Top Ten Health Care Compliance Risks for 2011.

January 1, 2011 by  
Filed under Featured, UPIC Audits

tiny-target-crosshair(December 31, 2010):  In case you missed it, Congress, President Obama and the healthcare regulators had a banner year with respect to regulatory activism in 2010.  Over the next several weeks we will be releasing a series of articles on our website addressing these dramatic changes and the compliance risks they present for your practice, clinic or health care business in 2011:

Compliance Risk Number 1:  Increased “HEAT” Activity and Enforcement:  Perhaps the greatest risk to consider in 2011 is the increase in targeted health care fraud enforcement efforts by the government’s Health Care Fraud Prevention and Enforcement Action Team (HEAT).  These teams are comprised of top level law enforcement and professional staff from the U.S. Department of Justice (DOJ), the Department of Health and Human Services (HHS), and their various operating divisions.  HEAT team initiatives have been extraordinarily successful in coordinating multi-agency efforts to both prevent health care fraud and enforce current anti-fraud initiatives.

As DOJ noted in September 2010, over the previous Fiscal Year, DOJ (including its 94 U.S. Attorneys’ Offices), HHS’ Office of Inspector General (HHS-OIG), and the Centers for Medicare and Medicaid Services (CMS), jointly accomplished the following:

  • Filed charges against more than 800 defendants.
  • Obtained 583 criminal convictions.
  • Opened 886 new civil health care fraud matters.
  • Obtained 337 civil administrative actions against parties committing health care fraud.
  • Through these efforts, more than $2.5 billion was recovered as a result of the criminal, civil and administrative actions handled by these joint agencies. 

President Obama’s FY 2011 budget request includes an additional $60.2 million in funding for the HEAT program.These funds will be used to establish additional teams and further fund existing investigations. Now, more than ever, it is imperative that you ensure that your Compliance Plan is both up-to-date and fully implemented.  Medicare providers are obligated to adhere to statutory and regulatory requirements and the government’s HEAT teams are aggressively investigating providers who fail to comply with the law.

Compliance Risk Number 2:  Zone Program Integrity Contractor (ZPIC) / Program SafeGuard Contractor (PSC) / Recovery Audit Contractor (RAC) Audits of Medicare Claims:  As you already know, private contractor reviews of Medicare claims are big business – one ZPIC was awarded a five-year contract worth over $100 million.  In 2011, we  should expect to see:

  • The number of ZPIC / PSC / RAC audits of Physician Practices, Home Health Agencies, Hospice Companies, DME Suppliers and Chiropractic Clinics will greatly increase in 2011.
  • The reliance of both contractors and the government on data mining will continue to grow.  Providers targeted will likely be based on utilization rates, prescribing practices and billing / coding profiles.
  • An increase in the number of Administrative Law Judge (ALJ) hearings in where ZPIC representatives choose to attend the hearing as a “participant.”  In these hearings, the ZPIC representative will likely aggressively oppose any arguments in support of payment that you present.

Are you ready for an unannounced / unanticipated site visit or audit?  When is the last time that you have conducted an internal review of your billing / coding practices?  Are you aware of the hidden dangers when conducting these reviews?  In 2011, your Compliance Officer may very well be your most important non-clinical staff member.  Physicians and other providers should work with their Compliance Officer to better prepare for the unexpected audit or investigation.

Compliance Risk Number 3: Electronic Medical Records: Unfortunately, some early adopters of Electronic Medical Records (EMR) software are now having to respond to “cloning” and / or “carry over” concerns raised by ZPICs and Program SafeGuard Contractors (PSCs).  In a number of cases, these audits appear to be the result (at least in part) of inadequately designed software programs which generate progress notes and other types of medical records that do not adequately require the provider to document individualized observations.  Instead, the information gathered is often sparse and similar for each of the patients treated.  Take care before converting your practice or clinic to an EMR system.  Include your Compliance Officer in the selection and review process.

Compliance Risk Number 4:  Physician Quality Reporting Initiative (PQRI) Issues:  Under the Health Care Reform legislation passed last March. PQRI was changed from a voluntary “bonus” program to one in which penalties will be assessed if a provider does not properly participate.  As of 2015, the penalty will be 1.5% and will increase to 2.0% in 2016 and subsequent years. Additionally, questions about the use of PQRI date in “Program Integrity” targeting remain unanswered.  Once again, it is essential that your Compliance Officer provide guidance to your staff regarding this program and its potential impact.

Compliance Risk Number 5:  Medicaid Integrity Contractors (MICs)  and Medicaid Recovery Audit Contractors (MDRACs):  In recent months, we have seen a marked increase in the number of MIC inquiries and audits initiated in southern States.  Notably, the information and documentation requested has often been substantial.  Medicaid providers must now also contend with MDRACs.  As a result of health care reform, MDRACs are now mandatory in every State and are may initiate reviews and audits as soon as March 2011.   Compliance Officers should review their current risk areas and ensure that Medicaid coding and billing activities are actively monitored to better ensure statutory / regulatory adhereance.

Compliance Risk Number 6:  HIPAA / HITECH Privacy Violations:  Failure to comply with HIPAA can result in civil and / or criminal penalties. (42 USC § 1320d-5).

  • Civil Penalties – A large retail drug store company was recently fined $2.25 million for failure to properly dispose of protected information.
  • Criminal Penalties – Earlier this year, a physician in Los Angeles, CA, was sentenced to four months in prison after admitting he improperly accessed individual health information.

