ZPIC Audits are Increasing Around the Country — Are You Prepared? Ten Recommendations Aimed at Assisting with Your Preparation Efforts.

(July 24, 2011): Has your Practice, Home Health Agency, Hospice, DME Company or PT / OT / ST Clinic been audited by a Zone Program Integrity Program (ZPIC)?  If not, it may only be a matter of time.  Despite your best efforts to follow Medicare’s directives, your organization may still be identified as an “outlier” by a ZPIC and subjected to a probe review or a full-blown audit.  Should you receive a request for records from a ZPIC, being prepared — in advance of receiving a ZPIC request — can help ensure your organization’s compliance with applicable documentation, coding and billing requirements.  The following recommendations can assist with those efforts:  

Recommendation #1:   If you have not already done so, conduct a “gap” analysis and implement an effective Compliance Plan.  Despite the fact that significant strides in compliance have been made by large Medicare providers (such as hospitals and nursing homes),  it has been our observation that most physician practices and small-to-mid sized provider organizations still do not have a tailored Compliance Plan in place.   To be clear, we recognize that many providers may have copied draft plan off of the internet or purchased a sample plan.  While they may fully intended to follow through with personalization of the draft document, in most of the cases we have seen, more pressing events have taken precedence and these providers have not had the time or expertise to complete the project.

Providers who have not put a Compliance Plan should immediately do so. As you have likely heard, Section 6401 of the Affordable Care Act (ACA)(generally referred to as the “Health Care Reform Act”) states, “. . . a provider of medical or other items or services or supplier within a particular industry, sector or category shall, as a condition of enrollment in the program under this Title. . .establish a compliance program.”   To be clear, at this time, the Department of Health and Human Services, Office of Inspector General (HHS-OIG) has not announced deadlines effectuating this requirement.  Nevertheless, it is merely a matter of time until all providers who choose to participate in the Medicare program will be required to have an effective Compliance Plan in place.  

Rather than wait until the last minute, Medicare providers who have not already done so should immediately take steps to implement an effective plan.  As a first step, providers should review each of the regulatory and statutory provisions related to the specific services being billed to Medicare.  Next, providers should compare their actual documentation, coding and billing practices with Medicare’s rules.  Any gaps between the applicable requirements and a provider’s actual practices must immediately be remedied. Additionally, should these gaps represent an overpayment, the Medicare provider must repay the overpayment to the government within 60 days of identification.    

Prior to conducting a gap analysis, we recommend that providers contact their legal counsel for assistance with both the internal review and with the implementation of an effective Compliance Plan.   While no Compliance Plan can prevent an audit, the implementation of an effective plan will greatly improve a provider’s likely adherence to Medicare’s rules and regulations should a ZPIC audit be initiated.  

Recommendation #2:   Don’t ignore a ZPIC’s request for documents[1]. At the outset, it is important to keep in mind that ZPICs play an important role.  In addition to  auditing records for possible overpayments, ZPICs are also responsible for identifying fraudulent providers (and potenitally fraudulent providers) and making referrals to the Centers for Medicare and Medicaid Services (CMS), the Department of Health and Human Services, Office of Inspector General (HHS-OIG) and the U.S. Department of Justice (DOJ) for further action.  Possible actions taken include, but are not limited to: 

• CMS — Administrative action such as suspension or revocation from the Medicare program.
• HHS-OIG – Administrative action such as Civil Monetary Penalty action.  HHS-OIG may also investigate and refer a provider to DOJ for possible civil litigation under the False Claims Act.  Finally, HHS-OIG may investigate and refer a provider to DOJ for criminal prosecution under the Federal Anti-Kickback Act or a host of other statutes.
• DOJ – May investigate and prosecute a provider for civil and / or criminal violations of law. 

Should you receive a request for documents from your ZPIC, in most cases it will broken into two sections.  The first section will likely focused on business related records, including, but not limited to, copies of: 

“Business contracts or agreements with other providers, suppliers, physicians,  businesses or individuals in place during a specific period.  Additionally, any verbal agreements must be summarized in writing.

A listing of all current and former employes (employed during a specific period), along with their hire date, termination date, reason for leaving, title, qualifications, last known address, phone number.

• A list of all practice locations, along with their address and phone number.
• Leases.
• Employment agreements.
• Medical Director contracts.” 

The unstated purpose of this portion of the ZPIC’s request is likely to identify potential instances of violations of the Federal Anti-Kickback Statute, Stark and / or the False Claims Act.  Should the ZPIC identify a possible violation, it will readily refer the case to CMS, HHS-OIG and / or DOJ, depending on the nature of the potential violation.

In contrast to the first section of the ZPIC’s request, the second section of the request usually lists the patient records and dates of service to be audited by the ZPIC.  While every case is different, the number of claims requested typically ranges from 8 – 100, depending on whether the ZPIC’s request is a “probe review” or a full-blown audit.  On occasion, we have seen the number of claims sought can range from 150 – 300. 

Never ignore a ZPIC request for records.[2] Importantly, should you fail to respond to the ZPIC’s request, the contractor can recommend to the CMS that your organization be suspended[3] or from participation in the Medicare program.  Depending on the ZPIC’s concerns, the contractor can also recommend that CME pursue a revocation action against your organization.  Should you need more time to the ZPIC’s request for supporting documentation, don’t hesitate to request it. 

Recommendation #3:  Remember learning how to “drive defensively” in high school?  Your documentation practices should be approached in a similar fashion.   ZPIC auditors are excellent at identifying one or more ways in which your claims do not meet applicable coverage requirements.  While you may very well disagree with their assessments (especially in “medical necessity” determinations), in all likelihood, when you file a request for redetermination appeal (and later, a request for reconsideration appeal), you will find that your Medicare Administrative Contractor (MAC) and your Qualified Independent Contractor (QIC) agree with the ZPIC’s denial decision.  Rather than endure significant costs and stress when defending against an overpayment assessment, you need to take steps to avoid a denial in the first place. To that end, health care providers should ensure that clinical staff members are fully trained and educated regarding Medicare’s documentation, coding and billing process. 

We recognize that “perfect documentation” is neither required nor realistic to expect from your clinical staff.  Nevertheless, using published reports of other cases, you can show your clinicians that ZPICs  enforce a strict application of Medicare’s documentation and coverage requirements.  Through education and training, your clinical staff will understand why it is imperative that they review, understand and comply with: 

• Any applicable Local Coverage Determinations (LCDs).
• Any Local Medical Review Policies (LMRPs).
• The Medicare Policy Benefit Manual (MPBM).
• The Medicare Program Integrity Manual (MPIM).
• Any statutory provisions which cover the services.
• Any additional guidance issued by Medicare which would apply to these claims.    

It is important that you regularly review the government’s latest concerns and any enforcement actions which have been taken.  Additionally, you should read HHS-OIG’s reports so that you may learn from the mistakes being made by similarly situated providers.  Upon doing so, we recommend that you check the list of “risk areas” in your Compliance Plan and ensure that they reflect both general “risks” and “specific risks” which may be unique to your organization.  Is your organization still in full compliance?  If not, remedial action is likely necessary.  

Recommendation #4:  Retain experienced legal counsel to assist with your efforts. When experiencing symptoms of a cardiac problem, most patients wouldn’t turn over their care to a dermatologist.  Instead, they would seek to be evaluated and treated by a Cardiologist.  Similarly, if you have a health law problem, would it be wise to rely on advice from an attorney specializing in family law?  Ultimately, that’s your call.  While no attorney can guarantee you success — we believe that an experienced health lawyer is well situated to give you advice regarding a Medicare audit or investigation.   Having said that, it is important to recognize that the field of health law is extraordinarily broad.  Should you be audited by a ZPIC or a Recovery Audit Contractor (RAC), don’t hesitate to ask a health lawyer whether they have handled these types of cases before.  If so, how many times have they represented a provider in a ZPIC overpayment case?  When selecting a lawyer, keep in mind that the legal fees charged by an attorney can vary greatly, depending on a variety of factors.  Don’t be shy – ask how much the representation is likely to cost.  While it is often difficult to estimate legal costs due to the various factors faced when handling a ZPIC audit case, most attorneys can give you a range of expected legal fees.  Finally, be sure and ask for references.  Other providers who have been through an administrative appeal case can provide you with invaluable insights into the process.  

