Schedule a Demo
Client Portal

Safeguard Your EHR Against a RAC Review

  • by StreamlineMD

What’s a RAC Audit?

Recovery Audit Contractors (RAC) are increasingly requesting medical documents from vein clinic phlebology providers.  The RAC audit team is made up of contractors that are paid based on how much money they ‘save’ Medicare and their sole purpose is to recover improper payments made to providers.  RAC auditors are unfamiliar with the complexities of varicose veins. Yet, they’re permitted to review post-payment claims for up to three years, while being unyielding in their interpretation of Local Coverage Determination (LCD) regulations.

When the RAC team evaluates your data, they use a checklist based on the LCDs issued by the Medicare Administrators. Documentation and compliance with your LCD are key for reimbursement.  Inadequate notes will fail review if the documentation does not adhere to the pre-determined requirements set forth by your LCD. 

Protect Yourself:

To help safeguard your EHR against a RAC review, below are some of the issues that a RAC auditor may look for during a chart examination.

  1. Conservative Therapy – You must order conservative therapy.  The patient must complete/attempt it, and you must evaluate its failure or success in the chart.  Prior treatment(s) should not be a bar to prescribing conservative therapy. If the treatment is over a year old, it must be repeated and documented.  Some audits have failed a chart review simply due to a lack of documentation for conservative treatment.
  2. Activities of Daily Living (ADL) – Each LCD requires that the condition significantly affect the patient’s ADL. The impact on ADLs fluctuates between LCD guidelines and determines the necessity for detailed documentation.  Show this by using specific wording based on each individuals presenting problem to satisfy scrutiny by the RAC team.  I.e.  “I’m unable to sleep at night due to pain and swelling from my varicose veins.”
  3. Vein Size and Filling Index —Include actual measures of vein size and filling index. Modify the statement “well over 5 seconds” with “venous filling index“. Take several GSV and SSV values. If performing CPT 93970 (bilateral diagnostic ultrasound), include the femoral vein information in the interpretation report.  Keep in mind diagnostic ultrasounds require a final and independent interpretation. It’s not enough to simply sign the RVT’s worksheet.
  4. LCD Elements – Take time to properly read the LCD for your location. Certain requirements need VCSS, whereas others require a BMI measurement and other equivalent criteria.

Additional area subject to scrutiny are identified below:

  • Billing minor procedures with an E/M when the E/M is not significantly separately identifiable.
  • Payments for services that were not medically necessary.
  • Overutilization of level 4/5 office visits or Level 3 inpatient visits.
  • Un-bundling services inappropriately with modifier 25 or 59.
  • Inaccurate ICD-10-CM coding.
  • Use of outdated fee schedules.
  • Duplicate claims. 

Essential steps to take once you receive a RAC letter:

  • Assign a RAC Coordinator within your practice team. Determine who will be the responsible person to receive and respond.
  • Fully comply with additional documentation requests from RAC. Failure to send this documentation in the time allotted will result in an automatic denial of the claim.
  • If you receive a “take back” letter, respond, or appeal the decision within 120 days.
  • Develop a post-audit practical plan to determine where future vulnerabilities may lie.
  • You have the right to dispute a RAC determination of improper payment. If appropriate, you may consider this option as CMS did not always agree with the RAC determinations during the demonstration project.

Steps to take during the audit:

  • Comply by the deadline. If the payer requests medical records, you must submit the requested information within the given deadline (usually 30-45 days).
  • Send copies (not originals) of the records and keep copies in your files. Know what the payer is asking for and send all supporting documentation to support the billed services. If sending via the U.S. Postal Service, send by certified mail. Some payers now have portals in which you can submit documentation electronically.
  • Carefully follow the instructions in the notice. If you have questions, contact the payer. There is always a contact person and phone number in the request.
  • Notify your healthcare attorney if the payer is asking for a large number of medical records. It is not necessary to notify your attorney for every audit, but legal advice will be beneficial if a consultant determines that there might be problem areas.

Proactive steps to take after the audit:

  • Ensure your documentation is complete and supports medical necessity for all billed services. Remember that, just because you document a higher-level visit, the patient may not need that level of care for billing purposes.
  • Hire an outside consultant to compare personal utilization against peer outliers and national benchmarks. Based on those findings, a consultant can perform ongoing chart reviews to proactively monitor claims for E/M utilization, medical necessity, the correctness of service units, etc. Providers who submit claims to payers are subject to external audits. Statistical evidence indicates that physicians selected for audit are targeted based on data that varies from their peers, such as a significant variation in utilization of specific codes compared with others of the same specialty.
  • Be mindful of over-utilization of level 4 (99204/99214) or level 5 (99205/99215) E/M service.
  • Based on identified issues, complete education for the entire practice by developing different levels of education to accommodate staff needs.

Conclusion:

  • Take proactive steps to assess your risk of being subject to an audit or review. Implement resources to analyze your historical claims or external audits to develop an audit plan. If needed, enlist regulatory, operational, and technological expertise to create an impact analysis.
  • Remember, audits are part of a systematic and concurrent operating process that ensures compliance with payer criteria, documentation, and billing requirements.
  • The question is not if you will have an audit, but when?

 

Candice Chandler, CPC, CEMC

StreamlineMD – Coding Manager

cchandler@streamlinemd.com

 

Disclaimer: Documentation compliance is the responsibility of the provider. This summary is intended only to serve as a resource to assist in the billing process.