As of mid-2010, there had been 93 breaches affecting 500 or more individuals.  The total number of individuals whose information was disclosed as a result of these breaches was estimated at over 2.5 million.  Out of the 93 breaches, 87 involved breach of hard copy or electronic protected health information (about 1/4 involved paper records and 3/4 involved electronic records. The vast majority of the 93 breaches involved theft or loss of the records.  Many of these thefts could have been avoided with appropriate security.  The government is serious about privacy and your practice, and in 2011 you will likely see increased HIPAA / HITECH enforcement.  Your clinic or health care business must take appropriate steps to prevent improper disclosures of health information.

Compliance Risk Number 7:  Increased Number of Qui Tams Based on Overpayments:  Section 6402 of the recent Health Care Reform legislation requires that all Medicare providers, (a) return and report any Medicare overpayment, and (b) explain, in writing, the reason for the overpayment.

This law creates a minefield for physicians and other Medicare providers.  First, providers have only 60 days to comply with the reporting and refund requirement from the date on which the overpayment was identified or, if applicable, the date any corresponding cost report is due, whichever is later.  Of course, the legislation does not actually explain what it means to “identify” an overpayment.

From a “risk” standpoint, this change is enormous.  Disgruntled employees try to file a Qui Tam         (“whistleblower”) lawsuit based on a provider’s failure to return one or more Medicare overpayments to the program in a timely fashion.  While the government may ultimately choose not to intervene in a False Claims Act case based on such allegations, a provider could spend a significant amount defending the case.  Providers should ensure that billing personnel understand the importance of returning any overpayments identified as quickly as possible.

Compliance Risk Number 8:  Third-Party Payor Actions:  Third-party (non-Federal)  payors are participating in Health Care Fraud Working Group meetings with DOJ and other Federal agents.  Over the last year, we have seen an increase in the number of “copycat” audits initiated by third-party payor “Special Investigative Units” (SIUs).  Once the government has announced the results of a significant audit, the third-party payor considers the services at issue and reviews whether it may have also been wrongly billed for such services.  If so, their SIU opens a new investigation against the provider.

Compliance Risk Number 9:  Employee Screening:  With the expansion of the permissive exclusion authorities, more and more individuals will ultimately be excluded from Medicare.  As we have seen, HHS-OIG is actively reviewing whether Medicare providers have employed individuals who have been excluded.  In one recent case, HHS-OIG announced that it had assessed significant civil monetary penalties against a health care provider that employed seven individuals who the provider “knew or should have known” had been excluded from participation in Federal health care programs. These individuals were alleged to have furnished items and services for which the provider was paid by Federal health care programs.  All providers should periodically screen their staff against the HHS-OIG and GSA databases to ensure that their employees have not been excluded from participation in Federal Health Benefits Programs.

Compliance Risk Number 10:  Payment Suspension Actions:  Last, but not least, we expect the number of payment suspension actions to increase in 2011.  In late 2010, Medicare contractors recommended to CMS that this extraordinary step be taken against providers in connection with a wide variety of alleged infractions.  Reasons given for suspending a provider’s Medicare number included, but were not limited to: (1) the provider failed to properly notify Medicare of a change in location, (2) the provider allegedly engaged in improper billing practices, and (3) the provider failed to fully cooperate during a site visit.

As each of these compliance risks reflect, health care providers are expected to fully comply with a wide myriad of Medicare and Medicaid statutory and regulatory requirements.  Moreover, the failure to meet these obligations can subject a provider to penalties ranging from suspension from the program to criminal prosecution.  Providers must take compliance seriously if they hope to thrive in 2011.

Liles Parker attorneys provide health law guidance and advice to health care providers around the country.  Our attorneys have extensive experience working on compliance related matters and defending providers in connection with Medicare audits and investigations.  Should you have questions regarding these and other issues, give us a call for a free consultation.  We can be reached at 1 (800) 475-1906.

The Zone 7 ZPIC Has Recommended Revocation of 82% of CORFS and 79% of CMHCs in South Florida – Is Your ZPIC Next?

October 9, 2010 by  
Filed under UPIC Audits

(October 9, 2010):  In late 2008, SafeGuard Services LLC (SafeGuard) was awarded one of the first two contracts to serve as a Zone Program Integrity Contractor (ZPIC) for Zone 7, an area which includes Florida, Puerto Rico and the U.S. Virgin Islands.  The contract covered a base year plus four additional years.  SafeGuard’s appointment was one of the first actions taken to consolidate the work previously performed by Program SafeGuard Contractors (PSCs) and Medicare Drug Integrity Contractors (MEDICs). Among its consolidated duties, SafeGuard is responsible for handling medical reviews and benefit integrity functions for Medicare claims under both Part A and Part B (hospital, CMHCs, skilled nursing, home health, provider and durable medical equipment).  These claims are the focus of this article.  SafeGuard became fully operational in Zone 7 on February 1, 2009.

Working together to promote the integrity of the Medicare and Medicaid programs, in recent years Safeguard has developed close working relationships with CMS, HHS-OIG, U.S. Attorney’s Offices, the FBI and other Medicare contractors.  .

