The Impact of Unified Integrity Program Contractors (UPICs) and Recovery Audit Contractors (RACs) on the Business of Medicine

Executive Summary

This article outlines the structure, some of the legal authority (don’t want to go overboard here), and operational implications of the Unified Program Integrity Contractors (UPICs) and Recovery Audit Contractors (RACs) within the Medicare program. I wanted to share the effects these contractors have on the business of medicine, particularly regarding the challenges they pose to healthcare providers. Each week my team and I are contacted by practices, hospital networks, health systems and law firms to assist in defending audits and referrals by these contractors. I have often received blowback on the use of the term contracted "Bounty Hunters" but this is what they are and I believe many of you that read this article will agree after I share my intimate knowledge of how these companies, who are under the protection of the federal government operate. I have been engaged in close to 100 UPIC Investigations and more than 40 RAC Audits and appeals, and have seen first hand at the unjust targeting and lack of competence that sometimes exists within the walls of these contractors. To be fair, there are some outstanding professionals that work within these organizations but unfortunately, they are few.

My hope is to put forward the argument(s) that while the intent of these programs is to curb fraud, waste and abuse in addition to ensuring compliance, their implementation of policy and protocol more often than not, result in disproportionate burdens on legitimate providers. Moreover, this article discusses why the current “pay and chase” antiquated model for Medicare, which is largely reliant on these contractors, is flawed and calls for a restructuring of these programs to align better with the program’s goals without undermining provider trust and efficiency.

Introduction and Background

The Centers for Medicare and Medicaid Services (CMS) relies heavily on third-party contractors for “Program Integrity” including but not limited to UPICs and RACs to enforce compliance, prevent fraud, waste, and abuse, and to recover improper payments within the Medicare and Medicaid programs. These contractors are tasked with ensuring financial integrity, but their methods and resulting consequences often pose significant challenges to healthcare providers. The balance between enforcing compliance and ensuring that legitimate providers are not unjustly penalized is a key issue in the ongoing debate surrounding these programs. For years, providers have been wrongfully targeted by these programs resulting in significant costs financially, in morale, and in some cases reputation. In healthcare, providers targeted by these and other integrity contractors as well as The Office of Inspector General (OIG) and The Department of Justice (DOJ) are guilty until they’re proven innocent, which is not how the justice system in our country is supposed to work.

My analysis of the contracts governing UPICs and RACs, explores some of their legal authority, the negative impact(s) on providers, and offers recommendations for reforming these programs to achieve their original goals without unfairly burdening legitimate healthcare providers.

I. Unified Integrity Program Contractors (UPICs)

UPICs are contracted by CMS to prevent fraud, waste, and abuse in Medicare, Medicaid, the Children's Health Insurance Program (CHIP), and other federal payor programs. They’re responsible for investigating potential fraud, performing audits, identifying improper billing, and reviewing claims for compliance. “CMS pays Unified Program Integrity Contractors (UPICs)?through a fixed contract based on their geographic jurisdiction, with funding determined by the region's historical workload;?essentially, UPICs are paid a set amount for their services, not based on a percentage of the improper payments they identify, unlike some other CMS contractors like Recovery Audit Contractors (RACs).?

Key points about UPIC payments:

• Fixed contract:

Each UPIC is awarded a contract for a specific geographic area and receives a predetermined amount of funding based on the expected workload in that region.?

• Non-contingency basis:

Unlike RACs, UPICs do not receive a percentage of the improper payments they find, meaning their compensation is not directly tied to the amount of fraud they detect.?

• Performance-based bonuses:

CMS may provide additional payments to UPICs based on their performance and ability to identify and recover significant overpayments.?

• Workload adjustments:

If a UPIC's workload significantly increases, CMS can adjust their payment accordingly...”[1]

The contracts often include:

·???????? Fraud detection and investigation: UPICs review claims data for indications of fraud, such as patterns inconsistent with industry standards.

·???????? Education and outreach: Contractors are required to educate providers on compliance requirements and billing practices.

·???????? Payment safeguard review: UPICs may conduct proactive reviews of high-risk providers and claims.

