ZPIC Audit / UPIC Audit Defense - Oberheiden P.C.
WSJ logo
Forbes logo
Fox News logo
Bloomberg logo
Los Angeles Times logo
The Epoch Times logo
Telemundo logo
NY Post logo
NBC logo
Daily Beast logo
USA Today logo
Miami Herald logo
CNBC logo
Dallas News logo

ZPIC Audit Defense / UPIC Audit Attorneys

With Decades of Experience, Our Healthcare Fraud Defense Attorneys Understand the Growing Threat of Zone Program Integrity Contractor (ZPIC) Audits or Unified Program Integrity Contractor (UPIC) Audits

The ZPIC Audit and UPIC Audit exist for a single purpose: to investigate instances of suspected fraud, waste, and abuse in the Medicare system. Zone Program Integrity Contractors (ZPICs)/Unified Program Integrity Contractors (UPICs) are authorized to conduct invasive audits on behalf of the Centers for Medicare and Medicaid Services (CMS), and they have broad powers to prevent payment of improperly billed amounts and recoup overpayments from Medicare-participating providers and businesses.

Healthcare providers and other medical businesses (including DME companies) are currently facing immense scrutiny in relation to their Medicare billings, including invasive ZPIC/UPIC audits. These audits can represent significant threats to healthcare providers’ and businesses’ viability. At Oberheiden, P.C., our federal healthcare fraud defense lawyers (several of whom are former U.S. Department of Justice (DOJ) prosecutors) have extensive experience on both sides of ZPIC/UPIC audits. If you are facing a ZPIC/UPIC audit, we can help you. To avoid unnecessary recoupment liability and the potential for further federal action – including civil or criminal healthcare fraud charges – call 888-680-1745 or contact us online now for a free and confidential consultation.

Why Have Over 1,000 Clients Trusted Us?

Have you received a healthcare audit? Are you stressed and concerned about your rights, your reputation and your livelihood?
Let me put your mind at ease. We have handled over 1,000 federal cases and we know the best strategy to successfully win your case. Here’s why clients give us 5-star ratings on Google and AVVO:
1. Only a highly experienced “trial-ready” attorney will work on your case. Never a paralegal or junior attorney.
2. Former FBI – Former DOJ Staff – Former U.S. Attorney
3. My team is available by email, phone and text. We want to make sure you have easy access for any questions.
4. No one beats our track record: 45 states (1,000+ Cases)
5. We don’t surrender – we fix!
Don’t settle for anything less than what you deserve!
Call or text me now to discuss the details of your case.
Dr. Nick Oberheiden


The Health Insurance Portability and Accountability Act (HIPAA) of 1996 established the Medicare Integrity Program (MIP) in order to strengthen CMS’s ability to detect and deter fraud, waste, and abuse in the Medicare program. As part of the MIP, CMS created a uniform type of administrative entity called Medicare Administrative Contractors (MACs). In accordance with the newly established MAC jurisdictions, seven geographical entities called Zone Program Integrity Contractors (ZPICs)/Unified Program Integrity Contractors (UPICs) were created to perform program integrity functions for Medicare Parts A, B, Durable Medical Equipment (including prosthetics and orthotics), Home Health and Hospice, and Medicare-Medicaid data matching. These entities are:

Put our highly experienced team on your side

Dr. Nick Oberheiden
Dr. Nick Oberheiden



John W. Sellers
John W. Sellers

Former Senior Trial Attorney
U.S. Department of Justice

Local Counsel

Joanne Fine DeLena
Joanne Fine DeLena

Former Assistant U.S. Attorney

Local Counsel

Joe Brown
Joe Brown

Former U.S. Attorney & Former District Attorney

Local Trial & Defense Counsel

Amanda Marshall
Amanda Marshall

Former U.S. Attorney

Local Counsel

Aaron L. Wiley
Aaron L. Wiley

Former Federal Prosecutor

Local Counsel

Roger Bach
Roger Bach

Former Special Agent (OIG)

Michael Koslow
Michael Koslow

Former Supervisory Special Agent (FBI)

Chris Quick
Chris Quick

Former Special Agent (FBI & IRS-CI)

