UPIC / ZPIC Referrals of MDs and NPs to State Boards!

(June 9, 2017):  You aren’t paranoid, your utilization, coding and billing practices are, in fact, being watched.   The Centers for Medicare and Medicaid Services (CMS) currently transitioning over to using a Unified Program Integrity Contractor (UPIC) in your jurisdiction to serve as program integrity contractors.  During this transition period, you may also be audited by the outgoing Zone Program Integrity Contractor (ZPIC) responsible for auditing your part of the country.  Although you may have never been audited, been contacted by, or even heard of a UPIC or a ZPIC, that doesn’t mean that they aren’t monitoring your business practices on an ongoing basis.  In fact, as Section 2.6.4 of the “Uniform Statement of Work” (SOW) published by CMS states that contractors serving as a UPIC:

” . . . will integrate the program integrity functions for audits and investigations across Medicare and Medicaid, and ensure that CMS’s national priorities for both Medicare and Medicaid are executed and supported locally.”

Similarly, ZPICs are required to engage in comprehensive data analysis activities as part of their contractual obligations with the government.  As Section 1.3.1 of the most recent ZPIC Statement of Work requires:

“The ZPIC shall review and analyze a variety of data in order to focus its program integrity efforts by identifying vulnerabilities and/or specific providers for review and investigation within its zone, referral of potential fraud, waste and abuse cases to law enforcement, and pursuance of administrative actions. Further, the ZPIC shall be proactive and aggressive in pursuing many different sources and techniques for analyzing data in order to reduce any of its risks within this [Statement of Work].”

As the ZPIC Statement of Work further notes in Section 4.2:

The ZPIC shall provide a variety of data analysis, statistical analysis, and trending activities to enhance the detection and prevention of Medicare and Medicaid potential fraud, waste and abuse in the participating state(s). The ZPIC shall use appropriate CMS Medicare data, as well as data from other sources such as Medicaid data, to reach this end. 

Successful accomplishment shall require a significant amount of cooperation with the participating state(s), law enforcement, and other task orders within the ZPIC zone. It may also require significant cooperation with other ZPICs

ZPICs have used sophisticated data mining techniques to identify physicians and other health care providers whose utilization, coding and / or billing behavior is different from that of the provider’s peers.  Once an outlier is identified, the ZPIC has a number of actions it can take.   For instance, in recent months, we have seen a noticeable increase in the number of referrals that have been made by a ZPIC to a particular provider’s state licensure board.  In this article, we examine these referral actions in more detail.

I.   UPIC / ZPIC Targets in 2017:

The government’s efforts to consolidate their Medicare and Medicaid program integrity efforts under a single contract are well underway.  As a result, some health care providers are already receiving requests for records and / or notice of an audit from a Unified Program Integrity Contractor (UPIC) rather than from their former ZPIC. In large part, this is a distinction without a difference since the CMS contractor awarded the UPIC contract most likely previously served as ZPIC for the same jurisdiction.   Once fully implemented, the UPIC program will combine integrate the Medicare and Medicaid program integrity functions that have previously been performed by ZPICs, Program Safeguard Contractors (PSCs) and Medicaid Integrity Contractors (MICs).  Importantly, the Chapter 4 of the Medicare Program Integrity Manual expressly notes that the program integrity duties and responsibilities currently outlined in the chapter as applicable to ZPICs also fully apply to UPICs.  In any event, many providers are continuing to receive requests for records and notice of an audit from ZPICs rather than the UPIC covering their jurisdiction.  Provider types primarily targeted in 2017 have included:

• Home health agencies.
• Hospice organizations.
• Physician practices.
• Pain management practices and pain management physicians.
• Nurse practitioners.
• Chiropractic practices.
• Multidisciplinary practices owned by a chiropractor.
• Independent clinical laboratories.
• Physical therapy / occupational therapy / speech therapy services.
• Independent diagnostic testing facilities.
• Ambulance service providers.

Is your organizational type listed above?  If not, that still doesn’t mean that you won’t be audited by a ZPIC, or possibly even a UPIC.  If your organization is engaging in utilization, coding or billing practices that appear to be out-of-sync with those of its peers, there is a good chance that you will soon be audited by the a ZPIC, UPIC or a specialty program integrity working for CMS.

