UPIC / ZPIC Referrals of MDs and NPs to State Boards!

(June 9, 2017):  You aren’t paranoid, your utilization, coding and billing practices are, in fact, being watched.   The Centers for Medicare and Medicaid Services (CMS) currently transitioning over to using a Unified Program Integrity Contractor (UPIC) in your jurisdiction to serve as program integrity contractors.  During this transition period, you may also be audited by the outgoing Zone Program Integrity Contractor (ZPIC) responsible for auditing your part of the country.  Although you may have never been audited, been contacted by, or even heard of a UPIC or a ZPIC, that doesn’t mean that they aren’t monitoring your business practices on an ongoing basis.  In fact, as Section 2.6.4 of the “Uniform Statement of Work” (SOW) published by CMS states that contractors serving as a UPIC:

” . . . will integrate the program integrity functions for audits and investigations across Medicare and Medicaid, and ensure that CMS’s national priorities for both Medicare and Medicaid are executed and supported locally.”

Similarly, ZPICs are required to engage in comprehensive data analysis activities as part of their contractual obligations with the government.  As Section 1.3.1 of the most recent ZPIC Statement of Work requires:

“The ZPIC shall review and analyze a variety of data in order to focus its program integrity efforts by identifying vulnerabilities and/or specific providers for review and investigation within its zone, referral of potential fraud, waste and abuse cases to law enforcement, and pursuance of administrative actions. Further, the ZPIC shall be proactive and aggressive in pursuing many different sources and techniques for analyzing data in order to reduce any of its risks within this [Statement of Work].”

As the ZPIC Statement of Work further notes in Section 4.2:

The ZPIC shall provide a variety of data analysis, statistical analysis, and trending activities to enhance the detection and prevention of Medicare and Medicaid potential fraud, waste and abuse in the participating state(s). The ZPIC shall use appropriate CMS Medicare data, as well as data from other sources such as Medicaid data, to reach this end. 

Successful accomplishment shall require a significant amount of cooperation with the participating state(s), law enforcement, and other task orders within the ZPIC zone. It may also require significant cooperation with other ZPICs

ZPICs have used sophisticated data mining techniques to identify physicians and other health care providers whose utilization, coding and / or billing behavior is different from that of the provider’s peers.  Once an outlier is identified, the ZPIC has a number of actions it can take.   For instance, in recent months, we have seen a noticeable increase in the number of referrals that have been made by a ZPIC to a particular provider’s state licensure board.  In this article, we examine these referral actions in more detail.

I.   UPIC / ZPIC Targets in 2017:

The government’s efforts to consolidate their Medicare and Medicaid program integrity efforts under a single contract are well underway.  As a result, some health care providers are already receiving requests for records and / or notice of an audit from a Unified Program Integrity Contractor (UPIC) rather than from their former ZPIC. In large part, this is a distinction without a difference since the CMS contractor awarded the UPIC contract most likely previously served as ZPIC for the same jurisdiction.   Once fully implemented, the UPIC program will combine integrate the Medicare and Medicaid program integrity functions that have previously been performed by ZPICs, Program Safeguard Contractors (PSCs) and Medicaid Integrity Contractors (MICs).  Importantly, the Chapter 4 of the Medicare Program Integrity Manual expressly notes that the program integrity duties and responsibilities currently outlined in the chapter as applicable to ZPICs also fully apply to UPICs.  In any event, many providers are continuing to receive requests for records and notice of an audit from ZPICs rather than the UPIC covering their jurisdiction.  Provider types primarily targeted in 2017 have included:

• Home health agencies.
• Hospice organizations.
• Physician practices.
• Pain management practices and pain management physicians.
• Nurse practitioners.
• Chiropractic practices.
• Multidisciplinary practices owned by a chiropractor.
• Independent clinical laboratories.
• Physical therapy / occupational therapy / speech therapy services.
• Independent diagnostic testing facilities.
• Ambulance service providers.

Is your organizational type listed above?  If not, that still doesn’t mean that you won’t be audited by a ZPIC, or possibly even a UPIC.  If your organization is engaging in utilization, coding or billing practices that appear to be out-of-sync with those of its peers, there is a good chance that you will soon be audited by the a ZPIC, UPIC or a specialty program integrity working for CMS.

II.   UPIC / ZPIC Referrals to State Licensure Boards and Professional Societies:

The UPIC / ZPIC responsible for conducting Medicare program integrity activities in your ZPICs part of the country is constantly on the lookout for aberrant provider practices.  For instance, in a case our law firm handled, a ZPIC program integrity contractor conducted an audit of Evaluation & Management (E/M) claims billed by a Nurse Practitioner.  In this particular case, the ZPIC auditor concluded that the provider lacked the requisite level of physician supervision to conduct the E/M services at issue.  To be clear, this case did not involve the billing of “incident to” claims.  Rather, it hinged on the fact that some states prohibit a Nurse Practitioner from independently diagnosing and treating a patient unless a requisite level of physician oversight or supervision is in place.  In this particular case, the ZPIC auditor alleged that there was no evidence that the required level of physician supervision had been met.  As a result, the ZPIC denied the audited claims and alleged that the provider had submitted non-payable claims to the Medicare program for payment.  Notably, the ZPIC didn’t stop there – it also filed a complaint against the Nurse Practitioner with the state Board of Nursing, alleging that the nurse’s actions were a violation of the state Nurse Practice Act.  Unfortunately, UPIC / ZPIC referrals to state licensing boards appear to growing each year.

III.   What is the Regulatory Basis for a UPIC / ZPIC to Make a Referral to a State Licensure Board?

As set out in Chapter 4 of the Medicare Program Integrity Manual, ZPICs are required to make a referral to a provider’s state licensure board if it finds that the provider “engaged in unethical or improper practices.”  As Section 4.18.2 of the MPIM provides:

The ZPIC shall refer instances of apparent unethical or improper practices or unprofessional conduct to state licensing authorities, medical boards, the QIO, or professional societies for review and possible disciplinary action. . . (emphasis added).

While the mandates set out in a specific state’s Nurse Practice Act, Medical Practice Act, or other licensed professional’s Practice Act may vary, one thing is for certain – virtually every State Practice Act includes broad provisions which ban conduct that is considered to be unprofessional or unethical.  These provisions are typically so general that a ZPIC could easily conclude that a referral is required in wide variety of situations.  These include, but are not limited to:

• Physician: Failure to exercise proper level of supervision over a Nurse Practitioner, Physician Assistant and / or any other member of his staff.
• Physician: Failure to properly document the services provided.
• Physician: Providing services that are medically unnecessary.
• Physician: Billing for services that were not provided.
• Nurse Practitioner: Performing certain patient care services without the requisite level of physician supervision in place.
• Nurse Practitioner: Inappropriately prescribing controlled substances to one or more patients.
• Nurse Practitioner: Failure to order a urine drug screen before prescribing controlled substances in a case where the patient has exhibited non-compliant behavior.

As the regulatory language further reflects in Section 4.18.2 further requires, if the ZPIC concludes that a licensee has engaged in unethical or improper conduct, the contractor is also supposed to make a referral to professional societies to which a licensed health care provider belongs.

Prior to making a referral to the state licensing board, it is worth noting that the ZPIC is required to confer with the appropriate Medicare Administrative Contractor (MAC) so that duplicate referrals are not by both contractors.  As this portion of Section 4.18.2 states:

The ZPIC’s and the MAC’s MR staffs shall confer before such referrals, to avoid duplicate referrals. The ZPIC shall gather available information and leave any further investigation, review, and disciplinary action to the appropriate professional society or State board. Consultation and agreement between the ZPIC’s and the MAC’s MR staffs shall precede any referral to these agencies.

While not stated in Section 4.18.2, these coordinative efforts may also lead to a provider being placed on prepayment review and / or subjected to a number of other administrative sanctions.

IV.   And the “Hits” Just Keep on Coming – Additional Referrals Made by a UPIC / ZPIC:

Chapter 4, Section 4.18.3 of the MPIM requires that ZPICs also make a referral to the Medicare Quality Improvement Organization (QIO) if a situation involving potential patient harm is identified.  As the regulations state, in part:

If potential patient harm is discovered during the course of screening a lead or through the investigation process, the ZPIC shall refer those instances to the QIO, state medical board, or state licensing agency. In addition to making the appropriate referrals, the ZPIC shall notify the COR and IAG BFL within two (2) business days once the potential patient harm issue is discovered.

If the ZPIC refers a provider to the State licensing agency or medical society (i.e., those referrals that need immediate response from the State licensing agency), the ZPIC shall also send a copy of the referral to the QIO.

As program integrity contractors, ZPICs have been granted access to the government’s Fraud Investigative Database (FID).  They are required to enter and update Medicare fraud, waste and abuse investigations that they have initiated into the database.  ZPICs are also required to input updates on cases, payment suspensions and requests for information that they have performed at the request of law enforcement or CMS.  Health care providers need to keep in mind that a wide range of federal and state law enforcement agencies maintain access to the ID.  As discussion in Chapter 4, Section 4.11.1 of the MPIM, these include, but are not limited to:

• All ZPICs.
• National Benefit Integrity Medicare Drug Integrity Contractor (NBIMEDIC).
• MAC provider enrollment units.
• CMS.
• FBI.
• DOJ.
• HHS/OIG.
• Medicaid Program Integrity Directors, State Utilization Review (SUR) officials, and Provider Enrollment units.
• Medicaid Fraud Control Units (MFCUs).
• Other federal and state partners seeking to address program integrity concerns in judicial or state health care programs.

