CMS is reshaping the Medicare Advantage Star Ratings program — and the implications are significant for operations, performance, and financial outcomes across the industry.

A draft rule released November 25, 2025 proposes eliminating measures that no longer differentiate quality, introducing new behavioral health metrics, and requesting feedback on how future risk adjustment should evolve. With Star Ratings tied directly to quality bonus payments and market competitiveness, every plan executive should pay attention.

This isn’t noise. It’s transformation.

Why CMS Is Reworking Star Ratings

Medicare Advantage now covers almost 33 million beneficiaries. With this growth, the agency wants Star Ratings to:

• Better reflect clinical outcomes

• Strengthen member experience

• Reduce reliance on administrative measures

• Improve meaningful variation in scores across plans

CMS’ message is clear:

Quality should be driven by care delivered — not paperwork completed.

12 Measures on the Chopping Block

CMS proposes removing 12 MA and Part D measures that focus heavily on operational compliance:

Examples:

• Appeals decision timeliness

• Customer service performance

• Member plan-switching rates

Because these measures cluster scores too closely, CMS believes they don’t provide useful differentiation for beneficiaries or policymakers.

Most eliminations begin: Plan Year 2029

Breakdown:

• 8 → Medicare Advantage only

• 2 → Part D only

• 2 → Apply to both programs

Fewer administrative metrics.
More focus on care and safety.

Behavioral Health Takes the Spotlight

One measure gets added:

Depression Screening Follow-Up

This supports national goals to:

• Improve behavioral health access

• Encourage proactive interventions

• Better serve populations with chronic disease and mental health comorbidities

This signals a long-term shift:
Behavioral health isn’t a “nice-to-have” — it’s central to quality.

A Pause on Health Equity Requirements

In a surprise move, CMS proposes to eliminate:

• Health Equity Index (scheduled for 2027)

• Requirement for UM committees to include a health equity expert

• QI program activities specifically addressing disparities

Instead, CMS would continue the Reward Factor — prioritizing strong overall performance across all measures.

This pivots Stars away from equity-specific scoring for now, while CMS explores more effective long-term models.

CMS Wants Your Voice: Major Requests for Information

Three strategic RFIs aim to modernize the MA ecosystem:

• Risk Adjustment Modernization
  Exploring AI-based models while ensuring fairness for smaller plans and those serving higher-acuity members.

• Chronic Condition SNP Oversight
  Strengthening outcome expectations as enrollment continues to expand.

• Nutrition & Wellness Incentives
  Recognizing the value of supplemental benefits that support behavioral health and nutrition.

CMS is open to using:

• CMMI pilots, or

• Full rulemaking
  depending on industry feedback

Comment periods = high opportunity for influence

A New “SEP” for Provider Network Changes

If a provider leaves the network mid-year, beneficiaries could gain the right to switch plans.

This strengthens consumer protections and encourages network stability.

CMS Cleans Up Redundant Administrative Rules

Proposed removals include:

• Mid-year notices about unused supplemental benefits

• Health equity requirements in QI programs

• Equity experts in UM committees

It’s regulatory decluttering — allowing plans to focus on actual quality improvement.

Bottom Line for Plans

This rule signals:

• Tighter alignment between Stars and clinical care

• More weight on behavioral health workflows

• Less operational “check-the-box” burden

• Increased accountability for meaningful variation

• A runway toward risk adjustment modernization

What plans should do now:

• Identify reliance on targeted-for-removal measures

• Begin modeling 2029 Stars scenario projections

• Strengthen clinical + behavioral follow-up strategies

• Track CMS rulemaking through 2026 for implications

• Participate actively in RFI responses — shape what comes next

The Future of Stars Is Outcome-Driven

If finalized, this rule would usher in a smarter evaluation system — focused on what truly matters:

• Care that keeps people healthier

• Experiences that build trust

• Outcomes that reflect quality

The MA program isn’t just getting an update.
It’s getting a new definition of excellence.

Spoiler alert: Medicare Plan Finder (MPF) is getting an upgrade… and your provider directories are about to go real-time, structured, and API-powered.