II.   UPIC / ZPIC Referrals to State Licensure Boards and Professional Societies:

The UPIC / ZPIC responsible for conducting Medicare program integrity activities in your ZPICs part of the country is constantly on the lookout for aberrant provider practices.  For instance, in a case our law firm handled, a ZPIC program integrity contractor conducted an audit of Evaluation & Management (E/M) claims billed by a Nurse Practitioner.  In this particular case, the ZPIC auditor concluded that the provider lacked the requisite level of physician supervision to conduct the E/M services at issue.  To be clear, this case did not involve the billing of “incident to” claims.  Rather, it hinged on the fact that some states prohibit a Nurse Practitioner from independently diagnosing and treating a patient unless a requisite level of physician oversight or supervision is in place.  In this particular case, the ZPIC auditor alleged that there was no evidence that the required level of physician supervision had been met.  As a result, the ZPIC denied the audited claims and alleged that the provider had submitted non-payable claims to the Medicare program for payment.  Notably, the ZPIC didn’t stop there – it also filed a complaint against the Nurse Practitioner with the state Board of Nursing, alleging that the nurse’s actions were a violation of the state Nurse Practice Act.  Unfortunately, UPIC / ZPIC referrals to state licensing boards appear to growing each year.

III.   What is the Regulatory Basis for a UPIC / ZPIC to Make a Referral to a State Licensure Board?

As set out in Chapter 4 of the Medicare Program Integrity Manual, ZPICs are required to make a referral to a provider’s state licensure board if it finds that the provider “engaged in unethical or improper practices.”  As Section 4.18.2 of the MPIM provides:

The ZPIC shall refer instances of apparent unethical or improper practices or unprofessional conduct to state licensing authorities, medical boards, the QIO, or professional societies for review and possible disciplinary action. . . (emphasis added).

While the mandates set out in a specific state’s Nurse Practice Act, Medical Practice Act, or other licensed professional’s Practice Act may vary, one thing is for certain – virtually every State Practice Act includes broad provisions which ban conduct that is considered to be unprofessional or unethical.  These provisions are typically so general that a ZPIC could easily conclude that a referral is required in wide variety of situations.  These include, but are not limited to:

• Physician: Failure to exercise proper level of supervision over a Nurse Practitioner, Physician Assistant and / or any other member of his staff.
• Physician: Failure to properly document the services provided.
• Physician: Providing services that are medically unnecessary.
• Physician: Billing for services that were not provided.
• Nurse Practitioner: Performing certain patient care services without the requisite level of physician supervision in place.
• Nurse Practitioner: Inappropriately prescribing controlled substances to one or more patients.
• Nurse Practitioner: Failure to order a urine drug screen before prescribing controlled substances in a case where the patient has exhibited non-compliant behavior.

As the regulatory language further reflects in Section 4.18.2 further requires, if the ZPIC concludes that a licensee has engaged in unethical or improper conduct, the contractor is also supposed to make a referral to professional societies to which a licensed health care provider belongs.

Prior to making a referral to the state licensing board, it is worth noting that the ZPIC is required to confer with the appropriate Medicare Administrative Contractor (MAC) so that duplicate referrals are not by both contractors.  As this portion of Section 4.18.2 states:

The ZPIC’s and the MAC’s MR staffs shall confer before such referrals, to avoid duplicate referrals. The ZPIC shall gather available information and leave any further investigation, review, and disciplinary action to the appropriate professional society or State board. Consultation and agreement between the ZPIC’s and the MAC’s MR staffs shall precede any referral to these agencies.

While not stated in Section 4.18.2, these coordinative efforts may also lead to a provider being placed on prepayment review and / or subjected to a number of other administrative sanctions.

IV.   And the “Hits” Just Keep on Coming – Additional Referrals Made by a UPIC / ZPIC:

Chapter 4, Section 4.18.3 of the MPIM requires that ZPICs also make a referral to the Medicare Quality Improvement Organization (QIO) if a situation involving potential patient harm is identified.  As the regulations state, in part:

If potential patient harm is discovered during the course of screening a lead or through the investigation process, the ZPIC shall refer those instances to the QIO, state medical board, or state licensing agency. In addition to making the appropriate referrals, the ZPIC shall notify the COR and IAG BFL within two (2) business days once the potential patient harm issue is discovered.

