Who Is Performing These Audits?
Medicare Administrative Contractors (MACs)
Recovery Audit Contractors (RACs)
Medicare RACs & Medicaid RACs
DME, Home Health and Hospice RAC
Zone Program Integrity Contractors (ZPICs)
Comprehensive Error Rate Testing (CERT)
Supplemental Medical Review Contractor (SMRC)
Unified Program Integrity Contractors (UPICs)
Office of Inspector General (OIG) audits
Brief Overview
MACs are private companies that serve as contractors performing claims administration for Medicare Part A and Part B.
They analyze claims to determine provider compliance with Medicare coverage, coding, and billing rules, and take appropriate corrective action when providers are found to be non‐compliant.
Continued
MACs have the option of performing prepayment or postpayment review of claims submitted by new providers as needed.
They have the authority to review any claim at any time; however, their focus should be on error prevention (MPIM, Ch. 3.2.1).
MACs enroll healthcare providers in the Medicare program and educate providers on billing requirements.
Transition From “Pay and Chase”
CMS historically used a “pay and chase” model — paying claims before verifying their accuracy.
In 2011, CMS introduced predictive modeling to identify fraud before claims are paid.
Risk scoring technology is used to flag fraud using real‐time data.
Progressive Corrective Action Process
For each provider identified as “at risk”, a probe review of 20–40 claims is performed.
Errors are categorized as:
Minor:
- Low error rate
- Low financial impact
- Results in education and overpayment collection
Moderate:
- Low error rate
- Substantial financial impact
- Prepayment review adjusted based on provider response
Major:
- High error rate (generally 20% or greater)
- No mitigating circumstances
- Leads to strong administrative actions including payment suspension or referral to ZPICs
Brief Overview
RACs detect and correct past improper payments to help prevent future occurrences.
There are four regions, with a fifth region planned to cover home health and hospice providers nationwide.
What Do RACs Do?
The Recovery Audit Review Process
- Reviews are conducted post‐payment
- Policies used: NCDs, LCDs, and CMS Manuals
- Three types of review:
- Automated (no medical record needed)
- Semi-Automated (data analysis with possible documentation review)
- Complex (medical record required)
- RACs can look back three years from the date of the claim
The Collection Process
- Mirrors the MAC overpayment process
- Demand letter issued by the RAC
- Carriers, FIs, and MACs issue Remittance Advice
- Remark Code N432: Adjustment Based on Recovery Audit
- MACs recoup via offset unless provider submits payment or valid appeal
Differences in Review
- RAC issues the Demand Letter
- Provides a discussion opportunity with providers outside the appeals process
- CMS-approved issues are posted on each RAC’s website to notify the industry before large-scale reviews
Brief Overview
ZPICs investigate suspected fraud, waste, and abuse, ensuring Medicare funds are used properly.
They also identify improper payments for recoupment by MACs.
There are 7 ZPIC zones.
Functions and Actions
ZPICs may take the following actions:
- Investigate for CMS administrative action or law enforcement referral
- Perform medical reviews
- Analyze data via CMS’ Fraud Prevention System
- Refer cases to law enforcement and the OIG, regardless of claim size or type
Operational Activities
ZPICs may:
- Request medical records and documentation
- Conduct interviews and onsite visits
- Identify need for prepayment or auto‐denial edits and refer them to the MAC
- Withhold payments
For healthcare providers in Atlanta, understanding these audit structures and procedures is critical to ensure compliance and avoid financial penalties.
Frequently Asked Questions
What is the main difference between MACs and RACs?
MACs (Medicare Administrative Contractors) handle day-to-day Medicare claims processing and provider education, while RACs (Recovery Audit Contractors) are tasked with identifying and correcting past improper payments through post-payment audits.
Can RACs audit any Medicare claim?
Yes, RACs can review claims going back three years from the date of submission. These audits can be automated, semi-automated, or complex, depending on the documentation required.
What triggers a ZPIC investigation?
ZPICs (Zone Program Integrity Contractors) typically initiate investigations when they suspect fraud, waste, or abuse. This can result from data analysis, complaints, or patterns suggesting improper billing or claims.
How does the Progressive Corrective Action process work?
When providers are identified as “at risk,” MACs conduct probe reviews of 20–40 claims. Based on the error rate and financial impact, providers may face educational outreach, prepayment reviews, or referrals to enforcement agencies.
What is the significance of the transition from “pay and chase” to predictive modeling?
CMS moved from paying claims first and investigating later (“pay and chase”) to using predictive modeling and real-time data to detect and prevent fraudulent claims before payments are made, significantly enhancing fraud prevention.