With Department of Justice (DOJ) enforcement actions mounting and the Centers for Medicare & Medicaid Services (CMS) signaling sustained audit pressure, Medicare Advantage compliance teams are being pushed toward adopting an “always-on” position that is built on data, documentation, and operational control. This article highlights key lessons from last week’s CompliancePalooza sessions on DOJ scrutiny, prior authorization, and Risk Adjustment Data Validation (RADV) audit readiness.
On DOJ's growing scrutiny of Medicare Advantage
Mary Inman, partner at Whistleblower Partners, LLP, framed the recent multimillion-dollar Kaiser Permanente and Aetna settlements as part of a steady DOJ focus on how Medicare Advantage organizations, providers, and vendors influence risk scores.
She urged compliance leaders to view the recent Kaiser Permanente resolution as a major “crescendo” in a long-running risk adjustment enforcement arc and not a one-off incident.
“Kaiser doesn’t sit in isolation, but in fact is part of a large body of cases that have successfully resolved regarding risk adjustment fraud,” Inman said, noting that Medicare Advantage plans, provider groups, and even vendors have all been swept into investigations and settlements.
Inman emphasized that most cases are fueled by insiders. “Thanks to a lot of whistleblowers, I think about 90 percent of the cases in this area are brought by whistleblowers,” she explained, adding that the government has become “quite sophisticated in sussing out the types of practices that may cross boundaries and cross lines.” She also reminded attendees that exposure can stretch far into the past: in her experience, some False Claims Act matters took “about 12 years from start to finish,” long enough for legacy coding and audit decisions to resurface as new legal risk.
The session then broke down what Inman called the “variety of risk adjustment fraud” theories DOJ has pursued—ranging from “one way chart review” (adding diagnoses without making needed deletions) to home health assessments that “may not meet the M.E.A.T criteria,” as well as coding driven by addenda, problem lists, or outdated history. Inman warned that audits can create repayment obligations: “You can’t unring that bell once you know about error rates…there’s something called the 60 day-rule,” she said, underscoring the need for strong feedback loops between internal reviews and repayment/correction processes.
On Kaiser specifically, Inman described how whistleblower allegations focused on governance and documentation practices, including pressure to use medical record addenda to append diagnoses “for conditions the patients didn’t have and weren’t treated for the visit.” She noted the case ultimately centered on two relators, but “the cases originally started with something like 10 whistleblowers,” a reminder that concerns can arise simultaneously across functions like coding, audit, and data quality.
Beyond risk adjustment, she highlighted an expanding enforcement lens on Medicare Advantage marketing and referral relationships under the Anti-Kickback Statute. “A kickback is a knowing offer of payment of remuneration…to induce or reward patient referrals,” Inman said, pointing to government warnings about suspect arrangements between Medicare Advantage plans, providers, and brokers—including practices that encourage steering and “lemon dropping” (avoiding higher-cost beneficiaries).
Finally, Inman flagged AI as the next accelerant of fraud risks. While the “same opportunities for fraud exist,” she predicted “the scale of it is going to be so much larger” as hospitals and plans deploy AI-assisted coding and outreach tools. Her practical guidance was to keep “coders in the loop,” invest in “checks and audits,” and scrutinize vendor incentives.
Takeaways
DOJ is treating Medicare Advantage risk adjustment enforcement as a long-running campaign: “Kaiser doesn’t sit in isolation… [it] is part of a large body of cases… regarding risk adjustment fraud,” said Inman.
Whistleblowers are driving the pipeline—and DOJ is getting more sophisticated: “Thanks to a lot of whistleblowers… DOJ… is quite sophisticated in sussing out the types of practices that may cross boundaries and cross lines,” Inman said.
AI can scale existing fraud risks faster and wider: Make sure human coders are reviewing AI-enabled decisions that may inflate the severity of a diagnoses or suggest codes that aren’t supported by medical record documentation. Don’t treat AI as a “set it and forget it solution.” Test outputs, monitor error rates, and validate documentation standards. Before purchasing AI enabled tools, ensure that the vendor isn’t overstating their capabilities. Be sure your organization takes on rigorous validation and compliance review.