As with other ZPICs, SafeGuard employs a number of techniques, both proactive and reactive, to address fraud.  In recent years, SafeGuard appears to have been one of the leading ZPICs in terms of “data-mining.”  The primary source for Medicare claims data is CMS’ National Claims History system.  Many of the audit and investigative processes developed by SafeGuard appear to now be employed by other ZPICs

CMS’ Proposed Rule issued September 23, 2010, provides an overview of how CMS and HHS-OIG intend to implement a number of new enforcement tools authorized under the Health Care Reform bill passed last March.  In reviewing the Proposed Rule, we unexpectedly learned about several audit initiatives that the “Zone 7 ZPIC” has been pursuing.  As the Proposed Rule states:

In addition to GAO and HHS OIG studies and reports, a number of Zone Program Integrity Contractors (ZPIC) and Program Safeguard Contractors (PSC), organizations used by CMS in helping to fight fraud in Medicare, have taken a number of administrative actions including payment suspensions and increased medical review, for the provider and supplier types shown above. For example, the Zone 7 ZPIC contractor in South Florida has conducted onsite reviews at 62 CORFs since January 2010 and recommended revocation for 51 CORFs, or 82 percent of the CORFS in the area. The same contractor has conducted an onsite reviews at 38 CMHCs located in Dade, Broward and Palm Beach County since January 2010, and recommended that 30 CMHCs be revoked for noncompliance (79 percent of the CMHCs in the area). In each instance where the ZPIC requested a revocation, the CMHC was also placed on prepay review. We have also conducted an analysis of IDTF licensure requirements and have found several circumstances that indicate irregularity and potential risk of fraud.” (emphasis added).

 Notably, there was no discussion of how the ZPIC expects patients with rehabilitative needs or acute psychiatric treatment needs will be cared for if SafeGuard succeeds in shutting down a vast majority of the CORFs or CMHCs in South Florida.   Is your ZPIC next to go down this path?

 Liles Parker attorneys represent providers in ZPIC related actions.  For a free consultation, please call 1 (800) 475-1906.

South Texas Medicare Providers Are Under the ZPIC Audit Microscope

July 16, 2010 by  
Filed under UPIC Audits

(July 16, 2010):  The number of ZPIC audits being conducted in Texas appears to be increasing with each passing day.  Health Integrity LLC, the Zone auditor responsible for Zone 4, is proving to be an active auditor of physician practices, physical therapy services, home health care, and other types of Medicare covered treatment in the region.

Even in a nationwide environment of intensifying oversight, Medicare providers in South Texas are under particularly close scrutiny.  According to a study by the Dartmouth Institute for Health Policy & Clinical Practice, updated as recently as May 12, 2010, “even after price adjustment, Miami and McAllen Texas are the highest cost regions in the country.” (Emphasis added).  And don’t forget that ZPIC auditors are essentially being “graded” based on the amount of overpayments recovered, along with the number of enforcement actions handled and referred to law enforcement.

As many Medicare providers in South Texas can attest, the folks at Health Integrity are becoming a familiar sight in their offices and clinics — reportedly conducting extensive on-site ZPIC audits with little if any notice.  To their credit, most health care providers have reported that Health Integrity’s representatives have been reasonable in their requests when conducting an on-site review, typically taking a sample of certain records and asking that the remaining records be sent within a reasonable amount of time after the visit.  Nevertheless, health care providers should take care when responding to the ZPIC’s requests for information.  While a provider may have an obligation to cooperate with the ZPIC, you should contact your counsel to ensure that your rights are protected while still fully meeting your obligations as a Medicare participant.

Notably, ZPIC audits are not limited to post-payment assessments.  ZPIC audits are now occurring as “prepayment reviews”.   A prepayment audit can effectively delay a provider’s cash flow up to six months (and in some cases even longer).  Given the GAO’s recommendation last month that CMS put more emphasis on automated prepayment review, we expect to see this audit tool continuing its precipitous rise for the near future.

Home health providers and other South Texas health care providers in McAllen, Harlingen, Brownsville, Laredo and Corpus Christi, should not wait until their home health claims are under the microscope.  If you have not already done so, we strongly recommend that you implement an effective Compliance Plan covering the services you provide and the claims that you bill to Medicare.

Robert W. Liles serves as Managing Partner at the Firm.  Robert and other Liles Parker attorneys represent health care providers around the country.  ns regarding these issues, don’t hesitate to contact us.  For a complementary consultation, you may call Robert or one of our other attorneys at 1 (800) 475-1906.

Don’t Take ZPICs’ Extrapolation Calculations at Face Value — Can Their Results Be Readily Reproduced? Don’t Fail to Address These and Other Deficiencies in the Contractor’s Actions

July 14, 2010 by  
Filed under UPIC Audits

(July 14, 2010): Imagine a ZPIC or PSC hands you a claims analysis rife with alleged errors, an indecipherable list of statistical formulas, and an extrapolated recovery demand that will cripple your practice or clinic.  What steps should you take to analyze their work?  Based on our experience, providers can and should carefully assess the contractor’s actions, use of formulas and application of the RAT-STAT program when selecting a statistical sample and extrapolating the alleged damages based on the sample pulled.  Over the years, we have challenged the extrapolation of damages conducted by Medicare contractors around the country, covering tens of thousands of claims.  Regardless of whether you are providing Partial Hospitalization, Evaluation and Management, Home Health, Physical Therapy, Surgical or other services, it is imperative that you work with experienced legal counsel and statistical experts to analyze the statistical sampling and extrapolation steps taken by the contractor. Should you succeed in invalidating the extrapolation, the whole games changes.  The question is – “How can you go about fighting an extrapolation calculation?”

