September 2022 |
  • Blog

ZPIC Audits: What To Know

Medicare Contractor Background

The Medicare Program is the federal health care program designed to insure the elderly and the disabled. The Program is administered by the Center for Medicare and Medicaid Services (CMS) under the umbrella of the Department of Health and Human Services (HHS). While CMS and HHS are both federal agencies, the actual administration of the Medicare Program is left to private companies with whom the CMS contracts.

There are several different types of contracts that CMS awards, each based on the type of work to be performed under the contract. General administration of the Medicare Program (i.e., payment of claims, provider education, and medical review) is performed by the Medicare Administrative Contractor (MAC). Comprehensive Error Rate Testing Contractors (CERT Contractors) are responsible for calculating the Medicare Fee-for- Service (FFS) improper payment in each region through the use of statistically valid random samples (SVRS). A third type of contractor, the Recovery Audit Program Contractors (RAC), are responsible for correcting improper Medicare payments made on claims for health care services provided to Medicare beneficiaries.

While audits performed by MACs, CERTs, and RACs are predominantly concerned with identifying potential errors and taking corrective actions in the form of collecting overpayments; another type of Medicare Contractor, the Zone Program Integrity Contractor (ZPIC), has a more intimidating role. CMS contracts with ZPICs to identify and stop potential fraud. The primary task of the ZPIC is to identify cases of suspected fraud, develop them as thoroughly and as timely as possible, and take immediate action to ensure the integrity of the Medicare Trust Fund.

Duties and Responsibilities of the ZPIC

There are seven jurisdictional ZPIC zones that cover the United States and its territories. These zones have been awarded to Safeguard Services (Zone 1, 6, & 7), AdvanceMed (Zone 2 & 5), Cahaba (Zone 3), and Health Integrity (Zone 4). As stated above, the primary function of the ZPIC is to root out and deter fraudulent behavior on the part of the provider community. In order to accomplish this goal, ZPICs can take any number of actions that range from stress inducing to terrifying. ZPICs are authorized by CMS to conduct data analysis and perform medical reviews; as well as initiate more substantial actions like payment suspension or referral to law enforcement for consideration of civil or criminal prosecution. In executing these actions ZPICs will conduct on-site visits of the provider’s location for the purpose of interviewing staff and requesting the medical records to be reviewed.

What Providers Should Know

First and foremost, providers need to realize that ZPICs are not authorized by CMS to perform provider outreach and education or perform medical review for non-benefit integrity purposes. This means that if a ZPIC is performing an audit, it is for the sole purpose of identifying suspected fraud so that it can possibly be referred to law enforcement. ZPICs are obligated to refer cases of suspected fraud directly to HHS’s Office of Inspector General (OIG). However, ZPICs are not limited to just one law enforcement agency. ZPICs can simultaneously refer cases to the FBI and, if a provider is suspected of fraudulently billing both Medicare and Medicaid, to the state Medicaid Fraud Control Unit (MFCU). Also,if the ZPIC audit reveals licensing issues, it can notify the appropriate state licensing agency.

Second, ZPICs will often (if not always) attempt to interview owners and staff as a part of the audit process. Providers may be well aware of the fact that CMS and its contractors have the authority to request and review medical records but these same providers may be unaware of how to respond to requests for interview. There is no statutory authority requiring providers, or their employees, to speak to auditors during on-site visits. Also, since the purpose of a ZPIC is to identify fraud and refer suspected instances for fraudulent conduct to law enforcement, statements made during the on-site by either the provider or their employees could be provided to law enforcement in the form of a referral. However, providers should be aware that CMS has identified multiple instances in which the ZPIC (or other Medicare Contractor) can suspend payments. One of those instances is when the ZPIC has reliable information that the provider has failed to furnish records and other essential information necessary to conduct or complete an audit.

CMS provides an example in Chapter 8 of the Medicare Program Integrity Manual of when suspension under this provision is appropriate. CMS’s example involves a provider who fails to provide medical records and other supporting documentation after two requests were made. While the reason for suspension is based on the provider’s failure to produce documents, the rule allows for suspension to be initiated if “other requested information” is not provided. A provider that refuses to answer questions may find that the ZPIC attempts to initiate a payment suspension based on this rule by asserting that a refusal to answer questions constitutes “other requested information” that the provider failed to furnish. Clearly this is one area where capable and quality legal representation would be critical.

Finally, providers need to be aware that the ZPIC contract awarded by CMS is simply a contract. Specifically, it is a contract that can be terminated if the ZPIC does not meet prescribed metrics. One of these metrics is the number of cases the ZPIC refers and gets accepted by law enforcement. ZPICs can increase the acceptance of their referrals to law enforcement by investigating providers and issues that law enforcement has determined to be problematic and in need of attention. HHS-OIG identifies these types of providers and issues in its yearly work plan. The 2017 Work Plan lists areas of concern that HHS-OIG will address in the coming year, including issues in Medicare Parts A, B, and D; as well as within the Medicaid Program. According to the report, HHS-OIG will investigate issues relating to hospice care, home health, chronic pain management, mobility devices, billing for compound topical drugs, and state Medicaid drug claims.


ZPICs are private companies contracted with CMS for the sole purpose of investigating potential issues of fraud and abuse within the Medicare Program. Through the use of audits, ZPICs look to develop allegations of fraud into referrals for possible criminal or civil prosecution by multiple law enforcement agencies. Through the audit process, ZPICs can request medical records and attempt provider interviews. A refusal to provide either can potentially result in payment suspension. Finally, by understanding what issues are important to law enforcement – thereby making them important to ZPICs – providers can take steps to make sure their practice is compliant with all the requisite rules and regulations so that a ZPIC audit is merely an inconvenience rather than an audit that has severe consequences.


Elliott Sauter, PLLC

Our former federal prosecutors and healthcare attorneys are ready to assist.

Call us or complete the form with your case information to speak with an attorney today.


    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    © 2017-2023 Elliott Sauter, PLLC. All rights reserved.

    Website by Ashlar Projects