Are You Prepared for a Medicare Recovery Audit Contractor (RAC) Audit?

Kathleen Stillwell, MPA/HSA, RN, Senior Patient Safety Risk Manager, The Doctors Company

The mission of the Centers for Medicare and Medicaid Services (CMS) Medicare Fee for Service (FFS) Recovery Audit Program is to identify and correct improper payments made on claims for healthcare services provided to Medicare beneficiaries. In January 2010, the Social Security Act authorized the Recovery Audit Program expansion nationwide and extended it to Medicare Parts C and D. 

Any medical practice submitting claims to a government program can be subject to a Medicare Recovery Audit Contractor (RAC) audit. RAC audits—which may be triggered by an innocent documentation error—are not one-time or intermittent reviews. They are part of a systematic and concurrent operating process created to ensure compliance with Medicare’s clinical payment criteria and documentation and billing requirements. The RACs are charged with finding “improper payments”—which could be either an underpayment or an overpayment.

The RACs use proprietary software programs to identify potential payment errors in areas such as duplicate payments, fiscal intermediaries’ mistakes, medical necessity, and coding. RACs also conduct medical record reviews and are required to employ a staff consisting of nurses, therapists, certified coders, and a physician medical director.

The appendices of the CMS report Recovery Auditing in Medicare Fee-for-Service for Fiscal Year 2018 identified $89 million in overpayments, recovering $73 million during that fiscal year. This represents a substantial decrease in payment corrections from prior years. The fiscal year 2015 report identified $359.73 million in overpayments and $80.96 million in underpayments repaid to providers.

The RACs detect and correct past improper payments so that CMS can implement actions to prevent future improper payments. CMS anticipates the following benefits:

  • Providers can avoid submitting claims that do not comply with Medicare rules.
  • CMS can lower its payment error rate.
  • Taxpayers and future Medicare beneficiaries are protected.

The following entities are subject to RAC audits:

  • Hospitals
  • Physician practices.
  • Nursing homes.
  • Home health agencies.
  • Durable medical equipment suppliers.
  • Any provider or supplier that submits claims to Medicare or a government program.

CMS contracted with RAC auditors for five regions in the United States and designated one for each region. It is important to identify the RAC auditor in your region so you can promptly address correspondence from them. CMS has awarded FFS RAC contracts to the following organizations:

Region 1: Performant Recovery, Inc.

Region 2: Cotiviti, LLC

Region 3: Cotiviti, LLC

Region 4: HMS Federal Solutions

Region 5: Performant Recovery, Inc.

The RAC auditor for Region 5 has a national contract to perform audits of durable medical equipment, prosthetics, orthotics, and supplies claims, as well as home health and hospice claims.

A list of Medicare FFS RAC contact information and regional division of states is available on the CMS website.

The RAC, which reviews claims on a post-payment basis paid within the past three years, conducts three types of reviews:

  • Automated—no medical record needed.
  • Semi-automated—claims review using data and potential human review of a medical record or other documentation.
  • Complex—medical record required.

CMS provides a sortable list of RAC audit issues on its Approved RAC Topics and Proposed RAC Topics pages. These are updated regularly.

Assess your risk for coding and billing issues by performing an internal audit of your own practices. Check that all billing codes are supported with appropriate documentation in the medical record. Additionally, follow these strategies when performing your audit:

  • Consider hiring a contractor or assign a knowledgeable member of your staff to review your coding and billing processes and develop a compliance plan.
  • Identify coding and billing issues, track denied claims, look for patterns, and determine what corrective actions are needed to avoid improper payments.
  • Review for circumstances that can lead to common coding and billing errors, including:
    • Inadequately trained staff.
    • Lack of time.
    • Not following recommendations in Federal Register
    • Not consulting Health and Human Services bulletins.
    • Misinterpreting rules.
    • New staff/new billing company.
  • Include these areas in your assessment and monitoring plan:
    • Review the categories of claims denied in earlier RAC audits.
    • Keep abreast of notifications on the CMS website, including approved and proposed audit topics.
    • Review the Office of Inspector General (OIG) annual Work Plan to identify audit areas.
    • Monitor RAC progress on regional RAC web postings.

Potential Issues with Electronic Health Records

The OIG is studying the link between electronic health record (EHR) systems and coding for billing. There is a concern that some EHR systems may generate upcoded billing through automatically generated detailed patient histories, cloning (when examination findings are copied and pasted), and templates filled in to reflect a more thorough or complex examination/visit. Review these issues with your EHR vendor and determine if your EHR program has the potential to automatically upcode billing based on EHR documentation.

Fundamentals for Compliance

Establish compliance and practice standards and conduct internal monitoring and auditing to evaluate adherence. Medical coding and billing are complex, and staff must be knowledgeable about many areas pertaining to billing and reimbursement.

Be sure that your coding and billing staff understands local medical review policies and is knowledgeable about practice jurisdictions. Staff must stay current on coding requirements, keep up with industry changes, understand the denial and appeal processes, and be able to identify resources for support.

The RAC auditor can request a maximum of 10 medical records from a provider in a 45-day period. The time period that may be reviewed is three years. Responses are time sensitive, and significant penalties may result if they are not handled properly. RACs are paid on a contingency basis for overpayments and underpayments.

If a recoupment demand is issued and you agree with it, you have the choice of paying by check within 30 days, allowing recoupment from future payments, or requesting an extended payment plan.

If you do not agree with the audit findings, there is an appeal process. Do not confuse the RAC Discussion Period with the appeals process. If you disagree with the RAC determination, detail why you disagree in a discussion letter and file an appeal before the 120th day after the demand letter. Send correspondence to the RAC via certified mail.

What to Do If You Are Audited

Most importantly, do not ignore a letter from the RAC auditor.

It is recommended that an attorney assist you with your response to a RAC audit. The Doctors Company provides RAC audit legal assistance for members as part of MediGuard®, the regulatory risk coverage that is part of your medical liability policy. To report an administrative or regulatory action, submit a completed MediGuard® Claim Form.

For assistance or questions, please contact The Doctors Company Patient Safety and Risk Management Department at patientsafety@thedoctors.com or (800) 421-2368.


The guidelines suggested here are not rules, do not constitute legal advice, and do not ensure a successful outcome. The ultimate decision regarding the appropriateness of any treatment must be made by each healthcare provider considering the circumstances of the individual situation and in accordance with the laws of the jurisdiction in which the care is rendered.

J12722 03/21