For years, New York healthcare providers have navigated the complex oversight of the Office of the Medicaid Inspector General (OMIG), primarily through its Medicaid Recovery Audit Contractor (RAC) vendors. In April 2025 the landscape shifted as the state engaged Performant Healthcare Solutions (“Performant”) as its exclusive Medicaid Recovery Audit Contractor (“RAC”).  

While the mission of "program integrity" is framed as a benefit to taxpayers (both financially and in outcomes), the reality for providers is often a high-stakes battle against aggressive data mining and automated recovery tactics. As Performant ramps up its operations in New York, providers must understand that these audits are not merely clerical reviews—they are revenue-driven initiatives that can threaten your practice’s financial stability.

What is a RAC? Understanding the "Bounty Hunter" Model

A RAC is a private, third-party company hired by the government to identify and recover "improper" payments made to healthcare providers. Unlike government employees, RACs operate on a contingency fee basis.

This means RACs are paid a percentage of every dollar they "recover" from providers. Because their corporate revenue depends directly on finding overpayments, the RAC model is often criticized for incentivizing aggressive interpretations of complex billing rules. While they are technically tasked with finding underpayments too, historical data shows that overpayment recoveries outpace underpayments by a ratio of more than 9-to-1.

The New Player: Who is Performant Healthcare Solutions?

Performant is not a government agency; it is a publicly traded, for-profit corporation that is no stranger to the audit industry. Their business model relies on sophisticated algorithms and "technology-enabled" reviews to flag claims for recovery.

Before Performant, Health Management Systems (“HMS”) served as New York’s Medicaid RAC. New York pivoted to Performant following a 2022 Comptroller report that criticized the previous regime for failing to recover nearly $292 million in potential overpayments. The shift marks a move toward a more aggressive, tech-heavy audit regime.

The Performant Process: What Providers Can Expect

If your practice is flagged by Performant's algorithms, you will enter a rigid, multi-stage process. Understanding the timeline is critical to avoiding a default judgment:

1. The Welcome Letter & ADR: You will receive an Additional Documentation Request (ADR). For "Complex Reviews," you typically have 45 days to submit the requested medical records via their portal.
2. The Review Results Letter (RRL): After reviewing your files, Performant issues an RRL (or a Draft Audit Report). This document outlines their "findings" of overpayment.
3. The Discussion Period: This is a narrow 30-day window where you can submit a "Discussion Request" to contest findings before they are sent to OMIG for recoupment. This is your first and often best chance to stop an overpayment demand.
4. The Demand Letter: If the Discussion Period fails, a formal Demand Letter is issued. At this stage, the state will begin recouping funds (offsetting future payments) unless you file a formal appeal.

Automated vs. Complex Reviews

Performant utilizes two primary methods to scrutinize your claims:

1. Automated Reviews: These use data-mining software to identify "obvious" errors, such as duplicate payments or coding violations, without a human ever looking at a medical record. The danger here is that software often lacks the nuance to understand complex clinical scenarios or specific New York Medicaid nuances.
2. Complex Reviews: These involve a manual review of medical records by Performant’s staff to determine if services were medically necessary or documented according to state standards.

In both instances, the burden of proof is shifted to the provider. A single "algorithmic" error can lead to a massive extrapolation of overpayments, resulting in demand letters for hundreds of thousands of dollars based on a small sample of claims.

The Red Flag Checklist

Performant uses proprietary algorithms to "score" providers based on risk. If your data deviates from the statistical norm, you may be automatically flagged for review. Watch for these five red flags:

1. High Modifier Usage: Frequent use of Modifier 25 (separately identifiable service) or Modifier 59 (distinct procedural service) is a primary trigger for "Automated Reviews."
2. Upcoding Patterns: Submitting a higher-than-average volume of the most expensive service codes (e.g., Level 5 E&M visits) compared to your specialty peers.
3. Medical Necessity Gaps: Billing for high-cost diagnostic tests or therapies without corresponding ICD-10 codes that justify the clinical need.
4. "Copy-Paste" Documentation: Electronic Health Record (EHR) entries that appear identical across multiple patients or dates of service, suggesting a lack of contemporaneous documentation.
5. Outlier Billing Volume: Submitting significantly more claims per day than the average provider in your geographic region.

The "Provider Portal" Trap

Performant has recently launched a new New York RAC Provider Portal. While the OMIG and Performant market this as a tool for "efficiency," providers should proceed with caution. 

Under the old HMS system, you waited for a letter in the mail. With Performant, if a "Draft Audit Report" is uploaded to your portal, your 30-day response window may start immediately—regardless of whether you logged in to see it. 

Beyond the Bill: Potential Consequences of an Audit 

The transition to a third-party RAC like Performant often results in a "guilty until proven innocent" atmosphere. These contractors are frequently criticized for applying informal manuals as if they have the force of law and ignoring the professional judgment of treating physicians.

Many providers believe the only risk of a RAC audit is paying back the money. In reality, the consequences can be far more severe and systemic:

• Extrapolation Penalties: Performant often uses statistical sampling. If they find a 10% error rate in 50 claims, they may apply that 10% error to every claim you’ve submitted over the last three years, turning a $5,000 mistake into a $500,000 liability.
• Loss of Billing Privileges: Repeated audit failures or "gross errors" can lead to the suspension or permanent revocation of your Medicaid billing privileges.
• Referrals to Law Enforcement: If Performant’s "data mining" suggests intentional patterns, they are contractually obligated to refer the case to OMIG’s Investigations Division or the Medicaid Fraud Control Unit (MFCU) for criminal or civil prosecution.
• Corporate Integrity Agreements (CIA): A poor audit result can lead to years of government monitoring, mandatory independent audits, and expensive compliance overhauls.

Protect Your Rights

When Performant comes knocking, you cannot afford to be passive. Treating a RAC audit as a routine "check-up" is a mistake that has cost providers millions.  You have the right to challenge their findings and ensure they are following the law.

Don’t let a for-profit contractor dictate the future of your practice. If Performant is auditing your New York Medicaid claims, contact our experienced legal team to safeguard your rights and your revenue.