CMS has released the Draft Technical Implementation Guide for Supplying Medicare Advantage (MA) Provider Directory Data for Use in Medicare Plan Finder (MPF) — and the industry has until December 19, 2025 to weigh in.

Grab your JSON, your FHIR endpoints, and maybe a cup of coffee. This is a fun one.

Why This Memo Matters

For years, beneficiaries have struggled with outdated or inconsistent provider directories.
CMS is fixing that — with technology.

Under CMS-4208-F2, MA Organizations must:

• Make provider directory data available to CMS/HHS

• Submit data in the formats/timelines CMS defines

• Update within 30 days of any change

• Attest annually (CEO, CFO, or COO) that the info is accurate

This memo introduces how MA plans are expected to technically deliver this data for MPF.

The Roadmap: CMS’s Three-Phase Rollout

CMS is easing the industry in with a phased approach — think of it like moving from flip phones → smartphones → AI assistants.

Phase 1: CY 2026 (Interim Fix)

CMS partners with SunFire Matrix to supply in-network provider and facility data for MPF.

• Plans can opt out — but then MPF will show a directory link pulled from their HPMS “Organization Marketing Data” page.

• Goal: Buy plans time to prepare for API-based submissions.

Phase 2: CY 2027 (Dual Option – Pick Your Tech Path)

This is where the big shift happens. Plans must supply their directory data using one of two formats:

Option 1 – Machine-Readable JSON Files

• Modeled after ACA Marketplace requirements

• Publicly accessible

• CMS crawls them daily

Option 2 – FHIR-Based JSON APIs

• Based on HL7 FHIR R4

• Using Da Vinci PDex Plan-Net v1.2.0

• No login/authentication allowed

• CMS crawls these daily too

⚠ XML FHIR is not supported — JSON only.

What CMS will validate (daily):

• URLs work

• JSON/FHIR structure matches CMS specs

• Required fields are present

• Records cover all plan/segments

• Data updated within last 30 days

But CMS does not validate accuracy. That’s on the MA plan.

Phase 3: National Provider Directory (Future State)

Announced at the White House Make Health Tech Great Again event on July 30, 2025.

CMS is building a FHIR-based national directory to connect:

• Providers

• Payers

• Networks

• Interoperability frameworks

Eventually → MPF will pull from this national directory, using plans’ FHIR APIs as its backbone.

What MA Plans Must Prepare (CY 2027 Workflow)

CMS outlines a very clear process:

1. Enter & maintain provider directory API URLs in HPMS

Available beginning Feb 2, 2026

2. Generate & publish:

• Machine-readable JSON or

• FHIR-based JSON APIs

3. CMS crawls your endpoints daily

Extract → ingest → validate.

4. Review validation results in HPMS

Plans must promptly fix issues.

5. Complete annual attestation

Due September 1, 2026 for CY 2027.

6. Join the plan testing period

May–August 2026

7. Preview MPF data

Early September 2026.

8. CMS suppressions may occur if:

• API URLs don’t work

• JSON/FHIR fails validation

• Attestation is missing

• Data quality crosses CMS “thresholds”

What Data Must Plans Send?

The guide includes full JSON & FHIR specs; highlights include:

For Individuals (Practitioners):

• NPI

• Full name

• Specialty (NUCC)

• Locations (address, phone)

• Languages

• Accepting new patients (optional)

• Contract-Plan-Segment ID (e.g., H9999-001-000)

• Last updated date

For Facilities:

• NPI

• Facility name

• Facility type (NUCC)

• Address

• Plan participation

• Updated timestamp

Technical expectations:

• Support HTTP metadata (ETag, Last-Modified, Content-Length)

• Support HEAD & conditional GET requests

Key Dates to Know

• Nov 7, 2025 – Draft guide released

• Nov 7 – Dec 19, 2025 – Public feedback window

• Jan 16, 2026 – Final guide published

• Feb 2, 2026 – HPMS URL entry opens

• May–Aug 2026 – Testing period

• Sept 1, 2026 – Attestation due

• Oct 1, 2026 – CY 2027 data goes live on MPF

CMS Wants Your Feedback (Seriously)

Submit comments here: https://surveys.CMS.gov/jfe/form/SV_aeYUdIQZz96oBOm

Questions?
1-800-220-2028 | hpms@cms.hhs.gov

Final Takeaway

CMS is modernizing how provider directories flow into Medicare Plan Finder — moving toward a real-time, API-driven, standardized national ecosystem.

