How HME providers can stay out of the ZPIC, NSC, and accrediting organization crosshairs
by Jeffrey S. Baird

The HME industry is a young industry. In its present form, it has been around for about 30 years. The industry grew up relatively unregulated. The Centers for Medicare & Medicaid Services (CMS, which was formerly the Health Care Financing Administration, or HCFA) and Capitol Hill did not understand the HME industry and paid little attention to it. To quote Dorothy, “We are not in Kansas anymore.” Over the last 10 years CMS and Congress are overcompensating for their years of inaction. The industry is facing a “perfect storm” of changes: competitive bidding (hopefully, to be replaced by MPP); decreased reimbursement; more-stringent documentation requirements; an increasingly aggressive NSC; active accrediting organizations; and “over the top” audits by Zone Program Integrity Contractors (ZPICs). As the title indicates, HME suppliers are truly living in a glass house. At any given time, the supplier’s operations are under the microscope by multiple government agencies and contractors. The supplier has no choice but to strive to be pristine in everything it does.

National Supplier Clearinghouse

During the early years of its existence, the NSC was relatively toothless. It simply did not have the funding and staff to aggressively monitor whether HME suppliers complied with supplier standards. The NSC’s role was relegated to conducting a site inspection at the time of enrollment or re-enrollment during which the inspector would ask rudimentary questions about hours posted and insurance coverage. This is no longer the case. The NSC of today is a totally different animal than the NSC of yesterday.

The NSC is well-funded and staffed-up. The NSC is much more aggressive; in fact, it is fair to say that the NSC is the new Alpha Dog. There are a number of reasons why the HME supplier must take the NSC seriously, one of which is that the NSC can revoke (or suspend or deactivate) a supplier number with a “flip of the switch.” Compare this to a typical Department of Justice/OIG investigation that takes two to three years to resolve.

The NSC is routinely conducting unannounced site inspections, which frankly is a good thing. The compliant suppliers have nothing to fear while the fraudsters have a great deal to fear. However, even the compliant players need to be careful… remember what I said about living in a glass house. The NSC inspectors have become more sophisticated and aggressive. They are interviewing patients and referring physicians. They are asking probing questions that were never asked in the past. For example, an inspector may ask if the supplier is marketing through W2 employees or 1099 independent contractors. The inspector may inquire if the supplier has the requisite written permission before it calls a prospective customer. In short, the NSC is looking at the supplier’s operations to determine if the supplier is complying with the supplier standards. What is scary is that if the NSC concludes that a supplier is not adhering to the standards, then the NSC can immediately bring the supplier to its knees by revoking, suspending or deactivating the supplier’s Part B number.

Let me make a comparison. It is critical that a pharmacy remain in good graces with its state board of pharmacy. If the state board revokes the pharmacy’s license, then the pharmacy is dead in the water. Likewise, it is critical for an attorney to remain in good graces with his/her state bar. If the attorney loses his/her law license, then the attorney will end up selling Big Gulps at 7-Eleven. This concept holds true for the HME supplier. It is critical that the supplier remain in good graces with the NSC. Without an active Part B supplier number, the HME supplier is out of the Medicare program.

A physician should never diagnose and treat himself. Likewise, an attorney who represents himself has a fool for a client. The supplier should not be the sole judge of whether it is in compliance with the supplier standards. On a periodic basis, the supplier should bring in an outsider (attorney or consultant) to conduct a review of whether the supplier is in compliance with the supplier standards.

Accrediting Organizations

I am grateful that the industry has accrediting organizations. The dual requirements of accreditation and surety bonds have eliminated a large number of suppliers that are incompetent at best or fraudulent at worst. Physicians have peer review committees and CEU requirements. Same with nurses, and the same with other health care providers. In a sense, the accrediting organizations serve this purpose for the HME industry.

Reality dictates that the supplier should be wary. The accrediting organization exists by virtue of the good grace of CMS. CMS is becoming increasingly demanding of the accrediting organizations. CMS expects the accrediting organization to look at many facets of the supplier’s operation and to insist on changes that the accrediting organization (and CMS) deem to be necessary. If the supplier refuses to make the changes, then its accreditation will be revoked. This causes a domino effect that leads to the revocation of the supplier’s Part B number. Increasingly, when CMS receives complaints about a supplier it will refer the complaints to the accrediting organization with the instruction to investigate and resolve the complaints. If the supplier proves to be uncooperative with its accrediting organization, then the supplier’s accreditation can be revoked.

In short, over the past couple of years, the accrediting organizations have become more sophisticated and aggressive. As with its relationship with the NSC, the supplier needs to do what is necessary to stay in the good grace of its accrediting organization. In particular, the supplier must understand and follow the policies and procedures that it previously submitted to, and that have been approved by, the accrediting organization. If the supplier hires an outsider to conduct a review of whether the supplier is complying with the supplier standards, the supplier should also direct the attorney/consultant to review whether the supplier is complying with the policies and procedures approved by the accrediting organization.

Zone Program Integrity Contractors

As with the NSC, Zone Program Integrity Contractors (ZPICs) are also Alpha Dogs. Here is a little background: Prior to the 1996 enactment of HIPAA, Medicare program safeguard activities—i.e., activities aimed at detecting fraud and abuse—were funded from the contracted fiscal intermediary’s general program management budget. HIPAA revised the Social Security Act and established the Medicare Integrity Program. The MIP’s primary purpose is to deter fraud and abuse in the Medicare program by giving CMS authority to enter into contracts with outside entities and ensure the “integrity” of the Medicare program. In 1999, CMS developed the Program Safeguard Contractor program to support the MIP, stop Medicare fraud, and facilitate provider adherence to codified CMS Payment Criteria, Conditions of Participation, and applicable judicial rulings. PSCs are now transitioning to Zone Program Integrity Contractors. At the highest level, CMS considers a ZPIC as being responsible for directing, deterring, and preventing Medicare fraud and abuse.

