Category Archives: ZPICs

New Revisions to the Additional Documentation Request (ADR) Process

The ADR rule went into effect Jan. 1, 2019. Original blog post published March 6, 2019, on RACMonitor.

The Centers for Medicare & Medicaid Services (CMS) has updated its criteria for additional development requests (ADRs). If your ADR “cycle” is less than 1, CMS will round it up to 1.

What is an ADR cycle?

When a claim is selected for medical review, an ADR is generated requesting medical documentation be submitted to ensure payment is appropriate. Documentation must be received by CGS (A Celerian Group Company)  within 45 calendar days for review and payment determination. Any selected and submitted claim can create an ADR. In other words, a provider is asked to prove that the service was rendered and that the billing was compliant.

It is imperative to understand that you, as the provider, check the Fiscal Intermediary Standard System (FISS) status/location S B6001. Providers are encouraged to use FISS Option 12 (Claim Inquiry) to check for ADRs at least once per week. You will not receive any other form of notification for an ADR.

To make matters even more confusing, there are two different types of ADRs: medical review (reason code 39700) and non-medical review (reason code 39701).

An ADR may be sent by CGS, Zone Program Integrity Contractors (ZPICs), Recovery Audit Contractors (RACs), Supplemental Medical Review Contractors (SMRCs), the Comprehensive Error Rate Testing (CERT) contractor, etc. When a claim is selected for review or when additional documentation is needed to complete the claim, an ADR letter is generated requesting that documentation and/or medical records be submitted.

The ADR process is essentially a type of prepayment review.

A baseline annual ADR limit is established for each provider based on the number of Medicare claims paid in the previous 12-month period that are associated with the provider’s six-digit CMS Certification Number (CCN) and the provider’s National Provider Identifier (NPI) number. Using the baseline annual ADR limit, an ADR cycle limit is also established.

After three 45-day ADR cycles, CMS will calculate (or recalculate) a provider’s denial rate, which will then be used to identify a provider’s corresponding “adjusted” ADR limit. Auditors may choose to either conduct reviews of a provider based on their adjusted ADR limit (with a shorter lookback period) or their baseline annual ADR limit (with a longer lookback period).

The baseline, annual ADR limit is one-half of one percent of the provider’s total number of paid Medicare service types for which the provider had reimbursed Medicare claims.

Effective Jan. 1, 2019, providers whose ADR cycle limit is less than 1, even though their annual ADR limit is greater than 1, will have their ADR cycle limit round up to 1 additional documentation request per 45 days, until their annual ADR limit has been reached.

For example, say Provider ABC billed and was paid for 400 Medicare claims in a previous 12-month period. The provider’s baseline annual ADR limit would be 400 multiplied by 0.005, which is two. The ADR cycle limit would be 2/8, which is less than one. Therefore, Provider ABC’s ADR cycle limit will be set at one additional documentation request per 45 days, until their annual ADR limit, which in this example is two, has been reached. In other words, Provider ABC can receive one additional documentation request for two of the eight ADR cycles, per year.

ADR letters are sent on a 45-day cycle. The baseline annual ADR limit is divided by eight to establish the ADR cycle limit, which is the maximum number of claims that can be included in a single 45-day period. Although auditors may go more than 45 days between record requests, in no case shall they make requests more frequently than every 45 days.

And that is the update on ADRs. Remember, the rule changed Jan. 1, 2019.

How Does OIG Target Provider Types for Audits and Who Needs to Worry?

Interestingly, how OIG and who OIG targets for audits is much more transparent than one would think. OIG tells you in advance (if you know where to look).

Prior to June 2017, the Office of Inspector General’s (OIG) OIG updated its public-facing Work Plan to reflect those adjustments once or twice each year. In order to enhance transparency around OIG’s continuous work planning efforts, effective June 15, 2017, OIG began updating its Work Plan website monthly.

Why is this important? I will even take it a step further…why is this information crucial for health care providers, such as you?

These monthly reports provide you with notice as to whether the type of provider you are will be on the radar for Medicare and Medicaid audits. And the notice provided is substantial. For example, in October 2017, OIG announced that it will investigate and audit specialty drug coverage and reimbursement in Medicaid – watch out pharmacies!!! But the notice also states that these audits of pharmacies for speciality drug coverage will not begin until 2019. So, pharmacies, you have over a year to ensure compliance with your records. Now don’t get me wrong… you should constantly self audit and ensure regulatory compliance. Notwithstanding, pharmacies are given a significant warning that – come 2019 – your speciality drug coverage programs better be spic and span.