UPICs operate under the authority granted by CMS, which derives its powers from the Social Security Act and other regulations that mandate the detection and prevention of fraud and abuse in federal health programs. UPICs are legally authorized to:

·???????? Perform audits of Medicare and Medicaid claims.

·???????? Suspend payments when fraud is suspected.

·???????? Request documentation from providers to validate claims and reimbursements.

·???????? Recommend referrals for further investigation to law enforcement when fraud is suspected.

2. Recovery Audit Contractors (RACs)

RACs are another category of contractors hired by CMS to recover overpayments made by Medicare. The contracts for RACs are typically structured with a contingency-based payment model, where contractors are paid a percentage of the amount they recover. This model incentivizes RACs to find overpayments but can create a conflict of interest in that contractors are paid more for identifying errors, whether they are fraud-related or simple clerical mistakes. RACs are only paid once the overpayment has been collected from the provider, not just when it is identified.?This payment structure incentivizes RACs to accurately identify and recover improper payments.?

The responsibilities of RACs include:

·???????? Post-payment audits: RACs conduct reviews of claims after they have been paid to determine if an improper payment was made.

·???????? Overpayment identification: If overpayments are found, RACs issue demands for repayment from providers.

·???????? Appeals process: Providers can appeal findings, but the process is often lengthy and burdensome.

RACs derive their authority from the Medicare Modernization Act, Section 306 and the Tax Relief and Health Care Act of 2006, which mandates that CMS implement a program to identify and recover improper Medicare payments. RACs have legal authority to:

Review paid claims and determine whether the services provided were reasonable and necessary under Medicare rules.

·???????? Recoup payments if the review determines that overpayments were made, often accompanied by interest and penalties.

·???????? Request documentation to substantiate claims.

II. The Impact of UPICs and RACs on the Business of Medicine

While the objective of UPICs and RACs is to ensure the integrity of Medicare and Medicaid, these programs often place an overwhelming burden on healthcare providers, particularly small practices and independent providers, including but not limited to:

·???????? Prolonged audit processes: Providers face lengthy audits that can take months or even years to resolve. During this period, they are often required to continue managing their day-to-day practice while dealing with significant administrative and financial stress. Sometimes they don’t ever hear what the outcome is, which is even more frustrating.

·???????? Financial strain: If overpayments are identified, providers are required to pay back or are subject to “claw-backs” that are often significant sums.

·???????? Defensive medicine: The fear of audits and penalties may push providers to engage in defensive medicine, ordering excessive tests or procedures to protect themselves from potential audits, driving up healthcare costs unnecessarily.

The current "pay and chase" model used by Medicare, where payments are made to providers initially and only later audited for possible overpayment, creates an inherent risk of error/mis-interpretation of LCD(s), LCA(s), or NCD(s), which can lead to things such as:

·???????? False positives: RACs and UPICs may mistakenly identify legitimate claims as improper, leading to unnecessary overpayments being demanded from providers. There have been many examples of their auditors applying outdated, retroactive, or just plain wrong LCDs/NCDs.

·???????? Administrative burden: Providers are often forced to prove the legitimacy of claims even when they have already been reimbursed in good faith. This is especially true for laboratories, who cannot establish “Medical Necessity” (see 2nd circuit court of appeals (United States ex. Rel. Tina Groat v. Boston Heart Diagnostics) also, HHS/OIG Guidance on Laboratory Guidance).

·???????? Impact on trust: The constant scrutiny and the pressure of the appeals process create a climate of distrust between CMS and healthcare providers, undermining the collaborative effort needed to improve patient care and reduce fraud.

III. Blind Data Mining and Unexplained Claims Reopening

One of the most problematic aspects of the UPIC and RAC programs is the over-reliance on data mining to identify improper billing. While data analytics is a critically useful tool for detecting fraud, its application can lead to unjust conclusions and unfair targeting of healthcare providers. The purpose of data mining is to look for aberrance and/or outliers to then target documentation to determine whether or not it supports the service(s) billed to and paid by CMS or other federal/state payor programs.

