v-axsombrownOn Feb. 8, 2006 the Deficit Reduction Act of 2005 was signed into law (P.L. 109-171), creating the Medicaid Integrity Program (MIP)(1) under Section 1936 of the Social Security Act.


This dramatically strengthened federal capability to fight Medicaid fraud, waste and abuse. Specifically, it required The Centers for Medicare & Medicaid Services to provide effective support and assistance to states’ integrity efforts as well as requiring them to contract with entities in order to: (a) audit provider claims; (b) review providers’ and others’ actions to detect fraud or potential abuse; (c) identify overpayments; and (d) educate beneficiaries, providers, managed care entities and others on payment integrity and quality of care.


Section 6411 of the Patient Protection and Affordable Care Act of 2010 “PPACA” (Public Law 111-148), “Expansion of the Recovery Audit Contractor (RAC) Program,” subsequently was enacted March 23, 2010, requiring states to establish programs and contracts with one or more RACs by Dec. 31, 2010 to identify underpayments to Medicaid providers and to identify and collect overpayments.(2)


In early December 2010, prior to PPACA implementation, at least 10 states had “RAC-like” retrospective claims audit integrity program contracts in place already. For those states, some program components still may need to be modified to comply with CMS Medicaid RAC specifications. Another 10 states by this point had issued Medicaid RAC or RAC-like requests for proposals (RFPs). Medicaid RACs will not replace existing state program integrity or audit initiatives/programs.


CMS is giving flexibility to states in terms of RAC program design; however some features are universal (i.e. post-payment claim audits, contingency fees for overpayments, etc.) Also, RACs will supplement existing program integrity efforts, adequate appeals process must be available, and the federal government will pay 50 percent of the cost of operating and maintaining state RACs.


Medicaid RACs include all healthcare delivery services and plans, and prevention of fraud with increased attention on excluded providers will be an important part of the initiative. States’ plans were due to CMS by Dec. 31, 2010, with full implementation by April 1, 2011(3). On Feb. 2, 2011 CMS issued an informational bulletin indicating that states will not be expected to implement their RAC programs fully by April 2, 1011 due to lack of publication of the final rules by which states are expected to operate. Once these rules are published (anticipated later this year), new implementation guidelines will be provided.(4)


MIC Focus:


The Medicaid Integrity Group (MIG)(5) consists of(6) the following divisions:


  • Division of Medicaid Integrity Contracting (DMIC), which helps procure and oversee the MICs that conduct provider reviews and audits (and furnish provider education);


  • Division of Fraud Research & Detection (DFRD), which identifies historic, current and emerging trends of claims activities through analysis of Medicaid data, and conducts studies to support the activities of the MICs and the state Medicaid program integrity offices. This division also works directly with Review MICs to develop specific review algorithms. In 2010 the division delivered 328 state-specific review algorithms with four broad areas of focus: (a) pharmacy (overprescribing), (b) inpatient, (c) professional services and (d) long-term care;


  • Division of Field Operations (DFO) conducts reviews of state program integrity operations and provides training and other forms of support and assistance to the state Medicaid agencies. The DFO has field offices in New York, Atlanta, Dallas, Chicago and San Francisco. Since February 2008 this division has trained 1,900 state employees at the Medicaid Integrity Institute on auditing, data mining, data analyses and other aspects of program integrity.


  • Division of Auditing and Accountability (DAA), a relatively new division, finalizes audit reports that go to the states in addition to leading the audit resolution process, serving as a lead for policy development, working with states to minimize overlapping audits, and performing evaluation and reporting of the impact of specific provider education programs (i.e. identified interventions and vulnerabilities).


(1) http://www.cms.gov/MedicaidIntegrityProgram/Medicaid Program – General Information

(2) http://hms.com/healthcare_reform_info/index.asp#dec14, Tuesday, Dec. 14, 2010 – Medicaid RACs-The Impact on MCOs.

(3) http://hms.com/healthcare_reform_info/index.asp#dec14, Tuesday, Dec. 14, 2010 – Medicaid RACs-The Impact on MCOs, Page 2 – CMS Guidelines and Requirements for Medicaid RACs.

(4) http://medicaid-rac.com/resources, Feb. 1, 2011 – CMS Center for Program Integrity Bulletin Announcing RAC delay

(5) http://www.cms.gov/DeficitReductionAct/021_repcongress.asp#TopOfPageMedicaid Integrity Program YE10 Report to Congress.

