The landscape for Risk Adjustment Data Validation (RADV) audits has shifted dramatically in 2025, and Medicare Advantage Organizations (MAOs) face unprecedented scrutiny regardless of how ongoing legal challenges unfold. In May 2025, the Centers for Medicare and Medicaid Services (CMS) announced plans to audit all 550 eligible Medicare Advantage contracts annually, a massive jump from the historical average of 60 plans per year. While a September 2025 federal court decision vacated CMS’s extrapolation rule on procedural grounds, the agency’s commitment to aggressive audit expansion remains clear.
For healthcare organizations participating in Medicare Advantage, the message is unmistakable. Whether CMS appeals the court decision, issues a revised rule, or moves forward with audits under a different framework, the volume and intensity of RADV scrutiny will only increase. Organizations that wait for regulatory clarity before taking action will find themselves scrambling to respond when audit notices arrive.
Understanding the Current RADV Environment
RADV audits verify that diagnosis codes submitted by MAOs for risk adjustment are supported by medical record documentation. When diagnoses lack proper support, CMS may recoup overpayments. Historically, these recoveries applied only to the sampled records reviewed during the audit. The 2023 final rule would have allowed CMS to extrapolate findings across entire contract populations starting with Payment Year (PY) 2018, potentially turning a few hundred thousand dollars in sample findings into millions in extrapolated penalties.
The court’s decision to vacate that rule creates legal uncertainty about extrapolation methodology, but it does nothing to reduce the fundamental audit risk MAOs face. CMS still plans to complete all outstanding RADV audits for PY 2018 through 2024 by early 2026. The agency is expanding its workforce from 40 to approximately 2,000 reviewers and implementing enhanced technology, including Artificial Intelligence (AI) tools, to identify unsupported diagnoses at scale.
Even without extrapolation, the sheer volume of audits and records under review represents significant exposure. MAOs that previously avoided selection for RADV audits will now face annual reviews. CMS is also increasing sample sizes from the standard 35 records per plan to between 35 and 200 records depending on plan size, improving the statistical validity of audit findings regardless of whether extrapolation is ultimately applied.
The Hierarchical Condition Category Challenge
At the heart of RADV audits lies Hierarchical Condition Category (HCC) coding accuracy. CMS uses HCCs to risk adjust payments, with higher payments for enrollees whose diagnoses indicate more intensive healthcare resource needs. The Office of Inspector General (OIG) has consistently found that certain diagnosis codes are more vulnerable to audit failure than others.
Recent OIG audits identified approximately 70 percent of high risk HCC codes as unsupported by medical record documentation. These include diagnoses like acute stroke without associated inpatient claims, major depressive disorder without corresponding medication or treatment claims, and diabetes with complications lacking documentation of the specific complications. The OIG has even released the Structured Query Language (SQL) code it uses to identify these problematic patterns, essentially providing a roadmap for what auditors will target.
MDaudit’s 2024 Benchmark Report, analyzing data from more than 650,000 providers and over $150 billion in denials, found a 72 percent increase in HCC and RADV audits compared to 2023. This trend predated CMS’s May 2025 announcement, suggesting the regulatory environment will only intensify from here.
Moving from Reactive to Proactive Audit Preparation
Organizations cannot afford to wait until receiving an audit notice to begin preparation. The timeline between notification and record submission is tight, and CMS expects complete, audit ready documentation that validates every HCC submitted for risk adjustment. Attempting to gather and review records retroactively, particularly for payment years dating back five or more years, is a recipe for poor audit outcomes.
A proactive approach requires continuous monitoring of HCC coding patterns before diagnosis codes are submitted to CMS. This means implementing risk based auditing strategies that identify high risk HCCs in real time, allowing Clinical Documentation Improvement (CDI) and coding teams to validate support before claims leave your organization.
