Skip to Main Content

Insights

Thought Leadership

Publisher: Day Pitney Cybersecurity, Healthcare and Technology (C.H.A.T.) Newsletter
March 19, 2025

Medicaid and Medicare Audits: What Providers Need to Know

Share to LinkedIn PDF Download (opens in a new tab)

Background

For healthcare providers in Connecticut, Medicare and Medicaid audits are an ever-present reality. Federal and state agencies actively review provider claims to identify billing errors, fraud and noncompliance, and an audit notice should never be ignored or minimized. One of the most concerning audit techniques is extrapolation, where findings from a small sample of claims are projected over a larger universe of claims—turning minor issues into massive overpayment demands. An audit can result in recoupments, fines, or even exclusion from government programs in cases where fraud is detected. To help you stay prepared, here is what every provider should know about these audits.

Medicaid Audits in Connecticut: State Scrutiny

Connecticut's Medicaid program is overseen by the Department of Social Services (the Department). Medicaid audits often focus on billing accuracy, patient eligibility, medical necessity, and provider enrollment compliance. Given Connecticut's aggressive enforcement approach, providers should maintain meticulous records and ensure adherence to state-specific Medicaid rules.

The key steps in a Connecticut Medicaid audit include:

  • Audit Notification: Providers receive at least 30 days' written notice before an audit begins unless there is suspected fraud or an urgent health or safety concern. The notification will include details on the sampling and extrapolation methodology to be used.
  • Provider Response: Providers have at least 30 days to submit supporting documentation in connection with any missing records or other discrepancy discovered during the audit.
  • Preliminary Report: The Department issues a preliminary audit report within 60 days of completing its review. This report usually includes the Department's determination of an overpayment amount they demand be repaid by the providers. Providers can submit responses to the Department with additional information and documentation to refute the findings. As soon as the preliminary report arrives, providers will want to review the audit protocols  issued by the Department and the applicable regulations for their specific provider type, and they should review each claim and the patient records to assess whether the findings can be challenged. During this process, a provider may be able to demonstrate that the Department's findings were incorrect, request that technical paperwork mistakes be treated as nonfinancial findings used to educate the provider, or raise other arguments to negotiate reductions in the overpayment amount assessed. 
  • Exit Conference: An exit conference is scheduled between the provider and the Department, allowing providers a final chance to discuss the findings and their challenges thereto with the Department.
  • Final Report: A final audit report is issued within 60 days of the exit conference unless the process is extended due to ongoing investigations of fraud.
  • Appeals Process: Providers that disagree with audit findings may request a contested case hearing within 30 days of receiving the final report. A neutral hearing officer, unaffiliated with the auditing unit, oversees the process and issues a final decision within 90 days after the close of evidence or final briefs.

Medicare Audits: Federal Oversight in Action

Medicare audits are a key component of the federal government's efforts to ensure compliance, prevent fraud, and recover improper payments within the healthcare system. These audits can be conducted by various entities, including recovery audit contractors (RACs)2, Medicare administrative contractors,3 unified program integrity contractors,4 and the Office of the Inspector General5. Each auditor has a distinct role, ranging from identifying billing errors to investigating potential fraud and abuse. 

One of the most common types of Medicare audits are those by RACs, private entities contracted by the federal government to identify and correct improper payments for Medicare claims, including both overpayments and underpayments, on specific topics or types of claims.6 RACs use a combination of computer-automated and manual reviews to detect errors such as incorrect coding, medical necessity issues, and duplicate billing. 

If a provider is selected for an audit or identified as an outlier, they will receive written notice of the audit with a request for medical records and supporting documentation. Failing to respond in a timely manner can result in automatic claim denials, offset from future claims and financial penalties. 

Understanding Extrapolation: Small Errors Can Lead to Big Repayment Demands

Extrapolation is a tool commonly used in Medicare and Medicaid audits that can turn small mistakes into large overpayment demands. Auditors review a sample of claims, and if they find errors, they automatically assume the error occurred in all claims, and they apply the error rate from that sample to a much larger group of claims during the audit period. This means that issues found in just a few records can result in significant financial liability. However, providers can challenge the use of extrapolation by questioning whether the sampling and calculation methods were correct, disputing the individual errors in the sample, and using experts to contest flawed audit findings.

