ZPIC Audit Introduction
Has your Practice, Home Health Agency, Hospice, DME Company or PT / OT / ST Clinic been audited by a Zone Program Integrity Program (ZPIC)? If not, it may only be a matter of time. Despite your best efforts to follow Medicare’s directives, your organization may still be identified as an “outlier” by a ZPIC and subjected to a probe review or a full-blown ZPIC audit. Should you receive a request for records from a ZPIC, being prepared - in advance of receiving a ZPIC audit - can help ensure your organization’s compliance with applicable documentation, coding and billing requirements. The following recommendations can assist with those efforts:
Recommendation #1: If you have not already done so, conduct a “gap” analysis and implement an effective Compliance Plan. Despite the fact that significant strides in compliance have been made by large Medicare providers (such as hospitals and nursing homes), it has been our observation that most physician practices and small-to-mid sized provider organizations still do not have a tailored Compliance Plan in place. To be clear, we recognize that many providers may have copied draft plan off of the internet or purchased a sample plan. While they may fully intended to follow through with personalization of the draft document, in most of the cases we have seen, more pressing events have taken precedence and these providers have not had the time or expertise to complete the project.
Providers who have not put a Compliance Plan should immediately do so. As you have likely heard, Section 6401 of the Affordable Care Act (ACA)(generally referred to as the “Health Care Reform Act”) states, “. . . a provider of medical or other items or services or supplier within a particular industry, sector or category shall, as a condition of enrollment in the program under this Title. . .establish a compliance program.” To be clear, at this time, the Department of Health and Human Services, Office of Inspector General (HHS-OIG) has not announced deadlines effectuating this requirement. Nevertheless, it is merely a matter of time until all providers who choose to participate in the Medicare program will be required to have an effective Compliance Plan in place.
Rather than wait until the last minute, Medicare providers who have not already done so should immediately take steps to implement an effective plan. As a first step, providers should review each of the regulatory and statutory provisions related to the specific services being billed to Medicare. Next, providers should compare their actual documentation, coding and billing practices with Medicare’s rules. Any gaps between the applicable requirements and a provider’s actual practices must immediately be remedied. Additionally, should these gaps represent an overpayment, the Medicare provider must repay the overpayment to the government within 60 days of identification.
Prior to conducting a gap analysis, we recommend that providers contact their legal counsel for assistance with both the internal review and with the implementation of an effective Compliance Plan. While no Compliance Plan can prevent a ZPIC audit, the implementation of an effective plan will greatly improve a provider’s likely adherence to Medicare’s rules and regulations should a ZPIC audit be initiated.
Recommendation #2: Don’t ignore a ZPIC’s request for documents. At the outset, it is important to keep in mind that the ZPIC audit play an important role in the current enforcement environment. In addition to auditing records for possible overpayments, ZPICs are also responsible for identifying fraudulent providers and making referrals to the Centers for Medicare and Medicaid Services (CMS), the Department of Health and Human Services, Office of Inspector General (HHS-OIG) and the U.S. Department of Justice (DOJ) for further action. Possible actions taken include, but are not limited to:
- CMS — Administrative action such as suspension or revocation from the Medicare program.
- HHS-OIG – Administrative action such as Civil Monetary Penalty action. HHS-OIG may also investigate and refer a provider to DOJ for possible civil litigation under the False Claims Act. Finally, HHS-OIG may investigate and refer a provider to DOJ for criminal prosecution under the Federal Anti-Kickback Act or a host of other statutes.
- DOJ – May investigate and prosecute a provider for civil and / or criminal violations of law.
Should you receive a request for documents from your ZPIC, in most cases it will broken into two sections. The first section will likely focused on business related records, including, but not limited to, copies of:
“Business contracts or agreements with other providers, suppliers, physicians, businesses or individuals in place during a specific period. Additionally, any verbal agreements must be summarized in writing.
A listing of all current and former employes (employed during a specific period), along with their hire date, termination date, reason for leaving, title, qualifications, last known address, phone number.
- A list of all practice locations, along with their address and phone number.
- Employment agreements.
- Medical Director contracts.”
The unstated purpose of this portion of the ZPIC’s request is likely to identify potential instances of violations of the Federal Anti-Kickback Statute, Stark and / or the False Claims Act. Should the ZPIC identify a possible violation, it will readily refer the case to CMS, HHS-OIG and / or DOJ, depending on the nature of the potential violation.
In contrast to the first section of the ZPIC’s request, the second section of the request usually lists the patient records and dates of service to be audited by the ZPIC. While every case is different, the number of claims requested typically ranges from 8 – 100, depending on whether the ZPIC’s request is a “probe review” or a full-blown ZPIC audit. On occasion, we have seen the number of claims sought can range from 150 – 300.
Never ignore a ZPIC request for records. Importantly, should you fail to respond to the ZPIC’s request, the contractor can recommend to the CMS that your organization be suspended from participation in the Medicare program. Depending on the ZPIC’s concerns, the contractor can also recommend that CME pursue a revocation action against your organization. Should you need more time to the ZPIC’s request for supporting documentation, don’t hesitate to request it.
Recommendation #3: Remember learning how to “drive defensively” in high school? Your documentation practices should be approached in a similar fashion. A ZPIC audit can be excellent at identifying one or more ways in which your claims do not meet applicable coverage requirements. While you may very well disagree with their assessments (especially in “medical necessity” determinations), in all likelihood, when you file a request for redetermination appeal (and later, a request for reconsideration appeal), you will find that your Medicare Administrative Contractor (MAC) and your Qualified Independent Contractor (QIC) agree with the ZPIC’s denial decision. Rather than endure significant costs and stress when defending against an overpayment assessment, you need to take steps to avoid a denial in the first place. To that end, health care providers should ensure that clinical staff members are fully trained and educated regarding Medicare’s documentation, coding and billing process.
We recognize that “perfect documentation” is neither required nor realistic to expect from your clinical staff. Nevertheless, using published reports of other cases, you can show your clinicians that a ZPIC audit often involves a strict application of Medicare’s documentation and coverage requirements. Through education and training, your clinical staff will understand why it is imperative that they review, understand and comply with:
- Any applicable Local Coverage Determinations (LCDs).
- Any applicable National Coverage Determinations (NCDs).
- Any Local Medical Review Policies (LMRPs).
- The Medicare Policy Benefit Manual (MPBM).
- The Medicare Program Integrity Manual (MPIM).
- Any statutory provisions which cover the services.
- Any additional guidance issued by Medicare which would apply to these claims.
It is important that you regularly review the government’s latest concerns and any enforcement actions which have been taken. Additionally, you should read HHS-OIG’s reports so that you may learn from the mistakes being made by similarly situated providers. Upon doing so, we recommend that you check the list of “risk areas” in your Compliance Plan and ensure that they reflect both general “risks” and “specific risks” which may be unique to your organization. Is your organization still in full compliance? If not, remedial action is likely necessary.
Recommendation #4: Retain experienced legal counsel to assist with your efforts. When experiencing symptoms of a cardiac problem, most patients wouldn’t turn over their care to a dermatologist. Instead, they would seek to be evaluated and treated by a Cardiologist. Similarly, if you have a health law problem, would it be wise to rely on advice from an attorney specializing in family law? Ultimately, that’s your call. While no attorney can guarantee you success — we believe that an experienced health lawyer is well situated to give you advice regarding a Medicare audit or investigation. Having said that, it is important to recognize that the field of health law is extraordinarily broad. Should you be audited by a ZPIC or a Recovery Audit Contractor (RAC), don’t hesitate to ask a health lawyer whether they have handled these types of cases before. If so, how many times have they represented a provider in a ZPIC audit? When selecting a lawyer, keep in mind that the legal fees charged by an attorney can vary greatly, depending on a variety of factors. Don’t be shy – ask how much the representation is likely to cost. While it is often difficult to estimate legal costs due to the various factors faced when handling matters involving a ZPIC audit, most attorneys can give you a range of expected legal fees. Finally, be sure and ask for references. Other providers who have been through an administrative appeal case can provide you with invaluable insights into the process.
Recommendation #5: The administrative appeals process has become quite complicated in recent years. A ZPIC audit can result in alleged overpayments running into the millions of dollars. Moreover, the ZPIC’s overpayment assessment isn’t usually the end of the story. While providers often lose at the redetermination and reconsideration levels of appeal, the third level of appeal – before an Administrative Law Judge (ALJ) – is usually your best opportunity to prevail in an administrative appeal. Over the years, our attorneys have argued cases in front of judges out of each of the field offices of the Office of Medicare Hearings and Appeals (OMHA). While we may not always agree with their decisions, the ALJs we have practiced before have been professional, fair and more than willing to hear a provider’s arguments in support of payment.
