ZPIC Audit / UPIC Audit Defense - Oberheiden P.C.
WSJ logo
Forbes logo
Fox News logo
Bloomberg logo
Los Angeles Times logo
Washington Post logo
The Epoch Times logo
CNN logo
Telemundo logo
New York Times
NY Post logo
NBC logo
Daily Beast logo
USA Today logo
Miami Herald logo
CNBC logo
Dallas News logo

ZPIC Audit Defense / UPIC Audit Attorneys

Our Highly Experienced Healthcare Fraud Defense Attorneys Understand the Growing Threat of Zone Program Integrity Contractor (ZPIC) Audits or Unified Program Integrity Contractor (UPIC) Audits

The ZPIC Audit and UPIC Audit exist for a single purpose: to investigate instances of suspected fraud, waste, and abuse in the Medicare system. Zone Program Integrity Contractors (ZPICs)/Unified Program Integrity Contractors (UPICs) are authorized to conduct invasive, detailed audits on behalf of the Centers for Medicare and Medicaid Services (CMS), and they have broad powers to prevent payment of improperly billed amounts and recoup overpayments and improper payments from Medicare-participating healthcare providers and businesses.

Healthcare providers and other medical businesses (including DME companies) are currently facing immense scrutiny in relation to their Medicare billings, including invasive ZPIC/UPIC audits. These audits can represent significant threats to healthcare providers’ and businesses’ viability. At Oberheiden P.C., our federal healthcare fraud defense lawyers (several of whom are former U.S. Department of Justice (DOJ) prosecutors) have extensive experience on both sides of ZPIC/UPIC audits. If you are facing a ZPIC/UPIC audit, we can help you. To avoid unnecessary recoupment liability and the potential for further federal action – including civil or criminal healthcare fraud charges – call 866-824-5165 or contact us online now for a free and confidential consultation.

Why Have Over 2,000 Clients Trusted Us?

Have you received notice of a healthcare audit? Are you stressed and concerned about your rights, your reputation and your livelihood?

Let me put your mind at ease. We have handled over 2,000 federal cases and we know the best strategy to succeed in your case. Here’s why clients give us 5-star ratings on Google and AVVO:
1. Only a highly experienced “trial-ready” attorney will work on your case. Never a paralegal or junior attorney.
Our staff of attorneys has prior experience within the FBI, DOJ, and U.S. Attorney’s office
3. My team is available by email, phone and text. We want to make sure you have easy access for any questions.
4. No one beats our track record: 45 states (2,000+ Cases)
5. We don’t surrender – we fix!
Don’t settle for anything less than what you deserve!
Call or text me now to discuss the details of your case.
Dr. Nick Oberheiden

Put our highly experienced team on your side

Dr. Nick Oberheiden
Dr. Nick Oberheiden



Lynette S. Byrd
Lynette S. Byrd

Former DOJ Trial Attorney


Brian J. Kuester
Brian J. Kuester

Former U.S. Attorney

Amanda Marshall
Amanda Marshall

Former U.S. Attorney

Local Counsel

Joe Brown
Joe Brown

Former U.S. Attorney

Local Counsel

John W. Sellers
John W. Sellers

Former Senior DOJ Trial Attorney

Linda Julin McNamara
Linda Julin McNamara

Federal Appeals Attorney

Aaron L. Wiley
Aaron L. Wiley

Former DOJ attorney

Local Counsel

Roger Bach
Roger Bach

Former Special Agent (DOJ)

Chris Quick
Chris J. Quick

Former Special Agent (FBI & IRS-CI)

Michael S. Koslow
Michael S. Koslow

Former Supervisory Special Agent (DOD-OIG)

Ray Yuen
Ray Yuen

Former Supervisory Special Agent (FBI)

What Are CMS (Centers for Medicare and Medicaid Services) Zone Program Integrity Contractors/Unified Program Integrity Contractors?

