Did you know that the Recovery Audit Contractor (RAC) audit program was introduced as a pilot project in only three states in 2005? These states were New York, Florida, and California.
It was initiated to find and correct improper payments made in the Medicare program. Between 2005 and 2008, $693.6 million was returned to Medicare in improper payments. In 2010, it was implemented nationwide.
This guide is dedicated to discussing everything you need to know about it, from its purpose to its types and its role in healthcare compliance. So, continue reading!
Purpose of RAC Audit
The RAC audit involves a comprehensive review of billing details, medical records, and other documentation. During the audit, if the RAC finds that a reimbursement was incorrect, adjustments are made to correct the payment depending on their findings.
To simplify, the following are the main goals of performing these audits:
- Recover overpayments and return them to the Medicare Trust Fund.
- Ensure billing follows national and local coverage determinations (NCDs/LCDs).
- Confirm that the services provided were medically necessary for the patient.
- Identify underpayments to ensure providers are treated fairly by the system.
RAC Audit Types
Let’s review the different types of RAC audits:
Automated Review (Data-Driven)
It is the fastest type of RAC audit. It utilizes computer algorithms and proprietary software to identify certain errors. No human judgment is required.
But, how does it work? The software scans the medical claims for direct violations of Medicare coding rules and policies. During this type of review, RAC does not request any medical records from the healthcare provider.
Additionally, this audit typically aims to find duplicate claims, unnecessary unbundling of services, and medically unbelievable quantities, such as billing for 500 units of a drug when the maximum allowable dose is 5.
How are you notified about this audit? You may receive a demand letter or a notice on the RAC’s provider portal.
Complex Review (Record-Heavy)
In this RAC audit, a software flags a potential issue. However, human supervision is needed to review the evidence and make a final decision.
How does it work? A certified professional coder (CPC) or licensed medical professional, such as a nurse or therapist, manually reviews the medical records.
During this review, the RAC sends an additional documentation request (ADR). Healthcare providers typically have 45 days to submit the requested information.
Moreover, this type of review primarily targets medical necessity-related issues, verifies care level, and complex surgical codes.
But how do they notify you about the decision? They send you a Review Results Letter after the auditor finishes the assessment.
Semi-Automated Review (The Hybrid)
As its name suggests, this RAC audit utilizes a middle-ground approach that combines automated and complex audit types.
So, how does it work? At first, the RAC identifies a potential issue through data analysis (like an automated review). However, they realize that they cannot be 100% certain without a little context.
Therefore, the RAC sends an Informational Letter to the provider. You have the option to provide documentation before it becomes a formal overpayment.
It can occur in scenarios where a service is clinically unlikely based on the patient’s history or coding patterns. However, the situation does not meet the threshold for a full complex review.
RAC Audits Role in Healthcare Compliance
Discussed below are some of the reasons RAC audits promote compliance in the healthcare industry:
Identifies Improper Payments
The primary role of a recovery audit contractor is to identify and fix overpayments and underpayments. That is, RAC ensures that every dollar spent aligns with federal law.
Enforces Medical Necessity
RACs verify that procedures billed were clinically necessary for the patient’s condition. As a result, healthcare providers are discouraged from performing unnecessary tests.
Deters Fraud and Waste
They also help identify healthcare providers whose billing patterns look suspicious compared to their peers. This ultimately helps stop systemic fraud before it drains the Medicare Trust Fund.
Drives Documentation Improvement
Since recovery audit contractors can reclaim money for insufficient documentation, healthcare providers are motivated to maintain more accurate and detailed medical records.
Encourages Internal Auditing
Medical practices often conduct internal audits to avoid the costly RAC recoupment. As a result, providers and facilities become compliant.
Provides Educational Feedback
After a RAC audit, provider education reports are released. These reports document the common errors found in a specific region. As a result, all providers in that area correct their billing practices before they are audited.
Validates Coding Accuracy
During the review, RACs check for common coding errors, such as upcoding and unbundling. Thus, practices and providers strive to follow the National Correct Coding Initiative (NCCI) edits to avoid audit risks or penalties.
