Using Data to Survive RAC Attacks: Analyzing Audit Data Helps Mitigate Future RAC Risk

By Dawn Crump

Medicare's Recovery Audit Contractor (RAC) program began as a three-year, three-state pilot program in 2005 and went nationwide in 2009. The American Hospital Association (AHA) began tracking data collection in January 2010 and since then, according to AHA, the RAC program has recouped $2.5 billion in claims denials.1 Over one million health records have passed through health information management (HIM) professionals’ hands in response to RAC additional documentation requests (ADRs), and cumulative medical record requests are up 13 percent since the 1st quarter of 2013 alone.

Most hospitals have established an audit team to help deal with RACs, and HIM professionals are integrally involved—primarily on the front end of the audit management process. Filling audit record requests is an area of intense workflow demand for HIM. HIM receives and validates requests, logs information into audit tracking software, prepares records, reviews documentation, approves submissions, ensures timely record delivery to auditors, and often assists with appeals.

Many HIM professionals have voiced their concern that RACs are putting an undue burden on their department, and AHIMA has filed comment letters to the federal government demanding a reform and closer monitoring of the program. But there is a silver lining for HIM.

The complete logging of RAC health record requests produces a comprehensive data trail of information. RAC data, in combination with AHA’s RACTrac reports, offer important clues for mitigating future RAC risk. The first step is to capture the correct data, the second to ask the right questions.

Armed with analytics results and business intelligence insights, HIM professionals play a valuable role in driving process improvement for ADR processing, revenue risk integrity, and clinical documentation.

HIM Best Practices to Reduce RAC Associated Costs
  • Calculating and communicating the dollars associated with health records requested by a RAC, but not yet submitted, demonstrates the value of HIM efforts.
  • Knowing which DRGs and types of cases a RAC is targeting fine-tunes CDI efforts and maximizes coder education dollars.
  • More cases are being appealed, and the average process takes 18 to 28 months. Track appeals closely to determine cost of appeal versus dollars at risk.
  • Monitor reimbursement take-backs by quarter and annually to predict future recoupments, establish correct cash reserves, and ease monthly cash flow concerns.
  • Centralize audit management across the organization—create one specific audit contact and workflow process.
  • Incorporate RAC requests into HIM’s release of information (ROI) processing and implement audit tracking software to boost staff efficiency.
  • Audit RAC requests to identify and eliminate redundant, duplicate requests.

Key Data to Collect

Auditors use complex data mining tools to identify hospital vulnerabilities and improper payments. Hospitals must do the same. Capturing the correct data elements early in the RAC process is a critical first step. The old adage “garbage in results in garbage out” is still true.

Analysis of RAC data can only be done with historical data that is available, analyzable, and clean. All ADR definitions, categorizations, and documentation must be consistent. To achieve this, a best practice is to standardize audit definitions and protocols, minimize the number of staff assigned to document audits, and validate staff understanding of the process and auditors’ language on denials. Key data points to capture are listed in the sidebar on below.

Key Data Points to Capture for RAC ADRs
  • Basic encounter information: patient demographics, MRUN and encounter numbers, admission date, discharge date, attending physician, payer, etc.
  • All ADR contact information including a copy of the ADR letter and auditor correspondence
  • All due dates for the ADR (multiple deadlines by auditor)
  • DRG, diagnosis and procedures
  • Original claim payments and charges associated with each record
  • Recoupments and repayments

HIM Questions to Ask

The goal of RAC data analytics is to answer the following five questions:

  • How much money is at risk?
  • What are your reasons for denial?
  • How many audits are held in appeals?
  • How are audits impacting cash flow?
  • How much is the program costing HIM in time and resources?

Dollars at Risk

This area includes all cases requested by the RAC. If a health record was requested, the associated revenue is at risk for return. According to the AHA’s 3rd Quarter RACTrac 2013 Survey, the average value of health records requested for complex review ranges from $8,061 in RAC Region C to $10,137 in Region A. Five hundred records every 45 days could equal over $5 million in lost reimbursement.

To ensure the correct amount of dollars at risk is reported, HIM must log the original claim payments or associated charges for a pre-payment review for each record requested by the RAC. It then must communicate this value as part of the overall “dollars at risk” report.

