Cliff’s Note: This is one of the most important pieces we've published on Blue Amp Media. Dr. Eric Lullove has done something nobody else has — mapped the surveillance architecture that Palantir has quietly built inside US healthcare.

Part 2 drops the other shoe: who actually owns the companies auditing your doctor's claims, and what private equity gets out of every denial. Support us in doing this important work now for just $60/yr.

—Cliff

by Eric Lullove, DPM Blue Amp Media Medical Contributing Editor

In Part 1 of this series, I mapped how Palantir Technologies—a company born from Central Intelligence Agency (CIA) seed funding—has embedded itself across virtually every level of the federal health data infrastructure, from hospital AI platforms to a $90 million blanket purchase agreement that gives every Department of Health and Human Services (HHS) agency access to Palantir’s Foundry platform through a single procurement vehicle. I documented how Immigration and Customs Enforcement (ICE) used that infrastructure to access Medicaid enrollment records, and how a New York City public hospital system paid Palantir to scan physician notes for missed billing opportunities.

This piece examines the other side of that architecture: the Medicare and Medicaid audit contractor ecosystem—the programs that generate the data Palantir’s platforms are built to integrate. Who are the companies reviewing your claims? Who owns them? And what financial incentives shape their behavior?

These are not separate stories. They are the same story.

Understanding the Audit Hierarchy

Most physicians understand that audits by the Centers for Medicare and Medicaid Services (CMS) exist and that they are unpleasant. Far fewer understand the specific structure of the audit contractor system, who owns those contractors, and how the financial incentives embedded in each program shape the behavior of auditors reviewing their claims.

Let me build the map from the bottom up.

Photo by Pixabay / Pexels (free license). The clinical documentation that feeds the audit contractor ecosystem.

CMS operates what it calls a layered audit system. At the least severe end sits the Targeted Probe and Educate (TPE) program, administered by Medicare Administrative Contractors (MACs). TPE is nominally educational—it is designed to identify billing errors through focused review and correct them through provider education, not punitive recovery. The mechanism involves up to three rounds of claim review; significant improvement in the first or second round terminates the process. Failure to improve by the third round triggers escalation to 100 percent prepayment review, extrapolation, or referral to a Recovery Auditor.[1][2]

Recovery Audit Contractors (RACs) are the next level. These are contingency-fee contractors—they are paid a percentage of what they recover, historically ranging from 9 percent to 20 percent of identified overpayments.[3] This financial structure is not incidental. It is the mechanism that drove the aggressive, litigation-provoking behavior of RAC contractors in the 2010s, when CMS faced a severe backlog of appeals from providers contesting RAC findings. CMS has since modified the program, but the contingency fee structure remains.

Above RACs in severity are the Unified Program Integrity Contractors (UPICs), which represent the most consequential audit instrument available to CMS short of a criminal referral. UPICs are not primarily concerned with billing errors. They are investigating fraud. They can impose payment suspensions, extrapolate overpayments statistically across your entire claim history, refer cases to the Department of Justice (DOJ) and the HHS Office of Inspector General (OIG), and recommend exclusion from Medicare and Medicaid programs entirely.[4]

Supplemental Medical Review Contractors (SMRCs) operate in parallel, conducting targeted medical reviews on specific billing patterns CMS has flagged. They can and do refer to UPICs when they identify what they characterize as systemic problems.

The newest program—and in many respects the most consequential structural shift in Medicare payment integrity in decades—is the Wasteful and Inappropriate Service Reduction (WISeR) Model, which launched January 1, 2026. I will address WISeR in its own section below, because it warrants particular attention.

Who Are the UPIC Contractors?

The UPIC program divides the United States into five geographic jurisdictions, currently operated by three companies.[5][6] Understanding who these companies are—and, critically, what their corporate lineage looks like—is essential context for any provider navigating an active UPIC investigation.

CoventBridge Inc. holds the Midwest jurisdiction, covering Illinois, Indiana, Iowa, Kansas, Kentucky, Michigan, Minnesota, Missouri, Nebraska, Ohio, and Wisconsin. CoventBridge is not an organically formed program integrity firm. It is the direct successor to AdvanceMed Corporation—which was itself originally a subsidiary of Computer Sciences Corp. (CSC), a major defense contractor. In 2011, NCI Inc., a government IT firm, purchased AdvanceMed from CSC for $62 million.[7] NCI subsequently rebranded to Empower AI, and the UPIC contract was spun out under the CoventBridge name, backed by Harwood Private Equity and J.O. Hambro Capital Management. This matters because a Senate Finance Committee letter to CMS, written when AdvanceMed was still owned by CSC, specifically flagged the conflict of interest in having a contractor evaluate the work of its own corporate parent.[8] That structural tension—private equity–backed firms conducting quasi–law enforcement Medicare audits—has not been resolved. It has been privatized further.

