UPIC / ZPIC Referrals of MDs and NPs to State Boards!

June 9, 2017 by  
Filed under Featured, UPIC Audits

Did a UPIC or ZPIC marke a referral to your state licensure board?(June 9, 2017):  You aren’t paranoid, your utilization, coding and billing practices are, in fact, being watched.   The Centers for Medicare and Medicaid Services (CMS) currently transitioning over to using a Unified Program Integrity Contractor (UPIC) in your jurisdiction to serve as program integrity contractors.  During this transition period, you may also be audited by the outgoing Zone Program Integrity Contractor (ZPIC) responsible for auditing your part of the country.  Although you may have never been audited, been contacted by, or even heard of a UPIC or a ZPIC, that doesn’t mean that they aren’t monitoring your business practices on an ongoing basis.  In fact, as Section 2.6.4 of the “Uniform Statement of Work” (SOW) published by CMS states that contractors serving as a UPIC:

” . . . will integrate the program integrity functions for audits and investigations across Medicare and Medicaid, and ensure that CMS’s national priorities for both Medicare and Medicaid are executed and supported locally.”

Similarly, ZPICs are required to engage in comprehensive data analysis activities as part of their contractual obligations with the government.  As Section 1.3.1 of the most recent ZPIC Statement of Work requires:

“The ZPIC shall review and analyze a variety of data in order to focus its program integrity efforts by identifying vulnerabilities and/or specific providers for review and investigation within its zone, referral of potential fraud, waste and abuse cases to law enforcement, and pursuance of administrative actions. Further, the ZPIC shall be proactive and aggressive in pursuing many different sources and techniques for analyzing data in order to reduce any of its risks within this [Statement of Work].”

As the ZPIC Statement of Work further notes in Section 4.2:

The ZPIC shall provide a variety of data analysis, statistical analysis, and trending activities to enhance the detection and prevention of Medicare and Medicaid potential fraud, waste and abuse in the participating state(s). The ZPIC shall use appropriate CMS Medicare data, as well as data from other sources such as Medicaid data, to reach this end. 

Successful accomplishment shall require a significant amount of cooperation with the participating state(s), law enforcement, and other task orders within the ZPIC zone. It may also require significant cooperation with other ZPICs

ZPICs have used sophisticated data mining techniques to identify physicians and other health care providers whose utilization, coding and / or billing behavior is different from that of the provider’s peers.  Once an outlier is identified, the ZPIC has a number of actions it can take.   For instance, in recent months, we have seen a noticeable increase in the number of referrals that have been made by a ZPIC to a particular provider’s state licensure board.  In this article, we examine these referral actions in more detail.

I.   UPIC / ZPIC Targets in 2017:

The government’s efforts to consolidate their Medicare and Medicaid program integrity efforts under a single contract are well underway.  As a result, some health care providers are already receiving requests for records and / or notice of an audit from a Unified Program Integrity Contractor (UPIC) rather than from their former ZPIC. In large part, this is a distinction without a difference since the CMS contractor awarded the UPIC contract most likely previously served as ZPIC for the same jurisdiction.   Once fully implemented, the UPIC program will combine integrate the Medicare and Medicaid program integrity functions that have previously been performed by ZPICs, Program Safeguard Contractors (PSCs) and Medicaid Integrity Contractors (MICs).  Importantly, the Chapter 4 of the Medicare Program Integrity Manual expressly notes that the program integrity duties and responsibilities currently outlined in the chapter as applicable to ZPICs also fully apply to UPICs.  In any event, many providers are continuing to receive requests for records and notice of an audit from ZPICs rather than the UPIC covering their jurisdiction.  Provider types primarily targeted in 2017 have included:

  • Home health agencies.
  • Hospice organizations.
  • Physician practices.
  • Pain management practices and pain management physicians.
  • Nurse practitioners.
  • Chiropractic practices.
  • Multidisciplinary practices owned by a chiropractor.
  • Independent clinical laboratories.
  • Physical therapy / occupational therapy / speech therapy services.
  • Independent diagnostic testing facilities.
  • Ambulance service providers.

Is your organizational type listed above?  If not, that still doesn’t mean that you won’t be audited by a ZPIC, or possibly even a UPIC.  If your organization is engaging in utilization, coding or billing practices that appear to be out-of-sync with those of its peers, there is a good chance that you will soon be audited by the a ZPIC, UPIC or a specialty program integrity working for CMS.

II.   UPIC / ZPIC Referrals to State Licensure Boards and Professional Societies:

The UPIC / ZPIC responsible for conducting Medicare program integrity activities in your ZPICs part of the country is constantly on the lookout for aberrant provider practices.  For instance, in a case our law firm handled, a ZPIC program integrity contractor conducted an audit of Evaluation & Management (E/M) claims billed by a Nurse Practitioner.  In this particular case, the ZPIC auditor concluded that the provider lacked the requisite level of physician supervision to conduct the E/M services at issue.  To be clear, this case did not involve the billing of “incident to” claims.  Rather, it hinged on the fact that some states prohibit a Nurse Practitioner from independently diagnosing and treating a patient unless a requisite level of physician oversight or supervision is in place.  In this particular case, the ZPIC auditor alleged that there was no evidence that the required level of physician supervision had been met.  As a result, the ZPIC denied the audited claims and alleged that the provider had submitted non-payable claims to the Medicare program for payment.  Notably, the ZPIC didn’t stop there – it also filed a complaint against the Nurse Practitioner with the state Board of Nursing, alleging that the nurse’s actions were a violation of the state Nurse Practice Act.  Unfortunately, UPIC / ZPIC referrals to state licensing boards appear to growing each year.

III.   What is the Regulatory Basis for a UPIC / ZPIC to Make a Referral to a State Licensure Board?

As set out in Chapter 4 of the Medicare Program Integrity Manual, ZPICs are required to make a referral to a provider’s state licensure board if it finds that the provider engaged in unethical or improper practices.”  As Section 4.18.2 of the MPIM provides:

The ZPIC shall refer instances of apparent unethical or improper practices or unprofessional conduct to state licensing authorities, medical boards, the QIO, or professional societies for review and possible disciplinary action. . . (emphasis added).

While the mandates set out in a specific state’s Nurse Practice Act, Medical Practice Act, or other licensed professional’s Practice Act may vary, one thing is for certain – virtually every State Practice Act includes broad provisions which ban conduct that is considered to be unprofessional or unethical.  These provisions are typically so general that a ZPIC could easily conclude that a referral is required in wide variety of situations.  These include, but are not limited to:

  • Physician: Failure to exercise proper level of supervision over a Nurse Practitioner, Physician Assistant and / or any other member of his staff.
  • Physician: Failure to properly document the services provided.
  • Physician: Providing services that are medically unnecessary.
  • Physician: Billing for services that were not provided.
  • Nurse Practitioner: Performing certain patient care services without the requisite level of physician supervision in place.
  • Nurse Practitioner: Inappropriately prescribing controlled substances to one or more patients.
  • Nurse Practitioner: Failure to order a urine drug screen before prescribing controlled substances in a case where the patient has exhibited non-compliant behavior.

As the regulatory language further reflects in Section 4.18.2 further requires, if the ZPIC concludes that a licensee has engaged in unethical or improper conduct, the contractor is also supposed to make a referral to professional societies to which a licensed health care provider belongs.

Prior to making a referral to the state licensing board, it is worth noting that the ZPIC is required to confer with the appropriate Medicare Administrative Contractor (MAC) so that duplicate referrals are not by both contractors.  As this portion of Section 4.18.2 states:

The ZPIC’s and the MAC’s MR staffs shall confer before such referrals, to avoid duplicate referrals. The ZPIC shall gather available information and leave any further investigation, review, and disciplinary action to the appropriate professional society or State board. Consultation and agreement between the ZPIC’s and the MAC’s MR staffs shall precede any referral to these agencies.

While not stated in Section 4.18.2, these coordinative efforts may also lead to a provider being placed on prepayment review and / or subjected to a number of other administrative sanctions.

IV.   And the “Hits” Just Keep on Coming – Additional Referrals Made by a UPIC / ZPIC:

Chapter 4, Section 4.18.3 of the MPIM requires that ZPICs also make a referral to the Medicare Quality Improvement Organization (QIO) if a situation involving potential patient harm is identified.  As the regulations state, in part:

If potential patient harm is discovered during the course of screening a lead or through the investigation process, the ZPIC shall refer those instances to the QIO, state medical board, or state licensing agency. In addition to making the appropriate referrals, the ZPIC shall notify the COR and IAG BFL within two (2) business days once the potential patient harm issue is discovered.