MA plans that prepare now (especially with FHIR) will have smoother testing, fewer suppressions, and a stronger compliance posture headed into CY 2027 and beyond.

Think of this as the warm-up lap for the National Provider Directory.
And the race has already started.

Because January 1, 2026, will arrive faster than a rejected HPMS login.

CMS just released the official Contract Year (CY) 2026 Readiness Checklist, signed by Vanessa S. Duran and Kathryn A. Coleman — the playbook every MA organization, Part D sponsor, Cost Plan, and PACE program needs to be fully operational by January 1, 2026.

Think of this checklist as the industry’s annual “pre-flight inspection.” If even one lever is out of alignment — HPMS access, data submissions, network adequacy, member communications, PDE timeliness — CMS will catch it.
Let’s walk through it in a fun, interactive way (with a few analogies sprinkled in), while keeping all the details intact.

1. Inflation Reduction Act (IRA): The Big Engine Upgrade

CMS spotlights several major IRA-driven changes going into effect:

🔹 Medicare Drug Price Negotiation Program

• 10 drugs have newly negotiated Maximum Fair Prices (MFPs) effective Jan 1, 2026.
  Plans must ensure payments do not exceed MFP + dispensing fees.

🔹 Part D Redesign

The 2025 overhaul continues:

• $2,000 out-of-pocket max

• Elimination of the coverage gap

• Transition to the Manufacturer Discount Program

• Updated TrOOP rules

• New definitions for EA benefits

• EGWP prospective reinsurance changes

• Selected Drug Subsidy establishment

🔹 Medicare Prescription Payment Plan

The monthly payment option is now fully in play for 2025+ and requires:

• Correct cost-sharing calculations

• Accurate member installment options

CMS reminds plans to keep reviewing related HPMS memos — several were issued between April 2024 and July 2025.

2. Access to Services: Don’t Leave Members Guessing

Plans must ensure:

• Call centers provide interpreter services

• Required materials delivered in multiple languages

• SNPs must follow both Medicare + Medicaid translation standards

• Use professional translation methods (no Google Translate shortcuts 😉)

CMS also provides model materials translated into Spanish, Chinese, Korean, and Vietnamese.

3. Accessibility & TTY

Plans must:

• Provide all materials in accessible formats upon request

• Display TTY numbers alongside customer service numbers

• Ensure TTY access works (711 or state relay accepted)

4. Precluded Providers & Prescribers

Plans must:

• Notify beneficiaries

• Reject services/claims tied to individuals on CMS’s preclusion list

• Ensure PBMs reject Part D claims from precluded prescribers

CMS lists the criteria — from Medicare revocation to certain felonies.

5. Systems, Data & Connectivity: The Heart of Readiness

This section is huge — and critical. CMS expects flawless performance across:

✔ HPMS

• Ensure staff register in the Plan Connectivity Module

• Keep contract contacts updated (CMS uses them frequently!)

✔ Internal & downstream system testing

Examples of failures CMS has seen:

• Claims system misfires

• Missing EOBs

• Incorrect ID card files

• Copay miscalculations

• Transition fill issues

✔ MARx

• Keep enrollment submissions timely

• Ensure EPOCs and IDM access are maintained
  (IDM locks after 60 days — yes, still.)

