A UPIC Audit is Serious Business — Is Your Office Prepared?

A UPIC audit of your practice is serious business.

(Updated December 2020): Of the many contractors working for the Centers for Medicare and Medicaid Services (CMS), Unified Program Integrity Contractors (UPICs) are by far the serious financial threat to your practice, home health, hospice or DME company. A UPIC audit is serious business. Simply put, the UPIC program was intended to consolidate the work currently being performed by various Medicare and Medicaid program integrity contractors under a single private sector contractor (namely ZPICs and MICs). Each UPIC contractor is responsible for handling federal level program integrity audits for both Medicare and Medicaid within a defined geographic area. [1] As CMS has noted in its Program Integrity Manual:

"The primary goal of the UPIC is to identify cases of suspected fraud, waste and abuse, develop them thoroughly and in a timely manner, and take immediate action to ensure that Medicare Trust Fund monies are not inappropriately paid." [2]

I. Current List of UPICs Around the Country

As of December 2020, the current list of contractors working as UPICs around the country include:

  • Qlarant Integrity Solutions (Western Jurisdiction: AK, AZ, CA, HI, ID, MN, NV, ND, OR, SD, UT, WA, WY, American Samoa, Northern Marianas Islands and Guam)
  • Qlarant Integrity Solutions (Southwestern Jurisdiction): CO, NM, OK, TX, AR, LA and MS.
  • Safeguard Services LLC (Southeastern Jurisdiction) AL, FL, GA, NC, PR, SC, TN, U.S. Virgin Islands, VA and WV.
  • SafeGuard Services, LLC (Northeastern Jurisdiction): ME, VT, NH, MA, RI, CT, NY, PA, NJ, DE, MD, DC, and the counties of Arlington and Fairfax and the city of Alexandria in Virginia.
  • CoventBridge (formerly NCI / AdvanceMed) (Midwestern Jurisdiction): IL, IN, IA, KS, KY, MI, MN, MO, NE, OH and WI).

At first glance, you will likely note that the virtually none of the awardees are new to the business of “program integrity.” In fact, each of these contractors have previously served as a ZPIC or PSC. As such, each of these UPIC contractors have years of experience supporting the government’s efforts to identify, deter, prevent and reduce fraud, waste and abuse.

II. Primary Areas of Focus by UPICs

As set out under Section 4.1 of the Medicare Program Integrity Manual (PIM), CMS relies heavily on UPICs and other contractors to identify and refer suspected cases of fraud to law enforcement for further investigation:

The focus of the UPICs, SMRCs and MACs shall be to ensure compliance with Medicare regulations, refer suspected fraud and abuse to our Law Enforcement (LE) partners, and/or recommend revocation of providers that are non-compliant with Medicare regulation and policies.[3]

To date, the primary areas of focus being pursued by UPICs have included cases involving:

  1. Patient abuse or harm;
  2. Pursing adverse administrative actions (such as termination, suspension or revocation of a provider's billing privileges) in order to better protect the affected Federal health care program from further wasteful, abusive or fraudulent billing practices.
  3. Pursuing statewide, regional and national improper documentation, coding and billing practices by specific specialty areas (such as home health agencies, chiropractic practices, behavioral health providers).
  4. Improper coding and billing conduct that is thought to have resulted in significant overpayments.
  5. Waste, fraud and abusive conduct aimed at Medicare and Medicaid advantage payors.
  6. Referrals for medical review support services by Federal and State law enforcement authorities.

CMS believes that the UPIC program integrity strategy will greatly enhance the ability of the agency to identify aberrant billing patterns and practices, especially those that involve both Medicare and Medicaid claims. It is therefore essential that all health care providers participating in the Medicare and / or Medicaid programs ensure that they have developed and implemented an effective Compliance Program.

On the positive side, the UPIC program is likely to go a long way towards streamlining the audit process and reducing the number of duplicative audit requests received from competing CMS program integrity contracts. In any event, the consolidation of these program integrity duties is yet another clear indication that the government intends improve its efficiency in scrutinizing questionable Medicare and Medicaid billings. Participating providers have an obligation to keep up with and follow all applicable statutory and regulatory requirements associated with Medicare and Medicaid services. Now is the time to conduct a “GAP Analysis” [4] of your current practices so that any needed remedial actions can be taken.

