Skip to content CMS Issues Final Medicaid "RAC" Regulations


Search Publications

October 2011

CMS Issues Final Medicaid "RAC" Regulations

On September 14, 2011, CMS issued its anxiously awaited Final Rule for the Medicaid Recovery Audit Contractor ("RAC") program.  The new Medicaid RAC program, part of the Patient Protection and Affordable Care Act, requires states to engage contractors to review Medicaid claims and to compensate them for any claims they are able to deny. 

This program is based on the Medicare RAC program, which has recovered nearly $670 million in overpayments so far in 2011 from providers such as hospitals and skilled nursing facilities.  The Department of Health and Human Services estimates that the Medicaid RAC program will result in the return of approximately $2.1 billion in overpayments over the next five years, of which $900 million will go back to states, according to an HHS news release.

As referenced above, the central feature of the Medicaid RAC program is the use of contingency fees for RAC compensation.  The contingency fee is based upon a percentage (currently ranging from 9 – 12.5 percent for the Medicare RAC program) of the total amount of overpayments that the government recovers and underpayments that are repaid to providers based upon the RAC review.  Many commenters have criticized the use of this contingency payment structure on the basis that it incentivizes RACs to engage in "bounty hunting" to find overpayments.

I. Programmatic Requirements

Under the Final Rule, states must have Medicaid RAC programs in place by January 1, 2012.  The Final Rule contains specific requirements that state Medicaid RAC programs must satisfy upon implementation.  These requirements are as follows:

  • States must coordinate the recovery audit efforts of their Medicaid RACs with other auditing entities, including state and federal law enforcement agencies.

  • States must set limits on the number and frequency of medical records to be reviewed by the Medicaid RACs subject to requests for exceptions made by the RACs.

  • Medicaid RACs cannot review claims that are older than three years from the date of the claim, unless it receives approval from the state.

  • States may exclude Medicaid managed care claims from review by Medicaid RACs.

  • States must ensure that adequate appeal processes are in place for providers to dispute adverse determinations made by Medicaid RACs

To date, the California Department of Health Care Services ("DHCS") has not provided any indication as to how it will implement the Final Rule including, for example, how it will incorporate future RAC audits into its existing audit operations.

II. RAC Auditor Qualifications

Under the Final Rule, a Medicaid RAC must demonstrate to a state that it has the "technical capability" to carry out required activities.  For example, RACs must employ trained medical professionals in good standing with the state to review Medicaid claims.  In addition, each Medicaid RAC must hire a minimum of 1.0 FTE Medical Director who is a Doctor of Medicine or Doctor of Osteopathy.  The rule also requires Medicaid RACs to hire certified coders unless the state determines that certified coders are not required for the effective review of Medicaid claims. 

The rule provides additional elements of "customer service" that states and RACs must adopt, including: (i) the communication of relevant audit protocols to providers, (ii) the adoption of overpayment findings within 60 calendar days; (iii) the provision of a toll-free customer service telephone number staffed during normal business hours; and (iv) mandatory acceptance of provider submissions of electronic medical records on CD/DVD or via facsimile at the providers' request.

III. Implications for Health Care Providers

California health care providers already are subject to Medi-Cal claims audits from DHCS and other government agencies.  However, the addition of RAC auditors to the regulatory landscape will further and sharply raise the consequences for legal noncompliance.  Providers should not be caught off guard.   While DHCS decides how to implement its RAC program, providers should conduct an internal assessment to identify compliance with Medi-cal rules or else take the opportunity to revisit their compliance plans to ensure they are updated to account for recent legal requirements (e.g., PPACA).  Providers may also wish to begin to develop protocols for responding to RAC audit requests. 

If you have any questions regarding this regulatory update, please call Lawrence B. Garcia or
Dan M. Silverboard at (916) 565-2900. 

Health Care

Health Care