Navigating the UPIC Investigation from a Compliance Consultant’s Perspective

May 20, 2022 | By Toni Elhoms, CCS, CPC, CPMA, CRC

Over the past year and a half, I have seen a significant increase in the volume of Unified Program Integrity Contractor (UPIC) investigations taking place in private physician practices.  UPICs work on behalf of CMS to perform program integrity functions like detecting fraud, waste, and abuse (FWA) through sophisticated data mining and analysis.  UPICs also conduct probe investigations on suspected FWA (among other areas) cases and work collaboratively with law enforcement agencies to make referrals that require further investigation.  UPICs operate as an extension of the government and have special authority to suspend an organization’s Medicare/Medicaid program payments immediately.  UPIC investigations are not your typical run-of-the-mill audits.  It is likely that the organization/provider undergoing investigation has been identified as an outlier and/or a referral has been made to the UPIC by a MAC, RAC, or a formal complaint has been filed against the organization.  When a UPIC gets involved, things have clearly escalated!

I recently consulted on a case that involved a pain management group that underwent a Targeted Probe and Educate (TPE) audit issued by a Medicare Administrative Contractor (MAC).  The TPE audit included a review of 10 post-payment claims.  The medical records that were audited revealed glaring deficiencies.  Most of the records had not been signed by the rendering provider and the rendering provider could not be identified from the records.  The notes all appeared to be cloned across patients and clinical documentation was not patient-specific.  The practice failed the TPE audit.  The MAC then made a referral to UPIC.  The UPIC conducted an investigative audit, which consisted of 200 post-payment claims including dates of service over the previous 3 years.  The UPIC also requested information regarding the practice’s referral relationships.  It was no surprise that the practice’s clinical documentation was in a state of disarray, so the practice inevitably failed the UPIC audit.  As a result of the organization’s failure to keep proper medical records, the UPIC immediately suspended the practice’s Medicare and Medicaid program payments.  Then the UPIC extrapolated the error rate identified in the audit and applied it to the entire universe of claims spanning across the previous 3 years, which resulted in a multi-million-dollar overpayment amount.  On top of suspended program payments and compounding legal and consulting fees, the practice was also referred by the UPIC to the OIG.  The practice is currently undergoing a government investigation. Needless to say – this has been a very painful and ongoing nightmare for the practice with no clear end in sight!

After advising and assisting many organizations through the UPIC investigation process, I have compiled a list of my Top 10 Pro-Tips for Navigating the UPIC Investigation:

1. Calendar the response deadline. You do not want to miss this deadline as it will end with unfavorable consequences.  No response can and likely will result in program payment suspension.
2. The UPIC investigation must be a top priority for the organization. It will not disappear, and the outcome of this investigation can potentially have long-term effects.
3. Evaluate the UPIC request in its entirety and with a fine-tooth comb. What is the UPIC probing for?  Are they requesting claims over an extended lookback period?  How many records are being requested?  Are they inquiring into the provider’s business relationships and business practices?
4. Be realistic about your expectations on the investigation outcome. This process will likely be time-consuming, overwhelming, painful, ongoing, and could ultimately end with a bad outcome.  Recognizing this possibility can go a long way.
5. Prepare yourself for the ongoing expenses associated with the UPIC investigation. It will require leadership’s time, staff’s time, and the investment of a defense strategy with retained experts.
6. Retain qualified and experienced legal counsel immediately. Don’t try to navigate these waters pro se.  A good legal team is worth its weight in gold and critical to securing a favorable outcome.
7. Retain a trusted and well-versed coding and compliance consultant to review the medical records and claims in dispute. Your consultant can give you invaluable intel about the quality of your documentation and what findings will likely come from the UPIC audit.  Your consultant can work closely with your legal team to devise an effective response strategy.
8. Get ahead of the game. Now is the time for a compliance gut check.  Did the audit reveal variances?   If the answer is yes, now is time to decide whether voluntary refund or tapping into the OIG’s Self Disclosure Protocol (SDP) is the appropriate course of action.  Again, seek guidance from your legal counsel!
9. Do not include a hodgepodge of random documents in your UPIC response. Also, do not alter or fabricate any documentation responsive to this request – this will most certainly end bad. Submit all required documents based on the UPIC request parameters in an organized manner.  Your cooperation in getting the UPIC the information they are requesting will only benefit you!  Including a table of contents and summary letter can also be helpful.
10. Take this as an opportunity to evaluate your internal compliance program. Does it align with the OIG’s effective compliance program framework?  Chances are if your organization is crossing paths with UPIC – your compliance program either needs a tune-up or a complete overhaul!  It goes without saying, but if you don’t have a compliance program – you need to get one STAT!