If the ZPIC refers a provider to the State licensing agency or medical society (i.e., those referrals that need immediate response from the State licensing agency), the ZPIC shall also send a copy of the referral to the QIO.

As program integrity contractors, ZPICs have been granted access to the government’s Fraud Investigative Database (FID).  They are required to enter and update Medicare fraud, waste and abuse investigations that they have initiated into the database.  ZPICs are also required to input updates on cases, payment suspensions and requests for information that they have performed at the request of law enforcement or CMS.  Health care providers need to keep in mind that a wide range of federal and state law enforcement agencies maintain access to the ID.  As discussion in Chapter 4, Section 4.11.1 of the MPIM, these include, but are not limited to:

  • All ZPICs.
  • National Benefit Integrity Medicare Drug Integrity Contractor (NBIMEDIC).
  • MAC provider enrollment units.
  • CMS.
  • FBI.
  • DOJ.
  • HHS/OIG.
  • Medicaid Program Integrity Directors, State Utilization Review (SUR) officials, and Provider Enrollment units.
  • Medicaid Fraud Control Units (MFCUs).
  • Other federal and state partners seeking to address program integrity concerns in judicial or state health care programs.

As further described in Chapter 4, Section of the MPIM, not all ZPIC audit findings are reported on the FID.  Cases that are not captured by ZPICs on the FID include:

  • Individual complaints (statements alleging improper entitlement);
  • Simple overpayment recoveries (not involving potential fraud), complaints that are returned to the AC or MAC second-level screening staff (or PSC or ZPIC, if applicable); and
  • Medical review abuses.

V.   UPIC / ZPIC Referrals to State Licensure Boards Based Solely on Data Mining are Increasing:

UPIC / ZPIC referrals to state licensure boards are not limited to only situations where a claim-by claim audit has been conducted.  We are currently seeing referrals based solely on conclusions reached through data mining, where no actual audit of the provider’s medical records has yet been conducted.  Examples of these situations include:

  • Nurse Practitioner: The provider’s prescription practices with respect to controlled practices are seen as excessive when compared to those of the Nurse Practitioner’s peers.
  • Physician: Based on the level of E/M services billed, the ZPIC believes that the physician is treating more patients than can be seen in a typical workday.

VI.   Protecting Your License. 

A wide range of physicians, nurse practitioners and other licensed health care providers participating in the Medicare program are subject to audit by a UPIC or a ZPIC.  It is therefore imperative that you take steps NOW to better ensure that your medical necessity, documentation, billing and coding practices fully comply with state and federal statutory and regulatory requirements.  The development and implementation of an effective Compliance Program is an essential first step if you want to reduce your level of regulatory and licensure risk.  To the extent that you already have a Compliance Program in place, you need to periodically conduct internal auditing and monitoring activities to better ensure your continued adherence with applicable rules and regulations.

As described, a ZPIC may make a referral to your state licensing board based solely on their analysis of a provider’s utilization, coding and billing practices, even though the UPIC / ZPIC has never contacted you or reviewed a single medical record.  Nevertheless, most UPIC / ZPIC referral cases are, in fact, precluded by a UPIC / ZPIC audit of your medical records.  In such cases, there is a high likelihood that your practice will soon be faced with an administrative overpayment and that you may be required to respond to a complaint the UPIC / ZPIC has filed with your state licensure board.

We recommend that you immediately contact qualified health care legal counsel at the first sign that a UPIC / ZPIC audit or review may be underway.  There are steps you can take early in the process that can help you avoid both a sizeable overpayment finding and a possible referral to the state licensure board.  Should you fail to affirmatively respond to a UPIC / ZPIC audit until an overpayment determination has been made, your chances of prevailing in the administrative appeals process may be significantly diminished.  Please feel free to give me a call if you have received a ZPIC request for records or have been assessed an alleged overpayment by a UPIC or ZPIC.

Robert LilesRobert W. Liles, J.D., M.B.A., M.S., serves as Managing Partner at Liles Parker, Attorneys and Counselors at Law.  He has extensive experience representing health care providers in UPIC / ZPIC audits and in the Medicare appeals process.  He also regularly represents a wide range of health care providers in connection with complaints filed with state licensing boards.  For a complimentary consultation, please give Robert a call.  He can be reached at:  1 (800) 475-1906.

ZPIC Audit: Will Your Case be Referred to DOJ or HHS-OIG for Fraud?

March 10, 2016 by  
Filed under Featured, UPIC Audits

tiny-target-crosshair(March 10, 2016): Has your practice, home health or hospice received an audit letter from a Zone Program Integrity Contractor (ZPIC)?  If so, one of the first questions you are likely to ask is how did this ZPIC audit get started? Why is our practice being targeted in a ZPIC audit? As a review of the administrative enforcement landscape will show, there are a myriad of tools at the disposal of the government (and its contractors) to identify and target a health care physician provider or supplier for ZPIC audit or investigation. In this article, we will provide an overview of the primary targeting tools utilized by the government and its various Medicare contractors.

I. Primary Source of Information Used to Target a Medicare ZPIC Audit.

As Chapter 2, Sec. 2.4.C of the Medicare Program Integrity Manual (MPIM) reflects:

“Claims data is the primary source of information used to identify and target fraudulent, wasteful or abusive activities.”

ZPICs around the country have been given ready access to a wide variety of claims coding, billing and utilization databases and are expected to perform complex data analysis with this data in an effort to ferret out health care providers and suppliers whose billing history appears to suggest that improper coding and / or billing practices may be taking place. Frankly, that’s the problem with ZPIC targeting methods. If a health care provider’s claims utilization and billing practices are outside of the norm (making the provider an “outlier”), that provider is likely to be audited or investigated by a ZPIC or another contractor working for the Centers for Medicare and Medicaid Services (CMS).

II. Secondary Sources of Data Used by ZPICs to Identify and Target Fraud and Abuse.

As set out in the MPIM, Sec. 2.4.D, CMS has directed ZPICs to consider the following additional sources of data when determining whether further analysis against a health care provider or a specified set of claims is needed. These additional sources of data include, but are not limited to:

• OIG and Government Accountability Office (GAO) reports;
• Fraud Alerts;
• Beneficiary, physician and provider complaints;
• Appeals data from QICs, including appeals overturn rate for a particular type of claim;
• Referrals from the QIO, other contractors, CMS components, Medicaid fraud control units, Office of the U.S. Attorney, or other federal programs;
• Suggestions provided directly or implicit in various reports and other materials produced in the course of evaluation and audit activities, (e.g., contractor evaluations, State assessment, CMS-directed studies, contractor or State audits of providers);
• Referrals from medical licensing boards;
• Referrals from the CAC;
• Peer Review Reports such as the First look Analysis Tool for Hospital Outlier Monitoring (FATHOM) and Program to Evaluate Payment Patterns Electronic Report (PEPPER), and Comparative Billing Reports;
• Information on new technologies and new or clarified benefits;
• Provider cost reports;
• Provider Statistical and Reimbursement (PS&R) System data;
• Enrollment data;
• Overpayment data;
• Pricing, data analysis, and coding (PDAC) data;
• Referrals from other internal and/or external sources (e.g., MAC audit staff, audit staff or, MAC quality assurance (QA) staff);
• Medicare Learning Network–which includes MedLearn Matters articles and Quarterly Provider Compliance Newsletters;
• IBM Cognos support for the Part D and Drug Data Processing System (DDPS) using the Teradata data repository;
• CMS prepared data, such as a listing of distinct providers or suppliers and/or bills that require medical review; and
• CMS Chronic Conditions Data Warehouse (CCW).

III. When Facing a ZPIC Audit, the “Fix” is In – Guilty Until Proven Innocent.

Rather than reviewing a provider’s claims with no preconceptions in place, we believe that once a provider is identified as an outlier, there is a presumption on the part of ZPIC auditors and claims reviewers to find that the provider has engaged in improper billing activities. As the former General Counsel for one the ZPIC’s once stated:

“All of the claims audits we conduct are in connection with either a fraud case or a POTENTIAL fraud case.” (paraphrased).