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 established the Medicare Integrity Program (MIP) in order to strengthen CMS’s ability to detect and deter fraud, waste, and abuse in the Medicare program. As part of the MIP, CMS created a uniform type of administrative entity called a Medicare Administrative Contractor (MAC). In accordance with the newly established Medicare Administrative Contractor jurisdictions, seven geographical entities called Zone Program Integrity Contractors (ZPICs)/Unified Program Integrity Contractors (UPICs) were created to perform program integrity functions for Medicare Parts A, B, Durable Medical Equipment (including prosthetics and orthotics), Home Health and Hospice, and Medicare-Medicaid data matching. These entities are:

  • AdvanceMed
  • Cahaba
  • Health Integrity
  • Safeguard Services (SGS)

A typical ZPIC/UPIC audit consists of a thorough evaluation of all available information to confirm the veracity of the patient medical records and billing records a healthcare provider or business has on file to substantiate its Medicare billing practices. Although ZPIC audits are somewhat comparable to Recovery Audit Contractor (RAC) audits, ZPIC/UPIC investigations have the added potential implication of federal Medicare fraud charges, which can result in severe penalties and even criminal prosecution. This makes it even more important to consult with an experienced healthcare fraud defense attorney as soon as possible after being contacted by a ZPIC/UPIC auditor.

What Types of Providers and Businesses are Targeted in ZPIC/UPIC Audits?

One particularly concerning aspect of CMS’s audit program is that healthcare providers and other businesses receive little to no warning that they are going to be targeted in a ZPIC/UPIC audit. As a result, all types of Medicare Part A and B providers, durable medical equipment (DME) companies, home healthcare agencies, and hospices are potentially at risk of being audited at any time. This makes it critically important for these types of providers and businesses to maintain detailed medical records supporting their Medicare billing practices at all times.

It is a common misconception that, if you do not actively engage in intentional misconduct, then you have nothing to be concerned about when it comes to a ZPIC/UPIC audit. However, inadvertent mistakes and careless record-keeping errors can result in costly administrative penalties, license revocation, and even civil charges. Operating in areas that CMS has designated as ‘high risk’ (including Dallas, Los Angeles, Miami, New York, Detroit, and Houston) may make a provider more likely to face a ZPIC/UPIC audit; however, all providers and businesses are at risk for being targeted.

How Do ZPICs/UPICs Choose Which Providers to Target?

Of course, ZPICs/UPICs cannot simultaneously audit all healthcare providers and medical businesses. So, how do they choose which companies to target?

1. Data Analysis

One of the primary triggers for ZPIC/UPIC audits is ZPICs’/UPICs’ automated review of Medicare program billing data. When the data identify a provider or business as a potential target for an audit, a ZPIC/UPIC will perform a medical review to determine whether recoupments or other penalties may be warranted. While these reviews often focus on making coverage and coding determinations related to Medicare’s standards for “medical necessity,” all types of improper billing issues can trigger ZPIC/UPIC audits. These include:

  • High frequency of certain services in comparison to local or national patterns
  • Billing trends that indicate an “outlier provider”
  • Lengths of stay outside of industry standards
  • Mismatching claim and physician records
  • Other improper, inaccurate or fraudulent billing practices

2. Billing Practices Complaints & Routine Audits

ZPIC audits can also arise from complaints or referrals. More specifically, employee or beneficiary complaints to Medicare Administrative Contractors, the Office of Inspector General (OIG), and other federal law enforcement agencies may result in ZPIC audits. In these cases, potential fraud has already been identified and the ZPIC has presumed improper billing activities. If the audit is left unchecked, the ZPIC may use statistical sampling to calculate and extrapolate the amount of alleged overpayments, allowing the ZPIC to generate large overpayment amounts with minimal work. The ZPIC also has the power to request medical documentation and other evidence related to the validity of the claim; however, this power is not absolute, and providers can create unnecessary problems for themselves by providing ZPICs with too much information. Extrapolated overpayments can quickly devastate a provider’s business.

3. “Benefit Integrity” Investigations

ZPICs/UPICs also have significant discretion to conduct reviews for “benefit integrity.” In this scenario, a ZPIC/UPIC may determine that beneficiary interviews are necessary to determine medical necessity or identify billing errors. ZPICs/UPICs around the country have been given ready access to a wide variety of claims coding, billing, and utilization databases and are expected to perform complex data analysis with this data in an effort to identify providers and suppliers with suspicious billing histories. If a healthcare provider’s claims utilization and billing practices are outside of the norm (making the provider an “outlier”), that provider is likely to be audited. Providers can be placed on up to 100% pre-payment review by a ZPIC/UPIC, in which case the provider must stop billing for Medicare and Medicaid claims until further notice.