Should you choose to forego legal counsel and represent yourself in an ALJ hearing, keep in mind that even though these hearings are intended to be non-adversarial, it can feel quite adversarial during the actual hearing. Furthermore, these proceedings can be quite complicated. In most large dollar cases, representatives of the ZPIC are participating in the hearing and arguing their position before the ALJ. ZPIC representatives can include one or more statisticians (if an extrapolation was conducted), a clinician (usually a Registered Nurse who is experienced in conducting medical reviews) and a lawyer. In a recent Home Health Agency case we handled, this was precisely what occurred. Frankly, few providers are experienced in presenting their case and in responding to the arguments raised by statisticians, clinicians and lawyers representing a ZPIC. As a result, it is strongly recommended that the provider consider engaging an experienced and knowledgable attorney.
Recommendation #6: When reviewing your claims, you should abide by the following: First, “If it doesn’t belong to you, give it back.” Conversely, “If you don’t owe the money, don’t throw in the towel.” I am regularly asked to speak at provider conventions around the country. For years, I’ve told providers “If it doesn’t belong to you, give it back.” This simple concept covers a lot of ground when it comes to alleged Medicare overpayments. Similarly, if the facts and the evidence shows that the claims should have been paid, think twice before waiving your right to appeal the denial of these claims. From a practical standpoint, we have heard of situations where a provider chooses to “just pay the bill” so that the case will quickly be resolved. Several providers have commented that when dealing with small dollar assessments, it is just easier to pay the alleged overpayment rather than incur the hassle and expense of contesting the contractor’s denial. Although we understand the reasoning behind such a decision, you should keep in mind that every claim which is denied by in a ZPIC audit increases a provider’s “error rate.” If you were a ZPIC, PSC, RAC or MAC contractor, would you choose to audit a provider with a low error rate or a high error rate? In any event, the bottom line is fairly straight forward. Should you find that you are not entitled to payment for one or more claims, you must repay the money to the government as soon as possible (but no later than 60 days after an overpayment has been identified), regardless of whether the claim is part of an ongoing or recently completed Medicare audit. If, however, you are audited and you believe that a ZPIC has incorrectly denied one or your claims, you have the right to appeal the denial of these claims.
Recommendation #7: Carefully read a ZPIC’s denial decision letter. When you receive a denial decision letter from a ZPIC, carefully review the notice and determine whether the contractor has specifically addressed the reasons for denial associated with each of the claims at issue. Every ZPIC audit is different. Over the last few months, one of the ZPICs involved in the cases we are handling has been citing only a general reason for denial (such as “not medically necessary”). Should the ZPIC in your case not provide sufficient information, you will find it difficult, if not impossible, to address any specific reasons your claims have been denied. Your legal counsel may be able to get the ZPIC to provide additional specificity in connection with their denial reasons.
Recommendation #8: Don’t forget – shortly after the “demand letter” is sent, any payments you may be expecting may be recouped by your Medicare Administrative Contractor (MAC). A demand letter from your MAC usually follows a few days after you receive a ZPIC’s denial decision letter. While you have 120 days to file a request for redetermination appeal, should you fail to file the request for redetermination within 30 days of the date of the MAC’s demand letter, your Medicare payments may be recouped starting on day 41. Alternatively, a provider may set up an extended repayment program with the MAC so that the alleged overpayment can be repaid through monthly installments. We strongly recommend that you set this up. You will then be able to take advantage of the 120 period permitted to file a redetermination appeal rather than filing a poorly prepared appeal within the 30 day period. Similar issues (with completely different deadlines) are present at the reconsideration level of appeal — the next level in the administrative appeals process. Once again, these issues can be quite complicated. We recommend that you discuss available appeals options with your counsel.
Recommendation #9: Foster a corporate culture which encourages compliance. ZPIC audit reviewers have increased their ZPIC audit activities dramatically in numerous areas of the country. South Texas has been especially hard-hit. Providers in Houston, McAllen, Harlingen, Edinburgh, Laredo, Corpus Christi and Brownsville appear to have experienced a recent surge in ZPIC audit activity. Be aware that ZPIC audit reviewers are looking for aberrations in billing patterns and often target providers based on these variations in coding or billing practices. Compliance with regulations and consistency in your “message” to employees is essential. Establishing good intake and records management procedures, continuing employee education and training efforts, can facilitate the adoption of an ethical, compliant corporate culture.
Recommendation #10: When drafting a Compliance Plan, providers should include a “Code of Conduct” that is easily understood by employees. We believe that a “Code of Conduct” should accurately reflect the belief system an organization has pursued and sincerely intends to follow. In doing so, an organization can engender a compliant corporate culture. Over the years, we have seen organizational “Codes of Conduct” which range from a succinctly described phrase to discussions of more than a page.
Our favorite “Code of Conduct” is used by Cadets at the United States Military Academy at West Point. Modified for use by health care providers, the “Code of Conduct” reads:
“Our clinicians and staff will not lie, cheat, steal, or tolerate those who do.”
This simple yet elegant “Code of Conduct” succinctly lays out a provider’s ethical responsibilities, both with respect to Medicare and in other business dealings. We recommend that you consider adopting and adhering to this or a similar “Code of Conduct.”
Liles Parker attorneys and staff have extensive experience representing Physicians, Clinics, Home Health Agencies, Hospices, DME Companies, Skilled Nursing Facilities, Chiropractors, Pain Medicine Clinics, Rehabilitative Medicine Clinics and other Medicare providers in connection with a ZPIC audit or audits by RACs, PSCs, MACs and other contractors. We also have years of experience assisting providers with “gap” analyses and in implementing an effective Compliance Plan. Should you have questions about these or other health law issues, please feel free to call us for a complementary consultation. We can be reached at: 1 (800) 475-1906.
 Infrequently, a ZPIC may choose to conduct a “probe” review rather than a full ZPIC audit. Probe reviews usually involve a request for the records and supporting documentation related to 10 – 15 claims paid by Medicare.
 A ZPIC audit request typically include language similar to the following: “Failure to provide this information or to permit examination and duplication of records could result in a decision by the Office of the Inspector General to exclude you from Medicare, Medicaid and all Federal health care programs.”
 42 C.F.R. §405.372(a)(2).
 It is presumed that you received the MAC’s demand letter 5 days after the demand letter is dated. From a timing standpoint, we strongly recommend that you completely disregard the “5 day” issue unless it is absolutely necessary to rely on it. Our practice is to make sure that our client’s redetermination appeal is filed (and received) well in advance of the 120 day appeal deadline.
Introduction to Medicare Compliance
There are “rules of life” we have learned that can really bring certain essential Medicare compliance concepts into focus. While perhaps cliché, these sayings and principles can be quite helpful when explaining fundamental Medicare compliance concepts to new staff or non-compliance personnel. These 5 essential Medicare compliance concepts include:
(1) “If it isn’t yours, give it back”
Sound familiar? This is one of the first principles we are taught as children. Nevertheless, it is as true today as it was back then. Medicare providers have a legal obligation to promptly return any overpayments identified. In fact, with the passage of the Affordable Care Act (ACA) in 2010, it is now a requirement that providers return Medicare overpayments to the government within 60 days of identification or face significant liability under the False Claims Act.
While the prompt, mandatory return of a known overpayment is clearly required, we were recently asked about a provider’s obligations when it comes to less clear potential overpayments. For example, suppose that a provider identifies a specific claim that was improperly submitted and paid by Medicare. When reviewing how the overpayment occurred, the provider also learns that a former employee mistakenly believed that a certain service was covered by Medicare. While the provider may only have evidence that a single claim was improperly submitted and paid by Medicare, the provider may suspect that the former employee may have incorrectly handled similar claims. The issue therefore becomes whether a provider has an obligation to further investigate and determine whether other, unconfirmed overpayments may exist. In considering this issue in furtherance of Medicare compliance, we believe that the general principle still applies, regardless of the fact that the exact language of ACA may not cover this situation. Remain unconvinced? In addition to being the ethical and right action to take, it is important to keep in mind that even if the 60-day repayment provisions of the ACA may not apply (although CMS may believe differently), a provider who turns a blind eye to potential overpayments is possibly exposing the practice to a whistleblower suit under the False Claims Act. Do you know of a potential overpayment? More than likely, someone else in your practice is also aware of the problem. The bottom line is simple – “If it isn’t yours, give it back”.
(2) “Participation in the Medicare program is a privilege, not a right.”
