ZPIC Update: The Impact of Being Placed on Medicare Prepayment Review.

(March 9, 2016): Why have the number of prepayment reviews by Medicare contractors increased dramatically in recent years? Approximately seven years, Congress passed, and the President signed into law the Affordable Care Act. Since that time, the Centers for Medicare and Medicaid Services (CMS) and its contractors have accelerated their move away from “Pay and Chase” enforcement approaches. Today, Zone Program integrity Contractors (ZPICs), such as AdvanceMed and Health Integrity, AND Supplemental Medical Review Contractors (SMERCs), such as Strategic Health Solutions are rapidly moving towards preventative audit strategies. The purpose of this article is to briefly discuss the types of administrative enforcement actions, such as prepayment reviews, that we are currently seeing around the country.

I. Additional Documentation Requests (ADRs).

Providers should not confuse receiving an “Additional Document Request” (ADR), also sometimes referred to as an “Additional Development Request,” with being placed on prepayment review.

ADRs are often initiated by a provider’s Medicare Administrative Contractor (MAC).
ADRs typically relate to a particular probe or edit conducted by the MAC.
ADRs may be focused on specific services, length of stay, a specific provider or a specific diagnosis.

At some point in time, practically every health care provider and supplier participating in the Medicare program will receive Additional Documentation Requests (ADRs), asking that the provider or supplier submit all associated supporting documentation for review before the contractor will be able to make a coverage and payment determination with respect to that particular claim. ADRs are not uncommon. Nevertheless, it is important to keep in mind that ADRs serve a purpose. If the supporting documentation submitted to the Medicare contractor in response to an ADR fails to support coverage and payment requirements, the contractor may choose to place provider or supplier on 100% prepayment review.

II. Medicare Prepayment Reviews.

In most instances, a health care provider will not receive advance notice that it has been placed on prepayment review. Notably, this is directly contrary to Medicare’s regulations. Chapter 3 of the Medicare Program Integrity Manual (PIM) mandates notice to the provider prior to the initiation of provider-specific prepayment review:

“The Zone Program Integrity Contractors shall notify selected providers prior to beginning a provider-specific review by sending an individual written notice. ZPICs shall indicate whether the review will occur on a prepayment or postpayment basis. ZPICs shall maintain a copy of the letter and the date it was mailed. This notification shall be mailed the same day that the edit request is forwarded to the MAC. Refer to Exhibit 45 for the letter to be sent.”
See § 3.2.2 – Provider Notice, § A. Notice of Provider-Specific Review.

III. Direct Impact of Being Placed on Medicare Prepayment Review.

At first blush, being placed on prepayment review appears reasonable. It’s difficult to think of any other industry that gets paid practically “on demand” while presenting a payor with little or no proof that a covered service was actually rendered. Unfortunately, unless this administrative condition is promptly handled, prepayment review can ultimately lead to insolvency and / or bankruptcy, depending on the specific payor mix at issue.

How can occur? Most small health care providers assume that Medicare payments will always be timely. As a result, emergency / contingency funds and rainy-day savings accounts are often a thing of the past. Many small providers keep only enough funds in their business accounts to cover the practice’s overhead for 1 – 2 months. If your payor mix is 70% Medicare and 30% private payor and self-pay, being placed on prepayment review will effectively cut off most of your income for as long as the prepayment review requirement stays in place.

IV. Having a Medicare Prepayment Review Action Lifted.

We have successfully worked with numerous providers and suppliers in recent years in an effort to have the prepayment review requirement lifted. There is no “silver bullet” when it comes to having a provider taken off of prepayment review. It can’t be done overnight but it can be accomplished within a relatively short period of time. The key is not to wait – you must take action to address the prepayment review. Failure to do so can result in your practice, home health agency or clinic remaining on prepayment review for up to a year.
As a final point, it is important to keep in mind that being placed on prepayment review is a symptom. It is not the underlying problem. Is a suspension or revocation action around the next corner? Has a qui tam been filed?