Frankly, this statement says it all. ZPICs view themselves as an extension of law enforcement, despite the fact that they a merely a federal contractor working under the direction of CMS. This can place health care providers in a no-win situation. On the one hand, as a participating provider in the Medicare program, a health care provider has an obligation to cooperate with a ZPIC conducting a claims audit. Unfortunately, ZPIC investigators often request to interview physicians and other clinical staff. Since the ZPIC investigator is not technically a law enforcement official, witnesses are not advised of their rights against self-incrimination and may inadvertently make one or more statements that are not in their interests. This is especially important when you consider the fact that one of the factors currently being used as an evaluation metric when assessing the performance of ZPICs by CMS is whether the contractor has been making suspected fraud referrals to the Department of Health and Human Services, Office of Inspector General (HHS-OIG) and / or the U.S. Department of Justice (DOJ) for law enforcement review and prosecution. In fact, as HHS-OIG’s 2016 Work Plan states:

We will review the level of benefit integrity activity performed by Medicare benefit integrity contractors in CYs 2012 and 2013. This review will highlight trends in integrity activities and allow for a quick comparison of program results across years, across contractors, and across the parts of the Medicare program. CMS contracts with entities to carry out benefit integrity activities to safeguard Medicare against fraud, waste, and abuse. Activities that these contractors perform include analyzing data to identify aberrant billing patterns, conducting fraud investigations, responding to requests for information from law enforcement, and referring suspected cases of fraud to law enforcement for prosecution. (Emphasis added)

Regardless of whether the ZPIC investigator seeks to conduct interviews of your staff in an audit, after reviewing your medical documentation, the ZPIC may decide that its findings warrant referring the case to HHS-OIG or to DOJ for civil and / or criminal review and enforcement. In most cases, the ZPIC will likely find conclude that although an overpayment has been identified, the provider’s conduct does not warrant referring the case outside of the administrative appeals process. The ZPIC will then choose to treat the improper billing practices identified as an overpayment rather than as fraud.

IV. Responding to a ZPIC Audit.

In responding to a ZPIC audit, it is important to remember that although they may not technically be “bounty hunters,” it is to their benefit to find that an overpayment has occurred. These overpayments are often based on overlapping technical (such as an incorrect place of service code) and substantive (such as lack of medical necessity) reasons for denial.

Immediately upon learning of a ZPIC audit, regardless of whether the audit is a probe sample or appears to be an expanded sample of claims, we recommend that you contact legal counsel experienced in handling ZPIC audits and investigations. There are preemptive steps you may be able to take that can reduce the likelihood of a large overpayment. Addressing problematic claims on the front end may even held you avoid a situation where a ZPIC seeks to place your practice on prepayment review or recommend to CMS that you be suspended from the Medicare program. It may also stop the ZPIC from making a fraud referral to HHS-OIG or DOJ for review, assessment and possible prosecution.

Robert LilesRobert W. Liles, M.B.A., M.S., J.D., serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law. Liles Parker is a boutique health law firm, with offices in Washington DC, Houston TX, San Antonio TX, McAllen TX and Baton Rouge LA. Robert represents health care providers and suppliers around the country in connection with Medicare audits by ZPICs, SMERCs, RACs and other CMS-engaged specialty contractors. Our firm also represents health care providers in HIPAA Omnibus Rule risk assessments, privacy breach matters, State Medical Board inquiries and regulatory compliance reviews. For a free consultation, call Robert at: 1 (800) 475-1906.

ZPIC Update: The Impact of Being Placed on Medicare Prepayment Review.

March 9, 2016 by  
Filed under Featured, Medicare Audits

Medicare Prepayment Reviews can Bankrupt a Practice(March 9, 2016): Why have the number of prepayment reviews by Medicare contractors increased dramatically in recent years? Approximately seven years, Congress passed, and the President signed into law the Affordable Care Act. Since that time, the Centers for Medicare and Medicaid Services (CMS) and its contractors have accelerated their move away from “Pay and Chase” enforcement approaches. Today, Zone Program integrity Contractors (ZPICs), such as AdvanceMed and Health Integrity, AND Supplemental Medical Review Contractors (SMERCs), such as Strategic Health Solutions are rapidly moving towards preventative audit strategies. The purpose of this article is to briefly discuss the types of administrative enforcement actions, such as prepayment reviews, that we are currently seeing around the country.

I. Additional Documentation Requests (ADRs).

Providers should not confuse receiving an “Additional Document Request” (ADR), also sometimes referred to as an “Additional Development Request,” with being placed on prepayment review.

ADRs are often initiated by a provider’s Medicare Administrative Contractor (MAC).
ADRs typically relate to a particular probe or edit conducted by the MAC.
ADRs may be focused on specific services, length of stay, a specific provider or a specific diagnosis.

At some point in time, practically every health care provider and supplier participating in the Medicare program will receive Additional Documentation Requests (ADRs), asking that the provider or supplier submit all associated supporting documentation for review before the contractor will be able to make a coverage and payment determination with respect to that particular claim. ADRs are not uncommon. Nevertheless, it is important to keep in mind that ADRs serve a purpose. If the supporting documentation submitted to the Medicare contractor in response to an ADR fails to support coverage and payment requirements, the contractor may choose to place provider or supplier on 100% prepayment review.

II. Medicare Prepayment Reviews.

In most instances, a health care provider will not receive advance notice that it has been placed on prepayment review. Notably, this is directly contrary to Medicare’s regulations. Chapter 3 of the Medicare Program Integrity Manual (PIM) mandates notice to the provider prior to the initiation of provider-specific prepayment review:

“The Zone Program Integrity Contractors shall notify selected providers prior to beginning a provider-specific review by sending an individual written notice. ZPICs shall indicate whether the review will occur on a prepayment or postpayment basis. ZPICs shall maintain a copy of the letter and the date it was mailed. This notification shall be mailed the same day that the edit request is forwarded to the MAC. Refer to Exhibit 45 for the letter to be sent.”
See § 3.2.2 – Provider Notice, § A. Notice of Provider-Specific Review.

III. Direct Impact of Being Placed on Medicare Prepayment Review.

At first blush, being placed on prepayment review appears reasonable. It’s difficult to think of any other industry that gets paid practically “on demand” while presenting a payor with little or no proof that a covered service was actually rendered. Unfortunately, unless this administrative condition is promptly handled, prepayment review can ultimately lead to insolvency and / or bankruptcy, depending on the specific payor mix at issue.

How can occur? Most small health care providers assume that Medicare payments will always be timely. As a result, emergency / contingency funds and rainy-day savings accounts are often a thing of the past. Many small providers keep only enough funds in their business accounts to cover the practice’s overhead for 1 – 2 months. If your payor mix is 70% Medicare and 30% private payor and self-pay, being placed on prepayment review will effectively cut off most of your income for as long as the prepayment review requirement stays in place.

IV. Having a Medicare Prepayment Review Action Lifted.

We have successfully worked with numerous providers and suppliers in recent years in an effort to have the prepayment review requirement lifted. There is no “silver bullet” when it comes to having a provider taken off of prepayment review. It can’t be done overnight but it can be accomplished within a relatively short period of time. The key is not to wait – you must take action to address the prepayment review. Failure to do so can result in your practice, home health agency or clinic remaining on prepayment review for up to a year.
As a final point, it is important to keep in mind that being placed on prepayment review is a symptom. It is not the underlying problem. Is a suspension or revocation action around the next corner? Has a qui tam been filed?

V. Possible Follow-up Enforcement Actions.

If your practice, home health agency or clinic is placed on prepayment review, it is essential that you proactively deal, not ignore the problem. Hoping that the prepayment review will just “go away” is wishful thinking. In fact, should you fail to address the problem, you should keep in mind that a poor showing in connection with a prepayment audit, can lead to:

Postpayment audit.
• Referral to CMS for possible suspension action.
• Referral to CMS for possible revocation from the Medicare program.
• Referral to HHS-OIG for possible CMP action.
• Referral to DOJ for possible False Claims Act or criminal review.

VI. Conclusion.

Left unaddressed, something as mundane as an ADR can lead to a provider or supplier being placed on prepayment review, and ultimately possibly result in even more severe administrative enforcement action. We therefore recommend that you carefully review each ADR you receive and review your submissions of supporting documentation for accuracy and completeness prior to sending it in to the contractor. Prepayment reviews, postpayment audits, suspension actions, revocation actions and referrals to law enforcement are all possible outcomes if your documentation and / or business practices fail to fully comply with applicable regulatory requirements. How can you avoid these adverse events? A huge first step would be for you to develop, implement and adhere to the provisions of an effective Compliance Program.

