Preparing for RAC Audits

May 1, 2010

Medicare is getting more aggressive with audits through its Recovery Audit Contractor program. Here’s how to assess your billing procedures to avoid audits, and establish a process for when a RAC does come knocking.


Recovery Audit Contractor (RAC) is a term that every Medicare healthcare professional and staff member needs to know. RACs were created as part of CMS’ Medicare Integrity Program. Under this program, CMS must do everything possible to protect and safeguard its funds against fraud, waste, and abuse. For physicians that means CMS is taking all possible steps to ensure that practices are submitting proper claims.

The purpose of a RAC is to audit Medicare claims and determine where there are opportunities to recover incorrect payments from previously paid but noncovered services (including services that were not medically necessary), erroneous coding, and duplicative services. The initial phase of CMS’ Medicare Integrity Program has been completed and, effective January 1, 2010, RACs are now operational in all 50 states.

If you have not yet prepared yourself for a possible audit, now is the time to get your practice ready and have a plan in place for such an occurrence, even if you feel “it couldn’t happen to my practice.” All practices that submit claims to government programs are likely to be reviewed at some point by a RAC.

So where do you start?

First, assess your billing procedures to determine if you are making the kind of billing mistakes that would trigger CMS’ threshold for investigation. RACs use proprietary software to analyze claims based on your practice’s claims history and monthly supplementation. Audits can date back to claims paid after October 1, 2007, so your last 30 months of billing are open for review.

Here are some of the items a RAC is likely to look for:

  • Obvious “black and white” coding errors (such as a well-woman exam billed for a male patient);

  • Medically unnecessary treatment or wrong setting of care where information in the medical record does not support the claim;

  • Claims with a secondary diagnosis assigned as a complication or comorbidity; and

  • Multiple or excessive number of units billed.

Second, your practice should create a consistent process

for responding to all RAC inquiries, to include the names of the staff members who will fulfill audit requests. Appoint a RAC leader who can guide your practice through the auditing process. Having a single individual spearhead the audit process is very important, because once a practice is informed that it is being audited, documents must be submitted within 45 days, or an error is declared and penalties may result.

RAC protocol should be established for every office and an “audit log” developed to track requests for documents, demand letters from CMS, appeal deadlines, and final determinations. Keep accurate records for RAC-based denials (given the unique denial code “M432”), so that an appeal can be properly supported. Practices should appeal as many denials as possible, as Administrative Law Judges will make all final determinations and may be more sympathetic than the RAC.

Finally, be prepared. Conduct a mock audit, and see how a subset of your Medicare claims would hold up to closer scrutiny. Are your records in an easy-to-retrieve format (such as in electronic form), or would the 45-day deadline present problems for your practice? It is recommended that all requested records be submitted on a CD and kept in a scanned format inside the practice, as opposed to off-site record storage, where transfer time must be factored into each request.

Take heart, the RACs were not created to “get” those providers who make occasional billing errors. However, if your Medicare billing process has a systematic “hiccup,” don’t be surprised when a RAC knocks on your door. By preparing your practice ahead of time, you’ll be better equipped to properly answer it.

*(Click here for a list of RACs by region, to find out the name of your Recovery Audit Contractor.)

Susanne Madden, MBA, is founder and CEO of The Verden Group, a consulting and business intelligence firm that specializes in practice management, physician education, and healthcare policy. She can be reached at madden@theverdengroup.com or by visiting www.theverdengroup.com.

Jason E. Lopata, Esq., is Senior Consultant, Legal Services, for The Verden Group. He may be reached via physicianspractice@cmpmedica.com.
This article originally appeared in the May 2010 issue of
Physicians Practice.