UPIC Audits, ZPIC Audits, Medicaid Audits, Private Payor Audits, Medicare Suspensions, Revocations Actions, State Licensure Board Actions
-->

UPIC Audits of Medicare Claims are Underway! Is Your Practice Ready?

June 13, 2017 by  
Filed under Featured, Health Law Articles

UPIC Audits(June 12, 2017):  Historically, the Centers for Medicare and Medicaid Services (CMS) has relied on a network of private contractors to handle the program integrity functions for both the Medicare and Medicaid programs.  With respect to Medicare, CMS has utilized Zone Program Integrity Contractors (ZPICs) and to a much lesser extent, Program Safeguard Contractors (PSCs) to perform a wide range of program integrity functions.[1] On the Medicaid side, CMS utilized Medicaid Integrity Contractors (MICs) to handle Medicaid-related program integrity activities.  As discussed below, the Unified Program Integrity Contractor (UPIC) program is now poised to take over all of these responsibilities.

I. Early Historical Background of Fiscal Intermediaries (FIs) and Carriers:

The Medicare and Medicaid program were first enacted into law on July 30, 1965 by President Lyndon B. Johnson. When the programs were subsequently implemented in 1966, the government chose to use private health care payors to process the claims of Medicare beneficiaries.  Private entities were awarded contracts to serve as “Fiscal Intermediaries” and “Carriers.”  Fiscal Intermediaries were responsible for handling Part A claims.  Generally, Part A claims includes hospital care, skilled nursing facility care, non-custodial nursing home care, hospice care and home health services.  In contrast, Carriers were responsible for handling Part B claims.  Unlike Part A, Medicare Part B covers a wide variety of medically necessary outpatient care and treatment services.  It also covered a number of preventative services.  Additionally, Medicare Part B covers certain types of supplies and durable medical equipment.  Since their inception, both Fiscal Intermediaries and Carriers have been responsible for fulfilling a number of Medicare program education, administrative processing and program integrity roles.

II. Early Medicare Program Integrity Funding Efforts:

Prior to 1996, funding for Medicare program integrity activities was included in Medicare’s general administrative budget.  As such, it had to “compete,” so to speak, with all of the claims-related education and processing programs paid for out of Medicare’s general administrative budget.  As you can imagine, this led to a variety of budgetary conflicts and counterproductive competition between programs to obtain a suitable share of available funding.  The General Accounting Office (GAO) issued reports in 1993 and 1995 calling for separate, dedicated funding for Medicare program integrity activities.[2]

III. Passage of HIPAA – Establishment of Program Safeguard Contractors (PSCs):

On August 21, 1996, the Health Insurance Portability and Accountability Act (HIPAA) was enacted into law.  While HIPAA is practically synonymous with “medical privacy” among both lay persons and most health care providers, law enforcement’s view of the statute was quite different.  Under HIPAA, both the Department of Justice (DOJ) and the Department of Health and Human Services (HHS), Office of Inspector General (OIG) received sizeable, recurring funding that was to be used solely for the investigation and prosecution of cases involving health care fraud, waste and abuse.

Among its many provisions, HIPAA also established the Medicare Integrity Program (MIP). The MIP was created in an effort to further enhance the ability of the Health Care Financing Administration (HCFA)[3] to detect and deter fraud, waste and abuse in the Medicare program. As part of MIP, HCFA created the Program Safeguard Contractor (PSC) program.  From a program integrity standpoint, PSCs were a major step forward.  Among their many duties, PSCs were expressly tasked with identifying potential cases of fraud and making referrals to OIG and DOJ, as appropriate.

IV. Enactment of the MMA – Creation of MACs and ZPICs:

The Medicare Modernization Act (MMA) was subsequently signed into law on December 8, 2003.  The MMA greatly simplified the administrative processing of Medicare claims through its implementation of a comprehensive Medicare Fee-For-Service Contracting Reform program.  Under this program, CMS used the competitive bidding process to replace the existing system of Fiscal Intermediaries (responsible for processing Part A claims) and Carriers (responsible for processing Part B claims) with a single administrative claims processing entity known as Medicare Administrative Contractors (MACs).

In addition to completely revising the administrative claims processing scheme (through the creation of MACs), the MMA also directed that newly-established would take over the responsibility for handling Medicare program integrity functions and activities. A total of seven ZPIC zones were created to work with the MAC in their jurisdiction.  Each of these ZPICs have been responsible for performing program integrity functions Medicare Parts A, B, Durable Medical Equipment Prosthetics, Orthotics, and Supplies, Home Health and Hospice and Medicare-Medicaid data matching, in their respective zones.  Notably, Medicare Part C and D program integrity efforts have been assigned to a single national contractor.  The contractor responsible for handling Medicare Part C and Part D claims is known as the Medicare Drug Integrity Contractor (MEDIC).