If the ZPIC refers a provider to the State licensing agency or medical society (i.e., those referrals that need immediate response from the State licensing agency), the ZPIC shall also send a copy of the referral to the QIO.

As program integrity contractors, ZPICs have been granted access to the government’s Fraud Investigative Database (FID).  They are required to enter and update Medicare fraud, waste and abuse investigations that they have initiated into the database.  ZPICs are also required to input updates on cases, payment suspensions and requests for information that they have performed at the request of law enforcement or CMS.  Health care providers need to keep in mind that a wide range of federal and state law enforcement agencies maintain access to the ID.  As discussion in Chapter 4, Section 4.11.1 of the MPIM, these include, but are not limited to:

• All ZPICs.
• National Benefit Integrity Medicare Drug Integrity Contractor (NBIMEDIC).
• MAC provider enrollment units.
• CMS.
• FBI.
• DOJ.
• HHS/OIG.
• Medicaid Program Integrity Directors, State Utilization Review (SUR) officials, and Provider Enrollment units.
• Medicaid Fraud Control Units (MFCUs).
• Other federal and state partners seeking to address program integrity concerns in judicial or state health care programs.

As further described in Chapter 4, Section 4.11.1.1 of the MPIM, not all ZPIC audit findings are reported on the FID.  Cases that are not captured by ZPICs on the FID include:

• Individual complaints (statements alleging improper entitlement);
• Simple overpayment recoveries (not involving potential fraud), complaints that are returned to the AC or MAC second-level screening staff (or PSC or ZPIC, if applicable); and
• Medical review abuses.

V.   UPIC / ZPIC Referrals to State Licensure Boards Based Solely on Data Mining are Increasing:

UPIC / ZPIC referrals to state licensure boards are not limited to only situations where a claim-by claim audit has been conducted.  We are currently seeing referrals based solely on conclusions reached through data mining, where no actual audit of the provider’s medical records has yet been conducted.  Examples of these situations include:

• Nurse Practitioner: The provider’s prescription practices with respect to controlled practices are seen as excessive when compared to those of the Nurse Practitioner’s peers.
• Physician: Based on the level of E/M services billed, the ZPIC believes that the physician is treating more patients than can be seen in a typical workday.

VI.   Protecting Your License. 

A wide range of physicians, nurse practitioners and other licensed health care providers participating in the Medicare program are subject to audit by a UPIC or a ZPIC.  It is therefore imperative that you take steps NOW to better ensure that your medical necessity, documentation, billing and coding practices fully comply with state and federal statutory and regulatory requirements.  The development and implementation of an effective Compliance Program is an essential first step if you want to reduce your level of regulatory and licensure risk.  To the extent that you already have a Compliance Program in place, you need to periodically conduct internal auditing and monitoring activities to better ensure your continued adherence with applicable rules and regulations.

As described, a ZPIC may make a referral to your state licensing board based solely on their analysis of a provider’s utilization, coding and billing practices, even though the UPIC / ZPIC has never contacted you or reviewed a single medical record.  Nevertheless, most UPIC / ZPIC referral cases are, in fact, precluded by a UPIC / ZPIC audit of your medical records.  In such cases, there is a high likelihood that your practice will soon be faced with an administrative overpayment and that you may be required to respond to a complaint the UPIC / ZPIC has filed with your state licensure board.

We recommend that you immediately contact qualified health care legal counsel at the first sign that a UPIC / ZPIC audit or review may be underway.  There are steps you can take early in the process that can help you avoid both a sizeable overpayment finding and a possible referral to the state licensure board.  Should you fail to affirmatively respond to a UPIC / ZPIC audit until an overpayment determination has been made, your chances of prevailing in the administrative appeals process may be significantly diminished.  Please feel free to give me a call if you have received a ZPIC request for records or have been assessed an alleged overpayment by a UPIC or ZPIC.

Robert W. Liles, J.D., M.B.A., M.S., serves as Managing Partner at Liles Parker, Attorneys and Counselors at Law.  He has extensive experience representing health care providers in UPIC / ZPIC audits and in the Medicare appeals process.  He also regularly represents a wide range of health care providers in connection with complaints filed with state licensing boards.  For a complimentary consultation, please give Robert a call.  He can be reached at:  1 (800) 475-1906.