As further described in Chapter 4, Section 4.11.1.1 of the MPIM, not all ZPIC audit findings are reported on the FID.  Cases that are not captured by ZPICs on the FID include:

• Individual complaints (statements alleging improper entitlement);
• Simple overpayment recoveries (not involving potential fraud), complaints that are returned to the AC or MAC second-level screening staff (or PSC or ZPIC, if applicable); and
• Medical review abuses.

V.   UPIC / ZPIC Referrals to State Licensure Boards Based Solely on Data Mining are Increasing:

UPIC / ZPIC referrals to state licensure boards are not limited to only situations where a claim-by claim audit has been conducted.  We are currently seeing referrals based solely on conclusions reached through data mining, where no actual audit of the provider’s medical records has yet been conducted.  Examples of these situations include:

• Nurse Practitioner: The provider’s prescription practices with respect to controlled practices are seen as excessive when compared to those of the Nurse Practitioner’s peers.
• Physician: Based on the level of E/M services billed, the ZPIC believes that the physician is treating more patients than can be seen in a typical workday.

VI.   Protecting Your License. 

A wide range of physicians, nurse practitioners and other licensed health care providers participating in the Medicare program are subject to audit by a UPIC or a ZPIC.  It is therefore imperative that you take steps NOW to better ensure that your medical necessity, documentation, billing and coding practices fully comply with state and federal statutory and regulatory requirements.  The development and implementation of an effective Compliance Program is an essential first step if you want to reduce your level of regulatory and licensure risk.  To the extent that you already have a Compliance Program in place, you need to periodically conduct internal auditing and monitoring activities to better ensure your continued adherence with applicable rules and regulations.

As described, a ZPIC may make a referral to your state licensing board based solely on their analysis of a provider’s utilization, coding and billing practices, even though the UPIC / ZPIC has never contacted you or reviewed a single medical record.  Nevertheless, most UPIC / ZPIC referral cases are, in fact, precluded by a UPIC / ZPIC audit of your medical records.  In such cases, there is a high likelihood that your practice will soon be faced with an administrative overpayment and that you may be required to respond to a complaint the UPIC / ZPIC has filed with your state licensure board.

We recommend that you immediately contact qualified health care legal counsel at the first sign that a UPIC / ZPIC audit or review may be underway.  There are steps you can take early in the process that can help you avoid both a sizeable overpayment finding and a possible referral to the state licensure board.  Should you fail to affirmatively respond to a UPIC / ZPIC audit until an overpayment determination has been made, your chances of prevailing in the administrative appeals process may be significantly diminished.  Please feel free to give me a call if you have received a ZPIC request for records or have been assessed an alleged overpayment by a UPIC or ZPIC.

Robert W. Liles, J.D., M.B.A., M.S., serves as Managing Partner at Liles Parker, Attorneys and Counselors at Law.  He has extensive experience representing health care providers in UPIC / ZPIC audits and in the Medicare appeals process.  He also regularly represents a wide range of health care providers in connection with complaints filed with state licensing boards.  For a complimentary consultation, please give Robert a call.  He can be reached at:  1 (800) 475-1906.

ZPIC Audit: Will Your Case be Referred to DOJ or HHS-OIG for Fraud?

(March 10, 2016): Has your practice, home health or hospice received an audit letter from a Zone Program Integrity Contractor (ZPIC)?  If so, one of the first questions you are likely to ask is how did this ZPIC audit get started? Why is our practice being targeted in a ZPIC audit? As a review of the administrative enforcement landscape will show, there are a myriad of tools at the disposal of the government (and its contractors) to identify and target a health care physician provider or supplier for ZPIC audit or investigation. In this article, we will provide an overview of the primary targeting tools utilized by the government and its various Medicare contractors.

I. Primary Source of Information Used to Target a Medicare ZPIC Audit.

As Chapter 2, Sec. 2.4.C of the Medicare Program Integrity Manual (MPIM) reflects:

“Claims data is the primary source of information used to identify and target fraudulent, wasteful or abusive activities.”

ZPICs around the country have been given ready access to a wide variety of claims coding, billing and utilization databases and are expected to perform complex data analysis with this data in an effort to ferret out health care providers and suppliers whose billing history appears to suggest that improper coding and / or billing practices may be taking place. Frankly, that’s the problem with ZPIC targeting methods. If a health care provider’s claims utilization and billing practices are outside of the norm (making the provider an “outlier”), that provider is likely to be audited or investigated by a ZPIC or another contractor working for the Centers for Medicare and Medicaid Services (CMS).

II. Secondary Sources of Data Used by ZPICs to Identify and Target Fraud and Abuse.

As set out in the MPIM, Sec. 2.4.D, CMS has directed ZPICs to consider the following additional sources of data when determining whether further analysis against a health care provider or a specified set of claims is needed. These additional sources of data include, but are not limited to:

• OIG and Government Accountability Office (GAO) reports;
• Fraud Alerts;
• Beneficiary, physician and provider complaints;
• Appeals data from QICs, including appeals overturn rate for a particular type of claim;
• Referrals from the QIO, other contractors, CMS components, Medicaid fraud control units, Office of the U.S. Attorney, or other federal programs;
• Suggestions provided directly or implicit in various reports and other materials produced in the course of evaluation and audit activities, (e.g., contractor evaluations, State assessment, CMS-directed studies, contractor or State audits of providers);
• Referrals from medical licensing boards;
• Referrals from the CAC;
• Peer Review Reports such as the First look Analysis Tool for Hospital Outlier Monitoring (FATHOM) and Program to Evaluate Payment Patterns Electronic Report (PEPPER), and Comparative Billing Reports;
• Information on new technologies and new or clarified benefits;
• Provider cost reports;
• Provider Statistical and Reimbursement (PS&R) System data;
• Enrollment data;
• Overpayment data;
• Pricing, data analysis, and coding (PDAC) data;
• Referrals from other internal and/or external sources (e.g., MAC audit staff, audit staff or, MAC quality assurance (QA) staff);
• Medicare Learning Network–which includes MedLearn Matters articles and Quarterly Provider Compliance Newsletters;
• IBM Cognos support for the Part D and Drug Data Processing System (DDPS) using the Teradata data repository;
• CMS prepared data, such as a listing of distinct providers or suppliers and/or bills that require medical review; and
• CMS Chronic Conditions Data Warehouse (CCW).

III. When Facing a ZPIC Audit, the “Fix” is In – Guilty Until Proven Innocent.

Rather than reviewing a provider’s claims with no preconceptions in place, we believe that once a provider is identified as an outlier, there is a presumption on the part of ZPIC auditors and claims reviewers to find that the provider has engaged in improper billing activities. As the former General Counsel for one the ZPIC’s once stated:

“All of the claims audits we conduct are in connection with either a fraud case or a POTENTIAL fraud case.” (paraphrased).

Frankly, this statement says it all. ZPICs view themselves as an extension of law enforcement, despite the fact that they a merely a federal contractor working under the direction of CMS. This can place health care providers in a no-win situation. On the one hand, as a participating provider in the Medicare program, a health care provider has an obligation to cooperate with a ZPIC conducting a claims audit. Unfortunately, ZPIC investigators often request to interview physicians and other clinical staff. Since the ZPIC investigator is not technically a law enforcement official, witnesses are not advised of their rights against self-incrimination and may inadvertently make one or more statements that are not in their interests. This is especially important when you consider the fact that one of the factors currently being used as an evaluation metric when assessing the performance of ZPICs by CMS is whether the contractor has been making suspected fraud referrals to the Department of Health and Human Services, Office of Inspector General (HHS-OIG) and / or the U.S. Department of Justice (DOJ) for law enforcement review and prosecution. In fact, as HHS-OIG’s 2016 Work Plan states:

We will review the level of benefit integrity activity performed by Medicare benefit integrity contractors in CYs 2012 and 2013. This review will highlight trends in integrity activities and allow for a quick comparison of program results across years, across contractors, and across the parts of the Medicare program. CMS contracts with entities to carry out benefit integrity activities to safeguard Medicare against fraud, waste, and abuse. Activities that these contractors perform include analyzing data to identify aberrant billing patterns, conducting fraud investigations, responding to requests for information from law enforcement, and referring suspected cases of fraud to law enforcement for prosecution. (Emphasis added)

Regardless of whether the ZPIC investigator seeks to conduct interviews of your staff in an audit, after reviewing your medical documentation, the ZPIC may decide that its findings warrant referring the case to HHS-OIG or to DOJ for civil and / or criminal review and enforcement. In most cases, the ZPIC will likely find conclude that although an overpayment has been identified, the provider’s conduct does not warrant referring the case outside of the administrative appeals process. The ZPIC will then choose to treat the improper billing practices identified as an overpayment rather than as fraud.