Kevin M. Sheridan
Kevin M. Sheridan

Former Special Agent (FBI)

Ray Yuen
Ray Yuen

Former Supervisory Special Agent (FBI)

Dennis A. Wichern
Dennis A. Wichern

Former Special Agent-in-Charge (DEA)

  • AdvanceMed
  • Cahaba
  • Health Integrity
  • Safeguard Services (SGS)

A typical ZPIC/UPIC audit consists of a thorough evaluation of all available information to confirm the veracity of the patient and billing records a healthcare provider or business has on file to substantiate its Medicare billings. Although ZPIC audits are somewhat comparable to Recovery Audit Contractor (RAC) audits, ZPIC/UPIC investigations have the added potential implication of federal Medicare fraud charges, which can result in severe administrative penalties and even criminal prosecution. This makes it even more important to consult with an experienced healthcare fraud defense attorney as soon as possible after being contacted by a ZPIC/UPIC auditor.

What Types of Providers and Businesses are Targeted in ZPIC/UPIC Audits?

One particularly concerning aspect of CMS’s audit program is that healthcare providers and other businesses receive little to no warning that they are going to be targeted in a ZPIC/UPIC audit. As a result, all types of Medicare Part A and B providers, durable medical equipment (DME) companies, home healthcare agencies, and hospices are potentially at risk for being audited at any time. This makes it critically important for these types of providers and businesses to maintain detailed records supporting their Medicare billings at all times.

It is a common misconception that, if you do not actively engage in intentional misconduct, then you have nothing to be concerned about when it comes to a ZPIC/UPIC audit. However, inadvertent mistakes and careless record-keeping errors can result in costly administrative penalties, license revocation, and even criminal charges. Operating in areas that CMS has designated as ‘high risk’ (including Dallas, Los Angeles, Miami, New York, Detroit, and Houston) may make a provider more likely to face a ZPIC/UPIC audit; however, all providers and businesses are at risk for being targeted.

Are you accused of a federal crime?

Don’t delay. Learn about your rights.

Call Dr. Nick Oberheiden now!


How Do ZPICs/UPICs Choose Which Providers to Target?

Of course, ZPICs/UPICs cannot simultaneously audit all healthcare providers and medical businesses. So, how do they choose which companies to target?

1. Data Analysis

One of the primary triggers for ZPIC/UPIC audits is ZPICs’/UPICs’ automated review of Medicare program billing data. When the data identify a provider or business as a potential target for an audit, a ZPIC/UPIC will perform a medical record review to determine whether recoupments or other penalties may be warranted. While these reviews often focus on making coverage and coding determinations related to Medicare’s standards for “medical necessity,” all types of billing issues can trigger ZPIC/UPIC audits. These include:

  • High frequency of certain services in comparison to local or national patterns
  • Billing trends that indicate an “outlier
  • Lengths of stay outside of industry standards
  • Mismatching claim and physician records
  • Other improper or inaccurate billing Medicare billings

2. Complaints & Routine Audits

One of the primary triggers for ZPIC/UPIC audits is ZPICs’/UPICs’ automated review of Medicare program billing data. When the data identify a provider or business as a potential target for an audit, a ZPIC/UPIC will perform a medical record review to determine whether recoupments or other penalties may be warranted. While these reviews often focus on making coverage and coding determinations related to Medicare’s standards for “medical necessity,” all types of billing issues can trigger ZPIC/UPIC audits. These include:

  • High frequency of certain services in comparison to local or national patterns
  • Billing trends that indicate an “outlier
  • Lengths of stay outside of industry standards
  • Mismatching claim and physician records
  • Other improper or inaccurate billing Medicare billings

3. “Benefit Integrity” Investigations

ZPICs/UPICs also have significant discretion to conduct reviews for “benefit integrity.” In this scenario, a ZPIC/UPIC may determine that beneficiary interviews are necessary to determine medical necessity or identify billing errors. ZPICs/UPICs around the country have been given ready access to a wide variety of claims coding, billing, and utilization databases and are expected to perform complex data analysis with this data in an effort to identify providers and suppliers with suspicious billing histories. If a healthcare provider’s claims utilization and billing practices are outside of the norm (making the provider an “outlier”), that provider is likely to be audited. Providers can be placed on up to 100% pre-payment review by a ZPIC/UPIC, in which case the provider must stop billing for claims until further notice.

