What a ZPIC Audit Means for Your Medical Practice

Written by Researchbite | Updated on: February 17, 2023

What a ZPIC Audit Means for Your Medical Practice

ZPIC audits may be frightening and with good cause. Let us read and understand about them.


Auditors looking into fraud are permitted to request whatever documents, make as many on-site inspections, or interview as many people as they choose during a Zone Program Integrity Contractor (ZPIC) audit. The Medicare Modernization Act led to the creation of ZPIC audits. Zone Program Integrity Contractor audits are carried out more often by the Centers for Medicare & Medicaid Services (CMS), the federal organization combating healthcare fraud. CMS established seven program integrity zones following healthcare legislation reforms, each governed by a ZPIC. To guarantee that Medicare money is spent appropriately, ZPICs administer program integrity duties and submit reports to the Center for Program Integrity (CPI).

ZPICs examine cases to evaluate whether there is a basis to take exclusionary action, following Section of the Medicare Program Integrity Manual (MPIM), titled the "Identification of Potential Exclusion Cases." Patterns of audit findings, prior convictions, numerous claim reviews, and excessive claim filings are all common audit triggers. Government oversight of healthcare providers' operations. Most frequently, providers are looked into for incorrect billing. Healthcare providers frequently need to respond quickly to ZPIC audits since they can be highly intrusive and result in severe administrative, civil, and criminal fines.

What Are ZPICs and ZPIC Audits?

"CMS has agreements with businesses known as Zone Program Integrity Contractors ("ZPICs") to carry out thorough and in-depth provider audits. ZPICs look into alleged fraud, waste, abuse, or other anomalies in healthcare facilities. They are specifically looking for fraud and abuse affecting the Medicare and Medicaid programs. A ZPIC audit examines a medical provider's or other healthcare entity's procedures for any indication of fraud, particularly dishonest billing practices. The selection of entities for these audits is based on several variables, including referrals from law enforcement or federal agencies, complaints from patients, employees, beneficiaries, or whistleblowers, and other data analysis that leads the auditors to believe that the entity is committing fraud of some kind.

Typically, a ZPIC audit is made known to healthcare providers when they request papers from the ZPIC. As far as the ZPIC's authority is concerned, it has relatively few limitations on its ability to request information from healthcare practitioners. The audit procedure entails closely inspecting the healthcare provider's files to verify all patient billings, such as Medicare billings. These audits can be dangerous for certain providers since they may result in accusations of federal Medicare fraud and criminal prosecution. After the audit inquiry, the ZPIC may discover questionable billing practices, overpayments, upcoding, or other healthcare fraud. The ZPIC formulates its appealable recommendations in light of the inquiry. The ZPIC frequently shares the audit's findings with law enforcement, state or federal authorities, and other parties involved in civil or criminal actions.

Workings Of ZPIC Auditor

The ZPIC will first let the doctor or nurse know they are being looked at. Having stated that, ZPICs occasionally carry out audits without giving any warning. They may conduct interviews with those associated with the healthcare provider as part of the audit. To learn how healthcare practitioners bill, they can also ask for supporting documents and medical records. The ZPIC will produce a recommendation of findings based on their audit when the audit is finished. As part of this, judgments will be drawn on whether the healthcare provider has engaged in fraud, waste, or other abuse.

The ZPIC may take any one or more of the following actions if fraud is discovered during the audit:

  • Sending The Healthcare Practitioner Warnings
  • Requesting The Recovery Of Overpayments
  • Putting Payments On Hold
  • Bringing The Healthcare Provider's Licence Up For Evaluation With The State Licencing Board;
  • Revocation Of The Medical Professional's Licence Or Privileges
  • Sending The Case To The Inspector General's Office, Federal Authorities In Charge Of Law Enforcement, And These Organizations For Potential Civil Lawsuits Or Criminal Investigations.

ZPICs Select Healthcare Providers for Audit

ZPICs choose the healthcare providers they will audit using four main criteria. Understanding what prompted a ZPIC audit might be crucial for establishing a smart defensive strategy and figuring out what additional steps may be required when facing one. The following four events typically set off ZPIC audits:

  1. Data Analytics: ZPICs mainly depend on data analytics to find healthcare providers to audit. ZPICs search for outliers while evaluating billing data, such as excessive numbers of billings for a specific treatment or durations of stay that deviates from industry norms and might indicate that a provider is overbilling Medicare. Of course, it's always conceivable that a provider's "odd" billing methods are just a byproduct of the particulars of its line of work.
  2. Research on "Benefit Integrity": ZPICs also carry out "billing integrity" investigations to find situations requiring intrusive audits. Typically, this entails speaking with Medicare recipients and examining the billing information for specific providers. The issues (or at least some of the issues) with this strategy are that patients are not knowledgeable about the Medicare billing policies and procedures, and (ii), as was already said, data frequently don't offer a complete picture of how physicians handle billing.
  3. Employee and patient complaints: ZPICs, like federal investigative agencies, rely on the public to help them find potential audit targets.ZPICs interview beneficiaries and take beneficiary complaints and grievances from current and past staff members of patients and providers. Yet again, patients frequently need more precise knowledge of what is and isn't acceptable, and staff members who submit complaints frequently do so for personal reasons.
  4. Referrals from Federal Authorities: Additionally, ZPICs could be sent cases of potential Medicare billing fraud by the CMS and other government agencies. While several federal agencies conduct investigations into healthcare billing fraud, in certain circumstances, they will find that a ZPIC audit should be adequate to recover any possible overpayments and address any future billing difficulties.

