With healthcare providers experiencing a fourfold increase in external payer audits, proactive preparation for RAC audits has become more essential than ever.

These audits, commissioned by Medicare, are all about spotting and correcting any payment mistakes—essentially ensuring practices get paid the right amount without oversights.

RAC audits look closely at whether billed services are necessary and coded accurately, which can have a big impact on a practice’s revenue flow. So, knowing the ins and outs of RAC audits, and being prepared, can go a long way toward keeping your revenue cycle steady and avoiding any surprises down the road.

Understanding RAC Audits and Other Audit Types in RCM

RAC audits are a big part of healthcare RCM, zeroing in on billing issues and spotting any potential overpayments. But they’re not the only audits that healthcare providers might come across. Practices might also run into audits like these:

  • Targeted Probe and Educate (TPE) Audits: These audits provide one-on-one guidance to help providers address common billing issues and reduce claims errors.
  • Post-Payment Review Audits: Carried out by insurance payers, these audits look at previously paid claims to check for accuracy in billing and coding.
  • Special Investigation Unit (SIU) Audits: Focused on detecting fraud, waste, and abuse in claims, SIU audits come with significant financial and reputational risks.
  • Unified Program Integrity Contractor (UPIC) Audits: Designed for Medicare and Medicaid, these audits investigate misuse of federal funds and confirm that billed services meet medical necessity standards.

While RAC audits are the most common, understanding the full scope of audits can help healthcare organizations proactively manage RCM risks.

Immediate Steps After Receiving an Audit Letter

Receiving an audit letter can trigger understandable concern, but a calm and structured approach is critical to mitigating risks.

Step 1: Identify the Requesting Entity and Audit Type

Understanding the origin of the audit is essential. The entity conducting the audit—whether RAC, TPE, SIU, or UPIC—determines the nature of documentation required, the timeline for response, and the specific focus of the audit (e.g., medical necessity or coding accuracy).

Step 2: Assess Response Deadlines

Each audit type has specific response deadlines, typically outlined in the audit letter. For RAC audits, practices generally have 45 calendar days to respond, while UPIC audits may require documentation within 30 days. Missing these deadlines can lead to denied claims and potential recoupment, so prompt action is vital.

If meeting the deadline isn’t realistic, practices should reach out to the requester right away to ask for an extension and explain the reason behind it. Open communication here can buy you the time needed to pull together a complete and well-organized response.

Step 3: Assemble a Qualified Audit Response Team

With 60% of healthcare organizations facing staffing challenges that impact audit management, having a well-prepared audit response team can make a crucial difference in handling RAC audits effectively.

Make sure your team includes professionals with knowledge in RCM processes, medical coding, and payer policies. In smaller practices, one dedicated person might handle the audit response, but larger organizations might need a team effort with medical coders, compliance officers, and admin staff all pitching in. Having the right team in place can make the whole process smoother, keeping things compliant and accurate from start to finish.


Listen to our Revenue Cycle Optimized podcast episode learn more about RAC Audits and other RCM and Patient Access topics


Responding to TPE and Comparative Billing Report (CBR) Audits

Different audit types require tailored responses. For instance:

  • TPE Audits: These audits, often for high-cost or high-volume services, identify common claim errors like missing physician signatures or insufficient documentation of medical necessity. If selected for a TPE audit, providers may need to correct coding practices and can benefit from attending educational sessions, which offer a chance to avoid repeated audits.
  • Comparative Billing Report (CBR) Audits: These audits compare a provider’s billing patterns against peers, identifying outliers. Reviewing billing practices internally and ensuring consistency across claims can reduce the risk of further scrutiny.

Essential Documentation Practices for Post-Payment Audits

Post-payment reviews can have a big impact on RCM since they might require practices to pay back funds if any billing discrepancies are found. Getting your documentation right from the start is a smart way to stay ahead of future audits. Some key best practices for documentation include:

  • Maintain Comprehensive Patient Records: Each patient interaction, diagnosis, and procedure should be thoroughly documented, ensuring that all claims can be substantiated.
  • Ensure Accurate Coding: Consistent, precise coding aligns with compliance standards, reducing the likelihood of discrepancies in billing.
  • Timely Documentation: Documenting services immediately minimizes the risk of missed information and creates a complete, reliable record.
  • Use Standardized Forms: Uniform templates and forms reduce errors and support compliance across the organization.
  • Regular Staff Training: Frequent updates to coding guidelines and documentation practices help teams stay aligned with current regulations and prevent avoidable mistakes.

Preparing for RAC Audits with Proactive RCM Practices

Taking a proactive approach is key to lowering the risks of RAC and other RCM audits. This means setting up a reliable, compliant documentation system and making sure teams are well-trained to stick to it. Some important prep steps include:

  • Conduct Regular Internal Audits: By reviewing billing and coding internally, practices can identify and correct potential issues before an external audit does.
  • Review and Update Compliance Protocols: Compliance is a continuous process. Regularly reviewing and updating policies helps keep RCM practices aligned with current standards.
  • Develop a Clear Response Plan: Practices should create an internal audit response protocol, including specific roles and responsibilities, deadlines, and communication strategies to ensure a smooth response process.

Submitting an Effective Response to an Audit Letter

When it’s time to submit your response, focus on providing only the necessary documentation relevant to the audit topic. Including too much can open the door to extra scrutiny on unrelated items, which could make the audit more complicated. Instead:

  • Include only records directly supporting the service or procedure in question.
  • Avoid submitting documents for unrelated services, as this could broaden the audit’s scope.
  • Double-check each record for completeness and accuracy, ensuring it supports the medical necessity and coding of the audited service.

Common Pitfalls and How to Avoid Them

Healthcare practices often make avoidable mistakes when responding to RAC and other audit requests. Some common pitfalls include:

  • Insufficient Documentation: Always submit comprehensive records that support the medical necessity of each service.
  • Missing Deadlines: Ensure all deadlines are met by organizing documents promptly and reaching out for extensions if needed.
  • Inadequate Compliance Programs: Having a strong compliance program is a great safeguard. Practices without clear, actionable protocols are at a higher risk when an audit comes around.

Final Thoughts

RAC audits are an essential aspect of healthcare RCM, serving as a check on billing and compliance standards. While audits can feel like a disruption, having a structured plan shifts the approach from reactive to proactive. By staying informed, prepared, and organized, practices can protect their revenue, boost compliance, and stay ready for future audits.

Making these steps part of regular RCM routines helps healthcare providers strengthen their financial health and maintain steady compliance, even as regulations evolve.

Request a demo of our revenue cycle solutions to learn how we can help with your RAC audits.