reviews. For a free consultation, call Robert at: 1 (800) 475-1906.
(4/7/15) On February 4, 2015, the Centers for Medicare and Medicaid Services (CMS) issued Transmittal 567, Change Request 8563, which tightened the timeline for Medicare providers and suppliers to respond to Medicare Administrative Contractor (MAC) and Zone Program Integrity Contactor (ZPIC) requests for Additional Documentation Requests (ADRs). Providers and suppliers are now limited to a 45 calendar day timeframe to produce the additional requested documentation. Moreover, they should no longer expect that a request for an extension of time will be granted.
CMS review contractors – such as MACs and ZPICs – may not have enough information to make a determination on a claim under review. In these circumstances, the CMS contractors have the right to request additional documentation from the provider or supplier through an ADR. Unless providers and suppliers furnish the additional requested documentation, no payments may be made for claims under review.
Moreover, when requesting documentation for prepayment review, the MAC and ZPIC must notify providers that the requested documentation is to be submitted within 45 calendar days of the request. Importantly, extensions will not be granted to providers who need more time to comply with the request. Claim reviewers will also deny claims for which the requested documentation was not received by the 46th day.
Medicare providers and suppliers should take efforts now to ensure that their billing staff and compliance personnel are aware of these important timing changes. If you have any questions regarding an ADR issued by a MAC or ZPIC, please feel free to give us a call today. We would be more than happy to assist you in these as well as other compliance-related matters.
Robert Saltaformaggio, Esq. is a health law attorney with the boutique firm, Liles Parker, Attorneys & Counselors at Law. Liles Parker has offices in Washington DC, Houston TX, McAllen TX and Baton Rouge LA. Our attorneys represent health care professionals around the country in connection with government audits of Medicaid and Medicare claims, licensure matters and transactional projects. Need assistance? For a free consultation, please call: 1 (800) 475-1906.
 Social Security Act, Section 1833(e)
 Pub 100-08, Medicare Program Integrity Manual Chapter 3, Verifying Potential Errors and Taking
Corrective Actions, Section 22.214.171.124
(September 15, 2012): Over the last year, Zone Program Integrity Contractors (ZPICs) have turned much of their attention to prepayment review, the process by which the Medicare contractor reviews a claim for problems before it is paid. Unlike postpayment audits, if your organization is placed on ZPIC prepayment review, there is very little you can do other try to identify the nature of deficiencies noted so that remedial action can be taken. Being placed on prepayment review does not trigger any type of an administrative appeals process, thereby potentially making prepayment reviews incredibly damaging for a small provider or DME supplier. In addition, there is no “silver bullet” method for getting off ZPIC prepayment review quickly – it is left essentially to the discretion of the contractor. Couple this with recent rules eliminating the time restrictions for a ZPIC to keep a provider on prepayment review, and the ZPIC could theoretically maintain a prepayment review action forever.
I. Who do We Turn To if Our Health Care Practice or Company is Placed on Prepayment Review?
Recently, we noticed that a least one provider association attempted to turn to the Small Business Administration (SBA) to heko sort out their problems with ZPICs and Medicare. While a creative option, it is not likely a solution that is going to get you very far.
The Centers for Medicare & Medicaid Services (CMS) and its contractors are not obliged to follow the direction of the SBA or many other entities, and even if they were, there is considerable support from the public and the government regarding the prepayment review process in light of the persistent Medicare fraud from which the program suffers. Instead, there are really only two options for responding to prepayment review.
First, you could file a suit for injunctive relief against CMS. For this option, you would hire an attorney to sue the government in the hopes that a federal judge would find that the ZPIC should be restrained from continuing its prepayment review. Normally, you would need to prove at least 3 things to obtain an injunction:
A cause of action against CMS;
A probable right to the relief sought (success on the merits); and
An imminent, irreparable harm.
Unfortunately, proving a cause of action against CMS or a ZPIC can be difficult, as can be proving irreparable harm (that is, something that can not be fixed with money). Just think about it – in what other industry would a consumer get to pay for something first and then find out if the product they bought it broken. But under the current Medicare system, that is exactly what is happening. The government is paying for medical services without seeing if they are legitimate until several years later. So the ZPIC prepayment review process is probably going to be upheld by a federal judge as a fair exercise of the government’s right to protect its funds. Moreover, ZPIC prepayment review does not involved the destruction of property or the loss of life (although there is possibly an access argument that could exist in certain situations), and usually unless one of these two elements is present, there is not “irreparable harm.” Instead, whatever harm actually does occur can be fixed with money. Because of these issues, it can be very hard, if not impossible, to successfully obtain injunctive relief. Add to this the costs and expenses associated with going to federal court, and this is not really a great option.
Second, we’ve developed a strategy to deal with ZPIC prepayment review based on our experience with clients who’ve gone through the process in the past. While this involves a lot of work and some great organizational skills, it is the only true way to get off of ZPIC prepayment review and stay off. Quite simply, you have to attempt to meet the ZPIC’s demands and requirements, until you’ve proven to them that you’ve cleared up any problems associated with your claims. The process can be drawn out, especially when it takes about 4 – 6 months for the ZPIC to make a decision on your first set of claims, but once you know what problems they’ve identified, you can proactively address those problems so that the ZPIC cannot rely on that issue moving forward. Eventually, the ZPIC will have nothing left to criticize, and with some well-placed calls from an attorney, will likely terminate the prepayment review. The lasting benefit of this option, of course, is that your claims should be easily defensible in any administrative, civil, or criminal action that may be brought against you. Through the course of this process, it is important to engage and retain qualified health law counsel to assist and advise you on aspects of the ZPIC prepayment review and specific coding, billing, and medical necessity issues identified.
ZPIC prepayment reviews are hard to address because there is no proverbial “silver bullet” to end it. And the government is turning to this effective tool more and more often, as it recognizes the fiscal benefits of preserving the Medicare trust fund. Nevertheless, it can cost honest providers tremendous time, energy, and in some cases their business. ZPIC prepayment review generally cuts off the cash flow of either 30, 70, or 100% of a provider’s Medicare claims as the ZPIC reviews those claims, and for most providers, this is too much to bear. Nevertheless, those providers who have a lot at stake and the resources to survive for a substantial amount of time can and do make it out of ZPIC prepayment review.
Robert W. Liles counsels providers on prepayment review issues and represents clients in Medicare and Medicaid post-payment appeals. In addition, he advises clients on HIPAA compliance risks, HIPAA breach notification and implementing effective compliance plans. Robert also performs gap analyses and internal reviews and trains healthcare professionals on compliance issues. For a free consultation, call Robert today at 1-800-475-1906.
ZPICs Have Conflict of Interest
HHS-OIG recently released a report concerning the professional independence of CMS contractors. Specifically, OIG identified that several organizations serving as Zone Program Integrity Contractors (ZPICs) had conflicts of interest, whereby the ZPIC “could be in the position of evaluating work performed or associated with its own company.” For instance, one ZPIC’s parent company had a contract with a Medicare Part D plan sponsor to provide technological implementation and operations. Another ZPIC’s parent company owned Medicare Part C and D plans which were at work throughout the country. Another ZPIC applicant’s parent company was also a Medicare Part C and D plan sponsor in the zones for which the ZPIC had submitted a proposal. Thus, each ZPIC could be put in the position of having to evaluate its work or the work of its parent organization.
Nevertheless, OIG found that each one of these potential conflicts had in some way been “mitigated.” This is done through screening processes and other techniques, by which those who bid on government contracts and perform the actual auditing duties of the ZPIC are not the same as those administer the company’s (or parent company’s) other programs. We’ve previously discussed some of the Medicaid contractors for various “hot-spot” cities, such as Baton Rouge and Houston, and you might find it interesting to note that a lot of Medicaid claims processing contractors or benefit integrity contractors are companies like Xerox (ACS) and HP (the same companies that you get copiers and computers from). Many of these large conglomerates have found that securing a bid for a Medicare or Medicaid contract can be a lucrative business, but because they are so large, there are often conflicts between the various divisions.
