Spotlight on Healthcare Audit Defense: Medicare ZPIC Audits

The Centers for Medicare and Medicaid Services (“CMS”) contract with private companies to routinely target healthcare providers for post-payment reviews and audits. Contractors working for CMS include Zone Program Integrity Contractors (“ZPICs”), Recovery Audit Contractors (“RACs”), and Medicare Administrative Contractors (“MACs”).

ZPIC Medicare Audit

The ZPIC Medicare audit presents the greatest danger for healthcare providers because ZPICs are especially aggressive in seeking recovery of alleged overpayments. In addition, ZPICs can prompt law enforcement agencies to conduct further civil or criminal investigation. According to the most recent ZPIC Statement of Work:

The ZPIC shall review and analyze a variety of data in order to focus its program integrity efforts by identifying vulnerabilities and/or specific providers for review and investigation within its zone, referral of potential fraud, waste and abuse cases to law enforcement, and pursuance of administrative actions. Further, the ZPIC shall be proactive and aggressive in pursuing many different sources and techniques for analyzing data in order to reduce any of its risks within this SOW.

The ZPIC for Georgia and South Carolina is AdvanceMed.  AdvanceMed touts on its website that it targets healthcare providers to help “U.S. federal agencies reduce improper payments by fighting fraud, waste and abuse in entitlement programs” including Medicare.

ZPIC Audit Procedure

Unfortunately, ZPIC audits often begin with no warning to the healthcare provider. The first clue a healthcare provider may have of an audit is a medical record request sent by the ZPIC.  In that request, the ZPIC will typically request a small number of records in order to determine if a larger problem exists.  As part of the audit, the ZPIC may request to conduct interviews with the provider, the provider’s employees, or the beneficiaries.

ZPIC Audit Outcomes

After the ZPIC completes its initial audit, it sends the healthcare provider a “Post-payment Review Results and Provider Education” letter. That letter will provide the healthcare provider with an overview of the allegations of the ZPIC audit and will identify specific beneficiary files that were reviewed.

At the conclusion of the ZPIC audit, the healthcare provider will face one of three potential outcomes. First, as stated above, the ZPIC may refer the healthcare provider to a law enforcement agency for further investigation and for civil or criminal penalties. Second, the ZPIC may refer the audit results to the MAC for the collection of overpayment. In that case, the healthcare provider has the ability to appeal the ZPIC’s overpayment determination. Third, the ZPIC simply may require the healthcare provider to engage in a course of provider education without repayment of claims.

Healthcare Providers Should Protect Themselves in the Medicare Audit Process

The outcome of any audit may be affected by the guidance of experienced and knowledgeable attorneys that can assist the healthcare provider in navigating the complex regulatory environment of healthcare law.

The attorneys at Crowder Stewart LLP have extensive experience representing healthcare providers in connection with Medicare and Medicaid audits and other healthcare compliance and government investigation matters. If we can assist you or your healthcare practice in connection with a Medicare audit or a government investigation, please do not hesitate to contact us at (706) 434-8799 or