CMS Connect Login:

Login Assistance

Responding to ZPIC Onsite Inspections

How practices can manage the process By Andrew S. Feldman, JD

Private contractors are largely responsible for administering the Medicare and Medicaid programs. The original intent underlying this delegation of authority was to minimize government intrusion in the administration of federal and state health care programs. Nonetheless, many contractors operate with substantial, seemingly unfettered discretion. At times, inspections resemble raids or searches by law enforcement with one critical distinction—law enforcement agents must execute a search warrant supported by probable cause unless granted an exception.

Zone Program Integrity Contractor (ZPIC) onsite inspections illustrate this point. These contractors have broad authority to conduct inspections, as part of provider-specific pre-payment audits designed to ferret out and prevent fraud and abuse. ZPIC inspections may be conducted without sufficient advance notice based on information obtained through data mining or predictive models, or third-party complaints, including those by former employees or patients. The inspections are particularly unnerving compared to audits by Medicare Administrative Contractors (MACs) or Recovery Audit Contractors (RACs), since ZPICs work closely with the FBI and the OIG.

During inspections, ZPICs often request and obtain copies of claims for certain services and patient records. ZPICs may also photograph diplomas, office space, and equipment. After the inspection, a ZPIC investigator and a registered nurse will likely conduct several patient interviews at the patient’s home.

Equally important, depending on the findings, the ZPIC may refer a provider to the OIG for potential civil or criminal prosecution or exclusion. If the OIG declines the referral, then the ZPIC may still refer the case to the FBI or state enforcement agencies. In addition, the ZPIC may place providers on pre-payment review indefinitely due to a parallel criminal investigation. ZPICs may refer the matter to the MAC for recoupment of overpayments if the ZPIC concludes that the provider’s billing mistakes did not result from intentional fraud.

This article recommends steps providers might take prior to, during, and after a ZPIC inspection.

Quiet Before the Storm

Providers can prepare for a possible ZPIC inspection by retaining legal counsel.

OIG Work Plan. This review identifies Medicare and Medicaid services the OIG will closely scrutinize, establishing whether the provider may be susceptible to an audit or an inspection. By conferring with the Work Plan, providers can anticipate which segments of their practice may be of potential concern to the OIG.

Shadow Audits. Such an audit emulates the processes and procedures employed by ZPICs to detect possible fraudulent conduct. Much like the predictive models widely used by ZPICs, this audit identifies and remediates errors related to payment and claims documentation. During this process, providers should reassess their coding and coverage determinations, as well as address deficiencies in supporting documentation, including signature requirements.

Claim Denial Rates. As part of any audit, providers should review the quality of their documentation verification policies and procedures to ensure that claim denial rates do not vary significantly from those of similarly situated providers in the same specialty and similar geographic region.

The Inspection

Notice of Onsite Inspection. Once counsel learns about the inspection, a copy of the notice of inspection for facial sufficiency (time, date, location, correct address, etc.) should be obtained.

Agency Name and Investigators. Occasionally, ZPICs arrive for an inspection with the OIG or other investigative agencies. Therefore, determining which agency is conducting the inspection and how many investigators are on scene is critical. The names of each investigator should be obtained.

Scope of Inspection. In addition to the ZPIC inspection scope, the provider should determine the scope of records request, and if investigators intend to interview employees onsite.

Credibility and Cooperation. Engaging in any conduct that may be viewed as obstructing or impairing the inspection will not only undermine the provider’s credibility with the ZPIC, but may also subject the provider to criminal consequences, including obstruction of a federal audit.

Claims and Documents Requests. While the provider generally has 30 days to produce the requested records, if the ZPIC determines that the documents or records are “necessary for the reimbursement determination,” then the ZPIC may demand to examine or copy those records. Under these circumstances, failure to provide access to records may result in adverse consequences, including revocation or obstruction charges. Accordingly, where feasible, date-stamped copies of claims and documents should be provided.

Onsite Employee Interviews. Although statutorily authorized to inspect the provider’s business and to request medical records, there is no ancillary legal authority for conducting employee interviews onsite to gather additional information. So, even if ZPICs view employee interviews as an integral part of their mission, providers and employees are not required to consent to interviews.