Looking specifically at OIG’s report, the report itself does not name names. It does not identify which companies specifically had conflicts, but does instead note that two of the five ZPIC contracts currently awarded have actual conflicts of interest. This can be a scary thought: what kinds of incentives do the people reviewing my claims for payment or denial have? Could they deny my claims because I’m in a certain state or region, but pay similar claims so that their claims processing department has better numbers? Well, it’s possible – but not probable.
Effects on ZPIC Claim Review
At the end of the day, a ZPIC is a ZPIC and a RAC is a RAC. These Medicare contractors are designed to identify problematic claims, review them with a critical eye, and deny them if they don’t meet stringent technical and medical requirements. The simple fact that the ZPIC’s parent company owns other health care operations is probably not enough to affect the judgment of individual auditors. These auditors, anyway, are already looking for a reason to deny a claim. In fact, we have been in many situations when denial of 100% of a sample was not uncommon. ZPICs often cite multiple reasons for denying a claim when they update a provider on the results of the review, usually relying on both a technical aspect (missing signature/legibility) and a medical aspect (medically unnecessary service/documentation does not support the level billed). It’s been our experience that a strong and all-encompassing approach when appealing these denials is important.
CMS Changes to ZPIC Bidding
In any regard, the OIG’s report came down hard on CMS for failing to adequately screen ZPICs and their subcontractors before awarding them contracts, noting that, “[c]urrently, CMS does not use a written policy or standard checklist to facilitate its review of Organizational Conflict of Interest Certificates. In addition, we found no documentation showing that CMS conducted a review of some offerors’ and subcontractors’ certificates. In some cases, even after CMS had requested revised certificates, required conflict and financial interest information was still missing.” In other words, CMS ignored a number of its duties in pre-screening ZPICs for possible and actual conflicts. As a result, OIG recommended that CMS develop more formal policies and procedures for reviewing conflict of interest problems and that CMS require bidders to more thoroughly note any actual or potential conflicts.
Robert Liles represents providers in Medicare post-payment audits and appeals, and similar appeals under Medicaid. In addition, Robert counsels clients on regulatory compliance issues, performs gap analyses and internal reviews, and trains healthcare professionals on various legal issues. For a free consultation, call Robert today at 1-800-475-1906.
Michael Cook and Robert Liles, partner and managing member of Liles Parker, respectively, are extensively quoted in an article published in the May 2012 issue of Provider Magazine. Provider Magazine is the official publication of the national trade association for nursing and skilled nursing providers. The article, entitled “Fraud Fighters Mine Data,” focuses on the fact that skilled nursing facilities (SNFs) have seen a substantial uptick in both the volume and level of aggressiveness of ZPICs in their audits of SNF providers. The article discusses how ZPICs are utilizing data mining techniques and predictive modeling to target SNFs that they believe have a high prevalence of submitting claims for residents in the Ultra High Resource Utilization Groups (Ultra High RUGs).
The article discusses not only the increase in volume, but also the fact that ZPIC auditors are showing up at facilities without notice, and often demanding to see records and interview staff during the middle of the day, when the staff are also responsible for delivering resident care. The article also discusses the likely driver of the audits, a report from HHS-OIG, and why a high prevalence of patients falling within the Ultra High RUGs may not signify any improper billing, but rather simply reflect the fact that treatment of what previously was labeled sub-acute patients, and the increasing of acuity in the resident complement, may simply represent current and cost efficient use of resources.
In the article, Mr. Cook and Mr. Liles comment on steps that SNF providers can take in protecting themselves against these audits, not only through the appeals process, but also through the implementation of strong compliance and quality assurance programs, as well as training of staff on how to respond to these audits. While the article is specific to ZPIC audits of SNFs, the preventive strategies discussed by Liles Parker attorneys are transferable to all provider groups, including home health agencies, durable medical equipment suppliers, hospices, and physicians.
The link to the article is http://www.providermagazine.com/archives/archives-2012/Pages/0512/Fraud-Fighters-Mine-Data.aspx.
Liles Parker attorneys have extensive experience working with nursing facilities and other providers and their associations on matters of this nature. This includes working with clients on compliance issues, audits, appeals, and training. For a free consultation, contact Michael Cook or Robert Liles at 202-298-8750.
I. HHA Compliance Background:
Over the past few weeks, several important events and issuances have occurred which should have home health agencies (HHA) in Texas, Oklahoma and the rest of the country rethinking the adequacy of their existing HHA compliance efforts. While the practices of many home health agencies have long been a concern of the Department of Health and Human Services, Office of Inspector General (HHS-OIG) and the Centers for Medicare & Medicaid Services (CMS), the government’s apprehension appears to be at an all-time high. Last week, HHS-OIG issued yet another report recommending that CMS further tighten its oversight of home health providers through the implementation of additional sanctions for non-compliant home health agencies. Notably, HHS-OIG’s report has been issued on the heels of a significant home health fraud investigation centered in the Dallas, Texas area which was reportedly initiated by Health Integrity, the Zone Program Integrity Contractor (ZPIC) covering Texas and Oklahoma.
II. HHS-OIG’s Home Health Report of Fraud and Abuse:
On March 2, 2012, HHS-OIG issued a report entitled, “Intermediate Sanctions for Noncompliant Home Health Agencies” which examined CMS’ ongoing efforts to identify and sanction home health agencies that were non-compliant with Medicare’s applicable conditions of participation. As detailed in the report, CMS (formerly known as the Health Care Financing Administration (HCFA)) was directed in 1987 to develop and implement “intermediate sanctions” against home health providers violating Medicare rules. These sanctions were anticipated to include civil monetary penalties (CMPs), Medicare payment suspension, and even appointment of temporary management of a noncompliant agency. Initially required to implement these sanctions under the Omnibus Budget Reconciliation Act of 1987 (OBRA 1987), CMS issued a Notice of Proposed Rulemaking in 1991, but subsequently withdrew this notice in 2000.
CMS has stated that it anticipates publishing new proposed rules in September 2012 addressing these “intermediate sanctions.” Frankly, home health providers and their associates cannot continue down the current path. While both CMS and HHS-OIG recognize the important role played by home health agencies in the care and treatment of homebound Medicare beneficiaries, the government has made it abundantly clear that participating providers must fully comply with applicable medical necessity, coverage, documentation, coding and billing rules. Non-compliant providers are being immediately suspended and / or excluded from participating in the Medicare program. Moreover, health care providers who engage in nefarious activities are being aggressively prosecuted.
III. Health Integrity’s Audit of Home Health Agencies:
Since winning the contract in 2009, Health Integrity, the Zone 4 ZPIC covering Texas, Oklahoma, New Mexico and Colorado, has conducted a wide variety of Medicare post-payment audits throughout Zone 4. To their credit, Health Integrity’s audits have not been limited to merely large metropolitan areas. Rather, the ZPIC is in the process of “leaving no stone unturned,” conducting audits and reviews of home health agencies throughout Zone 4, regardless of size, revenues and / or location.
To be clear, Health Integrity’s audits have not been limited to only home health services. The ZPIC has actively reviewed the operational, coding and billing practices of a wide variety of Part B health care providers in Zone 4. Nevertheless, the ZPIC does appear to have redoubled its audits of home health agencies in Texas and Oklahoma who appear to be outliers through data-mining activities. After reviewing the homebound status of both prior and current patients, clinicians working for Health Integrity have been thoroughly assessing the care and treatment provided by billing home health agencies. After carefully assessing the medical records forwarded by the home health agency, in many cases Health Integrity has concluded that it is appropriate to seek extrapolated damages based on the post-payment audit conducted.