 

References:

Share the Post:

Related Posts

Become a Great Radiology & Interventional Radiology Boss: A Simple (But Not Always Easy) Guide (Part 2)

In every thriving company, there’s usually a great boss behind the scenes; someone who leads with purpose, manages with clarity, and creates a workplace where accountability and engagement go hand-in-hand. In the fast-paced world of Radiology & Interventional Radiology practices, that often means building and leading multidisciplinary teams of physicians, APPs, nurses, technologists, and administrators towards a shared goal of sustainable, compliant, and compassionate patient care.

Read More

Notice

Cyber Incident Update – 9/26/25 at 7:00 pm EST:

We are pleased to share that our team is now gaining access to the system environment and actively conducting testing. This is an important step toward full restoration of services.

We again want to reassure you that there is no evidence of any compromise of Protected Health Information (PHI) or damage to our systems.

Our teams will continue to work throughout the evening and into the weekend to validate all aspects of the system before bringing it back online.

Thank you for your continued patience, support, and trust as we move forward with restoration in a safe and controlled manner.

We will provide another update at 10:00 am EST on Saturday, September 27, 2025.

Cyber Incident Update – 9/26/25 at 3:00 pm EST:

We continue to make steady progress in our restoration efforts. At this time, 95% of servers have been cleared; however, they remain behind protective firewalls as we work closely with our team of experts toward full restoration.

The StreamlineMD systems will remain unavailable for the rest of today, Friday, September 26, 2025. Our teams will begin comprehensive testing of all aspects of the system as soon as possible, likely this evening and over the weekend.

Importantly, there is no evidence of any compromise of Protected Health Information (PHI) or damage to our systems.

We truly appreciate your support and understanding during this process. You are important to us, and we remain committed to restoring services safely and securely.

We will provide another update at 6:00 pm EST.

Cyber Incident Update – 9/26/25 at 2:00 pm EST:

We continue to work diligently this afternoon with our cybersecurity team and are making steady progress.   

We anticipate the StreamlineMD systems will remain inaccessible for the remainder of today, Friday, September 26, 2025.  

We will provide another update at 6:00 pm EST.

We appreciate your continued patience and understanding as we work to restore services in a secure and controlled manner.

Cyber Incident Update – 9/26/25 at 11:00 am EST:

We continue to work throughout the day with our cybersecurity team and continue to make progress.  

We anticipate the StreamlineMD systems will not be accessible before 3:00 pm EST on Friday, September 26, 2025

We will provide another update at 2:00 pm EST.

We appreciate your continued patience and understanding as we work to restore services in a secure and controlled manner.

Cyber Incident Update – 9/26/25 at 09:00 am EST:

We continue to work this morning with our cybersecurity team and continue to make progress.   

We still don’t anticipate StreamlineMD systems to be fully operational before 12:00 pm EST on Friday, September 26, 2025.  

We will provide another update at 12:00 pm EST.

We appreciate your continued patience and understanding as we work to restore services in a secure and controlled manner.

Cyber Incident Update – 9/26/25 at 07:00 am EST:

We have continued to work through the night with our cybersecurity team and continue to make progress.  

We will continue restoring servers to service and testing internally. 

We still don’t anticipate StreamlineMD systems to be fully operational before 12:00 pm EST on Friday, September 26, 2025. 

We will provide another update at 9:00 am EST.

We appreciate your continued patience and understanding as we work to restore services in a secure and controlled manner.

Cyber Incident Update – 9/25/25 at 11:00 pm EST:

So far, we are making great progress, and our systems are internally coming back online. At this time, there is no evidence of system damage or PHI compromise.

Throughout the night, we will continue restoring servers to service and testing internally.

We don’t anticipate StreamlineMD systems to be fully operational before 12:00 pm EST on Friday, September 26, 2025.

We will provide another update on Friday, September 26, at 6:00 am EST


Cyber Incident Update –9/25/25 at 7:00 pm EST:

We are currently in the process of restoring our servers and anticipate determining a timeline for resuming full operations by 10:00 PM EST this evening, September 25, 2025.

Our team continues to work diligently and in close coordination with our security partners in response to the cybersecurity incident that occurred during the overnight hours of September 24, 2025. As a precaution, our systems remain offline to prevent any potential data compromise. We continue to follow our established cybersecurity protocols to ensure the protection and integrity of your data.

We will provide our next update by 10:00 PM EST today.

We appreciate your continued patience and understanding as we work to bring our systems back online safely.

Incident Update – 9/25/25 at 12:00 pm EST:

StreamlineMD is currently working closely with our security team to address a cybersecurity incident that occurred during the overnight hours of September 24, 2025. As a precautionary measure, we proactively shut down our systems to prevent any potential data compromise.

Our team is actively following established cybersecurity protocols to ensure the continued protection of your data. At this time, the software will remain inaccessible for the remainder of the day, September 25, 2025.

We understand the impact this may have on your operations and sincerely appreciate your patience and understanding. We are committed to providing updates as frequently as possible and will keep you informed of our progress.

StreamlineMD is experiencing a cyber incident

Our security software detected malicious behavior and our team of internal and external experts are working to resolve the issue. The security team has made it clear that we need to shut down our services altogether, pending a more detailed analysis.