Recommendation #5:  The administrative appeals process has become quite complicated in recent years.  ZPIC audits can result in alleged overpayments running into the millions of dollars. Moreover, the ZPIC’s overpayment assessment (and the associated “demand” letter sent by a MAC) isn’t usually the end of the story.  While providers often lose at the redetermination and reconsideration levels of appeal, the third level of appeal – before an Administrative Law Judge (ALJ) – is usually your single best opportunity to prevail in an administrative appeals action.  Over the years, our attorneys have argued cases in front of judges out of each of the field offices of the Office of Medicare Hearings and Appeals (OMHA).   While we may not always agree with their decisions, the ALJs we have practiced before have been professional, fair and more than willing to hear a provider’s arguments in support of payment. 

Should you choose to forego legal counsel and represent yourself in an ALJ hearing, keep in mind that even though these hearings are intended to be “non-adversarial,”  it can feel quite “adversarial“ during the actual hearing.  Furthermore, these proceedings can be quite complicated.  In most large dollar cases, representatives of the ZPIC are participating in the hearing and arguing their position before the ALJ.  ZPIC representatives can include one or more statisticians (if an extrapolation was conducted), a clinician (usually a Registered Nurse who is experienced in conducting medical reviews) and a lawyer.  In a recent Home Health Agency case we handled, this was precisely what occurred.  Frankly, few providers are experienced in presenting their case and in responding to the arguments raised by statisticians, clinicians and lawyers representing a ZPIC.  As a result, it is strongly recommended that the provider consider engaging an experienced and knowledgable attorney. 

Recommendation #6:  When reviewing your claims, you should abide by the following:  First, “If it doesn’t belong to you, give it back.”  Conversely, “If you don’t owe the money, don’t throw in the towel.”  One of the attorneys in our firm is regularly asked to speak at provider conventions around the country.  For years, he has told providers “If it doesn’t belong to you, give it back.”  This simple concept covers a lot of ground when it comes to alleged Medicare overpayments.  Similarly, if the facts and the evidence shows that the claims should have been paid,  think twice before waiving your right to appeal the denial of these claims.  From a practical standpoint, we have heard of  situations where a provider chooses to “just pay the bill” so that the case will quickly be resolved.  Several providers have commented that when dealing with small dollar assessments, it is just easier to pay the alleged overpayment rather than incur the hassle and expense of contesting the contractor’s denial decision.  Although we understand the reasoning behind such a decision, you should keep in mind that every claim which is denied by a ZPIC (and which remains denied) increases a provider’s “error rate.”  If you were a ZPIC, PSC, RAC or MAC contractor, would you choose to audit a provider with a low error rate or a high error rate?  In any event, the bottom line is fairly straight forward.  Should you find that you are not entitled to payment for one or more claims, you must  repay the money to the government as soon as possible (but no later than 60 days after an overpayment has been identified),  regardless of whether the claim is part of an ongoing or recently completed Medicare audit.  If, however, you are audited and you believe that a ZPIC has incorrectly denied one or your claims, you have the right to appeal the denial of these wrongfully denied claims.

Recommendation #7:  Carefully read a ZPIC’s denial decision letter. When you receive a denial decision letter relied upon by a ZPIC, carefully review the notice and determine whether the contractor has specifically addressed the reasons for denial associated with each of the claims at issue.  Every ZPIC is different.  Over the last few months, one of the ZPICs involved in the cases we are handling has been citing only a general reason for denial (such as “not medically necessary”).  Should the ZPIC in your case not provide sufficient information, you will find it difficult, if not impossible, to address any specific reasons your claims have been denied.   Your legal counsel may be able to get the ZPIC to provide additional specificity in connection with their denial reasons.  Alternatively, legal counsel may be able to argue that the ZPIC’s failure to provide specific reasons for denying your claims is a clear violation of your due process rights. 

Recommendation #8:  Don’t forget – shortly after the “demand letter” is sent, any payments you may be expecting may be recouped by your Medicare Administrative Contractor (MAC).   A demand letter from your MAC usually follows a few days  after you receive a ZPIC’s denial decision letter.  While you have 120 days to file a request for redetermination appeal (as outlined in he MAC’s demand letter)[4], should you fail to file the request for redetermination appeal within 30 days of the date of the MAC’s demand letter (not 30 days after receiving the demand letter!), your Medicare payments will be recouped starting on day 41.  Alternatively, a provider may set up an extended repayment program with the MAC so that the alleged overpayment can be repaid through monthly installments.  We strongly recommend that you set this up.  You will then be able to take advantage of the 120 period permited to file a redetermination appeal rather than try and file a poorly prepared set of arguments within the previously discussed 30 day period.  Similar issues (with completely different deadlines) are present at the reconsideration level of appeal — the next level in the administrative appeals process. Once again, these issues can be quite complicated.  We recommend that you discuss available appeals options with your legal counsel. 

Recommendation #9: Foster a corporate culture which encourages compliance.  ZPICs have increased their audit activities dramatically in numerous areas of the country.  South Texas has been especially hard-hit.  Providers in Houston, McAllen, Harlingen, Edinburgh, Laredo, Corpus Christi and Brownsville appear to have experienced a recent surge in audit activity.  Be aware that ZPICs are looking for aberrations in billing patterns and often target providers based on these variations in coding or billing practices.  Compliance with regulations and consistency in your “message” to employees is essential. Establishing good intake and records management procedures, continuing employee education and training efforts, can facilitate the adoption of an ethical, compliant corporate culture.

           And, last but not least,

Recommendation #10:  When drafting a Compliance Plan, providers should include a “Code of Conduct” that is easily understood by all employees.  We believe that a “Code of Conduct” should accurately reflect the belief system an organization has pursued and sincerely intends to follow.   In doing so, an organization can engender a compliant corporate culture.  Over the years, we have seen organizational “Codes of Conduct” which range from a succinctly described phrase to discusions which take up more than a page.

Our favorite “Code of Conduct” (which also happens to be the “Code of Conduct” adopted by our law firm) is used by Cadets at the United States MilitaryAcademy at West Point. Modified for use by health care providers, the “Code of Conduct” reads: 

“Our clinicians and staff will not lie, cheat, steal, or tolerate those who do.”

 

This simple, yet elegant “Code of Conduct” succinctly lays out a provider’s ethical responsibilities, both with respect to Medicare and in their other business dealings.  We recommend that you consider adopting and adhering to this or a similar “Code of Conduct.”

Liles Parker attorneys and staff have extensive experience representing Physicians, Clinics, Home Health Agencies, Hospices, DME Companies, Skilled Nursing Facilities, Chiropractors, Pain Medicine Clinics, Rehabilitative Medicine Clinics and other Medicare providers in connection with audits by ZPICs, PSCs, MACs and other contractors.  We also have years of experience assisting providers with “gap” analyses and in implementing an effective Compliance Plan.  Should you have questions about these or other health law issues, please feel free to call us for a complementary consultation.  We can be reached at:  1 (800) 475-1906.  

AdvanceMed, the ZPIC Responsible for Zone 2 and Zone 5 has Reportedly Been Acquired by NCI

(April 10, 2011):  Last week, it was announced that NCI, Inc., one of the nation’s most successful information technology companies had acquired the outstanding capital stock of AdvanceMed Corporation (AdvanceMed), an affiliate of CSC.  While the acquisition went largely unnoticed by the health care provider community, the transaction may, in fact, be quite significant.  

           With this acquisition by NCI, a recognized powerhouse in information technology, Medicare and Medicaid providers should expect AdvanceMed’s expertise in data mining and investigations to continue to grow.  Medicare and Medicaid providers have an affirmative obligation to ensure that operations, coding and billing activities fully comply with applicable statutory and regulatory requirements.  As AdvanceMed continues to fine-tune its data mining efforts and further expands its ability to conduct “Predictive Modeling,” providers will likely find their actions under the microscope like never before.  It is therefore imperative that all health care providers immediately implement an effective Compliance Plan (if they have not already done so) or further enhance their current compliance efforts.      

          The purpose of this article is to briefly review NCI’s recent acquisition of AdvanceMed.  An overview of the current ZPIC environment is also provided.   

I.        Background:

          NCI first announced its plans to acquire AdvanceMed last February.  As NCI’s February 25th News Release noted (in part):

“The Obama Administration has emphasized reducing fraud, waste, and abuse in Federal entitlements. AdvanceMed is ideally positioned to support the program integrity initiatives of CMS and other Federal Government agencies. . . We are extremely pleased to have AdvanceMed join NCI and believe that this acquisition will provide NCI an outstanding platform to address this rapidly growing market opportunity.” (A complete account of NCI’s announcement can be found at the above link). 