4. OIG and FBI Investigations

ZPICs/UPICs work closely with agents from the OIG and the Federal Bureau of Investigation (FBI). In many cases, ZPIC/UPIC audits will flow from OIG and FBI inquiries, and providers and other businesses targeted in ZPIC/UPIC audits may end up having their cases referred back to the OIG or FBI for a formal federal investigation.
ZPICs/UPICs do not have to get CMS approval for the companies they choose to target. ZPICs/UPICs also do not have to provide education to providers or post their areas of focus publicly. ZPIC/UPIC investigations can start with a letter requesting claim documentation to determine if an overpayment has occurred. Other times, the ZPIC/UPIC conducts unannounced site visits where auditors take photos and records. In short, there is very little about ZPIC/UPIC audits that is predictable, and this is yet another reason why healthcare providers and other businesses targeted in ZPIC/UPIC audits must promptly engage experienced legal representation.

What are Examples of Potential Red Flags for ZPIC/UPIC Auditors?

During the audit process, ZPICs/UPICs will look for any excuse to seek recoupments and impose other administrative penalties. Missing pages, erased notations, late or inconsistent entries, and pages filed out-of-order are all examples of “red flags” that can lead to nightmares for providers. Absent countervailing evidence, ZPICs/UPICs will generally conclude that these types of errors are indicative of waste, abuse, or fraud, they can trigger a series of subsequent reviews involving time-consuming and burdensome requests for additional documentation. ZPICs/UPICs can also conduct follow-up interviews with those patients who were beneficiaries of the claimed services, search for indications of previous complaints or suspicious conduct, and analyze virtually all other aspects of Medicare providers’ business dealings.

As a result, all medical providers (especially those servicing patients in CMS’s “high risk'” areas) need to ensure they have adopted and are appropriately implementing comprehensive compliance programs in order to mitigate their risk in the event of a ZPIC/UPIC audit. This includes, among numerous other steps, requesting and filing all requisite documentation from incoming patients prior to performing any treatments or surgeries (attempting to complete processing of new patients after the fact increases the risk of backlogs, errors, and inconsistencies that could lead to ZPIC/UPIC audits and penalties). Consistently attempting to bill the maximum allowable amount for a given procedure or service can increase providers’ and other businesses’ exposure in ZPIC/UPIC audits as well.

What are the Different Types of ZPIC/UPIC Audits?

The ZPIC/UPIC auditory regime is extremely complex. Understanding the different types of audits – and identifying the type of audit in which your business or practice is being targeted – is just one of the essential steps involving in successfully avoiding recoupments and other penalties. Here is a brief overview of the three main types of ZPIC/UPIC audits and the potential implications of each:

1. Automated Audits

Automated audits are generally the result of random annual audit quotas as opposed to specific allegations of fraud or abuse. These types of audits usually do not involve invasive information requests; instead, the ZPIC/UPIC will review the information that has already submitted to Medicare. Although the risk of regulatory action emanating from an automated audit is low, it can still happen. If you find yourself facing a random audit, it is important that you defend your practice or business and prepare for a possible appeal by working with our experienced ZPIC/UPIC audit defense lawyers.

2. Semi-Automated Audits

Semi-automated ZPIC/UPIC audits can result from either random selection or evidence of a potential payment issues. Regardless of the initiating trigger, semi-automated audits are computer-generated reviews accompanied by a request for records and billing documentation. Before submitting any documentation in response to semi-automated audits, providers should consult with a knowledgeable healthcare fraud defense attorney in order to reduce their risk of liability and further government scrutiny.

3. Complex Audits

If a ZPIC/UPIC auditor identifies a specific issue related to your practice, it may conduct a complex audit. This is the most intensive type of audit format will generally involve of a request for extensive evidence of medical necessity and reimbursement eligibility as well as the legitimacy of the protocol that was utilized. Usually, a complex audit indicates that the ZPIC/UPIC (or a MAC) has already detected a pattern of fraud or abuse. Due to the high risk associated with this type of audit, it is critical to consult with a ZPIC/UPIC audit lawyer before taking any responsive action.

