RAC Audit Prep Guide

The Medicare Fee for Service Recovery Audit Program is part of our government’s ongoing effort to safeguard and maintain the quality of our healthcare system.

Given that almost the entire population of the United States relies on federal health programs like Medicare/Medicaid, it is only reasonable to conduct an audit on these healthcare providers every now and then. So any Medicare-certified health service providers are, at any point in time and no matter which state they are in, bound to be subjected to this type of audit.

That said, we have created this guide to help you prepare for this type of audits in the future.

Why are you being audited?

Remember that once you become a Medicare-certified service provider, you have a responsibility to comply with the government’s regulations, criteria, documentation, and even billing requirements. In that sense, these Medicare audit programs are precautionary measures by the government to keep you in check and make sure that you are not violating any rules.

Why you are being audited is not always clear. There are times when some audits are just conducted automatically based on computer analysis (about your claims) or auditors just happen to review your medical charts. So do not be surprised when you suddenly receive a notification that you are being audited.

Nevertheless, an article by the American Academy of Neurology suggests these scenarios that can trigger an automatic audit

  • When incompatible Current Procedural Terminology (CPT) codes are billed on the same day.
  • When you accumulated claim statistics that indicate a higher than the normal frequency for a specific code

There are also cases where complex audits might be necessary. Complex audits are when Recovery Audit Contractors (RAC) have to physically request your chart for further review. An example of a scenario that can trigger a complex audit is when you engage in suspicious activities. These activities can range from unintentional coding or upcoding.

Mandatory Compliance

Every Medicare-certified service provider is required to cooperate and participate in the Recovery Audit Program.    

“provide that the records of any entity participating in the plan and providing services reimbursable on a cost-related basis will be audited as the Secretary determines to be necessary to insure that proper payments are made under the plan”

Sec.1902 [42 U.S.C. 1396a] 

According to this excerpt from the Social Security Laws, a medical service provider like you is subjected to be audited whenever deem necessary.

As for the one who would conduct the audit, the social security act also specified that states need to establish “a program under which the State contracts with 1 or more recovery audit contractors for the purpose of identifying underpayments and overpayments and recouping overpayments…”

This simply means that whichever state you reside in; you are bound to be audited anytime. As for the one who would conduct the audit, we lifted the list of assigned RAC per state from the CMS.  

Read more about it in the succeeding section of this article.

Identify the RAC in your State

To gear up for any upcoming audit in the future, it is advantageous to know which RAC is specifically assigned to your state. Having this information would give you a one-up advantage because you would be able to smoothly communicate and respond to any of their notification if you know their contact details, address, website, mode of communication, and so on.

As of writing, RAC’s responsibilities are divided into two parts. Those who are assigned in Region 1-4 mostly do post-payment reviews while those in Region 5 specifically review Durable Medical Equipment, Prosthetics, Orthotics, and Supplies (DMEPOS) and Home Health / Hospice.

Here is the current RAC as per the Center for Medicare and Medicaid Services website:

RegionStatesWebsitesEmailPhone Number
Region 1Performant Recovery, Inc.CT, IN, KY, MA, ME, MI, NH, NY, OH, RI, and VThttps://performantrac.com/PROVIDERPORTAL.aspxinfo@Performantrac.com1- 866-201-0580
Region 2Cotiviti, LLCAR, CO,  IA, IL, KS, LA, MO, MN, MS, NE, NM, OK, TX, and WIhttps://Cotiviti.com/RACRACInfo@Cotiviti.com1-866-360-2507
Region 3Cotiviti LLCAL, FL, GA, NC, SC, TN, VA, WV, Puerto Rico, and U.S. Virgin Islandshttps://www.Cotiviti.com/RACRACInfo@Cotiviti.com1-866-360-2507
Region 4Cotiviti GOV Services(formerly HMS) AK, AZ, CA, DC, DE, HI, ID, MD, MT, ND, NJ, NV, OR, PA, SD, UT, WA, WY, Guam, American Samoa, and Northern Marianashttps://rac4info.cotiviti.comrac4info@cotiviti.comPart A: 1-877-350-7992Part B: 1-877-350-7993
Region 5DME/HHE/Performant Recovery, Inc.Nationwide for DMEPOS/HHA/Hospicehttps://performantrac.com/PROVIDERPORTAL.aspxinfo@Performantrac.com1-866-201-0580

Every state in the US is part of the recovery audit program because they are mandated by the law to participate in any recovery audit efforts.

“that the State and any such contractors under contract with the State shall coordinate such recovery audit efforts with other contractors or entities performing audits of entities receiving payments under the State plan or waiver in the State, including efforts with Federal and State law enforcement with respect to the Department of Justice, including the Federal Bureau of Investigations, the Inspector General of the Department of Health and Human Services, and the State medicaid fraud control unit”

Sec. 1902[42 U.S.C. 1396a] 

It is crucial to maintain this collaborative and participatory effort between the state and any recovery audit contractor. This would not only curb fraud but would also enrich the quality of our overall healthcare system. Without fraud and abuse, our entire health care system can function more efficiently.

