Category Archives: ZPICs

How Does OIG Target Provider Types for Audits and Who Needs to Worry?

Interestingly, how OIG and who OIG targets for audits is much more transparent than one would think. OIG tells you in advance (if you know where to look).

Prior to June 2017, the Office of Inspector General’s (OIG) OIG updated its public-facing Work Plan to reflect those adjustments once or twice each year. In order to enhance transparency around OIG’s continuous work planning efforts, effective June 15, 2017, OIG began updating its Work Plan website monthly.

Why is this important? I will even take it a step further…why is this information crucial for health care providers, such as you?

These monthly reports provide you with notice as to whether the type of provider you are will be on the radar for Medicare and Medicaid audits. And the notice provided is substantial. For example, in October 2017, OIG announced that it will investigate and audit specialty drug coverage and reimbursement in Medicaid – watch out pharmacies!!! But the notice also states that these audits of pharmacies for speciality drug coverage will not begin until 2019. So, pharmacies, you have over a year to ensure compliance with your records. Now don’t get me wrong… you should constantly self audit and ensure regulatory compliance. Notwithstanding, pharmacies are given a significant warning that – come 2019 – your speciality drug coverage programs better be spic and span.

Another provider type that will be on the radar – bariatric surgeons. Medicare Parts A and B cover certain bariatric procedures if the beneficiary has (1) a body mass index of 35 or higher, (2) at least one comorbidity related to obesity, and (3) been previously unsuccessful with medical treatment for obesity. Treatments for obesity alone are not covered. Bariatric surgeons, however, get a bit less lead time. Audits for bariatric surgeons are scheduled to start in 2018. Considering that 2018 is little more than a month away, this information is less helpful. The OIG Work Plans do not specific enough to name a month in which the audits will begin…just sometime in 2018.

Where do you find such information? On the OIG Work Plan website. Click here. Once you are on the website, you will see the title at the top, “Work Plan.” Directly under the title are the “clickable” subjects: Recently Added | Active Work Plan Items | Work Plan Archive.  Pick one and read.

You will see that CMS is not the only agency that OIG audits. It also audits the Food and Drug Administration and the Office of the Secretary, for example. But we are concerned with the audits of CMS.

Other targeted providers types coming up:

  • Telehealth
  • Security of Certified Electronic Health Record Technology Under Meaningful Use
  • States’ Collection of Rebates on Physician-Administered Drugs
  • States’ Collection of Rebates for Drugs Dispensed to Medicaid MCO Enrollees
  • Adult Day Health Care Services
  • Oversight of States’ Medicaid Information Systems Security Controls
  • States’ MCO Medicaid Drug Claims
  • Incorrect Medical Assistance Days Claimed by Hospitals
  • Selected Inpatient and Outpatient Billing Requirements

And the list goes on and on…

Do not think that if your health care provider type is not listed on the OIG website that you are safe from audits. As we all know, OIG is not the only entity that conducts regulatory audits. The States and its contracted vendors also audit, as well as the RACs, MICs, MACs, CERTs

Never forget that whatever entity audits you, YOU HAVE APPEAL RIGHTS!

Alphabet Soup: RACs, MICs, MFCUs, CERTs, ZPICs, PERMs and Their Respective Look Back Periods

I have a dental client, who was subject to a post payment review by Public Consulting Group (PCG). During the audit, PCG reviewed claims that were 5 years old.  In communication with the state, I pointed out that PCG surpassed its allowable look back period of 3 years.  To which the Assistant Attorney General (AG) said, “This was not a RAC audit.”  I said, “Huh. Then what type of audit is it? MIC? ZPIC? CERT?” Because the audit has to be one of the known acronyms, otherwise, where is PCG’s authority to conduct the audit?

There has to be a federal and state regulation applicable to every audit.  If there is not, the audit is not allowable.

So, with the state claiming that this post payment review is not a RAC audit, I looked into what it could be.

In order to address health care fraud, waste, and abuse (FWA), Congress and CMS developed a variety of approaches over the past several years to audit Medicare and Medicaid claims. For all the different approaches, the feds created rules and different acronyms.  For example, a ZPIC audit varies from a CERT audit, which differs from a RAC audit, etc. The rules regulating the audit differ vastly and impact the provider’s audit results greatly. It can be as varied as hockey and football; both have the same purpose of scoring points, but the equipment, method of scoring, and ways to defend against an opponent scoring are as polar opposite as oil and water. It can be confusing and overwhelming to figure out which entity has which rule and which entity has exceeded its scope in an audit.

It can seem that we are caught swimming in a bowl of alphabet soup. We have RACs, ZPICs, MICs, CERTs, and PERMs!!

alphabet soup

What are these acronyms??

This blog will shed some light on the different types of agencies auditing your Medicare and Medicaid claims and what restrictions are imposed on such agencies, as well as provide you with useful tips while undergoing an audit and defending the results.

First, what do the acronyms stand for?

  • Medicare Recovery Audit Contractors (RACs)
  • Medicaid RACs
  • Medicaid Integrity Contractors (MICs)
  • Zone Program Integrity Contractors (ZPICs)
  • State Medicaid Fraud Control Units (MFCUs)
  • Comprehensive Error Rate Testing (CERT)
  • Payment Error Rate Measurement (PERM)

Second, what are the allowable scope, players, and look back periods for each type of audit? I have comprised the following chart for a quick “cheat sheet” when it comes to the various types of audits. When an auditor knocks on your door, ask them, “What type of audit is this?” This can be invaluable information when it comes to defending the alleged overpayment.

