Risk Management: Audit Processes Every Medical Provider Should Prepare For
The Centers for Medicaid & Medicare Services (CMS) are working harder than ever to crack down on fraud, waste, and abuse. As part of those efforts, the agency is involved in numerous Medicaid audits, each of which can have a rapid impact on day-to-day business operations for the audited provider.
A Medicaid audit is an intensive review of the services you’ve billed CMS for, your billing practices in general, and all the documents relevant to those inquiries.
The document production requests can sometimes date back yearsand involve an impractically large quantity of documentation. It can quite literally be more than you, your office, and your printer can handle.
Medicaid audits might be conducted by CMS, a company contracted by CMS, or by a different federal agency that refers cases to and from CMS. We’ll look at the various kinds of Medicaid audits further below.
But in any event, a Medicaid audit is always a serious event. It has the potential to trap you and your practice in a months-or-years-long investigative wormhole, making it difficult or even impossible to continue business and turn a profit until the audit reaches an end.
In some cases, a Medicaid audit can even preemptively put 100% of your payments from CMS on hold until the audit concludes: even for legitimate services you’ve already provided and billed for.
Unfortunately, the agencies and companies responsible for carrying out Medicaid audits typically have an incentive (either monetary or political) to conclude that you do indeed owe CMS money, sometimes a lot of money.
You can appeal those decisions, but the process for doing so is complex, challenging, and drawn out. It can take many months or even years to exhaust the five-tier Medicaid audit appeals process. Very few practices can afford to expend their resources for that long while still treating Medicare and Medicaid patients without getting paid.
Hiring an experienced Medicaid audit appeals lawyer is often the most effective way of preventing audits, ending them as quickly as possible when they do happen, and successfully navigating the appeals process whenever necessary.
A Look at the Various Types of Medicaid Audits
Every Medicaid audit is a serious matter. But the specific type of audit will determine the scope of review, the potential penalties, which types of investigations you might face in the future, and the most strategic forms of response.
Our office is available to assist with any of the following:
- RAC audits: CMS hires third-party companies to monitor billing data from doctors, hospitals, pharmacies, and other providers to identify instances of underpayment or overpayment. These companies are called RACs, or Recovery Audit Contractors. Because RACs are allowed to retain a percentage of the money they collect on Medicaid’s behalf, they try very hard to find evidence that you have overbilled for your services. RAC audits are increasing in frequency, and every healthcare provider treating Medicaid-insured patients should anticipate that a RAC audit could happen at any time.
- MAC audits: MAC stands for Medicare Administrative Contractor. MACs are similar to RACs in that they are private contractors, but they play an even more expansive role. MACs process both incoming invoices and outgoing payments for CMS. They also track your billing history so they can trace discrepancies over time, and they evaluate your clinic’s treatments for “medical necessity.” MAC audits can trigger “pre-payment review,” which means the MAC must approve your billing before you get paid. This process that can take a very long time, creating a serious cash flow crunch for health facilities.
- ZPIC reviews: Both RACs and MACs are principally focused on money. They make sure CMS isn’t paying you too much, and while they can sometimes refer cases to law enforcement agencies, their primary interest is collecting money. A ZPIC review is different, however. ZPIC stands for Zone Program Integrity Contractor, a private organization tasked with uncovering evidence of healthcare fraud (a crime). They audit and review data from care providers and, if fraud is suspected, ZPICs make recommendations and referrals to other agencies. For this reason, ZPIC reviews can have a wide range of consequences, spanning from suspension of CMS payments to referral for criminal prosecution.
- CERT programs: The Comprehensive Error Rate Testing (CERT) is a program designed to identify any problematic invoicing trends. If this testing shows that there are billing issues with your practice, you will likely face a Medicaid audit in the near future. RACs and MACs both refer to CERT testing as part of their regular monitoring.
Who Can Be Targeted in a Medicaid Audit?
Any organization providing medical equipment or care to Medicaid-insured patients is subject to audit at any time. This includes:
- Hospitals
- Doctor’s offices & physician groups
- Pharmacies
- Physical therapy groups
- Medical equipment suppliers
- Home healthcare providers
- Nursing homes
- Assisted living facilities
- Any other organization that submits claims for payment to CMS
Samples of Our Success in Healthcare Fraud Cases
At Oberheiden, P.C., our priorities are avoiding indictments in the first place, getting all criminal charges dismissed, and sparing you from conviction and incarceration.
We have avoided charges for clients both before and during an active investigation. Some of our success stories include successfully defending:
- A healthcare business against a joint investigation by the Department of Justice (DOJ) and the U.S. Attorney’s Office for alleged Medicare fraud.
Result: No Liability - A marketing company in a joint investigation by the Office of Inspector General (OIG) and the U.S. Attorney’s Office alleging Medicare fraud.
Result: No Liability
- A physician syndication against an OIG / FBI investigation involving alleged federal healthcare fraud.
Result: No Liability.
- A toxicology laboratory in an OIG investigation into alleged Medicare fraud.
Result: No Liability.
- A physician against a Medicare fraud investigation conducted by the OIG.
Result: No Liability.
At the time of this page’s publication, none of our clients have gone to prison or lost their medical licenses after we began representing them for healthcare fraud. We encourage you to contact our office to learn more about our latest results and how we can help in your case.
Remember that every case is unique, and our past results can’t guarantee the outcome of your particular legal matter. But for the best chance of success, it is always in your best interest to hire an experienced law firm that knows how to handle cases involving alleged Medicare and Medicaid fraud.
From the early audit stages all the way through criminal prosecution, Oberheiden, P.C. is prepared to fight for your freedom, finances, and reputation.
Meet Our Attorneys
Nick Oberheiden
As an authority on healthcare fraud defense in the United States, Dr. Nick Oberheiden has successfully argued cases against the Department of Justice, Department of Defense, the Federal Bureau of Investigation, and the Drug Enforcement Agency. Dr. Oberheiden has assembled an experienced team of attorneys who command a deep and comprehensive understanding of the healthcare fraud resolution process.
Lynette S. Byrd
With experience in virtually all aspects of white-collar criminal proceedings, attorney Lynette S. Byrd defends both individuals and corporate clients who have been accused of federal crimes or are under investigation by state and federal agencies / contractors. Her several years of experience prosecuting white-collar crimes as the Assistant U.S. Attorney for the Northern District of Texas gives her a unique perspective when defending her clients. She is a fierce advocate for those under Medicaid audit.
Get Smart Legal Guidance. Contact Oberheiden, P.C.’s Savvy Lawyers as Soon as Possible.
If you are facing a Medicaid audit anywhere in the United States, we can help. Our federal healthcare defense attorneys are available seven days a week, even on weekends, to talk about your case and answer your questions. Contact us now.

Dr. Nick Oberheiden has successfully represented healthcare executives and physicians – as well as businesses in the areas of toxicology, pharmacy, home health and hospice centers, DME, hospitals, surgery centers, neuro-monitoring, and blood and DNA testing centers – in healthcare compliance and defense.