IV. Health Integrity is on the Front Line of Home Health Fraud Identification:
Despite the fact that most Texas home health agencies are doing their best to operate within the four corners of the law, there are still a number of providers who are continuing to engage in wrongdoing. Texas home health providers recently received significant negative media coverage for fraudulent and abusive billing practices allegedly committed by agencies within their ranks. As you may have heard, just last week a physician and several home health agency “recruiters” in the Dallas-Fort Worth area were indicted in the largest Medicare fraud scheme in history, allegedly totaling nearly $375 million for home health services either not needed or never provided. Additionally, it was noted that over 75 home health agencies to whom referrals were made have also been implicated in the wrongdoing. Such an enormous scheme only further demonstrates the fact that fraudulent activity in home health services is continuing, despite the fact that mostTexashome health providers are well-meaning organizations, trying in good faith to provide medically necessary services to our nation’s most sick and disabled. Nevertheless, such accusations only increase suspicion and scrutiny of the entire home health industry in this region.
In a separate incident, a news reporter recently had a healthy, yet elderly, woman pose undercover as a potential home health patient when visiting a physician in South Texas. The reporter noted that the healthy patient was allegedly improperly diagnosed and certified for home health services. While some providers may be concerned about the use of patients in undercover sting operations such as this, the fact is that improper conduct is occurring, at both the physician referral and the home health agency level, clearly illustrating why law enforcement is concerned that fraud is continuing to occur in this area of practice. In light of these and similar cases, it is clear why Health Integrity appears to be “ramping up” its reviews of home health providers throughout Texas and Oklahoma.
V. What HHA Compliance Steps Can a Provider Take to Reduce Risk?
To be clear, there is no proverbial “silver bullet” that can be used by a home health agency to avoid the scrutiny of Health Integrity and / or law enforcement. Every home health agency in Texas and Oklahoma should expect to be audited. Rather than wait for such an eventuality, home health agencies should affirmatively review their operations, coding and billing practices to ensure that their practices squarely fall within the rules. Although not all-inclusive, the following five steps can serve as an excellent starting point when preparing for an audit of your agency’s home health claims:
Recommendation #1: Don’t assume that your current practices are compliant, check them out! Conduct a “gap” analysis and implement an effective HHA Compliance Plan. While most, if not all, home health agencies will profess to have an HHA Compliance Plan already in place, the real question is whether the existing plan is “effective,” or merely a sample that was obtained by the agency in the past. No two home health agencies are alike. As a first step, a home health provider needs to engage qualified legal counsel to advise the organization on whether the agency is properly operating at a baseline level of HHA compliance. If not, remedial steps must be taken so that the agency can move forward in a compliant fashion.
As you will recall, Section 6401 of the Affordable Care Act (ACA) (generally referred to as the “Health Care Reform Act”) states, “. . . a provider of medical or other items or services or supplier within a particular industry, sector or category shall, as a condition of enrollment in the program under this Title . . . establish a compliance program.” Although HHS-OIG has not announced the deadline for home health agencies to meet this requirement, it is only a matter of time before all health care providers who choose to participate in the Medicare program must have an effective HHA Compliance Plan in place in order to remain a participating provider.
Recommendation #2: As you review your claims, you should abide by the following: First, “If it doesn’t belong to you, give it back.” Conversely, “If you don’t owe the money, don’t throw in the towel.” One of the attorneys in our firm is regularly asked to speak at provider conventions around the country. For years, he has told providers “If it doesn’t belong to you, give it back.” This simple concept covers a lot of ground when it comes to Medicare overpayments and is the single best policy you can employ as a good corporate citizen.
Recommendation #3: Don’t merely focus on your claims. Are your business practices fully compliant with applicable laws and regulations? Health Integrity and other ZPICs serve an essential role in identifying overpayments and other wrongdoing by health care providers. While an audit will almost always include a request for medical records, you should keep in mind that Health Integrity will not merely be examining your medical documentation. Should you receive a request for documents, it will probably be broken into two major parts. The first section will likely be focused on business-related records such as the following:
“Business contracts or agreements with other providers, suppliers, physicians, businesses or individuals in place during a specific period. Additionally, any verbal agreements must be summarized in writing.
A listing of all current and former employees (employed during a specific period), along with their hire date, termination date, reason for leaving, title, qualifications, last known address, phone number.
- A list of all practice locations, along with their address and phone number.
- Employment agreements.
- Medical Director contracts.”
One purpose of this section is to assist the ZPIC in identifying potential business practices which may constitute a violation of the Federal Anti-Kickback Statute, Stark Laws and / or the False Claims Act. Should the ZPIC identify a possible violation, it will readily refer the case to CMS, HHS-OIG and / or DOJ, depending on the nature of the potential violation.
In contrast to the first section of the ZPIC’s request, the second section of the request will usually list the patient records and dates of service to be audited. The number of dates of service audited differs from case to case. Regardless of whether the ZPIC requests supporting documentation related to 5 claims or 50 claims, it is essential that you never ignore a request for information. If additional time is needed to assemble the requested information, call the contractor. Health Integrity has generally been cooperative with providers needing additional time to gather the records being requested.
Recommendation #4: Remember learning how to “drive defensively” in high school? Your documentation practices should be approached in a similar fashion. When is the last time that you have reviewed the applicable documentation requirements set out in the Medicare Administrative Contractor’s latest Local Coverage Determination guidance covering the services you are providing? Health Integrity’s auditors are excellent at identifying one or more deficiencies in your documentation. While you may disagree with the ultimate conclusions reached by their clinicians, you should not completely discount their assessments. Health Integrity’s findings should be carefully analyzed so that any problems with your documentation can be promptly addressed.
Recommendation #5: Engage qualified legal counsel and clinical experts to assist with your efforts. If your home health agency is audited, we strongly recommend that you engage qualified legal counsel, with experience handling this specific type of case. Moreover, don’t be afraid to ask for references and to inquire about the anticipated cost of an engagement. While it is often difficult to estimate legal costs due to the various factors faced when handling a ZPIC audit case, most experienced health lawyers can give you a range of expected legal fees.
While an effective HHA Compliance Plan cannot fully shield an organization from risk, the implementation of, and adherence to, an effective plan can greatly assist your home health agency in identifying weaknesses and taking corrective action before an audit occurs. Now is the time to ensure that your practices are compliant – after an audit occurs, it may be too late.
Liles Parker is a full service health law firm, providing HHA compliance reviews, “gap analyses” and training to home health providers and their staff. Our attorneys are also experienced in representing home health providers in the administrative appeal of overpayments identified in the Medicare post-payment audit process. Should you have any questions, please call us today at 1-800-475-1906 for a free consultation.
ZPIC Audit Introduction
Has your Practice, Home Health Agency, Hospice, DME Company or PT / OT / ST Clinic been audited by a Zone Program Integrity Program (ZPIC)? If not, it may only be a matter of time. Despite your best efforts to follow Medicare’s directives, your organization may still be identified as an “outlier” by a ZPIC and subjected to a probe review or a full-blown ZPIC audit. Should you receive a request for records from a ZPIC, being prepared – in advance of receiving a ZPIC audit – can help ensure your organization’s compliance with applicable documentation, coding and billing requirements. The following recommendations can assist with those efforts:
Recommendation #1: If you have not already done so, conduct a “gap” analysis and implement an effective Compliance Plan. Despite the fact that significant strides in compliance have been made by large Medicare providers (such as hospitals and nursing homes), it has been our observation that most physician practices and small-to-mid sized provider organizations still do not have a tailored Compliance Plan in place. We recognize that many providers may have copied a draft plan off of the Internet or purchased a sample plan. While they may fully intend to follow through with personalization of the draft document, in most of the cases we have seen, more pressing events have taken precedence and these providers have not had the time or expertise to complete the project.
