The Truth about ZPICs - Why Oversight is Needed

ZPIC (Zone Program Integrity Contractors) letters' are the ultimate stop and gulp in healthcare since they are typically focused on potential fraudulent matters. They are specifically charged by the Centers for Medicare and Medicaid Services (CMS) to data mine, identify, and investigate potentially fraudulent behavior.  However, they are required to comply with regulations and guidelines established by the Centers for Medicare and Medicaid Services (CMS) when it comes to making Additional Documentation Requests (ADRs) for pre-payment and post-payment reviews, initiation of Medicare Suspension of Payments (which can be a death knell for physician practices) and other areas for which they have authority to investigate under the direction of CMS.

With that said, they more often than not fail at their obligations to comply with guidelines set forth by the CMS. There has been so much concern over their borderline unethical behavior that the United States Senate Committee on Finance as well as the Office of Inspector General have issued scathing reports warning against what they see as destructive and harmful behavior towards physician practices.

I have spent my entire career advocating on behalf of medical providers and hospitals to ensure due process and a fair shake when dealing with government entities and their contractors. I have been criticized by members of the insurance industry and called horrible names, one even going as far as demanding my termination from DoctorsManagement! Well, I have news for you all in the insurance industry, I am not going anywhere and if anything, like the last of the Jedi my powers are only getting stronger! I am taking on the ZPICs and other contractors for CMS with a new determination to ensure they are held in check and that their at times, corrupt appearing behavior, does not go unpunished. ZPICs are multi-billion dollar powerful corporations who often times doubt the will of the people, which I am here to tell you, is a critical mistake. Sure, there is a pending class action suit (Villasenor) suit in Chicago, but to me they approached the matter totally wrong and as a result may find themselves without a judgment in their favor, however, that is something we will have to watch closely.

Let's talk about facts… In 2012 a scathing report was issued at the request of the Senate Finance Committee and included the following passage, "CMS and its contractors often cultivate an environment of mistrust and suspicion that all providers of certain services are inherently fraudulent. The sentiment is widely shared by anyone that has worked with CMS contractors in the area of program integrity and a similar environment is probable within the CMS Program Integrity Group. This type of environment leads investigators, contractors, and CMS to pursue providers in an aggressive manner, sometimes unfairly, based on little evidence or collaboration of any wrongdoing."

"It is not uncommon for a ZPIC to implement a 100% prepayment review of a provider's claims with no notification."  A great example of this is the recent OIG report citing potentially fraudulent behavior by multi-specialty chiropractic clinics.  This resulted in an avalanche of ADRs, prepayment reviews, and requests for corrective action plans by Strategic Health Solutions, another CMS auditor.  Swift action by industry experts has caused CMS to rein in Strategic Health Solutions and cease prepayment review audits; however, it is a great example of an auditor's inherent mistrust, stereotyping, and over-zealous tactics. 

According to a 2015 OIG Report to Congress... "Often the ZPIC contractors have had no experience in the areas of fraud and abuse for which they should be accountable. The result is a loss to CMS of fraud and abuse funds and providers, many of which are small - medium sized businesses, are forced to spend thousands of dollars to address unfounded audits and investigations. This was evidenced when CMS lost $80 million of the $120 million paid to contractors in 2011, due to poor data when investigating fraud and abuse." Mr. Secretary, things have not changed and to be candid have only gotten worse.

AdvanceMed is making accusations of fraud against medical providers without establishing "Good Cause" which is required for placing a practice on a Medicare Payment Suspension.

Fraud according to The Centers for Medicare and Medicaid Services includes:


Of the above, more often than not, the ZPICs fail to demonstrate any of the above, which is proven by the 2015 OIG report addressed above, "The significant lack of oversight of ZPIC contractors, who were awarded contracts averaging $81.9 million, is evidenced by the extreme and ill-founded actions taken by some ZPICs in unwarranted efforts to show CMS a return on investment. Contractors often employed significant, aggressive, and over-zealous audits, claims reviews and investigations against legitimate, not fraudulent, providers of healthcare services. The broad brush actions cost legitimate providers huge amounts of time, money and energy - inhibiting their ability to provide care to beneficiaries. Some are forced to leave Medicare, if not health care services all together. ZPICs are large and powerful corporations with the backing of the federal government.

They apply heavy handed processes in a punitive manner to many legitimate providers over minor document infractions. Further exacerbating the problems are the individuals employed by CMS to oversee these contractors, who are often young and inexperienced and do not have healthcare or fraud investigation experience."