Robert LilesRobert W. Liles, M.B.A., M.S., J.D., serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law. Liles Parker is a boutique health law firm, with offices in Washington DC, Houston TX, San Antonio TX, McAllen TX and Baton Rouge LA. Robert represents health care providers and suppliers around the country in connection with Medicare audits by ZPICs, SMERCs, RACs and other CMS-engaged specialty contractors. Our firm also represents health care providers in HIPAA Omnibus Rule risk assessments, privacy breach matters, State Medical Board inquiries and regulatory compliance reviews. For a free consultation, call Robert at: 1 (800) 475-1906.

Medical Director Agreements: Compensation Arrangements are Under the Microscope by HHS-OIG

June 11, 2015 by  
Filed under Featured, Medicare Audits

Medical Director-Physician-Compensation-Pay(June 11, 2015): After a hiatus of almost a year, the Department of Health and Human Services, Office of Inspector General (HHS-OIG) has published a new “Fraud Alert” entitled Fraud Alert: Physician Compensation Arrangements May Result in Significant Liability. As this alert makes crystal clear, physicians who serve as Medical Directors for home health agencies, hospices and other organizations must exercise care to ensure that the business relationship does not violate the federal Anti-Kickback Statute.

This article briefly discusses the potential criminal, civil and administrative liability you may suffer if your Medical Director arrangement does not fully comply with the law.

I.  The Role of the Physician in the Care and Treatment of Home Health Patients:

In June 1995, HHS-OIG published its report, The Physicians Role in Home Health Care. As set out in HHS-OIG’s report, prior to 1995, Medicare covered home visits by a physician, but did not cover the services of physicians for managing the home health care of their patients. On December 8, 1994, the Health Care Financing Administration (HCFA), now known as the Centers for Medicare and Medicaid Services (CMS), published new regulations in the Federal Register which provided for separate payment to physicians for care plan oversight services.. As HHS-OIG’s 1995 report further details, the agency had little data to rely on when assessing the full nature of physician involvement in home health care. Nevertheless, there were a number of concerns (based on audits conducted and anecdotal evidence provided) that physicians were not appropriately involved in the planning and coordination of home health services.

II.  HHS-OIG’s Recent Fraud Alert on Physician Compensation Arrangements:

While the role of the physician in the care and treatment of beneficiaries referred for home health may have been unclear a decade ago, there is little doubt that HHS-OIG’s view of this relationship has now crystallized.

Earlier this week, HHS-OIG published its latest Special Fraud Alert, entitled “Fraud Alert: Physician Compensation Arrangements May Result in Significant Liability.” As this report reflects, HHS-OIG is very concerned that the relationships between physicians and home health agencies (or hospices) to whom they refer patients may violate the federal Anti-Kickback Statute. The federal Anti-Kickback Statute is a criminal statute, violations of which can result in fines of up to $25,000 and up to five years imprisonment. As you will recall, under the federal Anti-Kickback Statute (42 U.S.C. §1320a-7b(b)(1)(A):

“Whoever knowingly and willfully solicits or receives any remuneration (including any kickback, bribe or rebate) directly or indirectly, overtly or covertly, in cash or in kind – in return for referring an individual to a person for the furnishing or arranging for the furnishing of any item or service for which payment may be made in whole or in part under a federal health care program.” (emphasis added).

Unfortunately, HHS-OIG has good reason to be concerned. In recent years, a number of the so-called “Medical Director” relationships established between a referring physician and a home health agency have been shown to be sham agreements, the purpose of which has been to illegally compensate a physician for the number of referrals made to a given home health agency. As HHS-OIG’s fraud alert discusses, it is essential that both parties entering  into a compensation arrangement ensure that the arrangement fully complies with applicable laws and regulations. A key component to be considered is whether the physician’s compensation is reflective of the “fair market value” of the bona fide services he or she is required to provide (and does, in fact, provide) under the agreement. While both CMS and HHS-OIG expressly recognize the importance of a physician’s involvement in the plan of care and ongoing assessment of patients receiving home health care services, they are also very cognizant of the fact that some of these relationships have been little more than a disguised kickback. As HHS-OIG’s alert reiterates:

“if even one purpose of the arrangement is to compensate a physician for his or her past or future referrals of [f]ederal health care program business. [HHS-OIG] encourages physicians to carefully consider the terms and conditions of medical directorships and other compensation arrangements before entering into them.”

HHS-OIG’s fraud alert further notes that the agency recently reached settlements with “12 individual physicians who entered into questionable medical directorship and office staff arrangements.” Arrangements that take into account physician’s volume or value of referrals, are not for a least a year, and are not based on a flat fee are particularly suspect.

III. Impact of the Patient Protection and Affordable Care Act:

Under the Patient Protection and Affordable Care Act (Affordable Care Act), Public Law 111-148, a number of important revisions to the federal Anti-Kickback Statute were enacted, one of which expanded a health care provider’s potential liability for a Medicare or Medicaid-related kickback violation. As 42 U.S.C. § 1320(a)-7b(g) now provides:


(1) KICKBACKS.—Section 1128B of the Social Security Act

(42 U.S.C. 1320a–7b) is amended by adding at the end the following new subsection:

‘‘(g) In addition to the penalties provided for in this section or section 1128A, a claim that includes items or services resulting from a violation of this section constitutes a false or fraudulent claim for purposes of subchapter III of chapter 37 of title 31, United States Code.’’.

In other words, a violation of the federal Anti-Kickback Statute may now give rise to liability under the Civil False Claims Act. As you will recall,

As a result of this legislation, federal prosecutors (and possibly whistleblowers) could have also pursued this case under the civil False Claims Act. As you will recall, a violation of the False Claims Act can result in penalties of between $5,500 to $11,000, plus treble damages, per false claim. We are now seeing False Claims Act cases brought by both the government and by private parties (Relators / Whistleblowers) involving allegations of illegal kickbacks. This is especially the case in situations where the government for whatever reasons chooses to pursue this type of conduct civilly – whether or not the government chooses to also pursue a criminal cases varies from case-to-case, and often depends on the egregiousness of the conduct and the amount of the fraud. In any event, it is important for physicians and organizations to whom they make referrals keep in mind that violations of the Anti-Kickback Statute can lead to significant civil liability.

IV.  Liability Under the Civil Monetary Penalties Law:

While violations of the federal Anti-Kickback Statute can lead to both criminal and civil liability, HHS-OIG’s fraud alert also notes that physicians and other parties to an illegal compensation agreement are also subject to liability under the Civil Monetary Penalties (CMP) Law. The administrative sanctions that HHS-OIG may pursue under CMP laws can be nearly as severe as those that may be imposed under the civil False Claims Act.

V.  Role of ZPIC Auditors in Identifying Fraudulent Compensation Agreements:

While most questionable Medical Directorships and other compensation arrangements are identified by other means, it is important to keep in mind that Zone Program Integrity Contractors (ZPICs) are actively involved in the identification and referral of potentially fraudulent provider conduct to both CMS and HHS-OIG. In fact, most ZPIC audit letters for information now include two separate “silos” (our word, not theirs) of requests. The first silo of information sought is generally concerned with specific claims information (e.g. copies of medical records, test results, billing records, physician notes, treatment and care plans, etc.). In contrast, the second silo of requests is almost exclusively focused on a health care provider’s business-related records and business relationships. Typical requests falling into this category would include lists of current and former employees, receipts for supplies purchased, copies of any Medical Directorships, copies of marketing materials, copies of any equipment / space leases, employee salary information and copies of Accounts Payable records. When reviewing the materials produced in response to the second silo of questions, if it appears to a ZPIC that a health care provider is engaged in impropriety (such as paying a referring physician for the referral of patients), they will refer the matter to CMS and / or law enforcement for further investigation and action.

VI.  What Should You Do?

Move carefully before entering into any Medical Directorship or compensation arrangement. Prior to executing any compensation agreement, both a physician and the organization to whom he or she may send referrals should have the agreement carefully reviewed by a qualified health lawyer so that any potential violations of the federal Anti-Kickback Statute can be fully addressed. Depending on the facts, the health lawyer may be able to structure the arrangement so that is fails within a Safe Harbor. To be clear, it isn’t enough that an agreement appear to be legal on its face, the actual conduct between the parties is what will ultimately be examined by law enforcement.

Robert LilesRobert W. Liles, JD, MS, MBA serves as Managing Partner at Liles Parker, Attorneys and Counselors at Law. Robert represents home health agencies of all sizes around the country in connection with a full range of ZPIC prepayment reviews, postpayment audits and suspension actions. He also handles home health False Claims Act cases. For a complimentary consultation, please call Robert at: 1 (800) 475-1906.