Qlarant Integrity Solutions LLC holds the West and Southwest jurisdictions—twenty states plus territories.[9] Qlarant is structurally more complex than it appears. It operates through multiple legal entities: Qlarant Integrity Solutions LLC (the UPIC and fraud/waste/abuse work), Qlarant Quality Solutions Inc. (formerly Delmarva Foundation for Medical Care, a nonprofit with roots in CMS quality improvement contracting), and Qlarant Commercial Solutions Inc. (formerly Health Watch Inc.).[10] Qlarant also holds the Investigations Medicare Drug Integrity Contractor (I-MEDIC) contract for Parts C and D fraud nationwide, and the Plan Program Integrity MEDIC (PPI MEDIC) contract. A single corporate family, structured through multiple subsidiaries, holds UPIC, drug integrity, and plan integrity contracts simultaneously across the majority of the western United States.

SafeGuard Services LLC (SGS) holds two jurisdictions: the Northeast and the Southeast.[11] SGS is a private company with limited public disclosure. It is, operationally, the UPIC for approximately half the American population.

The RAC Contractor Structure

Recovery Audit Contractors are currently dominated by a single entity with a private equity ownership chain that warrants close examination.

Cotiviti GOV Services LLC now holds RAC contracts for Regions 3, 4, and 5—the majority of the country—following an April 2025 award by CMS.[12] Cotiviti GOV Services is a subsidiary of Cotiviti Inc., which is itself owned by Veritas Capital, in partnership with KKR, following a 2024 recapitalization.[13] To understand what this ownership structure means, follow the acquisition trail: Veritas Capital’s portfolio company Verscend Technologies acquired Cotiviti Holdings in 2018 for $4.9 billion, combining two payment accuracy analytics firms under a single private equity platform.[14] Veritas has previously owned Truven Health Analytics, GE Healthcare’s Value-Based Care Division, and athenahealth.[15] Veritas describes its investment thesis as identifying companies whose products and services are “mission-critical” to government and commercial customers—companies that are structurally difficult to replace once embedded. Cotiviti GOV Services, as the primary Medicare RAC contractor, fits that description exactly.

Performant Recovery Inc. (NASDAQ: PFMT) continues to hold RAC Regions 1 and 2, along with the nationwide Durable Medical Equipment (DME) and Home Health/Hospice RAC contract.[16] It is, in effect, a publicly traded company whose business model is contingency-fee recovery from Medicare providers.

The statistical contractor for Comprehensive Error Rate Testing (CERT) and Payment Error Rate Measurement (PERM) programs is the Lewin Group—an entity that simultaneously produces health policy research used to inform CMS payment policy and serves as the statistical methodology backbone for the programs measuring the accuracy of those payments.[17] The Lewin Group is a subsidiary of Health Management Associates, itself a subsidiary of Optum Health, which is owned by UnitedHealth Group. The single largest private health insurer in the United States owns the statistical contractor that measures Medicare payment error rates.

The statistical contractor that measures Medicare payment error rates is owned by the largest private health insurer in the United States.

The MACs and TPE Infrastructure

The MACs that administer TPE audits are themselves a mixed ownership landscape. Noridian Healthcare Solutions is a nonprofit, functioning as the MAC for the JF jurisdiction (Arizona, Washington) and the JH jurisdiction (Oklahoma, Texas). Palmetto GBA is a subsidiary of BlueCross BlueShield of South Carolina. Novitas Solutions is a public company. WPS Government Health Administrators is a nonprofit based in Wisconsin.[18]

MACs are the ground-level administrators of Medicare fee-for-service. They set Local Coverage Determinations (LCDs) that define what documentation is required to support payment for services in their jurisdiction. An LCD variance between MAC jurisdictions—where the same service requires different documentation depending solely on geography—is not a clinical determination. It is an administrative artifact of a contractor-driven system.

The WISeR Model: Prior Authorization at Scale, with AI and Contingency Incentives

Photo by Pixabay / Pexels (free license). The digital architecture behind AI-driven prior authorization.