One method is to show that the contractor’s auditor failed to identify a Statistically Valid Random Sample (SVRT).  Among the first steps is you should take is to retain experienced legal counsel to review the Medicare contractor’s actions.  Notably, there are a multitude of legal arguments which may be asserted (depending on the specific facts in your case).  Our firm has worked with several outstanding statistical experts over the years, each of which has a proven track record of analyzing the contractor’s actions and identifying any flaws made by the ZPIC or PSC when extrapolating damages.    

Notably, Section 3.10.4.2 of CMS’ Medicare Program Integrity Manual establishes that the contractor is obligated to fully document the statistical methods an auditor employs:

“The PSC or ZPIC BI [Benefit Integrity] unit or the contractor MR [Medical Review] unit shall identify the source of the random numbers used to select the individual sampling units. The PSC or ZPIC BI unit or the contractor MR unit shall also document the program and its algorithm or table that is used; this documentation becomes part of the record of the sampling and must be available for review.  (emphasis added)

The PSC or ZPIC BI units or the contractor MR units shall document all steps taken in the random selection process exactly as done to ensure that the necessary information is available for anyone attempting to replicate the sample selection.  (emphasis added)

ZPIC and PSC statisticians must be able show their work to the extent that a reviewer can attempt to “replicate” their actions and determine whether or not the steps taken were consistent with accepted principles and practices of statistical sampling.  The failure of a ZPIC or PSC statistician to fully and properly document his actions may serve as the basis for seeking to invalidate the extrapolation. The calculation of a valid statistical sample and the extrapolation of damages by ZPIC and PSC statistician is a highly complex process. After handling many extrapolated damages cases, we have found that few ZPIC or PSC statisticians fully meet their obligations to document the steps taken and / or conduct the process in a proper fashion, consistent with accepted statistical sampling procedures.  Should your practice or clinic find that it is facing an extrapolated Medicare audit, it is strongly recommended that you engage qualified, experienced counsel to represent you in the process.  Your legal counsel can then engage a qualified statistician to assess the contractor’s actions.

Should you have any questions regarding these issues, don’t hesitate to contact us.  For a complementary consultation, you may call Robert W. Liles or one of our other attorneys at 1 (800) 475-1906.

Can ZPIC Audits Base Their Overpayment Demand on a Mere Sample of Claims? Maybe. . .Maybe Not. . .

July 12, 2010 by  
Filed under UPIC Audits

(July 12, 2010):  A ZPIC’s use of extrapolation can be a surefire way of destroying a provider’s practice.  We’ve known it for years and yet the government’s passion for statistical sampling only seems to be growing.  This makes it essential for providers to involve experienced counsel as soon as possible after the audit has been conducted.

“Extrapolation” is the process of using statistical sampling in a review to calculate and project (extrapolate) alleged overpayments made in connection with Medicare claims.  Basically, ZPICs seek out errors in an alleged “statistically relevant sample” of the provider’s Medicare claims and then calculate and apply the “error rate” to the entire universe of claims covering a given period of time.  This long-standing practice allows ZPICs to grossly inflate the monetary demands on their audit targets while avoiding actually reviewing each of the Medicare claims in the universe for which they are seeking recoupment or offset.

The practice dates back twenty years to a decision by the Secretary of Health and Human Services (HHS) to authorize the use of statistical sampling in lieu of engaging in onerous claim-by-claim reviews.  In Chaves County Home Health Services v. Sullivan, 931 F.2d 914 (D.C. Cir. 1991), the district court upheld extrapolation as being within the Secretary’s discretion.

In 2003, after years of protest, physicians groups and others succeeded in convincing Congress to place some limitations on the use of extrapolation. Under Section 935 of the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA), before an auditor can employ extrapolation, there must be either a determination of a sustained or high level of payment error, or documentation that educational intervention has failed to correct the payment error.  While this opens the door to challenging an extrapolation, we also work with a statistical expert to identify other errors made by the ZPIC when conducting an extrapolation.

Over the years, Liles Parker has worked with a number of the best statisticians in the country, challenging the extrapolation and having it invalidated at either the Qualified Independent Contractor (QIC) level or at hearing before an Administrative Law Judge (ALJ).  If your practice or clinic is audited by a ZPIC, we strongly recommend that you engage experienced legal counsel to represent your interests during this complex process.  The legal arguments utilized are driven by the facts in each case.  As a result, you should retain counsel with extensive real-world knowledge of how to best challenge the use of statistical sampling by ZPICs and PSCs.

Should you have any questions regarding these issues, don’t hesitate to contact us.  For a complementary consultation, you may call Robert W. Liles or one of our other attorneys at 1 (800) 475-1906.

 

Part II: A Look at the ZPIC System – The Appointment of Health Integrity to Handle Zone 4

April 1, 2010 by  
Filed under UPIC Audits

(April 1, 2010): Last week, we posted an initial article examining the ZPIC audit process and the various companies chosen by CMS to administer the program in one or more of the seven “Zones” around the country (based on Medicare Administrative Contractor (MAC) jurisdictions).  As Kim Brandt, CMS’ Program Integrity Group Director has noted, five of the seven zones are considered “hot spots.”  These include: California, Florida, Illinois, New York and Texas.  These five “hot spots” align with Program Integrity field offices.

In September 2008, Health Integrity was awarded the first Zone Program Integrity contract for Zone 4, covering Texas, Colorado, Oklahoma and New Mexico.

