Latest regulatory updates
There have already been significant updates announced this year: CMS 2027 Medicare Advantage Final Rule and Rate Announcement, risk adjustment data verification (RADV) audit expansions and activity, and updates from the OIG and DOJ specific to enforcement actions and prioritizations. With these updates, healthcare leaders should reevaluate their compliance stance and assess strategies to strengthen their alignment and readiness to meet new requirements.
Let’s explore these changes and their impacts:
CMS CY 2027 Medicare Advantage and Part D Rate Announcement
The Rate Announcement included key updates relative to the Advance Notice, including a positive change to the risk model revision and normalization factor (from -3.32% to -1.12% ) and overall growth rate (from 0.09% to 2.48%). This is projected to result in $13 billion in increased payments to Medicare Advantage plans.
CMS also made the decision that the CMS-HCC version 28 model will remain the same, referencing 2019 diagnosis and expenditure data, deferring the proposal to update to more recent data and giving organizations more time to prepare for this change. CMS upheld the proposal to exclude diagnoses from unlinked chart records, but provided an exception for beneficiaries who are switching from one Medicare Advantage organization to another. The announcement also formalized the exclusion of audio-only telehealth services.
The impact of excluding unlinked chart reviews will depend largely on an organization’s readiness level, as well as its reliance on retrospective reviews and potentially unlinked chart reviews to capture diagnosis information. The policy direction reflects CMS’s broader expectation that risk-adjustment eligible diagnoses be tied to evidence of delivered care and traceable member encounters.
CMS RADV audit updates
In May 2025, CMS announced its plans to update annual RADV audits to all eligible Medicare Advantage plans, significantly expanding its auditing efforts, In 2026, CMS published the RADV audit schedule and announced several updates, including restoring a five-month window for medical records submission, a continuation of the maximum of two medical records per audited HCC, and sample sizes ranging from 35 to 200 enrollees based on contract size. To prepare for the expansion of audit scope and the potentially significant financial exposure involved, healthcare organizations should focus on enhancing their compliance strategies and investing in stakeholder alignment and audit readiness.
OIG and DOJ Justice enforcement priorities
Earlier this year, the OIG published a new compliance manual for Medicare Advantage that explicitly mentions board-level accountability and compliance officer autonomy, as well as self-audit education that covers internal, external, and third parties. Both the OIG and the DOJ have emphasized the importance of plans appropriately managing Medicare Advantage risk adjustment programs and focusing on clinically supported diagnoses as well as accountability and alignment on consistent and accurate documentation.
The emphasis on self-audit education and vendor oversight also means that internal teams, providers, and third-party partners all must unite to understand and align expectations. These steps aren’t just a matter of internal readiness; they are part of an ecosystem shift from reactive preparation to proactive monitoring. Healthcare organizations need to innovate and strengthen efforts to connect more closely with encounter data and care outcomes. At the same time, they must also prepare for increased risks, including potential RADV liabilities, the need for larger financial reserves, greater earnings volatility, and possible retroactive changes to previous financial statements.
Together, these developments point toward the same underlying trend: increased expectations for data integrity, encounter linkage, and demonstrable clinical support across the risk adjustment lifecycle.
Next, we will examine how embedding compliance into operational workflows can help organizations align with these trends, turning compliance from a risk to a strategic advantage. Let’s start with foundational requirements.
Firming up risk adjustment foundations
Effective risk adjustment compliance starts with the right organizational foundations. Organizations that design workflows with compliance built in from the start—rather than bolted on later—are better positioned to withstand regulatory scrutiny and demonstrate audit readiness. This means establishing clear accountability, granting compliance officers direct access to leadership, and breaking down silos between clinical teams, data scientists, and compliance functions.
Technology plays a vital role in enhancing data integrity by enabling bidirectional data exchange with provider systems; unified data architecture across claims, encounter, clinical, and quality data; and member-centric data integrations that may improve visibility and support better informed decision-making. However, technology without proper governance introduces risk. Business leaders should prioritize secure infrastructure with robust access controls, PHI governance, and transparency into data management and validation.
Once these foundations are firmly in place, plans can explore potential for dedicated compliance enhancements.
Compliance enhancements
With tightened scrutiny of the ties and accuracy between risk adjustment diagnoses and delivered care, healthcare organizations should strengthen retrospective programs for medical record retrieval and data integration.
Medical record retrieval
Medical record retrieval is essential for surfacing unsupported diagnoses and improving audit readiness, and digital retrieval can improve speed and scalability. But technology alone isn’t enough; success also requires provider engagement, strong operations, and high-quality data, particularly because many providers aren’t fully digital yet.
Organizations should therefore focus on strengthening provider network engagement to optimize not only volume, but also the quality of information received. Overall operational discipline should be another key area, prioritizing tracking performance in real time and launching timely interventions to improve retrieval outcomes.