WISeR, launched January 1, 2026, and running through December 31, 2031, represents the most significant structural shift in Medicare payment integrity since the original RAC program.[19] WISeR applies prior authorization requirements—previously rare in traditional Medicare—to a defined set of services in six pilot states: New Jersey, Ohio, Oklahoma, Texas, Arizona, and Washington. The services subject to review include electrical nerve stimulator implants, epidural steroid injections for pain management, percutaneous vertebral augmentation, percutaneous image-guided lumbar decompression, knee arthroplasty, and skin substitute grafts for diabetic foot and venous leg ulcers.

CMS selected six technology company “model participants” to conduct prior authorization and prepayment review, each assigned to specific states and MAC jurisdictions. The named participants include Cohere Health Inc., Humata Health Inc., and Innovaccer Inc., among others.[20] Zyter|TruCare is handling the Arizona implementation in partnership with the Noridian MAC.[21]

The payment structure deserves careful attention. WISeR participants are not paid administrative fees. They are paid a percentage of savings generated when services they review are not affirmed and ultimately not paid.[22] This is, structurally, the same contingency-fee model that produced the RAC program’s aggressive denial behavior—applied prospectively to authorization decisions that prevent care from being delivered at all, not retrospectively to claims already paid.

CMS has argued that the incentive structure is designed to reward accuracy rather than denial rates—participants are penalized for inaccurate determinations through quality score adjustments, and claim resubmissions are unlimited. That is a meaningful safeguard relative to the original RAC structure. But the underlying incentive remains: the faster and more frequently a WISeR participant declines to affirm a service, the more Medicare expenditure is avoided, and the higher the savings base from which their contingency percentage is calculated.

Pending legislation—H.R. 6361, the Ban AI Denials in Medicare Act, introduced December 2025—seeks to prohibit WISeR and any future Center for Medicare and Medicaid Innovation (CMMI) model using AI-driven prior authorization in traditional Medicare.[23] Whether that legislation advances is uncertain. What is not uncertain is the broader trajectory: CMS describes WISeR explicitly as “a roadmap for incorporating more private sector innovations into CMS operations.”[24] If WISeR’s six-year pilot is characterized as successful, the program’s scope will expand geographically and across service categories.

It bears noting that CMS has not provided clear guidance on whether WISeR contractors must disclose the algorithmic logic underlying their decisions or provide meaningful explanations for denials.[25] Providers operating in WISeR states who receive nonaffirmations will know the outcome but not necessarily the reasoning—a transparency gap with direct implications for the appeal process.

WISeR is not a pilot in the sense of being tentative. It is a pilot in the sense of being the first iteration of a system CMS intends to scale.

The Unified Picture

Let me bring these two threads together, because the connection between the data infrastructure I described in Part 1 and the audit contractor ecosystem mapped above is not merely thematic. It is structural.

Photo by panumas nikhomkhai / Pexels (free license). The physical convergence of data systems that makes cross-program integration possible.

Palantir holds, through the SHARE blanket purchase agreement described in Part 1, the capacity to serve every HHS agency—including CMS—with integrated data analytics infrastructure. CMS is simultaneously building a national provider directory (for which Palantir received a proof-of-concept award), expanding AI-driven prior authorization through WISeR, and operating a UPIC/RAC/SMRC audit apparatus that generates millions of additional documentation requests per year. The data from all of these systems—claim histories, audit findings, provider billing patterns, clinical notes scanned for missed charges, prior authorization requests and denials—represents an extraordinarily comprehensive dataset of American healthcare.

That dataset, collected across multiple programs with different statutory authorities and different privacy protections, is precisely the kind of dataset Palantir’s Foundry platform is architected to integrate. Not because CMS has announced any intention to use Palantir for cross-program data analysis in healthcare audit functions—it has not. But because the infrastructure that would permit such integration has been deployed, piecemeal, through individually reasonable-seeming procurement decisions.

What we have built, without intending to build it, is the technical precondition for a comprehensive national database of healthcare provider behavior, patient utilization, and clinical documentation—administered through a network of private equity–backed contractors, monitored through AI-augmented audit systems, and integrated through a data platform whose founder has stated openly that Palantir’s goal is to be the operating system for government.