Another provider type that will be on the radar – bariatric surgeons. Medicare Parts A and B cover certain bariatric procedures if the beneficiary has (1) a body mass index of 35 or higher, (2) at least one comorbidity related to obesity, and (3) been previously unsuccessful with medical treatment for obesity. Treatments for obesity alone are not covered. Bariatric surgeons, however, get a bit less lead time. Audits for bariatric surgeons are scheduled to start in 2018. Considering that 2018 is little more than a month away, this information is less helpful. The OIG Work Plans do not specific enough to name a month in which the audits will begin…just sometime in 2018.

Where do you find such information? On the OIG Work Plan website. Click here. Once you are on the website, you will see the title at the top, “Work Plan.” Directly under the title are the “clickable” subjects: Recently Added | Active Work Plan Items | Work Plan Archive.  Pick one and read.

You will see that CMS is not the only agency that OIG audits. It also audits the Food and Drug Administration and the Office of the Secretary, for example. But we are concerned with the audits of CMS.

Other targeted providers types coming up:

  • Telehealth
  • Security of Certified Electronic Health Record Technology Under Meaningful Use
  • States’ Collection of Rebates on Physician-Administered Drugs
  • States’ Collection of Rebates for Drugs Dispensed to Medicaid MCO Enrollees
  • Adult Day Health Care Services
  • Oversight of States’ Medicaid Information Systems Security Controls
  • States’ MCO Medicaid Drug Claims
  • Incorrect Medical Assistance Days Claimed by Hospitals
  • Selected Inpatient and Outpatient Billing Requirements

And the list goes on and on…

Do not think that if your health care provider type is not listed on the OIG website that you are safe from audits. As we all know, OIG is not the only entity that conducts regulatory audits. The States and its contracted vendors also audit, as well as the RACs, MICs, MACs, CERTs

Never forget that whatever entity audits you, YOU HAVE APPEAL RIGHTS!

Alphabet Soup: RACs, MICs, MFCUs, CERTs, ZPICs, PERMs and Their Respective Look Back Periods

I have a dental client, who was subject to a post payment review by Public Consulting Group (PCG). During the audit, PCG reviewed claims that were 5 years old.  In communication with the state, I pointed out that PCG surpassed its allowable look back period of 3 years.  To which the Assistant Attorney General (AG) said, “This was not a RAC audit.”  I said, “Huh. Then what type of audit is it? MIC? ZPIC? CERT?” Because the audit has to be one of the known acronyms, otherwise, where is PCG’s authority to conduct the audit?

There has to be a federal and state regulation applicable to every audit.  If there is not, the audit is not allowable.

So, with the state claiming that this post payment review is not a RAC audit, I looked into what it could be.

In order to address health care fraud, waste, and abuse (FWA), Congress and CMS developed a variety of approaches over the past several years to audit Medicare and Medicaid claims. For all the different approaches, the feds created rules and different acronyms.  For example, a ZPIC audit varies from a CERT audit, which differs from a RAC audit, etc. The rules regulating the audit differ vastly and impact the provider’s audit results greatly. It can be as varied as hockey and football; both have the same purpose of scoring points, but the equipment, method of scoring, and ways to defend against an opponent scoring are as polar opposite as oil and water. It can be confusing and overwhelming to figure out which entity has which rule and which entity has exceeded its scope in an audit.

It can seem that we are caught swimming in a bowl of alphabet soup. We have RACs, ZPICs, MICs, CERTs, and PERMs!!

alphabet soup

What are these acronyms??

This blog will shed some light on the different types of agencies auditing your Medicare and Medicaid claims and what restrictions are imposed on such agencies, as well as provide you with useful tips while undergoing an audit and defending the results.

First, what do the acronyms stand for?

  • Medicare Recovery Audit Contractors (RACs)
  • Medicaid RACs
  • Medicaid Integrity Contractors (MICs)
  • Zone Program Integrity Contractors (ZPICs)
  • State Medicaid Fraud Control Units (MFCUs)
  • Comprehensive Error Rate Testing (CERT)
  • Payment Error Rate Measurement (PERM)

Second, what are the allowable scope, players, and look back periods for each type of audit? I have comprised the following chart for a quick “cheat sheet” when it comes to the various types of audits. When an auditor knocks on your door, ask them, “What type of audit is this?” This can be invaluable information when it comes to defending the alleged overpayment.

SCOPE, AUDITOR, AND LOOK-BACK PERIOD
Name Scope Auditor Look-back period
Medicare RACs

Focus:

Medicare zaqoverpayments and underpayments

Medicare RACs are nationwide. The companies bid for federal contracts. They use post payment reviews to seek over and under payments and are paid on a contingency basis. Region A:  Performant Recovery

Region B:  CGI Federal, Inc.

Region C:  Connolly, Inc.

Region D:  HealthDataInsights, Inc.

