Skip to Main Content
A Medicare audit letter in your mailbox can feel like the ground shifting beneath your practice. One moment you are running a clinic, serving patients, and building something real. The next, you are staring at a government document demanding records, repayments, or explanations you were not prepared to give.This guide is written for Texas healthcare providers who want to understand what Medicare audits actually look like, what the stakes are, and what a smart, strategic defense involves. Whether you have received your first audit notice or you have been through the process before and want to be better prepared, what follows will help you navigate one of the most consequential challenges a provider can face.Medicare audit defense is not a reactive exercise. It requires proactive compliance, documented clinical reasoning, and experienced legal support. The providers who come through audits intact are not necessarily the ones who billed correctly every time. They are the ones who understood the process and responded with precision. If you want experienced legal guidance tailored to your situation, the team at Dike Law Group is ready to help.

What Is a Medicare Audit and Why Should Texas Providers Pay Attention?

Medicare audits are formal reviews conducted by government contractors or federal agencies to assess whether a provider’s claims were submitted accurately and in compliance with Medicare coverage rules. They are not rare, and they are not limited to providers suspected of fraud.

In Texas, with one of the largest Medicare populations in the country, audit activity tends to be high. The Centers for Medicare and Medicaid Services (CMS) uses multiple audit programs, each with different triggers, timelines, and consequences. Many providers receive audits simply because their billing patterns differ statistically from peers, not because anyone believes they did anything wrong.

That said, the consequences of a poorly handled audit can be severe. Repayment demands, exclusion from federal programs, and even criminal referrals are all possible outcomes if a provider does not respond correctly. Understanding the landscape is step one.

Who Conducts Medicare Audits in Texas?

Several different entities have authority to audit Medicare claims in Texas:

  • Medicare Administrative Contractors (MACs): These are private companies contracted by CMS to process Medicare claims in specific geographic regions. For most Texas providers, the MAC is Novitas Solutions, which handles Part A and Part B claims.
  • Recovery Audit Contractors (RACs): RACs are paid on a contingency basis to identify improper payments. They are motivated to find overpayments, which creates a dynamic that providers should understand.
  • Unified Program Integrity Contractors (UPICs): UPICs conduct investigations into suspected fraud, waste, and abuse. A UPIC audit is a more serious matter than a routine RAC review.
  • Office of Inspector General (OIG): The OIG audits specific providers or program areas and may refer findings to the Department of Justice.
  • Zone Program Integrity Contractors (ZPICs): ZPICs were largely replaced by UPICs, but some legacy investigations from this structure may still be ongoing in Texas.

Knowing which entity is contacting you matters because each has different powers, timelines, and escalation paths. The type of investigation significantly shapes the appropriate legal response.

What Are the Different Types of Medicare Audits?

Not every Medicare audit is the same, and conflating them leads to mistakes. Here is a breakdown of the most common audit types Texas providers encounter:

Audit TypeConducted ByPrimary FocusRisk Level
Automated Review (AR)MACClaims that fail automated edits, no medical records neededLow to Moderate
Complex ReviewMAC / RACMedical record review for specific claimsModerate
RAC AuditRecovery Audit ContractorIdentifying overpayments in past claimsModerate to High
UPIC InvestigationUnified Program Integrity ContractorFraud, waste, and abuse patternsHigh
OIG AuditOffice of Inspector GeneralProgram-level compliance or specific provider reviewHigh to Very High
Prepayment ReviewMAC / UPICClaims held before payment pending documentationModerate to High

Prepayment reviews are particularly disruptive because they freeze incoming revenue while the review is pending. For small practices and solo physicians, this can create a cash flow crisis almost immediately. The right compliance attorney can help you respond quickly and protect your practice’s financial stability.

What Triggers a Medicare Audit in Texas?

Audits are not random. Most are triggered by specific data patterns or complaints. Understanding what draws attention is foundational to both audit defense and long-term compliance.

Common Audit Triggers for Texas Providers

  • High billing frequency for specific CPT codes: If your practice bills certain codes at a significantly higher rate than peers in your specialty or region, automated systems flag the pattern.
  • Upcoding patterns: Consistently billing higher-complexity codes without documentation to support the level of service is one of the most common triggers.
  • High utilization of certain services: Certain services, including home health orders, DME prescriptions, and specific diagnostic tests, are known high-audit areas.
  • Unusual beneficiary patterns: Billing for services to patients who are deceased, hospitalized elsewhere, or geographically far from your clinic raises red flags.
  • Whistleblower complaints: Former employees, disgruntled staff, or competitors can file complaints under the False Claims Act, triggering an investigation.
  • Referral pattern anomalies: Unusual referral relationships may raise Stark Law or Anti-Kickback Statute concerns.
  • OIG Work Plan targets: The OIG publishes an annual work plan identifying areas of focus. Providers in targeted specialties are at elevated audit risk.
  • Telemedicine billing: With the expansion of telehealth services, CMS has increased scrutiny on telemedicine claims, especially those billed during and after the COVID-19 public health emergency.