Providers who have not put a tailored Compliance Plan in place should immediately do so. As you have likely heard, Section 6401 of the Affordable Care Act (ACA) (generally referred to as the “Health Care Reform Act”) states, “. . . a provider of medical or other items or services or supplier within a particular industry, sector or category shall, as a condition of enrollment in the program under this Title. . .establish a compliance program.” To be clear, at this time, the Department of Health and Human Services, Office of Inspector General (HHS-OIG) has not announced deadlines effectuating this requirement. Nevertheless, it is merely a matter of time until all providers who choose to participate in the Medicare program will be required to have an effective Compliance Plan in place.
Rather than wait until the last minute, Medicare providers who have not already done so should immediately take steps to implement an effective plan. As a first step, providers should review each of the regulatory and statutory provisions related to the specific services being billed to Medicare. Next, providers should compare their actual documentation, coding and billing practices with Medicare’s rules. Any gaps between the applicable requirements and a provider’s actual practices must immediately be remedied. Additionally, should these gaps represent an overpayment, the Medicare provider must repay the overpayment to the government within 60 days of identification.
Prior to conducting a gap analysis, we recommend that providers contact their legal counsel for assistance with both the internal review and with the implementation of an effective Compliance Plan. While no Compliance Plan can prevent a ZPIC audit, the implementation of an effective plan will greatly improve a provider’s likely adherence to Medicare’s rules and regulations should a ZPIC audit be initiated.
Recommendation #2: Don’t ignore a ZPIC’s request for documents. At the outset, it is important to keep in mind that the ZPICs play an important role in the current enforcement environment. In addition to auditing records for possible overpayments, ZPICs are also responsible for identifying fraudulent providers and making referrals to the Centers for Medicare and Medicaid Services (CMS), the Department of Health and Human Services, Office of Inspector General (HHS-OIG) and the U.S. Department of Justice (DOJ) for further action. Possible actions taken include, but are not limited to:
- CMS – Administrative action such as suspension or revocation from the Medicare program.
- HHS-OIG – Administrative action such as the imposition of Civil Monetary Penalties. HHS-OIG may also investigate and refer a provider to DOJ for possible civil litigation under the False Claims Act. Finally, HHS-OIG may investigate and refer a provider to DOJ for criminal prosecution under the Federal Anti-Kickback Act or a host of other statutes.
- DOJ – May investigate and prosecute a provider for civil and / or criminal violations of law.
Should you receive a request for documents from your ZPIC, in most cases it will broken into two sections. The first section will likely focused on business-related records, including, but not limited to, copies of:
“Business contracts or agreements with other providers, suppliers, physicians, businesses or individuals in place during a specific period. Additionally, any verbal agreements must be summarized in writing.
A listing of all current and former employes (employed during a specific period), along with their hire date, termination date, reason for leaving, title, qualifications, last known address, phone number.
- A list of all practice locations, along with their address and phone number.
- Employment agreements.
- Medical Director contracts.”
The unstated purpose of this portion of the ZPIC’s request is likely to identify potential instances of violations of the Federal Anti-Kickback Statute, Stark and / or the False Claims Act. Should the ZPIC identify a possible violation, it will readily refer the case to CMS, HHS-OIG and / or DOJ, depending on the nature of the potential violation.
In contrast to the first section of the ZPIC’s request, the second section of the request usually lists the patient records and dates of service to be audited by the ZPIC. While every case is different, the number of claims requested typically ranges from eight (8) to 100, depending on whether the ZPIC’s request is a “probe review” or a full-blown ZPIC audit. On occasion, we have seen the number of claims sought can range from 150 to 300.
Never ignore a ZPIC request for records. Importantly, should you fail to respond to the ZPIC’s request, the contractor can recommend to CMS that your organization be suspended from participation in the Medicare program. Depending on the ZPIC’s concerns, the contractor can also recommend that CMS pursue a revocation action against your organization. Should you need more time to respond to the ZPIC’s request for supporting documentation, don’t hesitate to request it.
Recommendation #3: Remember learning how to “drive defensively” in high school? Your documentation practices should be approached in a similar fashion. A ZPIC audit may reveal one or more ways in which your claims do not meet applicable coverage requirements. While you may very well disagree with their assessments (especially in “medical necessity” determinations), in all likelihood, when you file a request for redetermination appeal (and later, a request for reconsideration appeal), you will find that your Medicare Administrative Contractor (MAC) and your Qualified Independent Contractor (QIC) will agree with the ZPIC’s denial decision. Rather than endure significant costs and stress when defending against an overpayment assessment, you need to take steps to avoid a denial in the first place. To that end, health care providers should ensure that clinical staff members and the administrative team are fully trained and educated regarding Medicare’s documentation, coding and billing requirements.
We recognize that “perfect documentation” is neither required nor realistic to expect from your clinical staff. Nevertheless, using published reports of other cases, you can show your clinicians that a ZPIC audit often involves a strict application of Medicare’s documentation and coverage requirements. Through education and training, your clinical staff will understand why it is imperative that they review, understand and comply with:
- Any applicable Local Coverage Determinations (LCDs).
- Any applicable National Coverage Determinations (NCDs).
- Any Local Medical Review Policies (LMRPs).
- The Medicare Policy Benefit Manual (MPBM).
- The Medicare Program Integrity Manual (MPIM).
- Any statutory provisions which cover the services.
- Any additional guidance issued by Medicare which would apply to these claims.
It is important that you regularly review the government’s latest concerns and any enforcement actions which have been taken. Additionally, you should read HHS-OIG’s reports so that you may learn from the mistakes being made by similarly situated providers. Upon doing so, we recommend that you check the list of “risk areas” in your Compliance Plan and ensure that they reflect both “general” risks and “specific” risks which may be unique to your organization. Is your organization still in full compliance? If not, remedial action is likely necessary.
Recommendation #4: Retain experienced legal counsel to assist with your efforts. When experiencing symptoms of a cardiac problem, most patients wouldn’t turn over their care to a dermatologist. Instead, they would seek to be evaluated and treated by a cardiologist. Similarly, if you have a health law problem, would it be wise to rely on advice from an attorney specializing in family law? Ultimately, that’s your call. While no attorney can guarantee you success, we believe that an experienced health lawyer is well situated to give you advice regarding a Medicare audit or investigation. Having said that, it is important to recognize that the field of health law is extraordinarily broad. Should you be audited by a ZPIC or a Recovery Audit Contractor (RAC), don’t hesitate to ask a health lawyer whether they have handled these types of cases before. If so, how many times have they represented a provider in a ZPIC audit? When selecting a lawyer, keep in mind that the legal fees charged by an attorney can vary greatly, depending on a variety of factors. Don’t be shy – ask how much the representation is likely to cost. While it is often difficult to estimate legal costs due to the various factors faced when handling matters involving a ZPIC audit, most attorneys can give you a range of expected legal fees. Finally, be sure and ask for references. Other providers who have been through an administrative appeal case can provide you with invaluable insights into the process.
Recommendation #5: The administrative appeals process has become quite complicated in recent years. A ZPIC audit can result in an alleged overpayment of millions of dollars, particularly if the overpayment is extrapolated. Moreover, the ZPIC’s overpayment assessment isn’t usually the end of the story. While providers often lose at the redetermination and reconsideration levels of appeal, the third level of appeal – before an Administrative Law Judge (ALJ) – is usually your best opportunity to prevail in an administrative appeal. Over the years, our attorneys have argued cases in front of judges out of each of the field offices of the Office of Medicare Hearings and Appeals (OMHA). While we may not always agree with their decisions, the ALJs we have practiced before have been professional, fair and more than willing to hear a provider’s arguments in support of payment.