Remember taking driver’s education in high school? I still remember my driver’s education teacher repeatedly reminding us that we did not have a right to have a driver’s license. Rather, it was a privilege – a privilege that could be taken away as quickly as it was granted if we failed to follow the laws of the State and the rules of the road. Frankly, Medicare compliance is no different. Health care providers do not have a right to participate in the Medicare program. It is a privilege that must be earned and maintained. Should a provider fail in their Medicare compliance activities, this privilege can be taken away. With this in mind, providers must actively work to better ensure that their Medicare compliance initiatives meet Medicare’s coding and billing requirements. Should they not fully understand the program’s guidelines, it is the provider’s responsibility to learn Medicare’s rules and ensure that the provider’s business practices fully comply with the program’s provisions.
(3) “If it sounds too good to be true, it probably is.”
Physicians, small group practices and clinics should exercise caution when dealing with ‘consultants’ or ‘experts’ who boast of guaranteed increases in revenues or profits. Unfortunately, many providers are dealing with steady declines in both Federal and private payor reimbursement rates. In the current economy, unemployment rates have remained high and many patients are having a difficult time meeting their financial obligations. In this environment, the promises of “innovative” business models or ways to modify a provider’s billing practices which will significantly increase revenues can be tempting to a provider experiencing financial difficulties. Have you been approached by someone with a “deal” which sounds too good to be true? Check out HHS-OIG’s “Fraud Alert” titled “Special Advisory Bulletin: Practices of Business Consultants.” While published a decade ago, the lessons and concerns discussed in the bulletin are as current today as they were a decade ago. And remember – the adage “If it sounds too good to be true, it probably is,” is especially true when it comes to health care business opportunities.
(4) “Everyone does it, so it must be okay.”
In years past, a number of drug companies and medical device companies played fast and loose with Medicare’s rules, showering physicians with lavish gifts, inviting them to attend paid vacations and entering into sham “advisory” or “consulting” agreements which paid the physicians regular stipends for little, if any, work. Why did these companies engage in these practices? In many instances, the companies wanted to influence the physicians’ decision-making when it came time to prescribe certain drug or order medical devices for their patients. These actions amount to kickbacks – plain and simple. Today, drug and medical device industry representatives have made great strides in educating their members to eliminate these illegal practices. At the height of these practices, many physicians appeared to take the position that since their peers accepted kickbacks, it must be okay. Clearly, this mindset is just flat wrong.
Unfortunately, it isn’t limited to drug and medical device companies. Generally, physicians should exercise care before accepting any thing of value from a company or clinical practice with whom the physician works – especially when the physician either makes referrals to the company or prescribes items or devices sold by that company to their patients. In considering this issue, it is often helpful to ask, “Where do I send my referrals?” Additionally, ask yourself, “Who refers patients to me?” Once answered, these business relationships should be carefully reviewed to ensure that there are no transactions that could give even the appearance of being improper. A typical example which repeatedly arises involves the use of “Medical Director” agreements where a physician is paid a monthly stipend which exceeds the fair market value of any services which are provided under the agreement. This is an important area in Medicare compliance, as it also implicates potential criminal activities.
(5) “Neatness and accuracy count.”
We represent a wide variety of health care providers when responding to Medicare post-payment audits conducted by ZPICs and other Medicare contractors. Over the last two years, we have noted a significant increase in the number of claims being denied because medical documentation is either illegible or incomplete. From a Medicare compliance standpoint, these problems are among the easiest for a provider to remedy.
Handwritten Portions of a Medical Record Must be Legible - When assessing denial reasons cited by ZPICs, our attorneys are often required to go through medical records as we assemble responsive arguments in support of payment. More often than not, we don’t have any problem deciphering the records which the ZPIC alleges are “illegible.” Having said that, ZPICs and other contractors have an enormous audit caseload, meaning they don’t spend a lot of time trying to make sense out of poorly written passages. As a result, if their reviewers cannot readily read a passage, they merely deny the claim and move on.
The lesson to be learned is clear – physicians, nurses, therapists, counselors and others must ensure that any handwritten comments, signatures, dates or other information entered into a medical record can easily be read by an outside third party who is not experienced in reading the handwriting of your staff. It is important to keep in mind that if there is an audit or review of this information by a ZPIC or another government contractor, it is likely to be several years in the future. During that period, the writer may no longer be with the practice and it may be difficult (if not impossible) to easily locate the writer for assistance in deciphering handwritten passages. For Medicare compliance, regular self-audits can prove quite helpful in identifying possible problems.
If you are conducting a self-audit and find that words or passages are illegible or incorrect, you should consider taking the following remedial steps:
Advise your staff of the problem and follow-up to ensure that future entries are legible and accurate – Physicians, nurses and staff should be educated regarding the importance of ensuring that their handwriting is easily legible and the information they are providing is accurate. In most instances, once this is identified as an issue, most staff are willing to work with you so that future problems do not arise. We recommend that regular follow-ups are conducted to ensure that problematic handwriting does not again deteriorate to where it is again illegible.
Correcting illegible or erroneous words, phrases or passages – Should you find that certain portions of a patient’s record documenting prior services rendered are illegible, you cannot merely erase it or use white out to hide the original handwritten section before re-writing the passage so that it is legible. We recommend that you contact your Compliance Officer or legal counsel before making any changes to a medical record (regardless of whether the record is handwritten or electronic). Legal counsel can guide you on the correct way to make changes or corrections to a medical record which documents services previously rendered. If a change or correction to a word or passage is necessary, you should not erase, white-out, scratch out or use a marker to conceal the original remark. Instead, we usually recommend that a single line through the incorrect or illegible phrase or passage is made. If you are audited, an outside reviewer will be able to readily see the original passage. Next, the corrected entry should be carefully written next to or above the original entry. It should then be signed and dated by the individual making the correction. In this fashion, an outside reviewer will not be misled in any way about what was originally written, when the corrected entry was made and / or the identity of the person making the change to the record.
As set out in Chapter 3 of the Medicare Benefit Policy Manual, the Centers for Medicare & Medicaid Services (CMS) advises ZPICs to consider the following:
“3.3.2 – Medical Review Guidance
For example, ZPIC staff looks for some of the following situations when reviewing documentation:
• Possible falsification or other evidence of alterations including, but not limited to: obliterated sections; missing pages, inserted pages, white out; and excessive late entries;
• Evidence that the service billed for was actually provided; or,
• Patterns and trends that may indicate potential fraud.” (emphasis added).
As a participating provider in the Medicare program, it is essential that you ensure that the care and treatment you provide is factual, accurate and recorded in a legible fashion. Ultimately, providers who diligently work to achieve these points will have made significant strides towards Medicare compliance in their practice.
Liles Parker attorneys have extensive experience assisting providers in establishing an effective Medicare Compliance Plan. Should you have questions regarding Medicare compliance or how to instill a compliant culture in your clinic or practice, please give us a call at 1-800-475-1906 for a complimentary consultation.
I. Background of AdvanceMed Transaction:
AdvanceMed has a new parent. Last week, it was announced that NCI, Inc., one of the nation’s most successful information technology companies, had acquired the outstanding capital stock of AdvanceMed Corporation (AdvanceMed), an affiliate of CSC. While the acquisition went largely unnoticed by the health care provider community, the transaction may, in fact, be quite significant.
With this acquisition by NCI, a recognized powerhouse in information technology, Medicare and Medicaid providers should expect AdvanceMed’s expertise in data mining and investigations to continue to grow. As AdvanceMed continues to fine-tune its data mining efforts and further expands its ability to conduct “Predictive Modeling,” providers will likely find their actions under the microscope like never before. It is therefore imperative that all health care providers immediately implement an effective Compliance Plan or further enhance their current compliance efforts.
NCI first announced its plans to acquire AdvanceMed last February. As NCI’s February 25th News Release noted:
“The Obama Administration has emphasized reducing fraud, waste, and abuse in Federal entitlements. AdvanceMed is ideally positioned to support the program integrity initiatives of CMS and other Federal Government agencies. . . We are extremely pleased to have AdvanceMed join NCI and believe that this acquisition will provide NCI an outstanding platform to address this rapidly growing market opportunity.”
In recent years, AdvanceMed has positioned itself to where it now has multiple contracts with the Federal government. AdvanceMed serves as the Zone Program Integrity Contractor (ZPIC) for Zone 2 and Zone 5. Additionally, the contractor also serves as a Comprehensive Error Rate Testing (CERT) contractor. On the Medicaid side, AdvanceMed serves as a Medicaid Integrity Contractor (MIC). While a host of other contractors have been awarded contracts covering other zones and program areas, AdvanceMed’s growth has been undeniably impressive.
As NCI announced in its April 4th “News Release” covering the acquisition:
“AdvanceMed is a premier provider of healthcare program integrity services focused on the detection and prevention of fraud, waste, and abuse in healthcare programs, providing investigative services to the Centers for Medicare and Medicaid Services (CMS). Serving CMS since 1999, AdvanceMed has grown rapidly, demonstrating the value and return on investment of the Federal Government’s integrity program activities.
