![]() |
Published April 28, 2026 Author: Alyssa A. Friedman. Chair of the Healthcare Fraud & Regulatory Defense Practice at Abrams Fensterman, LLP |
Abrams Fensterman, LLP represents physicians, medical groups, and healthcare facilities across New York when insurance carriers, Medicare, or Medicaid auditors demand medical records or issue repayment demands.
There is no such thing as a routine audit. Every physician and every practice has its own unique attributes. We analyze and prepare each case based on its own facts, and we begin every engagement by evaluating not just the audit itself, but every layer of regulatory exposure it may carry.
What Is a Healthcare Insurance Audit?
A healthcare insurance audit is a formal review by an insurer or government program to verify that billed services were medically necessary, properly documented, and correctly coded.
When a carrier identifies a billing concern, it typically begins by requesting medical records. If an overpayment is found, a repayment demand or recoupment order follows. Audits may involve:
- Private insurance carriers
- Medicare, through federal audit contractors
- Medicaid, through New York State oversight programs
Audits may be conducted before or after payment has been made. Many use statistical sampling and extrapolation, which can project a small documentation error across thousands of claims and produce a repayment demand far greater than the underlying issue would suggest.
Types of Insurance Audit Demands Physicians Receive
Healthcare providers in New York face demands from multiple programs and agencies. The type of demand received determines the procedural rules, timelines, appeal rights, and defense strategy that apply.
- Recovery Audit Contractors (RAC), post-payment Medicare reviews targeting improper payments
- Medicare Administrative Contractors (MAC), pre-payment and post-payment Medicare claim reviews
- Unified Program Integrity Contractors (UPIC), or National Government Services (NGS), which is responsible for conducting investigations, requesting records, and coordinating fraud enforcement actions on behalf of federal healthcare programs.
- Zone Program Integrity Contractors (ZPIC), Medicare fraud and abuse investigations
- Office of the Medicaid Inspector General (OMIG), New York State Medicaid audits and investigations
- Office of Inspector General (OIG), federal oversight with civil and criminal enforcement authority
- Private carrier audits, commercial insurer reviews for participating and non-participating providers
- Data-collection demands, requests represented as informational only but requiring legal review before any response
Our first step in every engagement is to identify exactly what kind of demand the client has received and what is truly at stake, before any response is made to the carrier.
ZPIC vs. UPIC: Understanding Program Integrity Audits
Zone Program Integrity Contractors (ZPICs) were historically responsible for investigating Medicare fraud, waste, and abuse. Today, those functions have largely transitioned to Unified Program Integrity Contractors (UPICs), which now handle program integrity audits across both Medicare and Medicaid.
For healthcare providers in the Northeast, this typically involves National Government Services (NGS), the UPIC responsible for conducting investigations, requesting records, and coordinating fraud enforcement actions on behalf of federal healthcare programs.
UPIC audits carry significant risk. These investigations often go beyond documentation review and may involve allegations of improper billing, overpayments, or fraudulent conduct. In many cases, a UPIC audit can lead to repayment demands, referral to the Office of Inspector General, or escalation into civil or criminal proceedings.
Understanding whether an audit involves a UPIC and responding strategically from the outset, is critical to protecting both financial and professional exposure.
Who Conducts RAC Audits in New York?
Performant Recovery, Inc. is the designated Recovery Audit Contractor for both New York State Medicaid and Medicare Region 1.
Providers in New York are currently subject to Performant audits across two separate programs:
- New York Medicaid RAC: The Office of the Medicaid Inspector General (OMIG) officially engaged Performant as New York’s exclusive Medicaid RAC on April 7, 2025, replacing the prior vendor Health Management Systems (HMS). Performant identifies and collects Medicaid overpayments and underpayments using data mining and automated review tactics.
- Medicare RAC Region 1: For Medicare Fee-for-Service claims, New York is part of Region 1. The Centers for Medicare and Medicaid Services awarded Performant an 8.5-year contract for Region 1 on March 26, 2021. Performant conducts post-payment reviews of Medicare Part A and Part B claims.
Providers can manage audit reports and documentation for both programs through the Performant Provider Portal, hosted on the OMIG website. Knowing who is conducting the audit, what authority they operate under, and what methods they use is essential context before any response is made.
What Is a Data-Collection Audit Demand?
A data-collection audit demand is a request for medical records that a carrier represents as being issued for informational purposes only, with no immediate repayment obligation stated.