I want to be clear about what I am not saying. I am not claiming that CMS is using Palantir to surveil providers or that UPIC contractors are sharing data with ICE. There is no evidence of that. What I am saying is that the architecture that would permit such uses has been constructed, that the entities holding the relevant contracts have overlapping ownership structures and financial interests that are rarely examined, and that providers navigating audits have almost no visibility into who is actually reviewing their claims and under what data governance frameworks.

That is an accountability gap. And in my view, it is one that the healthcare community—physicians, hospital administrators, compliance officers, and healthcare attorneys—has an obligation to understand before the system scales further.

What This Means for Your Practice

Let me close with something concrete, because I write this for clinicians and administrators, not policy theorists.

Know Your Audit Contractor

Every provider in the United States should know which UPIC covers their jurisdiction, which RAC covers their region, and which MAC administers their claims. These are available on the CMS Review Contractor Directory.[26] SafeGuard Services covers the Southeast and Northeast. Qlarant Integrity Solutions covers the West and Southwest. CoventBridge covers the Midwest. If you receive a records request, the originating contractor matters enormously in terms of timeline—UPICs allow only fifteen to thirty calendar days; MACs typically allow forty-five—consequence, and appropriate response strategy.[27]

Understand the Escalation Ladder

TPE → SMRC → RAC → UPIC → OIG is not a linear progression that every provider follows. Any of these entities can refer directly to the next level if they characterize what they are seeing as indicative of a systemic pattern rather than isolated error.[28] The threshold for that characterization is not defined by statute. It is defined by the contractor.

The WISeR States Face a New Risk Layer

If you practice in New Jersey, Ohio, Oklahoma, Texas, Arizona, or Washington and perform any of the WISeR-covered services, you are operating in a new compliance environment as of January 2026. Prior authorization through a technology vendor—not a MAC, not a clinical reviewer employed by CMS—now precedes payment for those services. Nonsubmission of a prior authorization request triggers automatic prepayment review.[29][30] The operational guide is available from CMS, but the specific algorithms by which WISeR vendors assess medical necessity have not been publicly disclosed.[31]

Data Governance Is Now a Clinical Concern

The integration of AI systems into billing optimization, prior authorization, and audit functions means that the data your practice generates—clinical notes, billing patterns, documentation quality, response rates to audit requests—is being analyzed computationally at a scale and depth that was not possible five years ago. The revenue cycle management firms, the audit contractors, and the federal data platforms are all, increasingly, operating from the same underlying data infrastructure.

You cannot opt out of this ecosystem. But you can understand it.

Buy Us A Coffee!

Eric Lullove, DPM, is a podiatric physician and healthcare policy analyst. This article reflects independent research and analysis. Nothing in this article constitutes legal, compliance, or clinical advice. Providers facing active audits should retain qualified healthcare counsel.

[1]Frier Levitt, CMS Audits, September 25, 2025. Overview of the full CMS audit escalation ladder from TPE through UPIC and OIG. https://www.frierlevitt.com/what-we-do/healthcare-law/cms-audits/.

[2]MSN Healthcare Solutions, The What and How of Medicare Program Provider Audits, September 16, 2025. Details on TPE audit structure, three-round mechanism, and escalation thresholds. https://msnllc.com/what-and-how-of-medicare-program-provider-audits/.

[3]Art Kalantar, JD, Types of Healthcare Audits and Auditors: RAC, UPIC, and ZPIC, December 8, 2025. RAC contingency fee rates have historically ranged from 9.5% to 12%; new contracts may allow rates as high as 20%. https://www.kalantar.law/types-of-healthcare-audits/.

[4]Applied Policy, Unified Program Integrity Contractors, August 9, 2023. UPIC post-payment reviews in 2020 resulted in $200.2 million in savings to the Medicare program. https://www.appliedpolicy.com/7258-2/.

[5]CMS.gov, Review Contractor Directory—Interactive Map, current as of April 2026. Lists all five UPIC jurisdictions, current contractors, RAC regions, MACs, CERT contractors, and SMRC. https://www.cms.gov/data-research/monitoring-programs/medicare-fee-service-compliance-programs/review-contractor-directory-interactive-map.

[6]MedLearn Publishing / RACmonitor, Understanding the UPICs: Medicare’s Recovery Audit Contractors, August 27, 2025. Full breakdown of five UPIC jurisdictions and contractor assignments. https://racmonitor.medlearn.com/understanding-the-upics-medicares-recovery-audit-contractors/.