Data mining algorithms rely on patterns and trends in claims data to identify anomalies. However, these algorithms may flag legitimate claims as suspicious without considering the full context. For example, an unusually high number of claims in a particular specialty or region might be flagged, even though such claims could be entirely legitimate. This leads to the unwarranted targeting of providers who may be practicing within established norms, or based on generally accepted standards of medical practice, causing potentially unnecessary financial and/or reputational damage.

Data mining systems tend to treat claims in isolation, often without any context. For example, a provider who treats complex, high-need patients (Rheumatology/Oncology) may have billing patterns that differ from others, but this is not necessarily indicative of fraud. A failure to account for these nuanced results often leads to providers being unfairly targeted.

Because data mining focuses on identifying statistical outliers, it often leads to the indiscriminate auditing of providers as I outlined above, which means this "one-size-fits-all" approach fails to recognize the diversity of practice patterns, specialties, geographical location, etc., in different healthcare settings, unfairly targeting and often punishing honest providers. Blindly using data mining without nuanced understanding or adequate oversight leads to unjust targeting of providers, undermining the integrity of the healthcare system and harming patient care.

Another significant concern with the UPIC and RAC programs is the authority granted to contractors to reopen claims for good cause, a provision that allows these contractors to review claims that were previously processed and paid. While the law grants this authority to contractors, the lack of clear guidelines or requirements for disclosure of the "good cause" raises both legal and ethical concerns:

Lack of Transparency: Contractors often do not have to provide a detailed explanation for why a claim is being reopened. This lack of transparency prevents providers from understanding the basis for the re-opening and leaves them with little recourse to challenge the decision or prepare an adequate defense. Without a clear explanation of the "good cause," providers are left in the dark, unable to effectively address or dispute the claims.

“10.11 - Good Cause for Reopening

(Rev. 3568, Issued: 07-29-16, Effective: 09-30-16, Implementation: 09-30-16)

On its own initiative or at the request of party (see IOM Pub. 100-04, chapter 29, §110

for the definition of a party), a contractor may reopen an initial determination or

redetermination within 4 years from the date of the initial determination or

redetermination when good cause exists. However, good cause is not required for

reopening of claims for up to 1 year from the date of the initial determination or

redetermination. Under 42 CFR 405.986, good cause exists when:

? There is new and material evidence that was not available or known at the time of

the determination or decision and may result in a different conclusion; or

? The evidence that was considered in making the determination or decision clearly

shows on its face that an obvious error was made at the time of the determination or

decision.

A contractor’s decision to reopen based on the existence of good cause, or refusal to

reopen after determining good cause does not exist, is not subject to appeal. See 42 CFR

405.926(l), and 405.980(a)(5).

NOTE: Third party payer error in making a primary payment determination does not

constitute good cause for the purposes of reopening an initial determination or

redetermination when Medicare processed the claim in accordance with the information

in its system of records or on the claim form. Contractors may only reopen for third party

payer error under the “within one year for any reason” standard. This is true for both

contractor initiated reopening’s as well as reopening’s requested by a party. All providers

and suppliers have a legal obligation to determine the correct primary payer when billing

Medicare. Failure to do so, regardless of third party payer error, does not constitute

“good cause” that will permit reopening beyond one year. Information regarding such

error does not constitute “new and material evidence.”

10.11.1 - What Constitutes New and Material Evidence

(Rev. 1671, Issued: 01-16-09; Effective/Implementation Date: 02-16-09)

New and material evidence is one of the means for establishing good cause to reopen an

initial determination or redetermination. New and material evidence is evidence that:

1. Was not readily available or known to the person or entity requesting/initiating

the reopening at the time of the initial determination or redetermination; and

2. May result in a conclusion different from that reached in the initial determination

or redetermination.

For example, data analysis that identifies a high error rate or pattern of potential

overutilization on the part of a provider or supplier is one example of evidence that is not

readily available or known to a contractor at the time it made its initial determination, and

may cause the contractor to believe its initial determinations for the claims of the

provider or supplier were incorrect.

Evidence may include any record used in the provision of medical care that supports

whether or not the service was covered, medically necessary, and provided as billed.

