Medicare Post Payment Audits and the “Average” Provider

(November 16, 2011) Many providers believe that their practice is a normal one – average billings, average patient load, costs of care which are consistent with industry standards – and that they need not be concerned with undergoing a Medicare post payment audit for being a “statistical outlier.” As you may know, Medicare and Medicaid contractors rely heavily on “data mining” to identify potential audit targets. With “data mining,” RACs, ZPICs and other entities conducting Medicare post payment audits can look at historical billing data, as well as billing date from regional and local peers of a particular provider, and determine if that particular provider’s billings appear suspect.

While a provider might think its billing is in line with or below that of its peers, it is very important to remember that the Medicare post payment auditors are experts in “slicing and dicing” the data in so many ways that virtually every provider could show up as an outlier. For instance, perhaps the cost per patient, cost per procedure or cost per service plotted high, or maybe the total number of services per patient was high. For length-of-stay (LOS) providers, perhaps the total number of days of service on average was high or the billings per day ended up being high.

Moreover, even if a provider thinks they run a “tight ship,” a lot of Medicare claim reimbursement is dictated by the medical necessity of the services provided to each patient. For instance, a provider may have a string of highly complex, highly demanding patients, who need more in-depth care. These same providers may have gained a local reputation for handling high complexity cases, thereby further driving up the data “against” them. In any event, Medicare post payment auditors are looking out for high-billing providers and have many ways of interpreting the relevant data to justify their audit decisions.

Liles Parker handles Medicare post payment audit appeals, in addition to other health law matters. For more information or to speak to one of our attorneys, please call 1 (800) 475-1906 today for a free consultation.

 

Predictive Modeling: The Latest Advances in Sophisticated Data Mining Techniques are Enabling ZPICs and Law Enforcement to Identify Fraud Sooner and Prevent it from Continuing

(April 15, 2011):  Over the last decade, the Centers for Medicare and Medicaid Services (CMS) and its contractors (Zone Program Integrity Contractors (ZPICs), Program Safeguard Contractors (PSCs) and Recovery Audit Contractors (RACs)),  have steadily assembled an extensive database of the coding and billing practices of Medicare providers around the country.  Analyzing this data, contractors have been able to identify the profile of a ”typical” provider for each specialty.  With this information, Medicare contractors are better able to identify changes in the coding and / or billing habits of a particular provider.   Providers whose billing practices are significantly different from those of their peers may also be easily identified.  The purpose of this article is to provide an overview of the government’s current use of  “data mining”  and “predictive modeling”  techniques.

I.         Introduction:

            CMS’ computerized database of claims and services billed to the Medicare program covers a comprehensive record of the bills submitted by health care providers for payment.  Over the years, Medicare contractors and law enforcement have steadily refined their ability to analyze this enormous amount of quantitative data.  In addition to assisting with the government’s efforts to estimate future growth in the size of the Medicare program, this database has enabled  Medicare contractors and law enforcement to employ highly sophisticated data mining techniques, thereby identifying (1) health care providers whose current coding and billing actions appear to have deviated from their prior practices, and (2)  Medicare providers whose coding and / or billing actions are significantly different from those of their peers.  Typical factors considered when using data mining techniques for targeting purposes have included, but are not limited to:

• A Medicare provider’s specific area of practice.
• A Medicare provider’s practice location.
• The types and frequency of health care services or supplies billed to Medicare.
• The relative size of a provider’s practice, clinic or health care related organization (based on the number of Medicare billing providers employed).  

            Through an examination of these factors or data elements, Medicare contractors and law enforcement have been able to identify health care providers whose coding and / or billing practices make them “outliers” when their actions are compared to similarly-situated Medicare providers.  Once a health care provider has been identified as an “outlier,” further action may be taken. 

       Typical “data mining” actions taken by ZPICs, PSCs,, RACs and / or law enforcement have historically included:

• An unannounced site visit by the ZPIC or PSC to the Medicare provider’s practice location.
• Sending a request for supporting documentation related to a limited number of claims (often less than 10, this type of review is generally referred to as a “Probe Audit”).
• Sending a request for supporting documentation related to 30 claims or more (these claims are often then used by the ZPIC or PSC as a “sample” in order to calculate an alleged overpayment based on extrapolated damages).    
• Sending a demand letter for an alleged overpayment based on an “automated” review of the data conducted by a RAC or ZPIC.
• Using “data mining” to identify outlier’s whose billing practices warrant to initiation of an investigation by law enforcement. 

