Are ZPICs Tougher than RACs when Conducting a Medicare audit?

(February 27, 2010):  The Recovery Audit Contractor (RAC) program is an integral part of the Center for Medicare and Medicaid Services’ (CMS’) “benefit integrity” efforts which seek to identify and recoup alleged overpayments paid to Medicare providers. While the RAC program is still being expanded in many of the country (to cover not only hospitals but also other providers and types of Medicare claims), health care providers should be aware that the Zone Program Integrity Contractors (ZPICs) are already active in many areas and are actively auditing physicians, home health agencies, hospices, DME companies, therapy clinics, chiropractors and other small to mid-sized health care providers.  Despite the “hype” surrounding RACs, at this time, ZPICs represent a significantly greater risk to non-hospital providers than do RACs.  The purpose of this article to examine a number of the differences between these Medicare contractor programs.

What are the chances of your practice being reported by a ZPIC or RAC to HHS-OIG or DOJ for possible fraud violations?

While both contractor programs are designed to “find and prevent waste, fraud and abuse in Medicare,” the fact is that to date, ZPICs have been much more likely than RACs to report possible incidents of “fraud” that are identified while conducting a medical review.  Frankly, it makes sense.  RACs make money by identifying alleged overpayments – not by making a fraud referral to law enforcement.  Notably, as a result of recent criticism by HHS-OIG, CMS will be requiring RACs to be much more diligent in the future about making referrals to law enforcement when it appears that a health care provider’s conduct represents fraud rather than merely an overpayment.  CMS has provided training to RACs on how to identify fraud in the near future.  Importantly, a RAC denial of claims which results in a provider repayment will not necessarily prevent HHS-OIG from investigating and making a referral to DOJ for possible prosecution, as appropriate, if there are allegations of fraud or abuse arising out of the alleged overpayment. 

Notably, recent letters by ZPICs in South Texas and in other parts of the country have been seeking copies of business related records (copies of contracts, agreements with Medical Directors, lease agreements and more), along with its request for claims-related medical documentation.  Importantly, the contractor is assessing the provider’s business relationships to help verify that referral and other business relationships do not violate the Federal Anti-Kickback Statute.  To reduce the possiblity of civil or criminal liability, it is essential that Medicare providers take affirmative steps to better ensure that their practices are compliant with applicable statutory and regulatory requirements.  2011 will be the “Year of Compliance.”  All providers, regardless of size, should take steps to implement an effective Compliance Program.  Should you not have an compliance program in place, give us a call — we can help. 

What is different about ZPICs and their predecessors, Program Safeguard Contractors (PSCs)?

Both ZPICs and Program Safeguard Contractors (PSCs) readily point out that they are not “bounty hunters.”   ZPICs are not paid contingency fees like RACs and are paid directly by CMS on a contractual basis.  Nevertheless, common sense tells us that if ZPICs aren’t successful at identifying alleged overpayments, the chances of a particular contractor getting their contract with CMS renewed are pretty slim.  Experience has shown that both ZPICs and PSCs don’t always appear to strictly adhere to medical review standards established by Medicare Administrative Contractors (MACs) and approved by CMS.  In our opinion, there appear to have been cases where these contractors applied their own unwritten standards, often denying claims based on conjecture and speculation rather than a strict application of the applicable LCD or LMRP. 

In any event, over the last year, both ZPICs and PSCs have been increasingly placing health care providers on pre-payment review, conducting post-payment audits, recommending suspensions of payment.  Additionally, in many cases they have been extrapolating the alleged damages based on a sample of claims reviewed. Finally, as discussed above, identified instances of potential fraud are being referred by ZPICs and PSCs to HHS-OIG for possible investigation, referral for prosecution and / or administrative sanction.

What sources of coding / billing data are used by ZPICs?