This includes medical records, progress notes, orders, procedure reports, invoices, proofs

of delivery, or other documentation as required by CMS policy. However, as explained

further below, any such evidence submitted by a party must satisfy the good cause

standard set forth in §405.986 (i.e., that it is new and material evidence (as described

above), or demonstrates that the evidence considered in making the initial determination

or redetermination clearly shows on its face that an obvious error was made at the time of

the determination or decision).

10.11.2 - Policies Related to Good Cause Reopening’s for New and

Material Evidence

(Rev. 1671, Issued: 01-16-09; Effective/Implementation Date: 02-16-09)

In determining whether good cause exists for reopening an initial determination or

redetermination, the contractor considers whether evidence is new and material from the

perspective of the person or entity requesting or initiating the reopening.

When a party requests a reopening of an initial determination or redetermination for good

cause based on the submission of new and material evidence, the following policies

apply:

? The mere submission of additional evidence is not necessarily sufficient to

establish good cause to reopen an initial determination or decision. The information must

be “new,” (i.e., not readily available or known to exist at the time of the initial

determination) as well as material (i.e., may result in a different conclusion). A party

should explain how the information constitutes new and material evidence that

establishes good cause. If the contractor is unable to determine whether the information

submitted with a reopening request constitutes new and material evidence, the contractor

may decide not to grant the reopening.

? When a request for reopening is submitted with new and material evidence, but

additional information or evidence is needed before a proper revised determination or

decision can be made, the contractor may contact the party seeking the reopening, and

request that they obtain and submit the additional information. If the person or entity

requesting the reopening cannot obtain the additional information, the Medicare

contractor assists to the extent that it is reasonably able to do so.

When a Medicare contractor initiates a reopening of an initial determination or

redetermination for good cause based on the existence of new and material evidence, the

following policies apply:

? The contractor is responsible for clearly documenting in the case file the new and

material evidence that represents good cause for reopening.

? In order to promote administrative efficiency, Medicare does not generally require

that a party submit supporting medical documentation with the initial claim. Therefore, if

a medical record or other supporting documentation was not utilized when a contractor

made an initial determination, because it was not requested or was not provided, then the

content of any medical records or supporting documentation which are subsequently

requested by the contractor during the course of its review would constitute new

evidence.

10.11.3 - What Constitutes Error on the Face of the Evidence

(Rev. 1671, Issued: 01-16-09; Effective/Implementation Date: 02-16-09)

Error on the face of the evidence exists if it is clear that the determination or decision was

incorrect based on all evidence in file on which the determination or decision was based,

or any evidence of record anywhere in the contractor’s Medicare file or in CMS files at

the time such determination or decision was made.

10.12 - Change in Substantive Law or Interpretative Policy

(Rev. 3568, Issued: 07-29-16, Effective: 09-30-16, Implementation: 09-30-16)

A change of legal interpretation or policy by CMS in a regulation, CMS ruling or CMS

general instruction, or a change in legal interpretation or policy by SSA in a regulation,

SSA ruling or SSA general instruction in entitlement appeals, whether made in response

to judicial precedent or otherwise, is not a basis for reopening a determination or decision

under this section. This provision does not preclude contractors from conducting

reopening’s to effectuate coverage decisions issued under 42 CFR 42 CFR

§426.460(b)(1)(i), 426.488 (b) and (c), or 426.560(b)(1)(i) appeals process.[2]

The absence of a transparent process for reopening claims without explanation could violate basic principles of due process. Providers may not have the opportunity to adequately challenge the reopening of a claim or correct any misunderstandings. This erodes trust in the system and could be seen as an abuse of power.

The "good cause" provision is vague, as I outlined above in the various sections of Chapter 10 of The Program Integrity Manual; allowing contractors to potentially reopen claims arbitrarily or in bad faith. Without proper oversight or guidelines, there is an increased risk that contractors could engage in abusive practices, targeting providers unnecessarily, and creating an environment where the burden of proof shifts unfairly to the provider.

From a legal standpoint, reopening claims without proper explanation or without giving providers a clear opportunity to dispute the reopening may be considered unlawful under administrative law principles, as it infringes on providers' rights to due process. Ethically, it undermines the principles of fairness and accountability that should govern any government contracting process.

