Liles Parker PLLC
(202) 298-8750 (800) 475-1906
Washington, DC | Houston, TX
San Antonio, TX | Baton Rouge, LA

We Defend Healthcare Providers Nationwide in Audits & Investigations

UPIC Claims Audits of Medicare Services are Underway! Are You Ready?

UPIC Claims Audits(June 12, 2017):  Historically, the Centers for Medicare and Medicaid Services (CMS) has relied on a network of private contractors to handle the program integrity functions for both the Medicare and Medicaid programs.  With respect to Medicare, CMS has utilized Zone Program Integrity Contractors (ZPICs) and to a much lesser extent, Program Safeguard Contractors (PSCs) to perform a wide range of program integrity functions.[1] On the Medicaid side, CMS utilized Medicaid Integrity Contractors (MICs) to handle Medicaid-related program integrity activities.  As discussed below, the Unified Program Integrity Contractor (UPIC) program is now poised to take over all of these responsibilities.

I. Early Historical Background of Fiscal Intermediaries (FIs) and Carriers:

The Medicare and Medicaid program were first enacted into law on July 30, 1965 by President Lyndon B. Johnson. When the programs were subsequently implemented in 1966, the government chose to use private health care payors to process the claims of Medicare beneficiaries.  Private entities were awarded contracts to serve as “Fiscal Intermediaries” and “Carriers.”  Fiscal Intermediaries were responsible for handling Part A claims.  Generally, Part A claims includes hospital care, skilled nursing facility care, non-custodial nursing home care, hospice care and home health services.  In contrast, Carriers were responsible for handling Part B claims.  Unlike Part A, Medicare Part B covers a wide variety of medically necessary outpatient care and treatment services.  It also covered a number of preventative services.  Additionally, Medicare Part B covers certain types of supplies and durable medical equipment.  Since their inception, both Fiscal Intermediaries and Carriers have been responsible for fulfilling a number of Medicare program education, administrative processing and program integrity roles.

II. Early Medicare Program Integrity Funding Efforts:

Prior to 1996, funding for Medicare program integrity activities was included in Medicare’s general administrative budget.  As such, it had to “compete,” so to speak, with all of the claims-related education and processing programs paid for out of Medicare’s general administrative budget.  As you can imagine, this led to a variety of budgetary conflicts and counterproductive competition between programs to obtain a suitable share of available funding.  The General Accounting Office (GAO) issued reports in 1993 and 1995 calling for separate, dedicated funding for Medicare program integrity activities.[2]

III. Passage of HIPAA – Establishment of Program Safeguard Contractors (PSCs):

On August 21, 1996, the Health Insurance Portability and Accountability Act (HIPAA) was enacted into law.  While HIPAA is practically synonymous with “medical privacy” among both lay persons and most health care providers, law enforcement’s view of the statute was quite different.  Under HIPAA, both the Department of Justice (DOJ) and the Department of Health and Human Services (HHS), Office of Inspector General (OIG) received sizeable, recurring funding that was to be used solely for the investigation and prosecution of cases involving health care fraud, waste and abuse.

Among its many provisions, HIPAA also established the Medicare Integrity Program (MIP). The MIP was created in an effort to further enhance the ability of the Health Care Financing Administration (HCFA)[3] to detect and deter fraud, waste and abuse in the Medicare program. As part of MIP, HCFA created the Program Safeguard Contractor (PSC) program.  From a program integrity standpoint, PSCs were a major step forward.  Among their many duties, PSCs were expressly tasked with identifying potential cases of fraud and making referrals to OIG and DOJ, as appropriate.

IV. Enactment of the MMA – Creation of MACs and ZPICs:

The Medicare Modernization Act (MMA) was subsequently signed into law on December 8, 2003.  The MMA greatly simplified the administrative processing of Medicare claims through its implementation of a comprehensive Medicare Fee-For-Service Contracting Reform program.  Under this program, CMS used the competitive bidding process to replace the existing system of Fiscal Intermediaries (responsible for processing Part A claims) and Carriers (responsible for processing Part B claims) with a single administrative claims processing entity known as Medicare Administrative Contractors (MACs).

In addition to completely revising the administrative claims processing scheme (through the creation of MACs), the MMA also directed that newly-established would take over the responsibility for handling Medicare program integrity functions and activities. A total of seven ZPIC zones were created to work with the MAC in their jurisdiction.  Each of these ZPICs have been responsible for performing program integrity functions Medicare Parts A, B, Durable Medical Equipment Prosthetics, Orthotics, and Supplies, Home Health and Hospice and Medicare-Medicaid data matching, in their respective zones.  Notably, Medicare Part C and D program integrity efforts have been assigned to a single national contractor.  The contractor responsible for handling Medicare Part C and Part D claims is known as the Medicare Drug Integrity Contractor (MEDIC).

V. Rise of the UPICs

As detailed in the Comprehensive Medicaid Integrity Plan. Fiscal Years 2014—2018,” issued by CMS, Section 1936(d) of the Social Security Act requires that the HHS Secretary establish a comprehensive plan for ensuring the program integrity of the Medicaid program, on a recurring 5-fiscal year basis.  To this end, CMS developed Unified Program Integrity Contractor (UPIC) program. Unlike earlier program integrity efforts, UPIC contractors have been tasked with conducting Medicare, Medicaid and Medi-Mal investigations and audits of participating health care providers and suppliers in their assigned jurisdictions.

While both ZPICs and MICs are still active around the country, efforts by CMS to consolidate Medicare, Medicaid and Medi-Mal fraud fighting efforts under a single entity are well underway.  Contracts awarding these integrated program integrity responsibilities were awarded to the following UPICs in May 2016:

  • Health Integrity, LLC (Western Jurisdiction)

  • AdvanceMed Corporation (Midwestern Jurisdiction)

  • IntegriGuard, LLC, dba HMS Federal (Indefinite Delivery Indefinite Quantity)

  • Noridian Healthcare Solutions, LLC (Indefinite Delivery Indefinite Quantity)

  • Safeguard Services LLC (North Eastern Jurisdiction)

  • StrategicHealthSolutions, LLC (Indefinite Delivery Indefinite Quantity)

  • TriCenturion, Inc. (Indefinite Delivery Indefinite Quantity)

At first glance, you will likely note that the virtually none of the awardees are new to the business of “program integrity.”  In fact, each of these contractors have previously served as a ZPIC or PSC.  As such, each of these UPIC contractors have years of experience supporting the government’s efforts to identify, deter, prevent, and reduce fraud, waste and abuse.

VI. What is the Practical Difference Between a PSC, ZPIC and UPIC Contractor, if Any?

You may ask, “What is the difference between a PSC, a ZPIC and a UPIC?”  Great question.  With respect to Medicare, the program integrity activities conducted are essentially the same.  In fact, Chapter 4, Section 4.1, of the Medicare Program Integrity Manual (MPIM) expressly states:

 “For this entire chapter, and until such time as all ZPICs are awarded, any reference to ZPICs shall also apply to Program Safeguard Contractors (PSCs), unless otherwise noted. All references to ZPICs shall also apply to Unified Program Integrity Contractor (UPIC) unless otherwise specified in the UPIC [Statement of Work] SOW.”

VII. UPIC Contracts Have Been Awarded and UPIC Claims Audits are Currently Underway:

A number of our clients around the country have already received requests for records from the UPIC handling their jurisdiction.  One UPIC in particular, AdvanceMed, has been especially active over the last six months in sending out audit letters requesting copies of medical records and other documentation which supports the specific claims being assessed.  As discussed below, a careful review of any request that you receive may give an indication of how the case arose and whether the contractor’s review is merely claims focused or also includes an assessment of the provider’s business relationships and practices.

Requests for documents sent by UPICs and their predecessor ZPICs can vary in terms of scope, purpose and due date.  There are several points that should be considered whenever a UPIC or ZPIC request for medical records is received by a Medicare provider:

When must the requested documents be sent to the UPIC or ZPIC? Over the last year, a number of ZPIC requests for documents have required that the documentation must be submitted to the contractor within 15 days. This is really frustrating in light of the fact that under 42 CFR 420.304(b)(1), the contractor is supposed the health care provider 30 days to submit the documents being requested.  Although most ZPICs will readily agree to an extension of time, if they only agree to extend the deadline to 30 days, they really are granting the provider anything, are they?  To date, we have not seen UPIC claims audit requests seeking documents permitting more than 30 days for the documents to be submitted.