ZPICs are divided into seven zones across the country. They have a contracted Statement of Work that encompasses all of the fundamental activities required for CMS program safeguard activities. ZPICs are responsible for post-payment audits, prepayment reviews, data analysis, benefit integrity and/or fraud detection, cost report audits, and provider education. The ZPIC will refer an identified overpayment to the DME MAC and may refer identified fraudulent activities to the OIG.

When an HME supplier receives notice that it is being subjected to a post-payment audit from a DME MAC, then the supplier must take the matter seriously but there is no reason to panic. The DME MAC is conducting a “medical review” audit; that is, does the supplier’s documentation support the product that was delivered to the patient? On the other hand, when the supplier receives notice that a ZPIC is conducting a post-payment audit or prepayment review, then while panic may not be necessary, a healthy dose of paranoia may be in order. The fact that a ZPIC is involved tells the supplier that CMS believes that the supplier may be engaging in fraudulent activities.

In conducting its investigation, the ZPIC will engage in one or more of the following: post-payment audit, prepayment review, and telephonic and in-person interviews of patients and physicians. A ZPIC investigator may ask the same type of probing questions that the NSC inspector may ask (see above). For example, the investigator may call Mrs. Smith and ask her:  “Now Mrs. Smith, do you really need the diabetic testing suppliers that ABC Medical Equipment sold to you?” Or the investigator may ask Mrs. Smith: “Did you give ABC Medical Equipment written permission to call you?” Or the investigator may ask Dr. Jones: “Dr. Jones, you signed the order for diabetic testing supplies. Is this something that you came up with or did you receive an order from ABC Medical Equipment in which ABC told you that Mrs. Smith wants diabetic testing suppliers from ABC?”

A ZPIC post-payment audit is serious, but it is not “life threatening.” At least the supplier has been paid, so the supplier can pay its light bill. The supplier and the ZPIC are arguing over whether the supplier should keep the money that it had previously been paid. On the other hand, a pre-payment review can be “life threatening,” particularly if it is a 100-percent prepayment review. In a prepayment review, the supplier has provided the equipment and subsequently submitted a claim. However, the ZPIC will not authorize payment of the claim unless it determines that the supplier’s documentation is in order. If the pre-payment review is large, then it can seriously hurt the supplier’s cash flow. For reasons that I will not go into in this column, the ZPICs are slow in processing prepayment reviews and, too often, act arbitrarily and in contravention of LCDs and other guidance. In short, it can be a painful process to get off of a prepayment review.

There are several factors that can make a supplier vulnerable to an aggressive prepayment review: 1) patient and physician complaints; 2) the supplier primarily sells only one product; 3) the supplier sells the type of product that has come under the government’s scrutiny; 4) in the eyes of a DME MAC, the supplier’s billing patterns are noticeably different from the billing patterns of similarly-situated suppliers; 5) a sudden aberration from how the supplier has billed in the past; and 6) the supplier’s error rate, resulting from previous post-payment audits and prepayment reviews, is high. Let me focus on the first and last points. We are finding that when a patient or physician complains about a supplier to CMS, there will be an investigation. We have seen investigations started within a week that CMS receives a complaint. When a supplier is subjected to a post-payment audit or a prepayment review, no matter how small, the supplier needs to do whatever is necessary to successfully respond to the audit/review. Too often, suppliers will respond in a cavalier fashion to small audits/reviews because “they are too small to mess with.” This results in a high error rate which, in turn, sets the supplier up for much larger audit/review.

There are several preventive steps that the supplier can take to reduce the risk of a post-payment audit/prepayment review. First, the supplier should implement a corporate compliance program. One of the most important aspects of such a program is that there is a person—the corporate compliance officer—who is focusing on avoiding fraud. For a small supplier, the compliance officer can “wear several hats.” The compliance officer is normally not an attorney. What is important is that the compliance officer serves as the “canary in the mine shaft.” He/she is trained to determine if something may be wrong, thereby giving the supplier the opportunity to fix a problem before it gets out of hand. Second, the supplier needs to engage in regular self-audits of its patient files. Third, the supplier should have an outside consultant conduct a patient chart audit at least once a year. Fourth, the supplier should have a health care attorney conduct a periodic legal compliance audit. This will allow the supplier to determine if it is violating any of the federal or state anti-fraud laws (e.g., Medicare anti-kickback statute, Stark physician self-referral statute, telephone solicitation statute). Fifth, the supplier should seriously consider obtaining all documentation (including physician progress notes) before providing a product or submitting a claim. Doing so will drive away some referral source physicians, but doing so may pay big dividends in the end as the supplier responds to audits/reviews.

Conclusion

A television commercial appeared many years ago. It was meant to convince consumers that the Oldsmobile was no longer the stodgy, boring automobile that had been manufactured in the past. The commercial said “This is not your father’s Oldsmobile.” Well, this is not your father’s HME industry. It is different, and we truly do live in a glass house. However, if suppliers take those steps suggested here, then the risk of falling prey to regulatory pitfalls will greatly diminish.