II.         The Use of “Data Mining” to Identify Post-Payment Improper Practices:

            While Medicare contractors such as RACs, PSCs and ZPICs long utilized post-payment data mining to identify providers who appear (based on their assessment of the data) to have likely engaged in improper billing activities, the regular use of data mining by the Department of Justice to identify criminal targets is a fairly recent practice.  As Lanny A. Breuer, Assistant Attorney General of the Department of Justice’s (DOJ’s) Criminal Division indicated last August:

“In 2007, the Criminal Division of the Justice Department refocused our approach to investigating and prosecuting health care fraud cases. Our investigative approach is now data driven: put simply, our analysts and agents review Medicare billing data from across the country; identify patterns of unusual billing conduct; and then deploy our “Strike Force” teams of investigators and prosecutors to those hotspots to investigate, make arrests, and prosecute. And as criminals become more creative and sophisticated, we intend to use our most aggressive investigative techniques to be right at their heels.” (emphasis added).

            As law enforcement has readily acknowledged, post-payment billing data is being effectively utilized to “identify patterns of unusual billing conduct.”   Using data mining as a targeting tool, the government is able to quickly focus its investigative and audit resources on specific providers whose coding / billing practices fall outside the scope of what would normally be expected.    

III.        The Use of Predictive Modeling to Minimize Wrongdoing:

            While identifying improper billing practices after-the-fact has proven enormously helpful, law enforcement has also taken  steps to identify problem providers much sooner in the process, thereby minimizing the amount of improper billing that may be submitted to Medicare for payment.  As HHS Secretary Kathleen Sebelius stated on March 15, 2011, during the joint HHS / DOJ “Detroit Fraud Prevention Summit,” HHS is moving away from the “old pay and chase model.”  According to Secretary Sebelius:

“. . . Instead of the old ‘pay and chase’ model, we’re getting proactive.

Late last year we issued a solicitation for state-of-the-art analytic tools to help predict and identify fraudulent claims as soon as they are submitted, so we can stop payment before it goes out the door.

These are the same type of predictive modeling tools that banks and insurance companies use to identify potential fraud before it occurs. They are how your credit card company can raise the alarm if they see a dozen flat-screen televisions charged to your card in one day. . ..” (emphasis added).

            While post-payment claims data analyses will likely play a role in identifying overpayments, the government is serious about stopping health care fraud as soon possible in the process.  While the government cannot “predict” wrongdoing before it happens, based on a complex analysis of various factors, it can effectively identify wrongdoers so quickly that the amount of improper claims paid by the government can be dramatically reduced. 

IV:       Provider Concerns:  

            Many providers are concerned that the government’s heavy reliance on predictive measures such as data mining to identify targets may subject a provider to an unjustified audit or investigation.  Moreover, there is a concern that data mining might create an unwarranted presumption that a Medicare provider has engaged in improper billing practices.  Unfortunately, even if ultimately shown to be incorrect, a provider can spend an enormous amount of money defending itself in connection with a post-payment claims audit.  Providers placed on pre-payment review as a result of data mining can be especially hard-hit.  It is not at all unusaul for providers to remain on pre-payment review for six to twelve months (or even longer).  During this time period, cash-flow is interrupted and many providers find it almost impossible to remain in business.

V.        How to Avoid Being a Target: 

            In today’s environment of sophisticated data mining, it is essential that Medicare providers have a clear picture of how their coding and billing practices compare to those of their peers.  To be clear, both Medicare contractors and law enforcement recognize that a provider’s practices may differ in one aspect or another from those of their peers.  Moreover, those differences can result in billing practices which might make a provider appear to be an “outlier.”   There are a number of companies who publish benchmarking charts which make it relatively easy for a physician or other provider to compare their billing practices to that of their peers. 

            To be clear, just because a provider’s coding and billing practices differ from those of their peers (in the same specialty area), does not necessarily mean that a provider’s practices are improper. In recent years, we have seen providers who were targeted by a PSC or ZPIC precisely because their utilization rates of certain codes exceeded those of their peers.   In at least one case, we found that a provider was recognized as an “expert” by his peers and often received highly-complex referrals by other Medicare providers. As a result, the number of highly complex Evaluation and Management (E/M) reviews conducted exceeded those of similarly-situated providers.  Having said that, if a provider were to find that its billing practices did not match of its peers, it could conceivably find that its understanding of the coding requirements was incorrect and that remedial training was immediately needed.

         In either case, the bottom line is clear – all providers have an obligation to try and ensure that services billed to Medicare meet applicable statutory and regulatory requirements governing coverage and medical necessity.  If your organization is subjected to an audit, it is essential that you determine whether your billing practices fully comply with the rules.  If so, you must be prepared to explain to Medicare contractors or law enforcement why the anomalies identified through data mining or predictive modeling are not evidence of fraud or overpayment.  Providers facing this situation should work with experienced legal counsel to ensure that the arguments to be presented fully address the government’s concerns.  Failure to do so may result in an expansion of the government’s audit.

Liles Parker attorneys and staff have extensive experience representing health care providers in connection with Medicare contractor audits and / or investigations.  Should you find that your organization is facing a ZPIC, PSC or RAC audit, please give us a call for a complimentary consultation regarding your case.  You may contact us at: 1 (800) 475-1906.         

