BLOG POST

Health Law Scan

Legal Insights and Perspectives for the Healthcare Industry

OIG Lauds UPIC Program and Recommends Expansion, Additional Targeting of Medicaid Providers

On October 3, the Office of Inspector General (OIG) of the US Department of Health and Human Services issued a report titled “UPICs Hold Promise to Enhance Program Integrity Across Medicare and Medicaid, But Challenges Remain.” This report detailed OIG’s findings related to the efficacy of the Unified Program Integrity Contractor (UPIC) program.

As many providers know, UPICs are the primary program integrity contractors for the Centers for Medicare and Medicaid Services (CMS), with authority to refer both Medicare and Medicaid claims (hence their “unified” name). UPICs’ ostensible primary purpose is to investigate instances of suspected fraud or abuse in the Medicare or Medicaid programs—however, much of their work amounts to medical review and payment recovery, as their investigations rarely identify meaningful fraud.

OIG conducted a qualitative study of each of the five UPICs, including soliciting comments from the UPICs on the challenges they faced in performing program integrity activities. OIG also sought input from CMS regarding how CMS measures the effectiveness of UPICs and any challenges UPICs face in conducting their work. Notably, OIG’s study did not include any critical voice but instead presumed that the UPIC’s program integrity activities were general appropriate and effective. OIG did not assess whether UPICs were appropriately targeting providers with audits and suspensions or whether UPIC findings were upheld by Administrative Law Judges in the administrative appeals process. Instead, OIG’s report implies that more auditing is always better, regardless of its efficacy or its impact on healthcare providers.

OIG’s Findings on UPICs

Although OIG did not offer any meaningful criticism of UPICs, it did identify a systemic concern —namely, that UPICs did substantially more auditing of Medicare claims than Medicaid, despite CMS funding being specifically earmarked for Medicaid audits. In addition, OIG noted that UPIC activities in managed care programs was particularly low—a surprising conclusion given that most managed care organizations and providers would not anticipate the involvement of CMS contractors in their plans’ internal integrity activities.

OIG acknowledged the potential challenges that could have contributed to UPICs’ minimal integrity activities for Medicaid, such as varying state Medicaid payment policies and regulatory requirements. However, OIG also noted that such variations do not account for the “wide unexplained disparities in program integrity activities across UPICs.” OIG also found that UPICs’ attempts to unify Medicare and Medicaid data to improve program integrity “have not yet produced significant results.” Despite these findings, OIG still reported that “CMS and UPICs have laid a foundation for improvements”—implying that UPICs’ program integrity activities to date have been only positive and can serve as a basis for expanded activities in the future.

While it is true that UPIC audits result in overpayment recoveries for CMS, what is the cost of those recoveries to the Medicare program and to participating healthcare providers? OIG sidesteps this issue entirely and instead simply recommends that CMS implement a plan to “increase UPICs' Medicaid program integrity activities,” particularly for managed care claims. CMS concurred with this recommendation.

OIG’s recommendation to ramp up UPIC Medicaid program integrity activities will in all likelihood be followed by targeted efforts by UPICs to audit Medicaid fee-for-service and managed care claims. UPICs will presumptively employ the same tactics for Medicaid audits as it does for Medicare. That is, suspensions based on “credible allegations of fraud,” site visits, beneficiary/enrollee interviews, and extensive data mining activities suggesting that a provider is an “outlier.” In addition, it is likely that CMS directives to UPICs will follow greater CMS efforts to better share data between the Medicare and various state Medicaid programs, including claims data, sanction activity, and audits spanning payor type. This will also complicate providers’ appeal strategies, as they may need to pursue administrative appeals through both the Medicare and state pathways.

Reduce Your Risk Through Proactive Auditing

Providers should proactively assess their operations and compliance activities both internally and compared to their peers. Internally, providers should evaluate their billing and coding operations as relevant to payer guidelines, ensuring they are producing accurate and complete medical records. Consider conducting a limited billing audit to understand how clinical documentation complies with both Medicare and Medicaid coding requirements. OIG’s recommendation for UPICs to increase integration of Medicare and Medicaid data, in conjunction with greater coordination of provider investigations, will likely result in increased detection of potentially problematic billing patterns compared to current practice as well as expanded overpayment liability.