Unsurprisingly, employees may not understand their options or lack experience in responding to random onsite inspections. Employees may believe they are required to consent to interviews. At the same time, employee statements may be imputed to the provider for purposes of criminal or civil liability as non-hearsay statements. To manage this process, counsel or a provider representative should inform employees they are free to speak to the ZPIC but are not required to, and may have an attorney present.

Further, to prevent unnecessary interviews onsite, only essential employees—those whose day-to-day responsibilities are relevant to the ZPIC inspection—should be made available for interviews, and the provider may notify non-essential staff that they are free to go home. This is reasonable under the circumstances and should not be viewed as obstructive conduct.

Extensions. When appropriate, a request for an extension to produce the necessary claims and supporting documentation should be made. This may be reasonable when the inspection interferes with the provider’s ability to care for patients, or when the ZPIC requests a voluminous number of documents. Indeed, providers often use third-party vendors to submit claims, and may need more time to coordinate the production and copying of requested claims (and supporting documentation) with the vendor.

Document Lists and Copies. Before the ZPIC leaves, providers should make a complete list (and copies) of all documents, claims, and records obtained by the ZPIC.

After the Inspection

Document Destruction Policies. Place a hold on any applicable document destruction policies. Suspending these policies will accomplish two objectives: show the provider’s sincere commitment to retrieving and producing additional documentation upon request; and demonstrate the provider is not seeking to impede, obstruct, or impair the audit by altering, deleting, or falsifying documents.

Patient Interviews. The ZPIC, along with a registered nurse, may interview patients. The purpose of interviews varies depending on the particular industry. For example, in the home health context, the purpose is to analyze medical necessity.

By reviewing copies of claims obtained by the ZPIC, the provider may determine which patients the ZPIC might interview. Claims and supporting documents obtained by the ZPIC during the inspection should be examined to identify and address deficiencies.

Employee Interviews at Home. ZPIC investigators may show up at an employee’s home to request an interview. Employees should know in advance so they can decline an interview and understand they are not required to consent to a home interview. They can also tell a ZPIC investigator they would prefer having an attorney present.

Internal Investigations. After the inspection, providers should make an internal investigation and engage in additional fact-finding. The objective here is to determine why the ZPIC conducted the inspection, why the ZPIC requested and obtained specific documents or claims, and ultimately, to understand the provider’s options.

Internal Employee Interviews. For the internal investigation, employee interviews should be conducted by in-house counsel or outside counsel.

Claims Review and Gap Analysis. The provider should review all claims or documents obtained by the ZPIC and evaluate their significance. This process requires checking all claims and supporting documents for accuracy, legibility, and compliance with signature requirements. The review should include a gap analysis to confirm whether the services in the sample set of claims obtained by the ZPIC are covered by applicable Medicare regulations, national coverage determinations, and local coverage determinations. An analysis should determine whether the provider (or third-party vendor) used incorrect codes or modifiers in the sample set of claims at issue.

Additional Document Requests. Where applicable, date-stamped documents and a cover letter listing all documents in the submission should be provided in response to any additional requests (ADRs). The documents should be organized to convincingly convey a theme to the ZPIC that could help the provider counter an allegation of fraud. For example, if the theme is “sloppy record-keeping” or failure to understand ambiguous or complex regulations, providers might supplement the record with documentation supporting that theme. Likewise, if the theme is that the ZPIC made a mistake, for example, through predictive modeling or data analyses, then documents should be organized to communicate that theme, with necessary certificates, plans of care, and other information to illustrate that claims are accurate, reasonable, and medically necessary.

Bottom Line

ZPICs have authority to initiate proactive and reactive inspections. They view themselves as fraud fighters, working closely with the FBI. Providers and their counsel should be well-equipped to manage and respond to onsite inspections.

Andrew S. Feldman, JD, is founder of the Feldman Firm, PLLC, in Miami, Florida. His specialty areas include government investigations and regulatory enforcement matters impacting health care providers, government contractors, and businesses operating in regulated industries.

Document Actions

Join CMS

Why join?  The Chicago Medical Society offers many benefits, including career placement, advocacy, networking, and member to member collaboration. Click here to explore all the benefits of membership.

CMS Connect

CMS Connect is an exclusive community that allows members to discuss the issues impacting their practices today. Visit CMS Connect today.