 

AdvanceMed, the ZPIC Responsible for Zone 2 and Zone 5 has Reportedly Been Acquired by NCI

(April 10, 2011):  Last week, it was announced that NCI, Inc., one of the nation’s most successful information technology companies had acquired the outstanding capital stock of AdvanceMed Corporation (AdvanceMed), an affiliate of CSC.  While the acquisition went largely unnoticed by the health care provider community, the transaction may, in fact, be quite significant.

           With this acquisition by NCI, a recognized powerhouse in information technology, Medicare and Medicaid providers should expect AdvanceMed’s expertise in data mining and investigations to continue to grow.  Medicare and Medicaid providers have an affirmative obligation to ensure that operations, coding and billing activities fully comply with applicable statutory and regulatory requirements.  As AdvanceMed continues to fine-tune its data mining efforts and further expands its ability to conduct “Predictive Modeling,” providers will likely find their actions under the microscope like never before.  It is therefore imperative that all health care providers immediately implement an effective Compliance Plan (if they have not already done so) or further enhance their current compliance efforts.   The purpose of this article is to briefly report on NCI’s recent acquisition of AdvanceMed.  An overview of the current ZPIC environment is also provided.

I.        Background:

          NCI first announced its plans to acquire AdvanceMed last February.  As NCI’s February 25th News Release noted (in part):

“The Obama Administration has emphasized reducing fraud, waste, and abuse in Federal entitlements. AdvanceMed is ideally positioned to support the program integrity initiatives of CMS and other Federal Government agencies. . . We are extremely pleased to have AdvanceMed join NCI and believe that this acquisition will provide NCI an outstanding platform to address this rapidly growing market opportunity.”  (A complete account of NCI’s announcement can be found at the above link). 

          In recent years, AdvanceMed has positioned itself to where it now has multiple contracts with the Federal government.  In addition to serving as a Zone Program Integrity Contractor (ZPIC) for Zone 2 and Zone 5, the contractor also serves as Program Safeguard Contractor (PSC) in areas not yet converted to the ZPIC system of contractor review.  Additionally, the contractor also serves as a Comprehensive Error Rate Testing (CERT) contractor.  On the Medicaid side, AdvanceMed also serves as a Medicaid Integrity Contractor (MIC).  While a host of other contractors have been awarded contracts covering other zones and program areas, AdvanceMed’s growth has been undeniably impressive.  As NCI announced as part of April 4^th “News Release” covering the acquisition:

“AdvanceMed is a premier provider of healthcare program integrity services focused on the detection and prevention of fraud, waste, and abuse in healthcare programs, providing investigative services to the Centers for Medicare and Medicaid Services (CMS). Serving CMS since 1999, AdvanceMed has grown rapidly, demonstrating the value and return on investment of the Federal Government’s integrity program activities.

AdvanceMed employs a strong and experienced professional staff, which leverages sophisticated information technology, data mining, and data analytical tools, to provide a full range of investigative services directed to the identification and recovery of inappropriate Medicare and Medicaid funds. AdvanceMed supports healthcare programs in 38 states with a staff of more than 450 professionals, including information specialists, nurses, physicians, statisticians, investigators, and other healthcare professionals.

AdvanceMed has multiple contracts with CMS under the Zone Program Integrity (ZPIC), Program Safeguard (PSC), Comprehensive Error Rate Testing (CERT), and Medicaid Integrity (MIC) programs. All of these programs are executed under cost plus contract vehicles. The largest contracts-ZPIC Zone 5 and ZPIC Zone 2-were awarded in late 2009 and 2010 and have five-year periods of performance.

The acquisition price was $62 million. Included within the price is a recently completed, state-of-the-art data center to support the ZPIC Zone 5 and ZPIC Zone 2 contracts. Additionally, NCI will make a 338(h)(10) election, enabling a tax deduction, which is expected to result in a tax benefit with an estimated net present value of approximately $6 million to $8 million. NCI expects the transaction to be slightly accretive to 2011 earnings.

As of the end of March 2011, AdvanceMed has a revenue backlog of approximately $300 million with approximately $51 million of that amount being currently funded. Revenue for the trailing 12 months ending March 31, 2011, is estimated to be approximately $51 million, all of which was generated from Federal Government contracts, and 99% of the work performed as a prime contractor. NCI’s AdvanceMed 2011 revenue, covering the nine-month period of April 2, 2011, to December 31, 2011, is estimated to be in the range of $43 million to $47 million (the equivalent of $57 million to $63 million on a full 12-month basis), with the midpoint reflecting a full-year growth of approximately 16%. . . “   (A complete account of NCI’s statement can be found at the link indicated above).

II.      Overview of the ZPIC Program:

          The following comments are intended to provide an overview of the ZPIC program and is not focused on any ZPIC in particular.