[7]Modern Healthcare, NCI Completes $62 Million AdvanceMed Deal, April 4, 2011. NCI purchased AdvanceMed Corporation from Computer Sciences Corp. (CSC) for $62 million, including a data center supporting ZPIC Zone 5 and Zone 2 contracts. https://www.modernhealthcare.com/article/20110404/NEWS/304049989/nci-completes-62-million-advancemed-deal.

[8]Modern Healthcare, NCI Completes $62 Million AdvanceMed Deal, April 4, 2011. Senate Finance Committee letter from then-ranking member Chuck Grassley asked CMS to identify conflicts of interest among contractors; the AdvanceMed/CSC relationship was specifically cited. https://www.modernhealthcare.com/article/20110404/NEWS/304049989/nci-completes-62-million-advancemed-deal.

[9]Qlarant.com, Contracts List, December 9, 2025. Qlarant holds UPIC West, UPIC Southwest, I-MEDIC, PPI MEDIC, and previously served as Medicaid Integrity Contractor across thirty-four states and DC. https://www.qlarant.com/about/contracts-list/.

[10]Qlarant Integrity Solutions LLC (formerly Health Integrity LLC); Qlarant Quality Solutions Inc. (formerly Delmarva Foundation for Medical Care Inc.); Qlarant Commercial Solutions Inc. (formerly Health Watch Inc.). See Qlarant CMS contract award announcement, March 7, 2018. https://www.qlarant.com/about/news/cms-selects-qlarant-unified-program-integrity-contractor/.

[11]Maynard Nexsen, Medicare’s Bloodhound in the Southeast: SGS Gets the UPIC Auditing Contract. SGS was awarded the Southeast UPIC effective June 1, 2018. Southeast jurisdiction covers Alabama, Florida, Georgia, North Carolina, Puerto Rico, South Carolina, Tennessee, US Virgin Islands, Virginia, and West Virginia. https://www.maynardnexsen.com/publication-sgs-gets-the-upic-auditing-contract.

[12]CMS.gov, Medicare Fee for Service Recovery Audit Program, May 14, 2025 update. On April 28, 2025, CMS awarded Cotiviti GOV Services LLC the RAC contracts for Regions 3, 4, and 5. Performant remains under contract for administrative and appeals support in Region 5. https://www.cms.gov/data-research/monitoring-programs/medicare-fee-service-compliance-programs/medicare-fee-service-recovery-audit-program.

[13]Veritas Capital, Cotiviti Completes Recapitalization with KKR and Long-Standing Owner Veritas, October 7, 2024. https://www.veritascapital.com/cotiviti-completes-recapitalization-with-kkr-and-long-standing-owner-veritas/.

[14]Fierce Healthcare, Verscend Closes $4.9B Acquisition of Cotiviti, Adding to Veritas Capital’s Health IT Portfolio, August 27, 2018. https://www.fiercehealthcare.com/tech/veritas-capital-verscend-cotiviti-revenue-cycle-management-payment-integrity.

[15]Veritas Capital has previously owned Truven Health Analytics (acquired from Thomson Reuters for $1.25 billion, sold to IBM Watson for $2.6 billion in 2016), GE Healthcare’s Value-Based Care Division, Verscend Technologies, and athenahealth (acquired February 2019 for $5.7 billion through partnership with Evergreen Coast Capital). See Wikipedia, Veritas Capital. https://en.wikipedia.org/wiki/Veritas_Capital.

[16]SEC EDGAR, Performant Financial Corp., Form 8-K, Q3 2024 earnings. Healthcare revenues for Q3 2024 were $30.3 million, an increase of approximately 6% from the prior year. CEO Simeon Kohl noted continued scaling of the CMS RAC Region 2 contract. https://www.sec.gov/Archives/edgar/data/0001550695/000155069524000094/ex093024991pressrelease.htm.

[17]Optum Health, a subsidiary of UnitedHealth Group, owns Health Management Associates, which in turn owns the Lewin Group. The Lewin Group serves as statistical contractor for both the Comprehensive Error Rate Testing (CERT) and Payment Error Rate Measurement (PERM) programs. See CMS Review Contractor Directory for current contractor listings. https://www.cms.gov/data-research/monitoring-programs/medicare-fee-service-compliance-programs/review-contractor-directory-interactive-map.

