UPIC Audit | Everything You Need to Know

Are you curious about what a UPIC audit is? Wondering what to expect during the process and why your organization might need one? This post will cover everything you need to know about UPIC audits. We’ll explain what they are, who needs them, and how they’re conducted. Plus, we’ll give you some tips on preparing for an audit. So if you’re ready to learn more, keep reading!

What does UPIC stand for?

Program Integrity Contractors (UPICs) are private contractors that work with the Centers for Medicare and Medicaid Services (CMS) to help detect and prevent fraud, waste, and abuse in the Medicare and Medicaid programs. UPICs perform various activities, including claims review, provider outreach, education, data analysis, and investigations.

In recent years, UPICs have been increasingly used to target fraud in the Medicare program, resulting in savings of billions of dollars for taxpayers. UPICs are an essential part of CMS’s efforts to crack down on fraud and protect the integrity of the Medicare program.

What is a UPIC audit?

As a critical part of the Centers for Medicare and Medicaid Services (CMS) fraud prevention efforts, contracted auditors conduct Unified Program Integrity Contractors (UPIC) audits. UPICs are awarded CMS contracts to review claims and perform data analysis to identify and prevent fraud, waste, and abuse in the Medicare and Medicaid programs. They also work with law enforcement on criminal investigations.

A UPIC audit focuses on whether providers complied with CMS billing requirements when they submitted claims for reimbursement. UPIC auditors review claims to ensure they were billed correctly and that the services provided were medically necessary. They also look for patterns of fraud and abuse.

UPIC audits can be conducted as desk reviews or on-site visits. During a desk review, the auditor will request medical records and other documentation from the provider. An on-site visit usually involves interviews with the provider and staff and a review of medical records and other documentation.

Suppose the auditor finds that a provider did not comply with CMS billing requirements. In that case, the provider may be required to repay overpayments, be excluded from Medicare and Medicaid, and/or face civil or criminal penalties.

What is the responsibility of CMS?

The Centers for Medicare and Medicaid Services (CMS) is a federal agency within the U.S. Department of Health and Human Services (HHS) that administers the Medicare and Medicaid programs. CMS also oversees the Children’s Health Insurance Program (CHIP) and state health insurance exchanges established under the Affordable Care Act (ACA). 

In total, CMS manages health care coverage for over 130 million Americans. The agency ensures that beneficiaries have access to high-quality, affordable health care. CMS also develops and enforces rules and regulations related to the Medicare and Medicaid programs and private health insurance plans offered through state health insurance exchanges. In addition, CMS researches various health care issues and provides technical assistance to state Medicaid agencies.

UPIC Audit

What triggers a UPIC audit?

A UPIC audit is triggered when a provider is selected for review by the Centers for Medicare and Medicaid Services (CMS). The selection process is based on many factors, including the provider’s enrollment status, claims history, and whether the provider has been the subject of a previous audit.

Once a provider has been selected for review, CMS will notify the provider in writing and provide instructions on submitting the required documentation. The audit will focus on the provider’s compliance with Medicare billing rules and regulations. 

Who is at risk for a UPIC audit?

Any health care provider is at risk of a Program Integrity Contractors audit. Audits are conducted to ensure that organizations are compliant with all federal regulations. They can be triggered by various factors, including complaints, media reports, or suspected fraud. 

Consequently, all organizations should be prepared for the possibility of an audit. Among other things, this means having policies and procedures in place to ensure compliance with all relevant regulations. It also means maintaining accurate records and being able to provide clear documentation upon request. Organizations unable to meet these standards may face severe penalties.

Some factors that may increase the likelihood of an audit such as:

-A high number of consumer complaints

-Data analysis indicating potential fraudulent or abusive billing practices

-Previous audit findings of fraud or abuse

-Information gathered through investigations or tips

If a PIC audit is conducted, the provider or supplier will be notified and allowed to respond to the findings. In some cases, corrective action may be required, and the provider or supplier may be liable for repayment of overpayments. PIC audits can be complex and time-consuming, so it’s vital for providers and suppliers to be familiar with the process and know their rights and responsibilities.

UPIC Audit

How to prepare for a UPIC audit?

A UPIC audit is an unannounced site visit from a state or federal regulatory agency, such as CMS (Centers for Medicare and Medicaid Services). The purpose of the audit is to review documentation and ensure compliance with regulations. These audits can be conducted with little or no notice, so it’s essential to be prepared. 

An annual audit is an integral part of any organization’s management. The results of an audit can provide insights into an organization’s financial health and performance. A well-prepared organization can provide auditors with the information they need to conduct a successful audit. There are several steps that organizations can take to prepare for an audit. 

Know which regulations apply to your facility.

When it comes to running a facility, there are a lot of regulations that need to be followed to stay compliant. This can be a daunting task, but luckily, tools are available to help. The first step is to be familiar with the requirements. Ensure you are updated on all the latest changes and that your staff is also. Several online resources can help with this, including regulatory databases and newsletters. In addition, many trade associations offer seminars and webinars on compliance topics. Staying up to date on the latest changes will help ensure that your facility complies with the law.

Keep detailed records of all patient care activities.

A UPIC audit can be daunting, but preparing for one doesn’t have to be complicated. One of the most important things is to keep detailed records of all patient care activities. This includes documenting the care provided and the rationale for why it was provided. This also includes everything from admission and discharge paperwork to medication administration records. By keeping a clear and concise history of all patient care, you can ensure that you will be able to justify your actions if asked to do so during an audit.

Make sure all staff members are adequately trained.

Periodic training on proper documentation procedures can help prevent errors.

It is essential to make sure that all staff members are aware of the importance of compliance and detail-oriented documentation. Employees should be trained on proper documentation procedures, and periodic refresher courses can help prevent errors. Make sure they maintain complete and accurate records of all UPIC-related activities. This includes both paper and electronic documents, as well as any correspondence with UPIC staff. Finally, it is important to designate a UPIC liaison responsible for coordinating the audit process and communicating with UPIC staff. By taking these steps, organizations can help ensure a successful UPIC audit.

UPIC Audit

What do CMS administrative actions include?

The Centers for Medicare & Medicaid Services is responsible for administering the Medicare and Medicaid programs. This includes ensuring that beneficiaries receive the high-quality care they deserve while also working to control costs and improve the efficiency of the healthcare system. 

To carry out these goals, CMS takes several administrative actions, such as setting payment rates, establishing quality standards for providers and facilities, and issuing regulations to ensure that the programs are being run effectively. 

In addition, CMS also works to educate beneficiaries and providers about their rights and responsibilities under the Medicare and Medicaid programs. By taking these actions, CMS can protect the integrity of the programs and ensure that beneficiaries receive the best possible care.

When the CMS suspects fraud, they take a number of administrative actions to recoup losses and prevent future fraud. These actions include automatic denials of payment, payment suspensions, prepayment edits, civil monetary penalties, revocation of billing privileges, referral to law enforcement, and post-payment reviews for determinations. These actions are meant to deter fraudulent behavior and protect the Medicare and Medicaid programs.


A UPIC audit can be daunting, but by preparing for it ahead of time and knowing which regulations apply to your facility, you can make the process as smooth as possible. At CMS Solutions Group, we are here to help you through every step of the audit process. We have years of experience assisting facilities in preparing for and passing UPIC audits, and we will work with you to ensure your facility complies with all applicable regulations. Contact us today to learn more about our services or to schedule a consultation.