Should you choose to forego legal counsel and represent yourself in an ALJ hearing, keep in mind that even though these hearings are intended to be non-adversarial, it can feel quite adversarial during the actual hearing. Furthermore, these proceedings can be quite complicated. In most large dollar cases, representatives of the ZPIC are participating in the hearing and arguing their position before the ALJ. ZPIC representatives can include one or more statisticians (if an extrapolation was conducted), a clinician (usually a Registered Nurse who is experienced in conducting medical reviews) and a lawyer. In a recent Home Health Agency case we handled, this was precisely what occurred. Frankly, few providers are experienced in presenting their case and in responding to the arguments raised by statisticians, clinicians and lawyers representing a ZPIC. As a result, it is strongly recommended that the provider consider engaging an experienced and knowledgable attorney.
Recommendation #6: When reviewing your claims, you should abide by the following: First, “If it doesn’t belong to you, give it back.” Conversely, “If you don’t owe the money, don’t throw in the towel.” For years we’ve told providers “If it doesn’t belong to you, give it back.” This simple concept covers a lot of ground when it comes to alleged Medicare overpayments. Similarly, if the facts and the evidence shows that the claims should have been paid, think twice before waiving your right to appeal the denial of these claims. From a practical standpoint, we have heard of situations where a provider chooses to “just pay the bill” so that the case will quickly be resolved. Several providers have commented that when dealing with small dollar assessments, it is just easier to pay the alleged overpayment rather than incur the hassle and expense of contesting the contractor’s denial. Although we understand the reasoning behind such a decision, you should keep in mind that every claim which is denied by in a ZPIC audit increases a provider’s “error rate.” If you were a ZPIC, PSC, RAC or MAC contractor, would you choose to audit a provider with a low error rate or a high error rate? In any event, the bottom line is fairly straight forward. Should you find that you are not entitled to payment for one or more claims, you must repay the money to the government as soon as possible (but no later than 60 days after an overpayment has been identified), regardless of whether the claim is part of an ongoing or recently completed Medicare audit. If, however, you are audited and you believe that a ZPIC has incorrectly denied one or your claims, you have the right to appeal the denial of these claims.
Recommendation #7: Carefully read a ZPIC’s denial decision letter. When you receive a denial decision letter from a ZPIC, carefully review the notice and determine whether the contractor has specifically addressed the reasons for denial associated with each of the claims at issue. Every ZPIC audit is different. Over the last few months, one of the ZPICs involved in the cases we are handling has been citing only a general reason for denial (such as “not medically necessary”). Should the ZPIC in your case not provide sufficient information, you will find it difficult, if not impossible, to address any specific reasons your claims have been denied. Your legal counsel may be able to get the ZPIC to provide additional specificity in connection with their denial reasons.
Recommendation #8: Don’t forget – shortly after the “demand letter” is sent, any payments you may be expecting may be recouped by your Medicare Administrative Contractor (MAC). A demand letter from your MAC usually follows a few days after you receive a ZPIC’s denial decision letter. While you have 120 days to file a request for redetermination appeal, should you fail to file the request for redetermination within 30 days of the date of the MAC’s demand letter, your Medicare payments may be recouped starting on day 41. Alternatively, a provider may set up an extended repayment program with the MAC so that the alleged overpayment can be repaid through monthly installments. We strongly recommend that you set this up. You will then be able to take advantage of the 120 period permitted to file a redetermination appeal rather than filing a poorly prepared appeal within the 30 day period. Similar issues (with completely different deadlines) are present at the reconsideration level of appeal — the next level in the administrative appeals process. Once again, these issues can be quite complicated. We recommend that you discuss available appeals options with your counsel.
Recommendation #9: Foster a corporate culture which encourages compliance. ZPIC audit reviewers have increased their ZPIC audit activities dramatically in numerous areas of the country. South Texas has been especially hard-hit. Providers in Houston, McAllen, Harlingen, Edinburgh, Laredo, Corpus Christi and Brownsville appear to have experienced a recent surge in ZPIC audit activity. Be aware that ZPIC audit reviewers are looking for aberrations in billing patterns and often target providers based on these variations in coding or billing practices. Compliance with regulations and consistency in your “message” to employees is essential. Establishing good intake and records management procedures and continuing employee education and training efforts can facilitate the adoption of an ethical, compliant corporate culture.
Recommendation #10: When drafting a Compliance Plan, providers should include a “Code of Conduct” that is easily understood by employees. We believe that a “Code of Conduct” should accurately reflect the belief system an organization has pursued and sincerely intends to follow. In doing so, an organization can engender a compliant corporate culture. Over the years, we have seen organizational “Codes of Conduct” which range from a succinctly described phrase to discussions of more than a page.
Our favorite “Code of Conduct” is used by Cadets at the United States Military Academy at West Point. Modified for use by health care providers, the “Code of Conduct” reads:
“Our clinicians and staff will not lie, cheat, steal, or tolerate those who do.”
This simple yet elegant “Code of Conduct” succinctly lays out a provider’s ethical responsibilities, both with respect to Medicare and in other business dealings. We recommend that you consider adopting and adhering to this or a similar “Code of Conduct.”
Liles Parker attorneys and staff have extensive experience representing Physicians, Clinics, Home Health Agencies, Hospices, DME Companies, Skilled Nursing Facilities, Chiropractors, Pain Medicine Clinics, Rehabilitative Medicine Clinics and other Medicare providers in connection with a ZPIC audit or audits by RACs, PSCs, MACs and other contractors. We also have years of experience assisting providers with “gap” analyses and in implementing an effective Compliance Plan. Should you have questions about these or other health law issues, please feel free to call us for a complementary consultation. We can be reached at: 1 (800) 475-1906.
 Infrequently, a ZPIC may choose to conduct a “probe” review rather than a full ZPIC audit. Probe reviews usually involve a request for the records and supporting documentation related to 10 to 15 claims paid by Medicare.
 A ZPIC audit request typically include language similar to the following: “Failure to provide this information or to permit examination and duplication of records could result in a decision by the Office of the Inspector General to exclude you from Medicare, Medicaid and all Federal health care programs.”
 42 C.F.R. §405.372(a)(2).
 It is presumed that you received the MAC’s demand letter 5 days after the demand letter is dated. From a timing standpoint, we strongly recommend that you completely disregard the “5 day” issue unless it is absolutely necessary to rely on it. Our practice is to make sure that our client’s redetermination appeal is filed (and received) well in advance of the 120 day appeal deadline.
I. Background of AdvanceMed Transaction:
AdvanceMed has a new parent. Last week, it was announced that NCI, Inc., one of the nation’s most successful information technology companies, had acquired the outstanding capital stock of AdvanceMed Corporation (AdvanceMed), an affiliate of CSC. While the acquisition went largely unnoticed by the health care provider community, the transaction may, in fact, be quite significant.
With this acquisition by NCI, a recognized powerhouse in information technology, Medicare and Medicaid providers should expect AdvanceMed’s expertise in data mining and investigations to continue to grow. As AdvanceMed continues to fine-tune its data mining efforts and further expands its ability to conduct “Predictive Modeling,” providers will likely find their actions under the microscope like never before. It is therefore imperative that all health care providers immediately implement an effective Compliance Plan or further enhance their current compliance efforts.
NCI first announced its plans to acquire AdvanceMed last February. As NCI’s February 25th News Release noted:
“The Obama Administration has emphasized reducing fraud, waste, and abuse in Federal entitlements. AdvanceMed is ideally positioned to support the program integrity initiatives of CMS and other Federal Government agencies. . . We are extremely pleased to have AdvanceMed join NCI and believe that this acquisition will provide NCI an outstanding platform to address this rapidly growing market opportunity.”