What types of documents are requested in contractor’s request? Carefully review the nature of the request.  Is the UPIC only seeking administrative and claims-related medical records OR, is the contractor also seeking documentation related to a provider’s business relationships and / or business practices?

  • UPIC Claims Audits:  Most audits (and claims reopenings) by UPICs are generated as a result of data mining.  In these cases, a UPIC often restricts its review efforts (at least initially) to the claims being assessed, along with relevant, associated administrative materials.  Examples of documents sought in these types of review include, but are not limited to:
  1. Copy of claim, if available;
  2. Beneficiary Notice of Liability;
  3. Authorization of Benefits;
  4. Consent for treatment;
  5. Signed HIPAA privacy notification forms;
  6. Signature card including names and signatures of all personnel documenting in the beneficiary’s chart.
  7. Electronic signature policy;
  8. Copy of face sheet with beneficiary contact information;
  9. Signed “Consent for Treatment” authorizing the medical service;
  10. A copy of the beneficiary’s Medicare card;
  11. A legend or list that defines acronyms, symbols or abbreviations used in the medical records;
  12. A completed Advanced Beneficiary Notice (ABN), as appropriate;
  13. Copies of licenses and / or certifications of any personnel documenting in the beneficiary’s medical records. This includes, physicians, nurse practitioners, physician assistants, nurses, and other caregivers that require licensure or certification;
  14. If electronic signatures are used, documentation which shows that the electronic signatures properly authenticated and dated. The UPIC will also typically ask for the provider to show that safeguards are in place to prevent unauthorized access;
  15. Physician orders;
  16. History and physical;
  17. Patient encounter / visit forms;
  18. Physician’s office and Progress Notes;
  19. Consultation reports (if applicable);
  20. Surgical reports (if applicable);
  21. Pathology reports (if applicable);
  22. Pathology reports (if applicable);
  23. Laboratory tests results (if applicable);
  24. Radiology reports (if applicable);
  25. Previous treatments received to include dates, diagnosis for treatment, treatments administered; and the patient’s response to treatment / progress made;
  26. Discharge notes (if applicable);
  27. Any additional medical records or findings that support the claim(s) or service(s) billed;
  • UPIC Requests for Business Records Along with UPIC Claims Audit Information:  In addition to the claims-related documents above, if a UPIC also seeks documents related to a provider’s business practices and / or business relationships (i.e. where does the provider get its referrals AND where does the provider send its referrals), there is greater likelihood that other information has been received by the UPIC which suggests that the provider may be engaging in one or more improper business practices. Providers should exercise extreme caution if this type of information is being sought.  To the extent that a UPIC finds evidence that a provider is engaging in wrongdoing, the contractor is required to make a referral to law enforcement (OIG and / or DOJ).  Examples of the business-related documents that may be sought by the UPIC include:
  1. Copies of any leases;
  2. Please provide a listing of all patients seen on the dates of the claims requested in this audit;
  3. Copies of any Medicare Director agreements;
  4. Name of HER software used (if applicable);
  5. Name and contact information for third-party billing company (if utilized);
  6. Please provide a sample of each encounter form utilized in your office;
  7. Copy of patient collections for the period at issue which reflects any copayments and / or deductibles collected from the beneficiary;
  8. Names, addresses and phone numbers and former positions of individuals who are no longer employed by the organization and left within the past three years;
  9. If you are associated with or a member of any assignment account, do you also bill under separate provider numbers? If so, list the numbers and describe the reasons for separate billing;
  10. Copies of any consulting agreements or other business agreements with laboratories, imaging centers or any other entity whose services are billed to Medicare;
  11. List all employees or contracted staff (physicians, therapists, physician assistants, nurses, etc.) who render services and bill Medicare under your provider number;
  12. List associates, partners, employees who bill under their own PTAN numbers;
  13. List associates, partners, employees who bill under your PTAN number;
  14. List the name of the manufacturer, model number and purpose of each piece of diagnostic or treatment equipment in your office, e.g. laboratory equipment, diagnostic equipment (x-ray, MRI, EMG, nerve conduction equipment, cardiac tests, other specialty diagnostic equipment, etc.), physical therapy equipment, chiropractic equipment;

How many Medicare claims are to be audited?  If 10 or less postpayment claims are being reviewed, more than likely the UPIC is conducting a “Probe Sample” of the provider’s claims.  The purpose of the probe sample is to see if there appears to be a potential problem with the provider’s medical necessity, documentation, coding or billing practices.  If few problems are found, the UPIC will likely issue an “Education Letter” to the provider.  If, however, a significant number of errors are identified, the UPIC will likely expand its audit and issue a subsequent request for the supporting documentation associated with 30 or more claims that have already been paid.

If the UPIC’s initial request for records asks for records associated with 30 or more claims (usually billed over a two-year period), there is high likelihood that the UPIC have pulled these claims as part of a “Statistically Relevant Sample.”  As such, the UPIC intends to extrapolated the error rate found to the entire universe of claims.

VIII. How Should You Respond if Your Organization Receives a UPIC Records Request?

If your medical practice, home health agency or hospice is subjected to a UPIC claims audit, we strongly recommend that you immediately contact a qualified health care lawyer.  There are a number of steps you can take at this initial stage in the review that may have a significant impact on whether the UPIC determines that a more in-depth audit is needed.  Moreover, the potential overpayment may also be greatly reduced (depending on the completeness of a provider’s medical records).  Questions?  Give us a call for a free consultation.

UPIC Claims AuditsRobert W. Liles serves as Managing Partner at Liles Parker, Attorneys & Clients at Law.  Our Firm represents health care providers and suppliers around the country in UPIC, ZPIC, RAC and MIC audits.  We also work with providers to develop and implement an effective Compliance Program.  Call Robert for a free consultation.  He can be reached at:  1 (800) 475-1906.

[1] Only a minimum of legacy PSCs are still operating.  Almost all PSC contracts were previously replaced with ZPIC contracts.

[2] GAO, Medicare Spending: Modern Management Strategies Needed to Curb Billions in Unnecessary Payments, GAO/HEHS-95-210 (Washington, D.C.: Sept. 19, 1995); Medicare: Adequate Funding and Better Oversight Needed to Protect Benefit Dollars, GAO/T-HRD-94-59 (Washington, D.C.: Nov. 12, 1993); and Medicare: Funding and Management Problems Result in Unnecessary Expenditures GAO/T-HRD-93-4 (Washington, D.C.: Feb. 17, 1993).

[3] On June 1, 2001, it was announced that the Health Care Financing Administration (HCFA) was being changed to the Centers for Medicare and Medicare Services (CMS).

CERT Postpayment Audits: An Overview of the Audit Process

CERT Audits(March 12, 2011):  Health care providers around the country are finding their practices and clinics subjected to Medicare post-payment audits by Zone Program Integrity Contractors (ZPICs), Program Safeguard Contractors (PSCs) and Comprehensive Error Rate Testing (CERT) Contractors.  While all post-payment audits should be taken seriously, there are real differences between both the contractors and the post-payment audits they are conducting.  This is the first of three articles examining these differences.  Starting with the CERT audit program, we will be examining each of the Medicare contractors conducting CERT postpayment audits and review of provider claims for services and devices.

I.  Historical Background of the CERT Postpayment Audit Program:

With the passage of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 (P.L.104 -191), the Department of Health and Human Services, Office of Inspector General (OIG) initiated work in an effort to estimate the improper payment error rate of Medicare Fee-For-Service (FFS) claims.  From 1996 through 2002, OIG continued to manage this program. In 2002, the “Improper Payments Information Act” (IPIA) was enacted. The Centers for Medicare and Medicaid Services (CMS) subsequently began working with the OIG in 2003, and worked to further refine the estimated Medicare FFS error rate so that the program would comply with the requirements of the IPIA.  These efforts became known as the “Comprehensive Error Rate Testing” (CERT) program.[1]  Unlike early efforts, the CERT program does not only estimate a national improper payments error rate for Medicare FFS claims.  As Timothy Hill, OIG’s Chief Financial Officer testified before the Senate, the CERT program examines a number of essential aspects of the overall error rate of Medicare FFS claims:

“Contractor-specific improper payment rates – which measure the accuracy of our claims processors.