4. OIG and FBI Investigations

ZPICs/UPICs work closely with agents from the OIG and the Federal Bureau of Investigation (FBI). In many cases, ZPIC/UPIC audits will flow from OIG and FBI inquiries, and providers and other businesses targeted in ZPIC/UPIC audits may end up having their cases referred back to the OIG or FBI for a formal federal investigation.
ZPICs/UPICs do not have to get CMS approval for the companies they choose to target. ZPICs/UPICs also do not have to provide education to providers or post their areas of focus publicly. ZPIC/UPIC investigations can start with a letter requesting claim documentation to determine if an overpayment has occurred. Other times, the ZPIC/UPIC conducts unannounced site visits where auditors take photos and records. In short, there is very little about ZPIC/UPIC audits that is predictable, and this is yet another reason why healthcare providers and other businesses targeted in ZPIC/UPIC audits must promptly engage experienced legal representation.

What are Examples of Potential Red Flags for ZPIC/UPIC Auditors?

During the audit process, ZPICs/UPICs will look for any excuse to seek recoupments and impose other administrative penalties. Missing pages, erased notations, late or inconsistent entries, and pages filed out-of-order are all examples of “red flags” that can lead to nightmares for providers. Absent countervailing evidence, ZPICs/UPICs will generally conclude that these types of errors are indicative of waste, abuse, or fraud, they can trigger a series of subsequent reviews involving time-consuming and burdensome requests for additional documentation. ZPICs/UPICs can also conduct follow-up interviews with those patients who were beneficiaries of the claimed services, search for indications of previous complaints or suspicious conduct, and analyze virtually all other aspects of Medicare providers’ business dealings.

As a result, all medical providers (especially those servicing patients in CMS’s “high risk'” areas) need to ensure they have adopted and are appropriately implementing comprehensive compliance programs in order to mitigate their risk in the event of a ZPIC/UPIC audit. This includes, among numerous other steps, requesting and filing all requisite documentation from incoming patients prior to performing any treatments or surgeries (attempting to complete processing of new patients after the fact increases the risk of backlogs, errors, and inconsistencies that could lead to ZPIC/UPIC audits and penalties). Consistently attempting to bill the maximum allowable amount for a given procedure or service can increase providers’ and other businesses’ exposure in ZPIC/UPIC audits as well.

What are the Different Types of ZPIC/UPIC Audits?

The ZPIC/UPIC auditory regime is extremely complex. Understanding the different types of audits – and identifying the type of audit in which your business or practice is being targeted – is just one of the essential steps involving in successfully avoiding recoupments and other penalties. Here is a brief overview of the three main types of ZPIC/UPIC audits and the potential implications of each:

1. Automated Audits

Automated audits are generally the result of random annual audit quotas as opposed to specific allegations of fraud or abuse. These types of audits usually do not involve invasive information requests; instead, the ZPIC/UPIC will review the information that has already been submitted to Medicare and Medicaid. Although the risk of regulatory action emanating from an automated audit is low, it can still happen. If you find yourself facing a random audit, it is important that you defend your practice or business and prepare for a possible appeal by working with our experienced ZPIC/UPIC audit defense lawyers.

2. Semi-Automated Audits

Semi-automated ZPIC/UPIC audits can result from either random selection or evidence of a potential payment issue. Regardless of the initiating trigger, semi-automated audits are computer-generated reviews accompanied by a request for records and billing documentation. Before submitting any documentation in response to semi-automated audits, Medicare providers should consult with a knowledgeable healthcare fraud defense attorney in order to reduce their risk of liability and further government scrutiny.

3. Complex Audits

If a ZPIC/UPIC auditor identifies a specific issue related to your practice, it may conduct a complex audit. This is the most intensive type of audit format. It will generally involve a request for extensive evidence of medical necessity and reimbursement eligibility as well as the legitimacy of the protocol that was utilized. Usually, a complex audit indicates that the ZPIC/UPIC (or a MAC) has already detected a pattern of fraud or abuse. Due to the high risk associated with this type of audit, it is critical to consult with a ZPIC/UPIC audit lawyer before taking any responsive action.

What is at Risk During (and After) a ZPIC/UPIC Audit?