“The providers who get audited are not always the ones who did something wrong. They are often the ones who billed accurately but documented poorly.” — A common observation among healthcare compliance professionals.

What Happens During a Medicare Audit? A Step-by-Step Overview

Understanding the audit timeline helps you respond strategically rather than reactively. Here is how the process typically unfolds:

Step 1: The Initial Request for Records

Most audits begin with a written request for medical records related to specific claims. The letter will identify claim numbers, dates of service, and the documentation needed. You usually have 45 days to respond to a MAC request, though timelines vary by audit type.

This initial stage is more important than most providers realize. What you submit, and what you do not submit, shapes the entire audit outcome. Submitting disorganized or incomplete records can turn a minor review into a significant repayment demand.

Step 2: Documentation Review and Initial Determination

The auditor reviews submitted records against Medicare coverage criteria. This includes checking whether:

  • The service was medically necessary
  • Documentation supports the billed code
  • The provider who performed the service was eligible to bill Medicare
  • All required elements of the note are present
  • Any applicable signature requirements are met

If the auditor identifies deficiencies, they issue a determination letter. This may result in a full or partial denial of the reviewed claims.

Step 3: Extrapolation and Repayment Demand

This is where audits become genuinely high-stakes. When a RAC or UPIC finds a sufficient error rate in a sample of claims, they may extrapolate that error rate across all claims submitted during a defined period. A 20% error rate on 50 reviewed claims can become a repayment demand extrapolated across thousands of claims.

Extrapolation is one of the most powerful and controversial tools in Medicare auditing. Successfully challenging an extrapolation methodology can reduce a repayment demand by hundreds of thousands of dollars. This is a technical legal and statistical argument that requires experienced representation. A knowledgeable Medicare defense attorney can challenge flawed extrapolation models effectively.

Step 4: The Appeals Process

Texas providers have the right to appeal adverse audit determinations. The Medicare appeals process has five levels:

  1. Redetermination by the MAC (must be filed within 120 days)
  2. Reconsideration by a Qualified Independent Contractor (QIC) (180 days)
  3. Administrative Law Judge (ALJ) Hearing before the Office of Medicare Hearings and Appeals (OMHA) (60 days)
  4. Medicare Appeals Council Review (60 days)
  5. Federal District Court Review (60 days, minimum claim threshold applies)

The statistical reversal rate at the ALJ level has historically been significant, particularly for providers with well-prepared appeal submissions. However, OMHA backlogs can create multi-year delays. Early, thorough preparation at the Redetermination stage often prevents cases from needing to go further.

What Are the Potential Consequences of a Failed Medicare Audit?

Providers sometimes underestimate what is at stake until they are already deep in the process. The consequences of an undefended or poorly defended audit can include:

Financial Consequences

  • Repayment of identified overpayments, often with interest
  • Extrapolated repayment demands that can reach millions of dollars
  • Civil monetary penalties under the False Claims Act
  • Suspension of Medicare payments during investigation

Professional and Licensing Consequences

  • Exclusion from Medicare and Medicaid programs
  • Referral to the Texas Medical Board for licensing action
  • Damage to hospital privileges or payer contracts
  • Professional reputation harm

Licensing matters arising from audit findings are a distinct legal challenge. Providers facing board referrals need dedicated licensing defense counsel alongside their Medicare audit defense.

Criminal Consequences

While most Medicare audits are administrative in nature, serious or repeated billing irregularities can result in criminal referrals. Healthcare fraud carries significant federal penalties, including imprisonment and permanent exclusion from federal healthcare programs. The Department of Justice has intensified its healthcare fraud enforcement, and Texas is an active enforcement state.

How Should You Respond to a Medicare Audit Notice?

The way you respond in the first days after receiving an audit notice can determine the trajectory of the entire process. Here is what experienced providers and their legal teams do:

Do Not Ignore the Notice

This sounds obvious, but audit notices sometimes get lost in administrative workflows, especially in busy practices. Missing a response deadline can result in automatic claim denials or waiver of appeal rights. Every audit notice requires an immediate, documented acknowledgment.