IV. Responding to a ZPIC Audit.

In responding to a ZPIC audit, it is important to remember that although they may not technically be “bounty hunters,” it is to their benefit to find that an overpayment has occurred. These overpayments are often based on overlapping technical (such as an incorrect place of service code) and substantive (such as lack of medical necessity) reasons for denial.

Immediately upon learning of a ZPIC audit, regardless of whether the audit is a probe sample or appears to be an expanded sample of claims, we recommend that you contact legal counsel experienced in handling ZPIC audits and investigations. There are preemptive steps you may be able to take that can reduce the likelihood of a large overpayment. Addressing problematic claims on the front end may even held you avoid a situation where a ZPIC seeks to place your practice on prepayment review or recommend to CMS that you be suspended from the Medicare program. It may also stop the ZPIC from making a fraud referral to HHS-OIG or DOJ for review, assessment and possible prosecution.

Robert W. Liles, M.B.A., M.S., J.D., serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law. Liles Parker is a boutique health law firm, with offices in Washington DC, Houston TX, San Antonio TX, McAllen TX and Baton Rouge LA. Robert represents health care providers and suppliers around the country in connection with Medicare audits by ZPICs, SMERCs, RACs and other CMS-engaged specialty contractors. Our firm also represents health care providers in HIPAA Omnibus Rule risk assessments, privacy breach matters, State Medical Board inquiries and regulatory compliance reviews. For a free consultation, call Robert at: 1 (800) 475-1906.

Providers Have a New Timeframe to Respond to ADRs

(4/7/15)  On February 4, 2015, the Centers for Medicare and Medicaid Services (CMS) issued Transmittal 567, Change Request 8563, which tightened the timeline for Medicare providers and suppliers to respond to Medicare Administrative Contractor (MAC) and Zone Program Integrity Contactor (ZPIC) requests for Additional Documentation Requests (ADRs). Providers and suppliers are now limited to a 45 calendar day timeframe to produce the additional requested documentation. Moreover, they should no longer expect that a request for an extension of time will be granted.

CMS review contractors – such as MACs and ZPICs – may not have enough information to make a determination on a claim under review. In these circumstances, the CMS contractors have the right to request additional documentation from the provider or supplier through an ADR.[1] Unless providers and suppliers furnish the additional requested documentation, no payments may be made for claims under review.

Moreover, when requesting documentation for prepayment review, the MAC and ZPIC must notify providers that the requested documentation is to be submitted within 45 calendar days of the request.[2] Importantly, extensions will not be granted to providers who need more time to comply with the request. Claim reviewers will also deny claims for which the requested documentation was not received by the 46th day.

Medicare providers and suppliers should take efforts now to ensure that their billing staff and compliance personnel are aware of these important timing changes. If you have any questions regarding an ADR issued by a MAC or ZPIC, please feel free to give us a call today. We would be more than happy to assist you in these as well as other compliance-related matters.

Robert Saltaformaggio, Esq. is a health law attorney with the boutique firm, Liles Parker, Attorneys & Counselors at Law.  Liles Parker has offices in Washington DC, Houston TX, McAllen TX and Baton Rouge LA.  Our attorneys represent health care professionals around the country in connection with government audits of Medicaid and Medicare claims, licensure matters and transactional projects.  Need assistance?  For a free consultation, please call: 1 (800) 475-1906.

[1] Social Security Act, Section 1833(e)

[2] Pub 100-08, Medicare Program Integrity Manual Chapter 3, Verifying Potential Errors and Taking

Corrective Actions, Section 3.2.3.2

ZPIC Prepayment Review

(September 15, 2012): Over the last year, Zone Program Integrity Contractors (ZPICs) have turned much of their attention to prepayment review, the process by which the Medicare contractor reviews a claim for problems before it is paid. Unlike postpayment audits, if your organization is placed on ZPIC prepayment review, there is very little you can do other try to identify the nature of deficiencies noted so that remedial action can be taken.  Being placed on prepayment review does not trigger any type of an administrative appeals process, thereby potentially making prepayment reviews incredibly damaging for a small provider or DME supplier. In addition, there is no “silver bullet” method for getting off ZPIC prepayment review quickly – it is left essentially to the discretion of the contractor. Couple this with recent rules eliminating the time restrictions for a ZPIC to keep a provider on prepayment review, and the ZPIC could theoretically maintain a prepayment review action forever.

I.     Who do We Turn To if Our Health Care Practice or Company is Placed on Prepayment Review?

Recently, we noticed that a least one provider association attempted to turn to the Small Business Administration (SBA) to heko sort out their problems with ZPICs and Medicare. While a creative option, it is not likely a solution that is going to get you very far.

The Centers for Medicare & Medicaid Services (CMS) and its contractors are not obliged to follow the direction of the SBA or many other entities, and even if they were, there is considerable support from the public and the government regarding the prepayment review process in light of the persistent Medicare fraud from which the program suffers. Instead, there are really only two options for responding to prepayment review.

First, you could file a suit for injunctive relief against CMS. For this option, you would hire an attorney to sue the government in the hopes that a federal judge would find that the ZPIC should be restrained from continuing its prepayment review. Normally, you would need to prove at least 3 things to obtain an injunction:

A cause of action against CMS;

A probable right to the relief sought (success on the merits); and

An imminent, irreparable harm.

Unfortunately, proving a cause of action against CMS or a ZPIC can be difficult, as can be proving irreparable harm (that is, something that can not be fixed with money). Just think about it – in what other industry would a consumer get to pay for something first and then find out if the product they bought it broken. But under the current Medicare system, that is exactly what is happening. The government is paying for medical services without seeing if they are legitimate until several years later. So the ZPIC prepayment review process is probably going to be upheld by a federal judge as a fair exercise of the government’s right to protect its funds. Moreover, ZPIC prepayment review does not involved the destruction of property or the loss of life (although there is possibly an access argument that could exist in certain situations), and usually unless one of these two elements is present, there is not “irreparable harm.” Instead, whatever harm actually does occur can be fixed with money. Because of these issues, it can be very hard, if not impossible, to successfully obtain injunctive relief. Add to this the costs and expenses associated with going to federal court, and this is not really a great option.

Second, we’ve developed a strategy to deal with ZPIC prepayment review based on our experience with clients who’ve gone through the process in the past. While this involves a lot of work and some great organizational skills, it is the only true way to get off of ZPIC prepayment review and stay off. Quite simply, you have to attempt to meet the ZPIC’s demands and requirements, until you’ve proven to them that you’ve cleared up any problems associated with your claims. The process can be drawn out, especially when it takes about 4 – 6 months for the ZPIC to make a decision on your first set of claims, but once you know what problems they’ve identified, you can proactively address those problems so that the ZPIC cannot rely on that issue moving forward. Eventually, the ZPIC will have nothing left to criticize, and with some well-placed calls from an attorney, will likely terminate the prepayment review. The lasting benefit of this option, of course, is that your claims should be easily defensible in any administrative, civil, or criminal action that may be brought against you. Through the course of this process, it is important to engage and retain qualified health law counsel to assist and advise you on aspects of the ZPIC prepayment review and specific coding, billing, and medical necessity issues identified.

II.     Conclusion.

ZPIC prepayment reviews are hard to address because there is no proverbial “silver bullet” to end it. And the government is turning to this effective tool more and more often, as it recognizes the fiscal benefits of preserving the Medicare trust fund. Nevertheless, it can cost honest providers tremendous time, energy, and in some cases their business. ZPIC prepayment review generally cuts off the cash flow of either 30, 70, or 100% of a provider’s Medicare claims as the ZPIC reviews those claims, and for most providers, this is too much to bear.  Nevertheless, those providers who have a lot at stake and the resources to survive for a substantial amount of time can and do make it out of ZPIC prepayment review.

Robert W. Liles counsels providers on prepayment review issues and represents clients in Medicare and Medicaid post-payment appeals. In addition, he advises clients on HIPAA compliance risks, HIPAA breach notification and implementing effective compliance plans.   Robert also performs gap analyses and internal reviews and trains healthcare professionals on compliance issues. For a free consultation, call Robert today at 1-800-475-1906.

OIG Cautions About ZPIC Conflict of Interest

From LilesParker.com

ZPICs Have Conflict of Interest

HHS-OIG recently released a report concerning the professional independence of CMS contractors. Specifically, OIG identified that several organizations serving as Zone Program Integrity Contractors (ZPICs) had conflicts of interest, whereby the ZPIC “could be in the position of evaluating work performed or associated with its own company.” For instance, one ZPIC’s parent company had a contract with a Medicare Part D plan sponsor to provide technological implementation and operations. Another ZPIC’s parent company owned Medicare Part C and D plans which were at work throughout the country. Another ZPIC applicant’s parent company was also a Medicare Part C and D plan sponsor in the zones for which the ZPIC had submitted a proposal. Thus, each ZPIC could be put in the position of having to evaluate its work or the work of its parent organization.

Nevertheless, OIG found that each one of these potential conflicts had in some way been “mitigated.” This is done through screening processes and other techniques, by which those who bid on government contracts and perform the actual auditing duties of the ZPIC are not the same as those administer the company’s (or parent company’s) other programs. We’ve previously discussed some of the Medicaid contractors for various “hot-spot” cities, such as Baton Rouge and Houston, and you might find it interesting to note that a lot of Medicaid claims processing contractors or benefit integrity contractors are companies like Xerox (ACS) and HP (the same companies that you get copiers and computers from). Many of these large conglomerates have found that securing a bid for a Medicare or Medicaid contract can be a lucrative business, but because they are so large, there are often conflicts between the various divisions.

