Insurance Audit and OMIG Audit Defense Attorneys

Published April 28, 2026 Author: Alyssa A. Friedman. Chair of the Healthcare Fraud & Regulatory Defense Practice at Abrams Fensterman, LLP

Abrams Fensterman, LLP represents physicians, medical groups, and healthcare facilities across New York when insurance carriers, Medicare, or Medicaid auditors demand medical records or issue repayment demands.

There is no such thing as a routine audit. Every physician and every practice has its own unique attributes. We analyze and prepare each case based on its own facts, and we begin every engagement by evaluating not just the audit itself, but every layer of regulatory exposure it may carry.

What Is a Healthcare Insurance Audit?

A healthcare insurance audit is a formal review by an insurer or government program to verify that billed services were medically necessary, properly documented, and correctly coded.

When a carrier identifies a billing concern, it typically begins by requesting medical records. If an overpayment is found, a repayment demand or recoupment order follows. Audits may involve:

• Private insurance carriers
• Medicare, through federal audit contractors
• Medicaid, through New York State oversight programs

Audits may be conducted before or after payment has been made. Many use statistical sampling and extrapolation, which can project a small documentation error across thousands of claims and produce a repayment demand far greater than the underlying issue would suggest.

Types of Insurance Audit Demands Physicians Receive

Healthcare providers in New York face demands from multiple programs and agencies. The type of demand received determines the procedural rules, timelines, appeal rights, and defense strategy that apply.

• Recovery Audit Contractors (RAC), post-payment Medicare reviews targeting improper payments
• Medicare Administrative Contractors (MAC), pre-payment and post-payment Medicare claim reviews
• Unified Program Integrity Contractors (UPIC), or National Government Services (NGS), which is responsible for conducting investigations, requesting records, and coordinating fraud enforcement actions on behalf of federal healthcare programs.
• Zone Program Integrity Contractors (ZPIC), Medicare fraud and abuse investigations
• Office of the Medicaid Inspector General (OMIG), New York State Medicaid audits and investigations
• Office of Inspector General (OIG), federal oversight with civil and criminal enforcement authority
• Private carrier audits, commercial insurer reviews for participating and non-participating providers
• Data-collection demands, requests represented as informational only but requiring legal review before any response

Our first step in every engagement is to identify exactly what kind of demand the client has received and what is truly at stake, before any response is made to the carrier.

ZPIC vs. UPIC: Understanding Program Integrity Audits

Zone Program Integrity Contractors (ZPICs) were historically responsible for investigating Medicare fraud, waste, and abuse. Today, those functions have largely transitioned to Unified Program Integrity Contractors (UPICs), which now handle program integrity audits across both Medicare and Medicaid.

For healthcare providers in the Northeast, this typically involves National Government Services (NGS), the UPIC responsible for conducting investigations, requesting records, and coordinating fraud enforcement actions on behalf of federal healthcare programs.

UPIC audits carry significant risk. These investigations often go beyond documentation review and may involve allegations of improper billing, overpayments, or fraudulent conduct. In many cases, a UPIC audit can lead to repayment demands, referral to the Office of Inspector General, or escalation into civil or criminal proceedings.

Understanding whether an audit involves a UPIC and responding strategically from the outset, is critical to protecting both financial and professional exposure.

Who Conducts RAC Audits in New York?

Performant Recovery, Inc. is the designated Recovery Audit Contractor for both New York State Medicaid and Medicare Region 1.

Providers in New York are currently subject to Performant audits across two separate programs:

• New York Medicaid RAC: The Office of the Medicaid Inspector General (OMIG) officially engaged Performant as New York’s exclusive Medicaid RAC on April 7, 2025, replacing the prior vendor Health Management Systems (HMS). Performant identifies and collects Medicaid overpayments and underpayments using data mining and automated review tactics.
• Medicare RAC Region 1: For Medicare Fee-for-Service claims, New York is part of Region 1. The Centers for Medicare and Medicaid Services awarded Performant an 8.5-year contract for Region 1 on March 26, 2021. Performant conducts post-payment reviews of Medicare Part A and Part B claims.

Providers can manage audit reports and documentation for both programs through the Performant Provider Portal, hosted on the OMIG website. Knowing who is conducting the audit, what authority they operate under, and what methods they use is essential context before any response is made.

