Liles Parker PLLC
(202) 298-8750 (800) 475-1906
Washington, DC | Houston, TX
San Antonio, TX | Baton Rouge, LA

We Defend Healthcare Providers Nationwide in Audits & Investigations

EHR Cloning Practices Can Lead to Medicare Audits

EHR cloning practices can lead to audits.

(December 26, 2013):  The Department of Health and Human Services (HHS) has long viewed the adoption of Electronic Health Records (EHRs) as a way to better coordinate care, improve the quality of care, reduce unnecessary paperwork, and eliminate duplicative medical testing.  Based, at least in part, on these beliefs, Congress authorized incentive payments to encourage the widespread adoption of this technology by health care providers throughout the  industry.  While HHS remains convinced that EHRs have the potential to save lives and reduce costs when used appropriately, the agency’s Office of Inspector General (OIG) has found that EHR systems have sometimes been misused by individuals and groups who wanting to game the system, and thereby obtain Medicare payments through the improper, or even fraudulent us of EHR cloning practices.

I.  EHR Cloning Practices Have Been a Concern of the OIG for Some Time:

In its simplest form, “cloning” involves the copying and pasting of one or more sections of a previous Progress Note or other document onto a record documenting a later visit.  Prior medical histories and other static portions of a medical records are prime candidates for cloning.  Notably, this improper practice isn’t necessarily new.  Long before EHRs were implemented, some providers were accused of, and in many instances, were in fact, using word processing software to cut and paste records sections from one visit to another.  While a health care provider’s motives in doing so were likely innocent, the practice suggested that the health care provider may have not truly conducted a comprehensive examination of the patient.  Both law enforcement agencies (such as OIG, the Federal Bureau of Investigation (FBI) and state Medicaid Fraud Control Units (MFCUs)), and program integrity contractors working for the Centers for Medicare and Medicaid Services (CMS), have previously cited EHR cloning practices as an issue in past investigations and audits.

II.  Problems Resulting from EHR Cloning Practices:

With the adoption of EHR, cloning concerns have become increasingly more commonplace.  Recent audits conducted by Zone Program Integrity Contractors (ZPICs), Recovery Audit Contractors (RACs) and other specialty contractors (such as Strategic Health Solutions) working for CMS have regularly cited EHR cloning practices as one of the reasons for denying coverage and payment of a health care provider’s claims.  While the copying and pasting of notes may speed up an examination and facilitate the quick completion of a cloning can be expedient, health care providers must realize that the practice is viewed with suspicion at best, and an a possible indication of fraud at its worst.  Health care providers who practice cloning will subject themselves and their practices to increased scrutiny from both government enforcement officials and program integrity contractors.

III.  The Implementation of EHRs Systems:

In recent years, EHR systems have gradually replaced the use of traditional paper medical records.  The use of computerized recordkeeping to document and store patient health information has been aggressively encouraged by the government.  EHR systems are views as “patient-focused” and are meant to instantly provide authorized users with real-time, secure, patient medical, care and treatment information. EHRs have been designed to include administrative clinical data relevant to a patient’s care under a particular provider, such as patient statistics like age and weight, progress notes, medications, medical history, and clinical test results.[1]  More importantly, the health information in these records can be created and managed by authorized providers in a digital format capable of being shared across various health care entities.

The Health Information Technology for Economic and Clinical Health Act (HITECH) Act was enacted as part of the American Recovery and Reinvestment Act of 2009 (ARRA) to support the creation of a nationwide health information technology infrastructure that allows for the electronic use and exchange of health care information.[2] Its goal is to achieve widespread adoption of EHRs by 2014. The Office of the National Coordinator for Health Information Technology (ONC) coordinates the adoption, implementation, and exchange of EHRs. To encourage adoption and meaningful use of EHRs, ARRA also established the Medicare and Medicaid EHR incentive programs.[3] Since 2011, the Centers for Medicare & Medicaid Services (CMS) has paid $13.7 billion in incentive payments to eligible providers and hospitals that demonstrate meaningful use of Certified EHR Technology.[4]

IV.  The Impact of EHR Systems on Documentation Practices:

The government has promoted EHR systems as a way to improve patient care and save money.  According to CMS, implementing EHRs can:

Reduce the incidence of medical error by improving the accuracy and clarity of medical records, thereby increasing practice efficiencies and cost savings;

Make patient health information more readily available, which will reduce duplication of tests, reduce delays in treatment, and increase patient participation in their care; and

Improve the accuracy of diagnoses and health outcomes.[5]