         Under the Medicare Prescription Drug, Improvement and Modernization Act of 2003 (MMA), CMS was required to take a number of steps intended to streamline the claims processing and review process:

•  Using competitive measures, CMS was required to replace the current Medicare Fiscal Intermediaries (Part A) and Carriers (Part B) contractors with Medicare Administrative Contractors (MACs).
• After setting up the new MAC regions, CMS created new entities, called Zone Program Integrity Contractors (ZPICs).
•  These actions were intended to consolidate the existing program integrity efforts.  Over the last 2 — 3 years, ZPICs have been taking over PSC audit and enforcement activities around the country.

           At the time of transition, there were twelve PSCs that had been awarded umbrella contracts by CMS. As these contracts have expired, CMS has transferred the PSCs’ fraud detection and deterrence functions over to ZPICs.   Of the seven ZPIC zones established in the MMA, CMS has awarded contracts for a number of the zones. CMS is still working to issue awards for the final ZPIC zones.  The seven ZPIC zones include the following states and / or territories:

• Zone 1 – CA, NV, American Samoa, Guam, HI and the Mariana Islands.
• Zone 2 – AdvanceMed: AK, WA, OR, MT, ID, WY, UT, AZ, ND, SD, NE, KS, IA, MO.
• Zone 3 – MN, WI, IL, IN, MI, OH and KY.
• Zone 4 – Health Integrity: CO, NM, OK, TX. 
• Zone 5 – AdvanceMed: AL, AR, GA, LA, MS, NC, SC, TN, VA and WV.
• Zone 6 – PA, NY, MD, DC, DE and ME, MA, NJ, CT, RI, NH and VT.
• Zone 7 – SafeGuard Services: FL, PR and VI.

          In many instances, these changes have been more of a “name change” rather than a substantive change in the way claims will be audited. ZPIC responsibilities are generally the same as those currently exercised by PSCs. While ZPIC overpayment review duties have not appreciably changed, the number of civil and criminal referrals appear to be increasing. In our opinion, ZPICs clearly view their role differently than that of their PSC predecessors.  ZPICs clearly view themselves as an integral part of the law enforcement team, despite the fact that they are for-profit contractors.  In consideration of their ability to recommend to CMS that a provider be suspended or have their Medicare number revoked, and / or refer a provider to law enforcement for civil and / or criminal investigation, providers should take these contractors quite seriously.

          Both ZPICs and PSCs have traditionally asserted that unlike their RAC counterparts, they are not “bounty hunters.”  ZPICs are not paid contingency fees like RACs but instead directly by CMS on a contractual basis.  Nevertheless, common sense tells us that if ZPICs aren’t successful at identifying alleged overpayments, the chances of a ZPIC’s contract with CMS being renewed are likely diminished.  Additionally, experience has shown us that despite the fact that ZPICs are expected to adhere to applicable Medicare coverage guidelines, a ZPIC’s interpretation and application of these coverage requirements may greatly differ from your understanding of the same provisions.

           In recent years, ZPICs have been aggressively pursuing a wide variety of actions, including but not limited to:

• Pre-Payment Audit.  After conducting a probe audit of a provider’s Medicare claims, the ZPIC may place a provider on “Pre-payment Audit” (also commonly referred to as “Pre-Payment Review”).  Unlike a post-payment audit, there is no administrative appeals process that may be utilized by a provider for relief.  Having said that, there are strategies that may be utilized by a provider which may assist in keeping the time period on pre-payment review at a minimum.
• Post-Payment Audit.  Audits conducted by ZPICs primarily involve Medicare claims that have already been paid by the government.  After reviewing these claims, it is not uncommon for a ZPIC to find that the audited provider has been overpaid.  Having said that, the ZPICs we have dealt with appear to apply a strict application of the coverage requirements, regardless of whether a provider’s deviation from the rules is “de minimus” in nature.  In doing so, it is not unusual to find that a provider has failed to fully comply with each and every requirement.  Depending on the nature of the initial sample drawn, a ZPIC may extrapolate the damages in a case, significantly increasing the alleged overpayment.  In doing so, the ZPIC is effectively claiming that the “sample” of claims audited are representative of the universe of claims at issue in an audit.
• Suspension.  While the number of suspension actions taken by ZPICs has steadily increased in recent years,  Medicare providers should expect to see this number continue to grow.  Under the Affordable Care Act (often informally referred to as the “Health Care Reform” Act), CMS’ suspension authority has greatly expanded.   
• Revocation.  As with suspensions, we have seen a sharp increase in the number of Medicare revocation actions taken over the last year. The reasons for revocation have varied but have typically been associated with alleged violations of their participation agreement. In some cases, the ZPIC contractors found that the provider has moved addresses and did not properly notified Medicare. In other cases, a provider was alleged to have been uncooperative during a site visit. Finally, there were a number of instances where the provider allegedly did not meet the “core” requirements necessary for their facility to remain certified.
• Referrals for Civil and Criminal Enforcement.  ZPICs are actively referring providers to HHS-OIG (which can in turn refer the case to the U.S. Department of Justice for possible civil and / or criminal enforcement) when a case appears to entail more that a mere overpayment. However, just because a referral is made doesn’t mean that it will prosecuted. In many instances, HHS-OIG (and / or DOJ) will decline to open a case due to a variety of reasons, such as lack of evidence, insufficient damages, etc.).