Looking specifically at OIG’s report, the report itself does not name names. It does not identify which companies specifically had conflicts, but does instead note that two of the five ZPIC contracts currently awarded have actual conflicts of interest. This can be a scary thought: what kinds of incentives do the people reviewing my claims for payment or denial have? Could they deny my claims because I’m in a certain state or region, but pay similar claims so that their claims processing department has better numbers? Well, it’s possible – but not probable. 

Effects on ZPIC Claim Review

At the end of the day, a ZPIC is a ZPIC and a RAC is a RAC. These Medicare contractors are designed to identify problematic claims, review them with a critical eye, and deny them if they don’t meet stringent technical and medical requirements. The simple fact that the ZPIC’s parent company owns other health care operations is probably not enough to affect the judgment of individual auditors. These auditors, anyway, are already looking for a reason to deny a claim. In fact, we have been in many situations when denial of 100% of a sample was not uncommon. ZPICs often cite multiple reasons for denying a claim when they update a provider on the results of the review, usually relying on both a technical aspect (missing signature/legibility) and a medical aspect (medically unnecessary service/documentation does not support the level billed). It’s been our experience that a strong and all-encompassing approach when appealing these denials is important.

CMS Changes to ZPIC Bidding

In any regard, the OIG’s report came down hard on CMS for failing to adequately screen ZPICs and their subcontractors before awarding them contracts, noting that, “[c]urrently, CMS does not use a written policy or standard checklist to facilitate its review of Organizational Conflict of Interest Certificates. In addition, we found no documentation showing that CMS conducted a review of some offerors’ and subcontractors’ certificates. In some cases, even after CMS had requested revised certificates, required conflict and financial interest information was still missing.” In other words, CMS ignored a number of its duties in pre-screening ZPICs for possible and actual conflicts. As a result, OIG recommended that CMS develop more formal policies and procedures for reviewing conflict of interest problems and that CMS require bidders to more thoroughly note any actual or potential conflicts.

Robert Liles represents providers in Medicare post-payment audits and appeals, and similar appeals under Medicaid. In addition, Robert counsels clients on regulatory compliance issues, performs gap analyses and internal reviews, and trains healthcare professionals on various legal issues. For a free consultation, call Robert today at 1-800-475-1906.

Liles Parker Interviewed About SNF ZPIC Audits

Michael Cook and Robert Liles, partner and managing member of Liles Parker, respectively, are extensively quoted in an article published in the May 2012 issue of Provider Magazine.  Provider Magazine is the official publication of the national trade association for nursing and skilled nursing providers.  The article, entitled “Fraud Fighters Mine Data,” focuses on the fact that skilled nursing facilities (SNFs) have seen a substantial uptick in both the volume and level of aggressiveness of ZPICs in their audits of SNF providers.  The article discusses how ZPICs are utilizing data mining techniques and predictive modeling to target SNFs that they believe have a high prevalence of submitting claims for residents in the Ultra High Resource Utilization Groups (Ultra High RUGs).

The article discusses not only the increase in volume, but also the fact that ZPIC auditors are showing up at facilities without notice, and often demanding to see records and interview staff during the middle of the day, when the staff are also responsible for delivering resident care.  The article also discusses the likely driver of the audits, a report from HHS-OIG, and why a high prevalence of patients falling within the Ultra High RUGs may not signify any improper billing, but rather simply reflect the fact that treatment of what previously was labeled sub-acute patients, and the increasing of acuity in the resident complement, may simply represent current  and cost efficient use of resources.

In the article, Mr. Cook and Mr. Liles comment on steps that SNF providers can take in protecting themselves against these audits, not only through the appeals process, but also through the implementation of strong compliance and quality assurance programs, as well as training of staff on how to respond to these audits.  While the article is specific to ZPIC audits of SNFs, the preventive strategies discussed by Liles Parker attorneys are transferable to all provider groups, including home health agencies, durable medical equipment suppliers, hospices, and physicians.

The link to the article is http://www.providermagazine.com/archives/archives-2012/Pages/0512/Fraud-Fighters-Mine-Data.aspx.

Liles Parker attorneys have extensive experience working with nursing facilities and other providers and their associations on matters of this nature.  This includes working with clients on compliance issues, audits, appeals, and training.  For a free consultation, contact Michael Cook or Robert Liles at 202-298-8750.

Beware of HHA Compliance Risks in TX and OK

I.  HHA Compliance Background:

Over the past few weeks, several important events and issuances have occurred which should have home health agencies (HHA) in Texas, Oklahoma and the rest of the country rethinking the adequacy of their existing HHA compliance efforts. While the practices of many home health agencies have long been a concern of the Department of Health and Human Services, Office of Inspector General (HHS-OIG) and the Centers for Medicare & Medicaid Services (CMS), the government’s apprehension appears to be at an all-time high.  Last week, HHS-OIG issued yet another report recommending that CMS further tighten its oversight of home health providers through the implementation of additional sanctions for non-compliant home health agencies.  Notably, HHS-OIG’s report has been issued on the heels of a significant home health fraud investigation centered in the Dallas, Texas area which was reportedly initiated by Health Integrity, the Zone Program Integrity Contractor (ZPIC) covering Texas and Oklahoma.

II.  HHS-OIG’s Home Health Report of Fraud and Abuse:

On March 2, 2012, HHS-OIG issued a report entitled, “Intermediate Sanctions for Noncompliant Home Health Agencies” which examined CMS’ ongoing efforts to identify and sanction home health agencies that were non-compliant with Medicare’s applicable conditions of participation. As detailed in the report, CMS (formerly known as the Health Care Financing Administration (HCFA)) was directed in 1987 to develop and implement “intermediate sanctions” against home health providers violating Medicare rules. These sanctions were anticipated to include civil monetary penalties (CMPs), Medicare payment suspension, and even appointment of temporary management of a noncompliant agency. Initially required to implement these sanctions under the Omnibus Budget Reconciliation Act of 1987 (OBRA 1987), CMS issued a Notice of Proposed Rulemaking in 1991, but subsequently withdrew this notice in 2000.

CMS has stated that it anticipates publishing new proposed rules in September 2012 addressing these “intermediate sanctions.”  Frankly, home health providers and their associates cannot continue down the current path.  While both CMS and HHS-OIG recognize the important role played by home health agencies in the care and treatment of homebound Medicare beneficiaries, the government has made it abundantly clear that participating providers must fully comply with applicable medical necessity, coverage, documentation, coding and billing rules.  Non-compliant providers are being immediately suspended and / or excluded from participating in the Medicare program.  Moreover, health care providers who engage in nefarious activities are being aggressively prosecuted.

III.  Health Integrity’s Audit of Home Health Agencies:

Since winning the contract in 2009, Health Integrity, the Zone 4 ZPIC covering Texas, Oklahoma, New Mexico and Colorado, has conducted a wide variety of Medicare post-payment audits throughout Zone 4.  To their credit, Health Integrity’s audits have not been limited to merely large metropolitan areas.  Rather, the ZPIC is in the process of “leaving no stone unturned,” conducting audits and reviews of home health agencies throughout Zone 4, regardless of size, revenues and / or location.

To be clear, Health Integrity’s audits have not been limited to only home health services.  The ZPIC has actively reviewed the operational, coding and billing practices of a wide variety of Part B health care providers in Zone 4.  Nevertheless, the ZPIC does appear to have redoubled its audits of home health agencies in Texas and Oklahoma who appear to be outliers through data-mining activities. After reviewing the homebound status of both prior and current patients, clinicians working for Health Integrity have been thoroughly assessing the care and treatment provided by billing home health agencies.  After carefully assessing the medical records forwarded by the home health agency, in many cases Health Integrity has concluded that it is appropriate to seek extrapolated damages based on the post-payment audit conducted.

IV.  Health Integrity is on the Front Line of Home Health Fraud Identification:

Despite the fact that most Texas home health agencies are doing their best to operate within the four corners of the law, there are still a number of providers who are continuing to engage in wrongdoing. Texas home health providers recently received significant negative media coverage for fraudulent and abusive billing practices allegedly committed by agencies within their ranks. As you may have heard, just last week a physician and several home health agency “recruiters” in the Dallas-Fort Worth area were indicted in the largest Medicare fraud scheme in history, allegedly totaling nearly $375 million for home health services either not needed or never provided. Additionally, it was noted that over 75 home health agencies to whom referrals were made have also been implicated in the wrongdoing.  Such an enormous scheme only further demonstrates the fact that fraudulent activity in home health services is continuing, despite the fact that mostTexashome health providers are well-meaning organizations, trying in good faith to provide medically necessary services to our nation’s most sick and disabled. Nevertheless, such accusations only increase suspicion and scrutiny of the entire home health industry in this region.

