Experienced Healthcare Defense Attorney Helping Health Care Providers Prepare for RAC Audits
While most health care providers do their best to ensure that they remain in compliance with Medicare’s strict and constantly-changing requirements for services and medical equipment reimbursement, widespread fraud in the early 2000s prompted the Centers for Medicare and Medicaid Services (CMS) to take an aggressive approach to combat overpayments and fraudulent billings. This approach remains in effect to this day, and it includes a “fee-for-service” recovery program under which private contractors known as Recovery Audit Contractors (RACs) get paid to help the government identify and prosecute health care entities suspected of Medicare fraud.
If your business or practice has been contacted by a Recovery Audit Contractor, there are several things you need to know. There are also important steps you (and your employees) need to take to mitigate the consequences of your RAC audit and prevent it from leading to Medicare disqualification or even criminal charges.
The RAC Audit Process: Answers to Frequently-Asked Questions (FAQs)
Q: What do Recovery Audit Contractors do?
Recovery Audit Contractors investigate cases of potential Medicare fraud in order to recover overpayments and prevent payment of fraudulent claims by the government. However, RAC’s activities are not limited to targeting Medicare scammers and fraud artists. In fact, RACs routinely investigate all types of legitimate health care providers, looking for any possible evidence that these providers may have been overpaid under the Medicare system. When a RAC uncovers evidence of overpayment or overbilling, it has the authority to take a number of responsive actions, including demanding repaying and referring the case to the Department of Justice (DOJ) for criminal prosecution.
Q: How can I be sure that I am facing a RAC audit and not some other type of government audit or investigation?
Recovery Audit Contractors are not the only entities authorized under CMS’s fee-for-service program. Zone Program Integrity Contractors (ZPICs), Medicare Administrative Contractors (MACs), and a variety of other private contractors can all conduct audits on behalf of CMS. The Centers for Medicare and Medicaid Services, the DOJ, the Department of Health and Human Services (DHHS), Office of Inspector General (OIG), and various other federal agencies all separately investigate providers suspected of Medicare fraud as well. Understanding the nature of your audit or investigation is critical, as it will determine the legal rights and defense strategies you have available.
There are currently three RACs authorized to investigate health care providers in the United States, each of which are assigned to different regions of the country:
- Cotiviti, LLC
- HMS Federal Solutions
- Performant Recovery, Inc.
Q: Why do RACs target legitimate and upstanding health care providers?
The answer is simple: money. Since RACs get paid to identify overpayments and overbillings, they have every incentive to target as many health care providers as possible. This, unfortunately, is why recovery audits and investigations have become so commonplace in the health care industry.
Q: Can I be forced to repay or have reimbursements denied for honest mistakes?
Yes. If you overbilled Medicare, you generally must repay any amounts that were not received in exchange for equipment provided or services rendered. However, there are two critical points to note here: (i) you should not rely on a RAC to tell you if you have been overpaid, and (ii) intent (or lack thereof) is crucial factor in limiting the consequences of an adverse RAC audit finding.
Q: When can a RAC seek reimbursement on behalf of CMS?
Recovery Audit Contractors have the authority to seek reimbursement of improper payments under Medicare Parts A and B. Payments that may be deemed improper include:
- Payments made without adequate documentation from the provider.
- Payments made according to outdated Medicare regulations or an outdated fee schedule.
- Payments for services that were not medically-necessary or that did not otherwise meet the criteria for Medicare reimbursement.
- Payments made based on coding errors, including billing for one service when a different medically-necessary service was performed.
- Payments made for duplicate claims.
- Payments received from Medicare which should have been billed to a private health insurance carrier.
Q: How long do I have to respond to a RAC’s request for records?
Generally speaking, health care providers have 45 days from the receipt of a RAC’s records request to either (i) submit the requested records, or (ii) request an extension. If the RAC does not receive a response or request for extension within this 45-day window, it has the authority to make a finding that an overpayment has been made.