Topics that RAC review

As we have mentioned earlier, audits are mainly conducted to keep you in check and make sure that you are not violating any regulations. Like any private auditing firm, what RAC usually looks for are payment violations.

Based on the CMS website, there are now 174 approved RAC topics. Here are a few examples:

Complex audit

  • 0001 – Inpatient Hospital MS – DRG Coding Validation
  • 0012 – Blood Glucose Monitors: Medical Necessity and Documentation Requirements
  • 0015 – Enteral Nutrition Therapy: Medical Necessity and Documentation Requirements
  • 0020 – Patient Lifts: Medical Necessity and Documentation Requirements
  • 0023 – High Frequency Chest Wall Oscillation Devices: Medical Necessity and Documentation Requirements

Automatic Audit

  • 0011 – Inappropriate Billing of Home Visit Professional Service Evaluation and Management Codes during Inpatient
  • 0014 – Glucose Monitor Supplies When Billed With Same Dates of Service as Glucose Monitor: Unbundling
  • 0022 – Inpatient Psychiatric Admission Billed without Source of Admission Equal to “D”
  • 0042-Evaluation and Management Services for Office or Other Outpatient Visit Billed for Hospital Inpatients: Incorrect Coding
  • 0056 – Evaluation and Management Services in Skilled Nursing Facilities: Incorrect Coding

Preparing for the Audit

Now that you have a general overview of RAC and what it means for you, it is time to start preparing for audits that can come along your way.

Be prepared to respond to RAC

Before you even receive a letter from the RAC, it is important to have a contingency plan already in place. The very basic thing that you should have on your sleeves are

  • RAC point-of-contact from your team
  • Precise address and contact details of your team’s point-of-contact
  • And if possible, an attorney on standby

Remember that you only have a month or so to respond to any letter from RAC. If you fail to respond within their deadline, then they might just finalize that you were overpaid regardless of your case.

Conduct Internal Audit Regularly

One of the reasons why some clinics or institutions are subjected to audit is due to lack of oversight. Regardless of whether it is intentional or not, any billing mistakes or suspicious activities can trigger a RAC audit.

With that in mind, the best thing to do is make sure that you are always in compliance by conducting internal audits regularly. This would help you spot any errors in advance and give you time to implement corrective action to avoid audits.

Conducting these internal audits regularly would also give you a one step ahead should you ever receive any notification from the RAC in the future. If ever RAC request your medical records, then you can immediately show proof that you are always in compliance.

Responding to the RAC

Generally, many Medicare providers hire an attorney or get legal assistance once they receive a formal letter from RAC.

To give you a brief background on the general RAC process, here are some of the things that you should know

Notification from RAC

Once you receive a notification letter, this means that you need to send their requested records or documents. These documents would help them determine whether you are in violation or not.

Other times, the RAC would also send you a notification requesting a recovery auditor to visit you and see your medical records in person. That is why we mentioned earlier that you should have a point of contact specifically dedicated to addressing and responding to all these concerns from RAC.

Recovery Audit Programs’ Discussion Period

This is the period when RAC determines that you received an overpayment. They would send you a demand letter in which you can decide whether you would repay or file an appeal. 

If you choose the latter, then you now have a chance to disagree and prove their determination otherwise. You need to respond with a discussion letter and file an appeal within the 120 days you received the demand letter.

Appeals Process

For simplification purposes, we would simply list the three levels of appeal and their deadlines in this section.

Level 1:

A Request for Reconsideration with supporting documents must be filed within 60 days from the Notice of Improper Payment (NIP) issuance date. Otherwise, payment collection would be initiated.

Level 2

To request a CMS Hearing Official Review, you must file it within the 30 days the Reconsideration decision was issued.

Level 3:

If you are still not satisfied with the hearing officials’ decision, you can request a CMS Administrator Review. It should be filed within the 30 days the hearing officer issued their decision. The administrator’s decision is final.

Learn from It

Once you managed to successfully go through an audit without any violations, then you should rethink your practice’s current payment and admin system. The main reason why you were audited in the first place is because of your current system; so maybe it is time to make some changes and make the process more effective and efficient.

Look for patterns and determine whether you should implement corrective actions to avoid audits in the future. This way, you can brief your staff and have them attend training/seminars when necessary. Because while they are already an expert in the field, there are bound to be mistakes and mishaps due to human error.

So it is important that you are not the only one who is aware of an impending RAC anytime. Your staff and the entire team need to be aware of this information so that they would be more careful every time they use codes, provide services, bill patients, etc.


We hope you gain insights from this article. To learn more about the Recovery Audit Program, we highly encourage you to check the official website of the Center for Medicare & Medicaid Services.

Ultimately, the best way to prepare for a RAC audit is to have a dedicated team member assigned for this matter. This way, there would be accountability and there would always be someone who can respond to any notification from the RAC.