UPIC
A UPIC (Unified Program Integrity Contractor) is one of the contractors CMS uses to conduct Medicare and Medicaid program integrity audits across defined geographic jurisdictions. UPICs combine the functions of the prior Zone Program Integrity Contractors (ZPICs) and Program Safeguard Contractors (PSCs). Each UPIC conducts data-driven and referral-driven audits, prepayment and postpayment review, statistical extrapolation, and referrals to HHS-OIG, DOJ, and U.S. Attorneys when audit findings cross the criminal-referral threshold.
How a UPIC works
CMS contracts with UPICs by geographic jurisdiction. SafeGuard Services covers the Northeast UPIC jurisdiction. Qlarant covers the Midwest, Southeast, and Western jurisdictions. AdvanceMed covers the Southwest. Each UPIC operates with a data-analytics shop that mines claims data for outlier patterns and runs investigative audits in response to OIG referrals, qui tam tips, and pattern-based screening. A UPIC audit notice typically arrives by mail, identifies the lookback period, names the claim sample, and lists the documentation required.
Procedurally, UPIC audits produce findings letters that drive recoupment under 42 CFR Part 405, with appeals running through redetermination (MAC, 120 days), reconsideration (Qualified Independent Contractor, 180 days), an Administrative Law Judge hearing, the Medicare Appeals Council, and federal district court review under 42 USC 405(g). UPICs may also impose prepayment review (suspending payment on every new claim within a category until medical necessity is documented), conduct on-site visits, and refer matters to HHS-OIG or DOJ when findings suggest fraud.
When a UPIC applies
UPIC audits reach Medicare and Medicaid providers and suppliers across all categories: pharmacies, physicians, DME suppliers, home health agencies, hospices, hospitals, and ambulatory care providers. The most active UPIC enforcement categories are wound care (especially skin substitutes after the Apex Medical $309M FCA settlement), DME (signature and POD audits), opioid dispensing patterns, telehealth, and high-cost specialty drug claims.
The provider's exposure under UPIC audit
Dollar exposure runs through recoupment driven by statistical extrapolation, with seven-figure demands common in multi-year postpayment reviews. Prepayment review can halt cash flow on every new claim within a category, threatening the provider's operational viability within weeks. Criminal-referral exposure runs to HHS-OIG, DOJ, and the local U.S. Attorney where the UPIC concludes findings suggest fraud. The defense framework focuses on the document request response, statistical extrapolation methodology challenge, the appeals record from redetermination through ALJ hearing, and parallel coordination if a False Claims Act or criminal referral develops.
Related terms
See also
-
Practice areaUPIC Audit Defense
The full UPIC defense framework, including statistical extrapolation challenge and parallel-track coordination.
-
Practice areaMedicare & Medicaid Audit Defense
The umbrella Medicare audit defense framework covering UPIC, RAC, MAC, SMRC, and CERT contractors.
