Providers need to be proactive when defending against RAC and MAC audits.
The Recovery Audit Contractor (RAC) program was created through the Medicare Modernization Act of 2003 – can you believe it was 20 years ago? It was originally created to detect fraud, waste, and abuse (FWA) by reviewing medical records, with the goal of identifying and recovering improper Medicare payments made to healthcare providers. The Medicaid program audits shortly followed.
The RAC program divides the United States into four regions, and includes a fifth region for nationwide Durable Medical Equipment (DME) and Home Health/Hospice (HHE) claims.
Each audit claim contains two components:
I recently received a question from a client. What is the difference between a Medicare Administrative Contractor (MAC) and a RAC?
A MAC is a private healthcare insurer hired by the Centers for Medicare & Medicaid Services (CMS) to handle and process Medicare Part A and Part B claims or DME claims for Medicare fee-for-service (FFS) beneficiaries. MACs also help with audits of claims from home health hospice providers. MAC audits are powerful and intrusive procedures that have the potential to lead to serious federal charges for healthcare entities.
The limit for looking back is a lot longer than that of the RACs. MACs can go back four to six years. If fraud is alleged, the limits could be extended.
A RAC reviews claims and identifies overpayments from Medicare so that CMS and other auditors are able to prevent improper payments in the future. RACs work to uncover instances of fraud within healthcare providers’ billing practices and pursue recoupments if needed. If evidence of fraud or other misconduct is uncovered during a RAC audit, the RAC can refer the matter to other federal agencies, such as the U.S. Department of Justice (DOJ) or the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) for further investigation.
Juxtapose this with MACs, and the lookback period for RACs is only three years. So, if the question is, do they abide by the same rules? The answer is no. Regulations are specific to MACs and RACs.
Providers need to be proactive when preparing and defending against RAC and MAC audits. The list compiled below provides strategies to take when preparing for audits and preventing further federal investigation.
There are several factors that providers need to keep in mind when hiring an attorney for healthcare audits: federal experience, experience dealing with the government, results, teamwork, and commitment. RAC/MAC audits are complex events, with varying requests and deadlines. Hiring an attorney can help strengthen your compliance department when dealing with an ongoing audit. If you receive a negative audit review, you may wish to appeal the finding. The appeal process is time-consuming and highly intricate, demanding the assistance of an attorney. An attorney can also help evaluate the effectiveness of your business’s compliance program and its ability to detect and respond to internal weaknesses.
It is important to recognize the types of audits that are possible, and the different procedures that accompany each. For instance, RAC audits can be automated, semi-automated, or complex. The response the provider develops can vary depending on the type and scope of the particular audit.
CMS websites often post information about the latest changes and news involving RAC and MAC audits. Healthcare providers ought to continuously monitor these websites for updates in audit procedures.
The best evidence is recorded documentation. RACs especially scrutinize a provider’s ability to demonstrate medical “necessity.” Therefore, it is imperative that all practices are properly documented and retained. Personnel should be trained on how to maintain and organize documents. Such information will be a necessity if the provider receives a negative audit review and needs to file an appeal.
The compliance program should be reviewed intermittently and updated as the law and other internal changes dictate. For instance, if changes in Medicare billing requirements are announced, all provider personnel should be informed and trained on such changes. The compliance program should also have detailed policies in place for recording and documenting key company information.
Healthcare fraud is on the rise. To combat the increase in Medicare FWA, CMS works with private contractors to root it out. Providers face a serious risk of recoupment from auditors. MAC and RAC audits collect millions of dollars in overpayments from fraudulent Medicare claims annually.
Medicare audits can lead to additional challenges down the road, including payment suspensions, prevention from working with governmental programs, civil investigative demands, government subpoenas, and sometimes, criminal prosecutions.
It is important for providers to be prepared for these audits. This means taking the first step to retain legal counsel early in the audit process, as well as understand the types of audits and the regulatory environment. As noted, providers must also ensure that their billing practices are properly documented and that they maintain a comprehensive compliance program.