          In recent years, AdvanceMed has positioned itself to where it now has multiple contracts with the Federal government.  In addition to serving as a Zone Program Integrity Contractor (ZPIC) for Zone 2 and Zone 5, the contractor also serves as Program Safeguard Contractor (PSC) in areas not yet converted to the ZPIC system of contractor review.  Additionally, the contractor also serves as a Comprehensive Error Rate Testing (CERT) contractor.   On the Medicaid side,  AdvanceMed serves as a Medicaid Integrity Contractor (MIC).  While a host of other contractors have been awarded contracts covering other zones and program areas, AdvanceMed’s growth has been undeniably impressive.

          As NCI announced in its April 4^th “News Release” covering the acquisition:

“AdvanceMed is a premier provider of healthcare program integrity services focused on the detection and prevention of fraud, waste, and abuse in healthcare programs, providing investigative services to the Centers for Medicare and Medicaid Services (CMS). Serving CMS since 1999, AdvanceMed has grown rapidly, demonstrating the value and return on investment of the Federal Government’s integrity program activities.

AdvanceMed employs a strong and experienced professional staff, which leverages sophisticated information technology, data mining, and data analytical tools, to provide a full range of investigative services directed to the identification and recovery of inappropriate Medicare and Medicaid funds. AdvanceMed supports healthcare programs in 38 states with a staff of more than 450 professionals, including information specialists, nurses, physicians, statisticians, investigators, and other healthcare professionals.

AdvanceMed has multiple contracts with CMS under the Zone Program Integrity (ZPIC), Program Safeguard (PSC), Comprehensive Error Rate Testing (CERT), and Medicaid Integrity (MIC) programs. All of these programs are executed under cost plus contract vehicles. The largest contracts-ZPIC Zone 5 and ZPIC Zone 2-were awarded in late 2009 and 2010 and have five-year periods of performance.

The acquisition price was $62 million. Included within the price is a recently completed, state-of-the-art data center to support the ZPIC Zone 5 and ZPIC Zone 2 contracts. Additionally, NCI will make a 338(h)(10) election, enabling a tax deduction, which is expected to result in a tax benefit with an estimated net present value of approximately $6 million to $8 million. NCI expects the transaction to be slightly accretive to 2011 earnings.

As of the end of March 2011, AdvanceMed has a revenue backlog of approximately $300 million with approximately $51 million of that amount being currently funded. Revenue for the trailing 12 months ending March 31, 2011, is estimated to be approximately $51 million, all of which was generated from Federal Government contracts, and 99% of the work performed as a prime contractor. NCI’s AdvanceMed 2011 revenue, covering the nine-month period of April 2, 2011, to December 31, 2011, is estimated to be in the range of $43 million to $47 million (the equivalent of $57 million to $63 million on a full 12-month basis), with the midpoint reflecting a full-year growth of approximately 16%. . . “ (A complete account of NCI’s announcement can be found at the above link). 

II.      Overview of the ZPIC Program: 

       The following comments are intended to provide an overview of the ZPIC program and is not focused on any ZPIC in particular.  

       Under the Medicare Prescription Drug, Improvement and Modernization Act of 2003 (MMA), CMS was required to take a number of steps intended to streamline the claims processing and review process: 

•  Using competitive measures, CMS was required to replace the current Medicare Fiscal Intermediaries (Part A) and Carriers (Part B) contractors with Medicare Administrative Contractors (MACs). 
• After setting up the new MAC regions, CMS created new entities, called Zone Program Integrity Contractors (ZPICs).  
•  These actions were intended to consolidate the existing program integrity efforts.  Over the last 2 — 3 years, ZPICs have been taking over PSC audit and enforcement activities around the country.

           At the time of transition, there were twelve PSCs that had been awarded umbrella contracts by CMS. As these contracts have expired, CMS has transferred the PSCs’ fraud detection and deterrence functions over to ZPICs.   Of the seven ZPIC zones established in the MMA, CMS has awarded contracts for a number of the zones. CMS is still working to issue awards for the final ZPIC zones.  The seven ZPIC zones include the following states and / or territories: 

• Zone 1 – CA, NV, American Samoa, Guam, HI and the Mariana Islands. 
• Zone 2 – AdvanceMed: AK, WA, OR, MT, ID, WY, UT, AZ, ND, SD, NE, KS, IA, MO. 
• Zone 3 – MN, WI, IL, IN, MI, OH and KY. 
• Zone 4 – Health Integrity: CO, NM, OK, TX. 
• Zone 5 – AdvanceMed: AL, AR, GA, LA, MS, NC, SC, TN, VA and WV.  
• Zone 6 – PA, NY, MD, DC, DE and ME, MA, NJ, CT, RI, NH and VT. 
• Zone 7 – SafeGuard Services: FL, PR and VI. 

          In many instances, these changes have been more of a “name change” rather than a substantive change in the way claims will be audited. ZPIC responsibilities are generally the same as those currently exercised by PSCs. While ZPIC overpayment review duties have not appreciably changed, the number of civil and criminal referrals appear to be increasing. In our opinion, ZPICs clearly view their role differently than that of their PSC predecessors.  ZPICs clearly view themselves as an integral part of the law enforcement team, despite the fact that they are for-profit contractors.  In consideration of their ability to recommend to CMS that a provider be suspended or have their Medicare number revoked, and / or refer a provider to law enforcement for civil and / or criminal investigation, providers should take these contractors quite seriously.

          Both ZPICs and PSCs have traditionally asserted that unlike their RAC counterparts, they are not “bounty hunters.”  ZPICs are not paid contingency fees like RACs but instead directly by CMS on a contractual basis.  Nevertheless, common sense tells us that if ZPICs aren’t successful at identifying alleged overpayments, the chances of a ZPIC’s contract with CMS being renewed are likely diminished.  Additionally, experience has shown us that despite the fact that ZPICs are expected to adhere to applicable Medicare coverage guidelines, a ZPIC’s interpretation and application of these coverage requirements may greatly differ from your understanding of the same provisions.

           In recent years, ZPICs have been aggressively pursuing a wide variety of actions, including but not limited to: 

• Pre-Payment Audit.  After conducting a probe audit of a provider’s Medicare claims, the ZPIC may place a provider on “Pre-payment Audit” (also commonly referred to as “Pre-Payment Review”).  Unlike a post-payment audit, there is no administrative appeals process that may be utilized by a provider for relief.  Having said that, there are strategies that may be utilized by a provider which may assist in keeping the time period on pre-payment review at a minimum.   
• Post-Payment Audit.  Audits conducted by ZPICs primarily involve Medicare claims that have already been paid by the government.  In many cases, the ZPICs appear to have conducted a strict application of the coverage requirements, regardless of whether a provider’s deviation from the rules is “de minimus” in nature. In doing so, it is not unusual to find that a provider has failed to comply with each and every requirement.  Depending on the nature of the initial sample drawn, a ZPIC may extrapolate the damages in a case, significantly increasing the the alleged overpayment.  In doing so, the ZPIC is effectively claiming that the “sample” of claims audited are representative of the universe of claims at issue in an audit.  
• Suspension.  While the number of suspension actions taken by ZPICs has steadily increased in recent years,  Medicare providers should expect to see this number continue to grow.  Under the Affordable Care Act (often informally referred to as the “Health Care Reform” Act), CMS’ suspension authority has greatly expanded.   
• Revocation.  As with suspensions, we have seen a sharp increase in the number of Medicare revocation actions taken over the last year. The reasons for revocation have varied but have typically been associated with alleged violations of their participation agreement. In some cases, the ZPIC contractors found that the provider has moved addresses and did not properly notified Medicare. In other cases, a provider was alleged to have been uncooperative during a site visit. Finally, there were a number of instances where the provider allegedly did not meet the “core” requirements necessary for their facility to remain certified.  
• Referrals for Civil and Criminal Enforcement.  ZPICs are actively referring providers to HHS-OIG (which can in turn refer the case to the U.S. Department of Justice (DOJ) for possible civil and / or criminal enforcement) when a case appears to entail more that a mere overpayment. However, just because a referral is made doesn’t mean that it will prosecuted. In many instances, HHS-OIG (and / or DOJ) will decline to open a case due to a variety of reasons, such as lack of evidence, insufficient damages, etc.). 