These demands require legal evaluation before any response is made. The stated purpose of a data-collection demand does not always reflect the carrier’s actual intent. Responding without legal guidance can inadvertently expose a provider to liability that would not otherwise exist.
Abrams Fensterman evaluates every demand, including those framed as data collection, before advising a client on whether and how to respond.
Can an Insurance Audit Trigger an OPMC Investigation?
Yes. An insurance audit can trigger an OPMC investigation.
The Office of Professional Medical Conduct is the New York State agency that investigates physician misconduct. OPMC has the authority to discipline, suspend, or revoke a physician’s medical license.
When an audit reveals a pattern of billing irregularities, and the carrier or government program concludes the issue goes beyond a documentation error, a referral to OPMC or to law enforcement may follow. A Performant RAC audit, an OMIG investigation, or a private carrier review can each become the basis for an OPMC proceeding.
Because an insurance audit and an OPMC proceeding can run at the same time, representation must cover both. Abrams Fensterman defends physicians in the audit proceeding and in any resulting OPMC investigation under a single coordinated strategy.
What Is Statistical Sampling and Extrapolation?
Statistical sampling is a method auditors use to review a small subset of claims and then extrapolate the error rate across all similar claims in the audit period.
A documentation issue found in a sample of 100 claims can be projected into a repayment demand covering thousands of claims. Performant uses data mining and automated review tactics to identify claim patterns before selecting records for audit, which means the sample they review is rarely random in the way providers assume.
Challenging the statistical validity and methodology of the sampling and extrapolation is one of the most effective defenses available. It requires experienced legal analysis working alongside certified professional coders.
Can an Insurance Audit Lead to Criminal Charges?
Yes. A finding of intentional fraud in an insurance audit can lead to criminal charges.
When fraud is suspected, carriers and government programs may refer the matter to:
- The Office of Inspector General (OIG)
- The Department of Justice
- New York State law enforcement
Possible outcomes include False Claims Act liability, exclusion from Medicare and Medicaid, and criminal prosecution. Every audit demand, regardless of how it is initially framed, must be approached with full legal seriousness from the moment it is received.
Our Insurance Audit Defense Process
Abrams Fensterman follows a structured, multi-stage approach to every insurance audit. Our goal is to minimize financial exposure, protect professional licenses, and position providers for the strongest possible outcome.
Step 1 • Evaluate & Categorize the Audit Demand
Every defense begins by identifying exactly what type of audit or investigation the provider has received.
- Private carrier vs. government-funded audit
- Whether Medicare or Medicaid funds are involved
- Which contractor or agency is conducting the review
- Whether fraud, abuse, or overpayment concerns are alleged
- Whether the request is data collection or a repayment audit
- Provider participation status with the carrier
This initial evaluation determines both the legal strategy and how medical records should be produced, if at all.
Step 2 • Internal Clinical & Legal Review
Before any records are submitted, our team conducts an internal review to identify potential areas of exposure.
Our Insurance & Audit Department includes attorneys who are also licensed healthcare professionals, allowing clinical and legal analysis under one roof. We also work closely with certified professional coding experts whenever coding review is strategically appropriate.
Step 3 • Defense Strategy & Negotiation
Our attorneys perform a comprehensive legal and factual analysis before developing a tailored defense strategy.
Where statistical sampling or extrapolation has been used, we challenge the methodology whenever appropriate. When repayment exposure exists, we negotiate strategically to achieve the most favorable resolution available.
Step 4 • Compliance & Future Audit Protection
Resolving today’s audit is only part of the process. We also help reduce the likelihood of tomorrow’s investigation.
- Billing and coding corrections
- Documentation improvements supporting medical necessity
- Healthcare compliance program enhancements
Providers who strengthen internal compliance are better positioned for future audits conducted by Performant, OMIG, Medicare, Medicaid, commercial insurers, or other enforcement agencies.
Why Physicians Choose Abrams Fensterman
Our Healthcare Fraud & Regulatory Defense Practice combines clinical knowledge, regulatory experience, and sophisticated litigation capabilities to defend healthcare providers throughout New York.
- Attorneys who are licensed medical professionals providing in-house clinical and legal record review.
- Relationships with certified coding experts for technical coding analysis and audit defense.
- Extensive experience defending RAC, MAC, OMIG, OIG, UPIC, Performant, and private carrier investigations.
- Integrated representation across audits, OPMC investigations, False Claims Act matters, and criminal referrals.
- Five New York offices serving providers statewide from Long Island, Brooklyn, White Plains, Rochester, and Albany.