V. Rise of the UPICs

As detailed in the Comprehensive Medicaid Integrity Plan. Fiscal Years 2014—2018,” issued by CMS, Section 1936(d) of the Social Security Act requires that the HHS Secretary establish a comprehensive plan for ensuring the program integrity of the Medicaid program, on a recurring 5-fiscal year basis.  To this end, CMS developed Unified Program Integrity Contractor (UPIC) program. Unlike earlier program integrity efforts, UPIC contractors have been tasked with conducting Medicare, Medicaid and Medi-Mal investigations and audits of participating health care providers and suppliers in their assigned jurisdictions.

While both ZPICs and MICs are still active around the country, efforts by CMS to consolidate Medicare, Medicaid and Medi-Mal fraud fighting efforts under a single entity are well underway.  Contracts awarding these integrated program integrity responsibilities were awarded to the following UPICs in May 2016:

  • Health Integrity, LLC (Western Jurisdiction)

  • AdvanceMed Corporation (Midwestern Jurisdiction)

  • IntegriGuard, LLC, dba HMS Federal (Indefinite Delivery Indefinite Quantity)

  • Noridian Healthcare Solutions, LLC (Indefinite Delivery Indefinite Quantity)

  • Safeguard Services LLC (North Eastern Jurisdiction)

  • StrategicHealthSolutions, LLC (Indefinite Delivery Indefinite Quantity)

  • TriCenturion, Inc. (Indefinite Delivery Indefinite Quantity)

At first glance, you will likely note that the virtually none of the awardees are new to the business of “program integrity.”  In fact, each of these contractors have previously served as a ZPIC or PSC.  As such, each of these UPIC contractors have years of experience supporting the government’s efforts to identify, deter, prevent, and reduce fraud, waste and abuse.

VI. What is the Practical Difference Between a PSC, ZPIC and UPIC Contractor, if Any?

You may ask, “What is the difference between a PSC, a ZPIC and a UPIC?”  Great question.  With respect to Medicare, the program integrity activities conducted are essentially the same.  In fact, Chapter 4, Section 4.1, of the Medicare Program Integrity Manual (MPIM) expressly states:

 “For this entire chapter, and until such time as all ZPICs are awarded, any reference to ZPICs shall also apply to Program Safeguard Contractors (PSCs), unless otherwise noted. All references to ZPICs shall also apply to Unified Program Integrity Contractor (UPIC) unless otherwise specified in the UPIC [Statement of Work] SOW.”

VII. UPIC Contracts Have Been Awarded and UPIC Audits are Currently Underway:

A number of our clients around the country have already received requests for records from the UPIC handling their jurisdiction.  One UPIC in particular, AdvanceMed, has been especially active over the last six months in sending out audit letters requesting copies of medical records and other documentation which supports the specific claims being assessed.  As discussed below, a careful review of any request that you receive may give an indication of how the case arose and whether the contractor’s review is merely claims focused or also includes an assessment of the provider’s business relationships and practices.

Requests for documents sent by UPICs and their predecessor ZPICs can vary in terms of scope, purpose and due date.  There are several points that should be considered whenever a UPIC or ZPIC request for medical records is received by a Medicare provider:

When must the requested documents be sent to the UPIC or ZPIC? Over the last year, a number of ZPIC requests for documents have required that the documentation must be submitted to the contractor within 15 days. This is really frustrating in light of the fact that under 42 CFR 420.304(b)(1), the contractor is supposed the health care provider 30 days to submit the documents being requested.  Although most ZPICs will readily agree to an extension of time, if they only agree to extend the deadline to 30 days, they really are granting the provider anything, are they?  To date, we have not seen UPIC requests for documents ask that documents be returned to the contractor in less than 30 days.

What types of documents are requested in contractor’s request? Carefully review the nature of the request.  Is the UPIC only seeking administrative and claims-related medical records OR, is the contractor also seeking documentation related to a provider’s business relationships and / or business practices?