AdvanceMed employs a strong and experienced professional staff, which leverages sophisticated information technology, data mining, and data analytical tools, to provide a full range of investigative services directed to the identification and recovery of inappropriate Medicare and Medicaid funds. AdvanceMed supports healthcare programs in 38 states with a staff of more than 450 professionals, including information specialists, nurses, physicians, statisticians, investigators, and other healthcare professionals.
AdvanceMed has multiple contracts with CMS under the Zone Program Integrity (ZPIC), Program Safeguard (PSC), Comprehensive Error Rate Testing (CERT), and Medicaid Integrity (MIC) programs. All of these programs are executed under cost plus contract vehicles. The largest contracts-ZPIC Zone 5 and ZPIC Zone 2-were awarded in late 2009 and 2010 and have five-year periods of performance.
The acquisition price was $62 million. Included within the price is a recently completed, state-of-the-art data center to support the ZPIC Zone 5 and ZPIC Zone 2 contracts. Additionally, NCI will make a 338(h)(10) election, enabling a tax deduction, which is expected to result in a tax benefit with an estimated net present value of approximately $6 million to $8 million. NCI expects the transaction to be slightly accretive to 2011 earnings.
As of the end of March 2011, AdvanceMed has a revenue backlog of approximately $300 million with approximately $51 million of that amount being currently funded. Revenue for the trailing 12 months ending March 31, 2011, is estimated to be approximately $51 million, all of which was generated from Federal Government contracts, and 99% of the work performed as a prime contractor. NCI’s AdvanceMed 2011 revenue, covering the nine-month period of April 2, 2011, to December 31, 2011, is estimated to be in the range of $43 million to $47 million (the equivalent of $57 million to $63 million on a full 12-month basis), with the midpoint reflecting a full-year growth of approximately 16%. . .”
II. Overview of the ZPIC Program:
Under the Medicare Prescription Drug, Improvement and Modernization Act of 2003 (MMA), CMS was required to take a number of steps intended to streamline the claims processing and review process:
- Using competitive measures, CMS was required to replace the current Medicare Fiscal Intermediaries (Part A) and Carriers (Part B) contractors with Medicare Administrative Contractors (MACs).
- After setting up the new MAC regions, CMS created new entities, called Zone Program Integrity Contractors (ZPICs).
- These actions were intended to consolidate the existing program integrity efforts. Over the last 2 — 3 years, ZPICs have been taking over PSC audit and enforcement activities around the country.
At the time of transition, there were twelve PSCs that had been awarded umbrella contracts by CMS. As these contracts have expired, CMS has transferred the PSCs’ fraud detection and deterrence functions over to ZPICs. Of the seven ZPIC zones established in the MMA, CMS has awarded contracts for a number of the zones. CMS is still working to issue awards for the final ZPIC zones. The seven ZPIC zones include the following states and / or territories:
- Zone 1 – CA, NV, American Samoa, Guam, HI and the Mariana Islands.
- Zone 2 – AdvanceMed: AK, WA, OR, MT, ID, WY, UT, AZ, ND, SD, NE, KS, IA, MO.
- Zone 3 – MN, WI, IL, IN, MI, OH and KY.
- Zone 4 – Health Integrity: CO, NM, OK, TX.
- Zone 5 – AdvanceMed: AL, AR, GA, LA, MS, NC, SC, TN, VA and WV.
- Zone 6 – PA, NY, MD, DC, DE and ME, MA, NJ, CT, RI, NH and VT.
- Zone 7 – SafeGuard Services: FL, PR and VI.
In many instances, these changes have been nothing more than a name change. ZPIC responsibilities are generally the same as those currently exercised by PSCs. While ZPIC overpayment review duties have not appreciably changed, the number of civil and criminal referrals appear to be increasing. In our opinion, ZPICs clearly view their role differently than that of their PSC predecessors. ZPICs clearly view themselves as an integral part of the law enforcement team, despite the fact that they are for-profit contractors. In consideration of their ability to recommend to CMS that a provider be suspended or have their Medicare number revoked, or even refer a provider to law enforcement for civil and / or criminal investigation, providers should take these contractors quite seriously.
Both ZPICs and PSCs have traditionally asserted that unlike their RAC counterparts, they are not “bounty hunters.” ZPICs are not paid contingency fees like RACs but instead directly by CMS on a contractual basis. Nevertheless, common sense tells us that if ZPICs aren’t successful at identifying alleged overpayments, the chances of a ZPIC’s contract with CMS being renewed are likely diminished. AdvanceMed’s recent announcement shows that they are a very profitable entity and are paid on a “cost-plus” basis (leaving room for bonuses and other incentives). Additionally, experience has shown us that despite the fact that ZPICs are expected to adhere to applicable Medicare coverage guidelines, a ZPIC’s interpretation and application of these coverage requirements may greatly differ from your understanding of the same provisions.
In recent years, ZPICs have been aggressively pursuing a wide variety of actions, including but not limited to:
- Pre-Payment Audit. After conducting a probe audit of a provider’s Medicare claims, the ZPIC may place a provider on “Pre-payment Audit” (also commonly referred to as “Pre-Payment Review”). Unlike a post-payment audit, there is no administrative appeals process that may be utilized by a provider for relief. Having said that, there are strategies that may be utilized by a provider which may assist in keeping the time period on pre-payment review at a minimum.
- Post-Payment Audit. Audits conducted by ZPICs primarily involve Medicare claims that have already been paid by the government. In many cases, the ZPICs appear to have conducted a strict application of the coverage requirements, regardless of whether a provider’s deviation from the rules is “de minimus” in nature. In doing so, it is not unusual to find that a provider has failed to comply with each and every requirement. Depending on the nature of the initial sample drawn, a ZPIC may extrapolate the damages in a case, significantly increasing the the alleged overpayment. In doing so, the ZPIC is effectively claiming that the “sample” of claims audited are representative of the universe of claims at issue in an audit.
- Suspension. While the number of suspension actions taken by ZPICs has steadily increased in recent years, Medicare providers should expect to see this number continue to grow. Under the Affordable Care Act (often informally referred to as the “Health Care Reform” Act), CMS’ suspension authority has greatly expanded.
- Revocation. As with suspensions, we have seen a sharp increase in the number of Medicare revocation actions taken over the last year. The reasons for revocation have varied but have typically been associated with alleged violations of their participation agreement. In some cases, the ZPIC contractors found that the provider has moved addresses and did not properly notified Medicare. In other cases, a provider was alleged to have been uncooperative during a site visit. Finally, there were a number of instances where the provider allegedly did not meet the “core” requirements necessary for their facility to remain certified.
- Referrals for Civil and Criminal Enforcement. ZPICs are actively referring providers to HHS-OIG (which can in turn refer the case to the U.S. Department of Justice (DOJ) for possible civil and / or criminal enforcement) when a case appears to entail more that a mere overpayment. However, just because a referral is made doesn’t mean that it will prosecuted. In many instances, HHS-OIG (and / or DOJ) will decline to open a case due to a variety of reasons, such as lack of evidence, insufficient damages, etc.).
III. Steps Providers Can Take Now, Before They are Subjected to a ZPIC Audit:
In responding to a ZPIC audit, it is important to remember that although they may not technically be “bounty hunters,” it is arguably to their benefit to find that an overpayment has occurred. These overpayments are often based on overlapping “technical” (such as an incorrect place of service code) and “substantive” (such as lack of medical necessity) reasons for denial. In recent years, the level of expertise exercised by ZPICs is often quite high — noting multiple reasons for denial and concern.
Unfortunately, the reality is that most (if not all) Medicare providers will find themselves the subject of a ZPIC, CERT, RAC or other type of claims audit at some point in the future. In our opinion, the single most effective step you can take to prepare for a contractor audit is to ensure that your organization has implemented and is adhering to an effective Compliance Plan. Several general points to consider also include:
Keep in mind your experiences with PSCs and other contractors. The lessons you have learned responding to PSC, CERT and RAC audits can be invaluable when appealing ZPIC overpayments. As you will recall, the appeals rules to be followed are virtually the same.
Monitor HHS-OIG’s Work Plan. While often cryptic, it can be invaluable in identifying areas of government concern. Are any of the services or procedures your organization currently provides a focus of HHS-OIG’s audit or investigative?
Keep an eye on RAC activities. Review the service-specific findings set out in annual RAC reports. Review targeted areas carefully to ascertain whether claims meet Medicare’s coding and medical necessity policies.
