In 1996, as part of the Health Insurance Portability and Accountability Act (HIPAA), Congress established the Medicare Integrity Program which authorized the Centers for Medicare and Medicaid Services (CMS) to contract with Program Safeguard Contractors to identify fraud and improper billing.

In 2003 the Medicare Prescription Drug, Improvement and Modernization Act authorized CMS to contract with Medicare Administrative Contractors (MACs) to replace Fiscal Intermediaries and carriers with a select few contractors in seven geographical areas or zones to consolidate benefit integrity functions.

In October 2008 CMS awarded contracts to four Recovery Audit Contractors (RACs) in an effort to identify improper Medicare payments and fight fraud, waste and abuse in the Medicare program. RAC audits then began in earnest. As of March 9, 2010, according to CMS, 598,238 claims from the three-year demonstration project ending in August 2008 were subject to RAC overpayment determinations. However, of the 76,073 claims appealed, providers were able to overturn the initial RAC audit determination 64.4% of the time. Given this dismal record CMS, in 2008, created Zone Integrity Contractors (ZPICs).

ZPICs are intended to consolidate the functions of the Program Safeguard Contractors and the Medicare Prescription Drug Integrity Contractors, which are charged with combating fraud and abuse in the Part D prescription drug benefit program. ZPICs were formed to identify potential fraud, waste and abuse using both reactive and proactive identification methods. They are expected to develop cases against providers using a far more sophisticated approach, including data analysis, pre- and post payment medical review of claims, evaluation of complaints and other fraud detection mechanisms. They are also expected to work with law enforcement agencies both during investigation and prosecution of healthcare fraud cases, and to refer cases to law enforcement for prosecution. In addition, they are to train MACs to more effectively address fraud, waste and abuse. ZPICs are to focus their efforts on physicians, physical therapy providers, skilled nursing facilities and DME suppliers.

ZPIC audits are based upon a combination of claims data from multiple CMS contractors to create a complete profile of a beneficiary's claim history. This data will include national claims data from the Health Care Customer Information System, CMS Data Center's Part B Analytics System, and local data compilations. When a ZPIC identifies overpayments, it refers it to a RAC or a MAC , which then attempts to recoup from the provider. The government believes that this additional data will eliminate many of the problems inherent in the current system, and greatly improve the reliability of the data used to collect overpayments.

ZPICs do not randomly audit providers. They use a far more sophisticated approach to identify their targets. Therefore, a provider subject to a ZPIC review has been subject to data analytics, claims review, and other investigative techniques long before the provider is contacted. As such, a provider contacted by a ZPIC has likely been carefully screened, and the ZPIC believes to a high degree of certainty that the provider has engaged in significant wrongdoing.

Since ZIPC audits are conducted only after a high level of scrutiny, and since they typically focus on allegations of fraudulent conduct, payment denial, demand for recoupment of alleged overpayments, and even referral to law enforcement, these referrals can lead to subpoenas, investigation, criminal and civil charges, penalties, incarceration and other sanctions.

For these reasons, a ZPIC audit must be treated with urgency, seriousness and focused attention. A ZPIC audit is not an ordinary audit or record request, and experienced legal counsel should be immediately called to oversee the response. An initial repayment demand letter triggers the time within which to appeal, and failure to file an appeal within 30 days will allow Medicare to begin recoupment on day forty one.