✔ Medicare Plan Finder (MPF)

Part D sponsors must:

• Submit accurate pricing + pharmacy network files

• Perform QA before submission

• Correct outlier notifications

• Avoid suppression by ensuring accuracy across all MPF data

✔ Patient Safety & OMS

• Maintain report access

• Review monthly safety data

• Address opioid overutilization and safety edits

• Follow OMS guidelines for notifications and case management

✔ Encounter Data & RAPS

MA plans must:

• Submit complete risk-adjustment data

• Resolve errors before deadlines

• Use EDS as the primary source for DOS 2021+

• Follow supplemental benefits reporting rules (including dental via 837D)

PACE plans must continue transitioning from RAPS to EDS.

✔ PDE & DIR

Part D sponsors must:

• Submit PDEs for selected drugs within 7 days

• Submit PDEs for all other drugs within 30 days

• Submit adjustments/deletes within 90 days

• Use CSSC tools, PDE portals, and reconcile PDEs with internal records

• Meet DIR reporting and certification requirements

• Apply pharmacy price concessions at POS (regulatory requirement)

6. Reporting Requirements

Plans must:

• Submit HEDIS®, HOS, CAHPS®

• Register with Acumen’s Part C/D Reporting Portal

• Follow Reporting Requirements + conduct independent data validation

• Return sponsor-identified overpayments within 60 days

• Follow guidance for risk-adjustment and PDE/DIR-related overpayments

• Maintain audited financial statements for Fiscal Soundness

• Implement SNP HRA screening on housing, food, transportation

7. Contracting, Subcontractor Oversight & AWP

Plans must:

• Provide Any Willing Pharmacy (AWP) terms by Sept 15

• Update offshore subcontractor listings in HPMS within 30 days

• Maintain FDR oversight

• Adhere to state Medicaid contract requirements for D-SNPs

8. Customer Service & Communications

CMS checks everything:

• Call center wait times, language support, and TTY compliance

• MTM program requirements

• CTM data accuracy

• Marketing materials + website + provider directories

• Real-Time Benefit Tools (RTBT)

• Agent/broker compensation rules

• Medicare opioid education requirements

9. Enrollment & Disenrollment

Plans must:

• Follow AEP, MA-OEP, SEP rules

• Maintain compliant electronic enrollment mechanisms

• Ensure 5-Star SEP processes are correct

• Monitor LEP, retroactive enrollment, and OEC data

• Ensure timely HPMS submissions for enrollment updates

10. Benefits, Protections & Network Requirements

CMS requires:

• Part C network adequacy

• Part D network access

• Formulary compliance

• Anti-discrimination protections for dually eligible

• Adherence to Coverage Gap & Manufacturer Discount Program rules

• Medicare Prescription Payment Plan integration

• CCIP compliance

• EGWP alignment with EGWP rules

11. LIS, COB & TrOOP

Plans must:

• Process LIS benefits accurately

• Manage BAE documentation

• Support ATBT for TrOOP

• Follow COB rules

• Handle hospice, ESRD, ABII and transition claims correctly

12. Appeals, Grievances, UM & Emergencies

CMS reminds plans to:

• Maintain compliant OD appeals process

• Ensure UM Committee functions as required

• Follow PHE/disaster declaration rules

• Maintain compliance programs and internal monitoring

Final Takeaway: 2026 Readiness Isn’t a Checklist — It’s a Mindset

With IRA redesign, new payment rules, expanded reporting, supplemental benefit submissions, PDE timeliness, and network adequacy convergence — CY 2026 is one of the most operationally complex years yet.

CMS expects plans to:

• Identify risks early

• Communicate with account managers

• Maintain continuous compliance

• Test systems proactively

• Keep documentation audit-ready

On November 12, 2025, the Centers for Medicare & Medicaid Services (CMS) released a high-impact memorandum, “Submission of Supplemental Benefits Data on Medicare Advantage Encounter Data Records – Reminders and Other Supplemental Service Updates.”
Authored by Jennifer R. Shapiro, Director of the Medicare Plan Payment Group, this memo provides crucial clarifications and operational updates for Medicare Advantage (MA) organizations reporting supplemental benefits through the Medicare Advantage Encounter Data System (EDS).

This in-depth article breaks down the memo into actionable guidance, best practices, and compliance priorities for operations teams, encounter data submitters, plan benefit designers, vendor managers, and Medicare compliance leads preparing for Contract Year (CY) 2026.