(6) Open Door Forum Transcript- Medicaid Integrity Program – Nov. 3, 2010 [PDF, 181KB]




There are three types of MICs: (a) Audit; (b) Review and (c) Education.


1.   Review MICs analyze Medicaid claims data to identify high-risk areas (claim aberrancies) and vulnerabilities, providing leads to Audit MICs regarding providers to be audited.


2.   Audit MICs conduct post-payment audits, using both desk and field audits, which include fee-for-service, cost report and managed care audits to identify overpayments. States then collect over-payments and adjudicate provider appeals.


3.   Education MICs use findings from the Review and Audit MICS to identify areas of education.  They develop training materials and awareness campaigns, also conducting provider training in collaboration with Medicaid partners and stakeholders to highlight the values of preventing Medicaid fraud, waste and abuse. The Education MICs are Information Experts and Strategic Health Solutions. At this time Information Experts has not been awarded any special projects. However, Strategic Health Solutions has been awarded two contracts and these include the following:


–      To conduct gap analysis of existing education and training efforts; develop fraud, waste and abuse training materials; and educate Medicaid providers about appropriate and accurate billing for services. (Awarded August 2009)


–      To develop educational curriculums via web-based and traditional methods; and to educate Medicaid providers about Medicaid program integrity and quality of care. (Awarded September 2009)


MIC Jurisdictions


There are five MIC jurisdictions. The corresponding MICs are noted below along  with the contract award dates:






CMS Regions I & II – CT, MA, ME, NH, NJ, NY, PR, RI, VT, U.S. Virgin Islands.

New York

Thomson Reuters

August 2009


July 2009

CMS Regions III & IV – AL, DC, DE, FL, GA, KY, MD, MS, NC, PA, SC, TN, VA, WV


Thomson Reuters

April 2008

Health Integrity

September 2009

CMS Regions V & VII – IA, IL, IN, KS, MI, MN, SO, NE, OH, WI



May 2009

Health Integrity

September 2009

CMS Regions VI & VIII – AR, CO, LA, MT, ND, NM, OK, SD, TX, UT, WY



September 2008


September 2008

CMS Regions IX & X – AL, Am SA, AZ, CA, GU, HI, ID, N. Marianna Is, NV, OR, WA

San Francisco


September 2009


May 2009


MICs and Medicaid RACs: Knowing the Differences


The differences between each auditing entity are organized around their respective objectives, provider focus, look-back periods, audit types and audit processes, documentation response times and the payment of medical records.

Defined by Objectives:

  • MICs ensure proper claims payment for covered, properly billed (with correct and appropriate coding) and provided services supported by proper documentation that are paid in accordance with federal and state regulations, laws and policies.


  • RACs reduce improper payments for Medicaid healthcare claims through the use of Medicaid Recovery Audit Contractors (RACs) as part of the ACA’s larger strategy to crack down on waste, fraud and abuse in the healthcare system. Also, attention on excluded providers likely will be a major part of this program.

Defined by Provider Focus:


  • MICs – All providers, no exclusions.(7)

  • RACs – Unlike the Medicare RACs, whose audits are limited to fee-for-service plans(8), the Medicaid RACs will audit all types of plans and providers, including MCOs, etc., just like the MICs.(9)


Defined by the Audit Look-Back Period:


  • MICs – This was modified effective Oct. 1, 2010 due to concerns regarding medical record availability to permit a five-year lookback period from the date of notification letter issuance to a provider. CMS retains the right to adjust the Audit MICs’ lookback period when warranted.


  • RACs – Medicaid RACs’ lookback period is state-defined, whereas Medicare RACs have a three-year period.(10)


(7) Audit Medicaid Integrity Contractors (MIC) Statement of Work; FedBizOpps.gov website, SectionsBthruM.1.doc in right column “All Files”, Page 70, J3 Audit Protocols Overview, Performing Audits on Medicaid Providers.

(8) https://www.cms.gov/Recovery-Audit-Program/01_Overview.asp#TopOfPageRecovery Audit Program Final SOW, Pages 6-8.B. Improper payments EXCLUDED from this Statement of Work

(9) http://hms.com/healthcare_reform_info/index.asp#oct29, Page 2, Webinar Summary,

[10] https://www.cms.gov/Recovery-Audit-Program/01_Overview.asp#TopOfPage, Recovery Audit Program Final SOW [PDF, 187 KB] Page 8, B. 4.Claims paid dates earlier than Oct. 1, 2007.




