Are You Prepared for a Medicare Recovery Audit Contractor (RAC) Audit?

Kathleen Stillwell, MPA/HSA, RN, Senior Patient Safety Risk Manager, The Doctors Company

The mission of the CMS Medicare Fee for Service (FFS) Recovery Audit Program is to identify and correct improper payments made on claims for healthcare services provided to Medicare beneficiaries. In January 2010, the Social Security Act authorized the Recovery Audit Program expansion nationwide and extended it to Medicare Parts C and D.

Any medical practice submitting claims to a government program can be subject to a Medicare Recovery Audit Contractor (RAC) audit. RAC audits—which may be triggered by an innocent documentation error—are not one-time or intermittent reviews. They are part of a systematic and concurrent operating process created to ensure compliance with Medicare’s clinical payment criteria and documentation and billing requirements. The RACs are charged with finding “improper payments”—which could be either an underpayment or an overpayment.

The RACs use proprietary software programs to identify potential payment errors in areas such as duplicate payments, fiscal intermediaries’ mistakes, medical necessity, and coding. RACs also conduct medical record reviews and are required to employ a staff consisting of nurses, therapists, certified coders, and a physician medical director.

According to the CMS report on Improper Payment Rates and Additional Data, between 2012 and 2022, RAC identified improper payments under the Medicare Fee-for-Service program ranging from a high of 12.7 percent in 2014 to a low of 6.26 percent in 2021. Improper payments may include fraud or abuse. Most improper payments are from unintentional errors or insufficient payment documentation.

The RACs detect and correct past improper payments so that CMS can implement actions to prevent future improper payments. CMS anticipates the following benefits:

  • Providers can avoid submitting claims that do not comply with Medicare rules.
  • CMS can lower its payment error rate.
  • Taxpayers and future Medicare beneficiaries are protected.

Potential Issues With EHRs

The OIG is studying the link between EHR systems and coding for billing. The concern is that some EHR systems may generate upcoded billing through automatically generated detailed patient histories, cloning (when examination findings are copied and pasted), and templates filled in to reflect a more thorough or complex examination/visit. Review these issues with your EHR vendor and determine if your EHR program has the potential to automatically upcode billing based on EHR documentation.

Fundamentals for Compliance

Establish compliance and practice standards and conduct internal monitoring and auditing to evaluate adherence. Medical coding and billing are complex, and staff must be knowledgeable about many areas pertaining to billing and reimbursement.

Be sure that your coding and billing staff understands local medical review policies and is knowledgeable about practice jurisdictions. Staff must stay current on coding requirements, keep up with industry changes, understand the denial and appeal processes, and be able to identify resources for support.

The RAC auditor can request a maximum of 10 medical records from a provider in a 45-day period. The time period that may be reviewed is three years. Responses are time sensitive, and significant penalties may result if they are not handled properly. RACs are paid on a contingency basis for overpayments and underpayments.

If a recoupment demand is issued and you agree with it, you have the choice of paying by check within 30 days, allowing recoupment from future payments, or requesting an extended payment plan.

You can appeal if you do not agree with the audit findings. Do not confuse the RAC Discussion Period with the appeals process. If you disagree with the RAC determination, detail why you disagree in a discussion letter and file an appeal before the 120th day after the demand letter. Send correspondence to the RAC via certified mail.

What to Do If You Are Audited

Most importantly, do not ignore a letter from the RAC auditor.

It is recommended that an attorney assist you with your response to a RAC audit. The Doctors Company provides RAC audit legal assistance for members as part of MediGuard®, the regulatory risk coverage that is part of your medical liability policy. To report an administrative or regulatory action, submit a completed MediGuard® Claim Form.

For assistance or questions, please contact the Department of Patient Safety and Risk Management at (800) 421-2368 or by email.


The guidelines suggested here are not rules, do not constitute legal advice, and do not ensure a successful outcome. The ultimate decision regarding the appropriateness of any treatment must be made by each healthcare provider considering the circumstances of the individual situation and in accordance with the laws of the jurisdiction in which the care is rendered.

J00231 07/23

Stay in the Know

Sign up for The Doctor’s Practice.

Our e-newsletter features timely articles, videos, and guides on a range of patient safety topics.

Subscribe