Unfortunately, as with many new technologies, EHR has its limitations.  There are a myriad of EHR systems being marketed to health care providers around the country.  Not surprisingly, some EHR systems are earlier to utilize than others.  Additionally, some systems are more prone to misuse than others.  The health care industry is not immune to fraudulent practices. While the full extent of health care fraud is unknown, the scope of the problem has been estimated to range between $75 and $250 billion per year.[6]  Many experts in the health information technology field warn that EHR technology may make it easier to commit fraud.[7] In fact, both the Department of Justice (DOJ) and HHS-OIG have expressed concern that some health care providers may attempt to use EMR systems to game the system and fraudulently obtain payments from Medicare, Medicaid and other payors. [8] A review of investigations, audits and prosecutions that have been brought have show that there are certain EHR documentation features – if used inappropriately – that can result if fraud. One of the most prevalent methods includes the improper coping and pasting of prior Progress Note entries onto a record documenting a more recent examination.  Many EHR systems make it extraordinarily easy to engage in cloning.

V.  Reasons Why Medicare Cloning Practices Can be Problematic:

As previously indicated, the practice of cloning can allow a health care provider to select information from one location in a patient’s EHR and copy it in another section of the patient’s record. For example, a health care provider can use cloning as a useful tool to replicate elements of a patient’s demographics on each page of the EMR. It was originally seen as a easy way to copy forward documentation that appeared to be the same in a patient’s medical record, items that may have not changed from a prior visit.

However, EHR cloning practices have led to a number of problems. When physicians, nurses, or other practitioners clone information but fail to update it or ensure accuracy, erroneous information may enter the patient’s medical record. As a result, inappropriate charges may be billed to patients or third-party health care payers. Furthermore, improper cloning can facilitate attempts to upcode claims and duplicate or create fraudulent claims.

Why has this improper practice grown?  Frankly, there are a number of reasons why cloning now represents a significant problem.  At the outset, it is important to keep in mind that health care providers are now under the proverbial “microscope.”  Past documentation practices that may have been acceptable are no longer accepted by the government.  Abbreviated, incomplete records documenting an examination are unacceptable and will likely fail to qualify for coverage and payment when audited by a ZPIC or RAC.  Health care providers are under increasing pressure to document patient visits and treatment records fully, in accordance with any Local Coverage Determination (LCD) requirements and National Coverage Determination (NCD) guidelines.

National Government Services, a Medicare Administrative Contractor (MAC), considers cloned documentation to be a misrepresentation of the medical necessity requirement for coverage because of the lack of specific individual information for each unique patient.”[9] If a program integrity contractor (such as a ZPIC, RAC or Specialty contractor) identifies cloned documents, it will likely deny payment for any associated claims on the basis that medical necessity had not shown.

VI.  The Practice of Cloning is Not Always Inappropriate:

To be clear, it is not illegal per se, to copy a passage from a previous visit and copy it into the record of another visit.  Nevertheless, you shouldn’t think that the practice of cloning is supported by the government.  Under certain circumstances, it might be appropriate to copy certain information from one location in EHR and paste it to another place in the patient’s records.  For instance, copying a portion of a prior records entry may be appropriate when reciting the elements of a patient’s prior medical history or the results of a prior diagnostic test administered.  If you intend to copy information from a prior entry into the Progress Note documenting a more recent visit:

Take care — accuracy counts.  A health care providers must review the type of service that was provided, update it if necessary and bill accordingly. For example, a past history copied from a previous entry or date of service needs to be reviewed and revised (as appropriate), not simply copied and pasted into the new note.  You cannot bill for a service that was provided at the time of previous visit.  Look at the passage you intend to copy.  Have you performed all the services discussed?  Is the note being used to describe a prior visit OR are you merely trying to speed up your documentation of today’s visit?

Review any cloned information to make sure the notes make sense for that date of service. A patient’s chief complaint should carry through to the physical and/or mental exam and history and support the decisions made and medical necessity. As to a patient’s range of systems (ROS), only document the systems that are actually completed during a specific visit. ROS findings from a previous visit must not be blindly copied.  Furthermore, examine your documentation.  Have you fully recorded an examination of systems that are consistent with today’s chief complaint?

The bottom line is simple — health care providers using “canned” templates when completing a Progress Note do so at considerable risk. When, and if, a Medicare ZPIC or RAC audits your records several years from now, will it appear that you merely copied findings from an earlier entry or will it be clear that you conducted an individualized examination of a patient and that your reported findings are accurate?  Keep in mind — it is difficult enough already for a health care provider to properly document medical necessity.  Confusing the picture by copying and pasting portions of a prior record entry will likely diminish your efforts in this regard. 