Executives want to see the complete picture of potential loss and cash flow impact—including the dollars associated with “in process” record requests. Ideally, data is sorted by “in process,” “pending,” “dispute,” “RAC discussion,” and “rebuttal,” as well as the five levels of appeal.

Reasons for Denial

Knowing the reason behind claims denials helps educate healthcare facility staff and improve their record-keeping processes. DRGs are one area of a denial that HIM professionals should pay attention to. Everyone from medical staff to clinical documentation improvement (CDI) specialists, case management, and HIM must know which specific DRGs and types of cases are being requested by the RAC. By analyzing a “DRGs at Risk” report, CDI teams can focus their physician query and educational efforts on cases that matter the most and are more at risk—while HIM saves time and dollars by targeting coder education and training.

Audits in Appeals

Hospitals report appealing 47 percent of all RAC denials, with a 67 percent success rate in the appeals process, according to the AHA. As success rates climb, provider organizations are getting much more aggressive on appeals. According to Cathy Watts, RHIA, administrative director of HIM at Cape Fear Valley Health, based in Fayetteville, NC, “whenever a physician feels the patient required inpatient admission, they appeal the case.”

However, more appeals mean more data to track and report, especially since the entire appeal process typically takes 18 to 28 months. Below are four RAC appeal tracking guidelines to bolster the value of appeals data:

  • Know the exact amount of dollars held in appeals, including the interest charged by the Centers for Medicare and Medicaid Services
  • Separate automated versus complex appeals, whether an internal or external appeal partner is used, and the cost of appeal versus the dollars at risk
  • Compare your appeals percentage to national norms for stronger benchmarking and insight
  • Know your overturn rate and volume still pending appeal decisions

Cash Flow Impact

Always compare RAC data with Medicare reimbursement to identify cash flow trends and dollars recouped quarterly and annually. Reconcile the audit impact with the Medicare recoupments or repayments. By knowing the average dollars lost over time, HIM professionals can help finance executives establish and set aside the appropriate cash reserves—which reduces cash flow concerns.

Program Costs in HIM

Increased administrative costs are another area RACs can have a significant organizational impact. Hospital executives want to know complete program expenses, including how many full-time employees (FTEs) are involved, and then benchmark their investment against other facilities within their RAC region.

HIM departments should be able to correctly identify the specific costs associated with receiving and processing RAC requests, including:

  • Number of HIM FTEs involved in RAC program work
  • Amount of effort extended/hours involved in processing and billing for RAC requests
  • Cost of audit and appeal tracking software (if purchased and maintained by HIM)
  • Supplies, postage, etc. minus record production revenue received from the RAC
  • Time required to audit RAC activity for duplicate requests
Mitigating Future RAC Risk: Five Questions for HIM

Time to Streamline

Thirty-two percent of hospitals nationwide already use some type of tracking software.2 Furthermore, as more audit management programs centralize, the use of a single, enterprise-wide audit tracking database with roll-up analytical capabilities becomes essential.

According to Kate Morgan, RN, BSN, MHSA, RAC recovery audit coordinator at Carle Foundation Hospital based in Urbana, IL, audit tracking software helps the organization meet ever-shortening deadlines for audit requests.

“Our RAC volumes are definitely increasing, but we are able to keep up through a combination of audit tracking software, in-house HIM staff, and outsourced ROI support,” she says.

Just as in any other database, it is critically important to ensure the accuracy and timeliness of RAC data. Audit data integrity must be emphasized and supported across the entire audit management team—including HIM. As mentioned above, standard audit definitions and protocols are the key to clean data. Data input should be restricted to only a few staff as multiple data entry points confuse results and derail data analysis.

Data Tells the Audit Story

The silver lining of HIM’s involvement in RAC processing is the creation of a complete data trail of RAC information over time. Let the audit data tell its story. Mine data to uncover important business intelligence and insights, thereby reducing RAC costs, mitigating future revenue risk, and improving documentation and coding outcomes.


  1. American Hospital Association. “Exploring the Impact of the RAC Program on Hospitals Nationwide: Results of AHA RACTrac Survey, 3rd Quarter 2013.” November 21, 2013.
  2. Ibid.

Dawn Crump ( is vice president of audit management solutions at HealthPort.

Article citation:
Crump, Dawn. "Using Data to Survive RAC Attacks: Analyzing Audit Data Helps Mitigate Future RAC Risk" Journal of AHIMA 85, no.1 (January 2014): 30-33.