FIMC®-HCC

Medicare Advantage Audits Are Changing — My Advice After 21 Years in Medical Coding

By Dr Santosh Guptha

In my 21 years of working in medical coding, auditing, and compliance, I have seen many regulatory shifts. Some created noise. Others quietly changed the entire direction of the industry.

The CMS announcement in May 2025 falls firmly into the second category.

This is not just another policy update. This is a structural reset of how Medicare Advantage risk adjustment will be reviewed, audited, and enforced going forward.

What CMS Has Clearly Communicated

CMS has stated its intent to expand and normalize audits across all Medicare Advantage plans. For years, audits were limited, delayed, and selective. That phase is over.

CMS has publicly committed to:

• Completing all pending audits from payment years 2018 through 2024 by early 2026

• Conducting annual audits for every Medicare Advantage plan

• Increasing medical record reviews from 35 records per plan to as many as 200

• Expanding its internal medical coding workforce from 40 coders to nearly 2,000

When a regulator increases record volume and multiplies its coding workforce by 50 times, the message is unmistakable.

They are preparing for enforcement, not education.

Why This Matters More Than Ever

Risk adjustment was never designed to reward volume of diagnosis codes. It exists so that payment reflects the true expected cost of care for a beneficiary.

However, over the years, I have observed a dangerous trend:

• Diagnoses carried forward without reassessment

• Conditions inferred from weak documentation

• Problem lists copied without clinical validation

• AI and data tools suggesting codes without context

Under limited audits, these practices often went unnoticed.

Under manual review by thousands of trained CMS coders, they will not.

My Direct Advice to Coders

If you are a medical coder working in Medicare Advantage, this is my advice to you:

• Code only what is clearly evaluated, assessed, or managed

• Do not rely on history alone

• Do not code based on risk tools or AI suggestions

• Do not assume last year’s diagnosis is valid this year

• Always ask: Can this diagnosis survive a CMS auditor reading only this record

If the answer is no, do not code it

This is not about being conservative. This is about being defensible

My Advice to Auditors and QA Teams

Internal audits must now mirror CMS logic, not internal productivity targets.

Audit questions should include:

• Were clinical indicators explicitly documented

• Was the condition addressed in the current calendar year

• Does the diagnosis meet ICD-10-CM and CMS criteria

• Would an external auditor reach the same conclusion

If your audit process is lenient, CMS will correct it for you.

My Advice to Organizations and Leadership

This is the most important message I can give leadership teams:

Do not wait for an audit letter to change behavior

CMS is not hiring 2,000 coders to negotiate interpretations. They are hiring them to validate documentation against strict standards.

Organizations should immediately:

• Invest in coder education focused on audit defense

• Retrain teams on clinical indicators and MEAT principles

• Reduce dependence on automated diagnosis expansion

• Strengthen provider documentation education

• Perform mock RADV audits internally

The Opportunity Hidden in This Shift

Every regulatory tightening creates pressure. It also creates opportunity.

Highly skilled, compliant coders will become more valuable than ever. Audit-ready professionals who understand CMS logic will lead the next phase of Medicare Advantage operations.

I firmly believe:
Medical coders who understand compliance will not lose relevance — they will gain authority

This CMS audit expansion is not a threat if you are doing things correctly.
It is only a threat to shortcuts, assumptions, and unsupported coding habits.