  • UPIC Claims Audits:  Most audits (and claims reopenings) by UPICs are generated as a result of data mining.  In these cases, a UPIC often restricts its review efforts (at least initially) to the claims being assessed, along with relevant, associated administrative materials.  Examples of documents sought in these types of review include, but are not limited to:
  1. Copy of claim, if available;
  2. Beneficiary Notice of Liability;
  3. Authorization of Benefits;
  4. Consent for treatment;
  5. Signed HIPAA privacy notification forms;
  6. Signature card including names and signatures of all personnel documenting in the beneficiary’s chart.
  7. Electronic signature policy;
  8. Copy of face sheet with beneficiary contact information;
  9. Signed “Consent for Treatment” authorizing the medical service;
  10. A copy of the beneficiary’s Medicare card;
  11. A legend or list that defines acronyms, symbols or abbreviations used in the medical records;
  12. A completed Advanced Beneficiary Notice (ABN), as appropriate;
  13. Copies of licenses and / or certifications of any personnel documenting in the beneficiary’s medical records. This includes, physicians, nurse practitioners, physician assistants, nurses, and other caregivers that require licensure or certification;
  14. If electronic signatures are used, documentation which shows that the electronic signatures properly authenticated and dated. The UPIC will also typically ask for the provider to show that safeguards are in place to prevent unauthorized access;
  15. Physician orders;
  16. History and physical;
  17. Patient encounter / visit forms;
  18. Physician’s office and Progress Notes;
  19. Consultation reports (if applicable);
  20. Surgical reports (if applicable);
  21. Pathology reports (if applicable);
  22. Pathology reports (if applicable);
  23. Laboratory tests results (if applicable);
  24. Radiology reports (if applicable);
  25. Previous treatments received to include dates, diagnosis for treatment, treatments administered; and the patient’s response to treatment / progress made;
  26. Discharge notes (if applicable);
  27. Any additional medical records or findings that support the claim(s) or service(s) billed;
  • UPIC Requests for Business Records Along with Claims Audit Information:  In addition to the claims-related documents above, if a UPIC also seeks documents related to a provider’s business practices and / or business relationships (i.e. where does the provider get its referrals AND where does the provider send its referrals), there is greater likelihood that other information has been received by the UPIC which suggests that the provider may be engaging in one or more improper business practices. Providers should exercise extreme caution if this type of information is being sought.  To the extent that a UPIC finds evidence that a provider is engaging in wrongdoing, the contractor is required to make a referral to law enforcement (OIG and / or DOJ).  Examples of the business-related documents that may be sought by the UPIC include:
  1. Copies of any leases;
  2. Please provide a listing of all patients seen on the dates of the claims requested in this audit;
  3. Copies of any Medicare Director agreements;
  4. Name of HER software used (if applicable);
  5. Name and contact information for third-party billing company (if utilized);
  6. Please provide a sample of each encounter form utilized in your office;
  7. Copy of patient collections for the period at issue which reflects any copayments and / or deductibles collected from the beneficiary;
  8. Names, addresses and phone numbers and former positions of individuals who are no longer employed by the organization and left within the past three years;
  9. If you are associated with or a member of any assignment account, do you also bill under separate provider numbers? If so, list the numbers and describe the reasons for separate billing;
  10. Copies of any consulting agreements or other business agreements with laboratories, imaging centers or any other entity whose services are billed to Medicare;
  11. List all employees or contracted staff (physicians, therapists, physician assistants, nurses, etc.) who render services and bill Medicare under your provider number;
  12. List associates, partners, employees who bill under their own PTAN numbers;
  13. List associates, partners, employees who bill under your PTAN number;
  14. List the name of the manufacturer, model number and purpose of each piece of diagnostic or treatment equipment in your office, e.g. laboratory equipment, diagnostic equipment (x-ray, MRI, EMG, nerve conduction equipment, cardiac tests, other specialty diagnostic equipment, etc.), physical therapy equipment, chiropractic equipment;

How many Medicare claims are to be audited?  If 10 or less postpayment claims are being reviewed, more than likely the UPIC is conducting a “Probe Sample” of the provider’s claims.  The purpose of the probe sample is to see if there appears to be a potential problem with the provider’s medical necessity, documentation, coding or billing practices.  If few problems are found, the UPIC will likely issue an “Education Letter” to the provider.  If, however, a significant number of errors are identified, the UPIC will likely expand its audit and issue a subsequent request for the supporting documentation associated with 30 or more claims that have already been paid.

If the UPIC’s initial request for records asks for records associated with 30 or more claims (usually billed over a two year period), there is high likelihood that the UPIC have pulled these claims as part of a “Statistically Relevant Sample.”  As such, the UPIC intends to extrapolated the error rate found to the entire universe of claims.

VIII. How Should You Respond if Your Organization Receives a UPIC Records Request?

Should you receive a UPIC records request, we strongly recommend that you immediately contact a qualified health care lawyer.  There are a number of steps you can take at this initial stage in the review that may have a significant impact on whether the UPIC determines that a more in-depth audit is needed.  Moreover, the potential overpayment may also be greatly reduced (depending on the completeness of a provider’s medical records).  Questions?  Give us a call for a free consultation.

UPIC AuditsRobert W. Liles serves as Managing Partner at Liles Parker, Attorneys & Clients at Law.  Our Firm represents health care providers and suppliers around the country in UPIC, ZPIC, RAC and MIC audits.  We also work with providers to develop and implement an effective Compliance Program.  Call Robert for a free consultation.  He can be reached at:  1 (800) 475-1906.

[1] Only a minimum of legacy PSCs are still operating.  Almost all PSC contracts were previously replaced with ZPIC contracts.

[2] GAO, Medicare Spending: Modern Management Strategies Needed to Curb Billions in Unnecessary Payments, GAO/HEHS-95-210 (Washington, D.C.: Sept. 19, 1995); Medicare: Adequate Funding and Better Oversight Needed to Protect Benefit Dollars, GAO/T-HRD-94-59 (Washington, D.C.: Nov. 12, 1993); and Medicare: Funding and Management Problems Result in Unnecessary Expenditures GAO/T-HRD-93-4 (Washington, D.C.: Feb. 17, 1993).

[3] On June 1, 2001, it was announced that the Health Care Financing Administration (HCFA) was being changed to the Centers for Medicare and Medicare Services (CMS).

  • Advertisement

Comments are closed.