Why CMS Released This Update Now

CMS has continued to identify persistent gaps and inconsistencies in supplemental benefit encounter data, including:

• Missing SBSC codes

• Incorrect mapping for the year of service

• Incomplete vendor data

• Supplemental benefits not aligning with PBP-approved benefits

• Data not submitted at all for certain benefit types

With supplemental benefits expanding rapidly — including food, utilities, transportation, in-home support, SSBCI offerings, and VBID enhancements — CMS is tightening expectations around accuracy, completeness, and traceability.

This memo serves as both a compliance reminder and a technical implementation guide for MA plans heading into the 2026 benefit year.

1. Mandatory Requirement: All Supplemental Benefits Must Be Reported Through EDS

CMS reiterates that MA organizations are required under 42 CFR §422.310 to submit all supplemental benefits via encounter data.
This includes:

• Traditional supplemental benefits

• Expanded VBID benefits

• SSBCI benefits

• Benefits delivered through pre-funded cards

• Benefits administered through multiple vendors

CMS uses these encounter submissions for:

• Program integrity

• Validation of PBP-approved benefits

• Evaluation of supplemental benefit impact

• Monitoring MA benefit design trends

• Oversight of member equity and access

Failure to submit complete encounter data may trigger additional CMS follow-up or corrective action.

2. New SBSC Code Update for CY 2026

CMS issued a single but important SBSC code update for the upcoming benefit year:

-  “Three (3) Pint Deductible Waived” → SBSC 9d-1 (effective CY 2026)

Plans must use the SBSC code list that corresponds to the year of service, not the year of submission.

Using the incorrect SBSC year is a leading cause of EDPS Edit 19005 — “Missing Supplemental Benefit Details.”

3. CMS Identifies Key Operational Issues & Best Practices

Based on industry outreach, CMS highlighted several recurring issues:

Common Data Problems

• Vendors using outdated SBSC codes

• Inconsistent file formats across different vendors

• Supplemental services not mapped correctly to benefit categories

• Inaccurate treatment of returns for pre-funded cards

• Misclassification of supplemental vs. Medicare-covered extensions

CMS-Recommended Best Practices

• Standardize file layouts and data dictionaries across all vendors

• Define internal business rules for Medicare-covered extensions

• Establish year-of-service SBSC validation checks

• Create audit processes for supplemental benefit mapping

• Implement exception reporting for incomplete or unmatched vendor files

Plans that operationalize these best practices will reduce EDS rejections and strengthen compliance.

4. Expectations for 2024 and 2025 Dates of Service

CMS acknowledges that some plans may lack full historical data for early 2024, but makes expectations clear:

• Plans should submit complete 2025 DOS supplemental benefit data.

• 2024 DOS data should be submitted when available.

CMS is monitoring data completeness and may reach out when encounter volume appears low relative to approved benefits.

5. Guidance for Handling Returns on Pre-Funded Cards

One of the most challenging areas involves returns for purchases made with pre-funded cards used across categories such as:

• Grocery

• OTC

• Utilities

• Transportation

• Wellness support

Because vendor systems often cannot link returns to original purchases, CMS allows:

• A reasonable allocation methodology

• Documentation of consistent, repeatable processes

• Vendor improvements to strengthen linking capabilities

CMS is actively seeking feedback to develop future policy around these scenarios.

6. VBID and SSBCI Reporting Requirements

CMS explicitly states that both VBID benefits and Special Supplemental Benefits for the Chronically Ill (SSBCI) must be submitted through EDS.

Example mappings:

• Food/produce packages → SBSC 13i1

• Utility support → SBSC 13n

• Transportation support → SBSC 14b1

Accurate reporting ensures CMS can evaluate utilization, health equity outcomes, and program effectiveness.

7. Supplemental Extensions of Medicare-Covered Services

CMS clarifies that extensions of Medicare-covered services can be supplemental benefits, and encounter reporting must reflect the correct SBSC.