 III.        Steps Providers Can Take Now, Before They are Subjected to a ZPIC Audit:

          In responding to a ZPIC audit, it is important to remember that although they may not technically be “bounty hunters,” it is arguably to their benefit to find that an overpayment has occurred. These overpayments are often based on overlapping “technical” (such as an incorrect place of service code) and “substantive” (such as lack of medical necessity) reasons for denial.  In recent years, the level of expertise exercised by ZPICs is often quite high — noting multiple reasons for denial and concern.   

          Unfortunately, the reality is that most (if not all) Medicare providers will find themselves the subject of a ZPIC, CERT, RAC or other type of claims audit at some point in the future.  In our opinion, the single most effective step you can take to prepare for a contractor audit is to ensure that your organization has implemented and is adhering to an effective Compliance Plan.  Several general points to consider also include:

Keep in mind your experiences with PSCs and other contractors.  The lessons you have learned responding to PSC, CERT and RAC audits can be invaluable when appealing ZPIC overpayments.  As you will recall, the appeals rules to be followed are virtually the same.

Monitor HHS-OIG’s Work Plan.  While often cryptic, it can be invaluable in identifying areas of government concern.  Are any of the services or procedures your organization currently provides a focus of HHS-OIG’s audit or investigative?

 Keep an eye on RAC activities.  Review the service-specific findings set out in annual RAC reports.  Review targeted areas carefully to ascertain whether claims meet Medicare’s coding and medical necessity policies.

You never realize how bad your documentation is until your facility is audited. While many providers start out “over-documenting” services (to the extent that there is such a thing), a provider’s documentation practices often become more relaxed as time goes on – especially when the provider has not been audited for an extended period of time.  In such situations, both physicians and their staff may fail to fully document the services provided.  Moreover, the care taken to ensure that all supporting documentation has been properly secured may have also lapsed over the years. 

Review your documentation.  Imagine you are an outside third-party reviewer.  Can an outsider fully appreciate the patient’s clinical status and the medical necessity of treatment?  Are the notes legible and written is a clear fashion?  Compare your E/M services to the 1995 or 1997 Evaluation and Management (E/M) Guidelines – have you fully and completely documented the services you provided?  If dealing with skilled services, have you fully listed and discussed both the need for skilled services and the specific skilled services provided?

IV.        Closing Thoughts:

          Imagine a ZPIC hands you a claims analysis rife with alleged errors, an indecipherable list of statistical formulas, and an extrapolated recovery demand that will cripple your practice or clinic. What steps should you take to analyze their work? Based on our experience, providers can and should carefully assess the contractor’s actions, particularly the use of formulas and application of the RAT-STATS program when selecting a statistical sample and extrapolating the alleged damages based on the sample. Over the years, we have challenged the extrapolation of damages conducted by Medicare contractors around the country, including tens of thousands of claims. Regardless of whether you are a Skilled Nursing Facility providing skilled nursing and skilled therapy services, an M.D. or D.O. providing E/M services, a Home Health company or a Durable Medical Equipment (DME) company, it is imperative that you work with experienced legal counsel and statistical experts to analyze the actions take by a ZPIC.  

Liles Parker attorneys and staff have extensive experience representing a wide range of Medicare providers in audits by ZPICs, PSCs and other contractors.  Should you have questions regarding an inquiry from a ZPIC, PSC or RAC that you have received, please feel free to give us a call for a complimentary consultation.  We can be reached at:  1 (800) 475-1906.

2011. . . The Year of Compliance — Avoiding ZPIC Initiated Medicare Suspension Actions

(January 11, 2011): As you recall at the end of 2010 we identified the “Top Ten Health Care Compliance Risks for 2011.”  The purpose of this and subsequent articles is to analyze two of those risks; Zone Program Integrity Contractors (ZPICs) and Payment Suspension Actions. Over the next few days we will be discussing these two risk areas in depth.

I. Overview:

As discussed in our “Top Ten” article, we anticipate that Zone Program Integrity Contractors (ZPICs) will ratchet up their use of provider suspension actions in 2011.  At the close of 2010, there already appeared to be an increase in the use of suspension actions by ZPICs in South Texas and in other areas of the country.  In many instances, these actions were the result of sophisticated data mining techniques by ZPICs.  While cases are initiated in a variety of ways (including, but not limited to whistleblower complaints, anonymous reports to the government’s fraud hotline, etc.), data mining is a key tool relied on by ZPICs and government agencies for targeting purposes. 

After analyzing the data, ZPICs often send out requests for information or conduct site visits of health care provider facilities.  These requests and / or site visits can result in medical reviews, demands for alleged overpayments, or lead to referrals to one or more government investigative agencies (such as the Department of Health and Human Services’ Office of Inspector General (HHS-OIG), the State Medicaid Fraud Control Unit (MFCU) and / or the Federal Bureau of Investigation (FBI)). Since established, ZPICs have clearly met their goal of developing “innovative data analysis methodologies for detecting and preventing Medicare fraud and abuse.”  Rather than pursuing merely administrative overpayment cases, over the last six months, we have noted an increase in the number of cases referred to law enforcement for fraud investigation.  While seven ZPIC zones have been identified, only three companies have been awarded ZPIC contracts at this time.  Where ZPIC contracts remain pending, Program SafeGuard Contractors (PSC) are typically still operating and are conducting essentially the same duties as their ZPIC counterparts.  The seven ZPIC zones include:  

• Zone 1- CA, NV, American Samoa, Guam, HI and the Mariana Islands.
• Zone 2 includes; AK, WA, OR, MT, ID, WY, UT, AZ, ND, SD, NE, KS, IA, MO.
• Zone 3-MN, WI, IL, IN, MI, OH and KY.
• Zone 4-CO, NM, OK, TX.
• Zone 5- AL, AR, GA, LA, MS, NC, SC, TN, VA and WV
• Zone 6- PA, NY, MD, DC, DE and ME, MA, NJ, CT, RI, NH and VT.
• Zone 7- FL, PR and VI

The following map reflects zones where the ZPIC contractor is currently operating.  Each of the ZPICs listed below are actively sending out requests for information and / or conducting site visits.  In a number of instances, the ZPICs have been noted to be suspending providers from the Medicare program based on variety of alleged statutory and / regulatory violations.

ZPICs have been very active in their site visits which have brought about Medicare suspension and revocation actions. In some cases, these site visits have resulted in allegations of “fraud or willful misrepresentation” with ZPIC’s contacting of CMS for approval to place the provider on payment suspension.  In tomorrow’s article, we will be examining the primary reasons cited by the Centers for Medicare and Medicaid Services (CMS) when placing a provider on payment suspension status.

Liles Parker attorneys have extensive experience representing health care providers in ZPIC initiated actions.  Should your Physician Practice, Home Health Agency, Hospice Company, Physical / Occupational / Speech Therapy Clinic, Ambulance Company, Community Mental Health Center, Pain Clinic or other provider entity be audited by a ZPIC, give us a call for a free consultation.  We can be reached at: 1 (800) 475-1906.

Top Ten Health Care Compliance Risks for 2011.

(December 31, 2010):  In case you missed it, Congress, President Obama and the healthcare regulators had a banner year with respect to regulatory activism in 2010.  Over the next several weeks we will be releasing a series of articles on our website addressing these dramatic changes and the compliance risks they present for your practice, clinic or health care business in 2011:

Compliance Risk Number 1:  Increased “HEAT” Activity and Enforcement:  Perhaps the greatest risk to consider in 2011 is the increase in targeted health care fraud enforcement efforts by the government’s Health Care Fraud Prevention and Enforcement Action Team (HEAT).  These teams are comprised of top level law enforcement and professional staff from the U.S. Department of Justice (DOJ), the Department of Health and Human Services (HHS), and their various operating divisions.  HEAT team initiatives have been extraordinarily successful in coordinating multi-agency efforts to both prevent health care fraud and enforce current anti-fraud initiatives.

As DOJ noted in September 2010, over the previous Fiscal Year, DOJ (including its 94 U.S. Attorneys’ Offices), HHS’ Office of Inspector General (HHS-OIG), and the Centers for Medicare and Medicaid Services (CMS), jointly accomplished the following:

• Filed charges against more than 800 defendants.
• Obtained 583 criminal convictions.
• Opened 886 new civil health care fraud matters.
• Obtained 337 civil administrative actions against parties committing health care fraud.
• Through these efforts, more than $2.5 billion was recovered as a result of the criminal, civil and administrative actions handled by these joint agencies. 

