​

In a transmittal posted Sept. 9, 2016, the Centers for Medicare & Medicaid Services (CMS) significantly revised Chapter 4 of the Medicare Program Integrity Manual (PIM). The changes outline investigative instructions and procedures governing Zone Program Integrity Contractors (ZPICs), whose audits aim to prevent, detect, and deter fraud, waste, and abuse in the Medicare program. ZPICs have until Dec. 12, 2016, to implement the designated program requirements.

The Medicare-Medicaid Data Match Program (Medi-Medi) was developed by CMS to protect federal funds flowing to states for the dual-eligible Medicare/Medicaid population. CMS issues grants to participating states to promote collaboration and to minimize duplication of efforts in Medicare and Medicaid audits and investigations. The collaboration of the ZPIC auditors with state fraud integrity programs is one tool in the federal arsenal to protect federal funds.

According to language added to the PIM, ZPICs are to explore data from state Medicaid agencies and the Medicaid Fraud Control Unit to detect and investigate fraud, waste, and abuse, including partnering with state Medicaid Program Integrity units to perform investigative activities to protect the Medi-Medi program.

According to CMS’ Comprehensive Medicaid Integrity Plan, as of January 2014, 21 states are involved in the Medi-Medi program, representing over 66 percent of Medicaid spending. The Sept. 9 transmittal instructs ZPICs to collaborate with state Medicaid agencies in generating leads for fraud and abuse investigations among Medi-Medi program participants. The leads are developed by matching Medicare and Medicaid data at the provider and beneficiary levels.

If the analysis of the matched claims data indicates potential Medicare fraud, waste, or abuse, the ZPIC investigates. If the analysis indicates potential Medicaid fraud, waste, or abuse, the ZPIC refers the case to the participating state Medicaid agency for follow-up.

In the revised language of the transmittal, the ZPIC “explores all available sources of fraud leads in its zone, including the state Medicaid agency and the Medicaid Fraud Control Unit (MFCU).” The MFCUs are an arm of the Office of Inspector General (OIG) and operate in 49 states and the District of Columbia. As part of a state’s attorney general’s office, teams of investigators, attorneys, and auditors work to prevent Medicaid fraud.

If the ZPIC detects fraud, waste, or abuse involving Medicaid funds, referrals and information sharing with the MFCU are required. ZPICs are also required to respond to MFCU-initiated inquiries through data sharing.

ZPICs are instructed to be both proactive and reactive in finding fraud cases for investigation. The transmittal instructs them to “pursue leads identified through data analysis (ZPICs shall follow PIM chapter 2, section 2.3 for sources of data), the internet, the Fraud Investigation Database, news media, industry workgroups, conferences, etc.”

Chapter 2 of the PIM was updated June 6, 2016, with information about the Integrated Data Repository (IDR) system used to unify claims data from multiple federal programs such as Part A; Parts B and D; beneficiary entitlement, enrollment, and utilization data; and provider reference information.

As a data warehouse for ZPICs to comb for potential investigative cases, the PIM says: “The IDR is the enterprise resource designed to house and unify the data from disparate systems to enable cross-cutting reporting and analysis.”

New clarification added to the PIM is authorization and time frames for how and when the ZPIC may release information to other ZPICs, Qualified Independent Contractors, Quality Improvement Organizations, state attorneys general and state agencies, MFCUs, OIG, the Department of Justice, and the FBI. The release of information to these entities must comply with federal law as outlined in the Health Insurance Portability and Accountability Act of 1996.

The collaboration between these agencies is to increase efficiency and reduce redundancy and burden in the oversight process.

The transmittal instructs ZPICs to “only open investigations on leads that are approved by CMS. If the ZPIC is instructed by CMS to close the lead without further action, the ZPIC shall do so within two (2) business days” (PIM, Chapter 4, §4.6.4). Additionally, the ZPIC has strict time frames for responding to requests.

For example, an OIG request for information that may require more than 40 hours of ZPIC time must have special approval, and responses to approved entity requests must be fulfilled within 30 days.

Once an investigation is approved by CMS, the ZPIC may use screening activities such as verification of the provider’s enrollment status, data analysis, and contact with the complainant (when the lead source is a complaint); conduct beneficiary interviews; contact and interview the referring/ordering physician (if there is no indication that the physician[s] are involved in the scheme related to the lead); and do a site verification to validate the provider’s/supplier’s practice location.

Additionally, the ZPIC may contact the provider via telephone or on-site visit, conduct a medical record review, implement auto-denial edits, and conduct other administrative actions (PIM, Chapter 4, §4.6.3).

With considerable resources, state and federal collaboration, and access to provider data at the ZPIC fingertips, nursing center providers have reason to be concerned when the ZPIC auditors come knocking on their doors. An approved CMS investigation by the ZPIC seems to indicate that a provider is guilty until proven innocent.

The best case for a provider is when the ZPIC staff “determine, after screening the complaint, that it is not a potential fraud, waste, and/or abuse issue, but involves other issues (e.g., medical review, enrollment, claims processing),” in which case “the ZPIC shall refer the complaint to the MAC [Medicare Administrative Contractor] area responsible for second-level screening” (PIM, Chapter 4, §4.6.2.1).

While the ZPIC is focused on rooting out gross abuses and malicious intent to defraud the Medicare program, providers want to avoid unwarranted scrutiny.

To protect their organization from the heavy hand of a ZPIC audit, facility leadership should ensure facility systems, billing practices, and care delivery comply with Medicare and Medicaid program rules. This is no easy task. The 2016 OIG work plan advises that skilled nursing facility documentation include physician orders at the time of admission for the resident’s immediate care, a comprehensive assessment, and a comprehensive plan of care prepared by an interdisciplinary team that includes the attending physician, a registered nurse, and other appropriate staff.

Billing checks should be instituted before a claim is sent to ensure that it is correct. The UB-04 billing claim must be matched with the supporting documentation to ensure that charges are justified and that the care was delivered.