You never realize how bad your documentation is until your facility is audited. While many providers start out “over-documenting” services (to the extent that there is such a thing), a provider’s documentation practices often become more relaxed as time goes on – especially when the provider has not been audited for an extended period of time. In such situations, both physicians and their staff may fail to fully document the services provided. Moreover, the care taken to ensure that all supporting documentation has been properly secured may have also lapsed over the years.
Review your documentation. Imagine you are an outside third-party reviewer. Can an outsider fully appreciate the patient’s clinical status and the medical necessity of treatment? Are the notes legible and written is a clear fashion? Compare your E/M services to the 1995 or 1997 Evaluation and Management (E/M) Guidelines – have you fully and completely documented the services you provided? If dealing with skilled services, have you fully listed and discussed both the need for skilled services and the specific skilled services provided?
IV. Closing Thoughts:
Imagine a ZPIC hands you a claims analysis rife with alleged errors, an indecipherable list of statistical formulas, and an extrapolated recovery demand that will cripple your practice or clinic. What steps should you take to analyze their work? Based on our experience, providers can and should carefully assess the contractor’s actions, particularly the use of formulas and application of the RAT-STATS program when selecting a statistical sample and extrapolating the alleged damages based on the sample. Over the years, we have challenged the extrapolation of damages conducted by Medicare contractors around the country, including tens of thousands of claims. Regardless of whether you are a Skilled Nursing Facility providing skilled nursing and skilled therapy services, an M.D. or D.O. providing E/M services, a Home Health company or a Durable Medical Equipment (DME) company, it is imperative that you work with experienced legal counsel and statistical experts to analyze the actions take by a ZPIC.
Liles Parker attorneys and staff have extensive experience representing a wide range of Medicare providers in audits by ZPICs, PSCs and other contractors. Should you have questions regarding an inquiry from a ZPIC, PSC or RAC that you have received, please feel free to give us a call for a complimentary consultation. We can be reached at: 1 (800) 475-1906.
I. SNF Medicare Denial Letters Background
The Prospective Payment System (PPS) under which Skilled Nursing Facilities (SNFs) are reimbursed by Medicare has long been criticized by many concerned with curbing waste, fraud, and abuse in the Medicare program. Critics argue that, because the SNF reimbursement rate is prospective in nature and largely commensurate with the extent of skilled services provided to a beneficiary, SNFs will be more likely to provide unnecessary or unreasonable services for beneficiaries, thus increasing their reimbursement. For example, simply increasing the number of minutes of therapy a beneficiary receives (or providing a second or third therapy modality) could upgrade the Resource Utilization Group (RUG) to which the patient has been assigned, thereby resulting in a substantially higher reimbursement rate for the provider. This concern has prompted increased scrutiny of SNF billing practices and resulted in the issuance of SNF Medicare denial letters from Zone Program Integrity Contractors (ZPICs).
II. Questionable Billing Practices by Skilled Nursing Facilities
The Office of the Inspector General of the Department of Health and Human Services (HHS-OIG) recently released a report entitled “Questionable Billing Practices by Skilled Nursing Facilities”. The three chief objectives of this report were to:
- Ascertain the extent to which billing practices by SNFs changed between 2006 and 2008;
- Determine the extent to which billing varied by type of SNF ownership in 2008; and
- Identify SNFs that engaged in questionable billing practices in 2008.
HHS-OIG analyzed Part A SNF claim line items from 2006 and 2008, including the types of RUGs billed by SNF, beneficiary characteristics, and the average length of stay in the SNF for each beneficiary. OIG specifically focused on SNFs that billed frequently for higher-paying RUGs, namely those falling under the “Rehabilitation” or “Rehabilitation Plus Extensive Services” categories.
Based on the data it reviewed, OIG reached several conclusions regarding the billing practices of SNFs between 2006 and 2008, most notably:
- The percentage of “Ultra High” therapy RUG placements increased substantially between 2006 and 2008, while RUG assignment rates for all other categories decreased or remained static. This increase in “Ultra High” therapy RUG billing represented approximately $5 billion in additional Medicare payments to SNFs between 2006 and 2008.
- For-profit SNFs were more likely than non-profit or government SNFs to bill for higher paying RUGs.
- Three quarters of all SNFs had up to 39% placement rates in “Ultra High” therapy RUGs.
HHS-OIG then outlined several recommendations based on its conclusions, one of which entailed increased oversight of SNFs that bill for higher paying RUGs:
CMS should instruct its contractors to monitor the SNFs billing for higher paying RUGs using the indictors discussed in this report. Specifically, the contractors should determine for each SNF: (1) the percentage of RUGs for ultra high therapy; (2) the percentage of RUGs with high ADL scores, and (3) the average length of stay. CMS should develop thresholds for each of these measures and instruct contractors to conduct additional reviews of SNFs that exceed them. If SNFs from a particular chain frequently exceed these thresholds, then additional reviews should be conducted of the other SNFs in that chain.
Contractors should use this information to target their efforts to more effectively identify and prevent inappropriate billing. Contractors could conduct medical reviews of a sample of claims from SNFs that exceed these thresholds. Contractors could use their findings to recover inappropriate payments, to place certain SNFs on prepayment review, and to initiate fraud investigations.
The message to Medicare contractors is crystal clear: SNFs, especially those that have a significant placement rate for “Ultra High” therapy RUGs, should be increasingly targeted for audits. Expect SNF Medicare denial letters to rise precipitously Meanwhile, OIG has shown no signs of relenting in its scrutiny of SNFs, noting in its 2011 Work Plan that:
We will review the extent to which payments to SNFs meet Medicare coverage requirements . . . We will conduct a medical review to determine whether claims were medically necessary, sufficiently documented, and coded correctly during calendar year (CY) 2009.
Providers should ensure that their medical records and documentation satisfy applicable regulations and that they have an effective compliance plan in place to deter future audits. Otherwise, facilities targeted for review could face the imposition of prepayment review status, SNF Medicare denial letters, payment bans, or even civil monetary penalties (CMPs).
III. Areas of Focus by Medicare Contractors:
Based on the concerns raised by HHS-OIG, ZPICs, RACs, MACs, and other Medicare contractors conducting audits of SNFs are likely to focus on the following issues:
Proper RUG Placement: SNF care must be provided at the appropriate level. This means that all services are necessary and reasonable and information entered on all Minimum Data Sets (MDS) for each beneficiary is complete and accurate. Contractors will closely scrutinize all RUG assignments, particularly those falling under the “Ultra High” therapy category.
Necessity and Reasonableness of Therapy Care: All therapy services must be consistent with the nature and severity of the beneficiary’s illness or injury. In many instances, contractors may question the therapy modalities provided to a beneficiary, the amount of therapy a beneficiary receives, or even the activities in which a beneficiary participates during therapy.
Provision of Skilled Care: All care provided by an SNF must be “skilled,” meaning that it can only be safely or effective provided by technical or professional personnel, such as nurses or therapists. Contractors will often conclude that skilled care is not supported by documentation that is vague, generic, or repetitive.
Providers should review their medical documentation and related policies to ensure that, at a minimum, all of the elements and requirements discussed above are adequately addressed. There are also a number of additional steps providers can take to limit their liability in any future audits and reduce the chances of receiving the dreaded SNF Medicare denial letters.
IV. How to Avoid SNF Medicare Denial Letters and What To Do if You Get One
1. Tailor Each Care Plan to the Beneficiary’s Individual Needs: As discussed above, care provided by an SNF must be necessary and reasonable, meaning that it is consistent with the beneficiary’s illness or injury. This is essentially a principle of proportionality. Providers should ensure that all RUG classifications and care plans created for beneficiaries- especially therapy care plans- are tailored to the beneficiary’s individual needs and designed to address the beneficiary’s functional deficits. Contractors will be on the look out for RUG assignments or care plans that provide for overly extensive services or excessive treatment modalities.
2. Maintain Detailed Medical Records: SNFs must provide beneficiaries with “skilled” care, so all documentation should be sufficiently detailed to reflect the technical or specialized knowledge of the SNF staff. SNFs should also amply document all activities related to management and evaluation of beneficiary care plans, observation and assessment of beneficiaries’ medical conditions, any beneficiary education services regarding self-care, or any therapeutic exercises conducted with the beneficiary.
3. Ensure that the MDS is Consistent with the Beneficiary’s Clinical Record: The first document a contractor will scrutinize when it questions a RUG placement will be the MDS. Contractors will often argue that the information coded on the MDS is inconsistent with the clinical record. Providers should thus ensure that all data entered on every MDS is supported by the corresponding clinical record. A more robust record will make it much harder for a contractor to successfully challenge a RUG classification.
