MAC, CERT, RAC, PSCs, ZPIC and the OIG, Who IS Watching You?

MAC, CERT, RAC, PSCs, ZPIC and the OIG, Who IS Watching You?

On February 17, 2011 the Attorney General Eric Holder, Health and Human Services (HHS) Secretary Kathleen Sebelius, FBI Executive Assistant Director Shawn Henry, Assistant Attorney General Lanny A. Breuer of the Criminal Division and HHS Inspector General Daniel Levinson announced that the Medicare Fraud Strike Force charged 111 defendants in nine cities, including doctors, nurses, health care company owners and executives, and others, for their alleged participation in Medicare fraud schemes involving more than $225 million in false billing. This was the largest-ever federal health care fraud takedown. At the same time, the Department of Justice (DOJ) and HHS announced the expansion of Medicare Fraud Strike Force operations to two additional cities – Dallas and Chicago.

This article is not meant to cause undue alarm or cause panic, but it is to inform you that the government and Medicare are serious in its efforts to reduce healthcare fraud, waste, and abuse. I have talked to doctors and staff who are not concerned with being audited. Many chiropractors believe that they do not see enough Medicare patients to be audited; however, having a low Medicare patient volume does not keep a provider from being audited. I have also talked to several nonpar providers who believed that they could not be audited, this is not the case. Understanding who is monitoring your claims, who can ask for your records and what they are looking for is more important than ever.

As part of the government’s efforts to prevent and fight healthcare fraud, waste and abuse the Department of Health and Human Services (HHS) and the Attorney General announced in December 30, 2010, that the Centers for Medicare and Medicaid Services (CMS) would acquire new fraud-fighting analytic tools (1), as the Affordable Care Act provides an additional $350 million to fight fraud and abuse (1). The act also toughens sentencing for criminal activities. It enhances screening and enrollment requirements for providers and promotes the sharing of data among different auditing entities and different government agencies. Additionally, the Affordable Care Act increases the overpayment recovery efforts of Medicare Auditors and also provides greater oversight of private insurance abuses (1).

Audits and Reviews are not going away. They are profitable in recovering overpayments and protect government funded healthcare plans from making improper payments. The Department of HHS reported that the government’s health care fraud prevention and enforcement program recovered over $ 4 billion in taxpayer dollars in 2010, the highest amount ever (2). The Health Care Fraud Prevention & Enforcement Action Team (HEAT) and the Medicare Fraud Strike Force provided education to Medicare beneficiaries about how to protect themselves against fraud (2). In 2007 the Comprehensive Error Rate Testing Report stated that Chiropractic had an error rate of 27.9% resulting in an overpayment of 60.3 million. The Office of Inspector General (OIG) reported that for every $1 spent on audits and fraud investigations $17 was recovered (3). CMS is required by the Social Security Act to protect the Medicare program. This is carried out by several different auditing entities.MACs are Medicare Administrative Contractors. In Illinois the A/B MAC is WPS.

MACs perform Medical Reviews (MRs). MRs are often automated using sophisticated data analysis to examine claims. MR activities are based on Progressive Corrective Action (PCA). When an atypical billing pattern is identified or other claim form problems arise, records may be requested and the MAC auditor will conduct a probe review. When a provider-specific problem is found a reviewer will request 20-40 claims from the provider. When a widespread problem is identified, such as the increase in the billing of a particular CPT® code by several providers, the reviewer will ask for claims from multiple providers. When a probe review determines that a problem exists it is classified as minor, moderate or significant (usually based on the number of claims paid in error) and the appropriate corrective action is taken by the MAC. Corrective actions include: educating the provider of the appropriate billing and documentation procedures, pre-payment reviews and/or post-payment reviews. A pre-payment MR is when a percentage of a provider’s claims go through a review process before any payment is made to the provider. A post-payment MR is when multiple claims a reviewed after payment has been made. From the reviewed claims an error rate will be determined and then the MAC will extrapolate an overpayment amount using results from the audit. If a provider is under a pre-payment or post-payment review, assistance is required ranging from legal counsel to professionals trained in medical compliance. Typically, once the problems are corrected the provider will no longer be on review status. However, if the problems persist the provider may be excluded from participating in Medicare.

The Comprehensive Error Testing Rate (CERT) was created to determine a National Medicare Fee for Service (FFS) Error Rate by calculating the paid claims error rate and the provider compliance error rate. This is begun by randomly selecting approximately 100,000 claims submitted to Medicare during a reporting period. CERT not only calculates the national FFS error rate but also a service-specific error rate as well as provider type error rates. CERT is a random review of claims and medical records for compliance with Medicare coverage, coding and billing rules. Many chiropractors are familiar with CERT reviews and have received requests from CERT. If you receive a CERT request for records it is crucial to reply in a timely manner. If a CERT reviewer does not receive the records requested the claim is reported as a “no documentation” error. The results of CERT reviews are published in an annual report. Unfortunately, Chiropractors continue to be on CERT’s radar. We continue to have a high “error rate.” In WPS Medicare’s article Common CERT Errors, chiropractic services were listed as being documented as maintenance care, not active treatment. Overall our documentation does not support medical necessity for Active Treatment. WPS Medicare CERT Alert on December 15, 2010, listed chiropractic services as an area of concern. MAC and RAC closely monitor CERT findings. If a provider’s error rate is too high (around a 5% to 8% error rate) it will most likely trigger future audits.

The purpose of Recovery Audit Contractors (RAC) is to identify and correct Medicare overpayments and underpayments on a post-payment basis. RAC started as part of the Demonstration Project for Medicare Part A/B. Since the program was a success Congress made the RAC program permanent and expanded the program to include Medicare Part C and D and Medicaid. There are four RACs that cover different regions. In Illinois, the RAC is CGI Technologies and Solutions Inc. RACs are paid on a contingency fee basis and have two types of reviews: automated and complex.

