In Part 1 of this article, we reviewed the various government agencies and private contractors that conduct audits and investigations of Medicare and Medicaid payments to health care providers, insurers and other recipients of such payments (hereinafter “provider”), what can trigger these audits and investigations, and their scope. In the second part, we discuss some of the steps a provider should take to protect itself. At the outset, we caution that what follows are very broad and general guidelines. When facing any kind of audit or investigation, it is imperative that the provider seek advice from lawyers experienced in handling these matters, who can tailor a response to the specific circumstances in which the provider finds itself.

As we noted in Part 1, there is no such thing as an “informal” audit or a “routine” investigation. Any inquiry by a government agency—such as the Office of Inspector General of the U.S. Department of Health and Human Services, the New York State Attorney General’s Medicaid Fraud Control Unit, the Office of New York State Medicaid Inspector General, or a government contractor such as a Medicare fiscal intermediary, carrier or Recovery Audit Contractor (RAC)—must be taken seriously.