Preparing for ZPIC Audits
Conducting a mock audit shows good intentions to payers and auditors
by Richard Cheng

During the past decade there has been a steady increase in zone program integrity contractor (ZPIC) audits. After an audit is completed, allegations of fraud may be referred to the Department of Health & Human Services (HHS) Office of Inspector General (OIG) for consideration of civil or criminal prosecution. Here is a brief background on how ZPICs were developed and the relevant laws associated with ZPICs.

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 established the Medicare Integrity Program (MIP). The MIP was designed to help the Centers for Medicare & Medicaid Services (CMS) better identify fraud, waste and abuse in the Medicare program. The MIP also allows CMS to effectively execute program safeguard functions. As a result, CMS created new entities, program safeguard contractors (PSCs), to perform program integrity functions.

On December 8, 2003, the Medicare Modernization Act (MMA) was signed into law. Section 911 of the MMA directed implementation of Medicare fee-for-service contracting reform. This required CMS to use competitive procedures to replace its current fiscal intermediaries (FIs) and carriers with a uniform type of administrative entity, referred to as Medicare administrative contractors (MACs).

Seven program integrity zones were created based on the newly established MAC jurisdictions. In response, ZPICs were created to perform program integrity functions in these zones for Medicare Part A and Part B, durable medical equipment prosthetics, orthotics and supplies, home health and hospice and Medicare-Medicaid data matching. ZPICs are overseen by the Center for Program Integrity (CPI) at CMS.

Preparing for ZPIC Audits

ZPICs are diligent and aggressive about their investigations and use tactics that may appear overwhelming. Such tactics are meant to promote swift action to ensure Medicare trust fund monies are not inappropriately paid. ZPICs also identify opportunities for MACs to recoup payments deemed “improperly paid.” In short, ZPIC audits are complicated and frightening for many health care providers.

In responding to ZPIC audits, it will help to have a compliant and prepared protocol to help limit civil liabilities and criminal prosecution. Here are my suggestions for providers preparing for a ZPIC audit.

1. Possess Adequate and Accurate Documentation

Health care providers who are unable to locate documentation and provide it to the auditors will lose credibility quickly. Maintaining proper documentation is a fundamental responsibility of providers, and payers are entitled to verify supportive documentation associated with payments. One vital consideration is the proper and accurate use of diagnosis and treatment codes.

Health care providers should work closely with their coders, internal or external, to ensure accurate coding is being utilized. Any communications between management and staff may be reviewed in conjunction with a ZPIC audit. To locate documents, it may be helpful to designate a liaison or appoint a specific internal task force. This will help centralize audit efforts and streamline the process.

Perfect documentation rarely exists in the real world, especially in a fast-paced environment within complex clinical situations. However, providers should continuously seek to improve their own documentation as well as their clinicians’ documentation skills.

Combating ZPIC auditors can be costly and will likely result in diminished productivity (not to mention stress). Providers should make every effort to minimize audits by generating quality documentation. A properly trained and educated clinical team will help achieve this objective.

2. Have an Updated and Tailored Compliance Program

Prior to the ZPIC audit, develop a compliance program. More specifically, develop a compliance program that contains updated information, references accurate laws and is reflective of your organization and your capability to implement the program.

Section 6401 of the Affordable Care Act (ACA) states that a “provider of medical or other items or services or supplier within a particular industry sector or category” shall establish a compliance program as a condition of enrollment in Medicare, Medicaid or the Children’s Health Insurance Program (CHIP). The ACA compliance program mandate is intended to induce all health care professionals to implement a compliance program. While a compliance program does not guarantee that health care fraud, waste or abuse will not occur, it facilitates more effective protection from improper conduct.

As part of the compliance program, a provider should compare its own billing, documentation and coding practices with the rules of payers. Practices found to be inconsistent with those rules should be corrected and communicated to the staff immediately. In addition, if non-compliant practices have resulted in Medicare Part A or Part B overpayments, providers must repay the identified overpayments within 60 days to comply with 42 U.S.C. 1320a-7k (d).

3. Conduct a Mock Audit and Develop a Timeline

Conducting a mock audit on billing, documentation and coding practices exemplifies a compliant culture and shows a provider’s good intent to comply with payer rules and regulations. By utilizing resources to conduct the mock audit, providers demonstrate an initiative to self-correct mistakes and increase their credibility with auditors.

Mock audits should not be a one-time act. A mock audit performed two or three years ago will have minimal effect today and does not help persuade the ZPIC auditor that good faith efforts were used to conduct regular mock audits. As part of this exercise, keep track of sequential events, and maintain a chronological file of the auditor’s actions. This keeps the auditor honest and shows ongoing cooperation by the provider in response to ZPIC auditor documentation requests. Providers should log events and interactions with relevant outside service providers, such as coders or billing companies. The key here is to be persistent about developing a timeline because it can show efforts made (or lack thereof) by all parties.

Keep in Mind

ZPIC audits can be an arduous process, causing providers confusion and frustration. It is imperative to understand the process because each appeal level is time-sensitive. Unless providers have a well-developed system, protocol and legal understanding of the regulations associated with ZPIC audits, they should seek legal counsel to assist with preparing and disputing ZPIC audits.