Every consultation is confidential. Our attorneys have represented physicians, medical groups, hospitals, nursing facilities, behavioral health providers, pharmacies, transportation companies, and healthcare organizations at every stage of the audit and investigation process.
Frequently Asked Questions
What is a healthcare insurance audit?
A healthcare insurance audit is a formal review by an insurer or government program to verify that billed services were medically necessary, properly documented, and correctly coded. If an overpayment is found, the carrier may issue a repayment demand or recoupment order. Audits may be conducted by private carriers or through government programs, including Medicare and Medicaid.
Who is the Medicaid RAC contractor in New York?
Performant Recovery, Inc. is New York’s designated Medicaid Recovery Audit Contractor. OMIG officially engaged Performant as its exclusive Medicaid RAC on April 7, 2025, replacing the prior vendor Health Management Systems (HMS). Performant uses data mining and automated review tactics to identify Medicaid overpayments and underpayments. Providers can manage audit reports and documentation through the Performant Provider Portal on the OMIG website.
Who conducts Medicare RAC audits in New York?
For Medicare Fee-for-Service claims, New York is part of Medicare RAC Region 1, where Performant Recovery, Inc. is the designated contractor. CMS awarded Performant an 8.5-year contract for Region 1 on March 26, 2021. Performant conducts post-payment reviews of Medicare Part A and Part B claims.
What should I do after receiving an insurance audit demand?
Do not respond before consulting with a health law attorney. How you respond, and what records you provide, can significantly affect your exposure. Contact Abrams Fensterman as soon as the demand is received so we can evaluate the audit type, the contractor or carrier involved, and the appropriate strategy before anything is submitted.
What is a data-collection audit demand?
A data-collection audit demand is a request for medical records that a carrier represents as being issued for informational purposes only, with no immediate repayment obligation stated. Legal evaluation is required before any response is made. The stated purpose of these demands does not always reflect the carrier’s actual intent.
What is the difference between a RAC audit and an OMIG audit?
A RAC (Recovery Audit Contractor) audit is a post-payment Medicare review conducted by a federal contractor. In New York and across Medicare Region 1, that contractor is currently Performant Recovery, Inc. An OMIG audit is a New York State review of Medicaid billing, also currently conducted by Performant under a contract that began April 7, 2025. Each carries different procedural rules, timelines, appeal rights, and potential penalties, and each requires a different defense approach from day one.
Can an insurance audit trigger an OPMC investigation?
Yes. An insurance audit can trigger an OPMC investigation when findings suggest conduct that goes beyond a billing or coding error. OPMC has the authority to discipline, suspend, or revoke a New York physician’s medical license. Abrams Fensterman defends physicians in both the audit proceeding and any resulting OPMC investigation under a single coordinated strategy.
What is statistical sampling and extrapolation?
Statistical sampling is a method auditors use to review a subset of claims and project the error rate across all similar claims in the audit period. Performant uses data mining and automated review to identify claim patterns before selecting records, which means the sample is rarely random. A small documentation issue in a limited sample can be extrapolated into a repayment demand covering thousands of claims. Challenging the statistical methodology is one of the most effective defenses available.
Can an insurance audit lead to criminal charges?
Yes. A finding of intentional fraud can result in referral to the Office of Inspector General, the Department of Justice, or state law enforcement. False Claims Act liability, exclusion from Medicare and Medicaid, and criminal prosecution are all possible outcomes. Every audit demand should be treated with full legal seriousness from the moment it is received.
Strategic Guidance for New York Healthcare Providers
Every audit demand should be treated as a potential enforcement matter. Under the leadership of Alyssa A. Friedman, Abrams Fensterman’s Healthcare Fraud & Regulatory Defense Practice helps physicians, medical groups, and healthcare facilities respond strategically to OMIG, Performant, Medicare, Medicaid, OIG, and private carrier audits before repayment exposure, professional discipline, or criminal referral risk escalates.
Meet Alyssa Friedman – Healthcare Fraud Defense Attorney
A video featuring Alyssa Friedman discussing healthcare fraud investigations, audits, compliance issues, government enforcement actions, and strategic defense for healthcare providers.
Contact Our Healthcare Fraud & Regulatory Defense Practice
If you have received an OMIG audit notice, repayment demand, records request, or other healthcare fraud inquiry, contact Alyssa A. Friedman for a confidential consultation.
Brooklyn Metrotech: 718-215-5300
Long Island: 516-328-2300
White Plains: 914-607-7010
Rochester: 585-218-9999
Albany: 518-535-9477