In recent years, AdvanceMed has positioned itself to where it now has multiple contracts with the Federal government. AdvanceMed serves as the Zone Program Integrity Contractor (ZPIC) for Zone 2 and Zone 5. Additionally, the contractor also serves as a Comprehensive Error Rate Testing (CERT) contractor. On the Medicaid side, AdvanceMed serves as a Medicaid Integrity Contractor (MIC). While a host of other contractors have been awarded contracts covering other zones and program areas, AdvanceMed’s growth has been undeniably impressive.
As NCI announced in its April 4th “News Release” covering the acquisition:
“AdvanceMed is a premier provider of healthcare program integrity services focused on the detection and prevention of fraud, waste, and abuse in healthcare programs, providing investigative services to the Centers for Medicare and Medicaid Services (CMS). Serving CMS since 1999, AdvanceMed has grown rapidly, demonstrating the value and return on investment of the Federal Government’s integrity program activities.
AdvanceMed employs a strong and experienced professional staff, which leverages sophisticated information technology, data mining, and data analytical tools, to provide a full range of investigative services directed to the identification and recovery of inappropriate Medicare and Medicaid funds. AdvanceMed supports healthcare programs in 38 states with a staff of more than 450 professionals, including information specialists, nurses, physicians, statisticians, investigators, and other healthcare professionals.
AdvanceMed has multiple contracts with CMS under the Zone Program Integrity (ZPIC), Program Safeguard (PSC), Comprehensive Error Rate Testing (CERT), and Medicaid Integrity (MIC) programs. All of these programs are executed under cost plus contract vehicles. The largest contracts-ZPIC Zone 5 and ZPIC Zone 2-were awarded in late 2009 and 2010 and have five-year periods of performance.
The acquisition price was $62 million. Included within the price is a recently completed, state-of-the-art data center to support the ZPIC Zone 5 and ZPIC Zone 2 contracts. Additionally, NCI will make a 338(h)(10) election, enabling a tax deduction, which is expected to result in a tax benefit with an estimated net present value of approximately $6 million to $8 million. NCI expects the transaction to be slightly accretive to 2011 earnings.
As of the end of March 2011, AdvanceMed has a revenue backlog of approximately $300 million with approximately $51 million of that amount being currently funded. Revenue for the trailing 12 months ending March 31, 2011, is estimated to be approximately $51 million, all of which was generated from Federal Government contracts, and 99% of the work performed as a prime contractor. NCI’s AdvanceMed 2011 revenue, covering the nine-month period of April 2, 2011, to December 31, 2011, is estimated to be in the range of $43 million to $47 million (the equivalent of $57 million to $63 million on a full 12-month basis), with the midpoint reflecting a full-year growth of approximately 16%. . .”
II. Overview of the ZPIC Program:
Under the Medicare Prescription Drug, Improvement and Modernization Act of 2003 (MMA), CMS was required to take a number of steps intended to streamline the claims processing and review process:
- Using competitive measures, CMS was required to replace the current Medicare Fiscal Intermediaries (Part A) and Carriers (Part B) contractors with Medicare Administrative Contractors (MACs).
- After setting up the new MAC regions, CMS created new entities, called Zone Program Integrity Contractors (ZPICs).
- These actions were intended to consolidate the existing program integrity efforts. Over the last 2 — 3 years, ZPICs have been taking over PSC audit and enforcement activities around the country.
At the time of transition, there were twelve PSCs that had been awarded umbrella contracts by CMS. As these contracts have expired, CMS has transferred the PSCs’ fraud detection and deterrence functions over to ZPICs. Of the seven ZPIC zones established in the MMA, CMS has awarded contracts for a number of the zones. CMS is still working to issue awards for the final ZPIC zones. The seven ZPIC zones include the following states and / or territories:
- Zone 1 – CA, NV, American Samoa, Guam, HI and the Mariana Islands.
- Zone 2 – AdvanceMed: AK, WA, OR, MT, ID, WY, UT, AZ, ND, SD, NE, KS, IA, MO.
- Zone 3 – MN, WI, IL, IN, MI, OH and KY.
- Zone 4 – Health Integrity: CO, NM, OK, TX.
- Zone 5 – AdvanceMed: AL, AR, GA, LA, MS, NC, SC, TN, VA and WV.
- Zone 6 – PA, NY, MD, DC, DE and ME, MA, NJ, CT, RI, NH and VT.
- Zone 7 – SafeGuard Services: FL, PR and VI.
In many instances, these changes have been nothing more than a name change. ZPIC responsibilities are generally the same as those currently exercised by PSCs. While ZPIC overpayment review duties have not appreciably changed, the number of civil and criminal referrals appear to be increasing. In our opinion, ZPICs clearly view their role differently than that of their PSC predecessors. ZPICs clearly view themselves as an integral part of the law enforcement team, despite the fact that they are for-profit contractors. In consideration of their ability to recommend to CMS that a provider be suspended or have their Medicare number revoked, or even refer a provider to law enforcement for civil and / or criminal investigation, providers should take these contractors quite seriously.
Both ZPICs and PSCs have traditionally asserted that unlike their RAC counterparts, they are not “bounty hunters.” ZPICs are not paid contingency fees like RACs but instead directly by CMS on a contractual basis. Nevertheless, common sense tells us that if ZPICs aren’t successful at identifying alleged overpayments, the chances of a ZPIC’s contract with CMS being renewed are likely diminished. AdvanceMed’s recent announcement shows that they are a very profitable entity and are paid on a “cost-plus” basis (leaving room for bonuses and other incentives). Additionally, experience has shown us that despite the fact that ZPICs are expected to adhere to applicable Medicare coverage guidelines, a ZPIC’s interpretation and application of these coverage requirements may greatly differ from your understanding of the same provisions.
In recent years, ZPICs have been aggressively pursuing a wide variety of actions, including but not limited to:
- Pre-Payment Audit. After conducting a probe audit of a provider’s Medicare claims, the ZPIC may place a provider on “Pre-payment Audit” (also commonly referred to as “Pre-Payment Review”). Unlike a post-payment audit, there is no administrative appeals process that may be utilized by a provider for relief. Having said that, there are strategies that may be utilized by a provider which may assist in keeping the time period on pre-payment review at a minimum.
- Post-Payment Audit. Audits conducted by ZPICs primarily involve Medicare claims that have already been paid by the government. In many cases, the ZPICs appear to have conducted a strict application of the coverage requirements, regardless of whether a provider’s deviation from the rules is “de minimus” in nature. In doing so, it is not unusual to find that a provider has failed to comply with each and every requirement. Depending on the nature of the initial sample drawn, a ZPIC may extrapolate the damages in a case, significantly increasing the the alleged overpayment. In doing so, the ZPIC is effectively claiming that the “sample” of claims audited are representative of the universe of claims at issue in an audit.
- Suspension. While the number of suspension actions taken by ZPICs has steadily increased in recent years, Medicare providers should expect to see this number continue to grow. Under the Affordable Care Act (often informally referred to as the “Health Care Reform” Act), CMS’ suspension authority has greatly expanded.
- Revocation. As with suspensions, we have seen a sharp increase in the number of Medicare revocation actions taken over the last year. The reasons for revocation have varied but have typically been associated with alleged violations of their participation agreement. In some cases, the ZPIC contractors found that the provider has moved addresses and did not properly notified Medicare. In other cases, a provider was alleged to have been uncooperative during a site visit. Finally, there were a number of instances where the provider allegedly did not meet the “core” requirements necessary for their facility to remain certified.
- Referrals for Civil and Criminal Enforcement. ZPICs are actively referring providers to HHS-OIG (which can in turn refer the case to the U.S. Department of Justice (DOJ) for possible civil and / or criminal enforcement) when a case appears to entail more that a mere overpayment. However, just because a referral is made doesn’t mean that it will prosecuted. In many instances, HHS-OIG (and / or DOJ) will decline to open a case due to a variety of reasons, such as lack of evidence, insufficient damages, etc.).