New Medicare Penalties with Quality and Safety Incentive Programs

April 30, 2015 by  
Filed under Featured, Medicare Audits

Medicare penalties(April 30, 2015): Starting this year, the Centers for Medicare and Medicaid Services (CMS) will have three Medicare quality and safety incentive programs go into effect. As a result, more than three dozen hospitals across the U.S. will be penalized more than 3% on most of their CMS reimbursements. Medicare penalties may be a real risk for your organization.

 I.  Medicare Quality and Safety Incentive Programs Now in Effect:

The three Medicare quality and safety incentive programs, established under the Affordable Care Act (ACA) that will take effect this year are the Hospital Value-Based Purchasing (VBP) Program, the Hospital Readmissions Reductions Program, and the Hospital-Acquired Condition (HAC) Reduction Program.

  • Hospital Readmissions Reductions Program: Hospitals can be penalized up to 3% of revenue for excessive 30-day readmissions. This is the highest amount allowed under the ACA, and is a significant increase from the readmission penalty in 2014, which was 35%.
  • VBP program: CMS will withhold 1.5% of payments for all hospitals and distribute incentive payments based on performance. This program establishes bonuses and penalties that will be based on different quality indicators.
  • HAC Reduction Program: There will be a 1% penalty to any hospital that falls into the bottom 25% nationally for hospital-acquired conditions, such as urinary catheter or bloodstream infections and other issues related to patient safety.

II.  Impact of Increased Medicare Penalties:

To show the effect these increased Medicare penalties will have on certain hospitals, Modern Healthcare did an analysis of CMS data and found that when the Medicare penalties associated with these three programs are combined, two hospitals in particular will have considerable Medicare payments docked over 4%. The 180-bed Palisades Medical Center in North Bergen, N.J., will face a reduction of 4.44% in reimbursements, and the 455-bed Pennsylvania Hospital in Philadelphia will face a reduction of 4.21% reduction.

The escalating penalties are receiving a lot of criticism from advocates for teaching hospitals and critical-access hospitals, which make up the biggest number of worst-performing hospitals. According to these advocates, CMS programs need to be refined to ensure they are not creating additional hardships. Members of the American Association of Medical Colleges (AAMC) say that AAMC hospitals are disproportionately affected by these penalties because by their very nature they take on more complex cases and are more likely to report bad outcomes. Therefore, their stance is that they should not be compared to and held to the same standards as hospitals with different types of patients and different types of procedures.

Modern Healthcare also found that academic medical centers were among the more heavily penalized hospitals in the nation:

  • The University of Colorado Hospital faces a 2.18% reduction from its Medicare reimbursements;

  • Peter’s University Hospital faces a 2.5% reduction from its Medicare reimbursements; and

  • Thomas Jefferson University Hospital faces a 3.01% reduction from its Medicare reimbursements.

Forty-two hospitals will face a combined penalty of 3% or higher on their 2015 Medicare revenue.

III. Improved Performance as a Result of New Programs

While some healthcare providers will surely struggle as a result of increased penalties, many facilities have already improved their performance from year to year and face low penalty rates. In fact, about 800 of the nation’s hospitals face either no penalties or will be earning rewards based on their performance in the value-based purchasing program.

For example, Bucks County Specialty Hospital in Pennsylvania earned the nation’s highest reward in the value-based purchasing program and will see a fiscal 2015 reimbursement boost of 2.09%. The acute-care hospital has not seen a 30-day readmission fine in the past three years, it will not face a HAC penalty in 2015, and it increased its VBP Program reward.

IV.  Conclusion:

There has been no suggestion from CMS that new rules or exceptions will be made for critical-access or academic medical centers who are disproportionately affected by increased penalties. Penalties are expected to increase over the years, having a large combined financial impact. By 2017, the combined penalties for HAC 30-day readmissions and value-based purchasing will put as much as 5.5% of inpatient Medicare payments at risk. CMS is constantly updating penalties for providers that don’t meet their arbitrary requirements, and these penalties are getting more expensive. If you have questions about these new penalties or any other pre-existing Medicare payment penalties that you may be at risk for violating, please give us a call, toll-free, at 1-800-475-1906.

Robert LilesLiles Parker attorneys represent health care suppliers and providers around the country in connection with regulatory compliance reviews, Medicare audits, HIPAA Omnibus Rule risk assessments, privacy breach matters, and State Medical Board inquiries. Robert W. Liles, Esq., is a Managing Partner at Liles Parker, Attorneys & Counselors at Law.  Call Robert for a free consultation at (800) 475-1906.

Understanding Prepayment Review in 2015

April 29, 2015 by  
Filed under Featured, Medicare Audits

Medicare Prepayment FormThe Centers for Medicare & Medicaid (CMS) has instituted several methods to help combat the increase in waste, fraud, and abuse in the federal and state health care programs. One of the most recent trends involves pre-payment review of claims. In this process, government contractors will review a claim for problems before the claim may be paid. Unlike the traditional postpayment review process, if a health care provider is placed under prepayment review, there is very little you can do other try to identify the nature of deficiencies noted so that remedial action can be taken. Moreover, health care providers in prepayment review face expensive complications, including possible exclusion from Federal healthcare programs, if the problems which caused them to be subject to prepayment review go uncorrected. The key is to truly understand the prepayment review process and what you can do to minimize any potential problems.

I.  The Prepayment Review Process Comes to Life

In 2012, CMS introduced the Recovery Audit Prepayment Review Demonstration, which allows Recovery Auditors (RACs) to conduct prepayment reviews on certain types of claims that historically result in high rates of improper Medicare payments. The demonstration focused on eleven states: California, Florida, Illinois, Louisiana, Michigan, Missouri, New York, North Carolina, Ohio, Pennsylvania, and Texas. Prepayment Claim Review Programs apply to the National Correct Coding Initiative (NCCI), Medically Unlikely Edits (MUEs), and Medical Review (MR).

NCCI Edits are performed by Medicare Audit Contractors (MACs). CMS developed the NCCI to promote national correct coding methods and to control improper coding that leads to inappropriate payment in Medicare Part B claims. NCCI edits prevent improper payments when incorrect code combinations are reported. NCCI edits are updated quarterly.

MACs also perform MUEs, which were created to reduce the paid claim error rate for Medicare claims. MUEs and NCCIs are automated prepayment edits. MACs analyze whether the procedure on the submitted claim complies with MUE policy.

MRs are performed by MACs, Zone Program Integrity Contractors (ZPICs), and Supplemental Medical Review Contractors (SMRCs). These contractors identify suspected billing problems through error rates produced by the Comprehensive Error Rate Testing (CERT) Program, vulnerabilities identified through the Recovery Audit Program, analysis of claims data, and evaluation of other information, such as complaints. CMS, MACs, and other claim review contractors target MR activities at identified problem areas appropriate for the severity of the problem. A MAC can place a provider with identified problems submitting correct claims on prepayment review. If this happens, a percentage of the provider’s claims undergo MR before the MAC authorizes payment. Once providers re-establish the practice of billing correctly, prepayment review ends at the discretion of the contractor.

II.  Prepayment Review

A Medicare contractor will place a provider on prepayment review if they suspect the provider is billing the Medicare program inappropriately. Rather than paying these providers upon the submission of claims, the contractors require the providers to submit medical records and other documentation to support the claims. The records and documentation are then manually reviewed by nurses and other licensed practitioners. The submitted claims are then either approved or denied based on the manual review. Providers generally remain on prepayment review until their average rate of claims approval reaches a sufficiently high percentage, which is usually 80%.

CMS has directed its contractors to consider excluding physicians and other providers from Medicare and Medicaid if they have been on prepayment review for extended periods of time without correcting their “inappropriate behavior.” Exclusion from participation in Federal healthcare programs typically leads to other adverse consequences, such as loss of hospital privileges and being dropped from managed care networks.

Providers must make exhaustive efforts to avoid ending up on prepayment review and potentially facing exclusion. To do so, providers need to understand what contractors have the authority to put a provider on prepayment review, and what the contractors are looking for.

III.  Providers and Prepayment Review – A Real Concern

Unfortunately, even the mere allegation of fraud leads to prepayment review. This, in turn, can harm even the most innocent provider. Last year in New Mexico, fifteen behavioral health care providers were put on prepayment review based on “credible allegations of fraud.” Because their Medicaid reimbursements were suspended, the providers could not afford to pay their staff, rent, or other bills. The providers tried suing the state and sought an injunction that would restore funding. The providers argued that they had been denied due process by not being told what the precise charges were against them, and that at the end of the day those suffering the most were their patients. However, they were denied the injunction.

