Medicare Audit Defense Attorneys | Nationwide CMS Audit Representation

Defending Healthcare Providers Against All Types of Medicare Audits

Medicare audits come in many forms – Recovery Audit Contractor (RAC) reviews, Medicare Administrative Contractor (MAC) determinations, Unified Program Integrity Contractor (UPIC) fraud investigations, and more. Each type of audit carries different risks, processes, and consequences for your healthcare practice.

Whether you're a hospital facing RAC demands for medical records, a physician practice under MAC prepayment review, a DME supplier targeted by UPIC investigation, or any healthcare provider confronting audit scrutiny from the Centers for Medicare & Medicaid Services (CMS), one thing remains constant: the financial and professional stakes are high.

Medicare audits can result in:

• Recoupment demands from hundreds of thousands to tens of millions of dollars
• Payment suspensions that destroy cash flow and threaten practice closure
• Exclusion from Medicare and Medicaid programs
• Referrals to the Department of Justice or FBI for criminal prosecution
• Professional license investigations and discipline

At Hendershot Cowart P.C., we defend healthcare providers nationwide against every type of Medicare audit. With more than 100 years of combined healthcare law experience, our attorneys protect your practice from aggressive CMS audits through strategic defenses based on deep understanding of complex federal healthcare regulations and Medicare policies.

On this page:

• Types of Medicare We Defend
• Recovery Audit Contractors (RACs) Audits
• Medicare Administrative Contractors (MACs) Audits  
• Unified Program Integrity Contractors (UPICs) Investigations
• Supplemental Medical Review Contractor (SMRC) Audits
• Not Sure Which Type of Audit You're Facing?
• Common Medicare Audit Triggers
• Appealing Adverse Medicare Audit Determinations
• Settlement Negotiation
• FAQ

Call (713) 783-3110 today for immediate Medicare audit defense representation.

Types of Medicare Audits We Defend

CMS doesn't conduct audits directly. Instead, CMS contracts with multiple private companies and government agencies to review provider billing, identify overpayments, investigate fraud, and enforce compliance. 

At Hendershot Cowart P.C., we guide and protect providers through all types of CMS contractor audits, document requests, and investigations, including RAC and MAC audits, UPIC investigations, and SMRC reviews. 

Recovery Audit Contractors (RACs) Audits

RACs conduct post-payment audits to identify and recoup Medicare overpayments. Unlike other CMS contractors, RACs are compensated on a contingency basis – receiving a percentage of the overpayments they collect. This payment structure creates financial incentives to find billing errors and maximize recovery amounts.

The RAC Audit Process

RAC audits follow a two-stage process:

Stage 1: Automated Review. RACs utilize sophisticated software and data mining to review claims paid within the past three years. They analyze billing patterns compared to local and national norms, unusual utilization of specific procedure codes, duplicate billing or unbundling issues, and services billed outside coverage guidelines.

You may not be aware your claims are under automated review. RACs can identify potential overpayments without requesting medical records at this stage.

Stage 2: Complex Review. When automated review identifies potential issues requiring clinical assessment, the RAC sends an Additional Documentation Request (ADR), requesting medical records and additional documentation. 

You are legally required to respond to ADRs. Failure to submit requested documentation results in automatic recoupment of the full claim amount.

Step 3: Determination. After reviewing your medical records, the RAC issues a determination letter detailing:

• The coverage, coding, or payment policy violated
• The reason for the review and description of overpayment
• Recommended corrective actions
• Your right to submit a rebuttal statement before recoupment
• Procedures for overpayment recovery
• Your right to request an extended repayment schedule
• Information on your appeal rights

Recovery Audit Contractors Are Financially Incentivized Against You

RACs are paid on contingency, receiving a percentage of every dollar they recover from providers. They are financially motivated to maximize recoupment amounts through aggressive audit tactics and extrapolation.

Our job is to fight back for you. 

Our RAC Audit Defense Approach

Because RACs earn contingency fees on recoveries, they're motivated to interpret evidence against you. We level the playing field with expert witnesses who expose flawed methodologies and aggressive advocacy that prevents improper recoupment from threatening your practice.

Our comprehensive defense strategy challenges RAC audits at every level:

• We respond strategically to ADRs with complete, organized medical records, explanatory cover letters referencing coverage policies, and documentation addressing RAC's specific concerns
• Contest improper coverage policy application by demonstrating ambiguities in Local and National Coverage Determinations, regional practice variations, and policy interpretations that support your billing
• Challenge extrapolation methodology with expert testimony identifying biased sample selection, insufficient sample sizes, improper universe definitions, and calculation errors that can significantly reduce recoupment
• Provide board-certified physician expert testimony supporting medical necessity with evidence-based medicine, clinical practice guidelines, and patient-specific factors justifying treatment decisions
• Negotiate strategic settlements when appropriate that waive extrapolation, limit recoupment to actual sample overpayments, and structure manageable repayment terms
• And, if necessary, file timely appeals at all five levels of the Medicare appeals process while building the strongest possible evidentiary record to help overturn adverse audit determinations

Medicare Administrative Contractors (MACs) Audits

MACs serve dual roles: they process Medicare claims for payment and conduct prepayment and post-payment audits. This dual role means MACs have extensive data on your billing patterns and can quickly identify practices that deviate from local or national norms.