Provider-type specific improper payment rates – which measure how well the providers who care for our beneficiaries are preparing and submitting claims to the program; and

Other management related information – which provides insight into payment errors by region and reason.”[2]

Notably, the CERT program was designed to provide a comprehensive assessment of the improper payments being made to specific types of Medicare providers, along with the improper payment decisions being made by various Medicare contractors.  In doing so, the CERT program was set up to serve as an integral management tool to be used by CMS. Once problem areas were identified, CMS was able to monitor specific problem areas (and in some cases, specific Medicare contractors making erroneous payment decisions) so that corrective action could be taken.

II.  Contractors Performing CERT Postpayment Audits:

CMS has selected private contractors to administer various aspects of the CERT audit program.  There are two basic types of CERT contractors, a “CERT Review Contractor” (CRC) and a “CERT Documentation Contractor” (CDC).  As an initial step, the CRC will first select random samples of claims from each Medicare claims processing contractor.  The CDC will then take the list of claims selected by the CRC and request the relevant documentation related to these claims from the health care provider who provided, billed and was paid for the services.  Once received, the CDC then forwards the documentation to the CRC.

A.  Livanta – CDC.

CMS has awarded the CDC contract to a private company named “Livanta, LLC” (Livanta), located in Annapolis Junction, Maryland. Notably, Livanta has also been awarded the “Statistical Contractor” (SC) portion of the Payment Error Rate Measurement (PERM) program.  The PERM program is designed to measure improper payments in both the Medicaid program and the State Children’s Health Insurance Program (SCHIP).

Focusing on Livanta’s duties as CDC, the contractor typically proceeds as follows when completed its duties as a CERT contractor:

  • Once a provider has been identified, the CDC will contact the provider regarding the audit.  In a number of cases, the CDC will first call the provider by telephone and then follow-up with a fax or written request for the documents sought.
  • If a provider has not forwarded the documents requested to the CDC by day 30, both telephone and written follow-ups are made by the CDC to the provider.
  • If the records are not received by day 45, the CDC will again both call and fax or write the provider to ascertain the status of the requested documentation.
  • If the requested documentation still has been received by day 60, a letter is sent to the provider again inquiring on the status of the missing documents.
  • If no documentation is received by day 76, the claims associated with the missing documentation is denied and scored as an “error” based on the missing documentation.

B.  AdvanceMed – CRC.

Once the CDC has requested and received the claims documentation from the provider, it is forwarded to the “CERT Review Contractor” (CRC).  CMS has awarded the contract to serve as CRC to AdvanceMed. As CRC, AdvanceMed must carefully review the documentation received and determine whether the services qualify for coverage and payment.  The CRC then compares its assessment to that of the Medicare contractor who originally reviewed and paid the claims (the contractor is typically a Medicare Administrative Contractor (MAC) who is responsible for review of the Part A or Part B claims).  If the CRC finds that the Medicare contractor incorrectly billed, paid or processed the services at issue, the claim is noted to be an “error”

III.  Sample CERT Postpayment Audit Program Results From the Fourth Quarter of 2010:

Each quarter, Highmark Medicare Services (Highmark) reports on the most recent “errors” identified by the CERT contractor in connection with the CERT program audit.  During the Fourth Quarter of 2010, 508 CERT errors were found in connection with the Part A claims reviewed.   The 508 errors can be broken down as follows:

  • 311 errors were due to “insufficient documentation.”  Notably,   a majority of the errors in this category were because the medical record “did not contain a valid physician’s signature” or because a diagnostic test performed “did not contain a valid physician’s order” or an identification of the provider who rendered the service.
  • 132 errors were due to “lack of medical necessity” based on the medical documentation submitted.
  • 37 errors were due to “incorrect coding” (primarily related to laboratory testing).
  • 10 errors were due to “invasive procedures that were assessed  to be without medically necessity.”
  • 9 errors were due to an “incorrect procedure code” used when billing the service.
  • 6 errors were the result of “billing for services that were not rendered.”
  • 2 errors were due to “other errors.”
  • 1 error was due to an “incorrect discharge code being used.” 

In addition to the Part A errors identified, a separate error report covering Part B claims is also detailed on Highmark’s website. [3] 

IV.  Responding to a CERT Postpayment Audit Request for Documents:

Should you receive a CERT postpayment audit request for documents from a CDC, it is important to keep in mind that your practice or clinic is not being accused of fraud or wrongdoing.  Fundamentally, a CERT postpayment audit is primarily designed to identify deficiencies and mistakes made by Medicare contractors.  As Compliance Officer, upon receipt of a CERT postpayment audit request, you should carefully review the request and take steps to assemble a complete set of documentation covering the specific claims at issue.  As Highmark also notes, when dealing with notes that are difficult to decipher, it is recommended that a transcription of the notes be made and submitted with the documentation.

V.  Appealing CERT Denials:

The results of a CERT postpayment audit are likely to be set out in Medicare’s electronic Fiscal Intermediary Standard System (FISS) computer system.  It is imperative that you monitor the status of the claims selected for CERT review.  If the CRC finds that one of more of your paid claims did not qualify for coverage and payment you will have to decide whether or not you agree with the denial decision that has been issued.  Should you dispute the denial, you will need to file for administrative appeal within the standard, established timeframes.   CERT denials are appealed in the same manner as any other claims denial would be appealed.

VI.  Comparison of CERT Postpayment Audits and ZPIC Postpayment Audits:

As reflected above, CERT postpayment audits are fundamentally different from ZPIC audits, both in terms of fundamental purpose and in terms of likely financial liability.  At its core, a CERT postpayment audit is really an attempt by CMS to learn whether or not its contractors (typically MACs) are properly assessing and processing claims submitted by Medicare providers for review and payment.  If a CERT contractor finds that a provider’s claims should not have been paid, it primarily reflects on the MAC, not necessarily the provider.  Having said that, claims denied by a CERT contractor should still be appealed if the provider believes that the claims do, in fact, qualify for coverage and payment.  While denied claims will still contribute to a provider’s overall error rate (possibly increasing the likelihood that a provider could be subjected to later audits), damages associated with CERT postpayment audits are not typically extrapolated.  As a result, the overall damages associated with CERT postpayment audits are relatively modest, especially when compared to the potential damages alleged in ZPIC and PSC “big-box” cases.  Additionally, unlike ZPIC and PSC audits, most CERT postpayment audits are solely concerned with the coverage and payment of the particular claims under review.  In contrast, ZPIC postpayment audits can lead to suspension, revocation or even referral to OIG or DOJ in cases where fraud may be evident.

Despite the limited scope of liability inherent in CERT postpayment audits, it is imperative that Medicare providers diligently work to respond to requests for documentation in a timely fashion.  Notably, other contractors (including ZPIC, PSC and RAC auditors) may review CERT postpayment audit findings for targeting purposes.  The bottom line is fairly simple — if you owe money to the Medicare program, pay it back.  If not, you should challenge unwarranted denials of claims by CERT auditors. 

Robert W. Liles defends health care providers in Medicare auditsRobert W. Liles, J.D. serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law.  Liles Parker attorneys represent health care providers around the country in connection with postpayment CERT audits and program integrity reviews by ZPICs and other Medicare contractors.  Should your practice, clinic or company be subjected to a post-payment audit, give us a call for a complimentary consultation.  We can be reached at: 1 (800) 475-1906.    


[1] Guidance regarding the CERT program can be found in the “Medicare Program Integrity Manual, Chapter 12 – The Comprehensive Error Rate Testing Program.”

[2] This information was discussed by Timothy Hill, OIG’s Chief Financial Officer, as part of his sworn testimony regarding “Medicare and Medicaid Improper Payments” in front of the Senate Committee on Homeland Security and Governmental Affairs, Subcommittee on Federal Financial Management, Government Information and International Security, on Thursday, March 29, 2007.  A transcript of Mr. Hill’s testimony may be found at:

http://www.hhs.gov/asl/testify/2007/03/t20070329a.html

[3] Highmark Medicare Services’ CERT audit report covering Part A and Part B errors identified during the Fourth Quarter of 2010 can be found at: https://www.highmarkmedicareservices.com/cert/errors/a-cert-dec10.html

Are Medicare ALJs Truly Independent Fact Finders?