On February 1, 2009, Health Integrity began performing program integrity functions for Medicare Part A, Part B, Durable Medical Equipment (DME), Home Health and Hospice services.  Health Integrity was also designated as responsible for handling the Medicare – Medicaid Data Match Projects.  Overall, these responsibilities cover the following six tasks:

  • Performing Data Analysis and Data Mining.
  • Conducting Medical Reviews in Support of Benefit Integrity.
  • Supporting Law Enforcement and Answering Complaints.
  • Investigating Fraud and Abuse.
  • Recommending Recovery of Federal Funds through Administrative Action.
  • Referring Cases to Law Enforcement.

According to Health Integrity, through these efforts, it will “develop innovative data analysis methodologies for detecting and preventing abusive use of services early, develop high quality fraud case referrals for law enforcement, and identify appropriate corrective actions.”

Health Integrity will manage this workload from offices located in Dallas, Texas; San Antonio, Texas; Houston, Texas; Brownsville, Texas; Denver, Colorado; Oklahoma City, Oklahoma; and Albuquerque, New Mexico.  Health Integrity staff include data analysts, nurse reviewers, and fraud investigators.

As you will recall, like RACs, ZPICs are tasked by CMS to “find and prevent waste, fraud and abuse in Medicare.” Consistent with this mandate, ZPICs look at health care provider billing trends and patterns, focusing on those whose billings for Medicare services are higher than their peers. While most cases appear to have been generated as a result of “data mining,” several of our clients are convinced that the audit has been triggered by complaints, likely filed by a former disgruntled employee.

ZPICS are required to use a number of techniques, both proactive and reactive, to address fraud.  These techniques include the ZPIC IT Systems that combine claims data (fiscal intermediary, regional home health intermediary, carrier, and durable medical equipment regional carrier data) and other data to create a platform for conducting complex data analysis. By combining data from various sources, the ZPIC will be expected to present an entire picture of a beneficiary’s claim history regardless of where the claim was processed. The primary source of this data will be the CMS National Claims History (NCH).  Note that RACs are expected to report cases of suspected fraud. However, a RAC denial resulting in a provider repayment will not necessarily prevent a ZPIC and / or HHS-OIG from investigating and prosecuting, if appropriate, allegations of fraud or abuse arising from the overpayment.

Over the last year, we have worked on several cases involving Health Integrity.  Generally, we have been quite pleased with their willingness to consider arguments initially presented the provider.  Moreover, it has been our experience that Health Integrity takes the new 15-day “rebuttal” stage seriously.  Rather than merely “rubber-stamp” their initial findings, the contractor carefully reviewed the “rebuttal” information we submitted, ultimately deciding to significantly reduce the amount of the alleged overpayment.

Unfortunately, our initial concerns regarding the contractors use of statistical extrapolations in estimating damages remain.  As discussed in previous articles, we strongly recommend that you engage the services of experienced counsel if your practice or clinic is subjected to extrapolated damages.

Should you have any questions regarding these issues, don’t hesitate to contact us.  For a complementary consultation, you may call Robert W. Liles or one of our other attorneys at 1 (800) 475-1906.

 

Part I: A Look at the Opposition – For AdvanceMed, It’s Not Personal, It’s Just Business — Big Business . . .

March 26, 2010 by  
Filed under UPIC Audits

(March 26, 2010):

OverviewOver the next few days, we will be publishing a brief overview of specific Zone Program Integrity Contractors (ZPICs) – the companies who have been hired by CMS to conduct the medical reviews of Part A and Part B health care providers around the country.  As we have previously discussed, over the last year, ZPICs have been taking over where Program Safeguard Contractors (PSCs) left off.  While our firm is still handling a number of cases that were initiated by PSCs, all of our recent cases have involved ZPICs.

As PSCs and ZPICs have been so quick to point out, they are not paid a percentage of the Medicare overpayments identified like their fellow medical reviewers – Recovery Audit Contractors (RACs).  Nevertheless, as you will soon see, they are handsomely paid for their efforts, albeit in a different fashion than are RACs.

It is essential to keep in mind that both RACs and ZPICs are designed to “find and prevent waste, fraud and abuse in Medicare.” Further, like their RAC cousins, ZPICs look at billing trends and patterns, focusing on providers whose billings for Medicare services are higher than the majority of providers in the community (e.g. their peers).

AdvanceMed:

AdvanceMed Corporation was awarded a $107,957,737.00 five-year contract to handle the ZPIC duties for Zone 5.   Zone 5 covers the states of Alabama, Arkansas, Georgia, Louisiana, Mississippi, North Carolina, South Carolina, Tennessee, Virginia, and West Virginia.  Yes, you read this correctly, AdvanceMed is being paid over $100 million.

As the ZPIC for Zone 5, AdvanceMed assumed the Benefit Integrity functions for Medicare Parts A, B, Durable Medical Equipment, and Home Health and Hospice, as well as establishing a Medicare / Medicaid (Medi-Medi) data matching program for each state within the Zone.

The AdvanceMed Zone 5 ZPIC contract performs the following functions for CMS as a ZPIC:

  • Medicare fraud investigation and prevention, including referrals to law enforcement;
  • Medicare data analysis (discovery, detection, investigation, and overpayment projection);
  • Medical Review to support fraud case development, including coverage and coding determinations;
  • Reviewing audit, settlement, and reimbursement of cost reports, and conducting specified audits;
  • IT Systems for case and decision tracking and data warehousing;
  • Interface with the Medicare contractors, the medical community (outreach & education), and law enforcement; and
  • Medicare/Medicaid data matching program safeguards work for each state in Zone 5.

