The Centers for Medicare & Medicaid Services (CMS) has launched a seismic shift in how it approaches Risk Adjustment Data Validation (RADV) audits, one that demands the full attention of every Medicare Advantage Organization (MAO).
In May 2025, CMS released a press statement and new audit guidance for Payment Year 2019 (Q&A here), outlining the most aggressive and expansive audit strategy to date. This initiative is part of CMS’ broader goal to increase oversight, enhance payment accuracy, and deter fraud in the MA program.
The implications for MAOs are substantial.
The new RADV audit reality
Historically, CMS has audited a relatively small number (typically between 30 and 60) of MA contracts and used small sample sizes. Those days are now over. Starting with the PY2019 audit, CMS enacted substantial reforms that broaden the scope, intensify the complexity, and shorten response timelines for all future RADV audits.
Key changes include:
- All contracts are now subject to audit: CMS will audit all 550+ MA contracts, expanding from its previous approach of auditing a limited sample.
- Larger sample sizes per contract: Instead of reviewing 35 enrollee records per contract, CMS will now audit between 35 and 200 records, depending on the enrollment size of the MAO.
- Tighter response timelines: MAOs now have only 12 weeks to respond to an audit—down from 22 weeks—putting immense pressure on coding, compliance, and legal teams.
- Fewer opportunities to defend HCCs: CMS will now allow submission of only two medical records per HCC, reduced from five, requiring more precise record selection.
- Major expansion of CMS audit resources: CMS is increasing its team from 40 to 2,000 coders and is deploying enhanced technologies to accelerate chart reviews to identify unsupported diagnoses.
- Aggressive backlog clearance: CMS aims to clear its backlog of 7 audits by 2026, making it clear that these changes are not temporary, they represent the new normal.
These changes signal a turning point in CMS’ approach, moving from targeted sampling to comprehensive, system-wide auditing.
Massive extrapolation penalties at stake
Perhaps the most consequential aspect of this new audit strategy is the expanded use of extrapolation. If unsupported HCCs are identified in the audit, CMS will extrapolate those findings across the entire plan population, potentially triggering millions of dollars in payment recoveries.
CMS estimates that extrapolation could cost MAOs an average of $9.5 million per contract per year. For many organizations, that represents not just a financial loss, but a major business and compliance risk.
Impact on MAOs: More pressure, less room for error
These changes dramatically raise the stakes for MAOs and can lead to big consequences.
For MAOs, this means:
- Compressed timelines require half the time to do twice the work
- Each submitted chart must be carefully selected and fully defensible|
- Manual or disconnected workflows are no longer sustainable
- A single error in a small sample can trigger extrapolated penalties of millions of dollars
MAOs relying on manual workflows are more likely to miss critical audit requirements, such as locating all risk-adjustable HCCs, ensuring complete documentation, and meeting tight submission deadlines. These gaps can result in poor audit outcomes, exposing organizations to significant financial penalties and reputational damage.
Preparing for PY2020 now—Yes, already
While PY2019 audits are just beginning, PY2020 is already on the horizon. CMS’ plan to accelerate audit volume means multiple audit years could soon be running in parallel.
RADV audits are no longer rare events. They are now a routine part of doing business in MA.
Therefore, MAOs must shift from reactive to proactive, and very quickly adopt forward-looking strategies.
The changes introduced with PY2019 signal a long-term shift in oversight strategy, and the MAOs that adapt early will be best positioned to avoid large penalties and withstand future audits.
Whether your organization has received its audit notification or is preparing for what’s next, the message from CMS is clear:
Audit response readiness is no longer optional, it’s mission critical.
The future of RADV audit response is tech-driven
To prepare for the new audit environment, many MAOs are turning to purpose-built RADV audit response technology.
Our clinically-trained AI platform is designed to help MAOs:
- Operate from a centralized command center that connects coders, QA, compliance, and leadership
- Maximize validation rates through AI-powered confidence scoring
- Rapidly identify and prioritize the two strongest charts per HCC using AI-enabled coding software
- Leverage real-time project management tools for full visibility into coding and submission workflows
By implementing a structured, technology-driven response strategy, MAOs can reduce stress, improve accuracy, and meet CMS’ new audit deadlines with confidence.
Contact us for more information on the Wolters Kluwer Risk Adjustment Solution, the Health Language Coder Workbench, and our Regulatory Audit Module.
Also, make sure to swing by our booth at the upcoming RISE West Conference, August 25-27 in Las Vegas to say hello and learn how we can help you prepare for the next, inevitable audit!