President Obama’s FY 2011 budget request includes an additional $60.2 million in funding for the HEAT program. These funds will be used to establish additional teams and further fund existing investigations. Now, more than ever, it is imperative that you ensure that your Compliance Plan is both up-to-date and fully implemented.  Medicare providers are obligated to adhere to statutory and regulatory requirements and the government’s HEAT teams are aggressively investigating providers who fail to comply with the law.

Compliance Risk Number 2:  Zone Program Integrity Contractor (ZPIC) / Program SafeGuard Contractor (PSC) / Recovery Audit Contractor (RAC) Audits of Medicare Claims:  As you already know, private contractor reviews of Medicare claims are big business – one ZPIC was awarded a five-year contract worth over $100 million.  In 2011, we  should expect to see:

• The number of ZPIC / PSC / RAC audits of Physician Practices, Home Health Agencies, Hospice Companies, DME Suppliers and Chiropractic Clinics will greatly increase in 2011.
• The reliance of both contractors and the government on data mining will continue to grow.  Providers targeted will likely be based on utilization rates, prescribing practices and billing / coding profiles.
• An increase in the number of Administrative Law Judge (ALJ) hearings in where ZPIC representatives choose to attend the hearing as a “participant.”  In these hearings, the ZPIC representative will likely aggressively oppose any arguments in support of payment that you present.

Are you ready for an unannounced / unanticipated site visit or audit?  When is the last time that you have conducted an internal review of your billing / coding practices?  Are you aware of the hidden dangers when conducting these reviews?  In 2011, your Compliance Officer may very well be your most important non-clinical staff member.  Physicians and other providers should work with their Compliance Officer to better prepare for the unexpected audit or investigation.

Compliance Risk Number 3: Electronic Medical Records: Unfortunately, some early adopters of Electronic Medical Records (EMR) software are now having to respond to “cloning” and / or “carry over” concerns raised by ZPICs and Program SafeGuard Contractors (PSCs).  In a number of cases, these audits appear to be the result (at least in part) of inadequately designed software programs which generate progress notes and other types of medical records that do not adequately require the provider to document individualized observations.  Instead, the information gathered is often sparse and similar for each of the patients treated.  Take care before converting your practice or clinic to an EMR system.  Include your Compliance Officer in the selection and review process.

Compliance Risk Number 4:  Physician Quality Reporting Initiative (PQRI) Issues:  Under the Health Care Reform legislation passed last March. PQRI was changed from a voluntary “bonus” program to one in which penalties will be assessed if a provider does not properly participate.  As of 2015, the penalty will be 1.5% and will increase to 2.0% in 2016 and subsequent years. Additionally, questions about the use of PQRI date in “Program Integrity” targeting remain unanswered.  Once again, it is essential that your Compliance Officer provide guidance to your staff regarding this program and its potential impact.

Compliance Risk Number 5:  Medicaid Integrity Contractors (MICs)  and Medicaid Recovery Audit Contractors (MDRACs):  In recent months, we have seen a marked increase in the number of MIC inquiries and audits initiated in southern States.  Notably, the information and documentation requested has often been substantial.  Medicaid providers must now also contend with MDRACs.  As a result of health care reform, MDRACs are now mandatory in every State and are may initiate reviews and audits as soon as March 2011.   Compliance Officers should review their current risk areas and ensure that Medicaid coding and billing activities are actively monitored to better ensure statutory / regulatory adhereance.

Compliance Risk Number 6:  HIPAA / HITECH Privacy Violations:  Failure to comply with HIPAA can result in civil and / or criminal penalties. (42 USC § 1320d-5).

• Civil Penalties – A large retail drug store company was recently fined $2.25 million for failure to properly dispose of protected information.
• Criminal Penalties – Earlier this year, a physician in Los Angeles, CA, was sentenced to four months in prison after admitting he improperly accessed individual health information.

As of mid-2010, there had been 93 breaches affecting 500 or more individuals.  The total number of individuals whose information was disclosed as a result of these breaches was estimated at over 2.5 million.  Out of the 93 breaches, 87 involved breach of hard copy or electronic protected health information (about 1/4 involved paper records and 3/4 involved electronic records. The vast majority of the 93 breaches involved theft or loss of the records.  Many of these thefts could have been avoided with appropriate security.  The government is serious about privacy and your practice, and in 2011 you will likely see increased HIPAA / HITECH enforcement.  Your clinic or health care business must take appropriate steps to prevent improper disclosures of health information. 

Compliance Risk Number 7:  Increased Number of Qui Tams Based on Overpayments:  Section 6402 of the recent Health Care Reform legislation requires that all Medicare providers, (a) return and report any Medicare overpayment, and (b) explain, in writing, the reason for the overpayment.

This law creates a minefield for physicians and other Medicare providers.  First, providers have only 60 days to comply with the reporting and refund requirement from the date on which the overpayment was identified or, if applicable, the date any corresponding cost report is due, whichever is later.  Of course, the legislation does not actually explain what it means to “identify” an overpayment.

From a “risk” standpoint, this change is enormous.  Disgruntled employees try to file a Qui Tam         (“whistleblower”) lawsuit based on a provider’s failure to return one or more Medicare overpayments to the program in a timely fashion.  While the government may ultimately choose not to intervene in a False Claims Act case based on such allegations, a provider could spend a significant amount defending the case.  Providers should ensure that billing personnel understand the importance of returning any overpayments identified as quickly as possible.   

Compliance Risk Number 8:  Third-Party Payor Actions:  Third-party (non-Federal)  payors are participating in Health Care Fraud Working Group meetings with DOJ and other Federal agents.  Over the last year, we have seen an increase in the number of “copycat” audits initiated by third-party payor “Special Investigative Units” (SIUs).  Once the government has announced the results of a significant audit, the third-party payor considers the services at issue and reviews whether it may have also been wrongly billed for such services.  If so, their SIU opens a new investigation against the provider.

Compliance Risk Number 9:  Employee Screening:  With the expansion of the permissive exclusion authorities, more and more individuals will ultimately be excluded from Medicare.  As we have seen, HHS-OIG is actively reviewing whether Medicare providers have employed individuals who have been excluded.  In one recent case, HHS-OIG announced that it had assessed significant civil monetary penalties against a health care provider that employed seven individuals who the provider “knew or should have known” had been excluded from participation in Federal health care programs. These individuals were alleged to have furnished items and services for which the provider was paid by Federal health care programs.  All providers should periodically screen their staff against the HHS-OIG and GSA databases to ensure that their employees have not been excluded from participation in Federal Health Benefits Programs.

Compliance Risk Number 10:  Payment Suspension Actions:  Last, but not least, we expect the number of payment suspension actions to increase in 2011.  In late 2010, Medicare contractors recommended to CMS that this extraordinary step be taken against providers in connection with a wide variety of alleged infractions.  Reasons given for suspending a provider’s Medicare number included, but were not limited to: (1) the provider failed to properly notify Medicare of a change in location, (2) the provider allegedly engaged in improper billing practices, and (3) the provider failed to fully cooperate during a site visit.

As each of these compliance risks reflect, health care providers are expected to fully comply with a wide myriad of Medicare and Medicaid statutory and regulatory requirements.  Moreover, the failure to meet these obligations can subject a provider to penalties ranging from suspension from the program to criminal prosecution.  Providers must take compliance seriously if they hope to thrive in 2011.

Liles Parker attorneys provide health law guidance and advice to health care providers around the country.  Our attorneys have extensive experience working on compliance related matters and defending providers in connection with Medicare audits and investigations.  Should you have questions regarding these and other issues, give us a call for a free consultation.  We can be reached at 1 (800) 475-1906.

 

The Zone 7 ZPIC Has Recommended Revocation of 82% of CORFS and 79% of CMHCs in South Florida – Is Your ZPIC Next?

(October 9, 2010):  In late 2008, SafeGuard Services LLC (SafeGuard) was awarded one of the first two contracts to serve as a Zone Program Integrity Contractor (ZPIC) for Zone 7, an area which includes Florida, Puerto Rico and the U.S. Virgin Islands.  The contract covered a base year plus four additional years.  SafeGuard’s appointment was one of the first actions taken to consolidate the work previously performed by Program SafeGuard Contractors (PSCs) and Medicare Drug Integrity Contractors (MEDICs). Among its consolidated duties, SafeGuard is responsible for handling medical reviews and benefit integrity functions for Medicare claims under both Part A and Part B (hospital, CMHCs, skilled nursing, home health, provider and durable medical equipment).  These claims are the focus of this article.  SafeGuard became fully operational in Zone 7 on February 1, 2009.