As a result, the fifteen providers ended up filing for bankruptcy. Because the behavioral health care providers served 87% of New Mexico’s Medicaid recipients, the state of New Mexico had to bring in providers from Arizona to service residents. This caused state infighting, as New Mexico’s Legislative Finance Committee objected to the New Mexico Human Services Department moving $10 million from its budget to pay Arizona agencies to take over New Mexico providers. The deal with the Arizona providers eventually went through, and 2 of the fifteen New Mexico providers were ordered to make repayments to Medicaid.

IV.  What Can Providers Do?

Unfortunately, health care providers may not be able to ignore the fact that being placed on prepayment review has become an inevitability. So what is a practitioner to do faced with this ordeal? Well, the best way for a provider to avoid a tragic situation that befell the providers in New Mexico is to have an ironclad and effective compliance plan that is followed by all provider employees and affiliates. It is best to prepare for the worst and have solid documentation of accuracy to show auditors than to lose one’s livelihood over false allegations of fraud. Have you implemented your effective compliance plan?   If not, you increase the risk that your claims may not be paid for the services you have provided. Even if you do have a compliance plan in place, the plan may no longer be up to date or may simply be ineffective. It is imperative that you take action now to reduce the risks that come along with the prepayment review process. Give us a call today and we would be more than happy to assist you with the prepayment review process as well as implementing an effective compliance plan for your organization.

Robert LilesRobert Liles, Esq., serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law.  Liles Parker attorneys represent a variety of health care providers around the country in connection with both regulatory and transactional legal projects. For a free consultation, call Robert at (800) 475-1906.

CMS Guidance on the Role of the Medical Director

April 27, 2015 by  
Filed under Featured, Medicare Audits

healthy-business-diagramLong term care facilities are required[1] to employ a physician to serve as its medical director. Medical directors are responsible for overseeing the medical care as well as implementing resident care policies. The Centers for Medicare and Medicaid Services (CMS) has promulgated guidance for that position that outlines the specific roles and duties. Long term care facilities that accept Medicare should pay particular attention to the CMS guidance during the medical director hiring process. Furthermore, this guidance gives providers an idea of how to avoid an Office of the Inspector General (OIG) enforcement action against them for alleged questionable medical directorship arrangements with physicians.

I.  The Role of the Medical Director

Medical directors act as important leaders for long term care facilities and help them provide quality care. CMS requires all long term facilities to designate a physician to serve in this role in order to receive Medicare payments for services provided. That practitioner must be currently licensed in the State(s) in which the facility(ies) s/he serves is (are) located.

CMS guidance states that the Medical Director has two primary responsibilities:

  1. Implement resident care policies; and
  2. Coordinate medical care in the facility.

Moreover, the medical director’s roles and responsibilities require the practitioner serving in this capacity to be knowledgeable about current standards of practice in caring for long term care residents. That individual must be educated about how to coordinate and oversee related practitioners serving under his leadership. The medical director’s input promotes a facility’s goal of optimal resident outcomes, which may also be influenced by many other factors, such as resident characteristics and preferences, individual attending physician actions, and facility support.

II.  Implementation of Resident Care Policies and Procedures

Long term care facilities must obtain the medical director’s ongoing guidance in developing and implementing resident care policies, including review and revision of existing policies. While medical directors are the ultimate force behind resident care policies, they are not required to single-handedly put the policies into practice or monitor implementation. Instead, the medical director should collaborate and consult with facility leadership, staff, other licensed practitioners, nurse practitioners, physician assistants, and other registered health care professionals to help develop, implement, and evaluate the resident care policies and procedures.

The policies and procedures that are put into place must also reflect the current standard of practice. Moreover, although CMS guidance and regulations do not require the medical director to sign the policies or procedures, the facility must have documented evidence that its development, review, and approval of resident care policies included the medical director’s input.

III.  Coordination of Medical Care

The other critical role of the medical director is the coordination of medical care. In this sense, coordinating medical care includes organizing, directing, and managing care from appropriate health care providers to meet the health care and psychosocial needs of residents. The coordination of care must also meet current standards of practice and help the long term care facility meet its regulatory requirements.

The medical director is an important link between the facility, attending physicians, and other providers. That physician is tasked with promoting a common understanding of the “big picture” for individual residents. S/he should use the valuable information identified through the facility’s quality assessment and assurance committee and quality assurance program to address any issues related to the coordination of care.

IV.  What the CMS Guidance Provides to Long Term Care Facilities

To reduce the risk of non-compliance with CMS guidelines, facility boards should implement certain policies and procedures specifically dealing with medical directors that reflect the CMS guideline policies. For one thing, medical directorships should be reflected in the facility’s written policies and procedures manual and satisfy the requirements of all other relevant laws, including the Stark law and Anti-Kickback law. An electronic database – as well as a physical hard copy – of all these agreements should be maintained and should include a reliable tracking system to ensure that each agreement is reviewed periodically. Such monitoring on an annual basis of all medical director agreements can ensure that in each case the medical director is actually providing the services required and is being paid the compensation set forth in his agreement.

To prove that the medical director is implementing resident care policies, facility boards should check to make sure medical directorship services are legitimate and important in order for the facility to carry out its clinical functions. To prove their role in coordinating medical care in the facility, medical directors should complete a daily written log specifying each task performed and the amount of time spent performing the task.

V.  Conclusion

CMS’s guidance pertaining to the regulation on medical directors is a useful tool for all providers and medical directors. It shows what OIG will review to determine whether a legitimate, bona fide medical directorships exists at the long term care facility. If a medical director has real duties and responsibilities that are actually performed and documented, this will differentiate that physician from a sham medical directorship arrangement which is designed to reward referrals and pay kickbacks. This is especially important as the government continues to aggressively enforce efforts against providers who engage in illegal kickback practices and violations of the Stark law. As a long term care facility, it is important that you document all of the evidence related to the roles and responsibilities for, as well as the actions taken by, your medical director. These should be included in your facility’s compliance plan. Do you need assistance drafting policies and procedures related to an effective compliance plan? We would be more than happy to help you remain compliant with all CMS rules and regulations. Give us a call today.

Robert LilesRobert W. Liles, Esq., is a Managing Partner at Liles Parker, Attorneys & Counselors at Law.  He Liles focuses his practice on internal audits/investigations, fraud defense, and compliance and regulatory matters. The attorneys at Liles Parker represent a wide variety of health care providers and suppliers in administrative and civil proceedings. For a free consultation, call Mr. Liles at (800) 475-1906.

[1] 42 C.F.R. § 483.75(i).

Providers Have a New Timeframe to Respond to ADRs

April 7, 2015 by  
Filed under UPIC Audits

healthcare-questions(4/7/15)  On February 4, 2015, the Centers for Medicare and Medicaid Services (CMS) issued Transmittal 567, Change Request 8563, which tightened the timeline for Medicare providers and suppliers to respond to Medicare Administrative Contractor (MAC) and Zone Program Integrity Contactor (ZPIC) requests for Additional Documentation Requests (ADRs). Providers and suppliers are now limited to a 45 calendar day timeframe to produce the additional requested documentation. Moreover, they should no longer expect that a request for an extension of time will be granted.

CMS review contractors – such as MACs and ZPICs – may not have enough information to make a determination on a claim under review. In these circumstances, the CMS contractors have the right to request additional documentation from the provider or supplier through an ADR.[1] Unless providers and suppliers furnish the additional requested documentation, no payments may be made for claims under review.

Moreover, when requesting documentation for prepayment review, the MAC and ZPIC must notify providers that the requested documentation is to be submitted within 45 calendar days of the request.[2] Importantly, extensions will not be granted to providers who need more time to comply with the request. Claim reviewers will also deny claims for which the requested documentation was not received by the 46th day.

Medicare providers and suppliers should take efforts now to ensure that their billing staff and compliance personnel are aware of these important timing changes. If you have any questions regarding an ADR issued by a MAC or ZPIC, please feel free to give us a call today. We would be more than happy to assist you in these as well as other compliance-related matters.

IMG_1891Robert Saltaformaggio, Esq. is a health law attorney with the boutique firm, Liles Parker, Attorneys & Counselors at Law.  Liles Parker has offices in Washington DC, Houston TX, McAllen TX and Baton Rouge LA.  Our attorneys represent health care professionals around the country in connection with government audits of Medicaid and Medicare claims, licensure matters and transactional projects.  Need assistance?  For a free consultation, please call: 1 (800) 475-1906.

