Avoid Being Put on the RAC: Be Prepared for a Recovery Audit Contractor Audit

Any medical practice submitting claims to a government program may contend with a Recovery Audit Contractor (RAC). RAC audits are not one-time or intermittent reviews; they are a systematic and concurrent operating process created to ensure compliance with Medicare’s clinical payment criteria and documentation and billing requirements.

The RAC program was signed into law by the Medicare Prescription Drug Improvement and Modernization Act of 2003 and made permanent by the Tax Relief and Healthcare Act of 2006. Its purpose is to identify improper Medicare payments—both overpayments and underpayments.

The RACs use proprietary software programs to identify potential payment errors in areas such as duplicate payments, fiscal intermediaries’ mistakes, medical necessity, and coding. RACs also conduct medical record reviews. In fiscal years 2010 and 2011, RACs identified half of all claims they reviewed as having resulted in improper payments.1

The RACs detect and correct past improper payments so that the Centers for Medicare and Medicaid Services (CMS) can implement actions that will prevent future improper payments.2 CMS anticipates the following benefits:

  • Providers can avoid submitting claims that do not comply with Medicare rules.
  • CMS can lower its error rate.
  • Taxpayers and future Medicare beneficiaries are protected.

Who Is Subject to a RAC Audit?

  • Hospitals.
  • Physician practices.
  • Nursing homes.
  • Home health agencies.
  • Durable medical equipment suppliers.
  • Any provider or supplier that submits claims to Medicare.

Who Is the RAC Auditor?

CMS has contracted with RAC auditors for each region in the United States. It is important to identify the RAC auditor in your region. Never ignore a letter from one of these organizations.

The United States is divided into four regions. Each region has a designated Recovery Audit Contractor:

Region A: Performant Recovery, Inc., and subcontractor, PRG-Schultz USA, Inc.
Region B: CGI Technologies and Solutions, Inc., and subcontractor, PRG-Schultz USA, Inc.
Region C: Connolly Consulting Associates, Inc., and subcontractor, Viant Payment Systems, Inc.
Region D: HealthDataInsights, Inc., Las Vegas, Nevada, and subcontractor, PRG-Schultz USA, Inc.  

What Does the RAC Review?

The recovery audit looks back three years from the date a claim was paid. RACs are required to employ a staff consisting of nurses, therapists, certified coders, and a physician medical director.

The RAC reviews claims on a post-payment basis. There are three types of review:

  • Automated—no medical record needed.
  • Semi-automated—claims review using data and potential human review of a medical record or other documentation.
  • Complex—medical record required.

What Can You Do to Prepare for a RAC Audit?

Assess your risk for billing issues by performing an internal audit of your own billing practices. Follow these tips when performing your audit:

  • Assign a knowledgeable member of your staff to review your billing processes and develop a billing compliance plan. Consider hiring a contractor for this task.
  • Identify billing issues, track denied claims, look for patterns, and determine what corrective actions you need to take to avoid improper payments.
  • Review for circumstances that can lead to common billing errors, including:
    • Inadequately trained staff.
    • Lack of time.
    • Not following recommendations in Federal Register bulletins.
    • Not consulting Health and Human Services bulletins.
    • Misinterpreting rules.
    • New staff/new billing company.
  • Include these areas in your assessment and monitoring plan:
    • Review the categories of claims denied in earlier RAC audits.
    • Keep abreast of notifications on the CMS website.
    • Review the Office of Inspector General (OIG) annual work plan to identify audit areas.
    • Monitor RAC progress on regional RAC web postings.

Potential Issues with Electronic Medical Records

The OIG is studying the link between electronic medical record (EMR) systems and coding for billing. There is a concern that some EMR systems may upcode billing through automatically generated detailed patient histories, cloning (when you cut and paste the same examination findings), and templates filled in to reflect a more thorough or complex examination/visit. Review these issues with your EMR vendor, and determine if your EMR program has the potential to automatically upcode billing based on EMR documentation.

Fundamentals for Compliance

Establish compliance and practice standards, and conduct internal monitoring and internal auditing to evaluate compliance. Medical billing is complex. Billers and coders must be knowledgeable about many areas pertaining to billing and reimbursement.

Be sure that your billing staff understands local medical review policies and is knowledgeable about practice jurisdictions. Billing personnel must stay current on coding requirements, keep up with industry changes, understand the denial and appeal processes, and be able to identify resources for support.

The RAC can request a maximum of 10 medical records from a provider in a 45-day period. The time period that may be reviewed has changed from four years to three years. Responses are time-sensitive, and significant penalties may result if they are not handled properly. RACs are paid on a contingency basis for overpayments and underpayments. If a recoupment demand is issued and you agree with it, you have the choice of paying by check within 30 days, allowing recoupment from future payments, or requesting an extended payment plan.

There is an appeal process if you do not agree with the audit findings. Do not confuse the RAC Discussion Period with the appeals process. If you disagree with the RAC determination, in addition to sending the discussion letter detailing why you disagree with the findings, you will need to file an appeal before the 120th day after the demand letter. Send correspondence to the RAC via certified mail.

What to Do If You Are Audited

Do not ignore a letter from the RAC auditor.

It is recommended that an attorney assist you with your response to a RAC audit. The Doctors Company provides RAC audit legal assistance for members as part of MediGuard®, the regulatory risk coverage that is part of your core medical liability policy.

For assistance or questions, please contact The Doctors Company Patient Safety Department at (800) 421-2368, extension 1243.

For more information, see the CMS Recovery Audit Program page.



  1. Office of Inspector General. U.S. Department of Health and Human Services. Medicare recovery audit contractors and CMS's actions to address improper payments, referrals of potential fraud, and performance. September 3, 2013. https://oig.hhs.gov/oei/reports/oei-04-11-00680.asp. Accessed December 16, 2013.
  2. Centers for Medicare and Medicaid Services. The recovery audit program and Medicare: the who, what, when, where, how and why? May 13, 2013. http://www.cms.gov/Research-Statistics-Data-and-Systems/Monitoring-Programs/Medicare-FFS-Compliance-Programs/Recovery-Audit-Program/Downloads/The-Recovery-Audit-Program-and-Medicare-Slides-051313.pdf. Accessed December 16, 2013.


By Kathleen Stillwell, MPA, RN, Patient Safety Risk Manager II, The Doctors Company.

The guidelines suggested here are not rules, do not constitute legal advice, and do not ensure a successful outcome. The ultimate decision regarding the appropriateness of any treatment must be made by each healthcare provider in light of all circumstances prevailing in the individual situation and in accordance with the laws of the jurisdiction in which the care is rendered.

J9611 2/14


Stay in the Know with Our Monthly Newsletter

Sign up to receive The Doctor’s Practice.

Our e-mail newsletter delivers timely updates across a range of topics each month, including
patient safety, legislative updates, and the latest industry and company news.


Follow us: Follow The Doctors Company on Twitter Watch The Doctors Company on YouTube The Doctors Company on LinkedIn Like The Doctors Company on Facebook Follow The Doctors Company on Google+

© 2017 The Doctors Company. All rights reserved. Legal Notices and Privacy Policy | Glossary of Insurance Terms