In a separate incident, a news reporter recently had a healthy, yet elderly, woman pose undercover as a potential home health patient when visiting a physician in South Texas.  The reporter noted that the healthy patient was allegedly improperly diagnosed and certified for home health services. While some providers may be concerned about the use of patients in undercover sting operations such as this, the fact is that improper conduct is occurring, at both the physician referral and the home health agency level, clearly illustrating why law enforcement is concerned that fraud is continuing to occur in this area of practice. In light of these and similar cases, it is clear why Health Integrity appears to be “ramping up” its reviews of home health providers throughout Texas and Oklahoma.

V.  What HHA Compliance Steps Can a Provider Take to Reduce Risk?

To be clear, there is no proverbial “silver bullet” that can be used by a home health agency to avoid the scrutiny of Health Integrity and / or law enforcement.  Every home health agency in Texas and Oklahoma should expect to be audited.  Rather than wait for such an eventuality, home health agencies should affirmatively review their operations, coding and billing practices to ensure that their practices squarely fall within the rules.  Although not all-inclusive, the following five steps can serve as an excellent starting point when preparing for an audit of your agency’s home health claims:

Recommendation #1: Don’t assume that your current practices are compliant, check them out! Conduct a “gap” analysis and implement an effective HHA Compliance Plan.  While most, if not all, home health agencies will profess to have an HHA Compliance Plan already in place, the real question is whether the existing plan is “effective,” or merely a sample that was obtained by the agency in the past.  No two home health agencies are alike.  As a first step, a home health provider needs to engage qualified legal counsel to advise the organization on whether the agency is properly operating at a baseline level of HHA compliance.  If not, remedial steps must be taken so that the agency can move forward in a compliant fashion.

As you will recall, Section 6401 of the Affordable Care Act (ACA) (generally referred to as the “Health Care Reform Act”) states, “. . . a provider of medical or other items or services or supplier within a particular industry, sector or category shall, as a condition of enrollment in the program under this Title . . . establish a compliance program.”  Although HHS-OIG has not announced the deadline for home health agencies to meet this requirement, it is only a matter of time before all health care providers who choose to participate in the Medicare program must have an effective HHA Compliance Plan in place in order to remain a participating provider.

Recommendation #2: As you review your claims, you should abide by the following:  First, “If it doesn’t belong to you, give it back.”  Conversely, “If you don’t owe the money, don’t throw in the towel.”  One of the attorneys in our firm is regularly asked to speak at provider conventions around the country.  For years, he has told providers “If it doesn’t belong to you, give it back.”  This simple concept covers a lot of ground when it comes to Medicare overpayments and is the single best policy you can employ as a good corporate citizen.

Recommendation #3: Don’t merely focus on your claims.  Are your business practices fully compliant with applicable laws and regulations?  Health Integrity and other ZPICs serve an essential role in identifying overpayments and other wrongdoing by health care providers. While an audit will almost always include a request for medical records, you should keep in mind that Health Integrity will not merely be examining your medical documentation.  Should you receive a request for documents, it will probably be broken into two major parts. The first section will likely be focused on business-related records such as the following: 

“Business contracts or agreements with other providers, suppliers, physicians, businesses or individuals in place during a specific period.  Additionally, any verbal agreements must be summarized in writing.

A listing of all current and former employees (employed during a specific period), along with their hire date, termination date, reason for leaving, title, qualifications, last known address, phone number.

• A list of all practice locations, along with their address and phone number.
• Leases.
• Employment agreements.
• Medical Director contracts.” 

One purpose of this section is to assist the ZPIC in identifying potential business practices which may constitute a violation of the Federal Anti-Kickback Statute, Stark Laws and / or the False Claims Act.  Should the ZPIC identify a possible violation, it will readily refer the case to CMS, HHS-OIG and / or DOJ, depending on the nature of the potential violation.

In contrast to the first section of the ZPIC’s request, the second section of the request will usually list the patient records and dates of service to be audited.  The number of dates of service audited differs from case to case.  Regardless of whether the ZPIC requests supporting documentation related to 5 claims or 50 claims, it is essential that you never ignore a request for information.  If additional time is needed to assemble the requested information, call the contractor.  Health Integrity has generally been cooperative with providers needing additional time to gather the records being requested.

Recommendation #4: Remember learning how to “drive defensively” in high school?  Your documentation practices should be approached in a similar fashion.   When is the last time that you have reviewed the applicable documentation requirements set out in the Medicare Administrative Contractor’s latest Local Coverage Determination guidance covering the services you are providing?  Health Integrity’s auditors are excellent at identifying one or more deficiencies in your documentation. While you may disagree with the ultimate conclusions reached by their clinicians, you should not completely discount their assessments.  Health Integrity’s findings should be carefully analyzed so that any problems with your documentation can be promptly addressed.

Recommendation #5: Engage qualified legal counsel and clinical experts to assist with your efforts. If your home health agency is audited, we strongly recommend that you engage qualified legal counsel, with experience handling this specific type of case.  Moreover, don’t be afraid to ask for references and to inquire about the anticipated cost of an engagement.  While it is often difficult to estimate legal costs due to the various factors faced when handling a ZPIC audit case, most experienced health lawyers can give you a range of expected legal fees.

VI.  Conclusion:

While an effective HHA Compliance Plan cannot fully shield an organization from risk, the implementation of, and adherence to, an effective plan can greatly assist your home health agency in identifying weaknesses and taking corrective action before an audit occurs.  Now is the time to ensure that your practices are compliant – after an audit occurs, it may be too late.

Liles Parker is a full service health law firm, providing HHA compliance reviews, “gap analyses” and training to home health providers and their staff.  Our attorneys are also experienced in representing home health providers in the administrative appeal of overpayments identified in the Medicare post-payment audit process. Should you have any questions, please call us today at 1-800-475-1906 for a free consultation. 

ZPIC Audit – Ten Recommendations for Audit Preparation

ZPIC Audit Introduction

Has your Practice, Home Health Agency, Hospice, DME Company or PT / OT / ST Clinic been audited by a Zone Program Integrity Program (ZPIC)?  If not, it may only be a matter of time.  Despite your best efforts to follow Medicare’s directives, your organization may still be identified as an “outlier” by a ZPIC and subjected to a probe review or a full-blown ZPIC audit.  Should you receive a request for records from a ZPIC, being prepared – in advance of receiving a ZPIC audit – can help ensure your organization’s compliance with applicable documentation, coding and billing requirements.  The following recommendations can assist with those efforts:

Recommendation #1:   If you have not already done so, conduct a “gap” analysis and implement an effective Compliance Plan.  Despite the fact that significant strides in compliance have been made by large Medicare providers (such as hospitals and nursing homes),  it has been our observation that most physician practices and small-to-mid sized provider organizations still do not have a tailored Compliance Plan in place.  We recognize that many providers may have copied a draft plan off of the Internet or purchased a sample plan.  While they may fully intend to follow through with personalization of the draft document, in most of the cases we have seen, more pressing events have taken precedence and these providers have not had the time or expertise to complete the project.

Providers who have not put a tailored Compliance Plan in place should immediately do so. As you have likely heard, Section 6401 of the Affordable Care Act (ACA) (generally referred to as the “Health Care Reform Act”) states, “. . . a provider of medical or other items or services or supplier within a particular industry, sector or category shall, as a condition of enrollment in the program under this Title. . .establish a compliance program.”   To be clear, at this time, the Department of Health and Human Services, Office of Inspector General (HHS-OIG) has not announced deadlines effectuating this requirement.  Nevertheless, it is merely a matter of time until all providers who choose to participate in the Medicare program will be required to have an effective Compliance Plan in place.

Rather than wait until the last minute, Medicare providers who have not already done so should immediately take steps to implement an effective plan.  As a first step, providers should review each of the regulatory and statutory provisions related to the specific services being billed to Medicare.  Next, providers should compare their actual documentation, coding and billing practices with Medicare’s rules.  Any gaps between the applicable requirements and a provider’s actual practices must immediately be remedied. Additionally, should these gaps represent an overpayment, the Medicare provider must repay the overpayment to the government within 60 days of identification.

Prior to conducting a gap analysis, we recommend that providers contact their legal counsel for assistance with both the internal review and with the implementation of an effective Compliance Plan.   While no Compliance Plan can prevent a ZPIC audit, the implementation of an effective plan will greatly improve a provider’s likely adherence to Medicare’s rules and regulations should a ZPIC audit be initiated.

Recommendation #2:   Don’t ignore a ZPIC’s request for documents[1]. At the outset, it is important to keep in mind that the ZPICs play an important role in the current enforcement environment.  In addition to  auditing records for possible overpayments, ZPICs are also responsible for identifying fraudulent providers and making referrals to the Centers for Medicare and Medicaid Services (CMS), the Department of Health and Human Services, Office of Inspector General (HHS-OIG) and the U.S. Department of Justice (DOJ) for further action.  Possible actions taken include, but are not limited to:

• CMS – Administrative action such as suspension or revocation from the Medicare program.
• HHS-OIG – Administrative action such as the imposition of Civil Monetary Penalties.  HHS-OIG may also investigate and refer a provider to DOJ for possible civil litigation under the False Claims Act.  Finally, HHS-OIG may investigate and refer a provider to DOJ for criminal prosecution under the Federal Anti-Kickback Act or a host of other statutes.
• DOJ – May investigate and prosecute a provider for civil and / or criminal violations of law.

