By Kathleen Stillwell, MPA/HSA, RN, Senior Patient Safety Risk Manager, The Doctors Company

The mission of the CMS Medicare Fee for Service (FFS) Recovery Audit Program is to identify and correct improper payments made on claims for healthcare services provided to Medicare beneficiaries. In January 2010, the Social Security Act authorized the Recovery Audit Program expansion nationwide and extended it to Medicare Parts C and D.

Any medical practice submitting claims to a government program can be subject to a Medicare Recovery Audit Contractor (RAC) audit. RAC audits—which may be triggered by an innocent documentation error—are not one-time or intermittent reviews. They are part of a systematic and concurrent operating process created to ensure compliance with Medicare’s clinical payment criteria and documentation and billing requirements. The RACs are charged with finding “improper payments”—which could be either an underpayment or an overpayment.

The RACs use proprietary software programs to identify potential payment errors in areas such as duplicate payments, fiscal intermediaries’ mistakes, medical necessity, and coding. RACs also conduct medical record reviews and are required to employ a staff consisting of nurses, therapists, certified coders, and a physician medical director.

According to the CMS report on Improper Payment Rates and Additional Data, between 2012 and 2022, RAC identified improper payments under the Medicare Fee-for-Service program ranging from a high of 12.7 percent in 2014 to a low of 6.26 percent in 2021. Improper payments may include fraud or abuse. Most improper payments are from unintentional errors or insufficient payment documentation.

The RACs detect and correct past improper payments so that CMS can implement actions to prevent future improper payments. CMS anticipates the following benefits:

• Providers can avoid submitting claims that do not comply with Medicare rules.
• CMS can lower its payment error rate.
• Taxpayers and future Medicare beneficiaries are protected.

Who is Subject to a RAC Audit?

The following entities are subject to RAC audits:

• Hospitals.
• Physician practices.
• Nursing homes.
• Home health agencies.
• Durable medical equipment suppliers.
• Any provider or supplier that submits claims to Medicare or a government program.

Who is the RAC Auditor?

CMS contracted with RAC auditors for five regions in the United States and designated one for each region. It is important to identify the RAC auditor in your region so you can promptly address correspondence from them. CMS has awarded FFS RAC contracts to the following organizations:

Region 1: Performant Recovery, Inc.

Region 2: Performant Recovery, Inc.

Region 3: Cotiviti, LLC (Tennessee)

Region 4: Cotiviti GOV Services

Region 5: Performant Recovery, Inc.

The RAC auditor for Region 5 has a national contract to perform audits of durable medical equipment, prosthetics, orthotics, and supplies claims, as well as home health and hospice claims.

CMS provides Medicare FFS RAC contact information and a map outlining the regional division of states.

What Does the RAC Review?

The RAC, which reviews claims on a post-payment basis paid within the past three years, conducts three types of reviews:

• Automated—no medical record needed.
• Semi-automated—claims review using data and potential human review of a medical record or other documentation.
• Complex—medical record required.

CMS provides a sortable list of RAC audit issues on its Approved RAC Topics and Proposed RAC Topics pages. The information on these pages is updated regularly.

What Can You Do to Prepare for a RAC Audit?

Assess your risk for coding and billing issues by performing an internal audit of your own practices. Check that all billing codes are supported with appropriate documentation in the medical record. Additionally, follow these strategies when performing your audit:

• Consider hiring a contractor or assigning a knowledgeable member of your staff to review your coding and billing processes and develop a compliance plan.
• Identify coding and billing issues, track denied claims, look for patterns, and determine what corrective actions are needed to avoid improper payments.
• Review for circumstances that can lead to common coding and billing errors, including:
• Inadequately trained staff.
• Lack of time.
• Not following recommendations in the Federal Register.
• Not consulting the U.S. Department of Health and Human Services bulletins.
• Misinterpreting rules.
• New staff/new billing company.
• Include these areas in your assessment and monitoring plan:
• Review the categories of claims denied in earlier RAC audits.
• Keep abreast of notifications on the CMS website, including approved and proposed audit topics.
• Review the Office of Inspector General (OIG) annual Work Plan to identify audit areas.
• Monitor RAC progress on regional RAC web postings.

Potential Issues with EHRs

The OIG is studying the link between EHR systems and coding for billing. The concern is that some EHR systems may generate upcoded billing through automatically generated detailed patient histories, cloning (when examination findings are copied and pasted), and templates filled in to reflect a more thorough or complex examination/visit. Review these issues with your EHR vendor and determine if your EHR program has the potential to automatically upcode billing based on EHR documentation.

Fundamentals for Compliance

Establish compliance and practice standards and conduct internal monitoring and auditing to evaluate adherence. Medical coding and billing are complex, and staff must be knowledgeable about many areas pertaining to billing and reimbursement.

Be sure that your coding and billing staff understands local medical review policies and is knowledgeable about practice jurisdictions. Staff must stay current on coding requirements, keep up with industry changes, understand the denial and appeal processes, and be able to identify resources for support.

The RAC auditor can request a maximum of 10 medical records from a provider in a 45-day period. The time period that may be reviewed is three years. Responses are time sensitive, and significant penalties may result if they are not handled properly. RACs are paid on a contingency basis for overpayments and underpayments.

If a recoupment demand is issued and you agree with it, you have the choice of paying by check within 30 days, allowing recoupment from future payments, or requesting an extended payment plan.

You can appeal if you do not agree with the audit findings. Do not confuse the RAC Discussion Period with the appeals process. If you disagree with the RAC determination, detail why you disagree in a discussion letter and file an appeal before the 120th day after the demand letter. Send correspondence to the RAC via certified mail.

What to Do If You Are Audited

Most importantly, do not ignore a letter from the RAC auditor.

It is recommended that an attorney assist you with your response to a RAC audit. The Doctors Company provides RAC audit legal assistance for members as part of MediGuard®, the regulatory risk coverage that is part of your medical liability policy. To report an administrative or regulatory action, submit a completed MediGuard® Claim Form.

For assistance or questions, please contact the Department of Patient Safety and Risk Management at (800) 421-2368 or by email.

The guidelines suggested here are not rules, do not constitute legal advice, and do not ensure a successful outcome. The ultimate decision regarding the appropriateness of any treatment must be made by each healthcare provider considering the circumstances of the individual situation and in accordance with the laws of the jurisdiction in which the care is rendered.