DOJ may soon expand enforcement focus areas: Inman warned attendees that future enforcement areas could include:
- Star ratings score manipulation: Why “gap closing” programs must avoid documentation/measurement practices that distort quality reporting.
- Risk adjustment beyond Medicare Advantage: Inman said there could be potential migration into Medicaid risk adjustment enforcement and a “next wave” in accountable care organizations especially if DOJ perceives the organizations have less oversight than Medicare Advantage.
On prior authorization
Prior authorization compliance is increasingly being assessed through a member-access lens, especially as regulators push for faster decisions and more transparency into the clinical rationale behind denials, noted Elite Health Plan leaders Jennifer Del Villar and Gail Blacklock.
Plans should treat clinical criteria as a public-facing accountability tool:
“You want to make sure that clinical criteria is clearly defined, that it’s current, it’s publicly accessible, and it meets regulatory requirements,” said Del Villar, who serves as vice president of compliance at Elite Health Plan, Inc., which serves members in the Los Angeles, Riverside and San Bernardino Counties of California.
Del Villar and Blacklock work with a delegated model and are responsible for ensuring that members are protected, their rights are honored, and that prior authorizations are processed properly.
The challenge with the model is that it is fraught with fragmented data due to the multiple levels of health care, facilities, and providers that share information across different systems, said Blacklock, Elite’s chief administrative officer. Some systems are integrated but others may not be configured to speak with one another. That can lead to oversight breakdowns if plans can’t see the “why” behind decisions made across multiple systems.
Takeaways
Prior authorization is being judged on member impact, not just process compliance: “Prior authorizations should be in place not as a cost containment, but as a protection to the member,” said Blacklock.
Make clinical criteria current and easy to find: “You want to make sure that clinical criteria is clearly defined, that it’s current, it’s publicly accessible, and it meets regulatory requirements,” said Del Villar.
Delegation doesn’t delegate accountability: In delegated models, plans need denial-letter visibility and regular operational touchpoints to ensure decisions align with CMS coverage standards (including NCDs/LCDs).
Interoperability gaps are becoming a compliance risk multiplier: Uneven interoperability readiness can make it more difficult to monitor timeliness and denial consistency.
On RADV audit readiness
Value-based care expert Colleen Gianatasio told attendees that RADV readiness needs to be institutionalized, not staged.
“CMS has made very, very aggressive moves in the area of RADV… and we can expect… continuous audits,” she said, describing an environment where plans should assume sustained targeting and real financial exposure.
Even with extrapolation still being litigated, she advised planning as if it remains in play. “I want to make sure that we act as though extrapolation could happen because the impact could be devastating to a plan,” Gianatasio said.
She also cautioned against treating RADV as a narrow coding exercise: “You’re going to need the medical record support that goes along with it,” and she flagged chart retrieval as an underappreciated failure point that can erase gains from coding and documentation programs. Her recommended operating model: a cross-functional RADV task force that can execute chart retrieval, provider escalation, and internal validation on a rehearsed timeline.
Takeaways
RADV is moving toward “always-on” audit posture so plan for continuous audits: Operationalize readiness across people, process, and technology rather than treading RADV audits as an episodic event. Build repeatable workflows for chart retrieval, record review, and submission quality control. Run “end-to-end” testing (people, process, technology) to catch truncation, dropped handoffs, and documentation shortcuts that won’t survive audit. Stand up a cross-functional RADV task force with clear ownership and escalation paths (provider relations, contracting, clinical leadership).
Plan for worst-case RADV exposure while the courts debate extrapolation: Documentation integrity and chart retrieval can make or break outcomes, Gianatasio said. Use data-driven targeting to find high-risk diagnoses, validate that documentation supports that the diagnosis exists, and remediate the conditions most likely to drive large error rates. Also remember if you don’t have the chart, you can’t support the code. Due to system complexities, it may take longer to retrieve a chart so plan accordingly. Review your chart retrieval workflow and identify areas for improvement.