What Is a Data-Collection Audit Demand?

A data-collection audit demand is a request for medical records that a carrier represents as being issued for informational purposes only, with no immediate repayment obligation stated.

These demands require legal evaluation before any response is made. The stated purpose of a data-collection demand does not always reflect the carrier’s actual intent. Responding without legal guidance can inadvertently expose a provider to liability that would not otherwise exist.

Abrams Fensterman evaluates every demand, including those framed as data collection, before advising a client on whether and how to respond.

Can an Insurance Audit Trigger an OPMC Investigation?

Yes. An insurance audit can trigger an OPMC investigation.

The Office of Professional Medical Conduct is the New York State agency that investigates physician misconduct. OPMC has the authority to discipline, suspend, or revoke a physician’s medical license.

When an audit reveals a pattern of billing irregularities, and the carrier or government program concludes the issue goes beyond a documentation error, a referral to OPMC or to law enforcement may follow. A Performant RAC audit, an OMIG investigation, or a private carrier review can each become the basis for an OPMC proceeding.

Because an insurance audit and an OPMC proceeding can run at the same time, representation must cover both. Abrams Fensterman defends physicians in the audit proceeding and in any resulting OPMC investigation under a single coordinated strategy.

What Is Statistical Sampling and Extrapolation?

Statistical sampling is a method auditors use to review a small subset of claims and then extrapolate the error rate across all similar claims in the audit period.

A documentation issue found in a sample of 100 claims can be projected into a repayment demand covering thousands of claims. Performant uses data mining and automated review tactics to identify claim patterns before selecting records for audit, which means the sample they review is rarely random in the way providers assume.

Challenging the statistical validity and methodology of the sampling and extrapolation is one of the most effective defenses available. It requires experienced legal analysis working alongside certified professional coders.

Can an Insurance Audit Lead to Criminal Charges?

Yes. A finding of intentional fraud in an insurance audit can lead to criminal charges.

When fraud is suspected, carriers and government programs may refer the matter to:

• The Office of Inspector General (OIG)
• The Department of Justice
• New York State law enforcement

Possible outcomes include False Claims Act liability, exclusion from Medicare and Medicaid, and criminal prosecution. Every audit demand, regardless of how it is initially framed, must be approached with full legal seriousness from the moment it is received.

Our Insurance Audit Defense Process

Abrams Fensterman uses a structured, multi-tiered process to defend every audit matter. The process is designed to minimize liability, protect the provider, and reduce the risk of future exposure.

Step 1: Evaluate and Categorize the Demand

Correctly identifying the type of demand received is the foundation of the entire defense.

We analyze:

• Whether the audit involves private carrier funds or government program funds
• Whether Medicare or Medicaid funds are implicated, and which contractor is conducting the review
• Whether the carrier has indicated concerns about fraud or abusive billing
• Whether the demand is framed as data collection or as a repayment audit
• Whether the client is a participating provider with the carrier

This evaluation determines the initial strategy, including whether and how to respond to any demand for medical records.

Step 2: Assemble Records and Conduct an In-House Review

If medical records are to be provided, we work with the client to assemble the requested documentation and conduct an in-house preliminary assessment before anything is submitted.

Our Insurance and Audit Department includes attorneys who are also licensed medical professionals, enabling clinical and legal review under one roof. We also maintain professional relationships with multiple certified professional coding companies, and clients are regularly advised to have records evaluated by a coding professional for both strategic and prophylactic reasons.

Step 3: Analysis, Defense Strategy, and Negotiation

We conduct a full analysis of the substantive claims and coding issues, followed by a statutory analysis to identify procedural defenses that may limit exposure.

Where Performant or another contractor has used statistical sampling and extrapolation, we evaluate and challenge the methodology. Where liability exists, we develop a targeted defense strategy with the client and any coding professionals engaged, and implement a negotiation strategy to resolve the repayment demand on the most favorable terms available.

Step 4: Remediation and Future Audit Protection

Resolving an audit is not the final step. Preventing the next one is.

After resolution, we identify the root causes of any liability and provide specific recommendations to correct them, including:

• Coding corrections for any billing patterns that created exposure
• Documentation protocol improvements to support medical necessity
• Compliance program enhancements to reduce the risk of future review

Clients who implement these recommendations are better positioned to withstand future scrutiny from Performant, OMIG, private carriers, or any other program that may conduct a review.