4. Consult Qualified Counsel: The consequences of an audit can be financially devastating to a provider. In light of increased scrutiny from Medicare contractors and the overall complexity of the medical review process, providers should consult qualified counsel if they have concerns regarding the sufficiency of their medical documentation or a potential audit. Counsel can assist providers with designing and implementing a comprehensive compliance plan or, if necessary, effectively responding to an audit initiated by a Medicare contractor. Liles Parker attorneys and staff have extensive experience handling both (a) administrative appeals of denied claims in post-payment audits by ZPICs and PSCs, and (b) working with therapy and other providers to devise effective compliance plans and provisions designed to assist these providers in meeting their statutory, regulatory and administrative obligations under the Medicare and Medicaid programs.
In our opinion, Medicare contractors (including ZPICs, PSCs and RACs), acting at the direction of CMS and HSS-OIG, will continue to expand their audit efforts against SNFs, particularly those with a significant number of beneficiaries assigned to “Ultra High” therapy RUGs, and issue SNF Medicare denial letters. Accordingly, SNFs should review the quality and sufficiency of their documentation and implement comprehensive compliance efforts to deter potential audits. Therefore, it is imperative that affected providers immediately take steps to assess their current practices and take remedial steps to correct any deficiencies identified.
Liles Parker attorneys and staff have extensive experience representing Medicare providers in post-payment audits of therapy and related skilled claims by ZPICs and other contractors. Should you have questions regarding this article or the appeal of Medicare post-payment audits, please give us a call for complimentary consultation. We can be reached at 1-800-475-1906.
(January 11, 2011): As you recall at the end of 2010 we identified the “Top Ten Health Care Compliance Risks for 2011.” The purpose of this and subsequent articles is to analyze two of those risks; Zone Program Integrity Contractors (ZPICs) and Payment Suspension Actions. Over the next few days we will be discussing these two risk areas in depth.
As discussed in our “Top Ten” article, we anticipate that ZPICs will ratchet up their use of provider suspension actions in 2011. At the close of 2010, there already appeared to be an increase in the use of suspension actions by ZPICs in South Texas and in other areas of the country. In many instances, these actions were the result of sophisticated data mining techniques by ZPICs. While cases are initiated in a variety of ways (including, but not limited to whistleblower complaints, anonymous reports to the government’s fraud hotline, etc.), data mining is a key tool relied on by ZPICs and government agencies for targeting purposes.
After analyzing the data, ZPICs often send out requests for information or conduct site visits of health care provider facilities. These requests and / or site visits can result in medical reviews, demands for alleged overpayments, or lead to referrals to one or more government investigative agencies (such as the Department of Health and Human Services’ Office of Inspector General (HHS-OIG), the State Medicaid Fraud Control Unit (MFCU) and / or the Federal Bureau of Investigation (FBI)). Since established, ZPICs have clearly met their goal of developing “innovative data analysis methodologies for detecting and preventing Medicare fraud and abuse.” Rather than pursuing merely administrative overpayment cases, over the last six months, we have noted an increase in the number of cases referred to law enforcement for fraud investigation. While seven ZPIC zones have been identified, only three companies have been awarded ZPIC contracts at this time. Where ZPIC contracts remain pending, Program SafeGuard Contractors (PSC) are typically still operating and are conducting essentially the same duties as their ZPIC counterparts. The seven ZPIC zones include:
- Zone 1- CA, NV, American Samoa, Guam, HI and the Mariana Islands.
- Zone 2 includes; AK, WA, OR, MT, ID, WY, UT, AZ, ND, SD, NE, KS, IA, MO.
- Zone 3-MN, WI, IL, IN, MI, OH and KY.
- Zone 4-CO, NM, OK, TX.
- Zone 5- AL, AR, GA, LA, MS, NC, SC, TN, VA and WV
- Zone 6- PA, NY, MD, DC, DE and ME, MA, NJ, CT, RI, NH and VT.
- Zone 7- FL, PR and VI
The following map reflects zones where the ZPIC contractor is currently operating. Each of the ZPICs listed below are actively sending out requests for information and / or conducting site visits. In a number of instances, the ZPICs have been noted to be suspending providers from the Medicare program based on variety of alleged statutory and / regulatory violations.
ZPICs have been very active in their site visits which have brought about Medicare suspension and revocation actions. In some cases, these site visits have resulted in allegations of “fraud or willful misrepresentation” with ZPIC’s contacting of CMS for approval to place the provider on payment suspension. In tomorrow’s article, we will be examining the primary reasons cited by the Centers for Medicare and Medicaid Services (CMS) when placing a provider on payment suspension status.
Robert W. Liles serves as Managing Partner at Liles Parker. Robert and our other attorneys have extensive experience representing health care providers in ZPIC initiated actions. Should your Physician Practice, Home Health Agency, Hospice Company, Physical / Occupational / Speech Therapy Clinic, Ambulance Company, Therapy Company, Pain Clinic be subjected to a ZPIC audit, give us a call for a free consultation. We can be reached at: 1 (800) 475-1906.
South Texas Health Care Providers Remain Under Considerable Scrutiny by HEAT Prosecutors and Investigators – Compliance Isn’t Optional – It’s Essential in 2011.
(January 6, 2011): Three Houston-area residents, one of whom is a physician, were sentenced to prison on January 4th for their roles in a multi-million dollar durable medical equipment (DME) Medicare fraud scheme. Each of the three defendants were also ordered to pay restitution to the Federal government, in amounts ranging from $29,052 to $1.4 million.
I. Background of DME Fraud Case:
According to DOJ, a Houston-area DME company improperly billed Medicare for power wheelchairs and orthotic devices, beginning in 2003 and continuing until late 2009. In addition to the three co-conspirators sentenced today, a total of eight other individuals were convicted for their participation in the fraudulent scheme. One of the eight included the owner of the DME company.
At trial, Federal prosecutors were able to show that a variety of fraudulent actions had been taken by members of the group, ranging from the payment of illegal kickbacks to the prescription of medically unnecessary devices.
II. Medicare Strike Force Efforts to Combat DME Fraud in Texas are Expanding:
Notably, this was just the latest case investigated by members of the DOJ / HHS-OIG / MFCU Health Care Fraud Prevention and Enforcement Action Team (HEAT). This strike force is responsible for investigating and prosecuting cases throughout South Texas. As DOJ noted:
“Since their inception in March 2007, Strike Force operations in seven districts have obtained indictments of more than 850 individuals who collectively have falsely billed the Medicare program for more than $2.1 billion. In addition, HHS’s Centers for Medicare and Medicaid Services, working in conjunction with the HHS-OIG, are taking steps to increase accountability and decrease the presence of fraudulent providers.”
Both Federal and State investigators are aggressively targeting non-compliant providers. South Texas providers who take the time to review and update their current Compliance Plan should also conduct a gap analysis to better ensure that their operational and billing practices fully comply with applicable statutory and regulatory requirements.
Robert W. Liles is Managing Partner at Liles Parker. Robert and other firm attorneys have extensive experience representing health care providers in alleged Medicare overpayment and fraud cases. Should you have questions about our services, give us a call for a free consultation. We can be reached at 1 (800) 475-1906.
(December 31, 2010): In case you missed it, Congress, President Obama and the healthcare regulators had a banner year with respect to regulatory activism in 2010. Over the next several weeks we will be releasing a series of articles on our website addressing these dramatic changes and the compliance risks they present for your practice, clinic or health care business in 2011:
Compliance Risk Number 1: Increased “HEAT” Activity and Enforcement: Perhaps the greatest risk to consider in 2011 is the increase in targeted health care fraud enforcement efforts by the government’s Health Care Fraud Prevention and Enforcement Action Team (HEAT). These teams are comprised of top level law enforcement and professional staff from the U.S. Department of Justice (DOJ), the Department of Health and Human Services (HHS), and their various operating divisions. HEAT team initiatives have been extraordinarily successful in coordinating multi-agency efforts to both prevent health care fraud and enforce current anti-fraud initiatives.
As DOJ noted in September 2010, over the previous Fiscal Year, DOJ (including its 94 U.S. Attorneys’ Offices), HHS’ Office of Inspector General (HHS-OIG), and the Centers for Medicare and Medicaid Services (CMS), jointly accomplished the following:
- Filed charges against more than 800 defendants.
- Obtained 583 criminal convictions.
- Opened 886 new civil health care fraud matters.
- Obtained 337 civil administrative actions against parties committing health care fraud.
- Through these efforts, more than $2.5 billion was recovered as a result of the criminal, civil and administrative actions handled by these joint agencies.
President Obama’s FY 2011 budget request includes an additional $60.2 million in funding for the HEAT program. These funds will be used to establish additional teams and further fund existing investigations. Now, more than ever, it is imperative that you ensure that your Compliance Plan is both up-to-date and fully implemented. Medicare providers are obligated to adhere to statutory and regulatory requirements and the government’s HEAT teams are aggressively investigating providers who fail to comply with the law.