Medicare ALJs wield considerable power.  Be prepared when participating in an ALJ hearing.(February 20, 2011):  Over the years, we have represented a wide variety of health care providers in the administrative appeals process.  Our duties have regularly included representation before Administrative Law Judges (ALJs) presiding out of the Western, Southern, Midwestern and Mid-Atlantic Field Offices of the Office of Medicare Hearings and Appeals.  (OMHA).  In the course of our work, we have routinely been asked by our health care provider clients for our opinion regarding the “independence” of ALJs from the pressures exerted by the Centers for Medicare and Medicaid Services (CMS) and its contractors (including, but not limited to the Qualified Independent Contractors (QICs), Zone Program Integrity Contractors (ZPICs) and Program Safeguard Contractors (PSCs)).  The purpose of this brief article is to examine this issue in more detail.

I.  Medicare ALJs Background:  

As many of you will recall, prior to the passage of the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA), Medicare administrative appeals were heard by Judges working for the Social Security Administration’s (SSA’s) Office of Hearings and Appeals.  For much of that time, the SSA was an agency of the Department of Health and Human Services (HHS).  In 1994, the SSA was officially separated from HHS and was made an independent agency.  Although the SSA was no longer part of HHS, its Judges continued to hear Medicare administrative appeals.

Despite the fact that SSA used to a part of HHS (and for a short period was independent of HHS), in our opinion, SSA Judges were generally thought to be “independent” adjudicators of the facts, not impacted by, or bowing to, the effects of outside agency pressures.

With the enactment of the MMA, the responsibility for hearing Medicare administrative appeals was transferred over to HHS, with OMHA reporting solely to the Secretary, HHS.  In doing so, the OMHA was placed completely outside of CMS’ organizational structure, ostensibly free from any agency pressures that CMS might informally care to exert.  This also placed the OMHA independent of the various contractors working for CMS.  As a review of the Congressional Record reflects, the issue of independence was carefully considered by Congress and the separation of the OMHA from CMS was consistent with their concerns. (See Congressional Record, V. 149, Pt. 22, November 20, 2003 to November 23, 2003, Page 30400). As set out in the June 23, 2005 issuance of the Federal Register (70 Fed.Reg. 36386), titled “Office of Medicare Hearings and Appeals; Statement of Organization, Functions, and Delegations of Authority,” the OMHA is under the direction of a Chief Administrative Law Judge who reports directly to the Secretary, HHS.  This organizational structure was specifically intended to meet the “independence” requirements of the Section 931(b)(2) of the MMA.

II. What Can You Expect from Medicare ALJs?

In terms of functional authority, ALJs are comparable in many respects, to that of an Article III Judge, who is appointed by the President and confirmed by the Senate.  While ALJ’s are not Article III Judges, it has been our experience that they are strongly independent, adjudicating over Medicare proceedings in a formal, professional fashion, similar to what you would expect to encounter in a Federal District Court proceeding.

Pursuant to 42 C.F.R. § 405.1026, ALJs cannot even conduct a hearing if they are prejudiced or partial to any party, or if they have an interest in the matter pending for resolution.  To date, we have not seen an ALJ that has been “prejudiced or partial to any party.”

To be clear, health care providers do not always prevail — every case stands or falls based on its merits.  Moreover, just because you have experienced a positive outcome with a particular ALJ on one occasion does not mean that you should expect a similar result when you are next in front of the same judge.  ALJs are trained to weigh the facts and the evidence.  While in past years it was rare for CMS or its contractors to participate in a hearing, it is now commonplace for representatives of the Zone Program Integrity Contractor (ZPIC) or the Program Safeguard Contractor (PSC) to now attend the hearing and seek to provide support for their initial denial actions.  As a result, the job of ALJ is now more complicated than ever.

In summary, the current administrative appeals system has been specifically designed to insulate ALJs from the actual and / or implied pressures which could conceivably be exerted by CMS and its various contractors.  When appearing before Medicare ALJs, it is important to remember that the process has become significantly more complicated now that CMS contractors are now regularly attending and participating in the process.  In light of these changes, it is recommended that you engage experienced legal counsel to represent your interests in  hearings in front of Medicare ALJs.  Although the system and its Judges are set up to provide a fair opportunity for you to present your case and be heard, it is much more difficult to prevail when up to three representatives of the ZPIC (a lawyer, a statistician and a clinician) are also participating in the proceedings, providing support and explanations for their prior Medicare claim denial decisions.

Robert W. Liles defends health care providers in Medicare auditsRobert W. Liles, J.D., has extensive experience representing a wide variety of Part A and Part B providers in the administrative appeals process, including the ALJ hearing stage.  Please feel free to contact Robert for a complimentary consultation.  He can be reached at 1 (800) 475-1906.

 

 

 

 

ZPICs Will Deny Claims with “Signature Stamps” and “Date Stamps”

ZPICs are denying claims with "date stamps"(February 19, 2011):  While the use of “signature stamps” has been prohibited for quite some time, a wide variety of health care providers have continued to use “date stamps” or some other method of memorializing when a document was signed by an ordering or treating physician.  While the Centers for Medicare and Medicaid Services (CMS) has not announced a total ban on such practices, they have recently prohibited home health and hospice agencies from continuing to use date stamps.

 I.  Background:      

Late last year, CMS notified its Medicare contractors that physicians must sign and date hospice certifications and home health plans of care, verbal orders, and certifications.  A number of Medicare contractors then notified hospice and home health providers of this change, noting that it would become effective for all documents signed on or after January 1, 2011.

II. Basis for Ban on “Date Stamps”: 

Characterized by at least one Medicare contractor as a “clarification,” this change was based on the following CMS references:

 Home Health

Medicare General Information, Eligibility and Entitlement Manual (Pub. 100-01), Chapter 4, section 30.1 which states: ”The attending physician signs and dates the POC/certification prior to the claim being submitted for payment.”

The manual requirement is also addressed in 42 CFR 424.22(D)2 effective 1/11/11, and states “The certification of need for home health services must be obtained at the time the plan of care is established or as soon thereafter as possible and must be signed and dated by the physician who establishes the plan.”  The instructions for recertification are found in the same Part and restates that it “must be signed and dated by the physician who reviews the plan of care.”

Hospice

 Medicare General Information, Eligibility and Entitlement Manual (Pub. 100-01), Chapter 4, section 60 states:  “Certification statements must be dated and signed by the physician.”

 The manual requirement is also addressed in 42 CFR 418.22(b)(5) effective 1/11/11 and states: “All certifications are recertifications must be signed and dated by the physician(s).”

Other Considerations:

 In reviewing this clarification, it is somewhat confusing (if not inconsistent) in light of CMS’ recent guidance in the Federal Register titled “Medicare Program; Home Health Prospective Payment System Rate Update for Calendar Year 2011; Changes in Certification Requirements for Home Health Agencies and Hospices; Final Rule.”  As the Final Rules reflect, the use of “date stamps” was expressly addressed at approximately the same time CMS sent out its clarification to Medicare contractors.  As the Final Rule reflects:

Comment: A commenter recommended that CMS continue to accept the hospice date stamp on POCs returned to the agency by physicians who forget or fail to date their signature on this document.

Response: At this time, there is nothing to preclude a hospice from using a date stamp if a physician fails to date his or her signature on the POC.

To be clear, technically the clarification guidance is not inconsistent with CMS’ response in the Final Rule.  When discussing the change for hospices, the clarification focused on certifications and recertifications while the Final Rule focused on plans of care.  Nevertheless, from a compliance standpoint, the message is quite clear – “date stamps” should not be used.

III.  Compliance Recommendations With Respect to Date Stamps:

From a compliance standpoint, it is imperative that both physicians and staff are educated and understand that date stamps are no longer acceptable.  Although CMS’ clarification was directed at home health and hospice providers, the best practice would be for all providers to discontinue the use of date stamps in connection with all documents, not merely those documents identified above. Like signature stamps, the use of date stamps will likely ultimately be prohibited for all Medicare providers.