Should you receive a request for documents from your ZPIC, in most cases it will broken into two sections.  The first section will likely focused on business-related records, including, but not limited to, copies of: 

“Business contracts or agreements with other providers, suppliers, physicians,  businesses or individuals in place during a specific period.  Additionally, any verbal agreements must be summarized in writing.

A listing of all current and former employes (employed during a specific period), along with their hire date, termination date, reason for leaving, title, qualifications, last known address, phone number.

• A list of all practice locations, along with their address and phone number.
• Leases.
• Employment agreements.
• Medical Director contracts.” 

The unstated purpose of this portion of the ZPIC’s request is likely to identify potential instances of violations of the Federal Anti-Kickback Statute, Stark and / or the False Claims Act.  Should the ZPIC identify a possible violation, it will readily refer the case to CMS, HHS-OIG and / or DOJ, depending on the nature of the potential violation.

In contrast to the first section of the ZPIC’s request, the second section of the request usually lists the patient records and dates of service to be audited by the ZPIC.  While every case is different, the number of claims requested typically ranges from eight (8) to 100, depending on whether the ZPIC’s request is a “probe review” or a full-blown ZPIC audit.  On occasion, we have seen the number of claims sought can range from 150 to 300.

Never ignore a ZPIC request for records.[2] Importantly, should you fail to respond to the ZPIC’s request, the contractor can recommend to CMS that your organization be suspended[3] from participation in the Medicare program.  Depending on the ZPIC’s concerns, the contractor can also recommend that CMS pursue a revocation action against your organization.  Should you need more time to respond to the ZPIC’s request for supporting documentation, don’t hesitate to request it.

Recommendation #3:  Remember learning how to “drive defensively” in high school?  Your documentation practices should be approached in a similar fashion. A ZPIC audit may reveal one or more ways in which your claims do not meet applicable coverage requirements.  While you may very well disagree with their assessments (especially in “medical necessity” determinations), in all likelihood, when you file a request for redetermination appeal (and later, a request for reconsideration appeal), you will find that your Medicare Administrative Contractor (MAC) and your Qualified Independent Contractor (QIC) will agree with the ZPIC’s denial decision.  Rather than endure significant costs and stress when defending against an overpayment assessment, you need to take steps to avoid a denial in the first place. To that end, health care providers should ensure that clinical staff members and the administrative team are fully trained and educated regarding Medicare’s documentation, coding and billing requirements.

We recognize that “perfect documentation” is neither required nor realistic to expect from your clinical staff.  Nevertheless, using published reports of other cases, you can show your clinicians that a ZPIC audit often involves a strict application of Medicare’s documentation and coverage requirements.  Through education and training, your clinical staff will understand why it is imperative that they review, understand and comply with:

• Any applicable Local Coverage Determinations (LCDs).
• Any applicable National Coverage Determinations (NCDs).
• Any Local Medical Review Policies (LMRPs).
• The Medicare Policy Benefit Manual (MPBM).
• The Medicare Program Integrity Manual (MPIM).
• Any statutory provisions which cover the services.
• Any additional guidance issued by Medicare which would apply to these claims.

It is important that you regularly review the government’s latest concerns and any enforcement actions which have been taken.  Additionally, you should read HHS-OIG’s reports so that you may learn from the mistakes being made by similarly situated providers.  Upon doing so, we recommend that you check the list of “risk areas” in your Compliance Plan and ensure that they reflect both “general” risks and “specific” risks which may be unique to your organization.  Is your organization still in full compliance?  If not, remedial action is likely necessary.

Recommendation #4:  Retain experienced legal counsel to assist with your efforts. When experiencing symptoms of a cardiac problem, most patients wouldn’t turn over their care to a dermatologist.  Instead, they would seek to be evaluated and treated by a cardiologist.  Similarly, if you have a health law problem, would it be wise to rely on advice from an attorney specializing in family law?  Ultimately, that’s your call.  While no attorney can guarantee you success, we believe that an experienced health lawyer is well situated to give you advice regarding a Medicare audit or investigation.   Having said that, it is important to recognize that the field of health law is extraordinarily broad.  Should you be audited by a ZPIC or a Recovery Audit Contractor (RAC), don’t hesitate to ask a health lawyer whether they have handled these types of cases before.  If so, how many times have they represented a provider in a ZPIC audit?  When selecting a lawyer, keep in mind that the legal fees charged by an attorney can vary greatly, depending on a variety of factors.  Don’t be shy – ask how much the representation is likely to cost.  While it is often difficult to estimate legal costs due to the various factors faced when handling matters involving a ZPIC audit, most attorneys can give you a range of expected legal fees.  Finally, be sure and ask for references.  Other providers who have been through an administrative appeal case can provide you with invaluable insights into the process.

Recommendation #5:  The administrative appeals process has become quite complicated in recent years.  A ZPIC audit can result in an alleged overpayment of millions of dollars, particularly if the overpayment is extrapolated. Moreover, the ZPIC’s overpayment assessment isn’t usually the end of the story.  While providers often lose at the redetermination and reconsideration levels of appeal, the third level of appeal – before an Administrative Law Judge (ALJ) – is usually your best opportunity to prevail in an administrative appeal.  Over the years, our attorneys have argued cases in front of judges out of each of the field offices of the Office of Medicare Hearings and Appeals (OMHA).   While we may not always agree with their decisions, the ALJs we have practiced before have been professional, fair and more than willing to hear a provider’s arguments in support of payment.

Should you choose to forego legal counsel and represent yourself in an ALJ hearing, keep in mind that even though these hearings are intended to be non-adversarial,  it can feel quite adversarial during the actual hearing.  Furthermore, these proceedings can be quite complicated.  In most large dollar cases, representatives of the ZPIC are participating in the hearing and arguing their position before the ALJ.  ZPIC representatives can include one or more statisticians (if an extrapolation was conducted), a clinician (usually a Registered Nurse who is experienced in conducting medical reviews) and a lawyer.  In a recent Home Health Agency case we handled, this was precisely what occurred.  Frankly, few providers are experienced in presenting their case and in responding to the arguments raised by statisticians, clinicians and lawyers representing a ZPIC.  As a result, it is strongly recommended that the provider consider engaging an experienced and knowledgable attorney.

Recommendation #6:  When reviewing your claims, you should abide by the following:  First, “If it doesn’t belong to you, give it back.”  Conversely, “If you don’t owe the money, don’t throw in the towel.”  For years we’ve told providers “If it doesn’t belong to you, give it back.”  This simple concept covers a lot of ground when it comes to alleged Medicare overpayments.  Similarly, if the facts and the evidence shows that the claims should have been paid,  think twice before waiving your right to appeal the denial of these claims.  From a practical standpoint, we have heard of  situations where a provider chooses to “just pay the bill” so that the case will quickly be resolved.  Several providers have commented that when dealing with small dollar assessments, it is just easier to pay the alleged overpayment rather than incur the hassle and expense of contesting the contractor’s denial.  Although we understand the reasoning behind such a decision, you should keep in mind that every claim which is denied by in a ZPIC audit increases a provider’s “error rate.”  If you were a ZPIC, PSC, RAC or MAC contractor, would you choose to audit a provider with a low error rate or a high error rate?  In any event, the bottom line is fairly straight forward.  Should you find that you are not entitled to payment for one or more claims, you must repay the money to the government as soon as possible (but no later than 60 days after an overpayment has been identified),  regardless of whether the claim is part of an ongoing or recently completed Medicare audit.  If, however, you are audited and you believe that a ZPIC has incorrectly denied one or your claims, you have the right to appeal the denial of these claims.

Recommendation #7:  Carefully read a ZPIC’s denial decision letter. When you receive a denial decision letter from a ZPIC, carefully review the notice and determine whether the contractor has specifically addressed the reasons for denial associated with each of the claims at issue.  Every ZPIC audit is different.  Over the last few months, one of the ZPICs involved in the cases we are handling has been citing only a general reason for denial (such as “not medically necessary”).  Should the ZPIC in your case not provide sufficient information, you will find it difficult, if not impossible, to address any specific reasons your claims have been denied. Your legal counsel may be able to get the ZPIC to provide additional specificity in connection with their denial reasons.

Recommendation #8:  Don’t forget – shortly after the “demand letter” is sent, any payments you may be expecting may be recouped by your Medicare Administrative Contractor (MAC).   A demand letter from your MAC usually follows a few days after you receive a ZPIC’s denial decision letter.  While you have 120 days to file a request for redetermination appeal[4], should you fail to file the request for redetermination within 30 days of the date of the MAC’s demand letter, your Medicare payments may be recouped starting on day 41.  Alternatively, a provider may set up an extended repayment program with the MAC so that the alleged overpayment can be repaid through monthly installments.  We strongly recommend that you set this up.  You will then be able to take advantage of the 120 period permitted to file a redetermination appeal rather than filing a poorly prepared appeal within the 30 day period.  Similar issues (with completely different deadlines) are present at the reconsideration level of appeal — the next level in the administrative appeals process. Once again, these issues can be quite complicated.  We recommend that you discuss available appeals options with your counsel.

