A Fundamental Shift in Risk Adjustment

For more than a decade, Medicare Advantage risk adjustment followed a familiar playbook: identify conditions, capture documentation, optimize coding, and improve RAF.

That paradigm is now over.

What was once a revenue optimization function has evolved into a compliance-critical, audit-driven operating environment—one where every diagnosis submitted is no longer just a revenue opportunity, but a potential liability.

This shift is not theoretical. It is structural, regulatory, and already underway.

RADV Has Entered a New Phase

The Centers for Medicare & Medicaid Services (CMS) has fundamentally changed the scale, speed, and intent of RADV audits.

CMS is now:

  • Expanding audits to all eligible Medicare Advantage contracts annually
  • Increasing sample sizes from approximately 35 records to as many as 200
  • Working through audit backlogs spanning multiple payment years

At the same time, RADV has become CMS's primary way to address overpayments tied to unsupported diagnoses.1

RADV audit risk is no longer occasional—it is expected, recurring, and increasing in scale.

The Financial Stakes Have Changed

Historically, audit exposure was episodic and manageable.

That is no longer the case.

  • Medicare Advantage improper payments were estimated at $23.67 billion in FY 2025, with the majority driven by documentation that failed to substantiate submitted diagnoses 2
  • Extrapolation remains a major potential source of liability, meaning small sample errors can scale across much larger populations
  • A handful of unsupported diagnoses can result in multi-million-dollar clawbacks

A missed HCC used to be lost revenue. An unsupported HCC now represents financial and audit risk.

Extrapolated recoveries amplify that risk, but their application remains legally unsettled. While CMS's 2023 RADV rule authorized extrapolation, CMS's March 2026 PY 2020 audit instructions note that the rule was vacated in 2025, is under appeal, and that CMS has not yet determined whether extrapolated recoveries will be applied in those audits. 3

Why Organizations Are Being Caught Off Guard

Despite clear regulatory signals, many organizations are still operating under outdated assumptions:

  • “We just need to capture more conditions.” Volume is no longer the goal. CMS is focused on clinical support and auditability.
  • “RADV is a payer problem.” RADV findings trace directly back to provider documentation—this is a shared risk across the ecosystem.
  • “We'll prepare when we get audited.” With annual audits and backlog recovery, organizations are now operating in a continuous audit cycle.

The Financial Consequences Are Already Here

The consequences of unsupported diagnoses are no longer theoretical—they are already materializing across the industry.

In January 2026, multiple Kaiser Permanente-affiliated organizations agreed to pay $556 million to resolve False Claims Act allegations related to Medicare Advantage risk adjustment practices. The Department of Justice alleged that Kaiser used retrospective addenda processes and data-driven mechanisms to identify and add diagnoses after patient visits, inflating risk scores and reimbursement.

While this was not a RADV audit penalty, it underscores the growing enforcement focus on documentation integrity and support for submitted diagnoses. 4

Similarly, federal audits of major Medicare Advantage plans have identified significant overpayment exposure. In one HHS Office of Inspector General audit, Humana was estimated to have received at least $197.7 million in net overpayments for payment year 2015, based on extrapolated findings from a single contract audit. Separately, CMS has expanded RADV audit activity at scale, increasing the likelihood of substantial recoveries across the program.5

These cases are not outliers—they are indicators.

Together, these actions signal a clear shift: enforcement is no longer theoretical—it is active, scaled, and financially material.

The Core Issue: Unsupported Diagnoses

At the center of RADV exposure is a simple truth:

If a diagnosis is not supported in the medical record, it does not exist—for payment purposes.

To be valid for risk adjustment payment, every diagnosis must:

  • Be documented in the medical record
  • Be documented as a result of a face-to-face encounter of care
  • Be attributable to a qualified medical provider
  • Comply with CMS coding and submission requirements

The most important takeaway: most exposure is not intentional—it stems from documentation gaps and operational breakdowns.

The Shift to Defensibility

A new standard is emerging for risk adjustment programs:

Not “How much revenue did we capture?” but “How much of that revenue would survive an audit?”

This shift requires organizations to move from:

  • Revenue optimization → Defensibility
  • Additive coding → Two-way validation (add and remove)
  • Retrospective review → Prospective integrity

Organizations that fail to adapt will:

  • Overstate RAF
  • Underestimate risk
  • Enter audits unprepared

Why This Matters Now

Three forces are converging:

  1. Audit Expansion
    RADV is becoming routine—not limited to isolated contracts or one-time audits.
  2. Financial Pressure
    V28 model changes and margin compression reduce tolerance for error.
  3. Regulatory Intent
    CMS is actively working to recover overpayments and correct systemic coding behavior.

From Tasks to Transformation

Most organizations are asking: “What do we need to do to be ready?”

That is the right question—but the wrong starting point.

Because RADV readiness is not the completion of tasks on a checklist.

It is an operating model transformation.

Looking Ahead: Part II

In Part II, we will outline:

  • A practical RADV Audit Readiness Playbook
  • The most common failure points across organizations
  • How to build a defensible risk adjustment program before the audit arrives

Final Thought

RADV is no longer a background compliance activity.

It is now a defining force shaping:

  • Financial performance
  • Coding strategy
  • Clinical documentation
  • Organizational risk

The winners will not be those that capture the most diagnoses.

They will be the ones that can defend them—consistently and at scale.

Continue the conversation

Want to talk about audit readiness?

If your organization is rethinking risk adjustment defensibility, documentation integrity, or RADV readiness, we would be glad to talk.

Talk to our teamRelated capability

References

  1. Centers for Medicare & Medicaid Services (CMS). Medicare Advantage Risk Adjustment Data Validation (RADV) Program Overview.
  2. Centers for Medicare & Medicaid Services (CMS). Fiscal Year 2025 Improper Payments Fact Sheet.
  3. Committee for a Responsible Federal Budget (CRFB). CMS Steps to Recover Medicare Advantage Overpayments.
  4. U.S. Department of Justice. Kaiser Permanente Affiliates Pay $556M to Resolve False Claims Act Allegations (January 14, 2026).
  5. HHS Office of Inspector General. Medicare Advantage Compliance Audit of Diagnosis Codes That Humana, Inc. (Contract H1036) Submitted to CMS (April 19, 2021).