The Department of Justice just secured a record settlement with Kaiser Permanente for Medicare Advantage (MA) risk adjustment fraud. This is the largest MA settlement in history, and it signals a dramatic escalation in federal enforcement. The government accused Kaiser of adding hundreds of thousands of unsupported diagnoses to inflate payments. With the Department of Justice (DOJ) actively litigating against the nation’s largest MA organizations and the Centers for Medicare & Medicaid Services (CMS) conducting risk adjustment audits subject to extrapolation, the message is unmistakable: MA overbilling has moved from regulatory concern to criminal enforcement priority.
Organizations managing MA populations face unprecedented audit risk. Recent fiscal year recoveries totaled billions in healthcare False Claims Act (FCA) settlements, with MA fraud identified as an area of critical importance. CMS has identified that a significant portion of payments to MA organizations are improper, primarily due to unsupported diagnoses. For a mid-size MA plan, that translates to millions in potential recoupment exposure. The question is no longer whether your organization will face scrutiny, but whether you will detect compliance gaps before auditors do.
The Enforcement Landscape Has Fundamentally Changed
Federal enforcement in Medicare Advantage has shifted from reactive audits to proactive investigations. DOJ is pursuing qui tam whistleblower cases, conducting independent investigations, and targeting not just MA organizations but also vendors, providers, and third-party entities involved in risk adjustment. Independent Health agreed to pay a substantial settlement in 2024 to resolve allegations of invalid diagnosis code submissions. Cigna settled similar claims for a significant amount in 2023.
The Kaiser settlement reveals DOJ’s enforcement strategy. The government alleged Kaiser pressured physicians to create addenda months or even a year after patient encounters to retroactively add unsupported diagnoses. The company allegedly used data mining programs to identify missed diagnoses and tracked physician coding performance. This pattern of chart manipulation through retrospective coding additions has become a primary enforcement target.
What makes current enforcement particularly dangerous is DOJ’s willingness to pursue cases to trial. Multiple high-stakes trials occurred in 2025, demonstrating an aggressive federal posture. The agency is expanding its focus beyond MA organizations to examine vendor and provider roles in diagnoses submitted to the government. If your organization uses third-party vendors for chart reviews or health risk assessments, those relationships now carry enhanced scrutiny.
High Risk Diagnosis Codes Under Federal Microscope
Not all diagnosis codes carry equal audit risk. The Department of Health and Human Services (HHS) Office of Inspector General (OIG) released an analytics toolkit identifying diagnosis codes at high risk for improper coding. According to OIG audits, a substantial majority of submitted codes from this relatively small set of high-risk diagnoses were unsupported by medical record documentation.
OIG targets specific diagnosis patterns suggesting overbilling. Codes requiring high specificity are frequently submitted at unspecified levels. Diagnoses were added through retrospective chart review rather than captured during face-to-face encounters. Conditions are documented through health risk assessments without corresponding treatment plans. Chronic conditions captured in one year but absent from subsequent years despite continued enrollment. Diagnosis codes appear disproportionately compared to national prevalence rates.
The most problematic diagnoses include morbid obesity without documented Body Mass Index (BMI) calculations, diabetes with complications lacking specific complication documentation, vascular disease coded at a higher specificity than documentation supports, major depressive disorder without evidence of clinical assessment, and chronic kidney disease at advanced stages without supporting lab values.
Organizations cannot rely on vendor attestations that coding is compliant. OIG audits have found that even when vendors certify documentation adequacy, medical records fail to support submitted diagnoses. Healthcare organizations must implement their own coding compliance validation processes rather than accepting third-party assurances at face value. The plan remains liable for overpayments regardless of vendor involvement.
MEAT Criteria Failures Create Recoupment Exposure
Federal auditors apply MEAT criteria to validate every diagnosis submitted for risk adjustment. MEAT stands for Monitored, Evaluated, Assessed, or Treated. Even one MEAT element technically supports a diagnosis, but auditors scrutinize whether that single element demonstrates active clinical management rather than passive documentation. A chronic condition mentioned in the history without evidence of monitoring, evaluation, assessment, or treatment will not survive an audit challenge.