The Warning Signs ZPICs To Look for

ZPIC audits do not happen by accident. They are founded on in-depth investigations that show the healthcare provider is or has been involved in fraud, waste, or other abuse. More frequently than others, some suppliers are attacked. For example, organizations that provide pain management services, Medicare Part A and B providers, clinical laboratories, ambulance services, companies that manufacture durable medical equipment ("DME"), home healthcare agencies, and hospices are targeted more frequently and are particularly vulnerable to a ZPIC audit.

The following are some illustrations of red flags that notify ZPICs of some instances of fraud:

  • Uncommon Billing Procedures;
  • Incorrect billing Methods
  • Inadequate Or Contradictory Entries In The Books Or Records;
  • Complaints Made By People Or Organisations To Government Agencies, As Well As Recommendations From Other Government Contractors;
  • The Notes Of The Provider Are Not Dated, Incomplete, Missing, Erasable, Or Otherwise Disorganised.

The ZPIC auditor may notice those mentioned above and other warning signs as signs of fraud. However, it is crucial to remember that intent is not required to determine responsibility and punishment. For example, careless medical billing, filing, and recordkeeping might lead to liability.

ZPIC Audits Can Lead to OIG Exclusion

If the ZPIC determines that your healthcare entity has to be excluded, they advise the Office of the Inspector General (OIG). The contractor may or may not let you know about their choice. If the OIG excludes a provider, that provider is no longer eligible to receive federal funding for health care. Alternatively, the ZPIC may ask the provider to reimburse Medicare. The procedure is appealable in both scenarios. But because this area of the healthcare law is so complicated, it's typically a good idea for a healthcare practitioner thinking about filing a ZPIC appeal to consult with legal counsel.ZPIC audits aid in preventing fraud, but if your healthcare organization doesn't have the right compliance program in place, they might result in exclusions and other undesirable outcomes.

Process of the ZPIC Audit

Automated audits, semi-automated audits, and complicated audits are the three types of audits that ZPICs carry out, and each type has its own set of processes. Some ZPIC audits are more complicated than others, as you can probably guess from the titles, but all ZPIC audits carry the same dangers. Therefore providers must put out the same amount of work in defending against all sorts of ZPIC audits.

  1. Automated ZPIC Audits: The billing information that a provider has already provided to Medicare is examined as part of automated audits. As opposed to external triggers, data analyses performed by ZPICs often result in these audits. Personnel from ZPIC merely analyze the provider's billing information during an automated audit before concluding.
  2. Semi-Automatic ZPIC Audits: The ZPIC staff examines the provider's billing information given to Medicare during a semi-automated audit and requests more information from the provider. While providers must abide by the relevant Medicare regulations when providing the paperwork requested by ZPICs, this does not imply that they must comply completely. In addition, ensuring the audit's scope is correctly constrained can help minimize inappropriate recoupment requests because ZPICs sometimes request extensive documents that providers are not compelled to furnish.
  3. Audits of Complex ZPIC: Complex audits entail document requests and frequent on-site examination of providers' billing processes and records. These audits are frequently due to confirmed complaints and recommendations from federal agencies. As a result, these audits frequently center on claims of one or more persistent problems, such as invoicing without supporting documentation of medical necessity or charging for non-reimbursable treatments. They can, however, also target service providers whose billing patterns indicate an absence of compliance standards and processes or a culture of non-compliance.


A wide range of materials is available from the Centers for Medicare and Medicaid Services CMS) to assist in preventing and identifying fraud and abuse. The Zone Program Integrity Contractor is rapidly gaining popularity (ZPIC). All Medicare claims' integrity must be guaranteed by ZPICs (Parts A, B, C, and D). The primary goal of a ZPIC is to spot fraud and misuse. When ZPICs detect fraud and abuse, they undertake targeted audits rather than random assessments. Before the Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996, the general program management budget of the contractual fiscal intermediary was used to support the CMS program safeguard operations.


  • https://www.americanmedicalcoding.com/zpic-audit-process/
  • https://www.miramedgs.com/ealerts/169-understanding-the-zpic-audits.html



Written by
ResearchBite is a platform committed to availing the scientific knowledge and information at your fingertips.

Check out other articles written by Researchbite .