​​Jackson Davis HealthCare

​RAC Audit Appeals | ZPIC Audit Appeals | UPIC Audit Appeals
(303) 586-5003 or support@jdhcare.com

Zone Program Integrity Contractors (Medicare ZPIC Auditors) Turn Up The Heat On Physicians, Hospices, Skilled Nursing Facilities, Home Health Agencies, Physical Therapists & DME Suppliers


Prior to the 1996 enactment of the Health Insurance Portability and Accountability Act (HIPAA), Medicare program safeguard activities were funded from the contracted fiscal intermediary’s general program management budget. However, HIPAA revised the Social Security Act and established the Medicare Integrity Program - accelerating today’s focus on Medicare audits, Medicare fraud, abuse and enforcement of CMS evidence-based coverage policies.


The Medicare Integrity Program’s (MIP) primary purpose is to deter fraud and abuse in the Medicare program by giving CMS authority to enter into contracts with outside entities and insure the “integrity” of the Medicare program. In 1999, the Centers for Medicare & Medicaid Services (CMS) developed the PSC program to support the MIP, stop Medicare fraud and facilitate provider adherence to codified Medicare Coverage Criteria, Conditions of Participation and applicable judicial rulings.


ZPIC auditors (formerly known as Program Safeguard Contractors) have a contracted Statement of Work (SOW) that encompasses all of the fundamental activities required for CMS program safeguard activities. Basically, a ZPIC auditor is generally responsible for one or more of the following Medicare audit focus areas - (1) pre or post pay medical review of claims, (2) data analysis, (3) benefit integrity and/or fraud detection, (4) cost report audits and (5) provider education.

At the highest level, CMS considers an individual ZPIC as being responsible for detecting, deterring and even preventing Medicare fraud and abuse. In this capacity, the ZPIC auditor is directly responsible for operating areas such as investigation, case development, administrative solutions and referral to law enforcement. 


With the establishment of ZPIC audits, fiscal intermediaries and Medicare administrative contractors typically have some or all of their program safeguard duties removed from the scope of their responsibility. Step-by-step, CMS appears to be developing a more concentrated functional contracting focus for specific areas such are benefit integrity and claims processing activities.


The CMS Medical Review (MR) program is designed to promote a structured approach in the interpretation and implementation of Medicare policy. The ultimate goal of the MR program is to identify and reduce Medicare program vulnerabilities (areas of potential Medicare fraud or abuse) relating to coverage and by taking the necessary action to prevent or address these areas.


The CMS’ national objectives and goals as they relate to medical review are as follows: 1) Increase the effectiveness of medical review payment safeguard activities; 2) Exercise accurate and defensible decision making on medical review of claims; and 3) Collaborate with other internal components and external entities to ensure correct claims payment, and to address situations of Medicare fraud, waste, and abuse.
In order to identify and challenge perceived Medicare fraud & abuse issues, ZPIC audits are based upon a combination of claims data from multiple sources (fiscal intermediary, regional home health intermediary, carrier, and durable medical equipment regional carrier data). By combining data that originates from a full range of CMS contractors, the Medicare ZPIC contractor creates a complete profile of the beneficiary’s claim history regardless of where the claim was processed.


Although Quality Improvement Organizations (QIOs) continue to perform reviews related to quality of care and expedited determinations, they no longer perform the majority of utilization reviews for acute PPS hospitals or LTCH claims. The review of acute PPS hospitals and LTCH claims is now the responsibility of other CMS program contractors including: Carriers, Fiscal Intermediaries (FIs), Program Safeguard Contractors (PSCs), Zone Program Integrity Contractors (ZPICs) and Medicare Administrative Contractors (MACs).


ZPIC Audit Outcomes, CMS Extrapolation & ZPIC Appeals


ZPIC auditors refer all identified overpayments to the Medicare affiliated contractor (typically a MAC), who subsequently sends the provider a demand letter for recoupment of the perceived overpayment. In any case involving an overpayment, even where there is a strong likelihood of Medicare fraud, the MAC will typically request recovery of the overpayment.


