Medicaid providers will be subject to new audits by Medicaid Recovery Audit Contractors (RACs), beginning in January 2012. These new audits will be in addition to existing audits being conducted by Medicare RACs, Medicaid Integrity Contractors (MICs) and Zone Program Integrity Contractors (ZPICs), among others.¹ The Medicaid RAC audits, mandated as part of the 2010 Patient Protection and Affordable Care Act (the Health Reform Act), are expected to result in the recovery of $2.13 billion over the next five years. Medicaid RAC auditors will receive contingency fees of between 9 and 12.5 percent of amounts recovered as a result of overpayments, resulting in total contingency payments to Medicaid RACs of approximately $190 million to $266 million over the next five years. In addition to recovering overpayments, Medicaid RACs will also be required to refer instances of suspected fraud to states’ Medicaid Fraud Control Units. Medicaid providers will thus face audits from entities that have large financial incentives and resources to mount aggressive challenges to payments received from Medicaid programs.

Under the Health Reform Act, states were to have established Medicaid RAC programs by April 1, 2011. However, that deadline was delayed to January 1, 2012 to allow the Center for Medicare and Medicaid Services (CMS) time to issue final regulations governing the program. The purpose of the RAC program is to review Medicaid claims submitted by Medicaid providers and identify under- or over-payments.

In response to numerous comments submitted after the proposed Medicaid RAC regulations were published in November, 2010,² CMS finalized provisions it says will ensure consistent and objective criteria for the program.³ Importantly, CMS disagreed with assertions that Medicaid RACs would be duplicative of other audit functions, such as MICs, noting that the MICS are designed to focus on audit issues that may be fraudulent and not necessarily lead to overpayment recoveries, which is the main focus of Medicaid RACs. However, Medicaid RACs must report instances of fraud and/or abuse they uncover during their audits.

States will be given some discretion to design their Medicaid RAC programs, including the appeals process for contesting RAC determinations. Additionally, states may form regional RACs to maximize consistency and efficiency. However, CMS established minimum requirements the states must follow in establishing Medicaid RAC programs:

• States must coordinate the recovery audit efforts of their RACs with other auditing entities. Additionally, a RAC should not audit claims that have already been audited or that are currently being audited by another entity;
• RACs must not review claims that are older than three years from the date of the claim, unless it receives approval from the state;
• States must set the contingency fee rate payable to RACs for identifying both overpayments and underpayments. The permissible range of fees will be published in the Federal Register, and is currently expected to be between 9 and 12.5 percent;
• States must make timely referrals of suspected fraud and/or abuse to the state’s Medicaid Fraud Control Unit;
• States must set limits on the number and frequency of medical records to be reviewed by RACs, subject to requests for exception by the RACs;
• RACs must hire at least one full-time medical director, who is a Doctor of Medicine or Doctor of Osteopathy, in good standing with the relevant state licensing authorities and who has relevant work and educational experience;
• RACs must hire certified coders, unless the state determines they are not required for the effective review of Medicaid claims;
• The RAC must work with the state to develop an educational and outreach program, which includes notification to providers of audit policies and protocols; and
• RACs must have minimum customer service measures, including:
  • Providing a toll-free customer service telephone number;
  • Compiling and maintaining provider approved addresses and points of contact;
  • Acceptance of provider submissions of electronic medical records on CD/DVD or via facsimile at the provider’s request; and
  • Notifying providers of overpayment findings within 60 calendar days.

Providers should remain aware of how their state establishes its own Medicaid RAC program. Because the appeals process for contesting overpayments may differ from state to state, special care will need to be taken to ensure that timely appeals are filed in instances where the RAC claims overpayments have been made.

If you would like more information or assistance in preparing for or responding to a Medicaid RAC audit – or any other governmental payor audit program – please contact one of the Haynes and Boone Healthcare Practice Group attorneys.