By Denise M. Fletcher, Esq.

More so than other healthcare providers, home medical equipment (HME) suppliers have been largely dependent on Medicare for business. The reason for this is obvious. HME suppliers serve customers who need assistance to stay independent, and many of these customers are the elderly. Unfortunately, submitting claims to – and getting paid by – Medicare is like “sleeping with the devil.” Through a post-payment audit, Medicare can recover what it has previously paid to the supplier. The frequency and scope of audits have increased dramatically. Medicare has been criticized in the past for paying inappropriate claims. In response to this criticism, they are aggressively auditing claims on both a post-payment and pre-payment basis.

The most dangerous weapon that Medicare has at its disposal is the Zone Program Integrity Contractors (ZPICs). The most perilous thing about the ZPIC is its ability to initiate a fraud investigation. Therefore, in responding to a ZPIC audit, it is important that the supplier’s documentation establish that no fraud occurred. The bottom line is that the supplier does not want the Medicare contractor to turn its file over to the Department of Justice (DOJ) or the Office of Inspector General (OIG).

Prior to the 1996 enactment of the Health Insurance Portability and Accountability Act (HIPAA), Medicare program safeguard activities (i.e., activities aimed at detecting fraud and abuse) were funded from the contracted fiscal intermediary’s general program management budget. This changed with HIPAA. In addition to implementing the privacy regulations, HIPAA revised the Social Security Act and established the Medicare Integrity Program (MIP). The MIP’s primary purpose is to deter fraud and abuse in the Medicare program by giving the Centers for Medicare and Medicaid Services (CMS) authority to enter into contracts with outside entities and ensure the integrity of the Medicare program.

In 1999, CMS developed the Program Safeguard Contractor (PSC) program to support the MIP, stop Medicare fraud and facilitate provider adherence to codified CMS payment criteria, conditions of participation and applicable judicial rulings. PSCs are now transitioning to ZPICs. At the highest level, CMS considers an individual ZPIC as being responsible for detecting, deterring and even preventing Medicare fraud and abuse. ZPICs have the responsibility to:

• Investigate allegations of fraud, including proactive data analysis results and pre- and post-pay medical review for benefit integrity.

• Explore all available sources of fraud leads in its zone.

• Refer investigations to the Office of Inspector General/Office of Investigations for consideration of civil and criminal prosecution and/or application of administrative sanctions.

• Support law enforcement in requests for information including, but not limited to, data and data analysis, cost report data and medical review.

• Recommend administrative actions to CMS, such as suspending Medicare payment, identifying and recouping overpayments, pursuing civil monetary penalties and recommending program exclusions.

• Prevent fraud by identifying program vulnerabilities to CMS.

• Work cooperatively with law enforcement and others to fight fraud and abuse.

• Initiate and maintain networking, education and outreach activities to ensure effective interaction and exchange of information with internal components as well as outside groups, suppliers, providers and beneficiaries.

ZPICs were not officially rolled out with an emphasis on physicians, DME suppliers and physical therapy billing, but that is exactly where the program has focused its recent efforts. ZPICs are responsible for ensuring the integrity of all Medicare claims (parts A, B, C and D) and are not limited to review of durable medical equipment prosthetic and orthotic supplier (DMEPOS) claims. A ZPIC’s main focus is to identify fraud and abuse. ZPICs are divided into seven zones across the country.

• For Durable Medical Equipment Medicare Administrative Contractor (DMEMAC) jurisdiction A/B, TriCenturion is the PSC. The benefit integrity function has not yet transferred to a ZPIC.

• For DMEMAC Jurisdiction C, the ZPICs are:

o AdvanceMed Corporation

o Health Integrity, LLC

o Safeguard Services, LLC

• For DMEMAC jurisdiction D, Safeguard Services, LLC is still the PSC.

