Avoid Being Put on the RAC: Be Prepared for a Recovery Audit Contractor Audit

Kathleen Stillwell, MPA, RN, Senior Patient Safety Risk Manager

The Centers for Medicare and Medicaid Services (CMS) Medicare Fee for Service (FFS) Recovery Audit Program’s mission is to identify and correct Medicare improper payments through the efficient detection and collection of overpayments made on claims of healthcare services provided to Medicare beneficiaries, and the identification of underpayments to providers so that the CMS can implement actions that will prevent future improper payments in all 50 states.1

The Medicare FFS Recovery Audit Program was a demonstration project required by the Medicare Prescription Drug, Improvement, and Modernization Act of 2003. CMS conducted a demonstration project from March 2005 to March 2008 to determine if recovery auditors could identify improper payments for claims paid under Medicare Parts A and B. The demonstration established that recovery auditors were successful in the identification and prevention of improper Medicare payments. The Social Security Act authorized the Recovery Audit Program expansion nationwide in January 2010. The Recovery Audit Program has been expanded to include Medicare Parts C and D.

Any medical practice submitting claims to a government program may contend with a Medicare Recovery Audit Contractor (RAC) to conduct audits. RAC audits are not one-time or intermittent reviews; they are part of a systematic and concurrent operating process created to ensure compliance with Medicare’s clinical payment criteria and documentation and billing requirements.

The RACs use proprietary software programs to identify potential payment errors in areas such as duplicate payments, fiscal intermediaries’ mistakes, medical necessity, and coding. RACs also conduct medical record reviews. RACs are required to employ a staff consisting of nurses, therapists, certified coders, and a physician medical director.

The CMS report, Recovery Auditing in Medicare Fee-for-Service for Fiscal Year 2015 identified $359.73 million in overpayments collected and $80.96 million in underpayments repaid to providers. This represents an 82.8 percent decrease from payment corrections in Fiscal Year 2014, which were $2.57 billion.2

The RACs detect and correct past improper payments so that CMS can implement actions that will prevent future improper payments. CMS anticipates the following benefits:

  • Providers can avoid submitting claims that do not comply with Medicare rules.
  • CMS can lower its error rate.
  • Taxpayers and future Medicare beneficiaries are protected.

Who Is Subject to a RAC Audit?

  • Hospitals
  • Physician practices.
  • Nursing homes.
  • Home health agencies.
  • Durable medical equipment suppliers.
  • Any provider or supplier that submits claims to Medicare.

Who Is the RAC Auditor?

CMS contracted with RAC auditors for five regions in the United States. Each region has a designated RAC. It is important to identify the RAC auditor in your region. Never ignore a letter from one of these organizations. CMS awarded new FFS RAC contracts on October 31, 2016, to the following organizations:

Region 1: Performant Recovery, Inc.

Region 2: Cotiviti, LLC

Region 3: Cotiviti, LLC

Region 4: HMS Federal Solutions

Region 5: Performant Recovery, Inc.

The RAC for Region 5 is a national contract to perform audits of durable medical equipment, prosthetics, orthotics, and supplies claims, as well as home health and hospice claims.

The Medicare FFS RAC contact information and regional states are available on the CMS website.

What Does the RAC Review?

The RAC reviews claims on a post-payment basis and limits review to claims that were paid within the past three years. There are three types of review processes:

  • Automated—no medical record needed.
  • Semi-automated—claims review using data and potential human review of a medical record or other documentation.
  • Complex—medical record required.

What Can You Do to Prepare for a RAC Audit?

Assess your risk for billing issues by performing an internal audit of your own billing practices. Follow these tips when performing your audit:

  • Assign a knowledgeable member of your staff to review your billing processes and develop a billing compliance plan. Consider hiring a contractor for this task.
  • Identify billing issues, track denied claims, look for patterns, and determine what corrective actions you need to take to avoid improper payments.
  • Review for circumstances that can lead to common billing errors, including:
    • Inadequately trained staff.
    • Lack of time.
    • Not following recommendations in Federal Register bulletins.
    • Not consulting Health and Human Services bulletins.
    • Misinterpreting rules.
    • New staff/new billing company.
  • Include these areas in your assessment and monitoring plan:
    • Review the categories of claims denied in earlier RAC audits.
    • Keep abreast of notifications on the CMS website.
    • Review the Office of Inspector General (OIG) annual work plan to identify audit areas.
    • Monitor RAC progress on regional RAC web postings.

Potential Issues with Electronic Health Records

The OIG is studying the link between electronic health record (EHR) systems and coding for billing. There is a concern that some EHR systems may generate up-coded billing through automatically generated detailed patient histories, cloning (when you cut and paste the same examination findings), and templates filled in to reflect a more thorough or complex examination/visit. Review these issues with your EHR vendor, and determine if your EHR program has the potential to automatically up-code billing based on EHR documentation.

Fundamentals for Compliance

Establish compliance and practice standards, and conduct internal monitoring and internal auditing to evaluate adherence. Medical billing is complex. Billers and coders must be knowledgeable about many areas pertaining to billing and reimbursement.

Be sure that your billing staff understands local medical review policies and is knowledgeable about practice jurisdictions. Billing personnel must stay current on coding requirements, keep up with industry changes, understand the denial and appeal processes, and be able to identify resources for support.

The RAC can request a maximum of 10 medical records from a provider in a 45-day period. The time period that may be reviewed has changed from four years to three years. Responses are time sensitive, and significant penalties may result if they are not handled properly. RACs are paid on a contingency basis for overpayments and underpayments. If a recoupment demand is issued and you agree with it, you have the choice of paying by check within 30 days, allowing recoupment from future payments, or requesting an extended payment plan.

There is an appeal process if you do not agree with the audit findings. Do not confuse the RAC Discussion Period with the appeals process. If you disagree with the RAC determination, in addition to sending the discussion letter detailing why you disagree with the findings, you will need to file an appeal before the 120th day after the demand letter. Send correspondence to the RAC via certified mail.

What to Do If You Are Audited

Do not ignore a letter from the RAC auditor.

It is recommended that an attorney assist you with your response to a RAC audit. The Doctors Company provides RAC audit legal assistance for members as part of MediGuard®, the regulatory risk coverage that is part of your medical liability policy.

For assistance or questions, please contact The Doctors Company Patient Safety and Risk Management Department at 800.421.2368.


  1. Centers for Medicare & Medicaid Services. Medicare Fee for Service Recovery Audit Program. https://www.cms.gov/Research-Statistics-Data-and-Systems/Monitoring-Programs/Medicare-FFS-Compliance-Programs/Recovery-Audit-Program/index.html. Accessed January 5, 2018.
  2. Report to Congress: Recovery Auditing in Medicare Fee-For-Service for Fiscal Year 2015. https://www.cms.gov/Research-Statistics-Data-and-Systems/Monitoring-Programs/Medicare-FFS-Compliance-Programs/Recovery-Audit-Program/Downloads/FY2015-Medicare-FFS-RAC-Report-to-Congress.pdf Accessed January 5, 2018.

The guidelines suggested here are not rules, do not constitute legal advice, and do not ensure a successful outcome. The ultimate decision regarding the appropriateness of any treatment must be made by each healthcare provider considering the circumstances of the individual situation and in accordance with the laws of the jurisdiction in which the care is rendered.

J11361 01/18