Common MEAT failures that trigger recoupments include diagnoses listed in problem lists or past medical history without evidence that the condition was addressed during the encounter. Chronic conditions documented through patient self-report without provider evaluation or treatment plan updates. Diagnoses added through retrospective addenda referencing symptoms or findings from prior encounters without a new clinical assessment. Health risk assessment diagnoses never appear in subsequent treatment encounters or care coordination. Conditions coded at a higher specificity than documentation supports, particularly when specific diagnostic elements required for the code are absent.
Organizations often confuse diagnosis documentation with MEAT compliance. Simply listing diabetes in the assessment does not satisfy MEAT if the encounter note lacks evidence that the provider monitored glucose control, evaluated for complications, assessed medication effectiveness, or adjusted treatment. Robust clinical documentation integrity programs ensure every coded diagnosis reflects active clinical management rather than passive documentation. Congestive heart failure requires documentation of symptoms evaluation, functional status assessment, medication management, or treatment plan modification. Vague statements that conditions are stable without supporting clinical indicators fail MEAT validation because stability itself must be clinically assessed rather than assumed.
The annual recapture requirement compounds MEAT compliance challenges. Risk adjustment scores reset every January 1, so chronic conditions documented in previous years do not carry forward automatically. Every diagnosis contributing to a Risk Adjustment Factor (RAF) scores must be recaptured annually through face-to-face encounters with MEAT-compliant documentation. Organizations relying on problem lists carryforward without requiring providers to actively document ongoing management face systematic audit failures. Strong risk adjustment documentation practices ensure that every submitted diagnosis code is supported by contemporaneous clinical evidence meeting MEAT validation standards. This exposure accumulates across multiple payment years if not detected and corrected promptly.
Chart Review Programs Under DOJ Investigation
Chart review programs have become a specific DOJ enforcement target. While legitimate chart reviews identifying documented but uncoded conditions are appropriate, DOJ is investigating programs designed to manufacture diagnoses rather than capture existing clinical information. The distinction between compliant and fraudulent chart review lies in whether added diagnoses are clearly supported by contemporaneous documentation from the reviewed encounter.
Problematic practices include creating addenda, adding diagnoses based on symptoms mentioned in prior encounters without new evaluation, coding conditions at higher specificity than documentation supports, and adding diagnoses for conditions requiring diagnostic testing when the provider did not order such testing. Submitting diagnoses captured through chart review at significantly higher rates than original encounter coding suggests systematic retrospective upcoding.
OIG research found that some MA companies leveraged chart reviews to disproportionately drive payments compared to market share. DOJ views patterns where chart reviews consistently increase risk scores without corresponding increases in care intensity as evidence of overbilling schemes.
Health Risk Assessments Draw Federal Skepticism
Health risk assessments have emerged as another enforcement focal point. Health Risk Assessments (HRAs) are in-home or telephonic assessments conducted to identify conditions for risk adjustment. Auditors scrutinize whether diagnoses captured through HRAs are subsequently incorporated into care plans and treatment, or whether they exist solely to increase risk scores without improving patient care.
Red flags include diagnoses captured through HRAs that never appear in subsequent treatment records, conditions identified without corresponding referrals or medication changes, and HRA diagnoses generating significant payments but showing no evidence of ongoing monitoring. MedPAC has raised concerns about the aggressive tactics some MA organizations use to recruit beneficiaries for in-home HRAs.
Compliant HRA programs ensure diagnoses identified during assessments are communicated to treating providers and incorporated into ongoing care management. HRA findings existing in isolation without integration into the patient’s treatment plan create documentation patterns suggesting overbilling rather than care improvement.
Building Proactive Detection Capabilities
Organizations cannot wait for federal audits to identify compliance gaps. By the time CMS or OIG selects your plan for audit, the exposure has already accumulated across multiple payment years, and extrapolation methodologies can multiply individual findings into substantial recoupment demands. Effective revenue leakage prevention requires proactive internal detection through systematic monitoring of risk adjustment coding patterns against benchmarks that identify outliers before they become enforcement targets.