Three years after the date the claim was filed.
Medicaid RACs

Focus:

Medicaid overpayments and underpayments

Medicaid RACs operate nationwide on a state-by-state basis. States choose the companies to perform RAC functions, determine the areas to target without informing the public, and pay on a contingency fee basis. Each state contracts with a private company that operates as a Medicaid RAC.

In NC, we use PCG and HMS.

Three years after the date the claim was filed, unless the Medicaid RAC has approval from the state.
MICs

Focus:

Medicaid overpayments and education

MICs review all Medicaid providers to identify high-risk areas, overpayments, and areas for improvement. CMS divided the U.S. into five MIC jurisdictions.

New York (CMS Regions I & II) – Thomson Reuters (R) and IPRO (A) • Atlanta (CMS Regions III & IV) – Thomson Reuters (R) and Health Integrity (A) • Chicago (CMS Regions V & VII) – AdvanceMed (R) and Health Integrity (A) • Dallas (CMS Regions VI & VIII) – AdvanceMed (R) and HMS (A) • San Francisco (CMS Regions IX & X) – AdvanceMed (R) and HMS (A)

MICs are not paid on a contingency fee basis.

MICs  may review a claim as far back as permitted under the laws of the respective states (generally a five-year look-back period).
ZPICs

Focus:

Medicare fraud, waste, and abuse

ZPICs investigate potential Medicare FWA and refer these cases to other entities.

Not random.

CMS, which has divided the U.S. into seven ZPICs jurisdictions.

Only investigate potential fraud.

ZPICs are not paid on a contingency fee basis.

ZPICs have no specified look-back period.
MFCUs

Focus:

Medicaid fraud, waste, and abuse

MFCUs investigate and prosecute (or refer for prosecution) criminal and civil Medicaid fraud cases. Each state, except North Dakota, has an MFCU.

Contact info for NC’s:

Medicaid Fraud Control Unit of North Carolina
Office of the Attorney General
5505 Creedmoor Rd
Suite 300
Raleigh, NC   27612

Phone: (919) 881-2320

website

MFCUs have no stated look-back period.
CERT

Focus:

Medicare improper payment rate

CERT companies indicate the rate of improper payments in the Medicare program in an annual report. CMS runs the CERT program using two private contractors (which I am yet to track down, but I will). The look back period is the current fiscal year (October 1 to September 30).
PERM

Focus:

Medicaid improper payment rate

PERM companies research improper payments in Medicaid and the Children’s Health Insurance Program. They extrapolate a national error rate. CMS runs the PERM program using two private contractors(which I am yet to track down, but I will). The look back period is the current fiscal year (the complete measurement cycle is 22 to 28 months).

 As you can see, the soup is flooded with letters of the alphabet. But which letters are attached to which audit company determines which rules are followed.

It is imperative to know, when audited, exactly which acronym those auditors are

Which brings me back to my original story of my dental provider, who was audited by a “non-RAC” entity for claims 5 years old.

What entity could be performing this audit, since PCG was not acting as its capacity as a RAC auditor? Let’s review:

  • RAC: AG claims no.
  • MIC: This is a state audit, not federal. No.
  • MFCU: No prosecutor involved. No.
  • ZPIC: This is a state audit, not federal. No allegation of fraud. No.
  • CERT:This is a state audit, not federal. No.
  • PERM: This is a state audit, not federal. No.

Hmmmm….

If it walks like a duck, talks like a duck, and acts like a duck, it must be a duck, right?

Or, in this case, a RAC.

Big Change in Medicaid Audits? Or Just More Auditing Companies?

According to “Report on Medicare Compliance,” dated August 5, 2013, (Yes, I actually subscribe to this Report), the Center for Medicare and Medicaid Services (CMS) has BIG changes on the horizon for Medicare AND Medicaid audits (nationwide).

According to “New CMS Program-Integrity Plan Is In the Works; No More ZPICs, MICs,” CMS is developing a “unified program integrity strategy” that will consolidate some Medicaid and Medicare audits.

What does that mean to NC health care providers? Less audits? More audits?

Apparently, CMS intends to contract with 5 – 15 new “unified program integrity contractors (UPIC)…yes, another new acronym… The article also states that UPICs would replace zone program integrity contractors (ZPICs) and Medicaid integrity contractors and program safeguard contractors.

However, according to the article, the Recovery Audit Contractors (RACs) will remain in place. 

Companies wanting to act as UPICs were to respond to CMS by August 13th.  So these UPICs may be effective in the near future.

Are UPICS intended to streamline the audit process (by consolidating Medicare and Medicaid audits)?

Or will UPICS just add an additional 5 – 15 auditing companies, increasing the number of audits on providers, and weeding out providers willing to accept Medicaid to decrease Medicaid spending?