Skip to content


I admit that I was a little hopeful, if not disillusioned, when the new UPICs came to my attention.  After verifying that UPIC was not a ZPIC with a typo, I thought that maybe this was a special type of audit where you got to pick the charts you wanted to be reviewed like some people pick their own lottery numbers.  No such luck, I’m afraid.

UPICs are Unified Program Integrity Contractors.  UPICs will carry out program integrity functions for Medicare Parts A, B, Durable Medical Equipment Prosthetics, Orthotics, and Supplies, Home Health and Hospice, Medicaid and Medicare-Medicaid data matching[i].  The primary objective of the UPIC is to identify fraud and abuse and make appropriate referrals.  Other agencies recoup overpayment and address recommendations to law enforcement addressing criminal or civil charges.  They can also recommend suspension of payment.  Whether or not the agency is notified in advance of the payment suspension depends on if the UPIC thinks it is possible that the provider will change it’s billing habits if it knows that payment will stop.  Think about that for a minute.  Who wouldn’t change their billing habits if they knew payment was coming to an abrupt halt?

UPICs, like ZPICs can request clinical records, verification of licensure, copies of claims, etc.  The most recent UPIC request I read included a host of new horrors that may not be available and/or are too cumbersome to send.   Here’s a short recap of some of the new things but remember, they can always ask for more or even go to your office to visit.

  1. Copy of the face sheet. I have never used this term in home health or hospice, but it is basically patient demographics and insurance information.  People who have experience in a hospital are likely familiar with this term.
  2. Copy of Medicare card and state identification card (driver’s license or state ID). The logistics of getting a copy of the Medicare card and state identification card involve too many opportunities for loss and theft that I don’t recommend it even if Medicare wants it.  However, Medicare and other payor sources lose money daily when somebody loans (rents) their Medicare/Medicaid card to someone else.  Some software systems allow you to post a picture of the patient on the face sheet.  DNA and fingerprints are not necessary, but the end of the earth is not too far to go if there are any doubts. 
  3. Authorization of benefits. This is almost universally included in the consent form given to patients.  Take a quick look and ensure that somewhere on the consent it says that the patient or representative authorizes the agency to bill Medicare for services.  It would hurt a lot if this statement was inadvertently omitted when all those changes were made to the form relative to the new Conditions of Participation.
  4. EHR Audit Trails. In most systems, these audit trails are cumbersome to obtain and require someone to print or save the audit trail for each individual document.  In one system, the audit trail can be over 100 pages for a single document.  For a long time, there was a vendor who provided audit trails on request, but the agencies were not able to run them.  If you get a UPIC, consider the burden to your agency and call the person who signed your UPIC letter.  It kind of makes paper charts seem appealing again.
  5. OASIS to include the start of care, the resumption of care certification prior to and after the dates of services noted in this request and the discharge. I’m not entirely sure what this means.  To the best of my knowledge, patients aren’t certified after Resumption of Care unless the patient was in the hospital at the end of the episode and there is no change between the recertification assessment (not mentioned) and the ROC HIPPS code.  If an agency has a reasonable hospitalization rate, this is a rare occurrence.  Plus, there are numerous other bullets in the list that mention OASIS assessments.
  6. Travel Logs. Some agencies don’t have travel logs.  Some don’t pay mileage and others pay a flat ‘trip fee’.  I would think a visit log would be more useful to the UPIC but in the two page request, that wasn’t mentioned.

There are many more entries in the UPIC request but even though the length of the list is daunting, it is repetitive.  Laboratory results are requested on page one and all diagnostic tests are requested on page two.  There are individual entries for all hospital documentation, Inpatient records, Inpatient records to support start of care, inpatient records for hospitalizations during the episode, emergency room visit notes and the history and physical.  The best advice I can give is to be careful when delegating the tasks on the list, so you don’t have multiple employees all printing OASIS assessments.

The good new is that most of you will not find yourself in the undesirable position of being the target of a UPIC. If you are one of the unlucky ones, well, it’s not luck that brought you the unwanted attention from a UPIC.  The data analytics are very sophisticated and there is nothing random about the selection of charts (which makes me wonder why a copy of your Medicare Census is included in the list of documents required from the agency.  They know who your patients are.)