Plans must:

• Document internal logic

• Train claims, configuration, and vendor teams

• Ensure clarity in system configuration

No changes to current reporting formats were introduced — but CMS expects improved consistency.

8. Dental Encounters: Important MA-Specific Clarification

CMS reiterates:

• MA plans must follow the MA Supplemental Dental Submission Guide.

• A/B MAC billing rules do not apply to MA 837D dental encounters.

This is a critical distinction for plans using dental TPAs who may default to Medicare FFS rules.

9. CMS Will Increase Monitoring and Follow-Up

CMS will monitor supplemental benefit encounter submissions to verify:

• Completeness

• Accuracy

• Alignment with PBP benefits

• Consistency across vendors

• Proper SBSC mapping by year

Plans should expect inquiries where patterns appear unusual.

10. CMS Requests Industry Feedback

Feedback is specifically requested for:

• Challenges with pre-funded card returns

• Vendor tracking limitations

• Mapping complexities

• Data linkage issues

Send comments to:
📩 RiskAdjustmentOperations@cms.hhs.gov
Subject: “Supplemental Benefits Submission – November 2025 Memorandum”

What Plans Should Do Before CY 2026

Here is a recommended readiness checklist:

• Update SBSC codes for 2026

• Audit 2025 supplemental encounters for completeness

• Align all vendors to standardized file formats

• Strengthen validation logic for year-specific SBSC

• Enhance pre-funded card transaction tracking

• Document rules for Medicare-covered extensions

• Train all internal stakeholders and vendors

Final Takeaway

CMS is making supplemental benefit encounter reporting more structured, transparent, and data driven. As supplemental benefits expand in scope and importance — especially for food, utilities, transportation, in-home support, SSBCI, and VBID — the integrity of encounter data will directly influence oversight, policy, and program success.

CY 2026 is a turning point. Plans that invest now in stronger governance, vendor alignment, and data controls will be best positioned for compliance and performance.

The Centers for Medicare & Medicaid Services (CMS) has finalized the Medicare Part C Utilization Management Annual Data Submission (CMS-10913) and published the approved data collection tool. This memo explains what was finalized (and what wasn’t) and how Medicare Advantage (MA) organizations should prepare to submit the required data. 

2025UMAnnualCollection

TL;DR — The essentials

• CMS finalized an annual submission for utilization management (UM) data, but narrowed the scope: CMS will collect internal coverage criteria that apply to Medicare Part C services (including Medicare Part B drugs) that require prior authorization. It will not collect criteria used exclusively in concurrent reviews or payment reviews. 

• CMS did not finalize the proposed audit protocol or audit tools (they were removed after review of comments). CMS may still incorporate review of internal coverage criteria into future program audits. 

• Submission timing: MA organizations must submit via HPMS annually by February 28 each year — but for calendar year 2026, CMS extended the deadline to April 30, 2026 to give plans time to prepare. 

• Help is coming: CMS will issue technical guidance on how to submit in HPMS and will respond to plan questions via a dedicated mailbox. CMS may hold an industry call or publish a Q&A summary if many similar questions arise. Questions can be sent to CMS_PartC_UM_Audits@cms.hhs.gov. 

Why this matters

• This is the first finalized, recurring annual collection of UM internal coverage criteria for MA plans — it increases transparency into how plans apply prior authorization for Part C services and Part B drugs.

• Even though the audit protocol wasn’t finalized, CMS’ yearly collection creates a new compliance milestone and will require operational coordination across clinical, compliance, and IT teams. 

What CMS will (and won’t) collect

Will collect

• Internal coverage criteria that apply to Medicare Part C services, including Medicare Part B drugs, that require prior authorization. 

Will NOT collect

• Criteria used only for concurrent reviews or payment reviews.

• The previously proposed audit protocol and audit tools were removed from the final package. 

Practical next steps — an action plan (ready-to-use checklist)

Use this as your internal playbook. Assume you’ll need to submit by April 30, 2026 for the first year (then Feb 28 annually).