Essential detection strategies include comparing diagnosis capture rates for high-risk Hierarchical Condition Category (HCC) categories against national prevalence data adjusted for your population demographics. Maintaining HCC coding accuracy requires ongoing monitoring of capture rates and documentation quality. Significant deviations above expected rates, particularly for diagnoses OIG has flagged in its toolkit, require investigation into whether clinical documentation supports the coding volume. Analyzing the ratio of diagnoses captured through chart reviews versus original encounter coding to identify whether retrospective coding drives disproportionate risk score increases. Reviewing the percentage of chronic conditions that are successfully recaptured annually to detect systematic gaps in ongoing management documentation that will fail MEAT validation in audits.
Organizations should monitor the specificity level of submitted diagnoses against documentation to identify patterns where coders select more specific codes than clinical records support. Tracking diagnoses added through addenda and retrospective documentation ensures added codes are clearly supported by contemporaneous encounter documentation rather than inferred from vague symptom mentions. Measuring the percentage of HRA diagnoses appearing in subsequent treatment encounters validates that assessment findings are being incorporated into ongoing care rather than existing solely for risk adjustment. Conducting random sample audits using the same MEAT validation methodology, federal auditors will identify documentation deficiencies before CMS does. Payer audit management streamlines these processes by systematically flagging documentation gaps and coding inconsistencies before they accumulate into substantial audit exposure.
The organizations that survive intensified enforcement will be those that implement detection systems generating real-time visibility into coding patterns and documentation quality. Waiting for annual summaries or quarterly reports is insufficient when problematic patterns may persist for months before detection. Continuous risk monitoring capabilities flag high-risk coding patterns as they emerge rather than discovering them during retrospective reviews when exposure has already accumulated. Modern healthcare revenue integrity platforms provide this continuous monitoring, applying MEAT validation to diagnosis submissions, comparing your capture rates against risk-adjusted benchmarks, and identifying documentation gaps that would fail federal audit before those gaps generate recoupment liability.
The Compliance Imperative Is Immediate
Medicare Advantage enforcement has reached unprecedented intensity. Federal prosecutors are pursuing substantial fraud investigations against the industry’s largest organizations. CMS is conducting risk adjustment audits with extrapolation authority that can multiply sample findings into massive recoupment demands. OIG has published the audit playbook, identifying exactly which diagnosis codes and documentation patterns will trigger takebacks. Organizations must prioritize compliance billing standards to ensure every submitted diagnosis code meets federal documentation requirements. The compliance question is no longer whether your organization has risk adjustment issues, but whether you will detect and correct those issues before federal auditors arrive with subpoenas and extrapolation formulas.
Organizations that treat risk adjustment as revenue optimization rather than compliance obligation have catastrophically misjudged the current environment. DOJ has demonstrated a willingness to pursue substantial settlements and criminal investigations against organizations submitting unsupported diagnoses. Corporate integrity agreements impose multi-year monitoring requirements that substantially increase compliance costs and operational restrictions. The reputational damage from FCA settlements affects member retention, provider relationships, and regulatory standing. Strong revenue integrity practices ensure accurate documentation, proper coding, and compliant billing while maintaining a balance between appropriate reimbursement and regulatory compliance.
Proactive detection capabilities are the only viable strategy in this enforcement environment. You cannot audit your way out of problems after federal investigators review your files. You cannot rely on vendor attestations when OIG audits consistently prove those attestations wrong. You cannot assume that because your organization has not been audited yet that your practices are sound. DOJ is actively investigating the largest MA organizations, and the enforcement dragnet will expand to mid-market plans as cases against industry leaders conclude. Building a proactive compliance program that identifies and corrects compliance gaps now, before the next DOJ press release announces your organization’s settlement, is imperative.
Keywords: HCC coding accuracy, risk adjustment documentation, clinical documentation integrity, coding compliance, revenue leakage prevention, healthcare revenue integrity, compliance billing healthcare