That doesn’t mean that your agency is operating outside of coverage guidelines.  It does mean that cloned notes, poor coding, lack of OASIS skills and care plans that are copied from one episode to the next will be under the spotlight.  This results in paying money back to Medicare and additional scrutiny which may extend to your referring physicians who might then begin referring patients to your competitors because they don’t like attention from Medicare any more than the rest of you do.  I do not like it when care is provided to eligible beneficiaries gets denied because a nurse is a little too eager to show off his or her new cut and paste skills.  It’s not like the agency can recoup their paychecks.

Questions?  Comments?  Do you have any experience with UPICs?  Post your comments below or email us.  We need to know now so we can understand them before they become obsolete.

[i] From Noridian Healthcare Solutions

5 Comments Post a comment
  1. Gail #

    Lord, what else can the government waste money on to be sure their money is being wasted? I’m glad I’m retired.

    May 22, 2018
  2. Sahily #

    Hello Julianne,

    Forgive my questions but, who are these people? Are all States targeted? And what exactly is an EHR audit trail? I think my brain is becoming thicker from dealing with and trying to think like CMS and their intermediaries. Will it ever end?
    As always, thank you for the information.

    May 22, 2018

    • Sahily, thanks for asking and good to hear from you. Due to the length of the post had it included all information, I was possibly too brief.

      The Unified Program Integrity Contractors are mostly the same as Zone Contractors. AdvanceMed, Safeguard Services and Integrity Med have all been active lately. To put them in perspective you have:

      MAC’s: Medicare Administrative Contractors, formerly FI’s. They process claims and will send out ADRs to determine proper payment. Famous for denying over 50 percent of claims due to F2F a few years ago.

      RAC’s: Recovery Audit Contractors. The most common one is Cotiviti, a sister company of Connolly. They use claims data to identify payment errors. For instance, Medicare is supposed to adjust late and early episodes regardless of what the OASIS says. For a period of time, they did not and using data only, these claims were adjusted.

      UPIC/ZPIC: Again, using trends in claims data, these lovely entities look specifically for fraud. Sometimes, they will receive a referral from a complaint. They have used various methods over the years. Right now, I am told by AdvanceMed that they are not extrapolating initial audits which is a very good thing. However, should they find a lot of errors, there is nothing to prevent them from requesting more clinical records or even visiting you in person. As nice as they are, they don’t make a trip without a reasonable certainty that they will find something. Don’t let that happen to you. They are paid millions of dollars for the contract but not a percentage of what they identify as fraud.

      The EHR audit trail is the computer work log or ‘details’ of whoever is in the record. For instance, if I go into a clients chart, my name should appear on the audit trail. Our coders names appear along with the date and time they made the entries. One system automatically enters whomever has a document open every 15 minutes. Thats a long audit trail especially if the nurse goes to get coffee or takes a phone call without logging out. But, if you have records requested and visit notes are edited after the episode has been billed, the UPICs could assume it was because you billed improperly and wanted to cover your tracks. But errors are often identified when reviewing records for any purpose. Here’s how you make corrections.

      Open a case conference or even handwrite a note explaining the error. The date should be the day that you write the correction. Include an ‘effective date’ so that it is clear when the information was pertinent. Sign your name and date it. A correction to chart going to a UPIC might read: ‘Lasix was inadvertently ordered at 400 mg. It should have read 40 mg. The correct dosage was taught to the patient and the pharmacy filled prescription with 40 mg pills.’

      Because billing has already occurred, you cannot correct things like the omission of therapy orders adding visits BUT write the correction anyway. You do not want to present a picture of an agency who doesn’t notice little things like missing orders prior to billing. I assure you that will not go over well and may result in a different kind of referral than the ones you celebrate. Referrals to law enforcement are entirely different than referrals from physicians.

      May 22, 2018

  3. Good info

    Guy Davis, Director Strategic Initiatives 

    May 22, 2018

    • Thanks, Guy.

      May 22, 2018

Leave a Reply