III. Steps Providers Can Take Now, Before They are Subjected to a ZPIC Audit:
In responding to a ZPIC audit, it is important to remember that although they may not technically be “bounty hunters,” it is arguably to their benefit to find that an overpayment has occurred. These overpayments are often based on overlapping “technical” (such as an incorrect place of service code) and “substantive” (such as lack of medical necessity) reasons for denial. In recent years, the level of expertise exercised by ZPICs is often quite high — noting multiple reasons for denial and concern.
Unfortunately, the reality is that most (if not all) Medicare providers will find themselves the subject of a ZPIC, CERT, RAC or other type of claims audit at some point in the future. In our opinion, the single most effective step you can take to prepare for a contractor audit is to ensure that your organization has implemented and is adhering to an effective Compliance Plan. Several general points to consider also include:
Keep in mind your experiences with PSCs and other contractors. The lessons you have learned responding to PSC, CERT and RAC audits can be invaluable when appealing ZPIC overpayments. As you will recall, the appeals rules to be followed are virtually the same.
Monitor HHS-OIG’s Work Plan. While often cryptic, it can be invaluable in identifying areas of government concern. Are any of the services or procedures your organization currently provides a focus of HHS-OIG’s audit or investigative?
Keep an eye on RAC activities. Review the service-specific findings set out in annual RAC reports. Review targeted areas carefully to ascertain whether claims meet Medicare’s coding and medical necessity policies.
You never realize how bad your documentation is until your facility is audited. While many providers start out “over-documenting” services (to the extent that there is such a thing), a provider’s documentation practices often become more relaxed as time goes on – especially when the provider has not been audited for an extended period of time. In such situations, both physicians and their staff may fail to fully document the services provided. Moreover, the care taken to ensure that all supporting documentation has been properly secured may have also lapsed over the years.
Review your documentation. Imagine you are an outside third-party reviewer. Can an outsider fully appreciate the patient’s clinical status and the medical necessity of treatment? Are the notes legible and written is a clear fashion? Compare your E/M services to the 1995 or 1997 Evaluation and Management (E/M) Guidelines – have you fully and completely documented the services you provided? If dealing with skilled services, have you fully listed and discussed both the need for skilled services and the specific skilled services provided?
IV. Closing Thoughts:
Imagine a ZPIC hands you a claims analysis rife with alleged errors, an indecipherable list of statistical formulas, and an extrapolated recovery demand that will cripple your practice or clinic. What steps should you take to analyze their work? Based on our experience, providers can and should carefully assess the contractor’s actions, particularly the use of formulas and application of the RAT-STATS program when selecting a statistical sample and extrapolating the alleged damages based on the sample. Over the years, we have challenged the extrapolation of damages conducted by Medicare contractors around the country, including tens of thousands of claims. Regardless of whether you are a Skilled Nursing Facility providing skilled nursing and skilled therapy services, an M.D. or D.O. providing E/M services, a Home Health company or a Durable Medical Equipment (DME) company, it is imperative that you work with experienced legal counsel and statistical experts to analyze the actions take by a ZPIC.
Liles Parker attorneys and staff have extensive experience representing a wide range of Medicare providers in audits by ZPICs, PSCs and other contractors. Should you have questions regarding an inquiry from a ZPIC, PSC or RAC that you have received, please feel free to give us a call for a complimentary consultation. We can be reached at: 1 (800) 475-1906.
(January 11, 2011): As you recall at the end of 2010 we identified the “Top Ten Health Care Compliance Risks for 2011.” The purpose of this and subsequent articles is to analyze two of those risks; Zone Program Integrity Contractors (ZPICs) and Payment Suspension Actions. Over the next few days we will be discussing these two risk areas in depth.
As discussed in our “Top Ten” article, we anticipate that ZPICs will ratchet up their use of provider suspension actions in 2011. At the close of 2010, there already appeared to be an increase in the use of suspension actions by ZPICs in South Texas and in other areas of the country. In many instances, these actions were the result of sophisticated data mining techniques by ZPICs. While cases are initiated in a variety of ways (including, but not limited to whistleblower complaints, anonymous reports to the government’s fraud hotline, etc.), data mining is a key tool relied on by ZPICs and government agencies for targeting purposes.
After analyzing the data, ZPICs often send out requests for information or conduct site visits of health care provider facilities. These requests and / or site visits can result in medical reviews, demands for alleged overpayments, or lead to referrals to one or more government investigative agencies (such as the Department of Health and Human Services’ Office of Inspector General (HHS-OIG), the State Medicaid Fraud Control Unit (MFCU) and / or the Federal Bureau of Investigation (FBI)). Since established, ZPICs have clearly met their goal of developing “innovative data analysis methodologies for detecting and preventing Medicare fraud and abuse.” Rather than pursuing merely administrative overpayment cases, over the last six months, we have noted an increase in the number of cases referred to law enforcement for fraud investigation. While seven ZPIC zones have been identified, only three companies have been awarded ZPIC contracts at this time. Where ZPIC contracts remain pending, Program SafeGuard Contractors (PSC) are typically still operating and are conducting essentially the same duties as their ZPIC counterparts. The seven ZPIC zones include:
- Zone 1- CA, NV, American Samoa, Guam, HI and the Mariana Islands.
- Zone 2 includes; AK, WA, OR, MT, ID, WY, UT, AZ, ND, SD, NE, KS, IA, MO.
- Zone 3-MN, WI, IL, IN, MI, OH and KY.
- Zone 4-CO, NM, OK, TX.
- Zone 5- AL, AR, GA, LA, MS, NC, SC, TN, VA and WV
- Zone 6- PA, NY, MD, DC, DE and ME, MA, NJ, CT, RI, NH and VT.
- Zone 7- FL, PR and VI
The following map reflects zones where the ZPIC contractor is currently operating. Each of the ZPICs listed below are actively sending out requests for information and / or conducting site visits. In a number of instances, the ZPICs have been noted to be suspending providers from the Medicare program based on variety of alleged statutory and / regulatory violations.
ZPICs have been very active in their site visits which have brought about Medicare suspension and revocation actions. In some cases, these site visits have resulted in allegations of “fraud or willful misrepresentation” with ZPIC’s contacting of CMS for approval to place the provider on payment suspension. In tomorrow’s article, we will be examining the primary reasons cited by the Centers for Medicare and Medicaid Services (CMS) when placing a provider on payment suspension status.
Robert W. Liles serves as Managing Partner at Liles Parker. Robert and our other attorneys have extensive experience representing health care providers in ZPIC initiated actions. Should your Physician Practice, Home Health Agency, Hospice Company, Physical / Occupational / Speech Therapy Clinic, Ambulance Company, Therapy Company, Pain Clinic be subjected to a ZPIC audit, give us a call for a free consultation. We can be reached at: 1 (800) 475-1906.
(December 31, 2010): In case you missed it, Congress, President Obama and the healthcare regulators had a banner year with respect to regulatory activism in 2010. Over the next several weeks we will be releasing a series of articles on our website addressing these dramatic changes and the compliance risks they present for your practice, clinic or health care business in 2011:
Compliance Risk Number 1: Increased “HEAT” Activity and Enforcement: Perhaps the greatest risk to consider in 2011 is the increase in targeted health care fraud enforcement efforts by the government’s Health Care Fraud Prevention and Enforcement Action Team (HEAT). These teams are comprised of top level law enforcement and professional staff from the U.S. Department of Justice (DOJ), the Department of Health and Human Services (HHS), and their various operating divisions. HEAT team initiatives have been extraordinarily successful in coordinating multi-agency efforts to both prevent health care fraud and enforce current anti-fraud initiatives.
As DOJ noted in September 2010, over the previous Fiscal Year, DOJ (including its 94 U.S. Attorneys’ Offices), HHS’ Office of Inspector General (HHS-OIG), and the Centers for Medicare and Medicaid Services (CMS), jointly accomplished the following:
- Filed charges against more than 800 defendants.
