RAC Audits - Federal Lawyer

RAC Audits

Legal Advice and Representation for Healthcare Professionals Under Audit

RAC Audits

Every year, Medicare pays billions of dollars in false and fraudulent claims. The federal Medicare system is so vast – and the billing rules and regulations are so complex – that even with their vast resources, the Centers for Medicare and Medicaid Services (CMS) and the Department of Health and Human Services (DHHS) are unable to effectively police participating providers on their own.

In need of help, CMS implemented a “fee-for-service” recovery program pursuant to the enabling legislation provisions of the Medicare Modernization Act of 2003. Under this program, CMS pays private government contractors to identify providers that appear to be engaging in Medicare fraud, to audit these providers, and to seek recoupments for fraudulently-billed claims. There are several different classifications of these contractors, each with its own unique scope of authority.

Recovery Audit Contractors, or RACs, perform audits on invoices submitted to Medicare and Medicaid. The Centers for Medicare and Medicaid Services (CMS) implemented the RAC Audit program in 2010 as part of an effort to detect and address previous incorrect payments and curb improper payments in the future. Anyone who submits invoices to CMS on a pay-for-services basis may be reviewed pursuant to a RAC audit, including doctors, healthcare service providers, medical equipment suppliers, hospitals and medical facilities. However, RAC audits are limited in scope. They only analyze data for claims that have already been paid and they only look back three years from the date of payment.

RAC audits can have additional consequences as well, and providers that are facing audits must be cautious to mitigate the risks of facing an unfavorable audit determination.

Put our highly experienced team on your side

Dr. Nick Oberheiden
Dr. Nick Oberheiden



John W. Sellers
John W. Sellers

Former Senior Trial Attorney
U.S. Department of Justice

Local Counsel

Joanne Fine DeLena
Joanne Fine DeLena

Former Assistant U.S. Attorney

Local Counsel

Joe Brown
Joe Brown

Former U.S. Attorney & Former District Attorney

Local Trial & Defense Counsel

Amanda Marshall
Amanda Marshall

Former U.S. Attorney

Local Counsel

Aaron L. Wiley
Aaron L. Wiley

Former Federal Prosecutor

Local Counsel

Roger Bach
Roger Bach

Former Special Agent (OIG)

Michael Koslow
Michael Koslow

Former Supervisory Special Agent (FBI)

Chris Quick
Chris Quick

Former Special Agent (FBI & IRS-CI)

Kevin M. Sheridan
Kevin M. Sheridan

Former Special Agent (FBI)

Ray Yuen
Ray Yuen

Former Supervisory Special Agent (FBI)

Dennis A. Wichern
Dennis A. Wichern

Former Special Agent-in-Charge (DEA)

As a healthcare provider that participates in Medicare, you expect your Medicare billings to be subject to review. Indeed, this is something that all providers have come to expect over the last couple of decades, as the costs of Medicare fraud have skyrocketed and the federal government has enhanced its efforts to combat Medicare waste and abuse. You have a compliance program in place; but, is it enough? Are you certain that you are compliant with the most-current Medicare billing regulations (and that you have fully complied with prior versions in the past)? Even if you are, will this be enough to prevent an unfavorable determination during a Medicare audit?

Under federal law, an improper billing does not have to be intentional in order to lead to liability. RACs can review up to six years of past billing records – revised from three years under the recently-issued final rule for Reporting and Returning of Overpayments. They can seek recoupment of any amounts that they believe – based upon their auditing standards and methodologies – were paid in noncompliance with the Medicare Claims Processing Manual or other applicable standards. Unfortunately, mistakes are common, and providers who fail to adequately protect themselves during the audit process routinely find themselves forced to challenge unfavorable RAC determinations through the protracted audit appeals process.

However, the risk of being forced to pay recoupments for overbilled amounts is only one aspect of facing an RAC audit. There are two much larger considerations as well:

  • Due to the fee-for-service model, RACs tend to aggressively pursue allegations of overpayments, and they will often incorrectly assert that recoupments are due.
  • If an RAC accuses a provider of falsely or fraudulently billing Medicare, the provider can face additional financial penalties (beyond recoupments), loss of federal program eligibility, and possibly even criminal prosecution by the U.S. Department of Justice (DOJ).