What MAC Audits Involve

Medical Record Requests. MACs issue ADRs specifying claims under review and documentation required. Response timeframes are typically 30 to 45 days, though extensions may be granted for good cause.

Post-Payment Review. Retrospective review of claims already paid. MACs request medical records through Additional Documentation Requests (ADRs) and may recoup overpayments identified.

Prepayment Review. The most disruptive MAC audit type, claims are held and reviewed before payment is issued. During prepayment review:

• Every claim for specified procedure codes is reviewed before payment
• You submit medical records with each claim
• Payment is delayed 30 to 60 days (or longer) while under review
• Claims may be denied if documentation doesn't meet MAC standards
• Cash flow disruption can threaten practice viability

Prepayment review continues until you demonstrate sustained compliance over a specified period (typically three to six months of clean claims).

Provider Education and Outreach. MACs offer educational resources, webinars, and targeted communications about common billing errors. While ostensibly helpful, these communications often identify areas of upcoming audit focus.

Our MAC Defense Approach

• Submit complete, organized ADR responses before deadlines with cover letters referencing coverage policies and explaining complex clinical scenarios 
• Provide expert physician testimony supporting medical necessity with evidence-based medicine and clinical practice guidelines 
• Challenge prepayment review determinations by demonstrating statistical validity of billing patterns and negotiating reasonable exit criteria 
• Demonstrate good-faith compliance efforts through documented corrective actions that prevent escalation to UPIC investigation 
• Preserve appeal rights at every level while building the strongest possible case to present before an Administrative Law Judge (ALJ) – part of the Medicare appeals process
• Negotiate strategic settlements when appropriate, calculating true exposure and structuring manageable repayment terms 

Unified Program Integrity Contractors (UPICs)

UPIC investigations are not routine compliance audits – they are federal fraud investigations conducted by private contractors who work closely with law enforcement agencies. If you receive a UPIC letter requesting medical records, you are already under investigation for suspected Medicare or Medicaid fraud.

Evidence gathered by UPICs forms the basis for federal criminal cases that can result in imprisonment, millions in fines, and permanent exclusion from all federal healthcare programs.

This is why experienced legal counsel is essential from the moment you receive a UPIC letter – to prevent your case from escalating to actual criminal law enforcement.

Learn more about UPIC investigations and our proactive defense approach.

Zone Program Integrity Contractors (ZPICs) Phased Out

ZPICs were CMS's fraud investigation contractors from 2009 to 2016. CMS transitioned the ZPIC program to the current UPIC program over several years as ZPIC contracts expired. ZPICs had the same investigative authority and fraud focus now exercised by UPICs.

If you're researching ZPIC audits because you received an investigation notice, you're actually dealing with a UPIC investigation. The name changed, but the stakes remain just as high.

Supplemental Medical Review Contractor (SMRC) Audits

SMRC conducts targeted medical necessity reviews for specific claims, providers, or services identified as high-risk by CMS data analysis. SMRC audits typically focus on services with historically high improper payment rates or providers whose billing patterns significantly deviate from peers.

SMRC physicians review cases:

• Requiring clinical expertise, such as complex surgical procedures, high-cost imaging and diagnostic services, inpatient rehabilitation facility admissions, or long-term acute care hospital admissions
• Targeting specific providers when a provider's billing patterns significantly deviate from peers
• In geographic "hot spots" where CMS identifies an unusually high utilization of specific services
• With historically high improper payment rates, such as power mobility devices (power wheelchairs, scooters), cardiac procedures, spine surgeries, or pain management procedures

The SMRC Review Process

• SMRC sends medical record requests similar to RAC ADRs, specifying claims under review, required documentation, and submission deadlines (typically 30-45 days) 
• Physician reviewers assess medical necessity by evaluating whether services meet coverage criteria and if the level of service billed was appropriate 
• Reviewers evaluate compliance with local and national coverage determinations using clinical judgment and specialty-specific expertise 
• SMRC issues written determination letters detailing the clinical rationale for denials, coverage policy applied, and recoupment amounts 
• Determination letters include appeal rights explaining your right to appeal through the standard five-level Medicare appeals process

Our SMRC Defense Approach

At Hendershot Cowart P.C., we help clients navigate the SMRC audit process, prepare necessary documentation, and defend claims denied by SMRC reviewers.