Defined by Audit Types:


  • MICs perform focused or comprehensive on-site audits. Focused audits involve review of specific billing or procedural practices for specific services provided. Comprehensive audits involve a full-scope review of a provider during a specified period of time. The claims review audit process includes on-site provider audits and off-site desk audits. In some comprehensive audit cases, additional steps may be performed during the audit (i.e. provider credentialing). If inappropriate claims payments are identified, a MIC may determine the impact on the provider’s overall claims population (extrapolation).(11)


  • RACs- specifically Medicaid RACs, review post-payment claims for improper payments, overpayments and underpayments, consistent with state laws and regulations.(12) Health plans may have some latitude to determine their roles within the Medicaid RAC program since CMS has not yet specified how RACs apply to MCOs.


Defined by the Audit Process:


  • MICs- Following an audit, a report is drafted by the Audit MIC and submitted to the state Medicaid Integrity Group for review and assurance that presented issues are accurate. Once approved, the provider receives a copy of the draft report for review and response within 30 days. After the provider review period, the state has a second opportunity to review the draft report and any provider response prior to the report being finalized. Once finalized, the state adjudicates claims in accordance with the report findings. The provider can utilize the state’s appeals process to challenge adjudication activities.(13)


  • RACs – The process is state-defined and administered for Medicaid and CMS (as defined for Medicare).


Defined by the Documentation Response Time:


  • MICs – Modified from a term of 10 business days to produce records, plus five business days’ allowance for delivery. This extends to 30 business days in which to produce records with a MIC-authorized (and CMS-notified) 15-business-day extension if requested. After 45 days, CMS approval is required.


  • RACs – State-defined for Medicaid; Medicare RACs have a provider response period of 30 calendar days.(14)


Defined by Medical Record Payments:


MICs will not reimburse providers for the cost of copying medical records,(15) whereas RACs are required to pay for copying the inpatient (PPS) and long-term care hospital medical records.(16)


  • RACs Terms are state-defined for Medicaid RACs and CMS-defined for Medicare RACs.


Oversight and Support


Annual, comprehensive state site visits are conducted by the CMS Medicaid Integrity Group (MIG), with the review objectives being: (a) to determine compliance with federal program integrity laws and regulations; (b) to identify program vulnerabilities and effective practices; (c) to help states improve their overall program integrity efforts; and (d) to consider opportunities for future technical assistance. State reports can be found at https://www.cms.gov/FraudAbuseforProfs/PIR/list.asp?listpage=5.


CMS will provide oversight and support to all state Medicaid RAC programs, including validation of results and impact.



(11) Audit Medicaid Integrity Contractors (MIC) Statement of Work, Connects to FedBizOpps.gov website, click on SectionsBthruM.1.doc in right column “All Files”, Pages 70-71, J3 Audit Protocols Overview, Focused and Comprehensive Audits.

(12) Federal Register /Vol. 75, No. 217 /Wednesday, Nov. 10, 2010 / Proposed Rules, Page 69039.

(13) Open Door Forum Transcript- Medicaid Integrity Program – Nov. 3, 2010 [PDF, 181KB]

(14) https://www.cms.gov/Recovery-Audit-Program/01_Overview.asp#TopOfPage, Page 13, D.2. Updating the Case File

(15) https://questions.cms.hhs.gov/app/answers/list, Page 2.

(16) https://www.cms.gov/Recovery-Audit-Program/01_Overview.asp#TopOfPage, Page 12, D.1. Paying for Medical Records

About the Author


Vickie Axsom-Brown is president of Audits & Recovery Solutions. She is a 20-year managed care veteran with diverse experience in administering private, state and federal healthcare services. Her management experience includes time spent as the vice president of Region D RAC services (as the principal lead for CMS, claims processing contractors and HDI services) and as CEO/COO of multidisciplinary, multi-site adult and pediatric medical/surgical providers, including oncology/radiology services, laboratory services, ambulatory surgery centers, upright MRIs, PETs, and others.


Contact the Author




To comment on this article please go to editor@racmonitor.com


The Medicare Overpayment Collection Process: CMS Issues Fact Sheet to Clarify Key Points


Share This Article