 III.        Steps Providers Can Take Now, Before They are Subjected to a ZPIC Audit:

          In responding to a ZPIC audit, it is important to remember that although they may not technically be “bounty hunters,” it is arguably to their benefit to find that an overpayment has occurred. These overpayments are often based on overlapping “technical” (such as an incorrect place of service code) and “substantive” (such as lack of medical necessity) reasons for denial. In recent years, the level of expertise exercised by ZPICs is often quite high — noting multiple reasons for denial and concern.

          Unfortunately, the reality is that most (if not all) Medicare providers will find themselves the subject of a ZPIC, CERT, RAC or other type of claims audit at some point in the future.  In our opinion, the single most effective step you can take to prepare for a contractor audit is to ensure that your organization has implemented and is adhering to an effective Compliance Plan.  A comprehensive assessment of an organization’s coding and billing practices is one element of an effective plan.  Several general points to consider also include:

Keep in mind your experiences with PSCs and other contractors.  The lessons you have learned responding to PSC, CERT and RAC audits can be invaluable when appealing ZPIC overpayments.  As you will recall, the appeals rules to be followed are virtually the same.

Monitor HHS-OIG’s Work Plan.  While often cryptic, it can be invaluable in identifying areas of government concern.  Are any of the services or procedures your organization currently provides a focus of HHS-OIG’s audit or investigative?

Keep an eye on RAC activities.  Review the service-specific findings set out in annual RAC reports.  Review targeted areas carefully to ascertain whether claims meet Medicare’s coding and medical necessity policies.

You never realize how bad your documentation is until your facility is audited. While many providers start out “over-documenting” services (to the extent that there is such a thing), a provider’s documentation practices often become more relaxed as time goes on – especially when the provider has not been audited for an extended period of time.  In such situations, both physicians and their staff may fail to fully document the services provided.  Moreover, the care taken to ensure that all supporting documentation has been properly secured may have also lapsed over the years.

Review your documentation.  Imagine you are an outside third-party reviewer.  Can an outsider fully appreciate the patient’s clinical status and the medical necessity of treatment?  Are the notes legible and written is a clear fashion?  Compare your E/M services to the 1995 or 1997 Evaluation and Management (E/M) Guidelines – have you fully and completely documented the services you provided?  If dealing with skilled services, have you fully listed and discussed both the need for skilled services and the specific skilled services provided?

IV.        Closing Thoughts:

          Imagine a ZPIC hands you a claims analysis rife with alleged errors, an indecipherable list of statistical formulas, and an extrapolated recovery demand that will cripple your practice or clinic. What steps should you take to analyze their work? Based on our experience, providers can and should carefully assess the contractor’s actions, particularly the use of formulas and application of the RAT-STATS program when selecting a statistical sample and extrapolating the alleged damages based on the sample.  To be clear, not all statistical extrapolations will be flawed.  Denpending on the steps taken by the ZPIC’s statistician,  to the Over the years, we have challenged the extrapolation of damages conducted by Medicare contractors around the country, including tens of thousands of claims. Regardless of whether you are a Skilled Nursing Facility providing skilled nursing and skilled therapy services, an M.D. or D.O. providing E/M services, a Home Health company or a Durable Medical Equipment (DME) company, it is imperative that you work with experienced legal counsel and statistical experts to analyze the actions take by a ZPIC.

Liles Parker attorneys and staff have extensive experience representing a wide range of Medicare providers in audits by ZPICs, PSCs and other contractors.  Should you have questions regarding an inquiry from a ZPIC, PSC or RAC that you have received, please feel free to give us a call for a complimentary consultation.  We can be reached at:  1 (800) 475-1906.

 

 

 

 

As Noted at the Los Angeles DOJ/HHS Health Care Fraud Summit — Data Mining is Being Used by DOJ to Target Health Care Providers

(August 31, 2010): Introduction: Last week, department heads of the U.S. Department of Justice (DOJ) and the Department of Health and Human Services (HHS), met in Los Angeles, CA and conducted the second of a planned series of “Regional Health Care Fraud Prevention Summits.”  Following-up on a similar conference held in Miami, DOJ Attorney General Eric Holder HHS Secretary Kathleen Sebelius discussed a number of ongoing concerns and remedial steps that are being taken to identify, investigate and prosecute instances of Medicare fraud.  In addition to these agency heads, participants learned of current and additional planned fraud enforcement initiatives from Federal and State law enforcement officials.