[1] Social Security Act, Section 1833(e)

[2] Pub 100-08, Medicare Program Integrity Manual Chapter 3, Verifying Potential Errors and Taking

Corrective Actions, Section

Prepayment Review and the ADRs

March 13, 2015 by  
Filed under Featured, Medicare Audits

paper-medical-recordsZone Program Integrity Contractors (ZPICs) and Medicare Administrative Contractors (MACs) have continued to focus on prepayment review. Unlike with post-payment audits, there is very little a provider placed on prepayment review can do to identify and remedy noted deficiencies. Prepayment audits have grave consequences for healthcare providers, as we’ve written previously . Often times, the result of a prepayment audit is that a provider will be placed on prepayment review for up to a year with little or no notice and no concrete way of getting out of the review.

Notice of Prepayment Review

A peril of prepayment review is that MACs and ZPICs do not typically inform providers before they are placed on prepayment audit.  In rare cases, we have seen providers get a letter from the MAC, which informs the provider they are on prepayment review and that they should anticipate Additional Documentation Requests (ADR) soon.  Most of the time, a provider finds out it has been placed on prepayment review only after receiving the ADR. A provider may be subject to an unannounced visit from the MAC or ZPIC, who will be looking for additional documentation.  This lack of notice often takes providers by surprise.  Unfortunately, sometimes the mere allegation of fraud leads to prepayment review, which sometimes harms innocent providers. Last year in New Mexico, fifteen behavioral health care providers were put on prepayment review based on “credible allegations of fraud.”  Below is an interactive presentation outlining the ADR process (note: the outline focuses on CGS ADRs, but the information is useful for all other MACs)

Cost of Prepayment Review

Prepayment review is expensive for providers because claim determinations are made after the provider has already performed services, but before any claim payment is made.  Once an Additional Documentation Request (ADR) is received for a particular claim, providers are tasked with compiling information and justifying that specific treatment date.  CMS requires all pertinent records on that specific patient, not just the date under review, to not only justify the claim as billed, but also demonstrate medical necessity in general. Once receiving the ADR documentation, the MAC has 30 days to review the materials and make a decision on the status of the claim (60 days if the ADR is for third party Liability).[1]  Only once the claim has been reviewed will the provider receive an Explanation of Benefits (EOB) from its ZPIC or MAC.   As explained in detail in the above presentation, the claim is either allowed, partially allowed, denied, or marked as having illegible/absent signatures.  The previously referenced New Mexico Behavioral Health providers had their Medicaid reimbursements suspended during prepayment review and could not afford to pay their staff, rent, or other bills. They tried suing the state, seeking an injunction that would restore funding. The providers argued that they had been denied due process by not being told what the precise charges were against them, and that at the end of the day those suffering the most were their patients. They were denied the injunction

The Prepayment Review Solution

Upon receiving notice of prepayment review, providers often scramble for a solution, but there is no escaping the tedious process required to be released from prepayment review.  Once every ADR is received and responded to, it is incumbent on the provider to seize this opportunity to improve their business.  Prepayment reviews and ADRs are not randomly assigned, there are complex formulas and red flags that determine whether a provider is at risk for being placed under review.  We recommend an on-site gap analysis performed by experts, a thorough review of the entire practice, and a complete compliance plan tailored to your practice’s exact requirements.  While performing these tasks after receiving ADRs can go a long way to prevent further action, taking these crucial steps before an audit greatly improves your chances of quickly escaping prepayment review.  Call us toll-free at 1-800-475-1906 to discuss any aspects of prepayment review and MAC/ZPIC


Robert LilesRobert W. Liles, Esq., serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law.  Liles Parker attorneys represent health care providers around the country in connection with both regulatory and transactional legal projects. For a free consultation, call Robert at (800) 475-1906.



[1] http://www.cms.gov/Regulations-and-Guidance/Guidance/Manuals/downloads/pim83c03.pdf

ZPICs in Virginia, North Carolina and Elsewhere Around the Country are Increasing Their Use of Unannounced Site Visits. Are Your Medical Necessity, Coding and Billing Practices Compliant with Applicable Legal and Regulatory Requirements?

July 17, 2013 by  
Filed under Medicare Audits

tiny-target-crosshair(July 17, 2013):  Over the last few months, Zone Program Integrity Contractors (ZPICs) in the Eastern United States and throughout the South have steadily increased their use of “Unannounced Site Visits” (also sometimes referred to as “Unannounced Audits” in furtherance of their benefit integrity obligations as a contractor to the Centers for Medicare and Medicaid Services (CMS). 

I.          Background:

The size of the Medicare program is truly staggering – it has been estimated nearly one in three Americans was covered by either the Medicare or Medicaid programs.  According to CMS, the Medicare:

Medicare provides health insurance for more than 44.6 million elderly and disabled Americans.  Medicaid, a joint federal-state program, provides health coverage for some 50 million low-income persons, including 24 million children, and nursing home coverage for low-income elderly.[1]             

In addition to the Medicare and Medicaid programs, CMS is also responsible for administering the Children’s Health Insurance Program (CHIP).  Under CHIP, CMS began working with states around the country to provide health insurance coverage for needy, uninsured children in 1997.  Like Medicaid, the CHIP program is paid for by both federal and state funding and is managed by each state.  The program was reauthorized with the enactment and signing of the Children’s Health Insurance Program Reauthorization Act of 2009 (CHIPRA).[2]  CHIPRA appropriated funds to pay for care provided under CHIP through fiscal year (FY) 2013.  Over 5 million uninsured children are currently covered under the program. Together, CMS-administered health insurance programs cover over 90 million Americans.  Approximately 4.5 million Medicare claims alone are processed each day.[3]

II.         Despite the Extraordinary Size and Scope of these Entitlement Programs, CMS Manages to Operate these Programs with Less than 5,000 Employees.

Despite the extraordinary size and scope of CMS’ responsibilities, the agency employs less than 5,000 employeesTo accomplish these program obligations, CMS has contracted with various private entities to process and pay claims.  Additionally, these contractors serve as CMS’ representatives, interacting with health care providers regarding coverage questions and program participation issues.  CMS also relies on medical review and benefit integrity contractors (such as ZPICs and Recovery Audit Contractors (RACs)) to conduct medical reviews, site visits, and post-payment/pre-payment audits of Medicare claims.

III.        Current Assignment of ZPICs Around the Country:


ZPICs represent merely one of the nearly dozen various medical review / benefit contractors and governmental entities tasked with reviewing and auditing claims submitted to the Medicare program.  Seven ZPIC zones have been established and the following contractors have been awarded contracts by CMS to perform these duties around the country.  These seven zones cover the following states and / or territories:

  • Zone 1 – SafeGuard Services: CA, NV, American Samoa, Guam, HI and the Mariana Islands.
  • Zone 2 – Advancement (Health Integrity is reportedly serving as a subcontractor for Zone 2 at this time): AK, WA, OR, MT, ID, WY, UT, AZ, ND, SD, NE, KS, IA, MO.
  • Zone 3 – Cahaba SafeGuard: MN, WI, IL, IN, MI, OH and KY.
  • Zone 4 – Health Integrity: CO, NM, OK, TX.
  • Zone 5 – Advancement: AL, AR, GA, LA, MS, NC, SC, TN, VA and WV.
  • Zone 6 – SafeGuard Services: PA, NY, MD, DC, DE and ME, MA, NJ, CT, RI, NH and VT.
  • Zone 7 – SafeGuard Services: FL, PR and VI.

A map depicting these assignments is set out below:

ZPIC MAP 2 labeled












IV.        ZPIC Responsibilities:


ZPICs have traditionally asserted that, unlike their RAC counterparts, they are not “bounty hunters.”  ZPICs are not paid contingency fees like RACs but instead are directly compensated by CMS on a contractual basis.  Notably, ZPIC actions are not merely limited to post-payment overpayment audits.  In fact, their approach to reviews and audits has significantly changed over the last few years.  Rather than focus on post-payment audits, where CMS has already paid a health care provider for services rendered, ZPICs are now conducting reviews designed to identify wrong-doers and/or improper payments before monies have been paid to a provider out of the Medicare Trust Fund.