Make sure that you sign each piece of documentation as needed. The signature, whether actual or  electronic, indicates that you agree with the information provided on that date of service.  You should never “sign” a Progress Note or other record that has not been fully reviewed for accuracy.

Do not let the EHR select the codes or health information for you.  Such automatic programs can lead to bad practices.  You may be encouraged by the EHR program to examine an additional “system,”  despite the fact that your initial review of the patient did not find that the review of an additional system was medically necessary.

VII.  Is Your EHR System is Helping or Hurting Your Compliance Efforts?

Health care providers should ensure that they have implemented (and are actively conducting) an effective auditing program.  For example, audit logs that monitor user activity can be an important tool to combat fraud in the use of EHRs.  These logs can record the date and time of entry, the user identification, and the type of access to the HER (e.g., creating, editing, viewing). Audit logs should also be able to capture encounters related to billing, or whether an EHR document is being exported or imported. Analyzing audit los will allow providers to prevent or detect fraud, such as identifying duplicative or fraudulent claims and inflated billing.

Practices should also implement policies and procedures designed to prevent the practice of improper cloning by their billing providers.  While many practices may try to shift this burden of responsibility to EMR users, employee training is only measure that can be taken to reduce the likelihood of cloning.  An organization should incorporate this issue into their Compliance Plan.  Cloning should be added to a health care provider’s list of ongoing risk issues to be considered by their staff members when documenting patient care and treatment.

VIII.  Final Remarks:

Although the federal government is encouraging the implementation and use of EHRs, both law enforcement and CMS contractors have continued to focus on cloning as an area of ongoing concern. While the practice of cloning in EHRs may arguably enhance the efficiency of data input, this practice can easily be misused.  It is therefore vitally important that health care providers effectively and properly use EHRs in their practices.  Concerns over EHR cloning practices are an issue that is likely to remain scrutinized carefully by ZPICs and RACs.  The most prudent approach would be for a health care provider to avoid this practice.  When a contractor examines your EHR system, is it clear that you conducted an individualized, personalized examination of the patient?

Healthcare LawyerRobert W. Liles, Esq., serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law.  Liles Parker attorneys represent health care providers around the country in Medicare, Medicaid and private payor audits of claims by ZPICs, RACs, specialty contractors employed by CMS and by private payor Special Investigative Units (SIUs).  For a free initial consultation, please give Robert a call.  He can be reached at: 1 (800) 475-1906.

[1] CMS, Electronic Health Records Overview. Accessed at http://www.cms.gov on Dec. 20, 2013.

[2] Pub. L. 111-5.

[3] ARRA, Title IV, Pub. L. 111-5.

[4] CMS, Medicare and Medicaid Incentive Provider Payments by State. Program Type: January 2011-March 2013. Accessed at http://www.cms.gov on Dec. 20, 2013.

[5] CMS, Electronic Health Records Overview. Accessed at http://www.cms.gov on Dec. 20, 2013.

[6] Based on CMS estimates of total health care expenditures in 2009. CMS, National Health Expenditure Data. Accessed at http://www.cms.gov.

[7] See Baer, Ivy. HIT Policy Committee Hearing on Clinical Documentation, Feb. 13, 2013.

[8] Letter from Eric H. Holder, Jr., Attorney General of the United States, and Kathleen Sebelius, Secretary of U.S. Department of Health & Human Services to Chief Executives of the American Hospital Association, Association of Academic Health Centers, National Association of Public Hospitals and Health Systems, Federation of American Hospitals, and the Association of American Medical Colleges (Sept. 24, 2012), available at http://www.modernhealthcare.com/Assets/pdf/CH82990924.PDF.

[9] National Government Services, Cloned Documentation Could Result in Medicare Denials for Payment. Accessed at www.ngsmedicare.com.

Medicare Audits in Miami, FL

(August 28, 2012): In this  feature, we focus on particular Medicare audits and appeals information for various ZPIC audit and RAC audit hotspots around the country. Check back in for information about Medicare audits and appeals in your city.