Working together to promote the integrity of the Medicare and Medicaid programs, in recent years Safeguard has developed close working relationships with CMS, HHS-OIG, U.S. Attorney’s Offices, the FBI and other Medicare contractors.  .

As with other ZPICs, SafeGuard employs a number of techniques, both proactive and reactive, to address fraud.  In recent years, SafeGuard appears to have been one of the leading ZPICs in terms of “data-mining.”  The primary source for Medicare claims data is CMS’ National Claims History system.  Many of the audit and investigative processes developed by SafeGuard appear to now be employed by other ZPICs

CMS’ Proposed Rule issued September 23, 2010, provides an overview of how CMS and HHS-OIG intend to implement a number of new enforcement tools authorized under the Health Care Reform bill passed last March.  In reviewing the Proposed Rule, we unexpectedly learned about several audit initiatives that the “Zone 7 ZPIC” has been pursuing.  As the Proposed Rule states:

In addition to GAO and HHS OIG studies and reports, a number of Zone Program Integrity Contractors (ZPIC) and Program Safeguard Contractors (PSC), organizations used by CMS in helping to fight fraud in Medicare, have taken a number of administrative actions including payment suspensions and increased medical review, for the provider and supplier types shown above. For example, the Zone 7 ZPIC contractor in South Florida has conducted onsite reviews at 62 CORFs since January 2010 and recommended revocation for 51 CORFs, or 82 percent of the CORFS in the area. The same contractor has conducted an onsite reviews at 38 CMHCs located in Dade, Broward and Palm Beach County since January 2010, and recommended that 30 CMHCs be revoked for noncompliance (79 percent of the CMHCs in the area). In each instance where the ZPIC requested a revocation, the CMHC was also placed on prepay review. We have also conducted an analysis of IDTF licensure requirements and have found several circumstances that indicate irregularity and potential risk of fraud.” (emphasis added).

 Notably, there was no discussion of how the ZPIC expects patients with rehabilitative needs or acute psychiatric treatment needs will be cared for if SafeGuard succeeds in shutting down a vast majority of the CORFs or CMHCs in South Florida.   Is your ZPIC next to go down this path?

 Liles Parker attorneys represent providers in ZPIC related actions.  For a free consultation, please call 1 (800) 475-1906.

Don’t Take ZPICs’ Extrapolation Calculations at Face Value — Can Their Results Be Readily Reproduced? Don’t Fail to Address These and Other Deficiencies in the Contractor’s Actions

(July 14, 2010): Imagine a ZPIC or PSC hands you a claims analysis rife with alleged errors, an indecipherable list of statistical formulas, and an extrapolated recovery demand that will cripple your practice or clinic.  What steps should you take to analyze their work?  Based on our experience, providers can and should carefully assess the contractor’s actions, use of formulas and application of the RAT-STAT program when selecting a statistical sample and extrapolating the alleged damages based on the sample pulled.  Over the years, we have challenged the extrapolation of damages conducted by Medicare contractors around the country, covering tens of thousands of claims.  Regardless of whether you are providing Partial Hospitalization, Evaluation and Management, Home Health, Physical Therapy, Surgical or other services, it is imperative that you work with experienced legal counsel and statistical experts to analyze the statistical sampling and extrapolation steps taken by the contractor. Should you succeed in invalidating the extrapolation, the whole games changes.  The question is – “How can you go about fighting an extrapolation calculation?”

One method is to show that the contractor’s auditor failed to identify a Statistically Valid Random Sample (SVRT).  Among the first steps is you should take is to retain experienced legal counsel to review the Medicare contractor’s actions.  Notably, there are a multitude of legal arguments which may be asserted (depending on the specific facts in your case).  Our firm has worked with several outstanding statistical experts over the years, each of which has a proven track record of analyzing the contractor’s actions and identifying any flaws made by the ZPIC or PSC when extrapolating damages.    

Notably, Section 3.10.4.2 of CMS’ Medicare Program Integrity Manual establishes that the contractor is obligated to fully document the statistical methods an auditor employs:

“The PSC or ZPIC BI [Benefit Integrity] unit or the contractor MR [Medical Review] unit shall identify the source of the random numbers used to select the individual sampling units. The PSC or ZPIC BI unit or the contractor MR unit shall also document the program and its algorithm or table that is used; this documentation becomes part of the record of the sampling and must be available for review.”  (emphasis added)

“The PSC or ZPIC BI units or the contractor MR units shall document all steps taken in the random selection process exactly as done to ensure that the necessary information is available for anyone attempting to replicate the sample selection.”  (emphasis added)

ZPIC and PSC statisticians must be able show their work to the extent that a reviewer can attempt to “replicate” their actions and determine whether or not the steps taken were consistent with accepted principles and practices of statistical sampling.  The failure of a ZPIC or PSC statistician to fully and properly document his actions may serve as the basis for seeking to invalidate the extrapolation. The calculation of a valid statistical sample and the extrapolation of damages by ZPIC and PSC statistician is a highly complex process. After handling many extrapolated damages cases, we have found that few ZPIC or PSC statisticians fully meet their obligations to document the steps taken and / or conduct the process in a proper fashion, consistent with accepted statistical sampling procedures.  Should your practice or clinic find that it is facing an extrapolated Medicare audit, it is strongly recommended that you engage qualified, experienced counsel to represent you in the process.  Your legal counsel can then engage a qualified statistician to assess the contractor’s actions.

Should you have any questions regarding these issues, don’t hesitate to contact us.  For a complementary consultation, you may call Robert W. Liles or one of our other attorneys at 1 (800) 475-1906.

Can ZPIC Audits Base Their Overpayment Demand on a Mere Sample of Claims? Maybe. . .Maybe Not. . .

(July 12, 2010):  A ZPIC’s use of extrapolation can be a surefire way of destroying a provider’s practice.  We’ve known it for years and yet the government’s passion for statistical sampling only seems to be growing.  This makes it essential for providers to involve experienced counsel as soon as possible after the audit has been conducted.

“Extrapolation” is the process of using statistical sampling in a review to calculate and project (extrapolate) alleged overpayments made in connection with Medicare claims.  Basically, ZPICs seek out errors in an alleged “statistically relevant sample” of the provider’s Medicare claims and then calculate and apply the “error rate” to the entire universe of claims covering a given period of time.  This long-standing practice allows ZPICs to grossly inflate the monetary demands on their audit targets while avoiding actually reviewing each of the Medicare claims in the universe for which they are seeking recoupment or offset.

The practice dates back twenty years to a decision by the Secretary of Health and Human Services (HHS) to authorize the use of statistical sampling in lieu of engaging in onerous claim-by-claim reviews.  In Chaves County Home Health Services v. Sullivan, 931 F.2d 914 (D.C. Cir. 1991), the district court upheld extrapolation as being within the Secretary’s discretion.

In 2003, after years of protest, physicians groups and others succeeded in convincing Congress to place some limitations on the use of extrapolation. Under Section 935 of the Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA), before an auditor can employ extrapolation, there must be either a determination of a sustained or high level of payment error, or documentation that educational intervention has failed to correct the payment error.  While this opens the door to challenging an extrapolation, we also work with a statistical expert to identify other errors made by the ZPIC when conducting an extrapolation.

Over the years, Liles Parker has worked with a number of the best statisticians in the country, challenging the extrapolation and having it invalidated at either the Qualified Independent Contractor (QIC) level or at hearing before an Administrative Law Judge (ALJ).  If your practice or clinic is audited by a ZPIC, we strongly recommend that you engage experienced legal counsel to represent your interests during this complex process.  The legal arguments utilized are driven by the facts in each case.  As a result, you should retain counsel with extensive real-world knowledge of how to best challenge the use of statistical sampling by ZPICs and PSCs.

Should you have any questions regarding these issues, don’t hesitate to contact us.  For a complementary consultation, you may call Robert W. Liles or one of our other attorneys at 1 (800) 475-1906.

 

Part II: A Look at the ZPIC System – The Appointment of Health Integrity to Handle Zone 4

(April 1, 2010): Last week, we posted an initial article examining the ZPIC audit process and the various companies chosen by CMS to administer the program in one or more of the seven “Zones” around the country (based on Medicare Administrative Contractor (MAC) jurisdictions).  As Kim Brandt, CMS’ Program Integrity Group Director has noted, five of the seven zones are considered “hot spots.”  These include: California, Florida, Illinois, New York and Texas.  These five “hot spots” align with Program Integrity field offices.