Medical record coding
Success in medical record coding requires the same ability to leverage technology and automation benefits while ensuring expert oversight to improve both efficiency and outcomes. Areas ripe for operational change include:
Two-way review
Leading organizations are shifting toward balanced two-way review workflows that evaluate both add and delete opportunities. Removing unsupported diagnoses is becoming just as important as identifying missed conditions in reducing audit exposure and improving documentation integrity. Reviewers should be able to easily access evidence highlighting and validation across data sources to quickly confirm whether a condition was actually monitored, evaluated, assessed, or treated.
Chart linking
Once a diagnosis is confirmed, it should be appropriately supported by and associated with relevant encounter data in accordance with applicable CMS requirements. Organizations can streamline chart linkage using matching logic to automatically suggest likely encounters while keeping human coders review to manage oversight and more complex situations. This way, they can surface contextual claim link recommendations and streamline coders’ ability to review options and confirm suggested action. These dedicated capabilities help reduce the need for manual work and support workflows designed to improve documentation, appropriate linkage, and audit readiness.
High-risk diagnosis codes
Some conditions carry more risk than others. Having tools in place to help prioritize and add extra effort and supervision can help significantly support program integrity and consistency. In its dedicated toolkit, OIG has highlighted areas such as acute stroke, heart attack, embolism, and certain cancers as examples of conditions posing increased risk, leading organizations to build focused review process around them. Processes could include creating a dedicated QA work list, intentional evidence verification, and a dedicated reporting system to help monitor patterns, trends, and repeat issues before they become external findings.
Audit readiness
Compliance practices are changing from a year-end activity to a continuous process baked into everyday operations. Organizations need visibility throughout the year into risk adjustment factor (RAF), documentation status, retrieval status, compliance posture, and more. To meet this need, they should use standard workflows to surface risk and close documentation gaps earlier, and to reduce the number of members with records that fall outside of review.
Data integrations
Data integrity and accuracy require transparency, auditability, and traceability across the risk adjustment lifecycle. Where fragmented workflows create the risk of data leakage and inconsistency, data integrations can help improve data integrity, facilitate end-to-end oversight, support audit-readiness, and improve data consistency.
Integrating medical record coding and encounter submission programs through bidirectional, automated data flows is a clear opportunity to improve accuracy. Manual processes increase the risk of data leakage during transactions, which can limit the ability to reflect accurate patient acuity and associated risk scores; connected and integrated systems enable seamless data flow, reducing this risk and improving accuracy. Connecting capabilities end to end reduces manual errors, improves traceability, and increases visibility across the workflow. The resulting benefits can also include lower time and administrative burden; reduced data leakage; improved data integrity and quality; and stronger control, accuracy, and compliance.
Ultimately, the differentiator is not simply having the right capabilities, but ensuring they are integrated to perform reliably across the full process. Fragmented workflows not only increase operational burden, but also create risk that diagnoses identified during review never make it into encounter submission.
Innovations roadmap
Several innovations are on the horizon for risk adjustment—with a foundational shift towards speed. The industry is shifting focus earlier in the lifecycle to move data capture closer to the encounter, with prospective workflows enabling interventions before visits take place. For example, imagine that clinical analytics identify a member with stage 3 chronic kidney disease (CKD), with an estimated glomerular rate of 38 from a visit the year before and an annual wellness visit in two weeks. The potential gap can be identified and surfaced in the provider’s EHR workflow so the provider can assess, document, and link the condition to the encounter in real time as appropriate.
Concurrent risk adjustment extends the same idea into claims operations. If a member has known diabetes but a claim arrives without that diagnosis, the system can flag it and route it for appropriate clinical and coding review prior to submission, keeping diagnoses aligned to the encounter from the start and supporting defensibility.
Together, prospective and concurrent strategies—supported by coordinated member and provider outreach—improve capture, reduce leakage, and strengthen provider experience, member engagement, and retention. This is all possible while complementing retrospective programs and shifting the balance toward earlier, more connected, and more defensible capture.
Building audit-ready risk adjustment
Risk adjustment expectations are shifting quickly, and 2026 is making the direction clear: diagnoses must be clinically supported, accurately coded, and appropriately linked to a corresponding encounter. As CMS, the OIG, and the DOJ sharpen their focus on data integrity, organizations that rely on late-cycle remediation or loosely connected chart review may face increasing operational and financial risk. The path forward is to build durable foundations, modernize compliance workflows for continuous audit readiness, and shift earlier through prospective and concurrent approaches. By combining technology with expert human oversight, health plans and providers can help reduce leakage, improve accuracy, and create a risk adjustment program that is more resilient to ongoing regulatory change.
*Please note that nothing contained herein constitutes legal or regulatory advice.
Get your risk adjustment program ready with Cotiviti and see how health organizations are strengthening compliance and reducing risk across the risk adjustment lifecycle. Our Risk Adjustment solution brochure highlights the capabilities and approaches that are designed to support improved accuracy, reduce data leakage, and enhance continuous audit readiness.