Medicare Audits in Miami, FL:

At-a-Glance Information:

Miami Population: 408,750 (2011 Census)
Medicare Administrative Contractor (MAC) (Parts A/B): First Coast Service Options, Inc.
DME MAC (Region C): CIGNA Government Services Administrators LLC
Zone Program Integrity Contractor (ZPIC): Safeguard Services
Recovery Audit Contractor (RAC):  Connolly Consulting Associates, Inc.
Medicaid Contractor: HP Enterprise Services
State Healthcare Investigative Service: Florida Agency for Health Care Administration (AHCA) Office of Inspector General (OIG)

Medicare Audits and Fraud Enforcement in Miami, FL:

Medicare’s fraud enforcement in Florida (and especially in Miami and the surrounding areas), have consistently remained a focus of the government’s investigation and prosecution efforts. Long considered the “epicenter” of healthcare fraud, the federal government has actively pursued administrative, civil, and criminal cases throughout the region. While at times this activity may appear to be unstoppable, it is important to keep in mind that the Miami area and surrounding townships have a disproportionately high number of Medicare eligible individuals.  Is the which occurs in this area actually be proportional to that which occurs in the rest of the country?  Regardless of the answer, it is important that ALL health care providers ensure that their activities fully comply with Medicare’s participation, coverage, coding and billing rules.  Compliance is not an option — it is mandatory, regardless of your payor mix.  Do you have an effective Compliance Plan in place?  Have you recently conducted a review of your business, treatment and billing activities to better ensure compliance?  If not, a comprehensive review should be conducted and any deficiencies must be immediately remedied.

Medicare contractors, including RACs and ZPICs, frequently audit providers in Miami and other cities in Florida, including Orlando, Fort Lauderdale, and Tampa Bay. If you receive a letter indicating you are being audited or investigated, it is important to seek the advice of counsel quickly, as these letters usually set out deadlines by which you must respond.

As a final point, if you are audited by a ZPIC, RAC, or a federal or state law enforcement agency, we recommend that you retain experienced and qualified legal counsel to assist in responding to an audit.  Qualified legal counsel at your side can help ensure that all of your rights are preserved and that your responses and obligations to the government are timely and adequately met.

Healthcare LawyerDavid Parker represents providers in Medicare post-payment audits and appeals, and similar appeals under Medicaid. In addition, David counsels clients on regulatory compliance issues, performs gap analyses and internal reviews, and trains healthcare professionals on various legal issues. For a free consultation, call David today at 1 (800) 475-1906.

Healthcare Data Mining Audits: Impact on Medicare Providers and Suppliers

(June 27, 2012):  Healthcare data mining has become quite routine.  For instance, in a recent case involving a Missouri psychologist, the provider was indicted and arrested on two counts of healthcare fraud and forgery. At the heart of this case was the fact that the psychologist allegedly submitted claims to Medicare and Medicaid that were virtually impossible for a single individual to perform. In fact, the indictment stated that the physician worked every day except for Christmas from mid-2008 to early 2012, when he was arrested. In other words, he worked three and a half years straight, seven days a week, with only four Christmases away from the practice. Obviously, this data raised a few red flags for Medicare fraud fighters. As both interest and concern in the provision of national health care has risen, the current administration has aggressively pursued fraudsters who have improperly billed Medicare, Medicaid and private health plan payors. Not surprisingly, additional funding has accompanied these increased investigative and prosecutorial efforts.

As the government has increased its pressure on fraudulent providers, both law enforcement organizations such as the Department of Health and Human Services, Office of Inspector General (HHS-OIG) and contractors of the Centers for Medicare & Medicaid Services (CMS) have become increasingly adept at identifying and pursuing fraudulent and / or potentially fraudulent billing activities by abusive health care providers.

I.     How is the Government Using Healthcare Data Mining Audits?

Generally, the two primary targeting tools used by CMS contractors and law enforcement to identify wrongdoing are:  (1) Data Mining, and (2) Complaints.  This article focuses on the first targeting tool, the use of healthcare data mining. We will address “complaints” in detail in a later article.

At the outset, it is important to keep in mind that the government has been accumulating utilization, coding and billing data since the passage of the Medicare and Medicaid programs in 1965 as part of Title XVIII of the Social Security Act. Over the past 40 years, the government has carefully studied this data, identifying trends and noting irregularities. Both HHS-OIG and CMS contractors (including, but not limited to Zone Program Integrity Contractors (ZPICs), Recovery Audit Contractors (RACs), and Medicaid Integrity Contractors (MICs)) are able to effectively use data mining to analyze various aspects of the coding and billing data submitted by billing health care providers. These entities employ experts in database management and use  sophisticated techniques to “slice and dice” the Medicare and Medicaid billing and coding data.  In doing so, they are able to compare providers by practice area, geography, time, and a practically endless number of other factors. They can then effectively identify any “outliers” which may be present when their billing patterns are compared to those of their peers.