The shift toward prospective auditing is already underway among leading healthcare organizations. Within the MDaudit Community, prospective audits increased by 275 percent in 2024 compared to the prior year. Organizations are recognizing that catching and correcting HCC coding errors before submission is exponentially more efficient than responding to external audit findings after the fact.
Technology platforms that enable this shift provide automated workflows for both prospective and retrospective HCC audits. Rather than relying on manual spreadsheets and ad hoc sampling, these systems can ingest billing data at scale, apply risk based selection criteria, and route cases to auditors for review. Audit Workflows that target specific diagnosis codes flagged by the OIG or that fall outside normative ranges based on benchmarking data allow organizations to focus limited auditing resources where risk is highest.
Leveraging Predictive Analytics and Benchmarking
Identifying which HCCs to audit requires more than clinical judgment. It demands data driven insights into coding patterns, payer behavior, and comparative performance against peers. Organizations need visibility into questions like which providers are coding certain HCCs at rates significantly different from their colleagues, which diagnosis codes consistently appear without supporting laboratory results or medications, and which HCCs are being submitted based solely on chart review without corresponding Evaluation and Management (E/M) visits.
Charge Analyzer capabilities that compare HCC utilization against both national CMS data and community benchmarks surface these outliers automatically. When a provider’s HCC coding patterns deviate significantly from expected norms, the system generates alerts that can trigger targeted audits. This approach moves beyond random sampling to intelligence driven selection that maximizes the value of each audit performed.
Predictive analytics take this a step further by forecasting where future RADV audit risk is likely to emerge. By examining historical patterns across billing, coding, audit, and denial data, these tools identify trends before they become systemic problems. If a particular service line shows increasing reliance on high complexity HCCs without corresponding increases in supporting documentation quality, predictive models flag this as an emerging risk area requiring intervention.
Documentation Quality as the Foundation
Technology and analytics are only as effective as the documentation they analyze. RADV audits ultimately succeed or fail based on whether medical records clearly demonstrate the presence of each condition, document clinical evaluation of that condition, and show integration into the patient’s care plan. Vague or incomplete documentation, reliance on previous diagnoses without current year validation, and missing linkage between diagnoses and treatment all create audit vulnerability.
Organizations must establish clear documentation standards that align with CMS requirements and ensure providers understand what constitutes audit ready support for each HCC. This requires ongoing education informed by audit findings, with feedback loops that connect documentation deficiencies identified in internal audits back to provider training programs.
Coder Workflow tools that provide real time feedback to coding professionals during the coding process help catch potential issues before claims are submitted. When a coder assigns an HCC, the system can prompt verification of specific documentation elements required to support that code. Integrated workflows ensure that queries to providers for additional documentation are tracked and resolved systematically rather than falling through organizational cracks.
Preparing for External Audit Response
Even with robust internal audit programs, organizations will receive RADV audit notifications. The ability to respond efficiently depends on having systems in place for managing the external audit process from notification through record submission and potential appeal.
External Audit Workflow modules centralize all payer audit cases in a single platform, eliminating the spreadsheets and email chains that typically characterize audit response. When a RADV audit notice arrives, the platform can parse key details from the payer request letter using AI, automatically identifying which enrollees and HCCs are under review.
SmartScan.ai technology automates aspects of the chart retrieval and organization process, reducing the manual effort required to compile complete medical records for each sampled enrollee. Electronic submission of medical documentation (esMD) capabilities ensure timely filing of records and supporting materials while maintaining a complete audit trail.
The value of these streamlined workflows extends beyond efficiency. They provide transparency into audit status, allowing leadership to track progress and identify bottlenecks in real time. When CMS is auditing hundreds of plans simultaneously and expecting rapid turnaround on record requests, organizations cannot afford gaps in their response process.
The Role of AI Assist in Democratizing Insights
Traditionally, deep analysis of HCC coding patterns and RADV risk required specialized expertise in both clinical coding and data analytics. This created bottlenecks where insights remained siloed within small teams rather than being accessible across the organization.