A number of our clients around the country have already received requests for records from the UPIC handling their jurisdiction. One UPIC in particular, Qlarant, has been especially active over the last six months in sending out audit letters requesting copies of medical records and other documentation which supports the specific claims being assessed.

III. First Signs of a UPIC Audit -- Site Visits and Document Requests

Over the last year, a number of CMS contractors have issued requests for documents requiring that the documentation be submitted to the contractor within 15 days. This is really frustrating in light of the fact that under 42 CFR 420.304(b)(1), a CMS contractor is supposed the health care provider 30 days to submit the documents being requested. Although most UPICs will readily agree to an extension of time, if they only agree to extend the deadline to 30 days, they really aren’t granting the provider anything, are they? When we have objected on behalf of our clients, the UPIC has readily agreed to a due date of not less than 30 days.

What types of documents are requested in the UPIC contractor’s request? Carefully review the nature of the request. Is the UPIC only seeking administrative and claims-related medical records OR, is the contractor also seeking documentation related to a provider’s business relationships and / or business practices?

As with other program integrity audits, most reviews (and claims reopenings) by UPICs are generated as a result of data mining. In these cases, a UPIC often restricts its review efforts (at least initially) to the claims being assessed, along with relevant, associated medical, coding, billing records and related materials.

In addition to the claims-related documents above, if a UPIC also seeks documents related to a provider’s business practices and / or business relationships (i.e. where does the provider get its referrals AND where does the provider send its referrals), there is greater likelihood that other information has been received by the UPIC which suggests that the provider may be engaging in one or more improper business practices. Providers should exercise extreme caution if this type of information is being sought. To the extent that a UPIC finds evidence that a provider is engaging in wrongdoing, the contractor is required to make a referral to law enforcement (OIG and / or DOJ).

If 10 or less postpayment claims are being reviewed, more than likely the UPIC is conducting a “Probe Sample” of the provider’s claims. The purpose of the probe sample is to see if there appears to be a potential problem with the provider’s medical necessity, documentation, coding or billing practices. If few problems are found, the UPIC will likely issue an “Education Letter” to the provider. If, however, a significant number of errors are identified, the UPIC will likely expand its audit and issue a subsequent request for the supporting documentation associated with 30 or more claims that have already been paid.

If the UPIC’s initial request for records asks for records associated with 30 or more claims (usually billed over a two-year period), there is high likelihood that the UPIC have pulled these claims as part of a “Statistically Relevant Sample.” As such, the UPIC intends to extrapolate the error rate found to the entire universe of claims.

IV. Responding to a Request for Records Sent by a UPIC

UPICs are expected to adhere to applicable Medicare coverage guidelines. Nevertheless, a UPIC's interpretation and application of these coverage requirements may greatly differ from your understanding of the same provisions. In recent years, these CMS program integrity contractors have been aggressively pursuing a wide variety of enforcement actions.

Have you had an unannounced site visit from a UPIC auditor or other representative? Have you received a document request from a UPIC? Are you undergoing a UPIC audit? If you answered "Yes" to any of these questions, we recommend that you contact qualified legal counsel to represent your interests.

Liles Parker attorneys are experienced health care lawyers with decades of experience representing Medicare and Medicaid providers in connection with claims audits and government investigations. For a free consultation, give us a call at:> 1 (800) 475-1906.

[1] For an early look at the UPIC audit program, you may wish to review our article titled "UPIC Claims Audits of Medicare Services are Underway! Are You Ready?"

[2] See CMS Program Integrity Manual, Section 4.2

[3] CMS, Chapter 4, Section 4.1. "Medicare Program Integrity Manual."

[4] For a more detailed discussion of the GAP Analysis process, we recommend you review our page titled "How to Conduct a GAP Analysis of Your Health Care Practice."

Leave a Reply