It is equally important to recognize that orders, certifications, recertifications and plans of care and other documents must be signed in a timely fashion. They should not be backdated or signed by anyone other than the physician responsible for ordering the certification or establishing the plan of care.

If a home health or hospice provider receives a signed order or certification from a physician who has not dated the document, it should immediately be sent back to him to be properly dated.

From a “program integrity” standpoint, Zone Program Integrity Contractors (ZPICs) and Program Safeguard Contractors (PSCs) will now be including this issue in its list of technical audit issues.  Health care providers should add this issue to their list of compliance “risks.”

Liles Parker attorneys represent home health and hospice providers in connection with ZPIC audits, compliance counseling and business transactions.  Should you have questions, please feel free contact us for a free consultation.  We can be reached at 1 (800) 475-1906.    

  

ZPIC Participation in ALJ Hearings is Increasing

ZPIC contractors are auditing Medicare claims around the country(February 12, 2011):  Over the last year, we have noted an important trend when representing Medicare providers in post-payment overpayment cases at the Administrative Law Judge (ALJ) level of appeal.   Medicare contractors are actively attending and participating in many ALJ hearings.  In fact, it is now common for a Zone Program Integrity Contractor (ZPIC) to participate in these proceedings. The virtual “Courtroom” where ALJ hearings are typically held (most ALJ hearings are now held by teleconference or video-teleconference — few are conducted in person) are no longer attended by only a provider, its attorney and the Judge.   Instead, it is now relatively crowded, requiring the scheduling of experts and the testimony of various clinical specialists — representing not only the provider, but also one or more government Medicare contractors.  Although mostly limited to “big-box” cases where the amount at issue ranges from $100,000 to several million dollars, we have even had ZPIC participation in ALJ hearings involving alleged overpayments of only a few thousand dollars.

This “sea change” in how the government and its contractors view their role in working to help ensure that alleged overpayments stay in place demands that providers reconsider their decision to represent themselves in ALJ appeals hearings.  While many health care providers feel comfortable handling an ALJ hearing on their own when the only parties on the teleconference or on the video-teleconference are the Judge and the Medicare providers themselves, it is a completely different situation when one or more contractors elects to participate in the hearing and present their denial reasons to the ALJ.  The purpose of this article to examine this trend and discuss a number of considerations that Medicare providers should be taking into account when deciding whether or not to represent themselves at ALJ hearing, without an attorney.

I.  Rights / Limitations of a ZPIC or Other Contractor When Acting as a “Participant” in an ALJ Hearing:

Pursuant to 42 C.F.R. § 405.1010, both representatives from the Centers for Medicare and Medicaid Services (CMS) and its contractors may participate in an ALJ hearing.  Moreover, an ALJ may request that CMS or its contractors participate in a hearing.  As the regulatory provisions provide:

“(a) An ALJ may request, but may not require, CMS and/or one or more of its contractors to participate in any proceedings before the ALJ, including the oral hearing, if any. CMS and/or one or more of its contractors may also elect to participate in the hearing process.

(b) If CMS or one or more of its contractors elects to participate, it advises the ALJ, the appellant, and all other parties identified in the notice of hearing of its intent to participate no later than 10 calendar days after receiving the notice of hearing.

(c) Participation may include filing position papers or providing testimony to clarify factual or policy issues in a case, but it does not include calling witnesses or cross-examining the witnesses of a party to the hearing. (emphasis added).

(d) When CMS or its contractor participates in an ALJ hearing, the agency or its contractor may not be called as a witness during the hearing.

(e) CMS or its contractor must submit any position papers within the time frame designated by the ALJ.

(f) The ALJ cannot draw any adverse inferences if CMS or a contractor decides not to participate in any proceedings before an ALJ, including the hearing.”

While ZPICs and other contractors may not “cross-examine” a Medicare provider or its witnesses during an ALJ hearing, contractors have easily worked around this regulatory obstacle.  Rather than confront a provider directly, a contractor will merely point out their concerns or make a specific point to the Judge.  The presiding ALJ will often then merely ask the provider the same questions first raised by the ZPIC.  As a result, a Medicare contractor never has to cross-examine the provider but his points and questions are still ultimately answered.  For instance, the following very simple exchange might occur during an ALJ hearing:

“ALJ:  I would like to hear the Medicare contractor’s views regarding the medical necessity of this E/M claim.

ZPIC:  Your honor, the 1997 E/M Guidelines clearly reflect the types of situations which would qualify as “High Complexity.”  We don’t believe that the facts here represented that level of complexity.  Additionally, the physician is now alleging that the patient suffered from multiple serious co-morbities which complicated the medical decision-making required.  Where is there proof that the patient had these conditions?

ALJ:  Dr. Smith, can you point out where these medical conditions are documented in the medical records submitted?”

In most instances, a provider should expect ZPIC participation in their ALJ hearing.  Moreover, a provider should expect for the ZPIC to point out weaknesses in the provider’s case.  ALJ’s are seeking to determine the facts and decide whether the claims at issue qualify for coverage and payment.  When a ZPIC raises a concern, most ALJ’s will want to follow-up with the provider in order to obtain an answer regarding the points raised.

Over the last year, we have also seen a marked  increase in the number of ZPIC participation cases, either at the hearing stage or where the ZPIC seeks permission to file a post-hearing brief with the Court.  This can be especially problematic for providers who choose to represent themselves at hearing because the ZPICs have used this as an opportunity to present new evidence and/or new arguments that were never introduced at lower levels of the case or at ALJ hearing.  As a result, the provider is often placed in the position of trying to respond to new arguments, never before presented by the ZPIC or other contractors, at the last minute in the ALJ hearing process.

II.  The Nature of ZPIC Participation:

Medicare providers should keep in mind that both ZPICs and Program Safeguard Contractors (PSCs) are quite sophisticated and are becoming more and more active in the ALJ hearing process, often replying to arguments presented to the Judge by a Medicare provider.  Moreover, it is not uncommon for a ZPIC to send as many as three professionals to participate in an ALJ hearing — all of whom may ultimately defend the ZPIC’s initial denial of the provider’s Medicare claims.  One of the ZPIC representatives very well may be an attorney.  A ZPIC contractor against whom we regularly litigate often sends a licensed attorney to respond to pro-provider arguments that the claims qualify for payment because they were not reopened in a timely fashion or that even if the claims do not meet all of the applicable coverage requirements, any overpayment would still qualify for “waiver.”  The ZPIC’s attorney may also respond to a number of limited arguments presented by a provider when trying to get a statistical extrapolation declared invalid by an ALJ.   It has been our experience that the ZPIC’s attorney is typically polished, smart and prepared.  When facing an unrepresented physician, the ZPIC’s lawyer would likely easily address any non-medical arguments presented by a Medicare provider.  A second ZPIC or PSC representative likely to participate in an ALJ hearing is the contractor’s statistician.  He is responsible for defending the legitimacy of the statistical sampling and extrapololation methodology employed by the ZPIC or PSC when extrapolating the damages in a case.  While a significant number of physicians and other health care providers are knowledgeable in statistics and mathematics, few know or understand the regulatory requirements which must be met before a contractor may engage in statistical sampling and seek to extrapolate damages.  As a result, few unrepresented providers have been able to convince an ALJ that an extrapolation is invalid.  While the additional cost of engaging a statistical expert to review a ZPICs extrapolation actions can be costly, it is likely required if a provider hopes to have a reasonable chance of challenging an extrapolation.   Finally, it is quite common for a ZPIC to send a third representative (typically a Registered Nurse) to provide clinical testimony in support of the ZPIC’s decision not to cover and pay certain claims, often citing the ZPIC’s own unique interpretation of LCD and LMRP requirements (an interpretation with which we often disagree).  Overall, an unrepresented provider is often unprepared to address and respond to the many legal, statistical and clinical arguments presented by the various ZPIC participants in an ALJ hearing.

While ZPIC and PSC representatives are now regularly participating in ALJ hearings, they are not the only contractors who are prepared to rise to the challenge.   Representatives of the Qualified Independent Contractor (QIC) have also been participating in some ALJ hearings.   In cases we are aware of, the QIC representative has been an attorney working for the contractor.  Nevertheless, there is nothing to prevent a clinician working for the QIC from attending the ALJ hearing and presenting the QIC’s arguments why certain claims did not qualify for coverage and payment.  Additionally, in at least one fairly recent case we handled on behalf of a provider, a Medicare Administrative Contractor (MAC) clinical reviewer chose to participate in the ALJ hearing.

