PCOOB Weekly · April 18, 2026 · Vol. 1, No. 1

The Audit That Doesn't Stop

CMS has scaled its Medicare Advantage audit infrastructure from 40 coders to roughly 2,000, moved to universal plan coverage, and locked in a quarterly cadence. The question is no longer whether your plan gets audited — it's whether your documentation, coding governance, and data traceability can hold up under continuous scrutiny.

Payer Compliance · Program Integrity · RADV

This Edition

How CMS Has Industrialized RADV and What It Demands from Every MA Plan

April 18, 2026

An operational fault-line analysis for compliance officers, CFOs, risk adjustment leaders, IT and data leads, and everyone responsible for documentation governance in Medicare Advantage.

The Opening Argument

For most of the past decade, RADV audits operated like a regulatory lottery. CMS audited a sample of plans. Most plans calculated their odds and managed accordingly. Some invested in documentation. Others hoped the selection process wouldn't land on them.

That logic no longer applies.

CMS has fundamentally changed the structure of its Risk Adjustment Data Validation program. It has scaled its certified coder workforce from approximately 40 to roughly 2,000. It has expanded audit coverage to encompass all 550-plus eligible Medicare Advantage contracts. It has established a cadence of new audit initiations approximately every three months.

Payment Year 2020 audits began in February 2026 and are already underway. AI-enabled tools are now supporting coder efficiency, though final overpayment determinations remain with human coders.

This is not an escalation.
It is a redesign.

Certified Medical Coders Supporting RADV

40 ↓ 2,000

At 40 coders, the audit was real but bounded. At 2,000 coders, CMS has the throughput to audit all eligible contracts simultaneously and begin building a longitudinal record of coding accuracy for every plan.

550+ MA Contracts

Every 3 Months

PY2020 Underway

The operational logic of what CMS has built

Plans could previously respond to RADV with short-term documentation intensification, then relax between cycles. That model is structurally over.

The five-month medical record submission window CMS restored provides more operational runway. But that concession does not change the fundamental dynamic. Plans that approach RADV as a compliance event they prepare for when selected are already behind.

The audit machine is now running continuously.

OVERPAYMENT

OIG Audit Findings — 2026

The OIG data is consistent, and it is uncomfortable.

$4.4M

Priority Health

Contract H2320. Estimated net overpayment for 2018–2019. 252 of 300 sampled enrollee-years had unsupported diagnosis codes.

$4.3M

Gateway Health Plan

Contract H5932. Estimated net overpayment for 2018–2019. 232 of 286 sampled enrollee-years had unsupported codes.

9.5%

MA Payment Error Rate

CMS's own estimate of improper MA payments, primarily due to unsupported diagnoses. Roughly $30 billion annually across the program.

These are not outliers. OIG has documented for years that approximately 70 percent of high-risk diagnosis codes lack adequate supporting documentation in medical records. The question RADV industrialization raises is not whether improper payments exist — they clearly do, at scale, and across many plans.

The question is what systematic documentation failure means when it is reviewed quarterly, at full coverage, by 2,000 coders using AI-assisted tools.

$ audit-exposure-map --radv --all-contracts --py2020

Where the exposure
actually lives

[01] Origin

Treating Physician — documentation practices, clinical specificity, encounter note completeness

[02] Facility

Hospital / Clinic Coding — coding standards, ICD-10 precision, coder training and oversight

[03] Delegation

Delegated Providers / FDRs — contractual documentation obligations, vendor-level coding audits, FDR oversight adequacy

[04] Plan

Plan Coding Operations — validation workflows, risk adjustment submissions, internal audit cadence

[05] Submission

Data Systems — aggregation, transmission, storage of diagnosis data submitted to CMS

[06] Review

CMS / RADV Audit — 2,000 certified coders + AI-assisted pattern review + quarterly cadence

9.5%

// MA payment error rate

CMS's own estimate of improper Medicare Advantage payments — primarily unsupported diagnoses. Roughly $30 billion annually across the full program.

// FDR warning

If a plan cannot demonstrate that its FDRs are producing clinical documentation that meets CMS standards, the audit exposure is not just financial. It is a governance and oversight failure.

~70%

// high-risk codes

OIG has documented that approximately 70% of high-risk diagnosis codes audited lack adequate supporting documentation in medical records.

PCOOB Weekly — Vol. 1, No. 1 April 18, 2026

What AI-Assisted Auditing Changes

CMS's use of AI tools to support coder efficiency deserves careful interpretation. The agency has been clear that AI assists coders but does not replace them — all overpayment determinations are made by certified humans. That distinction matters legally and procedurally.

But AI-assisted auditing changes the efficiency profile of the audit program substantially. Coders can review more records in less time. Pattern recognition tools can flag high-risk diagnoses or unusual coding patterns for prioritized review. Documentation completeness can be assessed at volume before any human coder sees a record.

Source: Healthcare Dive reporting on CMS RADV update; AHCANCAL — CMS Overhauls RADV Audit Program for Medicare Advantage Plans. CMS has confirmed AI assists but does not replace human coders in final determinations.