Timelines for RAC Audits
The RAC audit process moves quickly, and providers who have received a request for medical records must take action promptly in order to protect their financial interests and their ability to continue to bill Medicare for health care reimbursements. This starts with seeking experienced legal representation. The timelines for RAC audits include:
- The 45-day response window discussed in the FAQ answers, above.
- A 15-day window to respond to the RAC’s overpayment demand letter.
- 41 days to recoupment from the date of the overpayment demand letter unless payment or an adequate request for extension or redetermination is submitted.
- 30 days to request an appeal in order to avoid a Medicare recoupment action.
- 31 days until interest begins to accrue on any overpayments identified by the RAC.
How an Experienced Health Care Fraud Defense Attorney Can Help During the RAC Audit Process
Since RAC audits are largely a financial exercise, many health care providers may incorrectly assume that legal representation is unnecessary. Their internal personnel know their records and billing practices better than anyone, and they assume that this knowledge is sufficient to adequately respond to an RAC audit.
But, the approach ignores many of the unique factors that are at play when comparing RAC audits to more-traditional financial audit processes. The reasons to seek legal representation during a RAC audit include:
1. Ensuring that You and Your Employees Disclose No More than is Legally Required
Recovery Audit Contractors do not have to explain the audit process to you, and they do not have to inform you of your legal rights. In order to recover as much money for the government (and themselves) as possible, they will often request more records and information than providers are legally required to disclose.
2. Challenging the RAC’s Methods and Interpretation of Medicare Rules
It is not unusual for RACs to demand recoveries based upon flawed methods or improper interpretations of the Medicare billing rules. In some cases, they may even attempt to rely on rules that were not in effect when the billings in question were submitted. An attorney experienced in RAC audits will be able to spot these issues and challenge the RAC’s findings as early in the process as possible.
3. Preparing a Strategic Response Focused on Immediate and Long-Term Resolution
Providers who have been audited in the past will often become targets again in the future. To protect your business or practice from further unwarranted intrusions, you need a skilled and aggressive advocate who can clearly establish the propriety of your billing practices in the eyes of the RAC.
4. Protecting Your Rights and Defenses on Appeal
Even with legal representation, due to the incentives for RACs to find overpayments, providers will often find themselves facing the recovery audit appeals process. It is important for providers to approach their RAC audits with the prospect of filing an appeal in mind, and to take the appropriate steps during their audits to preserve their rights and defenses on appeal.
5. Avoiding Civil or Criminal Prosecution by DOJ Attorneys
The consequences of an adverse RAC finding can go far beyond recoupments if the RAC refers the provider to the DOJ for prosecution. Adverse audit findings can lead to both civil and criminal prosecution with penalties including huge fines, disqualification from Medicare (and other government benefit programs), treble damages, and even federal imprisonment.
What Health Care Providers Need to do to Prepare for the RAC Audit Process
With these potential consequences in mind, it is imperative that providers facing RAC audits take a proactive role in the process. From the top of the organization down, all personnel who will have contact with the RAC’s auditors must be properly coached on what to do and what not to do in order to respond to the audit appropriately. An internal assessment should be conducted as well in order to anticipate the issues that may be raised by the RAC and to address any procedural or systematic deficiencies that may have led to the receipt of improper payments.
These, too, are areas where experienced legal representation is critical. While the Medicare rules and regulations are extraordinarily complex, there are also proven systems and strategies for ensuring compliance and fending off invasive RAC audits. As a result, the more experience you can put on your side, the better. If you need to speak with an attorney, contact the The Criminal Defense Firm today.
Put Our Legal Team on Your Side
To put our attorneys decades of experience in federal health care fraud audits and investigations on your side, call (888) 452-2503 or request a free consultation online. Emergency response services are available, and we represent health care providers in RAC audits and appeals nationwide.

Brian Kuester offers his extensive experience to counsel companies and individuals under civil or criminal government investigation. When resolution requires litigation, clients choose Mr. Kuester’s proven court and litigation experience.