III.  What are the Differences Between a “Party” to a Hearing and a “Participant” in a Hearing?

As 42 C.F.R. § 405.1010(c) reflects, there are significant differences between a party to an ALJ hearing and a participant in an ALJ hearing.   As we previously discussed, a “participant”  does not have the right to call witnesses or cross-examine parties or their witnesses.  Additionlly, participants do not have the right to object to the issues described in the ALJ’s “Notice of Hearing.”  As CMS has argued, these elements are “cornerstones” of the adversarial process.  In the absence of these cornerstones, a proceeding is not considered to be adversarial, even though multiple Medicare contractor representatives may participate in an ALJ hearing.  As a result, since the proceeding was not adversarial in nature, a provider will be precluded from seeking to have its attorney’s fees paid under the “Equal Access to Justice Act,” even though it ultimately prevailed at hearing.   While perhaps technically correct, the idea that ALJ hearings are truly “non-adversarial” when Medicare contractors choose to join as a “participant” is flatly untrue.   ZPIC lawyers, clinical reviewers and expert statisticians have proven themselves to be highly capable and effective when arguing their positions, despite the fact that their role in the hearing was considered to be “non-adversarial” in nature.  To their credit, even though both sides may be passionate about their position on the issues, all of the ALJs we have practiced before have kept a strict rein on the proceedings.

IV.  Providers Should Consider Engaging Experienced Legal Counsel to Represent them in an ALJ Appeal:

When faced with an administrative overpayment case that is highly complex, involves a significant alleged overpayment or is based on a statistical extrapolation of damages, we recommend that a Medicare provider retain experienced legal counsel to represent the provider’s interests.  While it is possible for an experienced attorney to step in and handle a case at a later level of administrative appeal (such as the QIC and ALJ levels), it becomes more and more difficult to do so in an effective fashion as the case progresses.  We have seen a number of cases where a provider has failed to properly establish the record in a case and important supportive documentation stood the chance of not being admitted in the record because the provider failed to introduce it at lower levels of appeal.  An experienced attorney can help ensure that the record is properly constructed and no important legal defenses or payment arguments have been left out of the case.  Additionally, legal counsel will be able to assess the coverage requirements, identify possible holes in the provider’s case and work with the provider to identify witnesses and obtain supportive evidence to hopefully fill any gaps in the provider’s case.

V.          Conclusion:

As a final point, it essential to remember that the trier of fact, the ALJ responsible for presiding over the provider’s case, is a lawyer, not a clinician.  Arguably, an experienced health law attorney– rather than a clinician — is uniquely trained to analyze the legal issues presented, organize the provider’s facts and present the relevant evidence to the ALJ (another attorney).  Having said that, an experienced attorney is no substitute for a qualified clinician who can directly address the clinical profiles of the beneficiaries and the medical necessity issues presented. Together, a supporting clinician and a skilled attorney can be a formidable team when arguing a Medicare provider’s case.  Moreover, this team is best equipped to respond to any arguments raised by participating ZPIC representatives during the overpayment hearing.

Robert W. Liles defends health care providers in Medicare ZPIC auditsRobert W. Liles serves as Managing Partner at Liles Parker, Attorneys & Counselors at Law. Attorneys in the Firm’s Health Law Practice have extensive experience representing health care providers around the country in ZPIC, PSC and RAC overpayment appeals cases .  Should you have any questions about your case or the overpayment appeals process, please feel free to call us for a complimentary consultation.   We can be reached at 1 (800) 475-1906.

Compliance Risk Areas in 2011 for Your Organization.

Compliance Risk(December 31, 2010):  In case you missed it, Congress, President Obama and the healthcare regulators had a banner year with respect to regulatory activism in 2010.  Over the next several weeks we will be releasing a series of articles on our website addressing the compliance risk areas facing your organise dramatic changes and the compliance risks they present for your practice, clinic or health care business in 2011:

Compliance Risk Number 1:  Increased “HEAT” Activity and Enforcement:

Perhaps the greatest risk to consider in 2011 is the increase in targeted health care fraud enforcement efforts by the government’s Health Care Fraud Prevention and Enforcement Action Team (HEAT).  These teams are comprised of top level law enforcement and professional staff from the U.S. Department of Justice (DOJ), the Department of Health and Human Services (HHS), and their various operating divisions.  HEAT team initiatives have been extraordinarily successful in coordinating multi-agency efforts to both prevent health care fraud and enforce current anti-fraud initiatives.

As DOJ noted in September 2010, over the previous Fiscal Year, DOJ (including its 94 U.S. Attorneys’ Offices), HHS’ Office of Inspector General (HHS-OIG), and the Centers for Medicare and Medicaid Services (CMS), jointly accomplished the following:

  • Filed charges against more than 800 defendants.

  • Obtained 583 criminal convictions.

  • Opened 886 new civil health care fraud matters.

  • Obtained 337 civil administrative actions against parties committing health care fraud.

  • Through these efforts, more than $2.5 billion was recovered as a result of the criminal, civil and administrative actions handled by these joint agencies. 

President Obama’s FY 2011 budget request includes an additional $60.2 million in funding for the HEAT program.These funds will be used to establish additional teams and further fund existing investigations. Now, more than ever, it is imperative that you ensure that your Compliance Plan is both up-to-date and fully implemented.  Medicare providers are obligated to adhere to statutory and regulatory requirements and the government’s HEAT teams are aggressively investigating providers who fail to comply with the law.

Compliance Risk Number 2:  Zone Program Integrity Contractor (ZPIC) / Program SafeGuard Contractor (PSC) / Recovery Audit Contractor (RAC) Audits of Medicare Claims:

As you already know, private contractor reviews of Medicare claims are big business – one ZPIC was awarded a five-year contract worth over $100 million.  In 2011, we  should expect to see:

  • The number of ZPIC / PSC / RAC audits of Physician Practices, Home Health Agencies, Hospice Companies, DME Suppliers and Chiropractic Clinics will greatly increase in 2011.

  • The reliance of both contractors and the government on data mining will continue to grow.  Providers targeted will likely be based on utilization rates, prescribing practices and billing / coding profiles.

  • An increase in the number of Administrative Law Judge (ALJ) hearings in where ZPIC representatives choose to attend the hearing as a “participant.”  In these hearings, the ZPIC representative will likely aggressively oppose any arguments in support of payment that you present.

Are you ready for an unannounced / unanticipated site visit or audit?  When is the last time that you have conducted an internal review of your billing / coding practices?  Are you aware of the hidden dangers when conducting these reviews?  In 2011, your Compliance Officer may very well be your most important non-clinical staff member.  Physicians and other providers should work with their Compliance Officer to better prepare for the unexpected audit or investigation.

Compliance Risk Number 3: Electronic Medical Records:

Unfortunately, some early adopters of Electronic Medical Records (EMR) software are now having to respond to “cloning” and / or “carry over” concerns raised by ZPICs and Program SafeGuard Contractors (PSCs).  In a number of cases, these audits appear to be the result (at least in part) of inadequately designed software programs which generate progress notes and other types of medical records that do not adequately require the provider to document individualized observations.  Instead, the information gathered is often sparse and similar for each of the patients treated.  Take care before converting your practice or clinic to an EMR system.  Include your Compliance Officer in the selection and review process.

Compliance Risk Number 4:  Physician Quality Reporting Initiative (PQRI) Issues:

Under the Health Care Reform legislation passed last March. PQRI was changed from a voluntary “bonus” program to one in which penalties will be assessed if a provider does not properly participate.  As of 2015, the penalty will be 1.5% and will increase to 2.0% in 2016 and subsequent years. Additionally, questions about the use of PQRI date in “Program Integrity” targeting remain unanswered.  Once again, it is essential that your Compliance Officer provide guidance to your staff regarding this program and its potential impact.