Under most circumstances, ZPIC audit contractors may use statistical sampling to calculate and project (i.e., extrapolate) the amount of overpayment(s) made on claims. The Medicare Prescription Drug, Improvement, and Modernization Act of 2003 (MMA), mandates that before using extrapolation to determine overpayments, there must be a determination of sustained or high level of payment error, or documentation that educational intervention has failed to correct the payment error.


A sustained or high level of payment error may be determined to exist through a variety of means is not subject to administrative or judicial review. Examples include: error rate determinations by ZPIC audits / MAC audits, probe samples, data analysis, provider/supplier history, information from law enforcement investigations, allegations of wrongdoing by current or former employees of a provider and audits or evaluations conducted by the OIG.
If the provider elects to appeal a claim reviewed by a ZPIC, then the ZPIC forwards its records on the case to the CMS affiliated contractor (typically a MAC) so that it can handle the Medicare appeal. ZPICs are required to have a medical specialist involved in denials that are not based on the application of clearly articulated policy with clearly articulated rationale.


Medicare Zone Program Integrity Contractors - Focusing on Fraud & Abuse


The vast majority of healthcare providers wholly and unequivocally back aggressive efforts to stop Medicare fraud & abuse.  Unfortunately, many providers face extraordinary day-to-day challenges in identifying, understanding and maintaining current reimbursement and medical documentation guidance from CMS.  Medicare coverage criteria has become so dynamic - frequently being updated on a daily basis - that providers simply don't have the resources and budget required to insure 100% CMS compliance.


The Centers for Medicare and Medicaid Services (CMS) and the Obama administration have launched targeted and wide reaching efforts to identify and stop Medicare fraud.  With the Medicare program facing imminent insolvency and CMS driving hard to push providers toward evidence-based coverage policies and revamped clinical practices, providers are facing law enforcement efforts on an unprecedented scale.


So, what's the real story with Medicare fraud & abuse - fake HIV clinics, the buying and selling of Medicare numbers or bogus HME claims?  No, these are the bizarre headlines associated with crooks - not the real issues facing the nation's healthcare providers today.  The real issues (approx. $40 - $60 billion in estimated, annual overpayments) are centered around perceived provider abuse and the CMS mandate to protect Medicare's viability and enforce payment rules, regulations and guidelines.


Medicare Integrity Program (MIP)


In addition to laying the foundation for the Medicare recovery audit (RAC audits) program, recent adoption of the Medicare Integrity Program has continued to broaden the benefits integrity scope and impact of law enforcement. 


CMS Definition - Medicare Fraud


CMS defines Fraud is an intentional representation that an individual knows to be false or does not believe to be true and makes, knowing that the representation could result in some unauthorized benefit to himself/herself or some other person.  The most frequent kind of fraud arises from a false statement or representation that is material to entitlement or payment under the Medicare program.  The violator may be a practitioner, physician supplier, contractor employee or beneficiary.


Recent developments in whistleblower suits filed in conjunction with the Department of Justice and Office of the Inspector General provide little doubt about the government's absolute intent to crack down on perceived fraud.  Examples of fraud include, but are not limited to the following:


  • Billing for services or supplies that weren't provided 
  • Altering claims to obtain higher payments 
  • Soliciting, offering or receiving a kickback, bribe or rebate (example: Paying for referral of clients) 
  • Provider completing Certificates of Medical Necessity (CME) for patients not known to the provider 
  • Suppliers completing CMEs for the physician 
  • Using another person's Medicare card to obtain medical care 


CMS Definition - Medicare Abuse


CMS defines Abuse as behaviors or practices of providers, physicians, or suppliers of services and equipment that, although normally not considered fraudulent, are inconsistent with accepted sound medical, business, or fiscal practices.  The practices may, directly or indirectly, result in unnecessary costs to the program, improper payment, or payment for services that fail to meet professionally recognized standards of care, or which are medically unnecessary.