For instance, in the case described above, healthcare data mining has become quite common.  It was clearly used to review the psychologist’s claims history and determine that what he was billing was likely both impossible and fraudulent.  Nevertheless, it is important to always keep in mind that although data mining may strongly suggest that a provider is engaging in improper conduct, at the end of the day, an outlier is merely a provider whose billing patterns differ from those of his / her peers.  A review of the documentation must still be conducted to ascertain whether, in fact, fraudulent conduct has occurred.  While ZPICs and MICs handle the majority of the data mining work being conducted, when the data appears to suggest that fraudulent conduct is taking place, providers should expect HHS-OIG and possibly the Department of Justice or the Federal Bureau of Investigations to step into investigation.  Unfortunately, while data mining can detect aberrant patterns in billing data, it can’t explain them, and often times, this leaves well-intentioned providers facing scrutiny if their billing history appears aberrant for an otherwise innocent reason.  For instance, a specialist who is renowned in his area of practice may be referred serious, highly complex patients by his peers. This could result in his billing patterns appearing to be different from those of similarly-situated physicians.  Despite the fact that there is an innocent explanation for the specialist’s billing patterns, the data alone may appear to suggest that fraud is taking place.  Health care providers should take affirmative steps to determine whether their coding and billing patterns are “normal” or whether their practices are irregular when compared to other providers.

To be clear, just because your coding and billing practices differ from those of your peers does not necessarily mean that you are engaging in improper conduct.  Nevertheless, if you are an outlier, we strongly recommend that you carefully analyze your internal practices in an effort to identify why your utilization history differs from those of your peers.  Perhaps you are, in fact, improperly coding or billing for services rendered.  If so, you will need to determine the scope of any overpayment and work with your legal counsel to promptly reimburse the government.  As we have repeatedly advised our clients, “If it isn’t yours, give it back.” Upon review, if your coding and billing practices appear skewed, you need to be ready to explain why your utilization rate is different if audited by a CMS contractor or investigated by law enforcement.

II.    Helpful Tools When Conducted an Internal Assessment:

If you are a Compliance Officer, part of your responsibilities includes the identification and repayment of any improper billings. While you can’t completely eliminate the risk of an audit, there are several tools that can help your organization determine how your utilization rates compare to those of your peers.  Among these tools is one of our personal favorites – DecisionHealth’s “E/M Bell Curve Data Book,” which gives a visual overview of the Center for Medicare and Medicaid Services’ (CMS’) Evaluation and Management (E/M) data rates for 59 different specialties. For instance, a general practitioner can look at his established patient office visits (CPT© codes 99211 – 99215) and compare his utilization rates to the national average for the same CPT© codes. This data can be extremely useful in assessing an office’s billing practices and patterns and give confidence to a provider whose rates are similar to the national average.

Another effective tool, especially for non-E/M practices, such as home health agencies and hospices, is the “The Dartmouth Atlas of Health Care,” which provides a variety of data tools to evaluate Medicare spending by county. Not only does this interactive website have average-spending-per-Medicare-beneficiary maps, it also has a tool which allows providers to examine national and state benchmarks for a variety of statistics. These include Medicare reimbursements, hospice, skilled nursing facility, and home health agency utilization rates, surgical procedures and more. Applied correctly, this data can be instrumental in a practice’s self-evaluation and gives providers significant insight into their own billing patterns.

III.     How Should You Respond to Healthcare Data Mining Audits?

Staying fully compliant with all of Medicare’s and / or Medicaid’s rules and regulations can be a quite a challenge.  Nevertheless, as a participating provider, you have affirmatively agreed to meet that obligation.  As providers are constantly reminded, serving as a participating provider is a privilege, not a right.  Unfortunately, even with the best tools, physicians, group practices, clinics, home health agencies and other providers may still find themselves subject to Medicare post-payment and / or prepayment audits by a ZPIC (and now by a RAC). Reviewers and auditors employed by Medicare contractors are highly experienced, knowledgeable and skilled in assessing the propriety of a claim.  They have years of experience handling audits and are quite good at identifying deficiencies in your documentation, regardless of how minor you may believe those  deficiencies might be.  While it is essential to understand your obligations as a Medicare participant, it is equally important to understand how and why practices get audited.  As discussed in earlier articles, while you may not be able to avoid an audit, you can do your very best to help ensure that upon review, a CMS contractor will find that your practices fully meet Medicare rules and regulations.  The development, implementation and adherence to an effective Compliance Plan is the single best step you can take to avoid regulatory problems.

Healthcare LawyerRobert Liles is the managing member of Liles Parker PLLC. Robert represents providers in Medicare providers around the country in postpayment audits and appeals, and similar appeals under Medicaid. In addition, Robert counsels clients on regulatory compliance issues, performs gap analyses and internal reviews, and trains healthcare professionals on various legal issues. For a free consultation, call Robert today at: 1 (800) 475-1906.

NCI-Owned AdvanceMed Will Remain the ZPIC Responsible for Zones 2 and 5.