As a result, when facing an RAC audit, healthcare providers need to take a cautious and strategic approach. While there is an appeals process for fee-for-service contractor audits, the process can be costly, and the first several stages of appeal involve taking your case before other audit contractors and administrative bodies. In fact, it is not until the fifth level of appeal that healthcare providers who have been unjustly accused of overbilling Medicare get their day in court. Taking a proactive approach is the best way to minimize the consequences of an RAC audit, and this starts with hiring experienced federal healthcare defense attorneys who can spot the flaws in RAC auditors’ calculations and ensure that the appropriate Medicare standards are applied to each of your billings that is subject to review.

How Does a RAC Audit Work?

dental medicaid audit

Every RAC team includes certified coders, nurses, therapists and at least one certified medical director (CMD) physician. RAC review is divided up regionally, with different RACs covering specific regions of the country. While all RACs rely on the same coding and billing policies, medical standards, and Medicare regulations, each RAC is responsible for designing its own auditing software and database. CMS supplies the RACs with claim files from their respective regions, and the RACs then scan the billing data for both overpayments (usually caused by improper billing codes or medically unnecessary charges) and underpayments.

RAC audits may be either “automated” or “complex.” An automated review simply runs billing data through the RAC’s software program and essentially amounts to data mining. Automated reviews search for facially evident errors in the claims, such as non-covered services or clearly incorrect coding. A complex review involves human review of patient medical files and are used to address situation where coverage of services is unclear or where the Medicare policy is ambiguous.

During the audit process, the business or practitioner undergoing the audit will have a chance to converse with the auditors about the apparent improper payments. If an RAC audit determines that there exists evidence of overpayment, the RAC will issue a demand letter detailing their findings and the amount of overpayment.

Once you have received the RAC’s demand letter, you may either agree to repay any discrepancies or you may appeal the findings. If you accept the RAC’s determination, you have several options for repayment. You may pay the amount in one lump sum, you may agree to withholdings from future CMS payments, or you may apply for a long-term repayment plan.

What Can I Do If I Receive an Unfavorable RAC Determination?

The RAC program has a five-tiered appellate process for business or practitioners that wish to challenge a determination. An appeal may advance legal defenses to the adverse determination, may seek to justify medical necessity for claims that were deemed unnecessary, or may attack the RAC’s procedures or extrapolation.

Redetermination. A provider who wishes to dispute the RAC’s initial determination may file an appeal for a redetermination within 120 days. The redetermination will be assessed by the Medicare Fiscal Intermediary (FI) who processed the original disbursement. The FI then has 60 days to consider the appeal and issue a redetermination decision.

Reconsideration. Adverse redeterminations may be contested through a second level of appeal called a reconsideration. Reconsiderations are submitted to Qualified Independent Contractors (QICs), who are neutral arbiters that did not participate in the redetermination decision. A request for reconsideration must be filed within 180 days from receipt of the redetermination decision, and the QIC has 60 days to return a decision.

Administrative Law Judge Hearing. Unlike a redetermination or a reconsideration, the third level of RAC audit appeal involves a hearing and has a minimum amount in controversy requirement. The amount in controversy threshold is adjusted annually; in 2016 it was $150. The hearing is in front of an administrative law judge (ALJ) and may be conducted in person or via video-conference or telephone. An ALJ hearing must be requested within 60 days of receipt of the reconsideration and the ALJ has 90 days to issue a decision on the appeal.

Medicare Appeals Counsel Review. An adverse ALJ decision may be appealed to the Medicare Appeals Counsel (MAC) within 60 days of issuance. The MAC must issue its determination within 90s of the request for review; if the MAC misses this deadline, the provider may seek to have the appeal forwarded directly to the fifth and last stage of appeal, judicial review.

Judicial Review. The final stage of the RAC audit appeals process is judicial review by a federal district court. As a prerequisite for review, the appeal must be filed within 60 days of the MAC decision and there is an amount in controversy threshold. The amount in controversy requirement is adjusted every year; in 2016 the minimum amount was $1,500.

If you have received an adverse RAC audit determination, you should contact an experienced healthcare defense attorney today to discuss your options.