SCOPE, AUDITOR, AND LOOK-BACK PERIOD
Name Scope Auditor Look-back period
Medicare RACs

Focus:

Medicare zaqoverpayments and underpayments

Medicare RACs are nationwide. The companies bid for federal contracts. They use post payment reviews to seek over and under payments and are paid on a contingency basis. Region A:  Performant Recovery

Region B:  CGI Federal, Inc.

Region C:  Connolly, Inc.

Region D:  HealthDataInsights, Inc.

Three years after the date the claim was filed.
Medicaid RACs

Focus:

Medicaid overpayments and underpayments

Medicaid RACs operate nationwide on a state-by-state basis. States choose the companies to perform RAC functions, determine the areas to target without informing the public, and pay on a contingency fee basis. Each state contracts with a private company that operates as a Medicaid RAC.

In NC, we use PCG and HMS.

Three years after the date the claim was filed, unless the Medicaid RAC has approval from the state.
MICs

Focus:

Medicaid overpayments and education

MICs review all Medicaid providers to identify high-risk areas, overpayments, and areas for improvement. CMS divided the U.S. into five MIC jurisdictions.

New York (CMS Regions I & II) – Thomson Reuters (R) and IPRO (A) • Atlanta (CMS Regions III & IV) – Thomson Reuters (R) and Health Integrity (A) • Chicago (CMS Regions V & VII) – AdvanceMed (R) and Health Integrity (A) • Dallas (CMS Regions VI & VIII) – AdvanceMed (R) and HMS (A) • San Francisco (CMS Regions IX & X) – AdvanceMed (R) and HMS (A)

MICs are not paid on a contingency fee basis.

MICs  may review a claim as far back as permitted under the laws of the respective states (generally a five-year look-back period).
ZPICs

Focus:

Medicare fraud, waste, and abuse

ZPICs investigate potential Medicare FWA and refer these cases to other entities.

Not random.

CMS, which has divided the U.S. into seven ZPICs jurisdictions.

Only investigate potential fraud.

ZPICs are not paid on a contingency fee basis.

ZPICs have no specified look-back period.
MFCUs

Focus:

Medicaid fraud, waste, and abuse

MFCUs investigate and prosecute (or refer for prosecution) criminal and civil Medicaid fraud cases. Each state, except North Dakota, has an MFCU.

Contact info for NC’s:

Medicaid Fraud Control Unit of North Carolina
Office of the Attorney General
5505 Creedmoor Rd
Suite 300
Raleigh, NC   27612

Phone: (919) 881-2320

website

MFCUs have no stated look-back period.
CERT

Focus:

Medicare improper payment rate

CERT companies indicate the rate of improper payments in the Medicare program in an annual report. CMS runs the CERT program using two private contractors (which I am yet to track down, but I will). The look back period is the current fiscal year (October 1 to September 30).
PERM

Focus:

Medicaid improper payment rate

PERM companies research improper payments in Medicaid and the Children’s Health Insurance Program. They extrapolate a national error rate. CMS runs the PERM program using two private contractors(which I am yet to track down, but I will). The look back period is the current fiscal year (the complete measurement cycle is 22 to 28 months).

 As you can see, the soup is flooded with letters of the alphabet. But which letters are attached to which audit company determines which rules are followed.

It is imperative to know, when audited, exactly which acronym those auditors are

Which brings me back to my original story of my dental provider, who was audited by a “non-RAC” entity for claims 5 years old.

What entity could be performing this audit, since PCG was not acting as its capacity as a RAC auditor? Let’s review:

  • RAC: AG claims no.
  • MIC: This is a state audit, not federal. No.
  • MFCU: No prosecutor involved. No.
  • ZPIC: This is a state audit, not federal. No allegation of fraud. No.
  • CERT:This is a state audit, not federal. No.
  • PERM: This is a state audit, not federal. No.

Hmmmm….

If it walks like a duck, talks like a duck, and acts like a duck, it must be a duck, right?

Or, in this case, a RAC.

Big Change in Medicaid Audits? Or Just More Auditing Companies?

According to “Report on Medicare Compliance,” dated August 5, 2013, (Yes, I actually subscribe to this Report), the Center for Medicare and Medicaid Services (CMS) has BIG changes on the horizon for Medicare AND Medicaid audits (nationwide).

According to “New CMS Program-Integrity Plan Is In the Works; No More ZPICs, MICs,” CMS is developing a “unified program integrity strategy” that will consolidate some Medicaid and Medicare audits.

What does that mean to NC health care providers? Less audits? More audits?

Apparently, CMS intends to contract with 5 – 15 new “unified program integrity contractors (UPIC)…yes, another new acronym… The article also states that UPICs would replace zone program integrity contractors (ZPICs) and Medicaid integrity contractors and program safeguard contractors.

However, according to the article, the Recovery Audit Contractors (RACs) will remain in place. 

Companies wanting to act as UPICs were to respond to CMS by August 13th.  So these UPICs may be effective in the near future.

Are UPICS intended to streamline the audit process (by consolidating Medicare and Medicaid audits)?

Or will UPICS just add an additional 5 – 15 auditing companies, increasing the number of audits on providers, and weeding out providers willing to accept Medicaid to decrease Medicaid spending?