NCI-owned AdvanceMed is Expected to Remain Actively Auditing Medicare Providers.(April 10, 2011):  Last week, it was announced that NCI, Inc., one of the nation’s most successful information technology companies had acquired the outstanding capital stock of AdvanceMed Corporation (AdvanceMed), an affiliate of CSC.  While the acquisition went largely unnoticed by the health care provider community, the transaction may, in fact, be quite significant.  With this acquisition by NCI, a recognized powerhouse in information technology, Medicare and Medicaid providers should expect AdvanceMed’s expertise in data mining and investigations to continue to grow.  Medicare and Medicaid providers have an affirmative obligation to ensure that operations, coding and billing activities fully comply with applicable statutory and regulatory requirements.  As NCI-owned AdvanceMed continues to fine-tune its data mining efforts and further expands its ability to conduct “Predictive Modeling,” providers will likely find their actions under the microscope like never before.  It is therefore imperative that all health care providers immediately implement an effective Compliance Plan (if they have not already done so) or further enhance their current compliance efforts. The purpose of this article is to briefly report on NCI-owned AdvanceMed and discuss the changes, if any, that Medicare providers and suppliers should expect.  An overview of the current ZPIC environment is also provided.

I.  Background of NCI’s Acquisition of AdvanceMed:

NCI first announced its plans to acquire AdvanceMed last February.  As NCI’s February 25th News Release noted (in part):

“The Obama Administration has emphasized reducing fraud, waste, and abuse in Federal entitlements. AdvanceMed is ideally positioned to support the program integrity initiatives of CMS and other Federal Government agencies. . . We are extremely pleased to have AdvanceMed join NCI and believe that this acquisition will provide NCI an outstanding platform to address this rapidly growing market opportunity.”  (A complete account of NCI’s announcement can be found at the above link). 

In recent years, AdvanceMed has positioned itself to where it now has multiple contracts with the Federal government.  In addition to serving as a Zone Program Integrity Contractor (ZPIC) for Zone 2 and Zone 5, the contractor also serves as Program Safeguard Contractor (PSC) in areas not yet converted to the ZPIC system of contractor review.  Additionally, the contractor also serves as a Comprehensive Error Rate Testing (CERT) contractor.  On the Medicaid side, AdvanceMed also serves as a Medicaid Integrity Contractor (MIC).  While a host of other contractors have been awarded contracts covering other zones and program areas, AdvanceMed’s growth has been undeniably impressive.  As NCI announced as part of April 4th “News Release” covering the acquisition:

“AdvanceMed is a premier provider of healthcare program integrity services focused on the detection and prevention of fraud, waste, and abuse in healthcare programs, providing investigative services to the Centers for Medicare and Medicaid Services (CMS). Serving CMS since 1999, AdvanceMed has grown rapidly, demonstrating the value and return on investment of the Federal Government’s integrity program activities.

AdvanceMed employs a strong and experienced professional staff, which leverages sophisticated information technology, data mining, and data analytical tools, to provide a full range of investigative services directed to the identification and recovery of inappropriate Medicare and Medicaid funds. AdvanceMed supports healthcare programs in 38 states with a staff of more than 450 professionals, including information specialists, nurses, physicians, statisticians, investigators, and other healthcare professionals.

AdvanceMed has multiple contracts with CMS under the Zone Program Integrity (ZPIC), Program Safeguard (PSC), Comprehensive Error Rate Testing (CERT), and Medicaid Integrity (MIC) programs. All of these programs are executed under cost plus contract vehicles. The largest contracts-ZPIC Zone 5 and ZPIC Zone 2-were awarded in late 2009 and 2010 and have five-year periods of performance.

The acquisition price was $62 million. Included within the price is a recently completed, state-of-the-art data center to support the ZPIC Zone 5 and ZPIC Zone 2 contracts. Additionally, NCI will make a 338(h)(10) election, enabling a tax deduction, which is expected to result in a tax benefit with an estimated net present value of approximately $6 million to $8 million. NCI expects the transaction to be slightly accretive to 2011 earnings.

As of the end of March 2011, AdvanceMed has a revenue backlog of approximately $300 million with approximately $51 million of that amount being currently funded. Revenue for the trailing 12 months ending March 31, 2011, is estimated to be approximately $51 million, all of which was generated from Federal Government contracts, and 99% of the work performed as a prime contractor. NCI’s AdvanceMed 2011 revenue, covering the nine-month period of April 2, 2011, to December 31, 2011, is estimated to be in the range of $43 million to $47 million (the equivalent of $57 million to $63 million on a full 12-month basis), with the midpoint reflecting a full-year growth of approximately 16%. . . “   (A complete account of NCI’s statement can be found at the link indicated above).