The Senate Finance Committee Report by The Van Halem Group goes on to state, "There is a lack of experience and training of ZPIC staff." In one specific case a member of management at a ZPIC was questioned regarding issues surrounding numerous errors being made by staff.  The ZPIC Manager said, "Not only was he aware of the errors being made but attributed them to issues related to workload, exhaustion, or lack or training." "Many ZPIC investigators lack sufficient training in coverage and reimbursement policies for the services under their review." A provider contacted their local congressman to address concerns over incorrect denials in a ZPIC audit. The Congressman's office contacted CMS Central Office and submitted 11 examples of claims denied in error. The actual written response from CMS said they agreed that 7 of the 11 claims were in fact denied erroneously. However, the letter went on to state, "That regardless, the provider's error rate remained high so they will remain under investigation" despite the fact they had just received confirmation in the very same response that the error rate calculated was incorrect because of errors made by the contractor.  This not only supports a lack of training, but a lack of appropriate oversight and fairness."

AdvanceMed is often in violation of Medicare guidelines in Section 3.2.3.2... "The MACs, ZPICs and Recovery Auditors shall notify the third party and the billing provider or supplier that they have 30 calendar days to respond for a prepayment review or 45 calendar days for a postpayment review for MACs and Recovery Auditors and 30 calendar days for ZPICs. Yet, AdvanceMed is sending postpayment review letters that states, "The requested documentation, along with a copy of this letter, should be sent to the following address within 15 Calendar Days from the date of this letter." 

Two additional areas practices need to challenge the ZPICs is their compliance is with subsection 4.3 - Medical Review for Program Integrity Purposes (Rev. 675, Issued: 09-0916, Effective: 12-12-16) Section D. Quality Assurance documentation to demonstrate that each aspect of this review is being performed consistently and accurately throughout the ZPIC's MR for PI program specifically item #4 The ZPIC shall have an objective process to assign staff to review projects, ensuring that the correct level of expertise is available. For example, situations dealing with therapy issues may include review by an appropriate therapist or use of a therapist as a consultant to develop internal guidelines. Situations with complicated or questionable medical issues, or where no policy exists, may require a physician consultant (medical director or outside consultant).

 AdvanceMed a Medicare ZPIC is most likely in many cases failing to comply with Section 3.1.1.1 of the Medicare Integrity Manual, which requires that coverage determinations be made only by RNs, LPNs or physicians, unless the task can be delegated to another licensed health care professionals. Reviews of coding determinations, likewise, must be made by certified coders, but should also be made by those who possess the requisite skills in the specialty they are reviewing.  The section of the Medicare Benefits Integrity Manual cited above goes on to state "Upon receipt of disclosure of the identity and qualifications of the auditors, a request for the disclosure of the identity and qualifications of the auditors should be made," which DoctorsManagement always does and is to no avail. Because we typically escalate cases to an Administrative Law Judge hearing at some point during the appeals process, you have the right to request formal discovery of such materials and must.

In almost every case, there are blatant procedural due process errors by the ZPIC and other Medicare contractors that are never addressed through the Medicare administrative appeals process as ALJs often opine that they lack the jurisdiction to enforce the procedural due process outlined in the regulations.  At the end of the day, medical practices are afforded some substantive due process through the Medicare appeals process, but often times governmental contractors overlook that fact since they are in the business to turn profits. This results a lot of times in unethical and borderline illegal behaviors.

In addition to the complexities involved in the interpretive components of any audit, ZPICs, in particular, tend to engage in the complex area of extrapolation.  In general, a ZPIC will pull a relatively small sample of claims - say 30 - and from that attempt to infer, or predict what the error rate or overbilling amounts would have been if all of the claims reported by the entity had been audited.  As a statistician, I am not only NOT opposed to extrapolation, I think that it is an excellent statistical technique but if and only if the sampling portion is done properly and it is my experience that, in most cases, it is not.  I have worked on hundreds of post audit extrapolation cases over the years and in my opinion, have only found a handful that I would consider to be appropriate for extrapolation.  Note that in CMS Publication 100-08, Chapter 3, Section 10.1.3, we read the following:
"If a particular probability sample design is properly executed, i.e., defining the universe, the frame, the sampling units, using proper randomization, accurately measuring the variables of interest, and using the correct formulas for estimation, then assertions that the sample and its resulting estimates are "not statistically valid" cannot legitimately be made."

In essence, the government lays out six criteria for conducting an extrapolation. 