When a ZPIC/UPIC audit results in allegations of submitting fraudulent or erroneous Medicare and Medicaid services claims, the consequences can be substantial. Healthcare providers and medical businesses can face substantial recoupment liability, denial of pending claims, pre-payment review of future claims, and other financial and administrative penalties. Unfavorable ZPIC/UPIC audit determinations can also lead to federal investigations involving the DOJ, FBI, OIG, and other agencies, and these investigations can lead to civil or criminal charges with the potential for life-changing consequences.
Medicare fraud can be prosecuted under various provisions of the United States Code, and allegations can result in the imposition of restitution; fines; and, in some instances, federal imprisonment. In addition, a wide range of administrative sanctions (such as deactivation or revocation of Medicare enrollment or billing privileges, suspension of payments, and exclusion from participation in the Medicare program) and civil monetary penalties may be imposed when warranted by the circumstances at hand. Various laws (including the Anti-Kickback Statute and the False Claims Act) include provisions for both civil and criminal enforcement; and, when facing a suspected fraud investigation, keeping the investigation civil in nature is critical to mitigating any potential penalties.

What are My Options After an Unfavorable CMS ZPIC/UPIC Audit Determination?

Fortunately, when a ZPIC/UPIC issues a demand for recoupments, this is not the end of the process. There are several stages of ZPIC/UPIC audit appeals, and our attorneys can promptly review your case to determine if you have grounds to challenge the audit’s conclusions.

Let’s assume that you have just gone through the ZPIC audit process, and your business or practice is being accused of overbilling Medicare. You are facing a substantial demand for recoupment (of perhaps hundreds of thousands or even millions of dollars), and your future Medicare billings are at risk of becoming subject to prepayment review.

1. Recoupments and Prepayment Review Could Be Just the Beginning

While recoupments and prepayment review of future Medicare billings can undoubtedly have drastic consequences for medical professionals, healthcare facilities, and other providers – the consequences of an unfavorable ZPIC audit determination can actually make your situation far worse. If your audit results trigger a federal investigation or an inquiry from your state licensing board, an unfavorable ZPIC audit determination could also indirectly lead to:

  • Suspension or revocation of your license
  • Treble (triple) damages
  • Fines, costs, and fees
  • Revocation of assignment privileges
  • Federal imprisonment

Although only a relatively small percentage of ZPIC audits lead to federal investigations, all providers need to understand that they are potentially at risk of being targeted – particularly if a ZPIC audit alleges intentional Medicare fraud. In addition to avoiding prepayment review and payment of recoupments that are not actually due, clearing up any false allegations that could lead to a civil or criminal investigation is another key reason for providers to appeal their ZPIC audit determinations.

2. There are Numerous Issues that Can Justify a ZPIC Audit Appeal

If your business or practice has received an unfavorable ZPIC audit determination, it is important to understand that you could potentially have numerous grounds on which to file an appeal. Providers should never assume that ZPIC auditors’ conclusions are correct, and they should work with legal counsel to explore all potential grounds for appeal as soon as possible after receiving the ZPIC’s recoupment demand.

Some of the most-common grounds for appealing unfavorable ZPIC audit determinations include:

