Medicare pays billions of dollars in fraudulently billed claims each year. To recoup as many fraudulent reimbursements as possible, the Centers for Medicare and Medicaid Services (CMS) relies on various enforcement mechanisms, including its fee-for-service audit program.
Under the fee-for-service audit program, CMS pays private contractors to uncover Medicare fraud and recoup improper payments. This includes Recovery Audit Contractors (RACs), which conduct audits under Medicare Part A and Part B, and Medicare Administrative Contractors (MACs), which assist with uncovering other forms of Medicare fraud and abuse.
As the cost of Medicare fraud increases, CMS increasingly relies on its fee-for-service auditors to identify fraudulent billings. The increasing volume of Medicare system fraud also means that RACs and MACs have an even greater financial incentive to pursue recoupments under CMS’s fee-for-service audit program aggressively. As a result, not only do healthcare providers that bill Medicare need to prioritize Medicare billing compliance but they must also be prepared to defend against accusations of Medicare fraud when necessary.
Under the Medicare billing rules, inadvertence is not a justification for noncompliance. As a result, even if a provider’s billing personnel make mistakes or fail to follow their billing compliance policies and procedures, the provider can still face substantial liability in MACRAC audit findings. If auditors uncover apparent evidence of intentional Medicare or Medicaid services billing fraud, they cannot only pursue recoupments and other civil penalties but also refer the provider for criminal prosecution.
“While MAC and RAC audits can expose healthcare providers to substantial liability (and other civil penalties), they can also lead to criminal charges in some cases. As a result, when facing MACRAC audits, providers need to be prepared with a strategic defense plan. Developing a strategic defense plan that starts with retaining an experienced healthcare defense attorney.” – Dr. Nick Oberheiden, Founding Attorney of Oberheiden P.C.
Understanding the Differences (and Similarities) Between MACs and RACs
A Medicare Administrative Contractor (MAC) is a private company engaged by the CMS to audit healthcare providers’ compliance with the billing rules for Medicare Part A and Part B claims as well as claims involving durable medical equipment (DME) and home health and hospice services. MAC audits are typically invasive, involving requests for access to voluminous records and involving a review of years’ worth of providers’ Medicare billings.
A Recovery Audit Contractor (RAC) reviews claims and identifies overpayments from Medicare so that CMS can recoup these overpayments from providers under Medicare Part A and Part B. RAC audits are typically invasive as well; and, here, too, providers must be prepared to deal with extremely broad requests for access and potentially misguided allegations of noncompliance.
If evidence of intentional billing fraud or other intentional misconduct is uncovered during a MACRAC audit, both of these types of auditors can refer the matter to the compliance department of U.S. Department of Justice (DOJ) or the U.S. Department of Health and Human Services Office of Inspector General (HHS-OIG) for further investigation.
Five Key Defense Strategies for MAC and RAC Audits
When facing a RAC or MAC audit, an informed and proactive defense is key. With this in mind, here are five key defense strategies for healthcare providers facing RAC and MAC audits in 2025:
1. Retain Experienced Legal Counsel As Soon As You Learn of an Impending Audit
When facing a MAC or RAC audit, it is important to engage experienced legal counsel promptly. There are several factors that providers need to keep in mind when hiring an attorney for a MAC or RAC audit. RAC and MAC audits are complex and high-risk inquiries, and avoiding unnecessary negative outcomes requires an in-depth understanding of the relevant Medicare billing regulations and the MAC or RAC auditing practices and procedures. As a result, relevant experience is key. An attorney who regularly represents clients in these inquiries should have the knowledge and insights to provide effective legal representation.
Several steps are involved in effectively defending against a MAC or RAC audit. Experienced legal counsel should be able to assist by:
- Conducting a Confidential and Privileged Medicare Billing Compliance Assessment – When facing a MAC or RAC audit, knowing whether your practice or business is at risk of accusations of Medicare billing non-compliance is important. This involves conducting an internal Medicare billing compliance assessment. An attorney who is familiar with the Medicare billing rules will be able to assist with conducting a thorough, accurate, and unbiased assessment and will be able to help ensure that any unfavorable findings are protected under the attorney-client privilege.