Understanding Your RAC Audit

1. An RAC Audit Can Cover Three Years of Medicare Part A and B Billing Records

RAC audits can be invasive and disruptive procedures. Recovery Audit Contractors have the ability to review up to three years of billing records for Medicare Part A and B, and also for Medicaid. For large facilities and busy pharmacies and medical practices, this can potentially mean tens of thousands of records are subject to review.

2. RACs Prioritize Uncovering Overpayments as Opposed to Identifying Underpayments

Despite the stated policy of CMS’s fee-for-service recovery program to identify both overpayments and underpayments, RACs greatly prioritize uncovering overpayments during the audit process. Once again, this is due to CMS’s contingency-fee payment structure, which provides a clear financial incentivize for RACs to claim the largest net overpayment possible.

3. The RAC Audit Process is Fallible

Recovery Audit Contractors rely on both technological resources and human auditors, both of which are prone to error. As a result, healthcare providers cannot simply take RACs at their word, and they cannot assume that the RAC audit process will end in a fair and just result. If you question an auditor’s methods or conclusions, there is a good chance that you have a very good reason for doing so. Mitigating the consequences of an RAC audit requires the ability to spot these types of issues and the ability to effectively communicate with RAC personnel about flaws in the audit process.

4. RAC Auditors Do Not Always Apply the Correct Medicare and Medicaid Billing Standards

One of the most common mistakes that RAC auditors make is applying the incorrect Medicare and Medicaid billing standards. Healthcare providers are only subject to the billing rules and regulations that apply when they actually bill the federal government; yet, RAC auditors frequently seek recoupments based on outdated or subsequently-enacted billing standards. Healthcare providers facing RAC audits must carefully review all audit determinations in order to confirm that:

  • the RAC is not applying superseded Medicare or Medicaid billing regulations to recent billings; and,
  • the RAC is not applying currently-effective Medicare or Medicaid billing standards to reimbursement requests from prior months or years.

5. If You Receive an Unfavorable Audit Determination – You Only Have a Limited Amount of Time to File an Appeal

As we already mentioned, when facing an RAC audit, healthcare providers should not wait to rely on the appeals process. Preventing an unfavorable determination is a far better (and less costly) option, and it also eliminates the uncertainty of going through the appeals process.

But, if you find yourself in a situation where you need to file an appeal, it is important to understand that deadlines apply. For the first stage of appeal – redetermination by a Fiscal Intermediary (FI) – the deadline to file is 120 days. However, recoupment liability can accrue within as little as 30 days; and, as a result, healthcare providers will often need to file quickly in order to avoid paying recoupments that are not actually due.

6. An Unfavorable RAC Audit Can Potentially Lead to Federal Prosecution

While RACs are private contractors, they work closely with CMS, and the information they supply to the government can lead to civil, or even criminal, charges. The DOJ, CMS, DHHS and other federal agencies all pursue cases of Medicare fraud and abuse, and they often rely heavily on RACs and other private parties to supply the information they need to launch investigations. Just as an audit does not have to lead to liability, a federal investigation does not have to lead to federal charges. However, to reduce your risk of facing treble (triple) damages, fines, loss of program eligibility, federal incarceration, and other penalties, it is critical to intervene in your audit or investigation and try to prevent charges from being filed.

7. You Can Influence the Outcome of Your RAC Audit, and an Experienced Attorney Can Help

As the foregoing discussion suggests, healthcare providers can – and should – influence the outcome of their RAC audits. Auditors do not operate in a vacuum, and they are not entitled to draw unjustified conclusions in order to increase the liability of any provider. Just as misinterpreting the Medicare or Medicaid billing records is not an excuse for overbilling the federal government (though it may provide a defense to criminal prosecution for healthcare fraud), it is also not an excuse for RACs to make mistakes. Accountability in the RAC audit process is critical, and this is one crucial area where a law firm with extensive experience in healthcare audits and investigations can help.

My Business or Practice is Being Audited. What Should I Do Now?