  • Failing to Provide Required Information – When imposing liability for alleged Medicare overbillings, ZPICs must provide certain required information to the targets of their audits. Failure to provide this information can provide grounds to file an appeal.
  • Failing to Seek an Expert Opinion – Contrary to what you might expect, ZPIC auditors and personnel are not necessarily experts in the Medicare billing rules and regulations. If an issue involved with your audit called for an expert opinion, rendering a determination without this opinion could provide grounds for an appeal.
  • Improper Review of Information – When conducting audits, ZPICs must give due consideration to all relevant information supplied by healthcare providers. Selectively reviewing records, improperly interpreting data, and other mistakes can all lead to flawed and unenforceable audit determinations.
  • Inaccuracies in ZPICs’ Conclusions – In many cases, ZPICs’ conclusions are simply inaccurate. This can result from a wide range of factors, and providers and their counsel must be able to spot flaws in the auditor’s reasoning and calculations in order to determine whether grounds exist to file an appeal.
  • Misapplication of Medicare Billing Regulations – There are two ways in which ZPIC auditors commonly misapply the Medicare billing regulations. First, auditors will frequently attempt to apply current regulations to past billings that were submitted in compliance with a prior version of the Medicare Claims Processing Manual. Second, ZPIC auditors often mistakenly apply out-of-date regulations to recent billings, once again resulting in unjustified audit determinations.
  • Procedural Errors – The procedural guidelines that apply to ZPIC audits are designed, at least in part, to help protect healthcare providers from ZPICs overstepping their boundaries. Like other common mistakes, procedural errors can often provide strong grounds on which to file an appeal.
  • Unsound Sampling and Statistical Methods – In addition to the issues listed above, ZPIC auditors commonly use improper and unsound methods to determine a provider’s liability. Our attorneys are knowledgeable about the appropriate sampling and statistical methods for assessing compliance with the Medicare billing guidelines, and we can determine if mistakes have been made that justify an appeal.
  • ZPICs Exceeding Their Authority – While CMS has endowed ZPICs and other Medicare contractors with broad authority to conduct audits and impose liability, ZPICs’ powers are not absolute. If the ZPIC exceeded its authority while conducting your audit (for example, by imposing liability for technical deficiencies that are not within the scope of its review), you may be entitled to have your audit outcome overturned.

3. Appealing an Unfavorable ZPIC Audit Determination Can Be a Process

There are five stages of appeal for unfavorable audit determinations. While some providers will find success at the initial stage, oftentimes, providers will need to go through multiple stages in order to achieve a favorable resolution. The five stages of ZPIC audit appeals are:

  • Stage 1: Redetermination – After receiving an unfavorable ZPIC audit determination, the first stage of appeal involves filing for “redetermination” with the appropriate Medicare Administrative Contractor (MAC). Requests for redetermination must be filed within 120 days; but, in order to avoid penalties and interest for non-payment of recoupments, providers may need to file within 30 days.
  • Stage 2: Reconsideration – If the MAC denies your appeal or issues a “revised initial determination” still requiring payment, the next stage of appeal is to file for “reconsideration” with a Qualified Independent Contractor (QIC). Like ZPICs and MACs, QICs are private contractors engaged in CMS’s fee-for-service recovery program. Requests for reconsideration must be filed within 180 days of receiving the MAC’s decision on your request for redetermination (or within 60 days in order to toll recoupment liability).
  • Stage 3: Administrative Hearing – If you are not satisfied with the outcome of your request for reconsideration, the next step is to request an administrative hearing with the Office of Medicare Hearings and Appeals (OMHA). While redetermination and reconsideration proceedings involve independent reviews of the veracity of a ZPIC’s conclusions, during your administrative hearing, an administrative law judge (ALJ) will review the previous proceedings for errors in the review process. In order to obtain an administrative hearing, you must file a request within 60 days of the QIC’s denial of your request for reconsideration.
  • Stage 4: Medicare Appeals Council – Following your administrative hearing at the OMHA, the next stage of appeal involves review by the Medicare Appeals Council. Administrative law judges assigned to the Medicare Appeals Council will review the decision at the OMHA, and then render a decision based upon whether it believes that the OMHA ALJ made any errors of law or abused his or her discretion.
  • Stage 5: Federal District Court – Once all of the contractor-level and administrative appeals processes have been exhausted, healthcare providers who are dissatisfied with their ZPIC audit process and determinations can finally have their day in court. In its appellate role, the federal district court will review the Medicare Appeals Council’s decision to determine whether it was rendered “against the substantial weight of the evidence” or in an “arbitrary and capricious” manner.

How Can a Healthcare Fraud Defense Attorney Help with Your ZPIC/UPIC Audit?

ZPIC/UPIC audits play a significant role in the federal government’s fight against Medicare fraud. Recently, the federal government has indicated increased reliance on data analysis to target healthcare companies. What this means in practice is that companies that are particularly profitable, and thus have larger volumes of claims submissions, appear on the government’s radar and are far more likely to be audited than less-successful providers. However, regardless of a company’s size or volume of Medicare business, a ZPIC/UPIC audit has the potential to be devastating, and it needs to be handled accordingly.