Programming note: Listen to Knicole Emanuel’s RAC Report every Monday on Monitor Mondays with Chuck Buck at 10 a.m. EST.
Given the vast quantity of information published by the federal government, Medicare Administrative Contractors (MACs), consultants, and others, it can be easy to lose track
The first piece of news for today is that the Centers for Medicare & Medicaid Services (CMS) has finally released a new version of the
Please log in to your account to comment on this article.
Uncover essential coding insights with nationally recognized coding authority Kay Piper, RHIA, CDIP, CCS. Through ICD10monitor’s interactive, on‑demand webcast series, Kay walks you through the AHA’s 2026 ICD‑10‑CM/PCS Quarterly Coding Clinics, translating each update into practical, easy‑to‑apply guidance designed to sharpen precision, ensure compliance, and strengthen day‑to‑day decision‑making. Available shortly after each official release.
Uncover critical guidance on the ICD-10-CM/PCS code updates. Kay Piper reviews and explains ICD-10-CM/PCS coding guidelines in the AHA’s fourth quarter 2026 ICD-10-CM/PCS Coding Clinic in an easy to access on-demand webcast.
Uncover critical guidance on the ICD-10-CM/PCS code updates. Kay Piper reviews and explains ICD-10-CM/PCS coding guidelines in the AHA’s third quarter 2026 ICD-10-CM/PCS Coding Clinic in an easy to access on-demand webcast.
Uncover critical guidance on the ICD-10-CM/PCS code updates. Kay Piper reviews and explains ICD-10-CM/PCS coding guidelines in the AHA’s second quarter 2026 ICD-10-CM/PCS Coding Clinic in an easy to access on-demand webcast.
Federal auditors are intensifying their focus on inpatient psychiatric facilities, using advanced data analytics to spotlight outliers and pursue high‑dollar repayments. In this high‑impact webcast, Michael Calahan, PA, MBA, Compliance Officer and V.P., Hospital & Physician Compliance, breaks down what regulators are really targeting in IPF-PPS admissions, documentation, treatment and discharge planning. Attendees will learn practical steps to tighten processes, avoid common audit triggers and protect reimbursement and reduce the risk of multimillion-dollar repayment demands.
In this timely session, Stacey Shillito, CDIP, CPMA, CCS, CCS-P, CPEDC, COPC, breaks down the complexities of Medical Decision Making (MDM) documentation so providers can confidently capture the true complexity of their care. Attendees will learn practical, efficient strategies to ensure documentation aligns with current E/M guidelines, supports accurate coding, and reduces audit risk, all without adding to charting time.
Join Ronald Hirsch, MD, FACP, CHCQM for The PEPPER Returns – Risk and Opportunity at Your Fingertips, a practical webcast that demystifies the PEPPER and shows you how to turn complex claims data into actionable insights. Dr. Hirsch will explain how to interpret key measures, identify compliance risks, uncover missed revenue opportunities, and understand new updates in the PEPPER, all to help your organization stay ahead of audits and use this powerful data proactively.
Stay ahead of the 2026-2027 audit surge with “Top 10 Audit Targets for 2026-2027 for Hospitals & Physicians: Protect Your Revenue,” a high-impact webcast led by Michael Calahan, PA, MBA. This concise session gives hospitals and physicians clear insight into the most likely federal audit targets, such as E/M services, split/shared and critical care, observation and admissions, device credits, and Two-Midnight Rule changes, and shows how to tighten documentation, coding, and internal processes to reduce denials, recoupments, and penalties. Attendees walk away with practical best practices to protect revenue, strengthen compliance, and better prepare their teams for inevitable audits.
Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →
BLOOM INTO SAVINGS! Get 25% OFF during our spring sale through March 27. Use code SPRING26 at checkout to claim this offer.
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 1 with code CYBER25
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