AdvanceMed’s Extrapolations of Alleged Damages:

Over the years, we have gone up against AdvanceMed numerous times, challenging their interpretation of LMRPs / LCDs and assessing the methods they utilized to engage in a statistical extrapolation of the alleged damages in our client’s cases.  To give the company its due – their statistical experts are smart, aggressive and do not hesitate to respond when their methods have been challenged.  We like that – it keeps us sharp.

With the help of some of the best statisticians in the country (including, but not limited to the late Will Yancey, Ph.D.), in  a number of cases, we have been able to show that their extrapolation of damages (and that of other PSCs and ZPICs) has not complied with applicable requirements, and is therefore invalid.  To be fair, every extrapolation is different, both in terms of facts, the methodology employed, and in the associated calculations conducted.  As attorneys, we work with our experts to break down and assess AdvanceMed’s (and other ZPICs) calculations.  Perhaps they handled it appropriately – or maybe they didn’t.  There really isn’t any way to know if it was handled properly without a complete copy of their file (including associated work papers and calculations) so that we can fully assess their actions.

Over the last year, we have seen a marked increase in Medicare contractor (e.g. PSC and ZPIC) participation (as “participants” not as “parties”)  in ALJ hearings.  Their experts have consistently been professional, concise and ready to answer any questions posed by the ALJ.  Our recommendation – both counsel and their defense expert better be prepared.  It’s never to early to start thinking about how to best contest the extrapolation that has been conducted.  As a final point, we are aware of a number of instances where a  provider (or their representative) has chosen to ignore the extrapolation as a contestable issue.  In other words, they just accept the extrapolation as a foregone conclusion and focus solely on the claims.  We respectfully disagree with that approach.  If we identify deficiencies with the extrapolation, we aggressively challenge its application.

AdvanceMed’s Medical Reviews:

Once a provider has been identified as an outlier (or identified as a possible problem through a variety of other mechanisms), a medical review of their claims is often conducted by a ZPIC, such as AdvanceMed.

A number of year ago, Kevin Gerold, CMS’ former Acting Deputy Director for Program Integrity was quoted as saying that the agency had revamped its approach to claims processing in an effort to better “grasp the experience of the patient encounter.” Mr. Gerold was further quoted as saying that CMS was going to “let medical reviewers assess a claim’s legitimacy based on the big picture of the patient encounter, not on a nit-picking slavery to perfect documentation.” Unfortunately, in our humble opinion, AdvanceMed’s medical reviews have conducted have been extremely technical — resulting in the denial of many claims based on minor omissions, technical deficiencies and / or the contractors’ own peculiar spin regarding the application of an LCD.

In responding to AdvanceMed’s reasons for denial, it is essential that you obtain each and every reference relied upon by the contractor when denying the claims at issue.  We have identified multiple instances where a contractor (not necessarily AdvanceMed) attempted to apply an LCD retroactively.  Moreover, it is important to examine the underlying statutory authority to determine whether the contractor’s interpretation of a coverage provision is consistent with the underlying law or regulation.  Finally, it isn’t enough to merely “poke holes” in AdvanceMed’s reasons for denial – we like to go one step further – show that the particular claims at issue do, in fact, qualify for coverage and payment.

Should you have any questions regarding these issues, don’t hesitate to contact us.  For a complementary consultation, you may call Robert W. Liles or one of our other attorneys at 1 (800) 475-1906.

Are ZPICs Tougher than RACs when Conducting a Medicare audit?

February 27, 2010 by  
Filed under UPIC Audits

(February 27, 2010):  The Recovery Audit Contractor (RAC) program is an integral part of the Center for Medicare and Medicaid Services’ (CMS’) “benefit integrity” efforts which seek to identify and recoup alleged overpayments paid to Medicare providers. While the RAC program is still being expanded in many of the country (to cover not only hospitals but also other providers and types of Medicare claims), health care providers should be aware that the Zone Program Integrity Contractors (ZPICs) are already active in many areas and are actively auditing physicians, home health agencies, hospices, DME companies, therapy clinics, chiropractors and other small to mid-sized health care providers.  Despite the “hype” surrounding RACs, at this time, ZPICs represent a significantly greater risk to non-hospital providers than do RACs.  The purpose of this article to examine a number of the differences between these Medicare contractor programs.

What are the chances of your practice being reported by a ZPIC or RAC to HHS-OIG or DOJ for possible fraud violations?

While both contractor programs are designed to “find and prevent waste, fraud and abuse in Medicare,” the fact is that to date, ZPICs have been much more likely than RACs to report possible incidents of “fraud” that are identified while conducting a medical review.  Frankly, it makes sense.  RACs make money by identifying alleged overpayments – not by making a fraud referral to law enforcement.  Notably, as a result of recent criticism by HHS-OIG, CMS will be requiring RACs to be much more diligent in the future about making referrals to law enforcement when it appears that a health care provider’s conduct represents fraud rather than merely an overpayment.  CMS has provided training to RACs on how to identify fraud in the near future.  Importantly, a RAC denial of claims which results in a provider repayment will not necessarily prevent HHS-OIG from investigating and making a referral to DOJ for possible prosecution, as appropriate, if there are allegations of fraud or abuse arising out of the alleged overpayment. 