Gather and Review the Requested Records Immediately

Pull every record related to the identified claims before you submit anything. Review them against Medicare coverage criteria for the relevant service. Identify any documentation gaps or deficiencies and assess their severity before the auditor does.

Do Not Alter, Backdate, or Add to Existing Records

This cannot be stated strongly enough. Any alteration of medical records in response to an audit is potentially criminal. Late entries added to the medical record after an audit notice can be identified through metadata and audit logs. Addendums are permissible under specific circumstances, but only when handled correctly and transparently. Get legal advice before adding anything to a record under audit review.

Engage Legal Counsel Before Submitting Documentation

Many providers make the mistake of responding to audits on their own, treating it as a billing or administrative function. Audit responses are legal submissions that can be used in subsequent proceedings. Having experienced healthcare compliance counsel review your response before submission is not an overreaction. It is basic risk management.

Assess Whether Voluntary Refund Makes Sense

In some situations, voluntarily refunding identified overpayments before they become formal audit findings can reduce exposure. This decision requires careful analysis. A voluntary refund can sometimes prevent escalation, but it can also trigger further inquiry if not handled correctly. This is a judgment call that your legal counsel should be part of.

What Does Effective Medicare Audit Defense Look Like?

Audit defense is not about hiding problems. It is about ensuring that the process is fair, the methodology is sound, and your clinical judgment is accurately represented. Here is what a well-constructed defense typically involves:

Clinical Documentation Analysis

Your attorney and any engaged clinical consultants should review every record at issue and evaluate it against the specific Medicare coverage criteria for each service billed. This analysis should identify:

  • Claims that are well-documented and defensible
  • Claims where documentation gaps exist but clinical necessity was real
  • Claims where both documentation and necessity are questionable

Stratifying claims this way allows for a targeted, credible defense rather than a blanket denial of all findings.

Challenging the Audit Methodology

Particularly in RAC and UPIC audits, the statistical sampling and extrapolation methodology is subject to challenge. Auditors must follow specific CMS guidelines for sampling. Deviations from those guidelines, insufficient sample sizes, or inappropriate stratification of claims can invalidate or substantially reduce extrapolated repayment demands.

This is a technically complex area that requires both legal knowledge and statistical analysis. The investment in challenging a flawed methodology can return multiples in reduced repayment demands.

Preparing a Comprehensive Appeal Submission

A strong appeal submission at the Redetermination stage includes:

  • A clear, organized cover letter explaining the basis for appeal
  • Annotated medical records with specific references to Medicare coverage criteria
  • Supporting clinical literature if medical necessity is disputed
  • Expert clinical declarations where appropriate
  • A rebuttal to the auditor’s specific findings, claim by claim

Generic appeal submissions that simply resubmit records without argument rarely succeed. Effective appeals tell a story and make a legal and clinical argument.

Engaging in Compliance Remediation Simultaneously

Demonstrating that you have identified the root cause of any billing issues and implemented corrective measures significantly strengthens your position at every appeal level. A proactive compliance program signals good faith and reduces the likelihood of extrapolation or criminal referral. It is also a mitigating factor if civil penalties are ever on the table.

How Does Medicare Audit Defense Differ for Different Provider Types?

The fundamentals of audit defense are consistent, but the specific issues vary significantly by provider type. Here are a few examples relevant to Texas providers:

Medical Spa and Aesthetic Providers

Medical spas billing Medicare-covered services face heightened scrutiny around medical necessity and provider qualification. Medical spa operations in Texas involve complex regulatory overlaps between cosmetic and medically necessary services. Auditors look carefully at whether services billed as medical were genuinely supervised by qualified practitioners.

Telemedicine Providers

Telehealth billing has been one of the most heavily audited areas since the COVID-19 public health emergency. Texas telemedicine providers face questions about originating site requirements, appropriate use of telehealth codes, and documentation of patient consent. Providers who rapidly expanded telehealth services during the pandemic may now find themselves under review for claims that did not comply with pre- or post-emergency rules.

Home Health and IV Therapy Providers

Home health and IV infusion services are perennially high-audit areas. IV therapy providers in Texas must have meticulous documentation of medical necessity, physician orders, and service delivery records. Face-to-face encounter requirements for home health certifications are a common audit focus.

Mental and Behavioral Health Providers

Behavioral health billing has come under increasing scrutiny, particularly for high-frequency psychotherapy codes and group therapy billing. Behavioral health businesses in Texas need to ensure that clinical documentation reflects the complexity and duration of services billed.

What Are the Most Common Medicare Audit Defense Mistakes?

