Experienced Fraud Defense Attorneys Assisting Health Care Providers with ZPIC Audits
ZPIC Audits are powerful tools used by CMS to investigate allegations of fraud made by beneficiaries, providers, CMS itself, or other sources. Once an audit is completed, auditors refer verified allegations of fraud to HHS OIG for consideration of civil or criminal prosecution.
ZPIC Audits can be a complicated, intimidating, and intrusive process for healthcare providers of all sizes and specialties. Therefore, it is critically important that providers are well-prepared to respond to and cooperate with auditors throughout the process. By avoiding the following mistakes before and during a ZPIC audit, providers can substantially limit their exposure to potential civil or criminal liabilities.
Mistake #1: Failing to maintain proper documentation.
Adequate documentation is one of the provider’s most important responsibilities in successfully getting through a ZPIC Audit. When an auditor has difficulty in acquiring the information needed to conduct the audit, it can create a perception of noncompliance. Providers must recognize what they need to audit and what to do with the documented information in order to be as prepared for ZPIC as possible. The two most important interactions for providers to document are coding instructions and communications with coders. ZPIC Auditors have broad access and place substantial weight on these communications. Therefore, providers should be cognizant in maintaining compliance in even the most discrete, internal communications and should consider maintaining proper records a great opportunity for the provider to efficiently get through an audit.
In addition to being proactive in documenting all agreements and relationships, providers should recognize that documentation is only as useful as it is accessible. Providers should avoid large and complex systems of documentation, and instead should prioritize ease of access to various different categories of documents. It is better to have the accessibility established preemptively rather than scrambling to gather documentation while under the pressure of an audit. Another important factor in considering the accessibility of documentation, is having employees, i.e. more than one, with knowledge of location, categories, and content of documentation.
Mistake #2: Failing to self-audit regularly.
Conducting self-audits on billing and coding operations in private healthcare provider systems has a two-fold benefit for the provider. First, mistakes in coding and billing can be detected and corrected, and second, it reflects a provider’s good intent to remain compliant with Medicare rules and regulations. By spending their own time and resources in conducting internal audits, and thereafter taking corrective action, providers can demonstrate to authorities that the problems were temporary mishaps rather than institutional misconduct. It is important that self-audits conducted by the provider are actually useful in that they legitimately detect mistakes in coding and billing. Therefore, providers should consult legal counsel with experience in how to conduct an effective internal audit when preparing to do so.
It is important to recognize that the benefit of an audit has a limited life-span. For example, a self-audit conducted in January 2015 will have little to no effect in 2017 if no other audits occurred or no corrective action was taken in between. Despite this reality, providers sometimes refrain from conducting self-audits fearing that they will be too costly; however, the time and resources spent in conducting self-audits can save the provider a great deal of resources in the future. How regularly a provider should conduct an audit depends greatly on the size of the system and history of mistakes detected in auditing. Larger systems and systems that have detected mistakes in previous audits should consider quarterly audits. For other systems, conducting self-audits two or three times a year could be appropriate. One of the added benefits of these self-audits is that it can also help providers detect inefficiencies in collections. By conducting a thorough review of coding and billing, providers might find claims that have been unpaid or underpaid. They can then use that information to negotiate with payers and seek reimbursement.
Understanding, analyzing, and dealing with the results of self-audits is where the value of the self-audit is really determined. It is important to understand both reasons for success and reasons for mistakes in coding. This understanding comes from a thorough comparison of medical records with coding and billing records and to records showing actual reimbursement. The key to success is to perfectly align all three areas to achieve both the highest standard of care and a commensurate payment for the work performed. Where mistakes are detected when analyzing the results of a self-audit, providers should maintain a procedure for dealing with those mistakes. For example, if an improper code was being regularly included on certain procedures, the provider might consider having a procedure of calculating the value of the mistake and offering to return any reimbursement of improperly coded bills. This self-correcting mechanism will keep the provider compliant and could aide in preventing future government action.
Mistake #3: Failing to maintain a detailed chronology once an audit begins.
Keeping track of every step of an audit must begin immediately upon receiving notice of a ZPIC audit. Doing this is crucial in both keeping the auditor accountable and making sure that that the provider is cooperative with all of the auditor’s requests. Providers should document all communications that they have with the ZPIC auditor, including a list of all documentation requested and submitted. This should include dates and regular checks that all information requested by the auditor is either submitted or being accumulated for submission. More proactive providers might consider regularly following up with the auditor about the status of the requested documentation. In addition to maintaining a chronology of interactions with the auditor, providers should also maintain an internal chronology of interactions with coders from the moment they receive a letter noticing them of the audit.