An overview of the current ZPIC review and audits activities we are seeing include, but are not limited to:

  • ZPIC representatives around the country (especially those in Zone 4, Zone 5 and Zone 6) appear to have increased their use of unannounced site visits of physician practices, clinics, home health agencies and Durable Medical Equipment (DME) suppliers)
  • ZPICs are expanding their use of pre-payment reviews to identify improper payment patterns and practices by physicians.  Understandably, the days of “Pay and Chase” are over – CMS has directed contractors to identify possible overpayment before they are ever paid in the first place. 
  • ZPICs are actively referring certain cases to State Medical Boards.
  • ZPICs are referring possible civil and criminal enforcement cases to law enforcement for investigation and possible prosecution.
  • ZPICs are recommending suspension and revocation actions to CMS.
  • Last but not least, it is important to keep in mind that even though ZPIC utilization of alternative review options (such as prepayment review), appear to be increasing, post-payment audits are, in fact, still taking place. When post-payment audits occur, ZPICs typically start by conducting either a post-payment probe audit or a more expansive post-payment audit of a “representative sample” of a health care provider’s claims previously paid by Medicare. After conducting a post-payment review of this representative sample, a ZPIC will then extrapolate the amount of alleged overpayments to the universe of claims previously identified by the contractor.


IV.        ZPIC Unannounced Site Visits / ZPIC Unannounced Audits:

Focusing on the “Unannounced Site Visit” / “Unannounced Audit” activities currently being performed by ZPICs in Zone 4, Zone 5 and Zone 5, it has been our observation that in most cases, a visit is conducted as a result of one of the two following activities:

(1)  Date Mining — A health care provider’s claim utilization practices have been identified as different from those of other professionals working in this specialty area.  As you will recall, the Medicare program has been in operation since 1965.  Since that time, the government has accumulated an impressive amount of data reflecting the use of certain medical services by health care providers of all types.  With this information, CMS (and its ZPIC contractors) can “slice and dice the data innumerable different ways in an effort to identify any “outliers.” At outlier is merely a health care provider whose coding and billing practices are different than those of other similarly-situated providers.

Despite aspersions to the contrary, an outlier is not necessarily someone engaged in improper or fraudulent conduct.  Rather, based solely on the information known at this stage of the process, an outlier is merely someone whose practices are out of the ordinary.  For example, the frequency of a health care provider’s Evaluation and Management (E/M) code may be higher or lower, than what one might expect to see when conducting an audit.  Importantly, there may be countless reasons why a health care provider’s utilization practices are irregular.  If, in fact, you determine that your coding and billings are different than those of your peers, you need to affirmatively review your practices and identity any possible reason(s) for these differences. As you conduct your internal review, it is important to keep in mind that one possibility is that you are, in fact, engaging in improper billing practices.  Should you find that you have improperly submitted one or more claims to Medicare for payment, you  must immediately report and return any overpayment identified.

(2)  Complaints — A second reason commonly identified as a catalyst for generating an unannounced audit / unannounced claims review is that a “Complaint” has been lodged against your organization.  Importantly, complaints can be lodged several ways:

  • Former Disgruntled Employee.
  • Current Employee.
  • Unhappy Patient.
  • A Competing Health Care Provider Organization. 
  • The Filing of a Whistleblower or Qui Tam Action.

Regardless of the underlying reason for an unannounced site visit, it can be quite unsettling when several auditors and investigators of the ZPIC assigned to your state shows up at your office and announces that it is conducting an audit.

How should you respond when an unannounced site visit occurs?  As we have previously discussed in our article examining recent holdings on an individual’s 5th Amendment Rights, there is an uneasy balance of one’s obligation to cooperate as a Medicare participating provider and one’s right to remain silent.  As we detail in our July 3rd article:

“At the outset, we readily recognize that these are very complex issues.  Ultimately, the best course of action is to implement and adhere to an effective Compliance Plan, thereby greatly reducing your likelihood of both an audit and of an error.  Nevertheless, despite your best efforts to do the right thing for the right reasons, your practice, clinic, home health agency, hospice or other health care organization may still be visited by an HHS-OIG agent or other Federal auditor who has questions.  In such an event, as a Medicare participating provider, you have an obligation to cooperate.  You should not lie, should not exaggerate and should not be evasive.  If you feel uncomfortable with the questions being presented, ask to speak with your attorney prior to responding.  Continue to cooperate and provide access to any requested medical records (after the auditor’s identity has been established, of course).  As previously discussed, choosing to remain silent during non-custodial questioning can expose you to a variety of administrative sanctions and could ultimately be used against you if a criminal case is later pursued.”  (emphasis added).

V.         Post-Visit Administrative Enforcement Actions:

It is quite common for a ZPIC to request two separate silos or categories of information when conducting an unannounced site visit.  These two categories of information include:

(1)   Coding and Billing Information – When they arrive, a representative of the ZPIC will often personally deliver a written request for medical records related to specific dates of service. ZPICs will sometimes even bring a scanner with them.  They will then take a scan of a portion of the records requested and will often ask that you forward the supporting documentation covering the remaining claims within 15 to 30 days. It is imperative that you request an extension of time if is needed to comply with the ZPIC’s request. The failure to submit this information within the time period requested could result in the denial of these claims.

(2)  Business Relationships and Practices —   In addition to the Medicare claims information requested, it is now quite common for a ZPIC to also ask for business arrangement related information.  This information often includes a request for any leases, Medicare Director agreements, and the identities / contact information for former employees.  Essentially, ZPICs are seeking to determine the following basic information:

  • Is there any indication that a health care provider is receiving or paying anything of value in exchange for the referral of Medicare-covered services?
  • Where do you get your referrals from?
  • Where do you send referrals?

After collectively assembling all of the above information, a ZPIC will determine whether any deficiencies noted should be referred to law enforcement (as a possible violation of the civil False Claims Act, the Anti-Kickback Statute, Stark or another health care statute) or whether an action should be pursued merely as an alleged overpayment at this point in the process.

VI.        Avoiding a ZPIC Audit in the First Place:

Depending on the facts in your case, a ZPIC audit may be inevitable.  For instance, if you are an Internal Medicine physician and you are the only one providing pain management services for the Medicare beneficiaries in three counties, there is a high likelihood that your utilization ratios will be higher than those of your peers (on a national basis).  As such, your practice is likely to be identified as an outlier and your coding and billing practices will be audited.  

All health care providers, regardless of whether or not their billing practices are those of an outlier, has an obligation to ensure that their medical necessity, coverage, documentation, coding and billing practices fully meet all applicable CMS regulations and CMS contractor guidance requirements.  Several of the questions you should consider in this regard include:

  • Are the care and treatment services “Medically Necessary”?
  • Do the services at issue meet the applicable “Coverage” requirements set out by the responsible payor?
  • Even though the care and treatment services may meet all other requirements for coverage and payment, are the services still otherwise “tainted” by the violation of a statutory or regulatory requirement?
  • Are the care and treatment services at issue fully and properly documented, consistent with all applicable CMS regulations and / or contractor guidance requirements?
  • Do the provider’s coding practices meet applicable statutory and regulatory requirements?
  • Do the provider’s billing activities meet applicable statutory and regulatory requirements?
  • Do the provider’s actions meet ethical and professional conduct standards required by the State Medical Board?

These steps constitute part, but not all, of the “gap analysis” process.  Providers examining these issues on an ongoing basis will be much less likely to inadvertently make coding / billing mistakes or fail to fully document the services they are providing.

Ultimately, the only way to try and avoid trouble is to develop, implement and adhere to the requirements set out in an effective Compliance Plan.  ZPICs, RACs and other CMS-contracted audited are doing their best to meet their contractual obligations to the government.  As a participating provider in the Medicare program, you also have a complex of obligations which must be met.

Robert W. Liles is Managing Partner at Liles Parker, a boutique health law practice representing health care providers around the country.  Should you have questions regarding the ZPIC audit or review process, please feel free to call us.  For a free consultation, call Robert at: (202) 298-8750.

[1] U.S. Department of Health and Human Services, available at

http://www.hhs.gov/about/whatwedo.html (last accessed July 17, 2013).

[2] Children’s Health Insurance Program Reauthorization Act of 2009, Pub. L. No. 111-3 (2009).

[3] Government Accountability Office, Medicare Recovery Audit Contracting: Lessons Learned to Address Improper Payments and Improve Contractor Coordination and Oversight, Report No. GAO-10-864T, available at http://www.gao.gov/new.items/d10864t.pdf (July 15, 2010) (last accessed February 2013).

Next Page »

ZPIC Audit Menu