How to Prepare for a RAC Audit?
If you want to stay prepared for RAC audits, you must implement a proactive strategy. Why? Because RACs can review medical claims as old as the past three years.
Thus, your preparation must focus on both current operations and historical records.
Form an Audit Response Team
Why wait until you receive an audit letter to decide who is in charge? Designate a RAC coordinator to handle all requests.
Besides, your core team should include members from finance, clinical staff, compliance, and health information management (HIM).
Conduct Regular Internal Audits
You should make it a practice to perform quarterly internal audits to analyze your own data before the RAC does. Focus on high-risk areas that typically trigger audits. These include medical necessity, care complexity level, and modifiers.
Monitor RAC Priorities
Note that RACs are required to post their approved issues on their regional websites before they can start auditing them. Thus, you should check your regional RAC contractor’s website monthly to see which procedural codes are currently being targeted.
Besides, review the Office of Inspector General (OIG)’s annual work plan to see broader federal audit priorities.
Master the ADR Process
When a recovery audit contractor performs a complex review, they send an ADR. Once you receive it, you have exactly 45 days to send the records to the auditor.
Before sending, have a clinician review the file to ensure it is complete. If a signature is missing or a page is illegible, it will lead to an automatic denial.
Besides, do not forget to keep an exact physical or electronic copy of every page you send to the RAC.
Implement a Tracking System
Remember that missing a filing deadline is the easiest way to lose money in an audit. Thus, use a spreadsheet or specialized software to track the following:
- Date the ADR was received.
- Deadline for submission.
- Current status of the RAC audit.
- The dollar amount that is at risk.
RAC Audit Appeal Process
Do you disagree with the decision made by a recovery audit contractor? Do not worry, because you have the right to challenge the decision.
The following are the five levels of the Medicare appeal process, each with strict deadlines and requirements.
Level 1: Redetermination
You are required to file an appeal with the Medicare Administrative Contractor (MAC) within 120 days. However, you must submit the appeal within 30 days to stop Medicare from recouping, i.e., taking the funds back while the appeal is pending.
When you appeal at this level, the MAC takes a second look at the original claim and any other supporting documentation you provide.
Level 2: Reconsideration
A level 2 appeal is filed with a Qualified Independent Contractor (QIC). The submission deadline for it is 180 days after the level 1 decision. But you should file within 60 days to continue the stay on recoupment.
At this level, an independent review is performed by a third party that was not involved in the first decision. Note that you must submit all evidence here at this stage, since no new documentation is allowed in later levels.
Level 3: Administrative Law Judge (ALJ) Hearing
Do you disagree with a level 2 decision? You can submit an appeal to the Office of Medicare Hearings and Appeals (OMHA). The deadline is 60 days from the level 2 decision.
What happens then? A formal hearing occurs via video or phone, where you or your attorney present the case to a judge. There is a minimum amount in controversy (AIC) required to reach this level ($200 for 2026).
Level 4: Medicare Appeals Council Review
If you are still not satisfied with the decision, file an appeal with the Department of Health and Human Services (HHS) Appeals Board within 60 days of the ALJ decision.
At this level, the Council reviews the ALJ’s decision for legal or procedural errors rather than re-evaluating the medical evidence from scratch.
Level 5: Judicial Review (Federal District Court)
When you are sure that you are on the right track, do not lose hope after a negative decision at level 4. You can appeal again to the US district court within 60 days of the Council’s decision.
However, this requires a much higher AIC ($1,960 for 2026) and is the final stage of the process.
Bypass RAC Audits with MediBillMD
At MediBillMD, we have CPCs and billing specialists who guarantee 98% clean claim rate and 97% first-pass ratio. Do you want to know how we achieve this level of precision? By ensuring every medical claim is accurate, documentation is complete, codes are specific, and modifiers are appropriate.
Thus, if you want to steer clear of RAC audits, you should outsource medical billing services to professionals, like MediBillMD. We offer specialty-specific tailored solutions across all 50 states of the US.