Notably, recent letters by ZPICs in South Texas and in other parts of the country have been seeking copies of business related records (copies of contracts, agreements with Medical Directors, lease agreements and more), along with its request for claims-related medical documentation.  Importantly, the contractor is assessing the provider’s business relationships to help verify that referral and other business relationships do not violate the Federal Anti-Kickback Statute.  To reduce the possiblity of civil or criminal liability, it is essential that Medicare providers take affirmative steps to better ensure that their practices are compliant with applicable statutory and regulatory requirements.  2011 will be the “Year of Compliance.”  All providers, regardless of size, should take steps to implement an effective Compliance Program.  Should you not have an compliance program in place, give us a call — we can help. 

What is different about ZPICs and their predecessors, Program Safeguard Contractors (PSCs)?

Both ZPICs and Program Safeguard Contractors (PSCs) readily point out that they are not “bounty hunters.”   ZPICs are not paid contingency fees like RACs and are paid directly by CMS on a contractual basis.  Nevertheless, common sense tells us that if ZPICs aren’t successful at identifying alleged overpayments, the chances of a particular contractor getting their contract with CMS renewed are pretty slim.  Experience has shown that both ZPICs and PSCs don’t always appear to strictly adhere to medical review standards established by Medicare Administrative Contractors (MACs) and approved by CMS.  In our opinion, there appear to have been cases where these contractors applied their own unwritten standards, often denying claims based on conjecture and speculation rather than a strict application of the applicable LCD or LMRP. 

In any event, over the last year, both ZPICs and PSCs have been increasingly placing health care providers on pre-payment review, conducting post-payment audits, recommending suspensions of payment.  Additionally, in many cases they have been extrapolating the alleged damages based on a sample of claims reviewed. Finally, as discussed above, identified instances of potential fraud are being referred by ZPICs and PSCs to HHS-OIG for possible investigation, referral for prosecution and / or administrative sanction.

What sources of coding / billing data are used by ZPICs?

ZPICS are required to use a variety of techniques, both proactive and reactive, to address any potentially fraudulent practices.  Proactive techniques will include the ZPIC IT Systems that will combine claims data (fiscal intermediary, regional home health intermediary, carrier, and durable medical equipment regional carrier data) and other source of information to create a platform for conducting complex data analyses. By combining data from various sources, ZPICs have been able to assemble a fairly comprehensive picture of a beneficiary’s claim history regardless of where the claim was processed. The primary source of this data is reportedly CMS’ National Claims History (NCH) database.

How do ZPICs conduct medical reviews?

ZPICs conduct medical reviews of charts to determine, among other things, whether the service submitted was actually provided, and whether the service was medically reasonably and necessary.  Based upon their findings, ZPICs may approve, downcode or deny a claim.  To date, we have never seen a ZPIC conclude that a claim should have been coded at a higher level, only a lower level.  Regrettably, ZPICs are not required to have a physician review a claim in order to deny coverage.  In most of the cases on which we have worked, the contractor’s medical reviewer has been a Registered Nurse.   While some Federal courts have found that a treating physician’s opinion should be given paramount weight, others have ruled that the opinion of a treating physician should not be given any special consideration.  Generally, ZPICs have completely disregarded the “Treating Physician Rule,” despite the fact that a patient’s treating physician was the only provider to have actually seen and assessed the patient at issue. 

How should you respond to a ZPIC audit?

In responding to a ZPIC audit, it is important to remember that although they may not technically be “bounty hunters,” in our opinion, they are in the business of finding fault.   Moreover, they are quite adept at identifying “technical” errors, many of which they will readily cite when denying your Medicare claims.  Unfortunately, it is not at all uncommon for a ZPIC to find that 75% — 100 % of the sample of claims reviewed did not qualify for coverage and payment by Medicare.  After extrapolating the damages to the universe of claims at issue, health care providers often find that they are facing alleged overpayments of between $150,000 and several million dollars.  In many cases, the assessment is far in excess of the provider’s ability to pay.  As such, the administrative appeal becomes a “bet the farm” matter for the health care provider.  If the assessment remains, the provider will have no choice but to declare bankruptcy. 

It is also important to remember that ZPIC enforcement actions are not limited to merely overpayment assessments.  In recent months, ZPICs have been increasingly conducting unexpected site visits of health care provider’s offices and facilities, often requesting immediate access to a limited number of claims and the medical records supporing the services billed to Medicare.  Typically, they then require that a provider send supporting documention covering a wider list of claims within 30 days of their visit.  In other cases, should a ZPIC identify serious problems when reviewing the medical records requested, they may recommend to CMS that the provider’s Medicare billing privileges be suspended.  From a practical standapoint, few providers are diversified (in terms of payor mix) to the point that they can easily do without Medicare reimbursement.  The practical effect of a Medicare suspension is therefore that provider cannot continue in business throughout the 180-day initial period of suspension typically imposed by CMS.   Finally, in a limited number of cases, after a ZPIC or PSC has visited an office, the provider will subsequently learn that the contractor has recommended that the provider’s Medicare number be revoked.  In a fairly recent case we are aware of (not involving a client of the Firm), the contractor claimed that the provider failed to cooperate, a clear violation of the provider’s “Conditions of Participation” with Medicare.  As a result, the contractor recommended (and CMS approved) the revocation of the provider’s Medicare number.    Short of exclusion from participation in the Medicare program, this is arguably the most serious and far-reaching administrative action that can be taken against a Medicare provider.     

In light of the seriousness of the situation, regardless of whether you are contacted by a RAC, a ZPIC or a PSC, you must take great care when responding to the contractor’s request for business records, claims information or medical records.  Administrative enforcement actions can be extraordinarily serious.  Therefore, is essential that you engage an experienced attorney and law firm to represent your interest. 

