Under the demonstration program operating in California, Florida and New York, RACs have been identifying potential payment errors in duplicate payments, fiscal intermediaries' mistakes, medical necessity and coding. During fiscal year 2006, the RACs collected $69 million in overpayments, and found $3 million in underpayments. In 2006, the Tax Relief and Health Care Act made the RAC program permanent, and authorized CMS to expand the program to all 50 states by 2010.

“Audits, whether RAC-inspired or other, add burden to the provider because they take time to research,” says John Halamka, M.D., CIO of Boston's Beth Israel Deaconess Medical Center and Harvard Medical School. “Another burden is being able to recall the specifics of a case to readily reconstruct the basis for admission, coding, or other decisions that are questioned by the auditor.” In the case of a RAC audit, the case may be more than a year old when it is questioned by the auditor.

Though the program won't be fully operational until 2010, CMS says that the RAC program as a demonstration project has recovered $1 billion in improper payments made since 2005, for a net gain of $693.6 million to the government.

The RAC program has been criticized by hospitals and members of Congress for being a “bounty hunter” initiative — and the RAC suspension is due to an appeal by contractors who say that the bidding process to become part of the program was unfair.

With so much controversy around the program, and so much money at stake, how can CIOs assure that they are doing all they can to help their hospitals in the RAC process, especially when many insist that the RAC audits are the CFO's responsibility?

“The CIO's role is to provide the data and the backup,” says Halamka, who has been through a RAC audit (Beth Israel is in Massachusetts, one of the states in the initial demo project). “I am the keeper of all the data for the organization — and that's where I'm involved.”

Rick Schooler, vice president and CIO of the seven-hospital Orlando Health network in Florida, agrees that the finance department is often perceived as the major player in an audit, but says that he thinks the CIO must be involved as well. “This deeply involves revenue cycle and HIM folks,” he says. “But if IT has not been applied appropriately throughout an organization's growth and development, it will surely show, along with an organization's compliance level with internal policy and regulations.”

Most say that CIOs should be involved in helping to create the policies and procedures for the hospital RAC team. “They need to work with their clinical and reimbursement staff,” Grundling says. “That way there can be procedures in place for notifying them of the request for the medical record, and determinations to monitor the remittances for reimbursements.” Grundling says maintaining the records of the RAC review request and all the subsequent documentation and communication is the CIO's principal role. “The CIO can really help put that in place in an efficient way,” he says. “Where I think the CIO can help make that process manageable is in how to submit the data.”

That means, agree most, that it is the role of IT to provide the data, decision support and business intelligence, and to assist the business users with providing the answers to the RAC process requests.

And though many still maintain the CFO is ultimately in charge of the RAC audit, Schooler says the CIO's role is essential for one simple fact — the CIO maintains the technologies that perform the registration, coding and billing.

But what about technology that actually assists in the RAC process? So far, not many hospitals have implemented solutions.

“For the organizations we talked to that were part of the demonstration project, I don't think they had automated yet because I don't think they knew what they were in for,” Grundling says.

Do we need new IT systems? asks Laurie Johnson, senior HIM consultant for Eden Prairie, Minn.-based Ingenix Consulting. “I think a lot of IT vendors are developing RAC tracking or reporting systems because the RAC is not a one-time review; it's going to be an ongoing process.” Hospitals that have gone through the demonstration period say that the standard Microsoft (Redmond, Wash.) Excel spreadsheet gets way too unwieldy when talking about thousands of records, Johnson says. “That's not the way to manage your RAC process.”

Halamka agrees that IT solutions will be able to help hospitals as the audits become a way of life. “We'll see the need for more sophisticated tracking systems to intake audit requests and track them through their life cycle,” he says. “Much of this is now done via spreadsheets.” Halamka says he believes electronic systems can improve the documentation needed to defend clinical and coding decisions related to audits. At Beth Israel, he installed software which allows case managers to ‘level’ all inpatients against a set of criteria from his McKesson (Alpharetta, Ga.) InterQual system. “The data collected interfaces to our 3M system, where it can be recalled in the event an audit occurs,” he says.

And there is another area where IT can help in the RAC process — the RAC appeal, where the results are challenged by the provider.

“The CIO may need to help out with technologies to support or defend the organization throughout the process,” Schooler says. Many say that defending an appeal, though not the norm today, will become standard operating procedure tomorrow, as the RACs become more entrenched.

“The hospitals are appealing and the numbers coming out of CMS show that the overturn rate is going higher,” Johnson says. “Hospitals are getting smarter, and work between states is helping facilities become prepared for an appeal.”

But does it always make sense to appeal? “First they have to look at the cost,” Grundling says. “Then they have to figure out what resources are required, and look at their own documentation and see how comfortable they are with their medical records chart.” He says hospitals will need to keep improving their process.

And for hospitals that have already gone through a RAC audit, lessons learned can help those states that will be next in line: “Look to the money,” Johnson says. “Keep an eye on where are you are receiving the most reimbursement because that's where the RACs will want to focus.” So, for example, a hospital that does a lot of cardiac cases should be look at its coding, billing and charging in that area.

In addition, a hospital's pain areas should be closely examined. “What kind of claims are being returned frequently?” Johnson asks. “And what kinds of claims are being returned for medical necessity?” Most agree that looking at data around the claim rejections that occur is a good place to focus. “We then can identify those situations and correct them before they go out the door,” she says.

Is there any silver lining for hospitals in the RAC program? If there is one, most agree the good news is the opportunity for the CIO to work even more closely with the HIM and finance departments. “What we're seeing is that data is really driving how facilities prepare for RACs,” Johnson says. “The CIOs own the data, but HIM are the experts in that data — and this is a way to marry that expertise.”

Grundling says that hospitals can learn to be more aggressive with documentation, medical records, and medical record coding. “But the coders can only code as best as the physicians document, and there's the ongoing problem of ‘they can only code what's been written,’” he says. One positive, he says, is that it's an opportunity for a hospital to improve its documentation, coding and data analysis.