[18]StreamlineMD, Navigating CMS Audits: Understanding the Different Types, March 19, 2025. MACs administer TPE audits; providers are given up to three rounds before escalation to 100% prepayment review or RAC referral. https://streamlinemd.com/for-healthcare-providers-cms-audits-can-be-a-daunting-reality-whether-it-is-a-rac-audit-looking-for-overpayments-a-cert-audit-measuring-error-rates-or-a-upic-audit-investigating-fraud-understandi/.

[19]CMS.gov, WISeR (Wasteful and Inappropriate Service Reduction) Model, last updated January 28, 2026. WISeR operates January 1, 2026, through December 31, 2031, in Arizona, New Jersey, Ohio, Oklahoma, Texas, and Washington. https://www.cms.gov/priorities/innovation/innovation-models/wiser.

[20]BHM Healthcare Solutions, CMS Announces Vendor List for WISeR Model, November 9, 2025. Named participants include Cohere Health Inc., Humata Health Inc., and Innovaccer Inc. Each participant is assigned to a specific state and MAC jurisdiction. https://bhmpc.com/2025/11/wiser-model-vendor-list/.

[21]Zyter|TruCare, CMS WISeR Program, January 5, 2026. Zyter|TruCare will supply and maintain the prior authorization platform for the WISeR program in Arizona, partnering with MAC Noridian. https://www.zyter.com/learning/wiser/.

[22]Applied Policy, WISeR Model Signals Changes in CMS’s Approach to Prior Authorization, September 9, 2025. CMS will calculate savings using historical average payments for each service type; vendor payments are adjusted based on performance measures including timeliness and accuracy. https://www.appliedpolicy.com/wiser-model-signals-changes-in-cmss-approach-to-prior-authorization/.

[23]DLA Piper, CMS Launches WISeR Model: What Providers Need to Know, January 14, 2026. H.R. 6361—the Ban AI Denials in Medicare Act—was introduced December 2, 2025, and seeks to prohibit implementation of WISeR and any future Center for Medicare and Medicaid Innovation (CMMI) model testing AI-driven prior authorization under traditional Medicare. https://www.dlapiper.com/en-us/insights/publications/2026/01/cms-wiser-model.

[24]CMS.gov, WISeR Model Frequently Asked Questions, January 13, 2026. “WISeR is the first Innovation Center model in which technology innovators are the only model participants.” CMS has framed the model as “a roadmap for incorporating more private sector innovations into CMS operations.” https://www.cms.gov/priorities/innovation/files/document/wiser-model-frequently-asked-questions.

[25]Morgan Lewis LLP, CMS Is Getting WISeR about Medicare Waste—But at What Cost to Providers?, July 3, 2025. CMS has not provided clear guidance on whether WISeR contractors must disclose the algorithmic logic underlying their decisions or provide meaningful explanations for denials. https://www.morganlewis.com/pubs/2025/07/cms-is-getting-wiser-about-medicare-waste-but-at-what-cost-to-providers.

[26]CMS.gov, Review Contractor Directory—Interactive Map, current as of April 2026. https://www.cms.gov/data-research/monitoring-programs/medicare-fee-service-compliance-programs/review-contractor-directory-interactive-map.

[27]Skilled Nursing News, CMS Tightens Audit Oversight as Improper Payments Rise and Nursing Homes Lead in Doc Errors, December 5, 2025. CMS reported a 6.55% improper payment rate in FY 2025, representing nearly $28.83 billion. UPICs allow between fifteen and thirty calendar days for record submissions; previous-level contractors typically allow forty-five days. https://skillednursingnews.com/2025/12/cms-tightens-audit-oversight-as-improper-payments-rise-and-nursing-homes-lead-in-doc-errors/.

[28]See Frier Levitt, CMS Audits, September 25, 2025; and MSN Healthcare Solutions, The What and How of Medicare Program Provider Audits, September 16, 2025.

[29]CMS.gov, WISeR (Wasteful and Inappropriate Service Reduction) Model, last updated January 28, 2026. https://www.cms.gov/priorities/innovation/innovation-models/wiser.

[30]Doctors Management, What to Expect from a UPIC Audit: Guidance for Clinics and Providers, February 5, 2026. UPICs collaborate with MACs, SMRC, and Medicare Drug Integrity Contractors. https://www.doctorsmanagement.com/blog/what-to-expect-from-a-upic-audit-guidance-for-clinics-and-providers/.

[31]See Morgan Lewis LLP, CMS Is Getting WISeR about Medicare Waste—But at What Cost to Providers?, July 3, 2025; and CMS.gov, WISeR Model Frequently Asked Questions, January 13, 2026.