Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

4 min read

Navigating CMS UPIC audits

Navigating CMS UPIC audits

UPIC (Unified Program Integrity Contractor) audits have become increasingly prevalent in the healthcare industry. The Centers for Medicare & Medicaid Services (CMS) have intensified their efforts to identify organizations with improper billing practices. The primary objective of UPIC audits is to detect and prevent fraud, waste, and abuse within Medicare and Medicaid programs. By conducting audits, CMS aims to ensure that federal funds are used appropriately and that the services billed for are medically necessary.


Understanding the purpose of UPIC audits

The purpose of UPIC audits is to identify and stop fraud and abuse in Medicare and Medicaid programs. These audits help CMS achieve the following goals:

  • Finding fraud, abuse, and waste: UPIC audits are designed to identify fraud, abuse, and waste within healthcare organizations. By scrutinizing billing practices and conducting medical reviews, UPICs can detect improper billing, overutilization of services, and other fraudulent activities.
  • Performing Medicare and Medicaid data analysis: UPICs perform regional data analysis to identify trends and patterns that may indicate fraudulent billing practices. UPICs can identify outliers and potential areas of concern by analyzing data from healthcare providers and suppliers.
  • Resolving complaints: UPICs resolve complaints related to billing and healthcare services. They investigate complaints from beneficiaries, healthcare providers, and other stakeholders to determine if fraud or abuse has occurred.
  • Investigating suspected fraud activities: UPICs actively investigate suspected fraud activities within the healthcare industry. They work closely with other federal and state agencies to coordinate efforts in combating healthcare fraud.

Go deeper: 


Who should be concerned about CMS UPIC audits?

UPIC audits have implications for various entities billing or providing services under Medicare and Medicaid programs. The following groups should be particularly concerned about UPIC audits:


Healthcare providers and suppliers

Physicians, hospitals, home health agencies, durable medical equipment suppliers, and other entities that bill Medicare and Medicaid must know the potential for UPIC audits. These audits focus on billing practices, quality of care, and compliance with program requirements.


Billing companies

Companies that handle billing for healthcare providers and suppliers must ensure that their practices comply with Medicare and Medicaid regulations. Inaccurate or fraudulent billing can trigger a UPIC audit.


Healthcare administrators

Administrators of healthcare facilities are responsible for ensuring that their organizations follow all compliance and regulatory standards. This includes maintaining accurate records, following proper billing procedures, and ensuring high-quality care.


Medical coders and billers

Professionals responsible for coding medical services and submitting claims must adhere to coding guidelines and billing rules. Any inaccuracies or patterns that suggest upcoding or unbundling can lead to audits.


Compliance officers

Compliance officers within healthcare organizations ensure adherence to regulations. They must stay informed about the latest requirements and ensure that their organizations comply to prevent actions that could lead to UPIC audits.


Healthcare attorneys and legal advisors

Legal professionals specializing in healthcare law need to stay informed about UPIC audits to advise their clients properly on compliance and defense strategies.


How to prepare for a UPIC audit

Preparing for a UPIC audit requires proactive compliance efforts and comprehensive documentation. Healthcare organizations can take several steps to prepare for a UPIC audit and reduce the risk of adverse findings:


Implementing a compliance program

Establishing a compliance program helps prepare for a UPIC audit. This program should include regular training sessions to update employees on Medicare and Medicaid regulations. It helps identify and correct non-compliant practices within the organization.


Conducting regular internal audits

Regular internal audits help organizations identify areas for improvement in their compliance programs. These audits should mirror the procedures used by UPICs and focus on areas commonly associated with fraud and abuse.


Ensuring accurate documentation

Accurate and thorough documentation demonstrates compliance of billed services. Healthcare organizations should pay particular attention to this aspect, as it is often the primary focus of UPIC audits.


Staying informed on billing and coding updates

Medical billing and coding practices are continuously evolving. Stay updated on changes and ensure that billing practices reflect the latest standard. Code errors can lead to unintentional billing discrepancies, which may draw unwanted attention from UPIC auditors.


Developing a response plan

Have a response plan in place for addressing audit requests efficiently. This includes designating a team responsible for communications with UPIC auditors, compiling necessary documentation, and ensuring timely and comprehensive responses.


Reviewing provider enrollment information

Regularly reviewing and verifying the accuracy of provider enrollment information can help prevent unnecessary scrutiny during UPIC audits.


Engaging legal and compliance experts

Healthcare attorneys and compliance consultants can provide valuable insights into best practices and help strengthen an organization's compliance framework. They can also provide guidance and support during UPIC audits.


Educating and training staff

Regular training sessions for staff on the importance of accurate billing, proper documentation, and compliance can reduce the risk of fraud and abuse. Education and training create a culture of compliance within the organization.


Maintaining open communication

Organizations must create an environment where employees feel comfortable reporting potential compliance issues. An effective internal reporting mechanism can help catch and address issues early, mitigating potential risks.


Preparing for onsite visits

Healthcare organizations should be prepared for onsite visits from UPIC auditors. Ensuring compliance with health and safety standards and having privacy protections in place can help these visits go smoothly.

See also: HIPAA Compliant Email: The Definitive Guide


What happens if UPIC audits are escalated?

In instances of severe fraud, UPIC auditors escalate the matter to either the DOJ or U.S. Attorney’s Office for potential prosecution or to the HHS OIG for further investigation.

According to Oberheiden P.C. claims arising from a UPIC audit are pursued by the US Attorney’s Office under the False Claims Act. The False Claims Act (18 U.S.C. § 287) requires the government to demonstrate that the defendant: 

(1) submitted a false, fictitious, or fraudulent claim to a U.S. department; 

(2) was aware of the claim's falsity; and 

(3) acted with the intention to violate the law or with an awareness of wrongdoing. 



What should I do if my organization is selected for a UPIC audit?

If your organization is selected for a UPIC audit, it's important to review the audit notification carefully, understand the scope of the audit, and begin preparing the relevant documentation and evidence to support your compliance with Medicare and Medicaid regulations.


What are some common areas of focus in UPIC audits?

UPIC audits commonly focus on areas such as billing accuracy, medical necessity of services, documentation requirements, and compliance with CMS regulations and guidelines.


Can I appeal the findings of a UPIC audit?

Yes, if you disagree with the findings of a UPIC audit, you have the right to appeal through the appropriate channels outlined in the audit notification.


How can I stay updated on UPIC audit-related developments?

Staying informed about UPIC audit-related developments involves regularly monitoring CMS communications, participating in relevant training and educational opportunities, and engaging with industry associations and experts.


Where can I find additional resources on navigating UPIC audits?

Additional resources on navigating UPIC audits can be found on the CMS website, through industry publications, and by consulting with legal and compliance experts specializing in Medicare and Medicaid regulations.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.