ZPIC auditors have wide latitude in what documentation they permissibly can request and obtain. However, there will be times when a provider may need advice about what rights it has and what obligations it must fulfill. It is important that providers not make these determinations without proper advice. When in doubt, a provider should consult its attorney as to what information it is and is not required to submit to the auditor.
Mistake #4: Failing to stay up to date on coding changes and regulations.
Maintaining a comprehensive employee education program is the most effective way to preemptively avoid coding mistakes. Such mistakes are often the result of either carelessness or misinformation. Regularly educating employees on coding updates helps alleviate these problems by making employees more cognizant. Also, it communicates to the employees that accurate coding is a priority for the employing provider.
The first step in maintaining an effective coder education program is providing coders with well-prepared, written instructions. These instructions should be scrutinized by legal counsel, documented, and updated as needed. Providers might consider having employees confirm, on paper, that they have read and understood the provider’s coding instructions. These steps will show the ZPIC auditor that the provider takes compliance seriously and has taken substantive steps to that end.
The second step is keeping employees up to date on changes in specific codes and regulations. Changes in codes and regulations are often marked by education letters sent to providers, notifying them of the changes. These communications should be taken seriously, reviewed, and then dispersed to the coders for implementation. Providers can be proactive by providing coders with opportunities to attend coding lectures and seminars in order to ensure both compliance and maximization of reimbursements.
Finally, the provider itself should not rely entirely on the coders to maintain compliance. Doctors and other administrators should have knowledge about the exact codes used to bill for services. This creates a multi-layer approach to compliance which can significantly decrease the provider’s exposure to civil or criminal liability after a ZPIC audit.
Mistake #5: Failing to consider the scope of an agency relationship during an audit.
During a ZPIC audit, providers should remember: “If it is not your fault, do not take the blame.” Providers often subcontract coding and billing services to other companies over whom they do not exercise direct, instructional control. Although providers should assess the reliability of any such contractor, they generally cannot engage in the same degree of oversight as they would over their own coders. Therefore, there is greater susceptibility to mistakes in coding caused by another entity’s carelessness or misinformation. If that is the case, the provider should know how it can use the contractor relationship to its benefit.
With regards to ZPIC audits, the subcontractor relationship can help limit a provider’s criminal liability, but will not help in limiting civil monetary liability. The regulations state that the provider is responsible for penalties and assessments of their agents, and billing companies are considered the provider’s agent. However, in cases involving egregious misconduct where the government decides to pursue criminal charges, a provider may use the agency relationship to shield itself from criminal liability. Although this is certainly an advantage of the subcontractor relationship, it is better for providers to be proactive in having in-house coders over which they can exercise greater oversight, and thereby create greater protection from liability following a ZPIC audit.
Former Medicare Prosecutors & Defense Counsel
The Oberheiden, P.C. advises clients from across the country with ZPIC audits, OESSA forms, and hospice and home health certifications. Our team of former federal healthcare prosecutors, many of which previously held positions involving oversight of ZPIC audits and related issues, offer clients a wealth of government and private practice experience when it comes to avoiding and defending civil and criminal healthcare investigations, and ZPIC audits in particular.
Our Track Record
The commitment of Oberheiden, P.C. is to avoid criminal charges and to shield our client’s medical business from government intrusion. Our team of former healthcare prosecutors and experienced defense attorneys have a distinguished history of protecting business owners, executives, lawyers, physicians, hospitals, laboratories, pharmacies, home healthcare entities, and many other healthcare organizations against any form of alleged healthcare fraud. Here are some recent examples of our case outcomes.
- Representation of a Pharmacy Investigated by the Department of Defense and the Office of Inspector General for Tricare Fraud.
Result: No civil or criminal liability.
- Representation of a Marketing Group Investigated by the Department of Defense and the Office of Inspector General for Tricare Fraud.
Result: No civil or criminal liability.
- Representation of Physicians Investigated by the Department of Defense and the Office of Inspector General for Tricare Fraud.
Result: No civil or criminal liability.
- Representation of Laboratory against an Investigation by the Department of Justice and the U.S. Attorney’s Office for Alleged Medicare Fraud.
Result: No civil or criminal liability.
We Can Help You
The attorneys of Oberheiden, P.C. have handled a great number of ZPIC audits. Clients from across the United States rely on our skillset and our advice.
Call us today and speak to one of our experienced attorneys directly. We are available to discuss your situation in a free and confidential call, including on weekends.
Including WeekendsOberheiden, P.C.
Compliance – Litigation – Defense