If your healthcare business or medical practice has been contacted by a Recovery Audit Contractor, there are several steps that you should begin taking as quickly as possible. A comprehensive defense strategy for an RAC audit should include:

  • Communications – All personnel within your organization should be instructed on appropriate communications with the RAC, and appropriate employees should be designated as exclusive points of contact for funneling all inbound and outbound communications. RAC auditors should also be instructed to refer relevant communications to the organization’s legal counsel.
  • Internal Assessment – It is always better to know what RAC auditors will find before they find it. Healthcare providers facing RAC audits should conduct thorough internal assessments of their billing records, policies, and procedures to determine whether any billing violations may have occurred.
  • Disclosure – In many circumstances, proactively addressing billing errors with auditors (and federal investigators) is the best way to mitigate the negative consequences of a Medicare or Medicaid inquiry. Honest mistakes are common, and both disclosing known issues and demonstrating that proactive measures are being taken to prevent future errors can significantly reduce the risk of facing federal charges. However, this requires a careful assessment of all of the potential legal implications, and is an issue that must be discussed with legal counsel.
  • Intervention – Intervening in an audit in order to challenge the use of inapplicable billing standards, faulty calculations, and other issues can help prevent an unnecessary unfavorable outcome. However, a tactful approach is critical, and providers need to be certain that their conclusions are correct.

How We Protect Healthcare Providers During RAC Audits

RAC Audit

There are several steps we can take to help protect healthcare providers during RAC audits. Our comprehensive approach starts with intervening in the audit process immediately, and reviewing the RAC’s actions to date in order to determine whether any legal violations or substantive errors have accrued. We have a multi-faceted approach to RAC audit defense.

  • We conduct an internal assessment to identify any issues that may surface as a result of the RAC audit.
  • We work to identify safe harbors, statutory exceptions, and specific Medicare billing guidelines that apply to our clients’ billing practices and financial relationships.
  • We work closely with executive leadership and providing training to key personnel regarding appropriate and inappropriate communications with RAC auditors.
  • We take action when RAC auditors exceed the scope of authority granted in their mandate from CMS.
  • We identify and challenge RAC auditors’ flawed methodologies and conclusions, and ensure that selective review of a provider’s Medicare billing records does not lead to a faulty audit determination.
  • We ensure that RAC auditors are applying the appropriate Medicare billing regulations, and not applying outdated regulations to current billings or current regulations to past billings.
  • We preserve issues for appeal in the event of an unfavorable audit determination resulting in recoupments, prepayment review, program exclusion, and/or other penalties.

FAQs: Answers from Our Experienced Healthcare Fraud Defense Attorneys

Q: Are RAC auditors qualified to assess the legal propriety of my healthcare company’s Medicare billing records?


In order to help ensure that the outcomes of RAC audits are as accurate as possible, CMS requires all Recovery Audit Contractors to employ personnel who are expected to be experts in various facets of the Medicare billing system. This includes certified coders, nurses, therapists, and a physician contractor medical director (CMD). Unfortunately, mistakes during the RAC audit process remain common, and providers frequently find themselves forced to challenge flawed liability determinations.

Q: What is involved in an RAC audit?


There are three types of RAC audits: automated, semi-automated, and complex. An automated audit does not involve review of the provider’s medical records. However, a semi-automated review may involve manual review of records by RAC personnel, and a complex audit can entail a comprehensive and invasive in-person review that can significantly disrupt your company’s day-to-day operations. Auditors may request to speak with billing personnel and other key employees as well; and, while providers are entitled to information about their audits, the process is often not as transparent as most providers would expect. These are among the numerous reasons why intervention and legal representation are critical, and why all providers need to be prepared to take proactive measures to protect themselves during the audit process.

Once the auditors have completed their review and the required discussion period has passed, the RAC will issue a determination of liability. If the RAC determines that recoupments are owed, the provider must pay quickly (or quickly file an appeal) in order to avoid interest and other penalties.

Q: Who are the RACs?


The Centers for Medicare and Medicaid Services (CMS) awarded the current RAC contracts to the following entities:

  • Region 1 (Northeast) – Performant Recovery, Inc.
  • Region 2 (South and Central States) – Cotiviti, LLC
  • Region 3 (Eastern Seaboard and Southeast) – Cotiviti, LLC
  • Region 4 (West Coast, Midwest, and Northwest) – HMS Federal Solutions
  • Region 5 (Nationwide for Durable Medical Equipment (DME) and Home Health/Hospice (HHH) Services) – Performant Recovery, Inc.