ZPICs refer all identified overpayments (of DMEPOS claims) to the DMEMAC, who subsequently sends the supplier a demand letter for recoupment of the overpayment. In any case involving an overpayment, even where there is a strong likelihood of fraud, the MAC will typically request recovery of the overpayment.

Under most circumstances, CMS contractors such as the ZPICs may use statistical sampling to calculate and project (i.e., extrapolate) the amount of overpayments made on all claims during a time period. This allows the ZPIC to generate large overpayments with minimal work. An extrapolated overpayment could quickly devastate a supplier.

While ZPIC audits are similar in many ways to other CMS audits currently being performed nationwide, they do differ in one very important aspect – potential Medicare fraud implications. Of all the current CMS audit initiatives (RAC audits, MIC audits, etc.), it is vital that suppliers facing a ZPIC audit immediately and effectively address targeted audit issues.

When the ZPIC reviews claims for medical review purposes, it follows the same procedures as the DMEMAC when making coverage and coding decisions. The ZPIC must evaluate or determine if there is evidence in the medical record that the service submitted was actually provided and, if so, if the service was medically reasonable and necessary. The ZPIC will also verify diagnosis and match to age, gender and procedure. The ZPIC must determine if patterns or trends exist in the medical record which may indicate potential fraud, waste or abuse. As examples, the ZPIC will be looking for medical records that tend to have obvious or nearly identical documentation. The ZPIC will also evaluate the medical record for evidence of alterations, such as erased sections, missing pages, inserted pages, white out and excessive late entries. The ZPIC will document errors found and communicate these to the supplier when the supplier review does not find evidence of potential fraud. A referral may be made for additional supplier education and follow-up if appropriate. The ZPIC will down code or deny, in part or in whole, when medical records do not support services billed by the supplier.

The ZPIC has much more discretion when conducting a review for benefit integrity. When a ZPIC receives an allegation of fraud or identifies a potentially fraudulent situation, it will investigate to determine the facts and the magnitude of the alleged fraud. A ZPIC will also conduct a variety of reviews to determine the appropriateness of payments, even when there is no evidence of fraud. Unless otherwise advised by law enforcement, a ZPIC may use one or more of the following investigative methods to determine whether a supplier has a pattern of fraud:

• Review a small sample of claims submitted within recent months. Depending on the nature of the problem, the ZPIC may request medical documentation or other evidence relevant to the validity of the claim.

• Interview by telephone a small number of beneficiaries. The ZPIC should not alarm the beneficiaries or imply that the supplier did anything wrong. The purpose is to determine whether the claim is a one time error.

• Look for past contacts by another Medicare contractor concerning comparable violations, including looking for educational/warning letters or for contact reports that relate to similar complaints.

• Perform data analysis.

• Review telephone calls or written questionnaires to physicians confirming the need for home health services or DME.

• Perform random validation checks of physician licensure.

• Review original certificates of medical necessity.

• Perform an analysis of high frequency/high cost, high frequency/low cost, low frequency/low cost and low frequency/high cost procedures and items.

• Perform an analysis of local patterns or trends of practice and billing against national and regional trends.

• Initiate other analysis enhancements to authenticate proper payments.

• Perform a compilation of documentation, e.g., medical records or cost reports.

The purpose of any investigation is to determine whether there is potential fraud or whether the supplier merely made billing errors. If the investigation does not result in a case, the ZPIC will act to prevent further payment of inappropriate claims and recover any overpayments. If the investigation becomes a case, the investigation will be closed and the case will be referred to the OIG, DOJ, etc. Regardless of whether or not the investigation becomes a case, the ZPIC will seek recoupment whenever it determines that there is an overpayment. As stated previously, the DMEMAC performs the recoupment.

The ZPIC has substantial authority and can wreak havoc for any supplier. All audit requests should be taken seriously. However, those from the ZPIC carry additional concerns and must be addressed timely and appropriately in order to avoid further investigations.

How to Contact
Denise may be reached at (806) 345-6318 or

This article is not intended to be legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general information purposes only.