In May 2025, the Centers for Medicare & Medicaid Services (CMS) announced a dramatic expansion of its Risk Adjustment Data Validation (RADV) audit program. Historically, CMS audited about 60 Medicare Advantage (MA) contracts each year. Moving forward, it will scale those audits to cover more than 550 MA plans, leveraging new technology, expanding its coding team from 40 to 2,000 professionals, and applying payment extrapolation methods to recoup funds when diagnosis coding doesn’t hold up under review.
For payers, this means every Hierarchical Condition Category (HCC) must be captured with pinpoint specificity, while providers will feel increased pressure to document that specificity accurately at the point of care; otherwise, payers may push the documentation back to them later.
This marks a turning point for payers and providers alike. Organizations must prepare for increased documentation scrutiny and greater financial risk as oversight tightens. Below, we break down what RADV audits entail, how they compare to other oversight efforts like OIG audits, and how to determine whether you’re truly audit-ready.
What is RADV?
RADV stands for Risk Adjustment Data Validation. It’s the process CMS uses to confirm that diagnoses submitted for payment under the Medicare Advantage program are supported by proper clinical documentation. These diagnosis codes contribute to a beneficiary’s Risk Adjustment Factor (RAF) score, which directly impacts plan reimbursement.
RADV audits verify whether the conditions used to calculate payments are accurately documented in the medical record. If they’re not, CMS may demand repayment. The goal is to ensure that payments reflect enrollees’ true health status, not errors or inconsistencies in coding.
What does a RADV audit look like?
A typical RADV audit begins when CMS selects a statistically valid sample of enrollees from a Medicare Advantage contract. Plans must then retrieve and submit medical records supporting all diagnosis codes tied to HCCs used to calculate RAF scores.
CMS reviews these records to verify that the submitted codes are backed by clear, accurate documentation and that coding adheres to risk adjustment guidelines. If unsupported diagnoses are identified, CMS calculates an error rate that may then be extrapolated across the full MA contract, multiplying the financial impact of any discrepancies. It’s a meticulous, time-sensitive process that puts operational pressure on both payers and their provider networks.
Who’s likely to be audited, and who gets involved?
With the program’s expansion, all eligible Medicare Advantage contracts are now subject to RADV audits, not just a small subset. Health plans must be prepared to respond quickly, often with support from provider networks, HIM teams, risk adjustment professionals, coders, legal counsel, and compliance officers.
Because CMS requires medical records that justify diagnosis coding, the burden of proof often rests with the original provider. Although a provider may assign a diagnosis code, if detailed documentation is lacking to substantiate that the diagnosis is correct, the audit can still trigger findings.
OIG audits vs. RADV audits: What’s the difference?
While both RADV and Office of Inspector General (OIG) audits aim to protect the integrity of Medicare, they differ significantly in scope and trigger mechanisms.
RADV audits are proactive, recurring reviews initiated by CMS to validate the accuracy of risk adjustment payments. These audits follow a standardized methodology and are part of CMS’s broader push for payment integrity.
OIG audits, by contrast, are typically investigative. They may be triggered by anomalies in claims data, whistle-blower reports, or patterns suggestive of fraud, waste, or abuse. OIG audits can cover a wide range of compliance areas — not just risk adjustment coding.
While both can result in financial consequences, RADV audits are now more routine and wide-reaching, especially in light of CMS’s May 2025 announcement.
How disruptive are RADV audits?
For organizations that aren’t prepared, RADV audits can be extremely disruptive. Gathering the required documentation involves tracking down and organizing large volumes of medical records from multiple care settings. Records must be complete, legible, and appropriately dated to meet CMS’s standards.
Consider that the average family physician manages about 82 patient encounters each week – roughly 3,800 encounters a year. Revisiting even a fraction of those charts months later significantly burdens clinicians who are already stretched thin.
Internally, audits draw resources away from day-to-day operations. HIM staff, coders, and compliance teams may be redirected for a few weeks to months to handle chart retrieval, documentation review, and audit preparation. Coordination across payer and provider teams can be challenging, particularly if documentation practices vary widely.
These processes often stretch over months, introducing delays and creating opportunity costs for other strategic initiatives like value-based care.
What are the risks and penalties?
The most immediate risk from a RADV audit is financial. If CMS finds unsupported diagnoses in the audit sample, it can extrapolate the error rate to the full contract population — potentially resulting in millions of dollars in repayment.
But the risks go beyond dollars. Failed audits may prompt internal investigations, require process overhauls, or result in strained relationships between plans and providers. Reputational damage and provider dissatisfaction are common ripple effects when documentation isn’t audit-ready.
With CMS scaling its resources and oversight, the stakes have never been higher.
Are you RADV audit-ready?
Many organizations assume their documentation and coding workflows will hold up under audit — until they’re put to the test. To evaluate your readiness, ask yourself:
- Can each diagnosis code you submit be traced directly to a clearly documented, clinically valid provider note?
- Are chronic conditions documented consistently, even if they aren’t the focus of the visit?
- Is your coding aligned with the latest CMS risk adjustment guidance?
- Do you use tools to detect documentation or coding discrepancies before data submission?
- Can your team efficiently retrieve and validate records across your provider network?
If you’re uncertain about any of the above, it may be time to revisit your audit readiness strategy.
How IMO Health can help
At IMO Health, we specialize in improving data integrity and supporting audit readiness through clinically precise terminology and structured documentation tools.
Our solutions help capture accurate diagnoses at the point of care, align them with HCCs, and ensure clinical data is clean, normalized, and audit-ready. By identifying discrepancies before they reach CMS, we help reduce the risk of rework, denials, or repayment demands.
With IMO Health, you gain stronger documentation, fewer surprises, and greater confidence in your risk adjustment performance.
RADV audits are no longer occasional — they’re inevitable. With CMS ramping up enforcement, organizations must act now to reduce risk and avoid unnecessary disruptions.
By investing in documentation quality, engaging providers, and partnering with a trusted data integrity expert, payers and providers can stay audit-ready and focused on what matters most: delivering high-quality, value-driven care.