Recommendation #9: Foster a corporate culture which encourages compliance.  ZPIC audit reviewers have increased their ZPIC audit activities dramatically in numerous areas of the country. South Texas has been especially hard-hit. Providers in Houston, McAllen, Harlingen, Edinburgh, Laredo, Corpus Christi and Brownsville appear to have experienced a recent surge in ZPIC audit activity.  Be aware that ZPIC audit reviewers are looking for aberrations in billing patterns and often target providers based on these variations in coding or billing practices.  Compliance with regulations and consistency in your “message” to employees is essential. Establishing good intake and records management procedures and continuing employee education and training efforts can facilitate the adoption of an ethical, compliant corporate culture.

Recommendation #10:  When drafting a Compliance Plan, providers should include a “Code of Conduct” that is easily understood by employees.  We believe that a “Code of Conduct” should accurately reflect the belief system an organization has pursued and sincerely intends to follow.   In doing so, an organization can engender a compliant corporate culture.  Over the years, we have seen organizational “Codes of Conduct” which range from a succinctly described phrase to discussions of more than a page.

Our favorite “Code of Conduct” is used by Cadets at the United States Military Academy at West Point. Modified for use by health care providers, the “Code of Conduct” reads:

“Our clinicians and staff will not lie, cheat, steal, or tolerate those who do.”

This simple yet elegant “Code of Conduct” succinctly lays out a provider’s ethical responsibilities, both with respect to Medicare and in other business dealings.  We recommend that you consider adopting and adhering to this or a similar “Code of Conduct.”

Liles Parker attorneys and staff have extensive experience representing Physicians, Clinics, Home Health Agencies, Hospices, DME Companies, Skilled Nursing Facilities, Chiropractors, Pain Medicine Clinics, Rehabilitative Medicine Clinics and other Medicare providers in connection with a ZPIC audit or audits by  RACs, PSCs, MACs and other contractors.  We also have years of experience assisting providers with “gap” analyses and in implementing an effective Compliance Plan.  Should you have questions about these or other health law issues, please feel free to call us for a complementary consultation.  We can be reached at:  1 (800) 475-1906.  

AdvanceMed Reportedly Acquired by NCI

I.  Background of AdvanceMed Transaction:

AdvanceMed has a new parent. Last week, it was announced that NCI, Inc., one of the nation’s most successful information technology companies, had acquired the outstanding capital stock of AdvanceMed Corporation (AdvanceMed), an affiliate of CSC. While the acquisition went largely unnoticed by the health care provider community, the transaction may, in fact, be quite significant.

With this acquisition by NCI, a recognized powerhouse in information technology, Medicare and Medicaid providers should expect AdvanceMed’s expertise in data mining and investigations to continue to grow. As AdvanceMed continues to fine-tune its data mining efforts and further expands its ability to conduct “Predictive Modeling,” providers will likely find their actions under the microscope like never before.  It is therefore imperative that all health care providers immediately implement an effective Compliance Plan or further enhance their current compliance efforts.

NCI first announced its plans to acquire AdvanceMed last February.  As NCI’s February 25th News Release noted:

“The Obama Administration has emphasized reducing fraud, waste, and abuse in Federal entitlements. AdvanceMed is ideally positioned to support the program integrity initiatives of CMS and other Federal Government agencies. . . We are extremely pleased to have AdvanceMed join NCI and believe that this acquisition will provide NCI an outstanding platform to address this rapidly growing market opportunity.”

In recent years, AdvanceMed has positioned itself to where it now has multiple contracts with the Federal government.  AdvanceMed serves as the Zone Program Integrity Contractor (ZPIC) for Zone 2 and Zone 5.  Additionally, the contractor also serves as a Comprehensive Error Rate Testing (CERT) contractor.   On the Medicaid side,  AdvanceMed serves as a Medicaid Integrity Contractor (MIC).  While a host of other contractors have been awarded contracts covering other zones and program areas, AdvanceMed’s growth has been undeniably impressive.

As NCI announced in its April 4^th “News Release” covering the acquisition:

“AdvanceMed is a premier provider of healthcare program integrity services focused on the detection and prevention of fraud, waste, and abuse in healthcare programs, providing investigative services to the Centers for Medicare and Medicaid Services (CMS). Serving CMS since 1999, AdvanceMed has grown rapidly, demonstrating the value and return on investment of the Federal Government’s integrity program activities.

AdvanceMed employs a strong and experienced professional staff, which leverages sophisticated information technology, data mining, and data analytical tools, to provide a full range of investigative services directed to the identification and recovery of inappropriate Medicare and Medicaid funds. AdvanceMed supports healthcare programs in 38 states with a staff of more than 450 professionals, including information specialists, nurses, physicians, statisticians, investigators, and other healthcare professionals.

AdvanceMed has multiple contracts with CMS under the Zone Program Integrity (ZPIC), Program Safeguard (PSC), Comprehensive Error Rate Testing (CERT), and Medicaid Integrity (MIC) programs. All of these programs are executed under cost plus contract vehicles. The largest contracts-ZPIC Zone 5 and ZPIC Zone 2-were awarded in late 2009 and 2010 and have five-year periods of performance.

The acquisition price was $62 million. Included within the price is a recently completed, state-of-the-art data center to support the ZPIC Zone 5 and ZPIC Zone 2 contracts. Additionally, NCI will make a 338(h)(10) election, enabling a tax deduction, which is expected to result in a tax benefit with an estimated net present value of approximately $6 million to $8 million. NCI expects the transaction to be slightly accretive to 2011 earnings.

As of the end of March 2011, AdvanceMed has a revenue backlog of approximately $300 million with approximately $51 million of that amount being currently funded. Revenue for the trailing 12 months ending March 31, 2011, is estimated to be approximately $51 million, all of which was generated from Federal Government contracts, and 99% of the work performed as a prime contractor. NCI’s AdvanceMed 2011 revenue, covering the nine-month period of April 2, 2011, to December 31, 2011, is estimated to be in the range of $43 million to $47 million (the equivalent of $57 million to $63 million on a full 12-month basis), with the midpoint reflecting a full-year growth of approximately 16%. . .”

II.  Overview of the ZPIC Program:

Under the Medicare Prescription Drug, Improvement and Modernization Act of 2003 (MMA), CMS was required to take a number of steps intended to streamline the claims processing and review process:

•  Using competitive measures, CMS was required to replace the current Medicare Fiscal Intermediaries (Part A) and Carriers (Part B) contractors with Medicare Administrative Contractors (MACs).
• After setting up the new MAC regions, CMS created new entities, called Zone Program Integrity Contractors (ZPICs).
•  These actions were intended to consolidate the existing program integrity efforts.  Over the last 2 — 3 years, ZPICs have been taking over PSC audit and enforcement activities around the country.

At the time of transition, there were twelve PSCs that had been awarded umbrella contracts by CMS. As these contracts have expired, CMS has transferred the PSCs’ fraud detection and deterrence functions over to ZPICs.  Of the seven ZPIC zones established in the MMA, CMS has awarded contracts for a number of the zones. CMS is still working to issue awards for the final ZPIC zones.  The seven ZPIC zones include the following states and / or territories:

• Zone 1 – CA, NV, American Samoa, Guam, HI and the Mariana Islands.
• Zone 2 – AdvanceMed: AK, WA, OR, MT, ID, WY, UT, AZ, ND, SD, NE, KS, IA, MO.
• Zone 3 – MN, WI, IL, IN, MI, OH and KY.
• Zone 4 – Health Integrity: CO, NM, OK, TX.
• Zone 5 – AdvanceMed: AL, AR, GA, LA, MS, NC, SC, TN, VA and WV.
• Zone 6 – PA, NY, MD, DC, DE and ME, MA, NJ, CT, RI, NH and VT.
• Zone 7 – SafeGuard Services: FL, PR and VI.

In many instances, these changes have been nothing more than a name change. ZPIC responsibilities are generally the same as those currently exercised by PSCs. While ZPIC overpayment review duties have not appreciably changed, the number of civil and criminal referrals appear to be increasing. In our opinion, ZPICs clearly view their role differently than that of their PSC predecessors.  ZPICs clearly view themselves as an integral part of the law enforcement team, despite the fact that they are for-profit contractors.  In consideration of their ability to recommend to CMS that a provider be suspended or have their Medicare number revoked, or even refer a provider to law enforcement for civil and / or criminal investigation, providers should take these contractors quite seriously.

Both ZPICs and PSCs have traditionally asserted that unlike their RAC counterparts, they are not “bounty hunters.”  ZPICs are not paid contingency fees like RACs but instead directly by CMS on a contractual basis.  Nevertheless, common sense tells us that if ZPICs aren’t successful at identifying alleged overpayments, the chances of a ZPIC’s contract with CMS being renewed are likely diminished. AdvanceMed’s recent announcement shows that they are a very profitable entity and are paid on a “cost-plus” basis (leaving room for bonuses and other incentives). Additionally, experience has shown us that despite the fact that ZPICs are expected to adhere to applicable Medicare coverage guidelines, a ZPIC’s interpretation and application of these coverage requirements may greatly differ from your understanding of the same provisions.