Natural language query tools democratize access to these insights by allowing users to ask questions in plain language and receive precise data driven answers. A compliance officer can ask which providers have the highest number of HCCs supported only by chart review diagnoses, or which facilities show unusual patterns in major complication and comorbidity (MCC) coding, and receive immediate visual responses with drill down capability.
This accessibility matters because RADV preparation cannot be solely the responsibility of a centralized audit team. It requires engagement from coding leadership, CDI specialists, provider liaisons, and Revenue Cycle Management (RCM). When all of these stakeholders can independently access relevant insights, the organization can respond more quickly to emerging patterns and coordinate intervention across departments.
Financial Impact and Organizational Priorities
The stakes for RADV audit performance have never been higher. MDaudit’s 2024 Benchmark Report found that external audit volume more than doubled compared to 2023, with total at risk dollars increasing fivefold to an average of $11.2 million per customer. While these figures reflect all types of external audits, not RADV specifically, they illustrate the mounting financial pressure healthcare organizations face from payer scrutiny.
For Medicare Advantage Organizations, RADV audit failures translate directly to payment recoupments. Even a modest error rate in the audited sample, when applied across a large enrollee population through extrapolation (if that methodology is ultimately upheld or reinstated), can result in eight figure liabilities. Organizations with thinner operating margins cannot absorb these hits without significant impact to their financial stability.
This reality should elevate RADV readiness from a compliance checkbox to a strategic financial priority. Chief financial officers need visibility into the organization’s HCC coding accuracy, internal audit findings, and comparative performance against benchmarks. Executive dashboards that aggregate this information and quantify financial exposure enable informed decisions about resource allocation and risk mitigation strategies.
Building Sustainable Compliance Infrastructure
RADV audit readiness is not a project with a defined end date. It is an ongoing operational capability that must be embedded into standard revenue cycle and compliance workflows. Organizations that treat RADV preparation as a periodic fire drill will perpetually struggle with audit response, while those that build continuous monitoring into their operations will gain confidence that their HCC submissions can withstand scrutiny.
The foundation of sustainable compliance infrastructure includes automated data ingestion from billing systems, standardized audit workflows that apply consistently across all auditors and sites, integrated communication tools that connect auditors with coders and CDI specialists, and reporting mechanisms that track both individual audit outcomes and aggregate trends over time.
Equally important is the cultural shift required to prioritize accuracy over volume. In risk based payment models, there is inherent tension between maximizing risk adjusted revenue through complete capture of all valid HCCs and maintaining conservative coding practices that minimize audit exposure. Organizations must find the right balance, which requires clear policies, consistent training, and leadership alignment around acceptable risk tolerance.
Preparing for an Uncertain but Inevitable Future
The September 2025 court decision creates short term uncertainty about RADV extrapolation methodology, but it does nothing to change the fundamental trajectory toward increased Medicare Advantage oversight. CMS has made clear its intent to aggressively audit the program, the OIG continues to publish findings of widespread unsupported diagnoses, and federal policymakers across administrations have expressed concern about the program’s cost to taxpayers.
Whether extrapolation is upheld on appeal, reinstated through revised rulemaking, or replaced with alternative audit intensification methods, the pressure on MAOs to demonstrate HCC coding accuracy will continue to mount. Organizations that invest now in the systems, workflows, and expertise needed for proactive RADV preparation will be positioned to weather whatever regulatory changes emerge.
MDaudit’s continuous risk monitoring platform provides the technology infrastructure organizations need to shift from reactive audit response to proactive risk management. By unifying billing compliance, coding quality oversight, and revenue integrity analytics in a single platform, it enables the cross functional collaboration essential for sustainable RADV readiness.
The time to prepare for RADV audits is not when the audit notice arrives. It is now, through systematic implementation of risk based auditing strategies, investment in data analytics and automation tools, and organizational commitment to documentation quality and coding accuracy. The regulatory environment will remain complex and uncertain, but the need for readiness is crystal clear.