V. Possible Follow-up Enforcement Actions.

If your practice, home health agency or clinic is placed on prepayment review, it is essential that you proactively deal, not ignore the problem. Hoping that the prepayment review will just “go away” is wishful thinking. In fact, should you fail to address the problem, you should keep in mind that a poor showing in connection with a prepayment audit, can lead to:

• Postpayment audit.
• Referral to CMS for possible suspension action.
• Referral to CMS for possible revocation from the Medicare program.
• Referral to HHS-OIG for possible CMP action.
• Referral to DOJ for possible False Claims Act or criminal review.

VI. Conclusion.

Left unaddressed, something as mundane as an ADR can lead to a provider or supplier being placed on prepayment review, and ultimately possibly result in even more severe administrative enforcement action. We therefore recommend that you carefully review each ADR you receive and review your submissions of supporting documentation for accuracy and completeness prior to sending it in to the contractor. Prepayment reviews, postpayment audits, suspension actions, revocation actions and referrals to law enforcement are all possible outcomes if your documentation and / or business practices fail to fully comply with applicable regulatory requirements. How can you avoid these adverse events? A huge first step would be for you to develop, implement and adhere to the provisions of an effective Compliance Program.

Robert W. Liles, M.B.A., M.S., J.D., serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law. Liles Parker is a boutique health law firm, with offices in Washington DC, Houston TX, San Antonio TX, McAllen TX and Baton Rouge LA. Robert represents health care providers and suppliers around the country in connection with Medicare audits by ZPICs, SMERCs, RACs and other CMS-engaged specialty contractors. Our firm also represents health care providers in HIPAA Omnibus Rule risk assessments, privacy breach matters, State Medical Board inquiries and regulatory compliance reviews. For a free consultation, call Robert at: 1 (800) 475-1906.

The Zone 7 ZPIC Has Recommended Revocation of 82% of CORFS and 79% of CMHCs in South Florida – Is Your ZPIC Next?

(October 9, 2010):  In late 2008, SafeGuard Services LLC (SafeGuard) was awarded one of the first two contracts to serve as a Zone Program Integrity Contractor (ZPIC) for Zone 7, an area which includes Florida, Puerto Rico and the U.S. Virgin Islands.  The contract covered a base year plus four additional years.  SafeGuard’s appointment was one of the first actions taken to consolidate the work previously performed by Program SafeGuard Contractors (PSCs) and Medicare Drug Integrity Contractors (MEDICs). Among its consolidated duties, SafeGuard is responsible for handling medical reviews and benefit integrity functions for Medicare claims under both Part A and Part B (hospital, CMHCs, skilled nursing, home health, provider and durable medical equipment).  These claims are the focus of this article.  SafeGuard became fully operational in Zone 7 on February 1, 2009.

Working together to promote the integrity of the Medicare and Medicaid programs, in recent years Safeguard has developed close working relationships with CMS, HHS-OIG, U.S. Attorney’s Offices, the FBI and other Medicare contractors.  .

As with other ZPICs, SafeGuard employs a number of techniques, both proactive and reactive, to address fraud.  In recent years, SafeGuard appears to have been one of the leading ZPICs in terms of “data-mining.”  The primary source for Medicare claims data is CMS’ National Claims History system.  Many of the audit and investigative processes developed by SafeGuard appear to now be employed by other ZPICs

CMS’ Proposed Rule issued September 23, 2010, provides an overview of how CMS and HHS-OIG intend to implement a number of new enforcement tools authorized under the Health Care Reform bill passed last March.  In reviewing the Proposed Rule, we unexpectedly learned about several audit initiatives that the “Zone 7 ZPIC” has been pursuing.  As the Proposed Rule states:

In addition to GAO and HHS OIG studies and reports, a number of Zone Program Integrity Contractors (ZPIC) and Program Safeguard Contractors (PSC), organizations used by CMS in helping to fight fraud in Medicare, have taken a number of administrative actions including payment suspensions and increased medical review, for the provider and supplier types shown above. For example, the Zone 7 ZPIC contractor in South Florida has conducted onsite reviews at 62 CORFs since January 2010 and recommended revocation for 51 CORFs, or 82 percent of the CORFS in the area. The same contractor has conducted an onsite reviews at 38 CMHCs located in Dade, Broward and Palm Beach County since January 2010, and recommended that 30 CMHCs be revoked for noncompliance (79 percent of the CMHCs in the area). In each instance where the ZPIC requested a revocation, the CMHC was also placed on prepay review. We have also conducted an analysis of IDTF licensure requirements and have found several circumstances that indicate irregularity and potential risk of fraud.” (emphasis added).