In September 2008, Health Integrity was awarded the first Zone Program Integrity contract for Zone 4, covering Texas, Colorado, Oklahoma and New Mexico.

On February 1, 2009, Health Integrity began performing program integrity functions for Medicare Part A, Part B, Durable Medical Equipment (DME), Home Health and Hospice services.  Health Integrity was also designated as responsible for handling the Medicare – Medicaid Data Match Projects.  Overall, these responsibilities cover the following six tasks:

• Performing Data Analysis and Data Mining.
• Conducting Medical Reviews in Support of Benefit Integrity.
• Supporting Law Enforcement and Answering Complaints.
• Investigating Fraud and Abuse.
• Recommending Recovery of Federal Funds through Administrative Action.
• Referring Cases to Law Enforcement.

According to Health Integrity, through these efforts, it will “develop innovative data analysis methodologies for detecting and preventing abusive use of services early, develop high quality fraud case referrals for law enforcement, and identify appropriate corrective actions.”

Health Integrity will manage this workload from offices located in Dallas, Texas; San Antonio, Texas; Houston, Texas; Brownsville, Texas; Denver, Colorado; Oklahoma City, Oklahoma; and Albuquerque, New Mexico.  Health Integrity staff include data analysts, nurse reviewers, and fraud investigators.

As you will recall, like RACs, ZPICs are tasked by CMS to “find and prevent waste, fraud and abuse in Medicare.” Consistent with this mandate, ZPICs look at health care provider billing trends and patterns, focusing on those whose billings for Medicare services are higher than their peers. While most cases appear to have been generated as a result of “data mining,” several of our clients are convinced that the audit has been triggered by complaints, likely filed by a former disgruntled employee.

ZPICS are required to use a number of techniques, both proactive and reactive, to address fraud.  These techniques include the ZPIC IT Systems that combine claims data (fiscal intermediary, regional home health intermediary, carrier, and durable medical equipment regional carrier data) and other data to create a platform for conducting complex data analysis. By combining data from various sources, the ZPIC will be expected to present an entire picture of a beneficiary’s claim history regardless of where the claim was processed. The primary source of this data will be the CMS National Claims History (NCH).  Note that RACs are expected to report cases of suspected fraud. However, a RAC denial resulting in a provider repayment will not necessarily prevent a ZPIC and / or HHS-OIG from investigating and prosecuting, if appropriate, allegations of fraud or abuse arising from the overpayment.

Over the last year, we have worked on several cases involving Health Integrity.  Generally, we have been quite pleased with their willingness to consider arguments initially presented the provider.  Moreover, it has been our experience that Health Integrity takes the new 15-day “rebuttal” stage seriously.  Rather than merely “rubber-stamp” their initial findings, the contractor carefully reviewed the “rebuttal” information we submitted, ultimately deciding to significantly reduce the amount of the alleged overpayment.

Unfortunately, our initial concerns regarding the contractors use of statistical extrapolations in estimating damages remain.  As discussed in previous articles, we strongly recommend that you engage the services of experienced counsel if your practice or clinic is subjected to extrapolated damages.

Should you have any questions regarding these issues, don’t hesitate to contact us.  For a complementary consultation, you may call Robert W. Liles or one of our other attorneys at 1 (800) 475-1906.

 

Part I: A Look at the Opposition – For AdvanceMed, It’s Not Personal, It’s Just Business — Big Business . . .

(March 26, 2010):

Overview:  Over the next few days, we will be publishing a brief overview of specific Zone Program Integrity Contractors (ZPICs) – the companies who have been hired by CMS to conduct the medical reviews of Part A and Part B health care providers around the country.  As we have previously discussed, over the last year, ZPICs have been taking over where Program Safeguard Contractors (PSCs) left off.  While our firm is still handling a number of cases that were initiated by PSCs, all of our recent cases have involved ZPICs.

As PSCs and ZPICs have been so quick to point out, they are not paid a percentage of the Medicare overpayments identified like their fellow medical reviewers – Recovery Audit Contractors (RACs).  Nevertheless, as you will soon see, they are handsomely paid for their efforts, albeit in a different fashion than are RACs.

It is essential to keep in mind that both RACs and ZPICs are designed to “find and prevent waste, fraud and abuse in Medicare.” Further, like their RAC cousins, ZPICs look at billing trends and patterns, focusing on providers whose billings for Medicare services are higher than the majority of providers in the community (e.g. their peers).

AdvanceMed:

AdvanceMed Corporation was awarded a $107,957,737.00 five-year contract to handle the ZPIC duties for Zone 5.   Zone 5 covers the states of Alabama, Arkansas, Georgia, Louisiana, Mississippi, North Carolina, South Carolina, Tennessee, Virginia, and West Virginia.  Yes, you read this correctly, AdvanceMed is being paid over $100 million.

As the ZPIC for Zone 5, AdvanceMed assumed the Benefit Integrity functions for Medicare Parts A, B, Durable Medical Equipment, and Home Health and Hospice, as well as establishing a Medicare / Medicaid (Medi-Medi) data matching program for each state within the Zone.

The AdvanceMed Zone 5 ZPIC contract performs the following functions for CMS as a ZPIC:

• Medicare fraud investigation and prevention, including referrals to law enforcement;
• Medicare data analysis (discovery, detection, investigation, and overpayment projection);
• Medical Review to support fraud case development, including coverage and coding determinations;
• Reviewing audit, settlement, and reimbursement of cost reports, and conducting specified audits;
• IT Systems for case and decision tracking and data warehousing;
• Interface with the Medicare contractors, the medical community (outreach & education), and law enforcement; and
• Medicare/Medicaid data matching program safeguards work for each state in Zone 5.

AdvanceMed’s Extrapolations of Alleged Damages:

Over the years, we have gone up against AdvanceMed numerous times, challenging their interpretation of LMRPs / LCDs and assessing the methods they utilized to engage in a statistical extrapolation of the alleged damages in our client’s cases.  To give the company its due – their statistical experts are smart, aggressive and do not hesitate to respond when their methods have been challenged.  We like that – it keeps us sharp.

With the help of some of the best statisticians in the country (including, but not limited to the late Will Yancey, Ph.D.), in  a number of cases, we have been able to show that their extrapolation of damages (and that of other PSCs and ZPICs) has not complied with applicable requirements, and is therefore invalid.  To be fair, every extrapolation is different, both in terms of facts, the methodology employed, and in the associated calculations conducted.  As attorneys, we work with our experts to break down and assess AdvanceMed’s (and other ZPICs) calculations.  Perhaps they handled it appropriately – or maybe they didn’t.  There really isn’t any way to know if it was handled properly without a complete copy of their file (including associated work papers and calculations) so that we can fully assess their actions.

Over the last year, we have seen a marked increase in Medicare contractor (e.g. PSC and ZPIC) participation (as “participants” not as “parties”)  in ALJ hearings.  Their experts have consistently been professional, concise and ready to answer any questions posed by the ALJ.  Our recommendation – both counsel and their defense expert better be prepared.  It’s never to early to start thinking about how to best contest the extrapolation that has been conducted.  As a final point, we are aware of a number of instances where a  provider (or their representative) has chosen to ignore the extrapolation as a contestable issue.  In other words, they just accept the extrapolation as a foregone conclusion and focus solely on the claims.  We respectfully disagree with that approach.  If we identify deficiencies with the extrapolation, we aggressively challenge its application.

AdvanceMed’s Medical Reviews:

Once a provider has been identified as an outlier (or identified as a possible problem through a variety of other mechanisms), a medical review of their claims is often conducted by a ZPIC, such as AdvanceMed.

A number of year ago, Kevin Gerold, CMS’ former Acting Deputy Director for Program Integrity was quoted as saying that the agency had revamped its approach to claims processing in an effort to better “grasp the experience of the patient encounter.” Mr. Gerold was further quoted as saying that CMS was going to “let medical reviewers assess a claim’s legitimacy based on the big picture of the patient encounter, not on a nit-picking slavery to perfect documentation.” Unfortunately, in our humble opinion, AdvanceMed’s medical reviews have conducted have been extremely technical — resulting in the denial of many claims based on minor omissions, technical deficiencies and / or the contractors’ own peculiar spin regarding the application of an LCD.