RAC automated reviews occur without your knowledge. An automated review compares a provider to his/her peers. The first indication that a provider has undergone an automated review is when a letter is received from the RAC, usually demanding repayment. A RAC complex audit is a request for records. RACs usually do not review previously reviewed claims, and they can only look back three years from the date the claim was paid. If a RAC review results in a denial or a claim adjustment a provider will receive a notification letter of the improper payment amount. Some of the reasons for improper payment include payments that did not meet Medicare’s medical necessity requirements, failure of the provider to submit documentation or the proper documentation, and payments for incorrectly coded services. If a provider owes money to RAC he or she has the right to appeal by following the Medicare appeals process. In addition, a provider can ask for a “period of “discussion the RAC. The RAC website at updates issues that they are currently auditing, as well as, their audit findings. At the time this article was written Chiropractic was not listed as an “issue” currently being audited, but that does not mean that we won’t be a target in the future.

Both Program SafeGuard Contractors (PSCs) and Zone Program Integrity Contractors (ZPICs) are responsible for detecting and deterring fraud. CMS has begun transitioning all PSCs to ZPICs under the Medicare Modernization Act of 2003. ZPICs will be responsible for ensuring the integrity of all Medicare-related claims under Medicare Part A, B, C and D, and match data between Medicare and Medicaid. There are seven ZPIC zones based on MAC jurisdictions. At this time Illinois does not have a ZPIC contractor, but it is only a matter of time until then Program SafeGuard Contractors can conduct audits.

Where contracts have been awarded, ZPIC audits have started. ZPICs use sophisticated data analysis to identify the frequency of a CPT® code and/or ICD-9 code is used, billing trends, or any other information that identifies a provider/supplier as an outlier. They can look at a beneficiaries entire claim history no matter who the provider. ZPIC audits can also be triggered by patient complaints or referrals from CMS, OIG, MACs, FBI, other contractors, etc. They review claims on a pre-payment and post-payment basis. Claims audited on a post-payment basis can be reviewed for any reason within a year, and with good cause, claims reviews could go back four years. ZPIC audits are rarely announced, and they are not random. If a provider is being audited by ZPIC, they most likely have evidence that fraudulent activity is occurring. They will request a number of records, and if they find payment errors they will extrapolate from this error rate a dollar amount the provider will need to refund Medicare. In addition to collecting files, ZPIC may interview beneficiaries who received the services in question and the provider’s staff. In addition to owing money to Medicare, the case could be referred to law enforcement and prosecuted under the False Claims Act for criminal and civil monetary penalties (CMP). The provider could be sanctioned by the OIG from all government-funded healthcare programs and could also go to jail.

The Office of Inspector General (OIG) is in charge of overseeing all programs under the Department of Health and Human Services. They preside over federally funded healthcare programs and make sure that healthcare funds are being properly spent. They interpret rules and regulations (Stark Laws, Anti-kickback Laws, etc.), and they prevent and detect fraudulent activities. The OIG has its own investigators and auditors. If the OIG decides to audit a practice or business they will usually come unannounced.

If the OIG suspects fraud, they can audit a doctor’s records all the way back to the date the office was open. When the OIG finds evidence of fraud, they can seek civil monetary penalties (CMPs), as well as, refer cases the Department of Justice for prosecution. The OIG receives fraud referrals from MACs, RACs, ZPICs, patients, and healthcare workers. After a negative finding, healthcare entities, professionals and providers can be placed on the OIG exclusion list. Persons or entities found on this list are excluded from participating in any federally funded healthcare program and cannot be employed by another entity or person who accepts money from federally funded programs. The OIG exclusion list can be found on the OIG’s website: When hiring an employee it is important to search the person’s name or business on the exclusion list. Print the results and retain them for your records. An associate should also search the database for their employer and his or her business entity.

Lastly, the FBI can investigate healthcare fraud for the government and other third-party payers. If the FBI comes into an office, they can seize all records, computers and business documents. They may also seize any personal property including your home, cars, etc. Please seek legal counsel when notified of an audit by ANY of these organizations.

Failing a healthcare audit and having to pay large sums of money back to a 3rd party payer is not only costly, but it is also very stressful on you, your staff and family. Remember that everything you put on your CMS 1500 claim form must be documented to show medical necessity for care. When you sign the claim form you are agreeing with the False Claims Act on the back of the form. Understand Medicare’s and other 3rd party payer’s documentation requirements. Make sure when using the AT modifier the care you are providing the patient is active (corrective) treatment (not your definition of active treatment but Medicare’s definition). Instead of waiting for an audit, some chiropractic physicians hire a board-certified medical compliance specialist with a chiropractic specialty to develop a tailored made compliance program. These specialists are trained in healthcare compliance and are trained to understand OIG, Medicare, and auditors.


  1. Frontier Focus Newsletter, Division for Medicare Health Plans Operations, CMS Region VIII, December 30, 2010.
  2. Health Care Fraud Prevention and Enforcement Efforts Recover Record $4 Billion; New Affordable Care Act Tools Will Help Fight Fraud, U.S. Department of Health & Human Services, News Release, Monday, January 24, 2011.
  3. The fiscal Year 2008 Annual Performance Report, Office of Inspector General, Health and Human Services.

About Author

ICS Staff

The Illinois Chiropractic Society staff works collaboratively on many topics to bring the most comprehensive and relevant information to our members. We have over 60 years of chiropractic experience and understand the heartbeat of the profession. We all look forward to providing relevant information to our members for years to come.

Recent Videos


Corporate Club


Article Categories