RADV audits are currently a direct bottom-line threat. CMS says Medicare Advantage plans were overpaid $17B in 2023. 

MedPAC puts the number much higher, estimating $43B in annual overpayments. The Department of Justice has already clawed back hundreds of millions.

Now CMS is auditing all 550+ MA contracts annually with extrapolation that can turn small errors into multi-million-dollar losses. 

For CFOs, this isn’t compliance – it’s enterprise risk. The only question is your organization ready for this new era of RADV audits?

 

About the Latest CMS Update

On May 21, 2025, CMS announced a sweeping expansion of CMS RADV audits. 

What used to be a selective process, auditing about 60 contracts a year, is now scaling up to all 550+ eligible MA contracts annually. And they’re not stopping there:

• Audits for Payment Years 2018-2024 will all be completed by early 2026. Under the old cycle, PY 2024 audits might not have started until 2028.
• Record reviews will expand from 35 charts per plan to up to 200 charts
• CMS is increasing its coder workforce from 40 to nearly 2,000 by Sep 2025.
• AI and automation tools will be used to flag unsupported diagnoses at scale.

 

Why This Matters

The updates aren’t just regulatory tweaks. They are a fundamental shift in financial risk exposure for health plans:

• Financial Impact

Extrapolation means a 5% error rate on a $1B contract = $50M in potential repayments.

• Operational Impact

Compliance and coding teams face a 10x workload increase with tighter timelines.

• Strategic Impact 

MAOs must now budget for audit defense as an operating line item, renegotiate provider contracts with clear audit liability terms, and invest in systems that give real-time visibility into coding accuracy.

 

Recommended Read: CMS Memo Compliance: Are You Audit-Ready Yet?

 

How to Be RADV Audits Ready

Executives should think in terms of prevention, preparation, and financial resilience:

• Prevention 

Run internal self-audits focused on high-risk HCCs. Use analytics to model repayment exposure under different error rates (e.g., 5%, 10%). Clean up unsupported diagnoses now.

• Preparation 

Treat RADV readiness as a budgeted function. Build workflows that meet 12-week submission windows. Secure vendor capacity early for chart retrieval.

• Provider Partnership 

Renegotiate contracts to clarify responsibility for clawbacks. Educate physicians about the financial consequences of incomplete documentation.

• Executive Oversight 

Require quarterly RADV risk reviews at the C-suite level, not just compliance. Build RADV exposure into financial forecasts and board reporting.

 

How Bulwark Helps Here

Here’s the problem: traditional compliance tools and chart reviews are reactive. 

They catch issues months or years after diagnoses are submitted. By then, it’s too late. 

CMS RADV audits extrapolate across your entire contract, meaning even a few bad codes could cost millions.

This is where Bulwark’s RAQ+ changes the game.

• The Gap: Plans lack real-time visibility into unsupported or over-coded conditions.
• The Bridge: RAQ+ integrates into coding workflows, surfacing potential issues before they hit CMS.
• The Outcome: Audit findings become manageable, not catastrophic. Plans protect revenue, avoid penalties, and maintain defensibility with regulators.

Here’s what RAQ+ does:

• HCC suspension & validation: Identifies high-risk codes early and reduces error rates.
• Eliminates costly mismatches that fuel clawbacks
• Real time documentation checks: Moves compliance from retrospective cleanup to proactive prevention.
• Audit-Readiness Reporting: Gives C-suites dashboards showing financial exposure and readiness to respond.

With RAQ+, executives move from firefighting to financial control. 

It’s about surviving RADV audits, protecting margins and proving to boards and regulators that your plan can stand up to scrutiny.

Recommended Read: RAQ+: The Game-Changer for HCC Capture in Value-Based Care

 

 

FAQs About RADV Audits

What is a RADV audit?

A RADV audit (Risk Adjustment Data Validation) is CMS’s process for verifying that diagnoses submitted for risk adjustment payments are supported by patient medical records.

What is the purpose of the RADV audit?

The primary focus is to ensure Medicare Advantage plans aren’t being overpaid due to unsupported or inflated diagnosis codes.

What information is verified during a RADV audit?

CMS reviews medical records to confirm diagnoses align with HCCs reported for payment. Unsupported codes = overpayments.

How often are RADV audits?

Previously, only a fraction of plans were audited. Under the new rules, all eligible MA contracts will be audited annually.

How do RADV audits work?

CMS requests a sample of medical records, a third-party auditor validates the diagnoses, and the error rate found in that sample is then extrapolated across the plan’s entire member population to calculate a total repayment amount.

What are the two main types of RADV audit?

1. National RADV audits (sample-based, now expanded).
2. Contract-level RADV audits (targeting specific MA plans).

Who conducts a RADV audit?

CMS, often with support from contractors and coders.

What is the primary focus of a RADV audit?

Ensuring accurate, supported diagnosis coding for risk adjustment. It’s about protecting Medicare funds from waste and fraud.

 

Recommended Read: Risk Adjustment Strategies In Healthcare for Today’s CFOs

 

Conclusion

RADV audits CMS-style are entering a new era: bigger, faster, and tougher. For executives, this means compliance isn’t optional – it’s existential. The risks are high, but so are the opportunities for those who prepare.

RAQ+ by Bulwark gives you the edge. With real-time validation, HCC checks, and audit-ready reporting, you can walk into an audit knowing your data is defensible. It’s not just survival – it’s strategy.

Ready to shift from risk to resilience? Book a demo with Bulwark today.