Compliance Risk Number 2: Zone Program Integrity Contractor (ZPIC) / Program SafeGuard Contractor (PSC) / Recovery Audit Contractor (RAC) Audits of Medicare Claims: As you already know, private contractor reviews of Medicare claims are big business – one ZPIC was awarded a five-year contract worth over $100 million. In 2011, we should expect to see:
- The number of ZPIC / PSC / RAC audits of Physician Practices, Home Health Agencies, Hospice Companies, DME Suppliers and Chiropractic Clinics will greatly increase in 2011.
- The reliance of both contractors and the government on data mining will continue to grow. Providers targeted will likely be based on utilization rates, prescribing practices and billing / coding profiles.
- An increase in the number of Administrative Law Judge (ALJ) hearings in where ZPIC representatives choose to attend the hearing as a “participant.” In these hearings, the ZPIC representative will likely aggressively oppose any arguments in support of payment that you present.
Are you ready for an unannounced / unanticipated site visit or audit? When is the last time that you have conducted an internal review of your billing / coding practices? Are you aware of the hidden dangers when conducting these reviews? In 2011, your Compliance Officer may very well be your most important non-clinical staff member. Physicians and other providers should work with their Compliance Officer to better prepare for the unexpected audit or investigation.
Compliance Risk Number 3: Electronic Medical Records: Unfortunately, some early adopters of Electronic Medical Records (EMR) software are now having to respond to “cloning” and / or “carry over” concerns raised by ZPICs and Program SafeGuard Contractors (PSCs). In a number of cases, these audits appear to be the result (at least in part) of inadequately designed software programs which generate progress notes and other types of medical records that do not adequately require the provider to document individualized observations. Instead, the information gathered is often sparse and similar for each of the patients treated. Take care before converting your practice or clinic to an EMR system. Include your Compliance Officer in the selection and review process.
Compliance Risk Number 4: Physician Quality Reporting Initiative (PQRI) Issues: Under the Health Care Reform legislation passed last March. PQRI was changed from a voluntary “bonus” program to one in which penalties will be assessed if a provider does not properly participate. As of 2015, the penalty will be 1.5% and will increase to 2.0% in 2016 and subsequent years. Additionally, questions about the use of PQRI date in “Program Integrity” targeting remain unanswered. Once again, it is essential that your Compliance Officer provide guidance to your staff regarding this program and its potential impact.
Compliance Risk Number 5: Medicaid Integrity Contractors (MICs) and Medicaid Recovery Audit Contractors (MDRACs): In recent months, we have seen a marked increase in the number of MIC inquiries and audits initiated in southern States. Notably, the information and documentation requested has often been substantial. Medicaid providers must now also contend with MDRACs. As a result of health care reform, MDRACs are now mandatory in every State and are may initiate reviews and audits as soon as March 2011. Compliance Officers should review their current risk areas and ensure that Medicaid coding and billing activities are actively monitored to better ensure statutory / regulatory adhereance.
Compliance Risk Number 6: HIPAA / HITECH Privacy Violations: Failure to comply with HIPAA can result in civil and / or criminal penalties. (42 USC § 1320d-5).
- Civil Penalties – A large retail drug store company was recently fined $2.25 million for failure to properly dispose of protected information.
- Criminal Penalties – Earlier this year, a physician in Los Angeles, CA, was sentenced to four months in prison after admitting he improperly accessed individual health information.
As of mid-2010, there had been 93 breaches affecting 500 or more individuals. The total number of individuals whose information was disclosed as a result of these breaches was estimated at over 2.5 million. Out of the 93 breaches, 87 involved breach of hard copy or electronic protected health information (about 1/4 involved paper records and 3/4 involved electronic records. The vast majority of the 93 breaches involved theft or loss of the records. Many of these thefts could have been avoided with appropriate security. The government is serious about privacy and your practice, and in 2011 you will likely see increased HIPAA / HITECH enforcement. Your clinic or health care business must take appropriate steps to prevent improper disclosures of health information.
Compliance Risk Number 7: Increased Number of Qui Tams Based on Overpayments: Section 6402 of the recent Health Care Reform legislation requires that all Medicare providers, (a) return and report any Medicare overpayment, and (b) explain, in writing, the reason for the overpayment.
This law creates a minefield for physicians and other Medicare providers. First, providers have only 60 days to comply with the reporting and refund requirement from the date on which the overpayment was identified or, if applicable, the date any corresponding cost report is due, whichever is later. Of course, the legislation does not actually explain what it means to “identify” an overpayment.
From a “risk” standpoint, this change is enormous. Disgruntled employees try to file a Qui Tam (“whistleblower”) lawsuit based on a provider’s failure to return one or more Medicare overpayments to the program in a timely fashion. While the government may ultimately choose not to intervene in a False Claims Act case based on such allegations, a provider could spend a significant amount defending the case. Providers should ensure that billing personnel understand the importance of returning any overpayments identified as quickly as possible.
Compliance Risk Number 8: Third-Party Payor Actions: Third-party (non-Federal) payors are participating in Health Care Fraud Working Group meetings with DOJ and other Federal agents. Over the last year, we have seen an increase in the number of “copycat” audits initiated by third-party payor “Special Investigative Units” (SIUs). Once the government has announced the results of a significant audit, the third-party payor considers the services at issue and reviews whether it may have also been wrongly billed for such services. If so, their SIU opens a new investigation against the provider.
Compliance Risk Number 9: Employee Screening: With the expansion of the permissive exclusion authorities, more and more individuals will ultimately be excluded from Medicare. As we have seen, HHS-OIG is actively reviewing whether Medicare providers have employed individuals who have been excluded. In one recent case, HHS-OIG announced that it had assessed significant civil monetary penalties against a health care provider that employed seven individuals who the provider “knew or should have known” had been excluded from participation in Federal health care programs. These individuals were alleged to have furnished items and services for which the provider was paid by Federal health care programs. All providers should periodically screen their staff against the HHS-OIG and GSA databases to ensure that their employees have not been excluded from participation in Federal Health Benefits Programs.
Compliance Risk Number 10: Payment Suspension Actions: Last, but not least, we expect the number of payment suspension actions to increase in 2011. In late 2010, Medicare contractors recommended to CMS that this extraordinary step be taken against providers in connection with a wide variety of alleged infractions. Reasons given for suspending a provider’s Medicare number included, but were not limited to: (1) the provider failed to properly notify Medicare of a change in location, (2) the provider allegedly engaged in improper billing practices, and (3) the provider failed to fully cooperate during a site visit.
As each of these compliance risks reflect, health care providers are expected to fully comply with a wide myriad of Medicare and Medicaid statutory and regulatory requirements. Moreover, the failure to meet these obligations can subject a provider to penalties ranging from suspension from the program to criminal prosecution. Providers must take compliance seriously if they hope to thrive in 2011.
Liles Parker attorneys provide health law guidance and advice to health care providers around the country. Our attorneys have extensive experience working on compliance related matters and defending providers in connection with Medicare audits and investigations. Should you have questions regarding these and other issues, give us a call for a free consultation. We can be reached at 1 (800) 475-1906.
(December 11, 2010): Earlier this week, HHS-OIG announced that it had assessed significant civil monetary penalties (CMPs) against a health care provider that employed seven individuals who the provider “knew or should have known” had been excluded from participation in Federal health care programs. These individuals were alleged to have furnished items and services for which the provider was paid by Federal health care programs. Medicare exclusion screening is essential.
I. The Failure to Conduct Proper Medicare Exclusion Screening Activities Can Result in Significant CMPs.
The provider paid $376,432 to resolve these allegations. As Lewis Morris, Chief Counsel to the Office of Inspector General stated:
“Providers self-disclosing such violations will ultimately pay lower settlement amounts. . . But in cases initiated by the government — such as this one — providers will, as a matter of course, be required to pay more to resolve the matter.’
As Mr. Morris further noted:
“This case illustrates yet again that OIG will pursue CMPs when providers have employed an excluded person for the furnishing of items or services paid for by Federal health care programs,”
Notably, this matter was referred to HHS-OIG for investigation by the State Medicaid Fraud Control Unit (MFCU).
II. Lessons to be Learned.
This case illustrates a number of important lessons for all health care providers who participate in Federal Health Benefits Program, regardless of size. These lessons include:
Medicare exclusion screening of your employees is easy and quick: It takes very little effort for a provider to screen current and prospective employees against HHS-OIG list of excluded parties and GSA’ s list of parties who have been debarred from participation in Federal contracts. Notably, the failure to screen employees can be quite costly.