Best Practices for Audit Readiness

To avoid costly audit consequences, Connecticut providers should:

  • Take the Record Request or Audit Notice Seriously. Not only are there significant consequences for delayed responses, including penalties, but casual communications also can get providers in trouble. Rarely are the direct contacts from a regulator a simple overpayment situation. 
  • Maintain Comprehensive Documentation. Ensure medical records fully support billed services. Pay close attention to documentation details required by state regulations. In Connecticut, review the Department's audit protocols to understand the errors they typically find in audits.
  • Stay Current on Billing Rules. Regularly review Medicare and Connecticut Medicaid updates to billing requirements.
  • Conduct Internal Compliance Audits. Identify and correct potential issues before an external review.
  • Respond Promptly to Audit Notices. Failure to respond and comply with records requests can lead to penalties or overpayment demands. 
  • Seek Legal Guidance Early in the Process. It is important to engage experienced healthcare legal counsel as soon as an audit is initiated. An attorney plays an essential role in defending against audits and minimizing financial risks. The attorney helps manage responses to audit requests, analyzes billing regulations applicable to the claims, develops arguments to challenge statistical sampling and extrapolation methods, and disputes erroneous findings. Legal counsel also advocates for providers during negotiations and appeals, helping reduce or eliminate overpayment demands. Early involvement of an attorney can make a significant difference in protecting your practice and minimizing financial risk.

Conclusion

Medicare and Medicaid audits are complex but manageable with proper preparation. Healthcare providers should take proactive steps to ensure compliance and mitigate risk. Day Pitney's healthcare attorneys are well equipped to assist providers in defending billing audits. If you receive an audit notice or need guidance on compliance strategies before an audit, the Day Pitney healthcare law team is here to assist you.

1 Department of Social Services, Audit Protocols Overview, available at https://portal.ct.gov/dss/quality-assurance/audit-protocols?language=en_US; see also C.G.S. § 17b-99c.\

2 See Medicare Fee for Service Recovery Audit Program, available at https://www.cms.gov/data-research/monitoring-programs/medicare-fee-service-compliance-programs/medicare-fee-service-recovery-audit-program.

3 See What's a MAC?, available at https://www.cms.gov/medicare/coding-billing/medicare-administrative-contractors-macs/whats-mac.

4 See Results of UPICs' Benefit Integrity Activities, available at https://oig.hhs.gov/reports-and-publications/workplan/summary/wp-summary-0000485.asp#:~:text=The%20Unified%20Program%20Integrity%20Contractors,Strategic%20Plan.

5 See HHS-OIG Reports, available at https://oig.hhs.gov/reports/

6 See Medicare Claims Review Programs, available at https://www.cms.gov/outreach-and-education/medicare-learning-network-mln/mlnproducts/downloads/mcrp-booklet-text-only.pdf.

Related Practices and Industries

Authors

Phoebe A. Roth
Phoebe A. Roth
Senior Associate
Hartford, CT
| (860) 275-0145
proth@daypitney.com
Mindy S. Tompkins
Mindy S. Tompkins
Partner
Hartford, CT
| (860) 275-0139
mtompkins@daypitney.com

Explore Day Pitney's latest media mentions and speaking appearances.

View All In The Media

Press Contact

Elyse Blazey Gentile
Director of Communications
973.966.8092
|
egentile@daypitney.com
Cookie Preferences

EMAIL DISCLAIMER

Thank you for your interest in contacting us by email.

Your e-mail to this individual should not contain any confidential information and should be for general information purposes only. An attorney-client relationship will not be created by your e-mail to this individual. Information in your e-mail may not be entitled to any protections commonly associated with communications with attorneys. If you are in doubt about any information, please exclude it.

If you accept the terms of this notice and would like to send an email, click on the "I Agree" button below. Otherwise, please click "I Don't Agree".

I Agree I Don't Agree