Understanding what not to do is just as important as knowing the right strategy. The most common mistakes providers make during Medicare audits include:

  • Responding without legal counsel: Treating an audit as an administrative task rather than a legal matter leads to incomplete and strategically weak submissions.
  • Submitting disorganized records: Auditors who cannot find the documentation they need will often simply deny the claim. Organization and presentation matter.
  • Missing appeal deadlines: Each level of the appeals process has strict deadlines. Missing them can forfeit your right to appeal entirely.
  • Accepting extrapolated demands without challenge: Many providers pay extrapolated demands without realizing the methodology can be challenged and the demand significantly reduced.
  • Not addressing the root cause: Winning an appeal does not solve the underlying compliance issue. Providers who do not implement corrective action often face repeat audits.
  • Communicating directly with investigators without counsel: Any statement you make to a UPIC or OIG investigator can be used against you. Always have legal representation present.

How Can Proactive Compliance Reduce Audit Risk?

The best Medicare audit defense strategy is one you implement before you ever receive an audit notice. A well-structured compliance program does several things simultaneously:

  • Identifies billing errors before they become audit targets
  • Creates a documented record of good-faith compliance efforts
  • Trains staff on documentation requirements and Medicare coverage rules
  • Establishes internal review processes that catch issues early
  • Demonstrates to auditors and investigators that problems were systemic, not intentional

The OIG’s compliance guidance documents provide a strong framework for building a compliance program in various healthcare settings. Working with a healthcare attorney to adapt those frameworks to your specific practice type and Texas regulatory environment creates a genuinely protective compliance structure.

Proactive compliance counseling is a core service at Dike Law Group, and it represents far less cost and disruption than defending a major audit after the fact.

What Should You Know About the False Claims Act in the Context of Medicare Audits?

The False Claims Act (FCA) is a federal statute that imposes liability on anyone who knowingly submits a false claim to the government. In the Medicare context, this includes submitting claims for services not rendered, billing for higher-complexity services than were provided, or certifying medical necessity when it was not documented.

The FCA matters in the audit context for several reasons:

  • A Medicare audit that uncovers patterns of false billing can result in an FCA referral
  • Third parties, including employees and competitors, can file FCA cases on behalf of the government (qui tam relators) and share in any recovery
  • Civil FCA penalties are significant: treble damages plus per-claim penalties that can reach thousands of dollars per claim
  • FCA investigations can proceed simultaneously with criminal investigations

Understanding where an audit might cross into FCA territory is something your legal counsel should assess from the beginning. Not every audit carries FCA risk, but knowing which ones do changes the defensive posture significantly.

Quick Reference: Texas Medicare Audit Defense Checklist

Use this checklist as a starting point when you receive an audit notice:

  • Identify the type of audit and the entity conducting it
  • Note all deadlines referenced in the notice
  • Contact a healthcare attorney immediately
  • Gather all records related to the identified claims
  • Do not alter, supplement, or destroy any records
  • Review the records against Medicare coverage criteria
  • Assess whether voluntary refund of any claims is strategically appropriate
  • Prepare a strategic, organized, and well-argued response
  • Identify root cause compliance issues and begin remediation
  • Document all communications with auditors
  • Calendar all appeal deadlines before submitting your initial response

Frequently Asked Questions About Texas Medicare Audit Defense

How long does a Medicare audit take in Texas?

The timeline varies considerably depending on the audit type and whether appeals are filed. A routine MAC review can resolve within a few months. An appeal that proceeds through multiple levels can take several years, particularly given OMHA backlogs at the ALJ stage. Prepayment reviews may suspend payments for weeks or months during the review period.

Can I appeal a Medicare overpayment demand?

Yes. Texas providers have a five-level administrative appeals process available to them. Each level has specific filing deadlines, beginning with Redetermination by the MAC, which must be filed within 120 days of the initial determination. Missing these deadlines can waive your appeal rights, so early engagement with legal counsel is important. You can learn more about the Medicare appeals process on the CMS website.

What is the difference between a RAC audit and a UPIC audit?

A RAC audit is conducted by a Recovery Audit Contractor focused on identifying overpayments in historical claims. RACs are paid on contingency, which incentivizes them to find errors. A UPIC audit involves a Unified Program Integrity Contractor investigating potential fraud, waste, and abuse. UPIC audits are more serious and can result in payment suspension and referrals to law enforcement, which RAC audits typically do not.

Do I need a lawyer for a Medicare audit or can my billing company handle it?