Many healthcare fraud investigations start with a ZPIC/UPIC audit. Mistakes made during the audit process can have severe consequences – including triggering DOJ, FBI, and OIG investigations – and hiring experienced defense counsel is essential to avoiding unnecessary consequences. Some of the ways that our attorneys assist clients during ZPIC/UPIC audits include:

  • Self-Analysis. Our lawyers will review your files before you provide them to the ZPIC/UPIC to ensure that you are not unnecessarily disclosing any information and so that we can proactively address any issues we identify. We can promptly uncover the source of any mistakes, and we can use the available evidence to protect you against a federal investigation.
  • Deadline Extension. ZPICs/UPICs will often request a great number of documents, and as a practical matter it may be necessary to request an extension of the deadline for production. We can submit this request strategically and effectively so that you will have the time needed to gather the requested files and analyze them before you submit them for review.
  • Improve Compliance. As your counsel, we will not just look at the files requested, but also focus on the bigger picture. What if the ZPIC/UPIC decides to conduct a follow-up audit or recommend a federal subpoena? Is your corporate structure adequately protecting you? Are you prepared for the burdens of dealing with a government inquiry? Is your detailed compliance program strong enough to protect you against allegations of fraud? What other weaknesses could potentially be exposed?
  • Working with the Auditors. The best way to find out what may have prompted a particular audit and to assess the risk of a follow-up federal investigation is to immediately open a dialogue with the auditors. Knowing the impetus of the audit is essential to tailoring your response and overall defense strategy; and, in many cases, early intervention can be crucial to a provider’s or business’s ultimate success during a ZPIC/UPIC audit.
  • Convincing the U.S. Attorney’s Office. If a ZPIC/UPIC audit results in a referral to the U.S. Attorney’s Office, hiring an experienced attorney right away can be essential to keeping any ensuing federal investigation civil in nature. At this stage, it is imperative to not allow the government to build a case and to open an investigation unchecked. Our attorneys can use their experience and the insights they gained as Assistant U.S. Attorneys to keep your investigation civil in nature and attempt to resolve it without charges being filed.

Why Should I Choose the Federal Healthcare Fraud Defense Lawyers at Oberheiden, P.C. for any ZPIC Audits?

At Oberheiden, P.C., we offer the first-hand knowledge obtained from representing healthcare providers across the country in ZPIC/UPIC audits and previously overseeing UPIC/ZPIC audits on behalf of the federal government. Our attorneys can effectively advise and represent you at all stages of the audit process, and we can guide you through the steps you need to take when dealing with ZPIC/UPIC personnel. If necessary, we can also begin preparing for the appeals process as well as any follow-up investigative action by the DOJ, FBI, or OIG.

With the benefit of experience representing clients in UPIC/ZPIC audits and federal investigations, our attorneys can also assist you with developing and implementing a comprehensive and custom-tailored compliance program. Beyond preparing customized documentation, we will help you implement your plan to ensure you will be adequately prepared in the event of another audit, educate your staff on the applicable billing regulations, help you adopt sound records management protocols, and provide effective communication and training methodologies that you can deploy throughout your business or practice.

If you are facing a ZPIC/UPIC audit, you need to have a detailed understanding of the process and the risks involved, and you need to know whether your patient and billing records are an asset or a liability. Our highly-experienced attorneys can explain everything you need to know, and we can ensure that your practice or business is adequately prepared. The risks are simply too great for you to attempt to navigate the ZPIC/UPIC audit process on your own. To discuss your audit with a federal healthcare fraud defense lawyer at Oberheiden, P.C., contact us today.

Request a Free and Confidential Initial Consultation at Oberheiden, P.C.

ZPIC audits and UPIC audits can have devastating consequences for healthcare providers and other Medicare participants. Our attorneys can protect you, but it is important that we start working on your audit as soon as possible. To get started with a free and confidential consultation, call us 24/7 at 866-824-5165, or tell us how to reach you and a member of our firm will be in touch as soon as possible.

Why Clients Trust Oberheiden P.C.

  • 95% Success Rate
  • 2,000+ Cases Won
  • Available Nights & Weekends
  • Experienced Trial Attorneys
  • Former Department of Justice Trial Attorneys
  • Former Federal Prosecutors, U.S. Attorney’s Office
  • Former Agents from FBI, OIG, DEA
  • Cases Handled in 48 States
Email Us 888-680-1745