Our approach includes:

• Providing expert physician opinions from board-certified specialists who review the same records, explain clinical decision-making with patient-specific factors, cite evidence-based medicine, and testify at ALJ hearings when necessary
• Demonstrating care met accepted standards through clinical practice guidelines from professional societies, peer-reviewed literature, and expert testimony proving treatment was within standard of practice and individualized to patient needs
• Emphasizing clinical judgment differences between the treating physician and the SMRC reviewer who only saw medical records, highlighting patient-specific factors not fully captured in documentation
• Challenging retrospective review limitations by demonstrating that medical necessity is a prospective determination based on information available at the time of treatment, not hindsight
• Presenting comprehensive medical literature supporting the treatment approach and demonstrating that multiple acceptable clinical pathways exist for the patient's condition
• Documenting patient-specific justifications showing why alternative treatments were inappropriate or had been tried and failed, necessitating the services SMRC denied
• Appealing denied claims through all five levels of the Medicare appeals process 

Not Sure Which Type of Audit You're Facing?

Medicare auditors include:

• Recovery Audit Contractors (RACs)
• Medicare Administrative Contractors (MACs)
• Supplemental Medical Review Contractor (SMRC)
• Unified Program Integrity Contractors (UPICs)

Medicaid auditors include:

• Medicaid Fraud Control Units (MFCUs): State law enforcement agencies, usually part of state Attorney General's office
• State Medicaid RACs: State-run programs, vary significantly by state, also called "Medicaid Integrity Contractors" (MICs) in some states
• Medicaid managed care organizations (MCOs): Private health insurance companies that contract with state Medicaid agencies to provide healthcare services to Medicaid beneficiaries, conducts audits and SIU investigations into network providers
• UPICs: Audit BOTH Medicare and Medicaid for suspected fraud

How To Identify the Contractor

If you're unsure which program is auditing you, check the letterhead:

• RAC: Performant Recovery or Cotiviti
• MAC: More than 15 MACs process and audit claims for Medicare, including Noridian Healthcare Solutions, CGS Administrators, Novitas Solutions, and Palmetto GBA.
• SMRC: Noridian Healthcare Solutions 
• UPIC: Qlarant, SafeGuard Services, or CoventBridge
• MCFU: Look for the state seal or “Medicaid Fraud Control Unit” 
• State Medicaid RAC: Varies by state (could be state agency or private contractor)
• Medicaid MCO: WellCare, UnitedHealth Community Plan, Molina Healthcare, Anthem Blue Cross, Amerigroup, and Aetna Better Health are just some of the many MCOs operating nationwide. 

Hendershot Cowart's healthcare attorneys aggressively defend providers against all types of Medicare and Medicaid audits – RAC, MAC, UPIC, SMRC, and Medicaid auditors and enforcement agencies.

Common Medicare Audit Triggers Across All Audit Types

Regardless of which CMS contractor audits your practice, certain red flags consistently trigger scrutiny.

Billing Pattern Red Flags:

• Billing significantly above local/national averages for your specialty, which CMS contractors identify by comparing your billing to peers within your MAC jurisdiction and national benchmarks
• Sudden spikes in specific procedure codes suggesting practice changes, new billing staff errors, or potential upcoding schemes – even legitimate changes require documentation explaining increased billing
• Billing patterns inconsistent with provider specialty, such as primary care physicians billing complex procedures, specialists billing high volumes of basic services, or any provider billing outside typical scope of practice
• High percentage of high-level E&M codes where most office visits are billed at level 4 or 5, emergency visits are predominantly level 5, or consultations are primarily reported as services with high medical complexity
• Frequent use of modifiers, which allow separate payment for typically bundled services and significantly increase reimbursement when overused or improperly applied

Documentation Deficiencies:

• Missing, incomplete, or illegible medical records including missing provider signatures or dates, illegible handwritten notes, incomplete history/exam/medical decision-making documentation, or missing test results
• Lack of medical necessity documentation that fails to establish why services were reasonable and necessary, how they relate to diagnosis or treatment, what patient-specific factors justified them, or why less costly alternatives weren't appropriate
• Generic, templated notes lacking patient-specific detail with identical language across multiple encounters, irrelevant copied information, missing patient-specific assessment and clinical reasoning, or inconsistencies suggesting automated generation

Compliance Concerns:

• Previous audit findings or recoupment history including prior RAC/MAC recoupments, UPIC investigations, corrective action plans, or billing errors – CMS contractors share data across programs
• Complaints from beneficiaries or whistleblowers about services billed but not provided, pressure to accept unnecessary services, undelivered equipment, or unqualified staff providing services
• Referral patterns suggesting kickback arrangements such as high percentages of referrals to single providers, referrals to entities with financial relationships, reciprocal referral arrangements, or referrals inconsistent with patient needs
• Unusual relationships with DME suppliers or laboratories including office space sharing, high-volume prescribing to single suppliers, compensation from labs or DME companies, or ownership interests in referring entities
• Geographic clustering where multiple providers in the same area face audits for the same services, prompting CMS to audit all similar providers in that region regardless of apparent billing issues

Appealing Adverse Medicare Audit Determinations

You have the right to appeal overpayment recoupment demands, payment suspensions, and billing privilege revocations through Medicare's five-level appeals process. Success rates vary dramatically by level, making strategic representation critical:

1. Level 1 - Redetermination: MACs review the initial determination. Despite low success, Level 1 is essential to preserve issues and supplement the record for higher appeals.
2. Level 2 - Reconsideration: Independent Qualified Independent Contractor (QIC) conducts a more thorough review with improved success rates.
3. Level 3 - ALJ Hearing: Administrative Law Judge hearing with live testimony, expert witnesses, and full procedural protections. This is where most providers win.
4. Level 4 - Appeals Council: Council reviews ALJ decisions for legal errors through written submissions only.
5. Level 5 - Federal District Court: Full federal court litigation for qualifying dollar amounts.

There are critical deadlines at every level – missing appeal deadlines forfeits your rights entirely.

Learn more about the Medicare appeals process.

Settlement Negotiation: When Fighting Isn't the Best Strategy

Not every Medicare audit should be fought through five levels of appeals. 

Strategic settlement may be appropriate when documentation deficiencies cannot be overcome, appeal costs exceed potential recovery, payment suspensions threaten practice survival, or settlement offers substantial reductions. 

As your attorneys, we can calculate true exposure versus settlement offers, negotiate reduced recoupment amounts, structure manageable repayment terms that don't bankrupt your practice, and ensure settlement language characterizes issues as "billing errors" rather than fraud admissions that could be used against you in future audits.

The decision to settle or appeal requires careful analysis of your specific circumstances, chances of success at each appeal level, and total costs versus potential outcomes. 

The experienced Medicare audit defense attorneys at Hendershot Cowart P.C. can help you determine the best strategy for your situation. Call (713) 783-3110 to schedule a one-hour consultation today.

Medicare Audit Defense FAQ

What Should I Do Immediately After Receiving a Medicare Audit Letter?

First, identify which type of audit you're facing – the letterhead will indicate whether it's RAC, MAC, UPIC, or SMRC. Second, note your response deadline (typically 10-45 days depending on audit type). Third, contact a Medicare audit defense attorney immediately – delays cost you preparation time and strategic options.

Call (713) 783-3110 today for immediate consultation.

What's the Difference Between RAC, MAC, and UPIC Audits?

These are three different types of CMS contractors with different purposes and authority:

• RACs (Recovery Audit Contractors) conduct post-payment audits seeking to recover overpayments. They are paid on contingency (percentage of recoveries), creating financial incentives to find billing errors. 
• MACs (Medicare Administrative Contractors) process claims and conduct both prepayment and post-payment reviews. MACs can place you under prepayment review (holding claims before payment). MACs also conduct Level 1 appeals (redeterminations) as part of the Medicare appeals process.
• UPICs (Unified Program Integrity Contractors) investigate suspected fraud, waste, and abuse. UPIC investigations are the most serious because they can result in payment suspensions, criminal referrals to DOJ/FBI, and exclusion from Medicare.

Can I Handle a Medicare Audit Without an Attorney?

Technically yes, but it's rarely advisable given the stakes involved. Medicare audits involve:

• Complex federal regulations and coverage policies
• Strict deadlines with no tolerance for late responses
• High financial exposure (often hundreds of thousands to millions)
• Risk of payment suspension threatening practice survival
• Potential criminal referral and program exclusion

Providers who self-respond often:

• Submit documentation that raises additional concerns
• Make statements to auditors that strengthen fraud allegations
• Miss opportunities to challenge improper audit methodology
• Fail to preserve critical legal and factual issues for appeal
• Accept unfavorable settlements out of fear or confusion

Nationwide Medicare Audit Defense Attorneys

Our healthcare attorneys have defended hundreds of Medicare audits nationwide with more than 100 years of combined experience. We understand how CMS auditors think, what evidence persuades them, and how to negotiate favorable settlements – while maintaining your right to appeal adverse determinations. Our attorneys are ready to defend your practice today.

Call (713) 783-3110 or contact us online to schedule a confidential consultation to discuss your Medicare audit and review your options.