II.  Overview of the ZPIC Program:

The following comments are intended to provide an overview of the ZPIC program and is not focused on any ZPIC in particular.  Under the Medicare Prescription Drug, Improvement and Modernization Act of 2003 (MMA), CMS was required to take a number of steps intended to streamline the claims processing and review process:

Using competitive measures, CMS was required to replace the current Medicare Fiscal Intermediaries (Part A) and Carriers (Part B) contractors with Medicare Administrative Contractors (MACs).

After setting up the new MAC regions, CMS created new entities, called Zone Program Integrity Contractors (ZPICs)

These actions were intended to consolidate the existing program integrity efforts.  Over the last 2 — 3 years, ZPICs have been taking over PSC audit and enforcement activities around the country.

At the time of transition, there were twelve PSCs that had been awarded umbrella contracts by CMS. As these contracts have expired, CMS has transferred the PSCs’ fraud detection and deterrence functions over to ZPICs.   Of the seven ZPIC zones established in the MMA, CMS has awarded contracts for a number of the zones. CMS is still working to issue awards for the final ZPIC zones.  The seven ZPIC zones include the following states and / or territories:

  • Zone 1 – CA, NV, American Samoa, Guam, HI and the Mariana Islands.
  • Zone 2 – AdvanceMed: AK, WA, OR, MT, ID, WY, UT, AZ, ND, SD, NE, KS, IA, MO.
  • Zone 3 – MN, WI, IL, IN, MI, OH and KY.
  • Zone 4 – Health Integrity: CO, NM, OK, TX. 
  • Zone 5 – AdvanceMed: AL, AR, GA, LA, MS, NC, SC, TN, VA and WV.
  • Zone 6 – PA, NY, MD, DC, DE and ME, MA, NJ, CT, RI, NH and VT.
  • Zone 7 – SafeGuard Services: FL, PR and VI.

In many instances, these changes have been more of a “name change” rather than a substantive change in the way claims will be audited. ZPIC responsibilities are generally the same as those currently exercised by PSCs. While ZPIC overpayment review duties have not appreciably changed, the number of civil and criminal referrals appear to be increasing. In our opinion, ZPICs clearly view their role differently than that of their PSC predecessors.  ZPICs clearly view themselves as an integral part of the law enforcement team, despite the fact that they are for-profit contractors.  In consideration of their ability to recommend to CMS that a provider be suspended or have their Medicare number revoked, and / or refer a provider to law enforcement for civil and / or criminal investigation, providers should take these contractors quite seriously.

Both ZPICs and PSCs have traditionally asserted that unlike their RAC counterparts, they are not “bounty hunters.”  ZPICs are not paid contingency fees like RACs but instead directly by CMS on a contractual basis.  Nevertheless, common sense tells us that if ZPICs aren’t successful at identifying alleged overpayments, the chances of a ZPIC’s contract with CMS being renewed are likely diminished.  Additionally, experience has shown us that despite the fact that ZPICs are expected to adhere to applicable Medicare coverage guidelines, a ZPIC’s interpretation and application of these coverage requirements may greatly differ from your understanding of the same provisions.  In recent years, ZPICs have been aggressively pursuing a wide variety of actions, including but not limited to:

  • Prepayment Audit.  After conducting a probe audit of a provider’s Medicare claims, the ZPIC may place a provider on “Pre-payment Audit” (also commonly referred to as Prepayment Review).  Unlike a postpayment audit, there is no administrative appeals process that may be utilized by a provider for relief.  Having said that, there are strategies that may be utilized by a provider which may assist in keeping the time period on prepayment review at a minimum.
  • Postpayment AuditAudits conducted by ZPICs primarily involve Medicare claims that have already been paid by the government.  After reviewing these claims, it is not uncommon for a ZPIC to find that the audited provider has been overpaid.  Having said that, the ZPICs we have dealt with appear to apply a strict application of the coverage requirements, regardless of whether a provider’s deviation from the rules is “de minimus” in nature.  In doing so, it is not unusual to find that a provider has failed to fully comply with each and every requirement.  Depending on the nature of the initial sample drawn, a ZPIC may extrapolate the damages in a case, significantly increasing the alleged overpayment.  In doing so, the ZPIC is effectively claiming that the “sample” of claims audited are representative of the universe of claims at issue in an audit.
  • Suspension.  While the number of suspension actions taken by ZPICs has steadily increased in recent years,  Medicare providers should expect to see this number continue to grow.  Under the Affordable Care Act (often informally referred to as the “Health Care Reform” Act), CMS’ suspension authority has greatly expanded.   
  • Revocation.  As with suspensions, we have seen a sharp increase in the number of Medicare revocation actions taken over the last year. The reasons for revocation have varied but have typically been associated with alleged violations of their participation agreement. In some cases, the ZPIC contractors found that the provider has moved addresses and did not properly notified Medicare. In other cases, a provider was alleged to have been uncooperative during a site visit. Finally, there were a number of instances where the provider allegedly did not meet the “core” requirements necessary for their facility to remain certified.
  • Referrals for Civil and Criminal Enforcement.  ZPICs are actively referring providers to the OIG (which can in turn refer the case to the U.S. Department of Justice for possible civil and / or criminal enforcement) when a case appears to entail more that a mere overpayment. However, just because a referral is made doesn’t mean that it will prosecuted. In many instances, OIG (and / or DOJ) will decline to open a case due to a variety of reasons, such as lack of evidence, insufficient damages, etc.).