What this means

Volume

The audit can now reach everything

The volume of records CMS can review per audit cycle is larger than any previous program. Documentation that might have been technically reviewable but practically unlikely to be examined is now more likely to surface.

Quality

Thin documentation no longer passes unnoticed

Plans that have historically relied on documentation that is technically present but clinically thin are more exposed. Pattern-based review will find systematic gaps faster than sampling-based audit ever could.

The bottom line

Human coders decide. AI finds the targets.

Final overpayment determinations remain with certified coders — but AI narrows the field to the highest-risk records first. That changes what gets reviewed, and what gets found.

A plan working through a PY2020 audit response while PY2021 records are being requested — while a PY2022 cycle is being initiated — is operating in a state of continuous audit engagement.

PCOOB Weekly Analysis — April 18, 2026

What the quarterly cadence means in practice

Under the previous selective model, a plan that completed an audit cycle could expect a meaningful interval before the next one. Staff, vendors, and systems could be recalibrated based on findings before the next exposure window.

That interval is gone. The administrative burden is real. The staffing implications for compliance, clinical documentation, and audit response are significant.

Feb 2026

PY2020 RADV audits initiated

Q2 2026

PY2021 audit cycle expected to begin

Q3 2026

PY2022 audit cycle expected to begin

Ongoing

New audits initiated approximately every 3 months across all 550+ eligible contracts

What Leaders Should Do Now

Structural change requires a structural response.

Plans that treat documentation improvement as a project — something done before an expected audit and then deprioritized — will cycle through corrective action plans indefinitely.

The more durable response is to embed documentation standards, coding governance, and FDR accountability into the operating model as permanent functions, not audit-triggered responses.

That means establishing ongoing coding audits at the physician and vendor level, not just the plan level. It means building data infrastructure that can trace a diagnosis submission from a clinical encounter to a CMS submission with full documentation trail. It means treating FDR documentation standards as a compliance obligation with financial consequences, not a contractual formality.

And it means having a clear, current understanding of where the plan's documentation gaps are — because CMS now has the capacity to find them regardless.

The audit that doesn't stop requires a compliance posture that doesn't pause.

Why This Matters

Implications Across
Your Organization

Compliance Leaders

RADV is no longer a risk to monitor. It is a program to manage continuously. Plans without ongoing coding governance and documentation audit functions will face recurring findings and overpayment exposure on a quarterly basis.

Operations & Clinical Documentation

The documentation standards that feed risk adjustment must meet CMS evidentiary requirements — not just internal coding guidelines. The path from clinical encounter to CMS submission has to be traceable and defensible at every step.

IT & Data Leaders

Data traceability is now an audit requirement, not a reporting preference. Systems that cannot produce a clean chain of custody from encounter to submission present compliance risk.

CFOs & Executive Leadership

CMS estimates 9.5% of MA payments are improper. With universal audit coverage and quarterly cadence, overpayment recovery is now a recurring budget consideration, not an episodic one.

FDR & Delegation Oversight

Coding inaccuracies frequently trace to delegated providers. Plans that have not established clear documentation standards in delegation agreements and conducted regular FDR-level coding audits are carrying undisclosed downstream risk.

Audit & Program Integrity

The audit response function must be sized for continuous, overlapping cycles. Plans staffed for periodic engagement will experience operational strain within the first simultaneous audit window.

Questions Leaders Should Ask Now

Eight Questions
for Every MA Plan

Has our compliance program been resourced and structured for continuous RADV engagement, or is it still sized for a periodic audit model?

Can we trace any diagnosis submitted to CMS back to the clinical documentation that supports it — with full chain of custody — in our current systems?

What is our FDR documentation audit cadence? Do we know where our delegated providers' documentation falls short of CMS standards?

What is our estimated financial exposure if 9.5% of our risk adjustment submissions were reviewed at the coding accuracy standard CMS now applies?

Do our vendor agreements establish documentation obligations with clear consequences for non-compliance? Are those obligations being monitored, not just contracted?

Have we modeled the operational burden of simultaneous, overlapping audit cycles? Do we have sufficient staff and infrastructure to respond without disrupting core operations?

Where in our data infrastructure does diagnosis information travel from encounter to submission? Where are the handoff points, and which ones represent documentation risk?

Are we treating AI-assisted audit tools as a reason to tighten our documentation standards, or are we still assuming documentation quality is adequate because previous audits didn't catch it?

Until next week, stay briefed.

Sources

1
CMS — Program Audits: Part C and D
2
Healthcare Dive — CMS presses ahead on accelerated Medicare Advantage audits
3
AHCANCAL — CMS Overhauls RADV Audit Program for Medicare Advantage Plans
4
OIG — Medicare Advantage Compliance Audit: Priority Health (Contract H2320)
5
OIG — Medicare Advantage Compliance Audit: Gateway Health Plan (Contract H5932)
6
Managed Healthcare Executive — CMS's RADV Strategy Will Reverberate Throughout Health Plan Operations