- Engaging Directly with the MAC’s or RAC’s Auditors – Along with assisting your practice or business internally, your legal counsel should also be able to engage directly with the MAC’s or RAC’s auditors throughout the audit process. This active involvement is critical, as providers and businesses cannot assume auditors will manage the process appropriately and reach accurate conclusions.
- Raising and Resolving Issues with the Audit As They Arise – By playing an active role in the audit process, your legal counsel should be able to raise any issues as they arise. These issues can range from applying outdated Medicare billing rules to improperly interpreting current rules, such as those that require bundling in some cases. Your legal counsel should be able to work to resolve these issues proactively as well, and this proactive approach can significantly reduce the costs involved in correcting errors made during the process.
- Documenting Any Issues That Don’t Get Resolved – In some cases, auditors may simply refuse to revise their determinations. In this situation, your legal counsel will need to thoroughly document the issue so that he or she can subsequently raise it on appeal.
- Preparing an Appeal if Necessary – Appeals following MAC and RAC audits are common. If it is not possible to secure a fair outcome during the audit process, your attorney can use his or her familiarity with your audit to pursue an appeal efficiently.
2. Proactively Address Any Medicare Billing Compliance Concerns
If your practice’s or business’s internal Medicare billing compliance assessment uncovers past billing mistakes, a proactive approach to resolving these mistakes will most likely be best. If the mistakes fall within the scope of the impending MAC or RAC audit, they will almost certainly be uncovered during the audit process. Taking a proactive approach gives you control over your response, and demonstrating a good-faith commitment to compliance can both help facilitate an efficient audit and mitigate the risk of facing a referral to the DOJ or HHS-OIG.
3. Pay Particular Attention to Any Recent Changes in the Relevant Medicare Billing Rules
The Medicare billing rules change frequently. If there have been any recent changes when your business’s or practice’s MAC or RAC audit begins, you will want to pay particular attention to these rules—both before and after the change. MACs and RACs often focus on recent changes—because changes often present an increased likelihood of noncompliance. Once again, if there are issues that your business or practice needs to address, addressing them before auditors uncover them will provide an opportunity to mitigate the risks involved.
4. Make Sure Your Practice’s Compliance Documentation is Organized and Ready for Review
Auditors will expect to be able to access all of the records they need to assess your business’s or practice’s compliance record. If they cannot access any of the records they need, this will lead to an assumption of non-compliance.
With this in mind, making sure your practice’s or business’s compliance documentation is organized and ready for review is a critical defense strategy. The easier it is to affirmatively demonstrate compliance, the fewer risks the MAC or RAC audit will present.
5. Make Sure You Are Not Overlooking Any Potential Risks
Avoiding unnecessary adverse consequences during a MAC or RAC audit requires a clear understanding of all potential risks. This includes risks related not only to the practice’s or business’s Medicare billing record, but also risks related to the audit process itself. As we have discussed above, mistakes during MAC and RAC audits are common. To avoid unwarranted recoupment demands and other penalties, audit targets must be able to identify these mistakes when they happen and respond to them appropriately.
Healthcare fraud is on the rise. To combat the increase in Medicare fraud, CMS is increasingly relying on MACs and RACs to uncover both intentional and unintentional billing violations. All Medicare billing violations can lead to recoupments, pre-payment review, and other civil penalties, while intentional violations present risks for criminal penalties as well. With this in mind, providers must ensure that their billing practices are compliant and well-documented—and they must be prepared to provide MAC and RAC audits with documentation of their compliance when necessary. This involves working with an experienced healthcare defense attorney who understands the relevant Medicare billing rules and audit procedures—and who can use his or her knowledge to executive a strategic defense on your practice’s or business’s behalf.