 III.  Steps Providers Can Take Now, Before They are Subjected to a ZPIC Audit:

In responding to a ZPIC audit, it is important to remember that although they may not technically be “bounty hunters,” it is arguably to their benefit to find that an overpayment has occurred. These overpayments are often based on overlapping “technical” (such as an incorrect place of service code) and “substantive” (such as lack of medical necessity) reasons for denial. In recent years, the level of expertise exercised by ZPICs is often quite high — noting multiple reasons for denial and concern.

Unfortunately, the reality is that most (if not all) Medicare providers will find themselves the subject of a ZPIC, CERT, RAC or other type of claims audit at some point in the future.  In our opinion, the single most effective step you can take to prepare for a contractor audit is to ensure that your organization has implemented and is adhering to an effective Compliance Plan.  A comprehensive assessment of an organization’s coding and billing practices is one element of an effective plan.  Several general points to consider also include:

Keep in mind your experiences with PSCs and other contractors.  The lessons you have learned responding to PSC, CERT and RAC audits can be invaluable when appealing ZPIC overpayments.  As you will recall, the appeals rules to be followed are virtually the same.

Monitor OIG’s Work Plan.  While often cryptic, it can be invaluable in identifying areas of government concern.  Are any of the services or procedures your organization currently provides a focus of HHS-OIG’s audit or investigative?

Keep an eye on RAC activities.  Review the service-specific findings set out in annual RAC reports.  Review targeted areas carefully to ascertain whether claims meet Medicare’s coding and medical necessity policies.

You never realize how bad your documentation is until your facility is audited. While many providers start out “over-documenting” services (to the extent that there is such a thing), a provider’s documentation practices often become more relaxed as time goes on – especially when the provider has not been audited for an extended period of time.  In such situations, both physicians and their staff may fail to fully document the services provided.  Moreover, the care taken to ensure that all supporting documentation has been properly secured may have also lapsed over the years.

Review your documentation.  Imagine you are an outside third-party reviewer.  Can an outsider fully appreciate the patient’s clinical status and the medical necessity of treatment?  Are the notes legible and written is a clear fashion?  Compare your E/M services to the 1995 or 1997 Evaluation and Management (E/M) Guidelines – have you fully and completely documented the services you provided?  If dealing with skilled services, have you fully listed and discussed both the need for skilled services and the specific skilled services provided?

IV. Closing Thoughts on NCI-Owned AdvanceMed:

Imagine a ZPIC hands you a claims analysis rife with alleged errors, an indecipherable list of statistical formulas, and an extrapolated recovery demand that will cripple your practice or clinic. What steps should you take to analyze their work? Based on our experience, providers can and should carefully assess the contractor’s actions, particularly the use of formulas and application of the RAT-STATS program when selecting a statistical sample and extrapolating the alleged damages based on the sample.  To be clear, not all statistical extrapolations will be flawed.  Depending on the steps taken by the ZPIC’s statistician,  to the Over the years, we have challenged the extrapolation of damages conducted by Medicare contractors around the country, including tens of thousands of claims. Regardless of whether you are a Skilled Nursing Facility providing skilled nursing and skilled therapy services, an M.D. or D.O. providing E/M services, a Home Health company or a Durable Medical Equipment (DME) company, it is imperative that you work with experienced legal counsel and statistical experts to analyze the actions take by a ZPIC.

Healthcare Attorney Liles Parker attorneys and staff have extensive experience representing a wide range of Medicare providers in audits by ZPICs and other CMS program integrity contractors.  Should you have questions regarding an inquiry from a ZPIC or RAC that you have received, please feel free to give us a call for a complimentary consultation.  We can be reached at:  1 (800) 475-1906.