 Issues Discussed at the Summit: As Attorney General Holder discussed, the administration’s current enforcement actions were having a significant impact on health care fraud.  In fact, additional funding has been allocated to expand the HEAT program to additional cities:

 “. . . Last year brought an historic step forward in this fight.   In May 2009, the Departments of Justice and Health and Human Services launched the Health Care Fraud Prevention and Enforcement Action Team, or “HEAT.”   Through HEAT, we’ve fostered unprecedented collaboration between our agencies and our law enforcement partners.   We’ve ensured that the fight against criminal and civil health care fraud is a Cabinet-level priority.   And we’ve strengthened our capacity to fight health care fraud through the enhanced use of our joint Medicare Strike Forces.    

 This approach is working.   In fact, HEAT’s impact has been recognized by President Obama, whose FY2011 budget request includes an additional $60 million to expand our network of Strike Forces to additional cities.   With these new resources, and our continued commitment to collaboration, I have no doubt we’ll be able to extend HEAT’s record of achievement.   And this record is extraordinary.

 In just the last fiscal year, we’ve won or negotiated more than $1.6 billion in judgments and settlements, returned more than $2.5 billion to the Medicare Trust Fund, opened thousands of new criminal and civil health care fraud investigations, reached an all-time high in the number of health care fraud defendants charged, and stopped numerous large-scale fraud schemes in their tracks.  

 We can all be encouraged, in particular, by what’s been accomplished in L.A.   Criminals we’ve brought to justice here – in the last year alone – include the owners of the City of Angels Hospital, who   pleaded guilty to paying illegal kickbacks to homeless shelters as part of a scheme to defraud Medicare and Medi-Cal; a physician in Torrance who defrauded insurance companies by misrepresenting cosmetic procedures as “medically necessary”; an Orange County oncologist who pleaded guilty to fraudulently billing Medicare and other health insurance companies up to $1 million for cancer medications that weren’t provided; a Santa Ana doctor who pleaded guilty to health care fraud for giving AIDS and HIV patients diluted medications; and a ring of criminals who defrauded Medi-Cal out of more than $4.5 million by using unlicensed individuals to provide in-home care to scores of disabled patients, many of them children.“ (emphasis added).

 As HHS Secretary Sebelius further noted:

“In March, we gave him some help when Congress passed and the president signed the Affordable Care Act — one of the strongest health care anti-fraud bills in American history. Under the new law we’ve begun to strengthen the screenings for health care providers who want to participate in Medicaid or Medicare.  And I am proud to announce that CMS is issuing a final rule strengthening enrollment standards for suppliers of durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS).

This rule and others coming soon mean that only appropriately qualified suppliers will be enrolled in the program. The days when you could just hang a shingle over a desk and start submitting claims are over. No more power-driven wheelchairs for marathon runners.  Under the new law, we’re also making it easier for law enforcement officials to see health care claims data from around the country in one place, combining all Medicare-paid claims into a single, searchable database. And we’re getting smarter about analyzing those claims in real time to flag potential scams.  It is what credit card companies have been doing for decades:  If 10 flat screen TV’s are suddenly charged to my card in one day, they know something’s not quite right. So they put a hold on payment and call me right away. 

We should be able to take the same approach when one provider submits ten times as many claims for oxygen equipment as a similar operation just down the road.  It’s about spotting fraud early before it escalates and the cost grows.  As we step up our efforts to stamp out fraud, we’re holding ourselves accountable. The President has made a commitment to cut improper Medicare payments in half by 2012.”

While DOJ Attorney General Holder’s and HHS Secretary Sebelius’ presentations provided an overview of law enforcement’s current and future efforts, the comments of DOJ Assistant Attorney General for the Criminal Division, Lanny A. Breuer, were especially enlightening in terms of how providers are being identified and targeted for investigation.   As Mr. Breuer discussed: 

“In 2007, the Criminal Division of the Justice Department refocused our approach to investigating and prosecuting health care fraud cases. Our investigative approach is now data driven: put simply, our analysts and agents review Medicare billing data from across the country; identify patterns of unusual billing conduct; and then deploy our “Strike Force” teams of investigators and prosecutors to those hotspots to investigate, make arrests, and prosecute. And as criminals become more creative and sophisticated, we intend to use our most aggressive investigative techniques to be right at their heels. Whenever possible, we actively use undercover operations, court-authorized wiretaps and room bugs, and confidential informants to stop these schemes in their tracks.” (emphasis added).

 As Mr. Breuer’s comments further confirm, health care providers are being identified based on their billing patterns.  Through the use of data-mining, providers who coding and billing practices identify them as “outliers,” are finding themselves subjected to  administrative, civil and even criminal investigation.