Liles Parker attorneys have extensive experience representing health care providers around the country in connection with ZPIC audits and reviews by other Medicare providers.  Should you have any questions regarding these issues, don’t hesitate to contact us.  For a complementary consultation, you may call Robert W. Liles or one of our other attorneys at 1 (800) 475-1906.

Watch out Texas Providers — There’s a New Sheriff in Town — the Number of ZPIC Audits Being Conducted in Texas is Increasing!

February 20, 2010 by  
Filed under UPIC Audits

(February 20, 2010): Health care providers around the country are finding themselves the target of various audits from jurisdictionally overlapping Medicare contractors.  Notably, any of these audits have the potential to destroy a provider’s practice or clinic.

States where PSCs (Program Safeguard Contractors) have transitioned to ZPICs (Zone Program Integrity Contractors) are under extreme pressure. One of those states is Texas. Providers in the Lone Star state are being inundated with requests for documentation from Health Integrity, the ZPIC for Zone 4, which covers Texas, Colorado, New Mexico and Oklahoma.

Unlike Recovery Audit Contractors (RACS), whose primarily focus is to identify overpayments, or Medicare Comprehensive Error Rate Testing (CERT) audits, reviews aimed at measuring improper payments, ZPIC audits are subjecting providers to both pre–payment and post-payment Medicare audits.  Perhaps most importantly, ZPICs are expected to report suspected fraud to law enforcement.

ZPIC audits in Texas cover claims for everything from psychology E/M services to DME items. The Zone 4 contractor has said the audits are based on what it calls “atypical billing practices.”

Some providers have found the audit response process so burdensome that they have been forced to suspend operations in order to fulfill the requests for documentation.

Generally, health care providers have 30 days from the date on the letter of notification to get the ZPIC the information it has requested. If documentation is insufficient or is not received, the ZPIC will deny the claims and issue and issue an overpayment letter demanding the repayment of funds.  Additionally, in most cases,  ZPIC have been seeking extrapolated damages, applying the error rate identified to the universe of claims at issue during the time period audited.

While RACs and CERT auditors only conduct post-payment audits, PSCs and ZPICs are increasingly placing providers on pre-payment review, effectively delaying a provider’s cash flow up to six months (and in some cases even longer).  Although RACs have only been conducting  “automated” reviews to date, providers should expect the number of “complex” reviews to increase in 2010.

ZPICs, CERT reviews, PSCs, and RAC auditors are aggressively reviewing Medicare claims around the country. Should any of these contractors identify possible fraud, they will not hesitate to report’s the provider’s conduct to law enforcement.

Should you have any questions regarding these issues, don’t hesitate to contact us.  For a complementary consultation, you may call Robert W. Liles or one of our other attorneys at 1 (800) 475-1906.

Overview of the Zone Program Integrity Contractor (ZPIC) Program

January 26, 2010 by  
Filed under UPIC Audits

(January 26, 2010):  Pursuant to the Medicare Prescription Drug, Improvement and Modernization Act of 2003 (MMA), CMS was required to use competitive measures to replace the current Medicare Fiscal Intermediaries (Part A) and Carriers (Part B) contractors with Medicare Administrative Contractors (MACs).  After setting up the new MAC regions, CMS created new entities, called Zone Program Integrity Contractors (ZPICs). Intended to consolidate existing program integrity efforts, over the last year ZPICs have been taking over PSC audit and enforcement activities around the country.
Statements of Work in ZPIC contracts are similar to those covering PSCs.  In fact, Chapter 4 of CMS’s “Medicare Program Integrity Manual” reflects that the processes and procedures used by ZPICs when handling program integrity functions are essentially the same as those used by PSCs around the country.  Seven ZPIC zones have been identified.  The zones include the following states and / or territories:
  • Zone 1 – CA, NV, American Samoa, Guam, HI and the Mariana Islands.
  • Zone 2 – AK, WA, OR, MT, ID, WY, UT, AZ, ND, SD, NE, KS, IA, MO.
  • Zone 3 – MN, WI, IL, IN, MI, OH and KY.
  • Zone 4 – CO, NM, OK, TX.
  • Zone 5 – AL, AR, GA, LA, MS, NC, SC, TN, VA and WV.
  • Zone 6 – PA, NY, MD, DC, DE and ME, MA, NJ, CT, RI, NH and VT.
  • Zone 7 – FL, PR and VI.
Upon receiving a request for records by a ZPIC:
  • Take care before conducting an internal review of the claims requested.  While an internal analysis can be invaluable, you want to avoid creating a non-privileged paper trail of identified problems.  Remember, both ZPICs and RACs may make a referral to law enforcement if their assessment indicates that problems may be more than a mere overpayment.
  • Review past claims audits and evaluations to determine whether these claims have been previously evaluated.
  • Note the claims denied and calculate when appeals must be filed.  Review the reasons given for each denial.
  • Has the contractor correctly cited Medicare policy?  Do not automatically assume the contractor’s arguments are meritorious.
  • Appeals must be filed in a timely fashion.  Moreover, all supporting documentation and arguments must be submitted to the QIC

Should you have any questions regarding these issues, don’t hesitate to contact us.  For a complementary consultation, you may call Robert W. Liles or one of our other attorneys at 1 (800) 475-1906.

« Previous Page

ZPIC Audit Menu