 Notably, there was no discussion of how the ZPIC expects patients with rehabilitative needs or acute psychiatric treatment needs will be cared for if SafeGuard succeeds in shutting down a vast majority of the CORFs or CMHCs in South Florida.   Is your ZPIC next to go down this path?

 Liles Parker attorneys represent providers in ZPIC related actions.  For a free consultation, please call 1 (800) 475-1906.

Are ZPICs Tougher than RACs when Conducting a Medicare audit?

(February 27, 2010):  The Recovery Audit Contractor (RAC) program is an integral part of the Center for Medicare and Medicaid Services’ (CMS’) “benefit integrity” efforts which seek to identify and recoup alleged overpayments paid to Medicare providers. While the RAC program is still being expanded in many of the country (to cover not only hospitals but also other providers and types of Medicare claims), health care providers should be aware that the Zone Program Integrity Contractors (ZPICs) are already active in many areas and are actively auditing physicians, home health agencies, hospices, DME companies, therapy clinics, chiropractors and other small to mid-sized health care providers.  Despite the “hype” surrounding RACs, at this time, ZPICs represent a significantly greater risk to non-hospital providers than do RACs.  The purpose of this article to examine a number of the differences between these Medicare contractor programs.

What are the chances of your practice being reported by a ZPIC or RAC to HHS-OIG or DOJ for possible fraud violations?

While both contractor programs are designed to “find and prevent waste, fraud and abuse in Medicare,” the fact is that to date, ZPICs have been much more likely than RACs to report possible incidents of “fraud” that are identified while conducting a medical review.  Frankly, it makes sense.  RACs make money by identifying alleged overpayments – not by making a fraud referral to law enforcement.  Notably, as a result of recent criticism by HHS-OIG, CMS will be requiring RACs to be much more diligent in the future about making referrals to law enforcement when it appears that a health care provider’s conduct represents fraud rather than merely an overpayment.  CMS has provided training to RACs on how to identify fraud in the near future.  Importantly, a RAC denial of claims which results in a provider repayment will not necessarily prevent HHS-OIG from investigating and making a referral to DOJ for possible prosecution, as appropriate, if there are allegations of fraud or abuse arising out of the alleged overpayment. 

Notably, recent letters by ZPICs in South Texas and in other parts of the country have been seeking copies of business related records (copies of contracts, agreements with Medical Directors, lease agreements and more), along with its request for claims-related medical documentation.  Importantly, the contractor is assessing the provider’s business relationships to help verify that referral and other business relationships do not violate the Federal Anti-Kickback Statute.  To reduce the possiblity of civil or criminal liability, it is essential that Medicare providers take affirmative steps to better ensure that their practices are compliant with applicable statutory and regulatory requirements.  2011 will be the “Year of Compliance.”  All providers, regardless of size, should take steps to implement an effective Compliance Program.  Should you not have an compliance program in place, give us a call — we can help. 

What is different about ZPICs and their predecessors, Program Safeguard Contractors (PSCs)?

Both ZPICs and Program Safeguard Contractors (PSCs) readily point out that they are not “bounty hunters.”   ZPICs are not paid contingency fees like RACs and are paid directly by CMS on a contractual basis.  Nevertheless, common sense tells us that if ZPICs aren’t successful at identifying alleged overpayments, the chances of a particular contractor getting their contract with CMS renewed are pretty slim.  Experience has shown that both ZPICs and PSCs don’t always appear to strictly adhere to medical review standards established by Medicare Administrative Contractors (MACs) and approved by CMS.  In our opinion, there appear to have been cases where these contractors applied their own unwritten standards, often denying claims based on conjecture and speculation rather than a strict application of the applicable LCD or LMRP. 

In any event, over the last year, both ZPICs and PSCs have been increasingly placing health care providers on pre-payment review, conducting post-payment audits, recommending suspensions of payment.  Additionally, in many cases they have been extrapolating the alleged damages based on a sample of claims reviewed. Finally, as discussed above, identified instances of potential fraud are being referred by ZPICs and PSCs to HHS-OIG for possible investigation, referral for prosecution and / or administrative sanction.