 Commentary:   As counsel for a wide variety of health care providers around the country, we are especially concerned that honest, hard-working health care providers are finding themselves and their practices / clinics under investigation merely because:  (1) their productivity is higher than that of their peers, or (2) their focus is specialized and often treats a higher percentage of seriously sick patients which ultimately requires a more detailed or comprehensive examination than one might normally find.  Ultimately, through our representation of health care providers who have been targeted through data-mining, we believe that it is fundamentally unfair to investigate a provider merely on the basis of statistical data which can be manipulated in a thousand different ways in order to justify going after a specific provider or a type of practice.

 On the administrative side, when data-mining is used as a targeting tool, providers are being audited and pursued by ZPICs, PSCs and RACs – each of is incentivized (either because they receive a percentage of any overpayment OR they are under contract with CMS to find overpayments and wrongful billings) to find fault with the provider.

 Continuing Concerns:   Under the current system, providers targeted through data-mining are likely to be saddled with extrapolated damages which can easily run into the millions of dollars, regardless of the fact that a large percentage of these providers are eventually exonerated (either fully or partially) when the case is heard by an Administrative Law Judge.

 Health care providers subjected to an administrative audit (by a ZPIC, PSC or RAC), civil investigation (such as a review by the DOJ for possible False Claims Act liability), or criminal investigation (by DOJ or a State Medicaid Fraud Control Unit) should immediately contact your counsel.  Extreme care should be taken when making statements to Federal or State investigators.  Should the provider make a statement that is false or misleading, such comments could be used as the basis for bringing a separate cause of action.  Your legal counsel may choose to handle all contacts with the government.

Liles Parker attorneys represent health care providers in administrative, civil and criminal health care fraud and overpayment case.  Should you have questions regarding these issues, give us a call.  You may call 1 (800) 475-1906 for a free consultation.

 

 

 

Are ZPICs Tougher than RACs When Conducting a Medicare Audit?

(March 25, 2010):  The Recovery Audit Contractor (RAC) program is an integral part of the Center for Medicare and Medicaid Services’ (CMS’) “benefit integrity” efforts which seek to identify and recoup alleged overpayments paid to Medicare providers. While the RAC program is still being expanded in many of the country (to cover not only hospitals but also other providers and types of Medicare claims), health care providers should be aware that the Zone Program Integrity Contractors (ZPICs) are already active in many areas and are actively auditing physicians, home health agencies, hospices, DME companies, therapy clinics, chiropractors and other small to mid-sized health care providers.  Despite the “hype” surrounding RACs, at this time, ZPICs represent a significantly greater risk to non-hospital providers than do RACs.  The purpose of this article to examine a number of the differences between these Medicare contractor programs.

What are the chances of your practice being reported by a ZPIC or RAC to HHS-OIG or DOJ for possible fraud violations?

While both contractor programs are designed to “find and prevent waste, fraud and abuse in Medicare,” the fact is that to date, ZPICs have been much more likely than RACs to report possible incidents of “fraud” that are identified while conducting a medical review.  Frankly, it makes sense.  RACs make money by identifying alleged overpayments – not by making a fraud referral to law enforcement.  Notably, as a result of recent criticism by HHS-OIG, CMS will be requiring RACs to be much more diligent in the future about making referrals to law enforcement when it appears that a health care provider’s conduct represents fraud rather than merely an overpayment.  CMS has provided training to RACs on how to identify fraud in the near future.  Importantly, a RAC denial of claims which results in a provider repayment will not necessarily prevent HHS-OIG from investigating and making a referral to DOJ for possible prosecution, as appropriate, if there are allegations of fraud or abuse arising out of the alleged overpayment. 

Notably, recent letters by ZPICs in South Texas and in other parts of the country have been seeking copies of business related records (copies of contracts, agreements with Medical Directors, lease agreements and more), along with its request for claims-related medical documentation.  Importantly, the contractor is assessing the provider’s business relationships to help verify that referral and other business relationships do not violate the Federal Anti-Kickback Statute.  To reduce the possiblity of civil or criminal liability, it is essential that Medicare providers take affirmative steps to better ensure that their practices are compliant with applicable statutory and regulatory requirements.  2011 will be the “Year of Compliance.”  All providers, regardless of size, should take steps to implement an effective Compliance Program.  Should you not have an compliance program in place, give us a call — we can help. 

What is different about ZPICs and their predecessors, Program Safeguard Contractors (PSCs)?

Both ZPICs and Program Safeguard Contractors (PSCs) readily point out that they are not “bounty hunters.”   ZPICs are not paid contingency fees like RACs and are paid directly by CMS on a contractual basis.  Nevertheless, common sense tells us that if ZPICs aren’t successful at identifying alleged overpayments, the chances of a particular contractor getting their contract with CMS renewed are pretty slim.  Experience has shown that both ZPICs and PSCs don’t always appear to strictly adhere to medical review standards established by Medicare Administrative Contractors (MACs) and approved by CMS.  In our opinion, there appear to have been cases where these contractors applied their own unwritten standards, often denying claims based on conjecture and speculation rather than a strict application of the applicable LCD or LMRP. 

