ZPIC Audit: Will Your Case be Referred to DOJ or HHS-OIG for Fraud?

(March 10, 2016): Has your practice, home health or hospice received an audit letter from a Zone Program Integrity Contractor (ZPIC)?  If so, one of the first questions you are likely to ask is how did this ZPIC audit get started? Why is our practice being targeted in a ZPIC audit? As a review of the administrative enforcement landscape will show, there are a myriad of tools at the disposal of the government (and its contractors) to identify and target a health care physician provider or supplier for ZPIC audit or investigation. In this article, we will provide an overview of the primary targeting tools utilized by the government and its various Medicare contractors.

I. Primary Source of Information Used to Target a Medicare ZPIC Audit.

As Chapter 2, Sec. 2.4.C of the Medicare Program Integrity Manual (MPIM) reflects:

“Claims data is the primary source of information used to identify and target fraudulent, wasteful or abusive activities.”

ZPICs around the country have been given ready access to a wide variety of claims coding, billing and utilization databases and are expected to perform complex data analysis with this data in an effort to ferret out health care providers and suppliers whose billing history appears to suggest that improper coding and / or billing practices may be taking place. Frankly, that’s the problem with ZPIC targeting methods. If a health care provider’s claims utilization and billing practices are outside of the norm (making the provider an “outlier”), that provider is likely to be audited or investigated by a ZPIC or another contractor working for the Centers for Medicare and Medicaid Services (CMS).

II. Secondary Sources of Data Used by ZPICs to Identify and Target Fraud and Abuse.

As set out in the MPIM, Sec. 2.4.D, CMS has directed ZPICs to consider the following additional sources of data when determining whether further analysis against a health care provider or a specified set of claims is needed. These additional sources of data include, but are not limited to:

• OIG and Government Accountability Office (GAO) reports;
• Fraud Alerts;
• Beneficiary, physician and provider complaints;
• Appeals data from QICs, including appeals overturn rate for a particular type of claim;
• Referrals from the QIO, other contractors, CMS components, Medicaid fraud control units, Office of the U.S. Attorney, or other federal programs;
• Suggestions provided directly or implicit in various reports and other materials produced in the course of evaluation and audit activities, (e.g., contractor evaluations, State assessment, CMS-directed studies, contractor or State audits of providers);
• Referrals from medical licensing boards;
• Referrals from the CAC;
• Peer Review Reports such as the First look Analysis Tool for Hospital Outlier Monitoring (FATHOM) and Program to Evaluate Payment Patterns Electronic Report (PEPPER), and Comparative Billing Reports;
• Information on new technologies and new or clarified benefits;
• Provider cost reports;
• Provider Statistical and Reimbursement (PS&R) System data;
• Enrollment data;
• Overpayment data;
• Pricing, data analysis, and coding (PDAC) data;
• Referrals from other internal and/or external sources (e.g., MAC audit staff, audit staff or, MAC quality assurance (QA) staff);
• Medicare Learning Network–which includes MedLearn Matters articles and Quarterly Provider Compliance Newsletters;
• IBM Cognos support for the Part D and Drug Data Processing System (DDPS) using the Teradata data repository;
• CMS prepared data, such as a listing of distinct providers or suppliers and/or bills that require medical review; and
• CMS Chronic Conditions Data Warehouse (CCW).

III. When Facing a ZPIC Audit, the “Fix” is In – Guilty Until Proven Innocent.

Rather than reviewing a provider’s claims with no preconceptions in place, we believe that once a provider is identified as an outlier, there is a presumption on the part of ZPIC auditors and claims reviewers to find that the provider has engaged in improper billing activities. As the former General Counsel for one the ZPIC’s once stated:

“All of the claims audits we conduct are in connection with either a fraud case or a POTENTIAL fraud case.” (paraphrased).

Frankly, this statement says it all. ZPICs view themselves as an extension of law enforcement, despite the fact that they a merely a federal contractor working under the direction of CMS. This can place health care providers in a no-win situation. On the one hand, as a participating provider in the Medicare program, a health care provider has an obligation to cooperate with a ZPIC conducting a claims audit. Unfortunately, ZPIC investigators often request to interview physicians and other clinical staff. Since the ZPIC investigator is not technically a law enforcement official, witnesses are not advised of their rights against self-incrimination and may inadvertently make one or more statements that are not in their interests. This is especially important when you consider the fact that one of the factors currently being used as an evaluation metric when assessing the performance of ZPICs by CMS is whether the contractor has been making suspected fraud referrals to the Department of Health and Human Services, Office of Inspector General (HHS-OIG) and / or the U.S. Department of Justice (DOJ) for law enforcement review and prosecution. In fact, as HHS-OIG’s 2016 Work Plan states:

We will review the level of benefit integrity activity performed by Medicare benefit integrity contractors in CYs 2012 and 2013. This review will highlight trends in integrity activities and allow for a quick comparison of program results across years, across contractors, and across the parts of the Medicare program. CMS contracts with entities to carry out benefit integrity activities to safeguard Medicare against fraud, waste, and abuse. Activities that these contractors perform include analyzing data to identify aberrant billing patterns, conducting fraud investigations, responding to requests for information from law enforcement, and referring suspected cases of fraud to law enforcement for prosecution. (Emphasis added)

Regardless of whether the ZPIC investigator seeks to conduct interviews of your staff in an audit, after reviewing your medical documentation, the ZPIC may decide that its findings warrant referring the case to HHS-OIG or to DOJ for civil and / or criminal review and enforcement. In most cases, the ZPIC will likely find conclude that although an overpayment has been identified, the provider’s conduct does not warrant referring the case outside of the administrative appeals process. The ZPIC will then choose to treat the improper billing practices identified as an overpayment rather than as fraud.

IV. Responding to a ZPIC Audit.

In responding to a ZPIC audit, it is important to remember that although they may not technically be “bounty hunters,” it is to their benefit to find that an overpayment has occurred. These overpayments are often based on overlapping technical (such as an incorrect place of service code) and substantive (such as lack of medical necessity) reasons for denial.

Immediately upon learning of a ZPIC audit, regardless of whether the audit is a probe sample or appears to be an expanded sample of claims, we recommend that you contact legal counsel experienced in handling ZPIC audits and investigations. There are preemptive steps you may be able to take that can reduce the likelihood of a large overpayment. Addressing problematic claims on the front end may even held you avoid a situation where a ZPIC seeks to place your practice on prepayment review or recommend to CMS that you be suspended from the Medicare program. It may also stop the ZPIC from making a fraud referral to HHS-OIG or DOJ for review, assessment and possible prosecution.

Robert W. Liles, M.B.A., M.S., J.D., serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law. Liles Parker is a boutique health law firm, with offices in Washington DC, Houston TX, San Antonio TX, McAllen TX and Baton Rouge LA. Robert represents health care providers and suppliers around the country in connection with Medicare audits by ZPICs, SMERCs, RACs and other CMS-engaged specialty contractors. Our firm also represents health care providers in HIPAA Omnibus Rule risk assessments, privacy breach matters, State Medical Board inquiries and regulatory compliance reviews. For a free consultation, call Robert at: 1 (800) 475-1906.