Compliance Risk Number 5:  Medicaid Integrity Contractors (MICs)  and Medicaid Recovery Audit Contractors (MDRACs):

In recent months, we have seen a marked increase in the number of MIC inquiries and audits initiated in southern States.  Notably, the information and documentation requested has often been substantial.  Medicaid providers must now also contend with MDRACs.  As a result of health care reform, MDRACs are now mandatory in every State and are may initiate reviews and audits as soon as March 2011.   Compliance Officers should review their current risk areas and ensure that Medicaid coding and billing activities are actively monitored to better ensure statutory / regulatory adherance.

Compliance Risk Number 6:  HIPAA / HITECH Privacy Violations:

Failure to comply with HIPAA can result in civil and / or criminal penalties. (42 USC § 1320d-5).

  • Civil Penalties – A large retail drug store company was recently fined $2.25 million for failure to properly dispose of protected information.

  • Criminal Penalties – Earlier this year, a physician in Los Angeles, CA, was sentenced to four months in prison after admitting he improperly accessed individual health information.

As of mid-2010, there had been 93 breaches affecting 500 or more individuals.  The total number of individuals whose information was disclosed as a result of these breaches was estimated at over 2.5 million.  Out of the 93 breaches, 87 involved breach of hard copy or electronic protected health information (about 1/4 involved paper records and 3/4 involved electronic records. The vast majority of the 93 breaches involved theft or loss of the records.  Many of these thefts could have been avoided with appropriate security.  The government is serious about privacy and your practice, and in 2011 you will likely see increased HIPAA / HITECH enforcement.  Your clinic or health care business must take appropriate steps to prevent improper disclosures of health information.

Compliance Risk Number 7:  Increased Number of Qui Tams Based on Overpayments:

Section 6402 of the recent Health Care Reform legislation requires that all Medicare providers, (a) return and report any Medicare overpayment, and (b) explain, in writing, the reason for the overpayment.

This law creates a minefield for physicians and other Medicare providers.  First, providers have only 60 days to comply with the reporting and refund requirement from the date on which the overpayment was identified or, if applicable, the date any corresponding cost report is due, whichever is later.  Of course, the legislation does not actually explain what it means to “identify” an overpayment.

From a “risk” standpoint, this change is enormous.  Disgruntled employees try to file a Qui Tam  (“whistleblower”) lawsuit based on a provider’s failure to return one or more Medicare overpayments to the program in a timely fashion.  While the government may ultimately choose not to intervene in a False Claims Act case based on such allegations, a provider could spend a significant amount defending the case.  Providers should ensure that billing personnel understand the importance of returning any overpayments identified as quickly as possible.

Compliance Risk Number 8:  Third-Party Payor Actions:

Third-party (non-Federal)  payors are participating in Health Care Fraud Working Group meetings with DOJ and other Federal agents.  Over the last year, we have seen an increase in the number of “copycat” audits initiated by third-party payor “Special Investigative Units” (SIUs).  Once the government has announced the results of a significant audit, the third-party payor considers the services at issue and reviews whether it may have also been wrongly billed for such services.  If so, their SIU opens a new investigation against the provider.

Compliance Risk Number 9:  Employee Screening:

With the expansion of the permissive exclusion authorities, more and more individuals will ultimately be excluded from Medicare.  As we have seen, HHS-OIG is actively reviewing whether Medicare providers have employed individuals who have been excluded.  In one recent case, HHS-OIG announced that it had assessed significant civil monetary penalties against a health care provider that employed seven individuals who the provider “knew or should have known” had been excluded from participation in Federal health care programs. These individuals were alleged to have furnished items and services for which the provider was paid by Federal health care programs.  All providers should periodically screen their staff against the HHS-OIG and GSA databases to ensure that their employees have not been excluded from participation in Federal Health Benefits Programs.

Compliance Risk Number 10:  Payment Suspension Actions:

Last, but not least, we expect the number of payment suspension actions to increase in 2011.  In late 2010, Medicare contractors recommended to CMS that this extraordinary step be taken against providers in connection with a wide variety of alleged infractions.  Reasons given for suspending a provider’s Medicare number included, but were not limited to: (1) the provider failed to properly notify Medicare of a change in location, (2) the provider allegedly engaged in improper billing practices, and (3) the provider failed to fully cooperate during a site visit.

As each of these compliance risks reflect, health care providers are expected to fully comply with a wide myriad of Medicare and Medicaid statutory and regulatory requirements.  Moreover, the failure to meet these obligations can subject a provider to penalties ranging from suspension from the program to criminal prosecution.  Providers must take compliance seriously if they hope to thrive in 2011.

Robert W. Liles defends health care providers in Medicare auditsRobert W. Liles, J.D., represents healthcare providers and suppliers around the country in connection with Medicare and Private payor audits.  Liles Parker attorneys have extensive experience working on compliance related matters and defending providers in connection with allegations of one or more alleged violations of regulatory requirements. Should you have questions regarding these and other issues, give us a call for a free consultation.  We can be reached at 1 (800) 475-1906.

Don’t Take ZPIC Extrapolation Calculations at Face Value

Don't Assume that a ZPIC Extrapolation of Alleged Damages has Been Handled Properly.(July 14, 2010): Imagine a Zone Program Integrity Contractor (ZPIC) handing you a claim analysis rife with alleged errors, an indecipherable list of statistical formulae, and an extrapolated recovery demand that will cripple your practice or clinic.  What steps should you take to analyze their work?  Based on our experience, providers can and should carefully assess the contractor’s actions, use of formulas and application of the RAT-STAT program when selecting a statistical sample and extrapolating the alleged damages based on the sample pulled.  Over the years, we have challenged the ZPIC extrapolation of damages conducted by these Medicare contractors, covering tens of thousands of claims.  Regardless of whether you are providing Home Health, Physical Therapy, Surgical or other services, it is imperative that you work with experienced legal counsel and statistical experts to analyze the statistical sampling and extrapolation steps taken by the contractor. Should you succeed in invalidating the extrapolation, the whole games changes.  The question is – “How can you go about fighting a ZPIC extrapolation calculation of alleged damages?”

One method is to show that the contractor’s auditor failed to identify a Statistically Valid Random Sample (SVRT).  Among the first steps is you should take is to retain experienced legal counsel to review the Medicare contractor’s actions.  Notably, there are a multitude of legal arguments which may be asserted (depending on the specific facts in your case).  Our firm has worked with several outstanding statistical experts over the years, each of which has a proven track record of analyzing the contractor’s actions and identifying any flaws made by the ZPIC when extrapolating damages.

Notably, Section 3.10.4.2 of CMS’ Medicare Program Integrity Manual establishes that the contractor is obligated to fully document the statistical methods an auditor employs:

“The PSC or ZPIC BI [Benefit Integrity] unit or the contractor MR [Medical Review] unit shall identify the source of the random numbers used to select the individual sampling units. The PSC or ZPIC BI unit or the contractor MR unit shall also document the program and its algorithm or table that is used; this documentation becomes part of the record of the sampling and must be available for review.” (emphasis added)

The PSC or ZPIC BI units or the contractor MR units shall document all steps taken in the random selection process exactly as done to ensure that the necessary information is available for anyone attempting to replicate the sample selection.” (emphasis added)

ZPIC statisticians must be able show their work to the extent that a reviewer can attempt to “replicate” their actions and determine whether or not the steps taken were consistent with accepted principles and practices of statistical sampling.  The failure of a ZPIC statistician to fully and properly document his actions may serve as the basis for seeking to invalidate the extrapolation. The calculation of a valid statistical sample and the extrapolation of damages by ZPIC statistician is a highly complex process. After handling many extrapolated damages cases, we have found that few ZPIC statisticians fully meet their obligations to document the steps taken and / or conduct the process in a proper fashion, consistent with accepted statistical sampling procedures.  Should your practice or clinic find that it is facing an extrapolated Medicare audit, it is strongly recommended that you engage qualified, experienced counsel to represent you in the process.  Your legal counsel can then engage a qualified statistician to assess the contractor’s actions.

Read More on ZPIC Audit

Health Care AttorneyShould you have any questions regarding these issues, don’t hesitate to contact us.  For a complementary consultation, you may call Robert W. Liles or one of our other attorneys at 1 (800) 475-1906.

Are ZPICs Tougher than RACs or PSCs When Conducting Medicare Audits?