IV. Recommendations for Reform

Instead of paying providers and then chasing overpayments after the fact, CMS should implement a more proactive, pre-payment review system. This would involve more stringent claim scrutiny before payments are made, reducing the need for post-payment audits and protecting providers from undue financial burdens.

CMS should implement more nuanced, risk-based strategies for data mining that consider the specific characteristics of individual practices and providers. This could include considering specialty-specific billing patterns, regional variations in practice, and patient complexity when flagging claims for further review. Moreover, any data-mining process should be subject to oversight and transparency, ensuring that flagged providers have an opportunity to review and contest findings before audits proceed.

Further, CMS should introduce clear guidelines requiring contractors to provide a detailed and specific explanation whenever claims are reopened for "good cause" not just the generic statement(s) such as “Medical Necessity.” These explanations should include the data or circumstances that led to the reopening decision, allowing providers to understand the basis for the action and respond accordingly during an open comment period. This would foster greater transparency, fairness, and accountability in the auditing process.

The current appeals process is highly problematic due to the lack of competency of those at the first level reviewing appeals, and at the Qualified Independent Contractor (QIC), level II. Level III (Administrative Law Judge (ALJ)) has traditionally been a slower process but it is getting faster. Streamlining this process, perhaps by increasing the number of resources allocated to appeals and using competent reviewers at the first two levels, or utilizing technology for faster adjudication, would alleviate some of the stress providers face when challenging audit findings. The introduction of Artificial Intelligence (AI), even though the new Secretary of HHS (RFK, Jr.) is opposed to it would potentially expedite the process.

CMS needs to develop a more balanced approach in which legitimate providers are not unfairly targeted. I have often talked of Risk Based Auditing (RBA), which is the process of creating risk stratification models that focus on high-risk providers rather than indiscriminately auditing all providers, which would make the system more efficient and potentially less punitive.

The current structures of UPICs and RACs serve important functions but also pose significant risks to the business of medicine. The complex and often punitive audit processes, combined with the over-reliance on data mining and the power to reopen claims without sufficient transparency, create unfair targeting, inefficiencies and undue strain healthcare providers. Reforms to an outdated structure are critical and shifting to a more balanced, pre-payment review system, streamlining the appeals process, reducing blind data mining practices, and improving transparency in claims reopening would align the integrity programs with their original objectives while preserving the trust and stability of the healthcare system.

References

1.?????? https://www.cms.gov/regulations-and-guidance/guidance/manuals/downloads/clm104c34.pdf

2.?????? https://www.appliedpolicy.com/7258-2/#:~:text=CMS%20contracts%20with%20a%20single,work%20is%20focused%20on%20fraud

3.?????? Centers for Medicare & Medicaid Services (CMS). (2020). "Recovery Audit Contractor (RAC) Program." Retrieved from [https://www.cms.gov/Research-Statistics-Data-and-Systems/Monitoring-Programs/Medicare-Integrity-Program/Recovery-Audit-Contractors](https://www.cms.gov/Research-Statistics-Data-and-Systems/Monitoring-Programs/Medicare-Integrity-Program/Recovery-Audit-Contractors)

4.?????? U.S. Department of Health and Human Services. (2021). "The Medicare Recovery Audit Contractor (RAC) Program." Retrieved from [https://oig.hhs.gov] (https://oig.hhs.gov)

5.?????? Tax Relief and Health Care Act of 2006, Pub. L. No. 109-432, 120 Stat. 2922.

6.?????? Social Security Act, 42 U.S.C. § 1395 et seq.

7.?????? U.S. Department of Justice. (2019). "Federal False Claims Act: Civil Enforcement." Retrieved from [https://www.justice.gov/civil/false-claims-act](https://www.justice.gov/civil/false-claims-act)

[1] https://www.appliedpolicy.com/7258-2/#:~:text=CMS%20contracts%20with%20a%20single,work%20is%20focused%20on%20fraud.

[2] https://www.cms.gov/regulations-and-guidance/guidance/manuals/downloads/clm104c34.pdf