What sources of coding / billing data are used by ZPICs?

ZPICS are required to use a variety of techniques, both proactive and reactive, to address any potentially fraudulent practices.  Proactive techniques will include the ZPIC IT Systems that will combine claims data (fiscal intermediary, regional home health intermediary, carrier, and durable medical equipment regional carrier data) and other source of information to create a platform for conducting complex data analyses. By combining data from various sources, ZPICs have been able to assemble a fairly comprehensive picture of a beneficiary’s claim history regardless of where the claim was processed. The primary source of this data is reportedly CMS’ National Claims History (NCH) database.

How do ZPICs conduct medical reviews?

ZPICs conduct medical reviews of charts to determine, among other things, whether the service submitted was actually provided, and whether the service was medically reasonably and necessary.  Based upon their findings, ZPICs may approve, downcode or deny a claim.  To date, we have never seen a ZPIC conclude that a claim should have been coded at a higher level, only a lower level.  Regrettably, ZPICs are not required to have a physician review a claim in order to deny coverage.  In most of the cases on which we have worked, the contractor’s medical reviewer has been a Registered Nurse.   While some Federal courts have found that a treating physician’s opinion should be given paramount weight, others have ruled that the opinion of a treating physician should not be given any special consideration.  Generally, ZPICs have completely disregarded the “Treating Physician Rule,” despite the fact that a patient’s treating physician was the only provider to have actually seen and assessed the patient at issue. 

How should you respond to a ZPIC audit?

In responding to a ZPIC audit, it is important to remember that although they may not technically be “bounty hunters,” in our opinion, they are in the business of finding fault.   Moreover, they are quite adept at identifying “technical” errors, many of which they will readily cite when denying your Medicare claims.  Unfortunately, it is not at all uncommon for a ZPIC to find that 75% — 100 % of the sample of claims reviewed did not qualify for coverage and payment by Medicare.  After extrapolating the damages to the universe of claims at issue, health care providers often find that they are facing alleged overpayments of between $150,000 and several million dollars.  In many cases, the assessment is far in excess of the provider’s ability to pay.  As such, the administrative appeal becomes a “bet the farm” matter for the health care provider.  If the assessment remains, the provider will have no choice but to declare bankruptcy. 

It is also important to remember that ZPIC enforcement actions are not limited to merely overpayment assessments.  In recent months, ZPICs have been increasingly conducting unexpected site visits of health care provider’s offices and facilities, often requesting immediate access to a limited number of claims and the medical records supporing the services billed to Medicare.  Typically, they then require that a provider send supporting documention covering a wider list of claims within 30 days of their visit.  In other cases, should a ZPIC identify serious problems when reviewing the medical records requested, they may recommend to CMS that the provider’s Medicare billing privileges be suspended.  From a practical standapoint, few providers are diversified (in terms of payor mix) to the point that they can easily do without Medicare reimbursement.  The practical effect of a Medicare suspension is therefore that provider cannot continue in business throughout the 180-day initial period of suspension typically imposed by CMS.   Finally, in a limited number of cases, after a ZPIC or PSC has visited an office, the provider will subsequently learn that the contractor has recommended that the provider’s Medicare number be revoked.  In a fairly recent case we are aware of (not involving a client of the Firm), the contractor claimed that the provider failed to cooperate, a clear violation of the provider’s “Conditions of Participation” with Medicare.  As a result, the contractor recommended (and CMS approved) the revocation of the provider’s Medicare number.    Short of exclusion from participation in the Medicare program, this is arguably the most serious and far-reaching administrative action that can be taken against a Medicare provider.     

In light of the seriousness of the situation, regardless of whether you are contacted by a RAC, a ZPIC or a PSC, you must take great care when responding to the contractor’s request for business records, claims information or medical records.  Administrative enforcement actions can be extraordinarily serious.  Therefore, is essential that you engage an experienced attorney and law firm to represent your interest. 

Liles Parker attorneys have extensive experience representing health care providers around the country in connection with ZPIC audits and reviews by other Medicare providers.  Should you have any questions regarding these issues, don’t hesitate to contact us.  For a complementary consultation, you may call Robert W. Liles or one of our other attorneys at 1 (800) 475-1906.