Why Physicians Choose Abrams Fensterman

Abrams Fensterman brings resources to insurance audit defense that few firms can match:

• Attorneys who are also licensed medical professionals, enabling clinical and legal record review in-house
• Established relationships with multiple certified professional coding companies
• A dedicated Insurance and Audit Department experienced in RAC, MAC, OMIG, OIG, ZPIC, Performant, and private carrier matters
• Integrated representation across audit proceedings, OPMC investigations, and criminal referrals
• Five offices across New York, in Long Island, Brooklyn, White Plains, Rochester, and Albany

All consultations are confidential. Our attorneys are licensed in New York and have represented individual physicians, group practices, hospitals, and healthcare facilities at every stage of the audit and investigation process.

Contact Our Law Firm

For further information about insurance audit help, please contact our law firm on Long Island at 516-328- 2300, in Brooklyn at 718-215-5300, in White Plains at 914- 607-7010, in Rochester at 585-218-9999 or in Albany at 518-535-9477 to schedule an initial consultation.

Frequently Asked Questions

What is a healthcare insurance audit?

A healthcare insurance audit is a formal review by an insurer or government program to verify that billed services were medically necessary, properly documented, and correctly coded. If an overpayment is found, the carrier may issue a repayment demand or recoupment order. Audits may be conducted by private carriers or through government programs, including Medicare and Medicaid.

Who is the Medicaid RAC contractor in New York?

Performant Recovery, Inc. is New York’s designated Medicaid Recovery Audit Contractor. OMIG officially engaged Performant as its exclusive Medicaid RAC on April 7, 2025, replacing the prior vendor Health Management Systems (HMS). Performant uses data mining and automated review tactics to identify Medicaid overpayments and underpayments. Providers can manage audit reports and documentation through the Performant Provider Portal on the OMIG website.

Who conducts Medicare RAC audits in New York?

For Medicare Fee-for-Service claims, New York is part of Medicare RAC Region 1, where Performant Recovery, Inc. is the designated contractor. CMS awarded Performant an 8.5-year contract for Region 1 on March 26, 2021. Performant conducts post-payment reviews of Medicare Part A and Part B claims.

What should I do after receiving an insurance audit demand?

Do not respond before consulting with a health law attorney. How you respond, and what records you provide, can significantly affect your exposure. Contact Abrams Fensterman as soon as the demand is received so we can evaluate the audit type, the contractor or carrier involved, and the appropriate strategy before anything is submitted.

What is a data-collection audit demand?

A data-collection audit demand is a request for medical records that a carrier represents as being issued for informational purposes only, with no immediate repayment obligation stated. Legal evaluation is required before any response is made. The stated purpose of these demands does not always reflect the carrier’s actual intent.

What is the difference between a RAC audit and an OMIG audit?

A RAC (Recovery Audit Contractor) audit is a post-payment Medicare review conducted by a federal contractor. In New York and across Medicare Region 1, that contractor is currently Performant Recovery, Inc. An OMIG audit is a New York State review of Medicaid billing, also currently conducted by Performant under a contract that began April 7, 2025. Each carries different procedural rules, timelines, appeal rights, and potential penalties, and each requires a different defense approach from day one.

Can an insurance audit trigger an OPMC investigation?

Yes. An insurance audit can trigger an OPMC investigation when findings suggest conduct that goes beyond a billing or coding error. OPMC has the authority to discipline, suspend, or revoke a New York physician’s medical license. Abrams Fensterman defends physicians in both the audit proceeding and any resulting OPMC investigation under a single coordinated strategy.

What is statistical sampling and extrapolation?

Statistical sampling is a method auditors use to review a subset of claims and project the error rate across all similar claims in the audit period. Performant uses data mining and automated review to identify claim patterns before selecting records, which means the sample is rarely random. A small documentation issue in a limited sample can be extrapolated into a repayment demand covering thousands of claims. Challenging the statistical methodology is one of the most effective defenses available.

Can an insurance audit lead to criminal charges?

Yes. A finding of intentional fraud can result in referral to the Office of Inspector General, the Department of Justice, or state law enforcement. False Claims Act liability, exclusion from Medicare and Medicaid, and criminal prosecution are all possible outcomes. Every audit demand should be treated with full legal seriousness from the moment it is received.