What is at Risk During (and After) a ZPIC/UPIC Audit?

When a ZPIC/UPIC audit results in allegations of submitting fraudulent or erroneous Medicare or Medicaid claims, the consequences can be substantial. Healthcare providers and medical businesses can face substantial recoupment liability, denial of pending claims, pre-payment review of future claims, and other financial and administrative penalties. Unfavorable ZPIC/UPIC audit determinations can also lead to federal investigations involving the DOJ, FBI, OIG, and other agencies, and these investigations can lead to civil or criminal charges with the potential for life-changing consequences.
Medicare fraud can be prosecuted under various provisions of the United States Code, and allegations can result in the imposition of restitution; fines; and, in some instances, federal imprisonment. In addition, a wide range of administrative sanctions (such as deactivation or revocation of Medicare enrollment or billing privileges, suspension of payments, and exclusion from participation in the Medicare program) and civil monetary penalties may be imposed when warranted by the circumstances at hand. Various laws (including the Anti-Kickback Statute and the False Claims Act) include provisions for both civil and criminal enforcement; and, when facing a Medicare fraud investigation, keeping the investigation civil in nature is critical to mitigating any potential penalties.

What are My Options After an Unfavorable CMS ZPIC/UPIC Audit Determination?

Fortunately, when a ZPIC/UPIC issues a demand for recoupments, this is not the end of the process. There are several stages of ZPIC/UPIC audit appeals, and our attorneys can promptly review your case to determine if you have grounds to challenge the ZPIC’s/UPICs conclusions.

Let’s assume that you have just gone through the ZPIC audit process, and your business or practice is being accused of overbilling Medicare. You are facing a substantial demand for recoupment (of perhaps hundreds of thousands or even millions of dollars), and your future Medicare billings are at risk of becoming subject to prepayment review. 

1. Recoupments and Prepayment Review Could Be Just the Beginning

While recoupments and prepayment review of future Medicare billings can undoubtedly have drastic consequences for medical professionals, healthcare facilities, and other providers – the consequences of an unfavorable ZPIC audit determination can actually make your situation far worse. If your audit results trigger a federal investigation or an inquiry from your state licensing board, an unfavorable ZPIC audit determination could also indirectly lead to:

  • Suspension or revocation of your license
  • Treble (triple) damages
  • Fines, costs, and fees
  • Revocation of assignment privileges
  • Federal imprisonment

Although only a relatively small percentage of ZPIC audits lead to federal investigations, all providers need to understand that they are potentially at risk of being targeted – particularly if a ZPIC audit alleges intentional Medicare fraud. In addition to avoiding prepayment review and payment of recoupments that are not actually due, clearing up any false allegations that could lead to a civil or criminal investigation is another key reason for providers to appeal their ZPIC audit determinations.

2. There are Numerous Issues that Can Justify a ZPIC Audit Appeal

If your business or practice has received an unfavorable ZPIC audit determination, it is important to understand that you could potentially have numerous grounds on which to file an appeal. Providers should never assume that ZPIC auditors’ conclusions are correct, and they should work with legal counsel to explore all potential grounds for appeal as soon as possible after receiving the ZPIC’s recoupment demand.

Some of the most-common grounds for appealing unfavorable ZPIC audit determinations include:

