The ABCs of Medicare and Medicaid Audits

by Steve Adams, CPC, CPC-H, CPC-I, PCS, FCS, COA


Just when you thought participating with Medicare and Medicaid couldn’t get any more difficult they roll out their enforcement arm(s) to help recoup potential overpayments and reduce waste in the system.

This article will simply introduce you to the major players and offer you some links to their web sites so that you can become more familiar with the issues they are addressing.  The key to avoiding problems is to know your audience and follow their rules – time is not on your side.

First we’ll take a look at Medicare and its $550 billion per year program – we’ll use Georgia as the example.

MAC – The Medicare Area Contractor

The first major step Medicare took to help reduce the amount of fraud and abuse in their system was to consolidate their Fiscal Intermediaries (FI) and Carriers into to Medicare Administrative Contractors (MACs).  In the past, Part A claims and Part B claims were processed by two separate entities.  Now, each jurisdiction has one MAC that processes both Part A and Part B claims.  Georgia is in jurisdiction 10 and our MAC is Cahaba GBA.  Their web site is:

RAC – Recovery Audit Contractor

To further the recoupment activity of the federal government, Recovery Audit Contractors (RACs) were put into place in order to research and recoup potential overpayments for both Part A and Part B services.  Georgia is in Region C and our RAC auditor is known as Connolly Healthcare.  Their web site is:  Connolly healthcare has recently started sending out overpayment letters to providers all over the South East.  It’s suggested that you go to the aforementioned link to review the approved issues they are auditing at this time.

ZPIC – Zone Program Integrity Contractor

Zone Program Integrity Contractors (ZPICs) will continue the work of the Program Safeguard Contractors (PSCs) and focus mainly on fraud.  In Georgia we are in Zone 5 and our ZPIC contractor is NCI / Advance Med.  Their web site is:

Now let’s take a look at the Medicaid program:

Medicaid Integrity Program (MIP)

In February 2006, the Deficit Reduction Act (DRA) of 2005 was signed into law and created the Medicaid Integrity Program (MIP) under section 1936 of the Social Security Act (the Act).  The MIP is the first comprehensive Federal strategy to prevent and reduce provider fraud, waste, and abuse in the $300 billion per year Medicaid program

CMS has two broad responsibilities under the MIP:

  • Hire contractors to review Medicaid provider activities, audit claims, identify overpayments, and educate providers and others on Medicaid program integrity issues
  • Provide effective support and assistance to States in their efforts to combat Medicaid provider fraud and abuse

Along with these responsibilities, the Act also requires that CMS develop a five-year Comprehensive Medicaid Integrity Plan (CMIP) in consultation with internal and external partners to outline the efforts to reduce overpayments, fraud and waste.

For more information on the MIP:

The Medicaid Fraud Control Unit

Another way to fight waste in the Medicaid program is through the Medicaid Fraud Control Unit (MFCU).  It is a single identifiable entity of state government, annually certified by the Secretary of the U.S. Department of Health and Human Services (HHS).  The Unit has either statewide criminal prosecution authority or formal procedures for referring cases to local prosecutorial authorities with respect to the detection, investigation and prosecution of suspected criminal violations of the Medicaid program.  You can find out more about MFCU here:

What to Do?

I think the best piece of advice I can give you is to not take inquires from these agencies lightly.

  • Visit the above web sites and stay abreast on all approved audit issues.
  • Make sure you have the telephone number/e-mail/fax of your consultant and/or practice attorney in the event you are audited by any outside agency whether commercial or federal.
  • Consider having an prospective review of the services you provide to see if you have any potential audit liabilities that need to be addressed now.
  • Please make sure your staff reviews all requests for your records carefully to ensure nothing goes out without being first reviewed by the provider and/or your practice consultant/attorney.

If you do receive a letter from a MAC, RAC, ZPIC, MIP, MFCU, MIG or any other entity with Medicare or Medicaid in the letter head, header or footer and you don’t already have a consultant or practice attorney that specializes in these types of requests, feel free to contact me at 770-709-3598.


Steve Adams, CPC, PCS is a Senior Consultant for InGauge Healthcare Solutions, Inc., an InHealth company.   Contact him for consulting and educational services at

This article can be reprinted freely online, as long as the entire article and this resource box are included.

Comments are closed.