           In recent years, ZPICs have been aggressively pursuing a wide variety of actions, including but not limited to:

• Pre-Payment Audit.  After conducting a probe audit of a provider’s Medicare claims, the ZPIC may place a provider on “Pre-payment Audit” (also commonly referred to as “Pre-Payment Review”).  Unlike a post-payment audit, there is no administrative appeals process that may be utilized by a provider for relief.  Having said that, there are strategies that may be utilized by a provider which may assist in keeping the time period on pre-payment review at a minimum.
• Post-Payment Audit.  Audits conducted by ZPICs primarily involve Medicare claims that have already been paid by the government.  In many cases, the ZPICs appear to have conducted a strict application of the coverage requirements, regardless of whether a provider’s deviation from the rules is “de minimus” in nature. In doing so, it is not unusual to find that a provider has failed to comply with each and every requirement.  Depending on the nature of the initial sample drawn, a ZPIC may extrapolate the damages in a case, significantly increasing the the alleged overpayment.  In doing so, the ZPIC is effectively claiming that the “sample” of claims audited are representative of the universe of claims at issue in an audit.
• Suspension.  While the number of suspension actions taken by ZPICs has steadily increased in recent years,  Medicare providers should expect to see this number continue to grow.  Under the Affordable Care Act (often informally referred to as the “Health Care Reform” Act), CMS’ suspension authority has greatly expanded.   
• Revocation.  As with suspensions, we have seen a sharp increase in the number of Medicare revocation actions taken over the last year. The reasons for revocation have varied but have typically been associated with alleged violations of their participation agreement. In some cases, the ZPIC contractors found that the provider has moved addresses and did not properly notified Medicare. In other cases, a provider was alleged to have been uncooperative during a site visit. Finally, there were a number of instances where the provider allegedly did not meet the “core” requirements necessary for their facility to remain certified.
• Referrals for Civil and Criminal Enforcement.  ZPICs are actively referring providers to HHS-OIG (which can in turn refer the case to the U.S. Department of Justice (DOJ) for possible civil and / or criminal enforcement) when a case appears to entail more that a mere overpayment. However, just because a referral is made doesn’t mean that it will prosecuted. In many instances, HHS-OIG (and / or DOJ) will decline to open a case due to a variety of reasons, such as lack of evidence, insufficient damages, etc.).

 III.  Steps Providers Can Take Now, Before They are Subjected to a ZPIC Audit:

In responding to a ZPIC audit, it is important to remember that although they may not technically be “bounty hunters,” it is arguably to their benefit to find that an overpayment has occurred. These overpayments are often based on overlapping “technical” (such as an incorrect place of service code) and “substantive” (such as lack of medical necessity) reasons for denial.  In recent years, the level of expertise exercised by ZPICs is often quite high — noting multiple reasons for denial and concern.

Unfortunately, the reality is that most (if not all) Medicare providers will find themselves the subject of a ZPIC, CERT, RAC or other type of claims audit at some point in the future.  In our opinion, the single most effective step you can take to prepare for a contractor audit is to ensure that your organization has implemented and is adhering to an effective Compliance Plan.  Several general points to consider also include:

Keep in mind your experiences with PSCs and other contractors.  The lessons you have learned responding to PSC, CERT and RAC audits can be invaluable when appealing ZPIC overpayments.  As you will recall, the appeals rules to be followed are virtually the same.

Monitor HHS-OIG’s Work Plan.  While often cryptic, it can be invaluable in identifying areas of government concern.  Are any of the services or procedures your organization currently provides a focus of HHS-OIG’s audit or investigative?

 Keep an eye on RAC activities.  Review the service-specific findings set out in annual RAC reports.  Review targeted areas carefully to ascertain whether claims meet Medicare’s coding and medical necessity policies.

You never realize how bad your documentation is until your facility is audited. While many providers start out “over-documenting” services (to the extent that there is such a thing), a provider’s documentation practices often become more relaxed as time goes on – especially when the provider has not been audited for an extended period of time.  In such situations, both physicians and their staff may fail to fully document the services provided.  Moreover, the care taken to ensure that all supporting documentation has been properly secured may have also lapsed over the years.

Review your documentation.  Imagine you are an outside third-party reviewer.  Can an outsider fully appreciate the patient’s clinical status and the medical necessity of treatment?  Are the notes legible and written is a clear fashion?  Compare your E/M services to the 1995 or 1997 Evaluation and Management (E/M) Guidelines – have you fully and completely documented the services you provided?  If dealing with skilled services, have you fully listed and discussed both the need for skilled services and the specific skilled services provided?

IV.  Closing Thoughts:

Imagine a ZPIC hands you a claims analysis rife with alleged errors, an indecipherable list of statistical formulas, and an extrapolated recovery demand that will cripple your practice or clinic. What steps should you take to analyze their work? Based on our experience, providers can and should carefully assess the contractor’s actions, particularly the use of formulas and application of the RAT-STATS program when selecting a statistical sample and extrapolating the alleged damages based on the sample. Over the years, we have challenged the extrapolation of damages conducted by Medicare contractors around the country, including tens of thousands of claims. Regardless of whether you are a Skilled Nursing Facility providing skilled nursing and skilled therapy services, an M.D. or D.O. providing E/M services, a Home Health company or a Durable Medical Equipment (DME) company, it is imperative that you work with experienced legal counsel and statistical experts to analyze the actions take by a ZPIC.

Liles Parker attorneys and staff have extensive experience representing a wide range of Medicare providers in audits by ZPICs, PSCs and other contractors.  Should you have questions regarding an inquiry from a ZPIC, PSC or RAC that you have received, please feel free to give us a call for a complimentary consultation.  We can be reached at:  1 (800) 475-1906.

2011. . . The Year of Compliance — Avoiding ZPIC Initiated Medicare Suspension Actions

(January 11, 2011): As you recall at the end of 2010 we identified the “Top Ten Health Care Compliance Risks for 2011.”  The purpose of this and subsequent articles is to analyze two of those risks; Zone Program Integrity Contractors (ZPICs) and Payment Suspension Actions. Over the next few days we will be discussing these two risk areas in depth.

I. Overview:

As discussed in our “Top Ten” article, we anticipate that ZPICs will ratchet up their use of provider suspension actions in 2011.  At the close of 2010, there already appeared to be an increase in the use of suspension actions by ZPICs in South Texas and in other areas of the country.  In many instances, these actions were the result of sophisticated data mining techniques by ZPICs.  While cases are initiated in a variety of ways (including, but not limited to whistleblower complaints, anonymous reports to the government’s fraud hotline, etc.), data mining is a key tool relied on by ZPICs and government agencies for targeting purposes.

After analyzing the data, ZPICs often send out requests for information or conduct site visits of health care provider facilities.  These requests and / or site visits can result in medical reviews, demands for alleged overpayments, or lead to referrals to one or more government investigative agencies (such as the Department of Health and Human Services’ Office of Inspector General (HHS-OIG), the State Medicaid Fraud Control Unit (MFCU) and / or the Federal Bureau of Investigation (FBI)). Since established, ZPICs have clearly met their goal of developing “innovative data analysis methodologies for detecting and preventing Medicare fraud and abuse.”  Rather than pursuing merely administrative overpayment cases, over the last six months, we have noted an increase in the number of cases referred to law enforcement for fraud investigation.  While seven ZPIC zones have been identified, only three companies have been awarded ZPIC contracts at this time.  Where ZPIC contracts remain pending, Program SafeGuard Contractors (PSC) are typically still operating and are conducting essentially the same duties as their ZPIC counterparts.  The seven ZPIC zones include:

• Zone 1- CA, NV, American Samoa, Guam, HI and the Mariana Islands.
• Zone 2 includes; AK, WA, OR, MT, ID, WY, UT, AZ, ND, SD, NE, KS, IA, MO.
• Zone 3-MN, WI, IL, IN, MI, OH and KY.
• Zone 4-CO, NM, OK, TX.
• Zone 5- AL, AR, GA, LA, MS, NC, SC, TN, VA and WV
• Zone 6- PA, NY, MD, DC, DE and ME, MA, NJ, CT, RI, NH and VT.
• Zone 7- FL, PR and VI

The following map reflects zones where the ZPIC contractor is currently operating.  Each of the ZPICs listed below are actively sending out requests for information and / or conducting site visits.  In a number of instances, the ZPICs have been noted to be suspending providers from the Medicare program based on variety of alleged statutory and / regulatory violations.

ZPICs have been very active in their site visits which have brought about Medicare suspension and revocation actions. In some cases, these site visits have resulted in allegations of “fraud or willful misrepresentation” with ZPIC’s contacting of CMS for approval to place the provider on payment suspension.  In tomorrow’s article, we will be examining the primary reasons cited by the Centers for Medicare and Medicaid Services (CMS) when placing a provider on payment suspension status.

Robert W. Liles serves as Managing Partner at Liles Parker.  Robert and our other attorneys have extensive experience representing health care providers in ZPIC initiated actions.  Should your Physician Practice, Home Health Agency, Hospice Company, Physical / Occupational / Speech Therapy Clinic, Ambulance Company, Therapy Company, Pain Clinic be subjected to a ZPIC audit, give us a call for a free consultation.  We can be reached at: 1 (800) 475-1906.

Next Page »