PSCs

(March 25, 2010): The Recovery Audit Contractor (RAC) program is an integral part of the Centers for Medicare & Medicaid Services’ (CMS’) “benefit integrity” efforts which seek to identify and recoup alleged overpayments paid to Medicare providers. Similarly, Program SafeGuard Contractors (PSCs) have been actively auditing Medicare providers and suppliers around the country. While the RAC program is still being expanded in many parts of the country (to cover not only hospitals but also other providers and types of Medicare claims), the PSC program is in the process of being replaced by Zone Program Integrity Contractors (ZPICs)   ZPICs are already active in many areas and are actively conducting Medicare audits of physicians, home health agencies, hospices, DME companies, therapy clinics, chiropractors and other small to mid-sized health care providers.  Despite the “hype” surrounding RACs, at this time, ZPICs represent a significantly greater risk to non-hospital providers than do RACs or PSCs.  The purpose of this article to examine a number of the differences between these various Medicare audit contractor programs.

I.  What Are The Chances of Your Practice Being Reported by a ZPIC or RAC to DOJ for Possible Fraud?

While both Medicare audit contractor programs are designed to “find and prevent waste, fraud and abuse in Medicare,” the fact is that to date, ZPICs have been much more likely than RACs to report possible incidents of “fraud” that are identified while conducting Medicare audits.  Frankly, it makes sense.  RACs make money by identifying alleged overpayments – not by making a fraud referral to law enforcement.  Notably, as a result of recent criticism by HHS-OIG, CMS will be requiring RACs to be much more diligent in the future about making referrals to law enforcement when it appears that a health care provider’s conduct represents fraud rather than a mere overpayment.  CMS has provided training to RACs on how to identify fraud in the near future.  Importantly, a RAC denial of claims which results in a provider repayment will not necessarily prevent HHS-OIG from investigating and making a referral to DOJ for possible prosecution, as appropriate, if there are allegations of fraud or abuse arising out of the alleged overpayment.

Notably, recent letters by ZPICs conducting Medicare audits in South Texas and in other parts of the country have been seeking copies of business related records (copies of contracts, agreements with Medical Directors, lease agreements and more), along with its request for claims-related medical documentation.  Importantly, the contractor is assessing the provider’s business relationships to help verify that referral and other business relationships do not violate the Federal Anti-Kickback Statute or Stark Law.  To reduce the possibility of civil or criminal liability, it is essential that Medicare providers take affirmative steps to better ensure that their practices are compliant with applicable statutory and regulatory requirements.  2011 will be the “Year of Compliance.”  All providers, regardless of size, should take steps to implement an effective Compliance Program.  Should you not have a compliance program in place, give us a call — we can help.

II.  What is the Difference Between ZPICs and PSCs?

Both ZPICs and Program Safeguard Contractors (PSCs) readily point out that they are not “bounty hunters” in the Medicare audit process.   ZPICs are not paid contingency fees like RACs and are paid directly by CMS on a contractual basis.  Nevertheless, common sense tells us that if ZPICs aren’t successful at identifying alleged overpayments through Medicare audits, the chances of a particular contractor getting their contract with CMS renewed are pretty slim.  Experience has shown that both ZPICs and PSCs don’t always appear to strictly adhere to medical review standards established by Medicare Administrative Contractors (MACs) and approved by CMS.  In our opinion, there appear to have been cases where these contractors applied their own unwritten standards, often denying claims based on conjecture and speculation rather than a strict application of the applicable LCD or LMRP.

In any event, over the last year, both ZPICs and PSCs have increasingly placed health care providers on pre-payment review, conducting post-payment Medicare audits, and  recommending suspensions of payment.  Additionally, in many cases they have been extrapolating the alleged damages based on a sample of claims reviewed. Finally, as discussed above, identified instances of potential fraud are being referred by ZPICs and PSCs to HHS-OIG for possible investigation, referral for prosecution and / or administrative sanction.

III. What Sources of Coding / Billing Data are Used by ZPICs During Medicare Audits?

ZPICs are required to use a variety of techniques, both proactive and reactive, to address any potentially fraudulent practices.  Proactive techniques will include the ZPIC IT Systems that will combine claims data (fiscal intermediary, regional home health intermediary, carrier, and durable medical equipment regional carrier data) and other source of information to create a platform for conducting complex data analyses. By combining data from various sources, ZPICs have been able to assemble a fairly comprehensive picture of a beneficiary’s claim history regardless of where the claim was processed. The primary source of this data is reportedly CMS’ National Claims History (NCH) database.

IV.  How do ZPICs Conduct Medical Reviews?

During their Medicare audits, ZPICs conduct medical reviews of charts to determine, among other things, whether the service submitted was actually provided, and whether the service was medically reasonably and necessary.  Based upon their findings, ZPICs may approve, downcode or deny a claim.  To date, we have never seen a ZPIC conclude that a claim should have been coded at a higher level, only a lower level.  Regrettably, ZPICs are not required to have a physician review a claim in order to deny coverage.  In most of the cases on which we have worked, the contractor’s medical reviewer has been a Registered Nurse.   While some Federal courts have found that a treating physician’s opinion should be given paramount weight, others have ruled that the opinion of a treating physician should not be given any special consideration.  Generally, ZPICs have completely disregarded the “Treating Physician Rule,” despite the fact that a patient’s treating physician was the only provider to have actually seen and assessed the patient at issue.

V.  How Should You Respond to a ZPIC Medicare Audit?

In responding to a ZPIC audit, it is important to remember that although they may not technically be “bounty hunters,” in our opinion, they are in the business of finding fault.   Moreover, they are quite adept at identifying “technical” errors, many of which they will readily cite when denying your Medicare claims.  Unfortunately, it is not at all uncommon for a ZPIC to find that 75% — 100 % of the sample of claims reviewed did not qualify for coverage and payment by Medicare.  After extrapolating the damages to the universe of claims at issue, health care providers often find that they are facing alleged overpayments of between $150,000 and several million dollars.  In many cases, the assessment is far in excess of the provider’s ability to pay.  As such, the administrative appeal becomes a “bet the farm” matter for the health care provider.  If the assessment remains, the provider will have no choice but to declare bankruptcy.

It is also important to remember that ZPIC enforcement actions are not limited to merely overpayment assessments.  In recent months, ZPICs have been increasingly conducting unexpected site visits of health care provider’s offices and facilities, often requesting immediate access to a limited number of claims and the medical records supporting the services billed to Medicare.  Typically, they then require that a provider send supporting documentation covering a wider list of claims within 30 days of their visit.  In other cases, should a ZPIC identify serious problems when reviewing the medical records requested, they may recommend to CMS that the provider’s Medicare billing privileges be suspended.  From a practical standpoint, few providers are diversified (in terms of payor mix) to the point that they can easily do without Medicare reimbursement.  The practical effect of a Medicare suspension is therefore that the provider cannot continue in business throughout the 180-day initial period of suspension typically imposed by CMS.  Finally, in a limited number of cases, after a ZPIC or PSC has visited an office, the provider will subsequently learn that the contractor has recommended that the provider’s Medicare number be revoked.  In a fairly recent case we are aware of (not involving a client of the Firm), the contractor claimed that the provider failed to cooperate, a clear violation of the provider’s “Conditions of Participation” with Medicare.  As a result, the contractor recommended (and CMS approved) the revocation of the provider’s Medicare number.  Short of exclusion from participation in the Medicare program, this is arguably the most serious and far-reaching administrative action that can be taken against a Medicare provider.

In light of the seriousness of the situation, regardless of whether you are contacted by a RAC, a ZPIC or a PSC, you must take great care when responding to Medicare audits.  Administrative enforcement actions can be extraordinarily serious.  Therefore, is essential that you engage an experienced attorney and law firm to represent your interest.

Read more about ZPIC Medicare audits.

Health care LaywerRobert W. Liles, J.D., M.S., M.B.A., is a health lawyer with Liles Parker PLLC.  Liles Parker has offices in Washington, DC, Houston, TX and San Antonio, TX.  Prior to entering private practice, Mr. Liles served as an Assistant U.S. Attorney.  He now represents health care providers around the country in connection with administrative, civil and criminal health law issues.  He has extensive experience defending providers in audits by ZPICs, PSCs and other Medicare / Medicaid contractors.   For a complimentary consultation, please call:  1 (800) 475-1906.