- Obtained 583 criminal convictions.
- Opened 886 new civil health care fraud matters.
- Obtained 337 civil administrative actions against parties committing health care fraud.
- Through these efforts, more than $2.5 billion was recovered as a result of the criminal, civil and administrative actions handled by these joint agencies.
President Obama’s FY 2011 budget request includes an additional $60.2 million in funding for the HEAT program.These funds will be used to establish additional teams and further fund existing investigations. Now, more than ever, it is imperative that you ensure that your Compliance Plan is both up-to-date and fully implemented. Medicare providers are obligated to adhere to statutory and regulatory requirements and the government’s HEAT teams are aggressively investigating providers who fail to comply with the law.
Compliance Risk Number 2: Zone Program Integrity Contractor (ZPIC) / Program SafeGuard Contractor (PSC) / Recovery Audit Contractor (RAC) Audits of Medicare Claims: As you already know, private contractor reviews of Medicare claims are big business – one ZPIC was awarded a five-year contract worth over $100 million. In 2011, we should expect to see:
- The number of ZPIC / PSC / RAC audits of Physician Practices, Home Health Agencies, Hospice Companies, DME Suppliers and Chiropractic Clinics will greatly increase in 2011.
- The reliance of both contractors and the government on data mining will continue to grow. Providers targeted will likely be based on utilization rates, prescribing practices and billing / coding profiles.
- An increase in the number of Administrative Law Judge (ALJ) hearings in where ZPIC representatives choose to attend the hearing as a “participant.” In these hearings, the ZPIC representative will likely aggressively oppose any arguments in support of payment that you present.
Are you ready for an unannounced / unanticipated site visit or audit? When is the last time that you have conducted an internal review of your billing / coding practices? Are you aware of the hidden dangers when conducting these reviews? In 2011, your Compliance Officer may very well be your most important non-clinical staff member. Physicians and other providers should work with their Compliance Officer to better prepare for the unexpected audit or investigation.
Compliance Risk Number 3: Electronic Medical Records: Unfortunately, some early adopters of Electronic Medical Records (EMR) software are now having to respond to “cloning” and / or “carry over” concerns raised by ZPICs and Program SafeGuard Contractors (PSCs). In a number of cases, these audits appear to be the result (at least in part) of inadequately designed software programs which generate progress notes and other types of medical records that do not adequately require the provider to document individualized observations. Instead, the information gathered is often sparse and similar for each of the patients treated. Take care before converting your practice or clinic to an EMR system. Include your Compliance Officer in the selection and review process.
Compliance Risk Number 4: Physician Quality Reporting Initiative (PQRI) Issues: Under the Health Care Reform legislation passed last March. PQRI was changed from a voluntary “bonus” program to one in which penalties will be assessed if a provider does not properly participate. As of 2015, the penalty will be 1.5% and will increase to 2.0% in 2016 and subsequent years. Additionally, questions about the use of PQRI date in “Program Integrity” targeting remain unanswered. Once again, it is essential that your Compliance Officer provide guidance to your staff regarding this program and its potential impact.
Compliance Risk Number 5: Medicaid Integrity Contractors (MICs) and Medicaid Recovery Audit Contractors (MDRACs): In recent months, we have seen a marked increase in the number of MIC inquiries and audits initiated in southern States. Notably, the information and documentation requested has often been substantial. Medicaid providers must now also contend with MDRACs. As a result of health care reform, MDRACs are now mandatory in every State and are may initiate reviews and audits as soon as March 2011. Compliance Officers should review their current risk areas and ensure that Medicaid coding and billing activities are actively monitored to better ensure statutory / regulatory adhereance.
Compliance Risk Number 6: HIPAA / HITECH Privacy Violations: Failure to comply with HIPAA can result in civil and / or criminal penalties. (42 USC § 1320d-5).
- Civil Penalties – A large retail drug store company was recently fined $2.25 million for failure to properly dispose of protected information.
- Criminal Penalties – Earlier this year, a physician in Los Angeles, CA, was sentenced to four months in prison after admitting he improperly accessed individual health information.
As of mid-2010, there had been 93 breaches affecting 500 or more individuals. The total number of individuals whose information was disclosed as a result of these breaches was estimated at over 2.5 million. Out of the 93 breaches, 87 involved breach of hard copy or electronic protected health information (about 1/4 involved paper records and 3/4 involved electronic records. The vast majority of the 93 breaches involved theft or loss of the records. Many of these thefts could have been avoided with appropriate security. The government is serious about privacy and your practice, and in 2011 you will likely see increased HIPAA / HITECH enforcement. Your clinic or health care business must take appropriate steps to prevent improper disclosures of health information.
Compliance Risk Number 7: Increased Number of Qui Tams Based on Overpayments: Section 6402 of the recent Health Care Reform legislation requires that all Medicare providers, (a) return and report any Medicare overpayment, and (b) explain, in writing, the reason for the overpayment.
This law creates a minefield for physicians and other Medicare providers. First, providers have only 60 days to comply with the reporting and refund requirement from the date on which the overpayment was identified or, if applicable, the date any corresponding cost report is due, whichever is later. Of course, the legislation does not actually explain what it means to “identify” an overpayment.
From a “risk” standpoint, this change is enormous. Disgruntled employees try to file a Qui Tam (“whistleblower”) lawsuit based on a provider’s failure to return one or more Medicare overpayments to the program in a timely fashion. While the government may ultimately choose not to intervene in a False Claims Act case based on such allegations, a provider could spend a significant amount defending the case. Providers should ensure that billing personnel understand the importance of returning any overpayments identified as quickly as possible.
Compliance Risk Number 8: Third-Party Payor Actions: Third-party (non-Federal) payors are participating in Health Care Fraud Working Group meetings with DOJ and other Federal agents. Over the last year, we have seen an increase in the number of “copycat” audits initiated by third-party payor “Special Investigative Units” (SIUs). Once the government has announced the results of a significant audit, the third-party payor considers the services at issue and reviews whether it may have also been wrongly billed for such services. If so, their SIU opens a new investigation against the provider.
Compliance Risk Number 9: Employee Screening: With the expansion of the permissive exclusion authorities, more and more individuals will ultimately be excluded from Medicare. As we have seen, HHS-OIG is actively reviewing whether Medicare providers have employed individuals who have been excluded. In one recent case, HHS-OIG announced that it had assessed significant civil monetary penalties against a health care provider that employed seven individuals who the provider “knew or should have known” had been excluded from participation in Federal health care programs. These individuals were alleged to have furnished items and services for which the provider was paid by Federal health care programs. All providers should periodically screen their staff against the HHS-OIG and GSA databases to ensure that their employees have not been excluded from participation in Federal Health Benefits Programs.
Compliance Risk Number 10: Payment Suspension Actions: Last, but not least, we expect the number of payment suspension actions to increase in 2011. In late 2010, Medicare contractors recommended to CMS that this extraordinary step be taken against providers in connection with a wide variety of alleged infractions. Reasons given for suspending a provider’s Medicare number included, but were not limited to: (1) the provider failed to properly notify Medicare of a change in location, (2) the provider allegedly engaged in improper billing practices, and (3) the provider failed to fully cooperate during a site visit.
As each of these compliance risks reflect, health care providers are expected to fully comply with a wide myriad of Medicare and Medicaid statutory and regulatory requirements. Moreover, the failure to meet these obligations can subject a provider to penalties ranging from suspension from the program to criminal prosecution. Providers must take compliance seriously if they hope to thrive in 2011.
Liles Parker attorneys provide health law guidance and advice to health care providers around the country. Our attorneys have extensive experience working on compliance related matters and defending providers in connection with Medicare audits and investigations. Should you have questions regarding these and other issues, give us a call for a free consultation. We can be reached at 1 (800) 475-1906.