It says that the following must be done correctly:


The reason that these criteria are so important is because an extrapolation not only expands the actual result but it also can substantially exaggerate any errors found. One major problem area that I encounter regularly is using the average (or mean) overpayment per claim as a basis for the calculation.  Let's say that the auditor $80 per claim.  Now, let's say that the sample was pulled from a universe of 50,000 claims.  If you multiply the $80 overpayment per claim times the 50,000 claims, you get an estimated extrapolated overpayment estimate of $4 million; a lot of money by any measure.  In nearly every case in which I have been an expert, the auditor should have used the median overpayment rather than the mean overpayment and the difference can be quite stark.  Let's say that, in this hypothetical audit, the median is $30 less than the average.  That would mean that the extrapolated result was overestimated (or exaggerated) by $2.4 million; again, a lot of money by any measure.

Part of the problem is that the guidelines are not written to the standards of statistical practice but rather to the convenience of the government auditors.  I know that this sounds like a bit of a cynical generalization, but it is my experience that auditors are more interested in the size of the overpayment than they are in a fair and accurate outcome.  I imagine this is because they are all financially incentivized in one way or another.
There are lots of other issues as well, such as combining codes that have drastically different coding methods into the same audit, like E&M and surgical codes.  Or trying to extrapolate DME, which is statistically impossible. Or not considering the nationally established 42% error rate found in a one-level difference in E&M codes.  And the list goes on.  The fact it, extrapolation is a well-established and widely accepted statistical technique with the caveats mentioned above.  Maybe, just maybe, because of the huge variability and uncertainty surrounding the qualitative aspect of coding and notwithstanding the large reversal rate on appeal, extrapolation is not appropriate for provider audits.

ZPICs are big business.  But they have also spun off big business for the insurance industry due to the fact that providers can no longer bear the risk of billing noncompliance.  As a result, providers are now looking to purchase separate billing errors and omissions policies or riders to their malpractice coverage.  This is an added expense to the cost of doing business in healthcare.  A ZPIC audit is often times a death knell for a small practice that does not have the training or the resources to appropriately respond to and challenge a ZPIC audit.

Please also visit https://www.doctors-management.com/ for more.

About the Authors:
Amanda Waesch is an attorney at BMD and operates a national healthcare practice. Ms. Waesch is licensed in both Ohio and Florida. She primarily focuses her practice on healthcare, employment law, corporate law, and healthcare litigation and advises all types of employers, in particular healthcare providers, including, hospitals and physicians, on various matters. Specifically, her work focuses on many different areas such as drafting, reviewing and litigating employment agreements; non-compete agreements and severance agreements; drafting and reviewing employer handbooks; independent contractor evaluations; management and training issues; general corporate matters; Medicare certification, state licensure, and accreditation; regulatory compliance, HIPAA privacy and security laws; fraud and abuse laws; joint venture structural analysis; compliance plans; and healthcare litigation. Ms. Waesch also chairs her firm's litigation team that is primarily responsible for handling all reimbursement audits and appeals for her firm's healthcare clients.

Frank Cohen's areas of expertise include data mining, applied statistics, and predictive analytics. In addition, he provides compliance risk analysis and meaningful assistance to healthcare organizations in the areas of process improvement, compliance, quality and profitability. Frank works with a wide range of clients including solo-physician offices to practices with over 1,000 physicians, academic medical centers, cancer clinics, legal and accounting professionals, government agencies, and national associations such as MGMA and AMA. He and his team have worked with physicians and practices in nearly 60 different specialties and within every state in the U.S.

Sean M. Weiss is a Partner/ Vice President & The Chief Compliance Officer for DoctorsManagement. Sean has dedicated his career to helping healthcare facilities reduce the risk of noncompliance and achieve measurable financial results. An accomplished compliance and management professional, Sean has extensive knowledge of the inner workings of government agencies at both the federal and state level, including the Office of Inspector General, Department of Justice and The United States Attorney's Office.

Sean has been recognized time and again by clients for successfully protecting their organization from unwarranted penalties and ensuring they receive due process. He has protected thousands of physicians, medical practice groups, and hospitals from undue penalties. In his medical audit appeal defense work Sean and his team of auditing and compliance experts have a proven record of having claims dismissed that had been brought against large and small healthcare organizations targeted by federal (Medicare), state (Medicaid), and commercial insurance payors. Medical providers and facilities regularly turn to Sean in the event they receive notice of wrongdoing. Sean also develops comprehensive, customized compliance plans, and he serves as a third-party compliance consultant to ensure that client compliance is absolute.