In any event, over the last year, both ZPICs and PSCs have been increasingly placing health care providers on pre-payment review, conducting post-payment audits, recommending suspensions of payment.  Additionally, in many cases they have been extrapolating the alleged damages based on a sample of claims reviewed. Finally, as discussed above, identified instances of potential fraud are being referred by ZPICs and PSCs to HHS-OIG for possible investigation, referral for prosecution and / or administrative sanction.

What sources of coding / billing data are used by ZPICs?

ZPICS are required to use a variety of techniques, both proactive and reactive, to address any potentially fraudulent practices.  Proactive techniques will include the ZPIC IT Systems that will combine claims data (fiscal intermediary, regional home health intermediary, carrier, and durable medical equipment regional carrier data) and other source of information to create a platform for conducting complex data analyses. By combining data from various sources, ZPICs have been able to assemble a fairly comprehensive picture of a beneficiary’s claim history regardless of where the claim was processed. The primary source of this data is reportedly CMS’ National Claims History (NCH) database.

How do ZPICs conduct medical reviews?

ZPICs conduct medical reviews of charts to determine, among other things, whether the service submitted was actually provided, and whether the service was medically reasonably and necessary.  Based upon their findings, ZPICs may approve, downcode or deny a claim.  To date, we have never seen a ZPIC conclude that a claim should have been coded at a higher level, only a lower level.  Regrettably, ZPICs are not required to have a physician review a claim in order to deny coverage.  In most of the cases on which we have worked, the contractor’s medical reviewer has been a Registered Nurse.   While some Federal courts have found that a treating physician’s opinion should be given paramount weight, others have ruled that the opinion of a treating physician should not be given any special consideration.  Generally, ZPICs have completely disregarded the “Treating Physician Rule,” despite the fact that a patient’s treating physician was the only provider to have actually seen and assessed the patient at issue. 

How should you respond to a ZPIC audit?

In responding to a ZPIC audit, it is important to remember that although they may not technically be “bounty hunters,” in our opinion, they are in the business of finding fault.   Moreover, they are quite adept at identifying “technical” errors, many of which they will readily cite when denying your Medicare claims.  Unfortunately, it is not at all uncommon for a ZPIC to find that 75% — 100 % of the sample of claims reviewed did not qualify for coverage and payment by Medicare.  After extrapolating the damages to the universe of claims at issue, health care providers often find that they are facing alleged overpayments of between $150,000 and several million dollars.  In many cases, the assessment is far in excess of the provider’s ability to pay.  As such, the administrative appeal becomes a “bet the farm” matter for the health care provider.  If the assessment remains, the provider will have no choice but to declare bankruptcy. 

It is also important to remember that ZPIC enforcement actions are not limited to merely overpayment assessments.  In recent months, ZPICs have been increasingly conducting unexpected site visits of health care provider’s offices and facilities, often requesting immediate access to a limited number of claims and the medical records supporing the services billed to Medicare.  Typically, they then require that a provider send supporting documention covering a wider list of claims within 30 days of their visit.  In other cases, should a ZPIC identify serious problems when reviewing the medical records requested, they may recommend to CMS that the provider’s Medicare billing privileges be suspended.  From a practical standapoint, few providers are diversified (in terms of payor mix) to the point that they can easily do without Medicare reimbursement.  The practical effect of a Medicare suspension is therefore that provider cannot continue in business throughout the 180-day initial period of suspension typically imposed by CMS.   Finally, in a limited number of cases, after a ZPIC or PSC has visited an office, the provider will subsequently learn that the contractor has recommended that the provider’s Medicare number be revoked.  In a fairly recent case we are aware of (not involving a client of the Firm), the contractor claimed that the provider failed to cooperate, a clear violation of the provider’s “Conditions of Participation” with Medicare.  As a result, the contractor recommended (and CMS approved) the revocation of the provider’s Medicare number.    Short of exclusion from participation in the Medicare program, this is arguably the most serious and far-reaching administrative action that can be taken against a Medicare provider.     

In light of the seriousness of the situation, regardless of whether you are contacted by a RAC, a ZPIC or a PSC, you must take great care when responding to the contractor’s request for business records, claims information or medical records.  Administrative enforcement actions can be extraordinarily serious.  Therefore, is essential that you engage an experienced attorney and law firm to represent your interest. 

Robert W. Liles, J.D., M.S., M.B.A., is a health lawyer with Liles Parker PLLC.   Liles Parker has offices in Washington, DC, Houston, TX and San Antonio, TX.  Prior to entering private practice, Mr. Liles served as an Assistant U.S. Attorney.  He now represents health care providers around the country in connection with administrative, civil and criminal health law issues.  He has extensive experience defending providers in audits by ZPICs, PSCs and other Medicare / Medicaid contractors.   For a complimentary consultation, please call:  1 (800) 475-1906.