  • Failing to Provide Required Information – When imposing liability for alleged Medicare overbillings, ZPICs must provide certain required information to the targets of their audits. Failure to provide this information can provide grounds to file an appeal.
  • Failing to Seek an Expert Opinion – Contrary to what you might expect, ZPIC auditors and personnel are not necessarily experts in the Medicare billing rules and regulations. If an issue involved with your audit called for an expert opinion, rendering a determination without this opinion could provide grounds for an appeal.
  • Improper Review of Information – When conducting audits, ZPICs must give due consideration to all relevant information supplied by healthcare providers. Selectively reviewing records, improperly interpreting data, and other mistakes can all lead to flawed and unenforceable audit determinations.
  • Inaccuracies in ZPICs’ Conclusions – In many cases, ZPICs’ conclusions are simply inaccurate. This can result from a wide range of factors, and providers and their counsel must be able to spot flaws in the auditor’s reasoning and calculations in order to determine whether grounds exist to file an appeal.
  • Misapplication of Medicare Billing Regulations – There are two ways in which ZPIC auditors commonly misapply the Medicare billing regulations. First, auditors will frequently attempt to apply current regulations to past billings that were submitted in compliance with a prior version of the Medicare Claims Processing Manual. Second, ZPIC auditors often mistakenly apply out-of-date regulations to recent billings, once again resulting in unjustified audit determinations.
  • Procedural Errors – The procedural guidelines that apply to ZPIC audits are designed, at least in part, to help protect healthcare providers from ZPICs overstepping their boundaries. Like other common mistakes, procedural errors can often provide strong grounds on which to file an appeal.
  • Unsound Sampling and Statistical Methods – In addition to the issues listed above, ZPIC auditors commonly use improper and unsound methods to determine a provider’s liability. Our attorneys are knowledgeable about the appropriate sampling and statistical methods for assessing compliance with the Medicare billing guidelines, and we can determine if mistakes have been made that justify an appeal.
  • ZPICs Exceeding Their Authority – While CMS has endowed ZPICs and other Medicare contractors with broad authority to conduct audits and impose liability, ZPICs’ powers are not absolute. If the ZPIC exceeded its authority while conducting your audit (for example, by imposing liability for technical deficiencies that are not within the scope of its review), you may be entitled to have your audit outcome overturned.

3. Appealing an Unfavorable ZPIC Audit Determination Can Be a Process

There are five stages of appeal for unfavorable audit determinations. While some providers will find success at the initial stage, oftentimes, providers will need to go through multiple stages in order to achieve a favorable resolution. The five stages of ZPIC audit appeals are:

  • Stage 1: Redetermination – After receiving an unfavorable ZPIC audit determination, the first stage of appeal involves filing for “redetermination” with the appropriate Medicare Administrative Contractor (MAC). Requests for redetermination must be filed within 120 days; but, in order to avoid penalties and interest for non-payment of recoupments, providers may need to file within 30 days.
  • Stage 2: Reconsideration – If the MAC denies your appeal or issues a “revised initial determination” still requiring payment, the next stage of appeal is to file for “reconsideration” with a Qualified Independent Contractor (QIC). Like ZPICs and MACs, QIC are private contractors engaged in CMS’s fee-for-service recovery program. Requests for reconsideration must be filed within 180 days of receiving the MAC’s decision on your request for redetermination (or within 60 days in order to toll recoupment liability).
  • Stage 3: Administrative Hearing – If you are not satisfied with the outcome of your request for reconsideration, the next step is to request an administrative hearing with the Office of Medicare Hearings and Appeals (OMHA). While redetermination and reconsideration proceedings involve independent reviews of the veracity of a ZPIC’s conclusions, during your administrative hearing, an administrative law judge (ALJ) will review the previous proceedings for errors in the review process. In order to obtain an administrative hearing, you must file a request within 60 days of the QIC’s denial of your request for reconsideration.
  • Stage 4: Medicare Appeals Council – Following your administrative hearing at the OMHA, the next stage of appeal involves review by the Medicare Appeals Council. Administrative law judges assigned to the Medicare Appeals Council will review the decision at the OMHA, and then render a decision based upon whether it believes that the OMHA ALJ made any errors of law or abused his or her discretion.
  • Stage 5: Federal District Court – Once all of the contractor-level and administrative appeals processes have been exhausted, healthcare providers who are dissatisfied with their ZPIC audit determinations can finally have their day in court. In its appellate role, the federal district court will review the Medicare Appeals Council’s decision to determine whether it was rendered “against the substantial weight of the evidence” or in an “arbitrary and capricious” manner.

How Can a Healthcare Fraud Defense Attorney Help with Your ZPIC/UPIC Audit?

ZPIC/UPIC audits play a significant role in the federal government’s fight against Medicare fraud. Recently, the federal government has indicated increased reliance on data analysis to target healthcare companies. What this means in practice is that companies that are particularly profitable, and thus have larger volumes of claims submissions, appear on the government’s radar and are far more likely to be audited than less-successful providers. However, regardless of a company’s size or volume of Medicare business, a ZPIC/UPIC audit has the potential to be devastating, and it needs to be handled accordingly.