In responding to AdvanceMed’s reasons for denial, it is essential that you obtain each and every reference relied upon by the contractor when denying the claims at issue.  We have identified multiple instances where a contractor (not necessarily AdvanceMed) attempted to apply an LCD retroactively.  Moreover, it is important to examine the underlying statutory authority to determine whether the contractor’s interpretation of a coverage provision is consistent with the underlying law or regulation.  Finally, it isn’t enough to merely “poke holes” in AdvanceMed’s reasons for denial – we like to go one step further – show that the particular claims at issue do, in fact, qualify for coverage and payment.

Should you have any questions regarding these issues, don’t hesitate to contact us.  For a complementary consultation, you may call Robert W. Liles or one of our other attorneys at 1 (800) 475-1906.

Are ZPICs Tougher than RACs when Conducting a Medicare audit?

(February 27, 2010):  The Recovery Audit Contractor (RAC) program is an integral part of the Center for Medicare and Medicaid Services’ (CMS’) “benefit integrity” efforts which seek to identify and recoup alleged overpayments paid to Medicare providers. While the RAC program is still being expanded in many of the country (to cover not only hospitals but also other providers and types of Medicare claims), health care providers should be aware that the Zone Program Integrity Contractors (ZPICs) are already active in many areas and are actively auditing physicians, home health agencies, hospices, DME companies, therapy clinics, chiropractors and other small to mid-sized health care providers.  Despite the “hype” surrounding RACs, at this time, ZPICs represent a significantly greater risk to non-hospital providers than do RACs.  The purpose of this article to examine a number of the differences between these Medicare contractor programs.

What are the chances of your practice being reported by a ZPIC or RAC to HHS-OIG or DOJ for possible fraud violations?

While both contractor programs are designed to “find and prevent waste, fraud and abuse in Medicare,” the fact is that to date, ZPICs have been much more likely than RACs to report possible incidents of “fraud” that are identified while conducting a medical review.  Frankly, it makes sense.  RACs make money by identifying alleged overpayments – not by making a fraud referral to law enforcement.  Notably, as a result of recent criticism by HHS-OIG, CMS will be requiring RACs to be much more diligent in the future about making referrals to law enforcement when it appears that a health care provider’s conduct represents fraud rather than merely an overpayment.  CMS has provided training to RACs on how to identify fraud in the near future.  Importantly, a RAC denial of claims which results in a provider repayment will not necessarily prevent HHS-OIG from investigating and making a referral to DOJ for possible prosecution, as appropriate, if there are allegations of fraud or abuse arising out of the alleged overpayment. 

Notably, recent letters by ZPICs in South Texas and in other parts of the country have been seeking copies of business related records (copies of contracts, agreements with Medical Directors, lease agreements and more), along with its request for claims-related medical documentation.  Importantly, the contractor is assessing the provider’s business relationships to help verify that referral and other business relationships do not violate the Federal Anti-Kickback Statute.  To reduce the possiblity of civil or criminal liability, it is essential that Medicare providers take affirmative steps to better ensure that their practices are compliant with applicable statutory and regulatory requirements.  2011 will be the “Year of Compliance.”  All providers, regardless of size, should take steps to implement an effective Compliance Program.  Should you not have an compliance program in place, give us a call — we can help. 

What is different about ZPICs and their predecessors, Program Safeguard Contractors (PSCs)?

Both ZPICs and Program Safeguard Contractors (PSCs) readily point out that they are not “bounty hunters.”   ZPICs are not paid contingency fees like RACs and are paid directly by CMS on a contractual basis.  Nevertheless, common sense tells us that if ZPICs aren’t successful at identifying alleged overpayments, the chances of a particular contractor getting their contract with CMS renewed are pretty slim.  Experience has shown that both ZPICs and PSCs don’t always appear to strictly adhere to medical review standards established by Medicare Administrative Contractors (MACs) and approved by CMS.  In our opinion, there appear to have been cases where these contractors applied their own unwritten standards, often denying claims based on conjecture and speculation rather than a strict application of the applicable LCD or LMRP. 

In any event, over the last year, both ZPICs and PSCs have been increasingly placing health care providers on pre-payment review, conducting post-payment audits, recommending suspensions of payment.  Additionally, in many cases they have been extrapolating the alleged damages based on a sample of claims reviewed. Finally, as discussed above, identified instances of potential fraud are being referred by ZPICs and PSCs to HHS-OIG for possible investigation, referral for prosecution and / or administrative sanction.

What sources of coding / billing data are used by ZPICs?

ZPICS are required to use a variety of techniques, both proactive and reactive, to address any potentially fraudulent practices.  Proactive techniques will include the ZPIC IT Systems that will combine claims data (fiscal intermediary, regional home health intermediary, carrier, and durable medical equipment regional carrier data) and other source of information to create a platform for conducting complex data analyses. By combining data from various sources, ZPICs have been able to assemble a fairly comprehensive picture of a beneficiary’s claim history regardless of where the claim was processed. The primary source of this data is reportedly CMS’ National Claims History (NCH) database.

How do ZPICs conduct medical reviews?

ZPICs conduct medical reviews of charts to determine, among other things, whether the service submitted was actually provided, and whether the service was medically reasonably and necessary.  Based upon their findings, ZPICs may approve, downcode or deny a claim.  To date, we have never seen a ZPIC conclude that a claim should have been coded at a higher level, only a lower level.  Regrettably, ZPICs are not required to have a physician review a claim in order to deny coverage.  In most of the cases on which we have worked, the contractor’s medical reviewer has been a Registered Nurse.   While some Federal courts have found that a treating physician’s opinion should be given paramount weight, others have ruled that the opinion of a treating physician should not be given any special consideration.  Generally, ZPICs have completely disregarded the “Treating Physician Rule,” despite the fact that a patient’s treating physician was the only provider to have actually seen and assessed the patient at issue. 

How should you respond to a ZPIC audit?

In responding to a ZPIC audit, it is important to remember that although they may not technically be “bounty hunters,” in our opinion, they are in the business of finding fault.   Moreover, they are quite adept at identifying “technical” errors, many of which they will readily cite when denying your Medicare claims.  Unfortunately, it is not at all uncommon for a ZPIC to find that 75% — 100 % of the sample of claims reviewed did not qualify for coverage and payment by Medicare.  After extrapolating the damages to the universe of claims at issue, health care providers often find that they are facing alleged overpayments of between $150,000 and several million dollars.  In many cases, the assessment is far in excess of the provider’s ability to pay.  As such, the administrative appeal becomes a “bet the farm” matter for the health care provider.  If the assessment remains, the provider will have no choice but to declare bankruptcy. 

It is also important to remember that ZPIC enforcement actions are not limited to merely overpayment assessments.  In recent months, ZPICs have been increasingly conducting unexpected site visits of health care provider’s offices and facilities, often requesting immediate access to a limited number of claims and the medical records supporing the services billed to Medicare.  Typically, they then require that a provider send supporting documention covering a wider list of claims within 30 days of their visit.  In other cases, should a ZPIC identify serious problems when reviewing the medical records requested, they may recommend to CMS that the provider’s Medicare billing privileges be suspended.  From a practical standapoint, few providers are diversified (in terms of payor mix) to the point that they can easily do without Medicare reimbursement.  The practical effect of a Medicare suspension is therefore that provider cannot continue in business throughout the 180-day initial period of suspension typically imposed by CMS.   Finally, in a limited number of cases, after a ZPIC or PSC has visited an office, the provider will subsequently learn that the contractor has recommended that the provider’s Medicare number be revoked.  In a fairly recent case we are aware of (not involving a client of the Firm), the contractor claimed that the provider failed to cooperate, a clear violation of the provider’s “Conditions of Participation” with Medicare.  As a result, the contractor recommended (and CMS approved) the revocation of the provider’s Medicare number.    Short of exclusion from participation in the Medicare program, this is arguably the most serious and far-reaching administrative action that can be taken against a Medicare provider.     

In light of the seriousness of the situation, regardless of whether you are contacted by a RAC, a ZPIC or a PSC, you must take great care when responding to the contractor’s request for business records, claims information or medical records.  Administrative enforcement actions can be extraordinarily serious.  Therefore, is essential that you engage an experienced attorney and law firm to represent your interest. 

Liles Parker attorneys have extensive experience representing health care providers around the country in connection with ZPIC audits and reviews by other Medicare providers.  Should you have any questions regarding these issues, don’t hesitate to contact us.  For a complementary consultation, you may call Robert W. Liles or one of our other attorneys at 1 (800) 475-1906.

Next Page »