The majority of provider "errors" fall within the CMS definition of Abuse.  As such, significant financial penalties and additional potential exposure to fraud claims may follow CMS actions in these matters.  Examples of abuse include, but are not limited to the following:


  • Excessive charges for services or supplies 
  • Claims for services that don't meet CMS medical necessity criteria  
  • Breach of the Medicare participation or assignment agreements 
  • Improper billing or coding practices


Penalties for Medicare Fraud & Abuse


Medicare fraud and abuse cases are routinely referred to the Office of Inspector General (OIG). The OIG has the authority to use civil monetary penalty, criminal penalty, or administrative sanctions in connection with these cases.  Civil monetary policies may be imposed in the following cases, but may also be applied to other cases:


  • An item or service is not provided as claimed 
  • An item or service claimed is false or fraudulent 
  • The Medicare assignment provisions are violated 
  • An item or service is provided by an excluded person 


Criminal penalties may be imposed in the following cases, but may also be applied to other cases:


  • Soliciting, offering or receiving a kickback, bribe or rebate 
  • Knowingly and willingly making or causing to be made any false statement or misrepresentation in applying for a Medicare benefit or payment 


Administrative sanctions may be used:


  • Against an abusive practitioner/provider/supplier 
  • Against a practitioner/provider/supplier who consistently fails to comply with Medicare regulations 


ZPIC - CMS Fraud & Abuse Payment Suspensions


Suspension of payment may be used when CMS or a Medicare contractor possesses reliable information that fraud or willful misrepresentation exists.
However, Medicare fraud suspensions may also be imposed for reasons not typically viewed within the context of false claims (for example, if a QIO has reviewed inpatient claims and determined that the diagnosis related groups (DRGs) have been upcoded).  Forged signatures on Certificates of Medical Necessity (CMN), treatment plans and other misrepresentations on Medicare claims and claim forms may all be considered for suspension.
Multiple “general suspensions” of payment may also be used by CMS or the ZPIC / MAC.  Examples include:


(1) the PSC / ZPIC / MAC possesses reliable information that an overpayment exists but has not yet determined the amount of the overpayment (for example - Several claims identified on post-pay review were determined to be non-covered or miscoded.  The provider has billed this service many times before and it is suspected that there may be a number of additional non-covered or miscoded claims that have been paid);


(2) the contractor ZPIC / MAC contractor or CMS possesses reliable information that the payments to be made may not be correct; or


(3) the ZPIC / MAC or CMS possesses reliable information that the provider has failed to furnish records and other information requested or that is due, and which is needed to determine the amounts due the provider (for example - During a post-payment review, medical records and other supporting documentation are solicited from the provider to support payment.  The provider fails to submit the requested records.  The contractor determines that the provider is continuing to submit claims for services in question).


ZPIC auditors are required to discuss suspension actions with the Office of the Inspector General (OIG) to ascertain their interest in working the case.  If the OIG declines the case, they shall discuss whether OIG referral to another law enforcement agency is appropriate.  Whether the case is accepted by law enforcement or not, ZPIC auditors develop the overpayment as expeditiously as possible and keep law enforcement apprised of the dollars being withheld as well as any potential recoupment action.


Whether or not the ZPIC contractor recommends suspension action to CMS is a case-by-case decision requiring review and analysis of the allegation and/or facts.


Medicare Fraud Alerts


When CMS believes a provider has committed Medicare fraud, or a new scam is identified, the Office of Inspector General (OIG) may issue a National OIG Fraud Alert to Medicare carriers and intermediaries, law enforcement, private insurers and other government agencies.  
Medicare fraud alerts allow administrative & enforcement agencies to investigate whether the same provider or fraudulent activity is occurring in other jurisdictions.  In addition, once the Centers for Medicare & Medicaid Services (CMS) has identified a Medicare fraudulent scheme operating in multiple states, it will issue a CMS Medicare Fraud Alert.


CMS has two levels of fraud alerts - Unrestricted and Restricted.  Unrestricted Alerts provide information regarding a scheme, but do not identify specific providers.  Restricted Alerts describe the scheme and specify suspected providers and/or entities.