Your billing company can assist with gathering records, but they are not qualified to provide legal advice or make strategic legal decisions about audit responses and appeals. Audit submissions are legal documents. The decisions you make during the audit process, including what to submit, what to say, and when to appeal, have legal consequences. Experienced healthcare legal counsel should lead the process, with your billing team in a supporting role.

What happens if I ignore a Medicare audit notice?

Ignoring an audit notice is one of the worst responses a provider can choose. Depending on the audit type, ignoring the notice can result in automatic claim denials, loss of appeal rights, payment suspension, and in serious cases, referral for fraud investigation. All audit notices require a timely, substantive response. Contact a healthcare attorney as soon as you receive any audit communication.

Can a Medicare audit lead to losing my medical license in Texas?

Yes, it can. If an audit reveals billing patterns that constitute fraud or gross negligence, the matter may be referred to the Texas Medical Board. Board investigations can result in license suspension, revocation, or other disciplinary action. This is why providers facing serious audits should have both Medicare defense counsel and licensing defense counsel involved from the outset.

How does extrapolation work in a Medicare audit, and can it be challenged?

Extrapolation is a statistical method auditors use to project the error rate found in a sample of claims across a larger universe of claims. For example, if auditors find errors in 30% of 100 sampled claims, they may apply that 30% error rate to 10,000 total claims, resulting in a repayment demand based on 3,000 estimated improper claims. This methodology can be challenged if the sample was not drawn properly, if the sample size was insufficient, or if the auditor failed to follow CMS statistical guidelines. Successfully challenging extrapolation can dramatically reduce repayment demands.

Is there a statute of limitations on Medicare overpayment recovery?

Generally, Medicare has a six-year lookback period for identifying and recovering overpayments under the Medicare statute. However, in cases involving fraud, a longer lookback period may apply under the False Claims Act. Providers should also be aware of the 60-day repayment rule, which requires returning identified overpayments within 60 days of identification or the deadline for a corresponding cost report, whichever comes later.

What is the 60-day overpayment rule and how does it affect my practice?

Under the Affordable Care Act, once a provider identifies or should have identified an overpayment, they have 60 days to report and return it. Failure to return a known overpayment within 60 days can itself constitute a False Claims Act violation. This rule underscores the importance of internal compliance programs that identify and address billing issues proactively, before government auditors do.

What should I do if a UPIC suspends my Medicare payments?

A payment suspension by a UPIC is a serious escalation. You have the right to submit a rebuttal within 30 days of the suspension notice, and legal counsel should prepare that rebuttal immediately. Payment suspensions can be financially devastating for a practice, so speed matters. Simultaneously, your attorney should assess whether the suspension signals a criminal investigation is underway and take protective measures accordingly. Experienced healthcare investigations counsel can help you respond appropriately to UPIC payment suspensions.

Ready to Defend Your Practice? Here Is Your Next Step.

A Medicare audit is not a situation to navigate alone, and it is not one where a general business attorney is equipped to help. The stakes are too high and the process too specialized. Whether you have received your first audit notice or you are already in the middle of a complex investigation, working with a law firm that focuses exclusively on healthcare law gives you a structural advantage.

At Dike Law Group PLLC, we represent Texas healthcare providers across the full spectrum of Medicare audit and compliance matters, from initial record requests through multi-level appeals, payment suspension challenges, and parallel licensing defense. Healthcare law is not one part of what we do. It is all we do.

Our team understands the clinical, regulatory, and legal dimensions of Medicare audit defense because we work in this space every day. We know what CMS contractors look for, how to challenge flawed audit methodologies, and how to build the strongest possible defense for your practice.

If you are a Texas healthcare provider dealing with a Medicare audit or want to build the compliance infrastructure to reduce your audit risk, we are ready to help. Contact Dike Law Group today to schedule a consultation and speak directly with an attorney who understands your situation.

You can also visit us at our office: 6160 Warren Parkway, Ste. #100, Frisco, TX 75034. Call us at (972) 290-1031 or find us on Google Maps.

Disclaimer: This article is intended for general educational purposes only and does not constitute legal advice. For guidance specific to your situation, please consult a qualified healthcare attorney. Medicare regulations and audit procedures change frequently. The information provided here reflects general principles and should not be relied upon as current legal guidance for any specific audit, investigation, or billing matter.

 

author avatar
Doris Dike Founder & Healtcare Attorney
Doris Dike, Esq., founder of Dike Law Group. Dike Law Group specializes in legal services for the healthcare industry, with a focus on MedSpa compliance, MSO structures, and regulatory matters for medical practices. Key search terms highlight their expertise in telehealth, IV hydration clinics, and medical contract review for entrepreneurs.