Many healthcare fraud investigations start with a ZPIC/UPIC audit. Mistakes made during the audit process can have severe consequences – including triggering DOJ, FBI, and OIG investigations – and hiring experienced defense counsel is essential to avoiding unnecessary consequences. Some of the ways that our attorneys assist clients during ZPIC/UPIC audits include:

  • Self-Analysis. Our lawyers will review your files before you provide them to the ZPIC/UPIC to ensure that you are not unnecessarily disclosing any information and so that we can proactively address any issues we identify. We can promptly uncover the source of any mistakes, and we can use the available evidence to protect you against a federal investigation.
  • Deadline Extension. ZPICs/UPICs will often request a great number of documents, and as a practical matter it may be necessary to request an extension of the deadline for production. We can submit this request strategically and effectively so that you will have the time needed to gather the requested files and analyze them before you submit them for review.
  • Improve Compliance. As your counsel, we will not just look at the files requested, but also focus on the bigger picture. What if the ZPIC/UPIC decides to conduct a follow-up audit or recommend a federal subpoena? Is your corporate structure adequately protecting you? Are you prepared for the burdens of dealing with a government inquiry? Is your compliance program strong enough to protect you against allegations of fraud? What other weaknesses could potentially be exposed?
  • Working with the Auditors. The best way to find out what may have prompted a particular audit and to assess the risk of a follow-up federal investigation is to immediately open a dialogue with the auditors. Knowing the impetus of the audit is essential to tailoring your response and overall defense strategy; and, in many cases, early intervention can be crucial to a provider’s or business’s ultimate success during a ZPIC/UPIC audit.
  • Convincing the U.S. Attorney’s Office. If a ZPIC/UPIC audit results in a referral to the U.S. Attorney’s Office, hiring an experienced attorney right away can be essential to keeping any ensuing federal investigation civil in nature. At this stage, it is imperative not to allow the government to build a case and to open an investigation unchecked. Our attorneys can use their experience and the insights they gained as Assistant U.S. Attorneys to keep your investigation civil in nature and attempt to resolve it without charges being filed.

Why Should I Choose the Federal Healthcare Fraud Defense Lawyers at Oberheiden, P.C. for any ZPIC Audits?

At Oberheiden, P.C., we offer the first-hand knowledge obtained from representing healthcare providers across the country in ZPIC/UPIC audits and previously overseeing UPIC/ZPIC audits on behalf of the federal government. Our attorneys can effectively advise and represent you at all stages of the audit process, and we can guide you through the steps you need to take when dealing with ZPIC/UPIC personnel. If necessary, we can also begin preparing for the appeals process as well as any follow-up investigative action by the DOJ, FBI, or OIG.

With the benefit of decades of experience representing clients in UPIC/ZPIC audits and federal investigations, our attorneys can also assist you with developing and implementing a comprehensive and custom-tailored compliance program. Beyond preparing customized documentation, we will help you implement your plan to ensure you will be adequately prepared in the event of another audit, educate your staff on the applicable billing regulations, help you adopt sound records management protocols, and provide effective communication and training methodologies that you can deploy throughout your business or practice.

If you are facing a ZPIC/UPIC audit, you need to have a detailed understanding of the process and the risks involved, and you need to know whether your patient and billing records are an asset or a liability. Our highly-experienced attorneys can explain everything you need to know, and we can ensure that your practice or business is adequately prepared. The risks are simply too great for you to attempt to navigate the ZPIC/UPIC audit process on your own. To discuss your audit with a federal healthcare fraud defense lawyer at Oberheiden, P.C., contact us today.

Request a Free and Confidential Initial Consultation at Oberheiden, P.C.

ZPIC audits and UPIC audits can have devastating consequences for healthcare providers and other Medicare participants. Our attorneys can protect you, but it is important that we start working on your audit as soon as possible. To get started with a free and confidential consultation, call us 24/7 at 888-680-1745, or tell us how to reach you and a member of our firm will be in touch as soon as possible.

If you are under
you should contact us today

Contact the Experienced Attorneys of Oberheiden, P.C. Now for a Confidential Consultation

Contact Us Now