No mention of actual fraud or overpayment was mentioned in this case. Nevertheless, the employment of excluded individuals was found to be quite serious by HHS-OIG: HHS-OIG won’t hesitate to pursue civil monetary penalties against a provider who employs excluded individuals, despite the fact that no mention is made of any wrongful billings. Regular screenings of your employees should be made to ensure that none of your employees have been excluded from participation.
The government is serious about self-disclosing problems: HHS-OIG’s Chief Counsel went out of his way to point out that provider’s who self-disclose will ultimately pay a lower amount of damages to the government. While we recognize the government’s preference in this regard, should you identify a problem, you should contact legal counsel before making a self-disclosure. HHS-OIG’s voluntary disclosure protocol has a number of requirements that should be fully assessed prior to deciding to make a disclosure under the program. To be clear, if you owe money to the government, you must pay it back. The issue to be resolved is how to go about returning any monies to which you are not entitled. Depending on the circumstances, a provider may be better off working with their Medicare Administrative Contractor to resolve a problem. In other cases, HHS-OIG’s protocol may be the best option. Every situation is different and should be carefully assessed before action is taken.
Federal and State law enforcement teams are coordinating their actions and findings: Notably, these violations were first identified by a State MFCU who then contacted HHS-OIG. Similarly, we are seeing State Medical Boards advising ZPICs of actions they are taking against licensed health care providers. In several cases, the State Medical Board found that the provider was either not providing adequate supervision over subordinate Nurse Practitioners and Physician Assistants. The ZPIC has then used this as a basis to argue that the claims did not qualify for Medicare coverage.
In summary, health care providers should continually be reviewing their compliance efforts to ensure that basic mistakes such as the ones in this case (failure to properly conduct Medicare exclusion screening procedures of employees) do not occur.
Robert W. Liles serves as Managing Partner at Liles Parker. Robert and our other health law attorneys represent health care providers around the country in connection with compliance and other health law issues. Should you have questions about a health law issue, feel free to call us for a free consultation. We can be reached at: 1 (800) 475-1906.
Number of False Claims Act Investigations Being Pursued is Currently at an All Time High . . . and is Likely to Go Even Higher Due to Changes to the False Claims Act Under Health Care Reform
(November 26, 2010): As set out in a U.S. Department of Justice (DOJ) Press Release issued earlier this week, during Fiscal Year 2010 (ending September 30, 2010), DOJ secured $3 billion in civil settlements and judgments in connection with cases involving fraud against the government. Notably, $2.5 billion (approximately 83%) of the recoveries were related to health care fraud cases. According to DOJ, since January 2009, $5.4 billion has been collected under the False Claims Act and returned to Federal programs (such as the Medicare Trust Fund) and / or the Treasury. As Assistant Attorney General of the Civil Division Tony West reported:
“Under Attorney General Eric Holder’s leadership, our aggressive pursuit of fraud under the False Claims Act has resulted in the largest two-year recovery of taxpayer dollars in the history of the Justice Department. . . Nowhere is this more apparent than in our success in fighting health care fraud. Since January 2009, the Civil Division, together with the U.S. Attorneys’ offices, commenced more health care fraud investigations, secured larger fines and judgments, and recovered more taxpayer dollars lost to health care fraud than in any other two-year period.” (emphasis added).
While the number of False Claim Act cases commenced during the last two years is at an all time high, this number is likely to further grown due to recent changes to the False Claims Act under Health Care Reform.
Pursuant to Section 6402 of the Patient Protection and Affordable Care Act (generally referred to as the “Health Care Reform Act”), Medicare participating providers, including Physicians, Group Practices, Chiropractors, Home Health Agencies, Hospices, Community Mental Health Clinics, and others who bill the identify an “overpayment” must report and return the overpayment, explaining (in writing) how the overpayment occurred within 60 days. As the statute provides:
‘The PPACA states that “[a]ny overpayment retained by a person after the deadline for reporting and returning the overpayment. . . is an obligation [as defined in the False Claims Act.”
Failure to meet this obligation may subject a provider to to monetary penalties of up to $11,000 per claim (in the case, in the form of an “overpayment,” plus treble damages.
As many providers can readily confirm, confirming that an overpayment exists isn’t also that easy, especially in complex cases where a patient has secondary insurance and / or the number of claims processed (as charges, credits and corrections) may be quite large. Additionally, due to the complexity of Medicare coverage and payment rules, two reasonable individuals may disagree as to whether an overpayment is present. In any event, the number of potential whistleblowers (individuals with knowledge of arguable overpayments under Section 6402), will undoubtedly increase.
Health care providers should review their current Compliance Plan to better ensure that internal audit and review mechanisms are in place so that any overpayments can be readily identified and repaid to the government within the 60-day deadline. The decision of where to disclose and return an overpayment, whether to a Medicare Administrative Contractor (MAC), the Department of Health and Human Services – Office of inspector General (HHS-OIG), or to DOJ, may differ depending on the facts. Depending on the size or complexity of an overpayment, a provider may need to contact legal counsel for advise on how to best handle the alleged overpayment. Due to the 60-day deadline, if legal counsel is to be involved, they must should be contacted as soon as possible.
An effective Compliance Plan case assist in the identification and proper handling of overpayments. If your practice has not already implemented an effective Compliance Plan, it should do so immediately.
Robert W. Liles has worked with a wide variety of heath care providers around the country in connection with False Claims Act and / or False Claims Case. Should your practice need assistance with compliance or overpayment issues. For a complimentary consultation, please call: 1 (800) 475-1906.
The Zone 7 ZPIC Has Recommended Revocation of 82% of CORFS and 79% of CMHCs in South Florida – Is Your ZPIC Next?
(October 9, 2010): In late 2008, SafeGuard Services LLC (SafeGuard) was awarded one of the first two contracts to serve as a Zone Program Integrity Contractor (ZPIC) for Zone 7, an area which includes Florida, Puerto Rico and the U.S. Virgin Islands. The contract covered a base year plus four additional years. SafeGuard’s appointment was one of the first actions taken to consolidate the work previously performed by Program SafeGuard Contractors (PSCs) and Medicare Drug Integrity Contractors (MEDICs). Among its consolidated duties, SafeGuard is responsible for handling medical reviews and benefit integrity functions for Medicare claims under both Part A and Part B (hospital, CMHCs, skilled nursing, home health, provider and durable medical equipment). These claims are the focus of this article. SafeGuard became fully operational in Zone 7 on February 1, 2009.
Working together to promote the integrity of the Medicare and Medicaid programs, in recent years Safeguard has developed close working relationships with CMS, HHS-OIG, U.S. Attorney’s Offices, the FBI and other Medicare contractors. .
As with other ZPICs, SafeGuard employs a number of techniques, both proactive and reactive, to address fraud. In recent years, SafeGuard appears to have been one of the leading ZPICs in terms of “data-mining.” The primary source for Medicare claims data is CMS’ National Claims History system. Many of the audit and investigative processes developed by SafeGuard appear to now be employed by other ZPICs
CMS’ Proposed Rule issued September 23, 2010, provides an overview of how CMS and HHS-OIG intend to implement a number of new enforcement tools authorized under the Health Care Reform bill passed last March. In reviewing the Proposed Rule, we unexpectedly learned about several audit initiatives that the “Zone 7 ZPIC” has been pursuing. As the Proposed Rule states:
In addition to GAO and HHS OIG studies and reports, a number of Zone Program Integrity Contractors (ZPIC) and Program Safeguard Contractors (PSC), organizations used by CMS in helping to fight fraud in Medicare, have taken a number of administrative actions including payment suspensions and increased medical review, for the provider and supplier types shown above. For example, the Zone 7 ZPIC contractor in South Florida has conducted onsite reviews at 62 CORFs since January 2010 and recommended revocation for 51 CORFs, or 82 percent of the CORFS in the area. The same contractor has conducted an onsite reviews at 38 CMHCs located in Dade, Broward and Palm Beach County since January 2010, and recommended that 30 CMHCs be revoked for noncompliance (79 percent of the CMHCs in the area). In each instance where the ZPIC requested a revocation, the CMHC was also placed on prepay review. We have also conducted an analysis of IDTF licensure requirements and have found several circumstances that indicate irregularity and potential risk of fraud.” (emphasis added).
Notably, there was no discussion of how the ZPIC expects patients with rehabilitative needs or acute psychiatric treatment needs will be cared for if SafeGuard succeeds in shutting down a vast majority of the CORFs or CMHCs in South Florida. Is your ZPIC next to go down this path?
Liles Parker attorneys represent providers in ZPIC related actions. For a free consultation, please call 1 (800) 475-1906.