Skip to main content

Exit WCAG Theme

Switch to Non-ADA Website

Accessibility Options

Select Text Sizes

Select Text Color

Website Accessibility Information Close Options
Close Menu
Law Offices of Art Kalantar Motto
  • HEALTHCARE LAW

Understanding the Different Types of Healthcare Audits and Auditors: RAC, UPIC, ZPIC, and More

Medical consultant reviews financial projection with healthcare administrator. Doctor, businessman analyze budget discuss investment in clinic. Financial planning for medical facility. Healthcare

For healthcare providers in California, few things are as daunting as receiving notice of an impending audit. The healthcare system in the state is heavily regulated, and both Medicare and Medi-Cal are subject to extensive oversight aimed at preventing fraud, waste, and abuse. Government agencies employ various audit programs to detect improper billing, ensure compliance, and recover overpayments. Understanding the types of healthcare audits you may face is essential for preparing your practice, minimizing risk, and mounting an effective defense if necessary. Read on for a discussion of this critical topic, and if you are facing an audit of your healthcare practice, contact the Law Offices of Art Kalantar in Beverly Hills to speak with an experienced California Medicare and Medi-Cal audit lawyer.

The Purpose and Scope of Healthcare Audits

Healthcare audits are not always the result of suspected fraud. Many are conducted as routine reviews, while others are data-driven investigations triggered by billing patterns, patient complaints, or whistleblower reports. Regardless of the reason, audits can result in claim denials, demands for repayment, penalties, or, in more serious cases, criminal charges. Different auditing entities serve distinct roles and have varying levels of authority, so knowing who is conducting the audit can help you determine the best course of action.

Recovery Audit Contractors (RACs)

Recovery Audit Contractors, or RACs, are third-party entities contracted by the Centers for Medicare & Medicaid Services (CMS) to identify and recover improper Medicare payments. RACs are paid a contingency fee based on the amount of overpayments they collect, which incentivizes them to find errors. RACs typically conduct post-payment audits, meaning they review claims that have already been paid. Their focus is on identifying both overpayments and underpayments.

RAC audits often rely on data analytics to spot outliers in billing patterns. These audits can be burdensome for providers because RACs tend to request large volumes of records and have a history of aggressive recovery efforts. While providers can appeal RAC findings, the process can be time-consuming and requires meticulous documentation to support the legitimacy of the billed services.

Unified Program Integrity Contractors (UPICs)

Unified Program Integrity Contractors, or UPICs, are tasked with preventing fraud, waste, and abuse across Medicare and Medicaid simultaneously. UPICs replaced several legacy programs, including the ZPICs (Zone Program Integrity Contractors) and Program Safeguard Contractors (PSCs). Unlike RACs, which are primarily focused on overpayment recovery, UPICs are involved in fraud investigations and can refer cases for civil or criminal enforcement. Qlarant Integrity Solutions, LLC (Qlarant) was selected by CMS in March 2018 to serve as the UPIC for the Western Jurisdiction, which includes California.

UPIC audits can be initiated based on various triggers, including statistical anomalies, complaints from beneficiaries, or referrals from other agencies. UPICs have broad authority to conduct both pre-payment and post-payment audits, meaning they can stop payments on pending claims while their investigation is ongoing. Providers facing UPIC audits should be particularly cautious, as these audits often carry a higher risk of referral to law enforcement.

Zone Program Integrity Contractors (ZPICs)

Although UPICs have largely replaced ZPICs, some healthcare providers still encounter ZPIC audits as part of older cases or transitional processes. ZPICs were previously responsible for protecting Medicare from fraud in designated geographical zones. Much like UPICs, they had broad investigative powers and could suspend payments, refer cases to law enforcement, and recommend administrative actions.

While ZPIC audits are now less common, their structure set the stage for the more streamlined and unified approach of the UPIC system. Providers who have dealt with ZPIC audits in the past may notice many similarities in how UPICs conduct their reviews today.

Medicaid Integrity Contractors (MICs)

Medicaid Integrity Contractors, or MICs, focus specifically on Medicaid audits. They review Medicaid provider claims to identify overpayments and billing errors. MICs conduct both post-payment audits and data analysis to flag suspicious billing trends. Unlike RACs, MICs are not paid on a contingency basis, which theoretically reduces the incentive for overly aggressive findings.

MIC audits can be triggered by abnormal billing patterns or referrals and often involve extensive document requests. The outcome of a MIC audit may result in overpayment demands or referrals to state Medicaid Fraud Control Units if potential fraud is detected.

Other Types of Healthcare Audits

In addition to RACs, UPICs, ZPICs, and MICs, healthcare providers may also encounter audits from private insurance companies, state agencies, and managed care organizations. These entities often conduct their own program integrity reviews, particularly in the Medi-Cal managed care space. Audits by these organizations may not carry the same legal weight as a federal investigation, but they can still lead to significant financial consequences and contract terminations.

Another noteworthy audit type is the Targeted Probe and Educate (TPE) program, a CMS initiative designed to address billing errors through focused education rather than punitive measures. While TPE audits can still result in claim denials, the primary goal is to correct improper billing practices and reduce future errors. Providers who participate in TPE are usually given multiple rounds of education and review before more serious enforcement actions are considered.

Protecting Your Practice During an Audit

Regardless of the type of audit you face, the key to protecting your practice is preparation. Maintain meticulous, up-to-date documentation for all services provided, and implement a comprehensive compliance program that includes regular internal audits and staff training. Promptly responding to audit requests and seeking legal guidance from an experienced healthcare defense attorney can make a significant difference in the outcome of an audit.

Understanding the distinctions between RAC, UPIC, ZPIC, MIC, and other audit types can help you tailor your response and defense strategy. Each auditing body has different priorities, methodologies, and consequences. By familiarizing yourself with these differences, you can navigate the audit process more effectively and reduce the risk of severe penalties.

Contact Art Kalantar for Audit Preparation and Representation in California

If your California medical practice has been targeted for an audit or you need help strengthening your compliance program, contact the Law Offices of Art Kalantar in Beverly Hills. Our firm has extensive experience defending healthcare providers in Los Angeles and throughout California and can provide the legal support you need to safeguard your reputation and livelihood.

Facebook Twitter LinkedIn
By Art Kalantar | Posted on June 23, 2025

Request A FREE Consultation

By submitting this form I acknowledge that form submissions via this website do not create an attorney-client relationship, and any information I send is not protected by attorney-client privilege.

Skip footer and go back to main navigation