ZPICS are required to use a variety of techniques, both proactive and reactive, to address any potentially fraudulent practices.  Proactive techniques will include the ZPIC IT Systems that will combine claims data (fiscal intermediary, regional home health intermediary, carrier, and durable medical equipment regional carrier data) and other source of information to create a platform for conducting complex data analyses. By combining data from various sources, ZPICs have been able to assemble a fairly comprehensive picture of a beneficiary’s claim history regardless of where the claim was processed. The primary source of this data is reportedly CMS’ National Claims History (NCH) database.

How do ZPICs conduct medical reviews?

ZPICs conduct medical reviews of charts to determine, among other things, whether the service submitted was actually provided, and whether the service was medically reasonably and necessary.  Based upon their findings, ZPICs may approve, downcode or deny a claim.  To date, we have never seen a ZPIC conclude that a claim should have been coded at a higher level, only a lower level.  Regrettably, ZPICs are not required to have a physician review a claim in order to deny coverage.  In most of the cases on which we have worked, the contractor’s medical reviewer has been a Registered Nurse.   While some Federal courts have found that a treating physician’s opinion should be given paramount weight, others have ruled that the opinion of a treating physician should not be given any special consideration.  Generally, ZPICs have completely disregarded the “Treating Physician Rule,” despite the fact that a patient’s treating physician was the only provider to have actually seen and assessed the patient at issue. 

How should you respond to a ZPIC audit?

In responding to a ZPIC audit, it is important to remember that although they may not technically be “bounty hunters,” in our opinion, they are in the business of finding fault.   Moreover, they are quite adept at identifying “technical” errors, many of which they will readily cite when denying your Medicare claims.  Unfortunately, it is not at all uncommon for a ZPIC to find that 75% — 100 % of the sample of claims reviewed did not qualify for coverage and payment by Medicare.  After extrapolating the damages to the universe of claims at issue, health care providers often find that they are facing alleged overpayments of between $150,000 and several million dollars.  In many cases, the assessment is far in excess of the provider’s ability to pay.  As such, the administrative appeal becomes a “bet the farm” matter for the health care provider.  If the assessment remains, the provider will have no choice but to declare bankruptcy. 

It is also important to remember that ZPIC enforcement actions are not limited to merely overpayment assessments.  In recent months, ZPICs have been increasingly conducting unexpected site visits of health care provider’s offices and facilities, often requesting immediate access to a limited number of claims and the medical records supporing the services billed to Medicare.  Typically, they then require that a provider send supporting documention covering a wider list of claims within 30 days of their visit.  In other cases, should a ZPIC identify serious problems when reviewing the medical records requested, they may recommend to CMS that the provider’s Medicare billing privileges be suspended.  From a practical standapoint, few providers are diversified (in terms of payor mix) to the point that they can easily do without Medicare reimbursement.  The practical effect of a Medicare suspension is therefore that provider cannot continue in business throughout the 180-day initial period of suspension typically imposed by CMS.   Finally, in a limited number of cases, after a ZPIC or PSC has visited an office, the provider will subsequently learn that the contractor has recommended that the provider’s Medicare number be revoked.  In a fairly recent case we are aware of (not involving a client of the Firm), the contractor claimed that the provider failed to cooperate, a clear violation of the provider’s “Conditions of Participation” with Medicare.  As a result, the contractor recommended (and CMS approved) the revocation of the provider’s Medicare number.    Short of exclusion from participation in the Medicare program, this is arguably the most serious and far-reaching administrative action that can be taken against a Medicare provider.     

In light of the seriousness of the situation, regardless of whether you are contacted by a RAC, a ZPIC or a PSC, you must take great care when responding to the contractor’s request for business records, claims information or medical records.  Administrative enforcement actions can be extraordinarily serious.  Therefore, is essential that you engage an experienced attorney and law firm to represent your interest. 

Liles Parker attorneys have extensive experience representing health care providers around the country in connection with ZPIC audits and reviews by other Medicare providers.  Should you have any questions regarding these issues, don’t hesitate to contact us.  For a complementary consultation, you may call Robert W. Liles or one of our other attorneys at 1 (800) 475-1906.