Former Medicare Prosecutors & Defense Counsel
What is a ZPIC?
In order to survive a ZPIC audit one must first understand what a ZPIC is. A Zone Program Integrity Contractor, or ZPIC, is an entity created by CMS with a primary goal of identifying cases of suspected fraud. There are seven ZPIC’s across the country whose jurisdiction mirrors the jurisdiction of the Medicare Administrative Contractor (MAC) who pay Medicare claims for services rendered in their region. As a result, a provider may be subject to medical records requests from two separate and distinct entities; for example, a provider in Texas will receive Medicare payments from Novitas Solutions, Inc. while being subject to the authority of Health Integrity for allegations of suspected fraud.
What Does a ZPIC Do?
CMS has endowed the ZPIC with certain functions and responsibilities; the first and foremost being the prevention, detection, and deterrence of Medicare fraud. The ZPIC’s other responsibilities include identifying program vulnerabilities, proactively identifing incidents of potential fraud, and initiating appropriate administrative actions to deny or suspend payments that should not be made to providers where there is reliable evidence of fraud.
While CMS contracts with ZPICs to perform functions related to fraud detection, there are certain activities that are not the responsibility of the ZPIC. Functions and responsibilities that fall within the purview of the MAC and not the ZPIC include; but are not limited to, claims processing and payment determinations, non-fraud related medical review, and provider outreach and education.
As stated above, the ZPIC’s chief obligation is to investigate allegations of fraud made by beneficiaries, providers, CMS, or other sources and refer verified allegations of fraud to HHS OIG for consideration of civil or criminal prosecution. Although ZPICs are contractually obligated to initially refer its cases of suspected fraud to HHS OIG, ZPICs do have other referral options. A memorandum of understanding (MOU) exists so that ZPICs can refer cases simultaneously to HHS OIG and the FBI. The MOU allows HHS OIG the opportunity to act upon the referral and determine whether or not they are going to accept or decline the case before the FBI takes action. ZPICs can also refer suspected fraud cases to state Medicaid Fraud Control Units (MFCU) or any other state agency that may have authority to investigate the provider type under review by the ZPIC. Providers should be aware that law enforcement, at times, has adopted the belief that if a provider is defrauding one government program, they are defrauding multiple government programs. As such, it is not uncommon for a ZPIC referral to be accepted and worked, in partnership, by HHS OIG, FBI, and state MFCU.
In order for the ZPIC to accomplish their primary fraud detection goal, CMS has provided ZPICs a list of approved investigative techniques. ZPICs can use data analysis to identify trends and aberrancies, interview beneficiaries, conduct on-site visits of the provider’s location, and request medical records. A ZPIC cannot; however, go on-site or request documents solely at the direction of law enforcement.
What to Do?
The first step in succeeding in a ZPIC audit is to understand and acknowledge what exactly is going on. An audit by the ZPIC is not the same as an audit by the MAC. The purpose of a MAC audit is to reduce error rates through provider notification and feedback, whereas the purpose of a ZPIC audit is to uncover potential fraud. In fact, referring to what the ZPIC does as an audit is disingenuous and somewhat of a misnomer. Remember, a ZPIC does not engage in provider outreach and education. ZPICs investigate fraud. ZPICs are contracted to identify fraud and refer that fraud to a law enforcement agency for the purpose of civil or criminal prosecution. A ZPIC investigator arriving at your office to perform an on-site visit or requesting medical records and referring to it as an “audit” is akin to the verbal judo utilized by a patrol officer arresting a motorist on a warrant issued for a traffic violation and telling the motorist he simply has “some tickets out.” Both statements are designed to put the listener at ease and diminish the severity of the action that follows, but make no mistake about it, the consequences of both can result in your personal freedoms being taken from you.
The second step to prevailing is to understand the ZPIC’s role and responsibilities and how they relate to your operation as a Medicare provider. Healthcare fraud, regardless of who is investigating it, is interview and document intensive. When interviews with beneficiaries do not match with what the claims for service or medical records reflect, suspicions will be raised. As a submitter of claims to the Medicare Program, providers are responsible for knowing the Local Coverage Determinations (LCD) established by the MACs for their region and applying those LCD’s to the CPT codes billed. Providers also need to fully understand the rules and regulations governing their provider type and how those rules and regulations relate to the submission of claims to the Medicare program; for example, state statues or provider licensing requirements. A provider that is not properly licensed may not be entitled to reimbursement for Medicare services.
We Can Help You
Oberheiden & McMurrey, LLP consists of former Medicare fraud prosecutors and law enforcement personnel that have specific experience with hundreds if not thousands of ZPIC audits. Our combined experience of decades in charge of Medicare and Medicaid investigations helps our clients to better understand what government lawyers are looking for when reviewing healthcare data and ZPIC information.
Feel free to contact one of our attorneys directly. We are happy to share our ideas with respect to ZPIC audits and how to make sure that the audit does not turn into a bigger-scale Medicare investigation. Your call is free and confidential and you can reach our attorneys also on weekends.