More information about the current RACs is available from CMS: Medicare Fee for Service Recovery Audit Program.

Q: What is meant by the “fee-for-service” audit recovery program?


The “fee-for-service” audit recovery program means that RACs are paid on a contingency-fee basis. In other words, they are financially-incentivized to identify overpayments from Medicare, and they have no direct financial incentive to award underpayments to healthcare providers. During the 2015 fiscal year, RACs collected nearly $360 million in overpayments while awarding just $81 million in underpayments. From 2010 to 2015, RAC audits have resulted in liability of more than $8.9 billion for healthcare providers nationwide.

Q: Can an attorney help prevent an unfavorable RAC audit determination?


Potentially, yes. An attorney who has intimate knowledge of the Medicare billing regulations and who has extensive experience in healthcare fraud defense will be able to identify flaws in RAC auditors’ processes and procedures and challenge inaccurate findings before they are formalized in a final determination. While one option is to let the audit run its course and then file an appeal, the less-risky (and typically less-expensive) option is to take a proactive approach to defending against a RAC audit. The goal to this approach is to avoid the need to rely on the appellate process.

Q: What should I expect if I need to file an appeal?


If you have already received an unfavorable audit determination, or if it is too late to prevent the imposition of recoupment liability by a RAC, you will need to promptly begin preparations to file your appeal. We have covered what healthcare providers need to know about the appeals process in a separate set of Medicare Appeal FAQs.

Q: Can a RAC impose penalties besides recoupment of overbilled claims?


Yes. In addition to demanding recoupments, Recovery Audit Contractors can also deny payment of pending reimbursement claims and initiate prepayment review. These can lead to substantial cash flow issues for providers who rely on regular reimbursements from Medicare. If a RAC finds evidence of healthcare fraud, it can also refer providers to CMS, the U.S. Department of Justice (DOJ), the Office of Inspector General (OIG), and other federal authorities – and these referrals can lead to federal investigations that may ultimately result in civil or criminal charges.

5 Reasons to Choose Oberheiden, P.C.

With your business’s financial stability and Medicare eligibility potentially on the line, you need to take a serious approach to your RAC audit defense. This means hiring seasoned legal representation, and choosing a firm with the experience needed to effectively overcome any RAC auditor mistakes and aggressive use of authority. At Oberheiden, P.C., we offer you representation against these issues and:

1. Government Experience

Several of our attorneys spent decades working in the DOJ, the U.S. Attorney’s Office, and other federal law enforcement agencies prior to entering private practice. We know what RAC auditors are looking for, and we know what it takes to successfully fend off a federal investigation.

2. Results

As a function of our former government lawyer experience, we can quantify our success. Our goal is to resolve our clients’ audits and investigations without excess liability and without the government lodging civil or criminal charges.

3. Recognition

Our senior attorneys hold significant government experience and their exclusive practice focus is on healthcare fraud defense. Managing Partner, Dr. Nick Oberheiden has appeared in television and radio as a contributor in the area of healthcare fraud.

4. Collaborative Approach

Contrary to firms where attorneys work in silos, our attorneys take a collaborative approach that allows each client to benefit from all of our attorneys’ collective government and private practice experience. We do this for our goal that every client receives the very best legal representation we can offer.

5. Hands-On Legal Representation

With our collaborative approach, our client have the opportunity to work directly with our senior attorneys. You will have access to the advice you need when you need it, and we will custom-tailor your RAC audit defense strategy to the specific demands of your business or practice.

Are You Facing An RAC Audit? Contact Oberheiden, P.C. Right Away

The sooner we get involved, the more we can do to help. While every case’s facts are different, our goal is to help resolve your audit without an unjustified determination of liability. Our attorneys offer free initial case assessments. Our team of healthcare fraud defense attorneys is available to take responsive action to your RAC audit immediately.

Trust the experience and expertise of our recovery audit contractor defense attorneys and former federal prosecutors. We are available to speak with you about your RAC audit. We represent healthcare providers in RAC audits and appeals across the county. You can call us 24/7 at 888-680-1745, or request a case assessment online and we will be in touch with you shortly.

If you are under
you should contact us today

Contact the Experienced Attorneys of Oberheiden, P.C. Now for a Confidential Consultation

Contact Us Now