Immediate (this week)

• Notify stakeholders (Compliance, Medical Affairs, UM operations, IT, Data) and assign a submission owner.

• Create a project folder (secure) labeled “CMS UM Annual Submission — CY2026”.

0–30 days

• Inventory all UM rules that impose prior authorization for Part C services and Part B drugs. Export decision logic, effective dates, affected service codes, and any accompanying clinical rationale.

• Document owners for each rule (who can explain/defend the clinical criteria).

30–60 days

• Map each rule to data fields you’ll likely need for HPMS (service name, CPT/HCPCS/DRG or drug NDC info, rule effective date, clinical criteria summary).

• QA the inventory — sample 10–20 rules with clinical SMEs to ensure accuracy.

60–90 days

• Build a transfer-ready file (spreadsheet or database export) with clean field names and version history. Don’t finalize until CMS issues technical guidance — but the hard work of collecting and validating content should be done.

• Plan for HPMS upload: identify who has HPMS access and confirm permissions.

Ongoing / Pre-submission

• Monitor CMS guidance and the Part C UM Annual Data Submission webpage for templates, crosswalks, and FAQs. 

Information You Need to Get Started

To prepare for the CMS Part C UM Annual Data Submission, your organization should start gathering and organizing internal coverage criteria that require prior authorization for Part C services (including Part B drugs). Key information to collect includes:

1. Rule Name and ID – Identify each prior authorization rule.

2. Service or Drug Codes – Include CPT, HCPCS, DRG, or NDC codes affected by each rule.

3. Clinical Criteria Summary – Provide a concise description of the clinical rationale behind each rule.

4. Effective and Review Dates – Track when each rule was implemented and last reviewed.

5. Rule Owner – Record the person responsible for maintaining or explaining the rule.

Collecting and validating this information early will make the HPMS submission process smoother once CMS releases technical guidance. Starting now ensures you meet the first submission deadline of April 30, 2026 for calendar year 2026, and prepares your team for future annual submissions.

FAQs (quick answers)

Q: Is CMS collecting audit tools and protocols?
A: No — CMS reviewed comments and chose not to finalize the proposed audit protocol or audit tools at this time. They may add them to future audit protocols. 

2025UMAnnualCollection

Q: Which UM criteria are in scope?
A: Only internal coverage criteria that apply to Part C services (including Part B drugs) that require prior authorization. Criteria used exclusively for concurrent or payment review are out of scope. 

2025UMAnnualCollection

Q: When is the first submission due?
A: For calendar year 2026, CMS extended the due date to April 30, 2026. Thereafter, submissions are due February 28 each year. 

2025UMAnnualCollection

Q: Where do we submit questions?
A: Send them to CMS_PartC_UM_Audits@cms.hhs.gov. CMS will respond and may schedule an industry call or publish a summary of Q&As if many similar questions are received. 

2025UMAnnualCollection

Q: Where can we find the tools and crosswalk?
A: CMS has posted the data collection tools, the supporting statement, the crosswalk of changes, and their responses to public comments on the CMS Part C UM Annual Data Submission webpage. Check that CMS page for updates. 

2025UMAnnualCollection

Common pitfalls to avoid

• Waiting for the HPMS template before starting your inventory — start collecting now.

• Failing to include Part B drugs that require prior authorization.

• Not documenting rule owners or version history — CMS is asking for internal criteria, so provenance and dates matter.

• Assuming the audit protocol is finalized — it’s not; however the annual collection itself is now required. 

On September 29, 2025, CMS released an important HPMS memo titled “Calendar Year (CY) 2026 Risk Adjustment Implementation Information,” signed by Jennifer R. Shapiro, Director of the Medicare Plan Payment Group. This update finalizes how risk adjustment models and software will be implemented in 2026, with significant changes that all Medicare Advantage (MA), Part D, Cost, and PACE organizations must prepare for.

1. Final Phase-In of the 2024 CMS-HCC Model

• Medicare Advantage (non-PACE):
  Starting in CY 2026, CMS will use 100% of the 2024 CMS-HCC model (no more blending with older models).
  -> This means the transition is complete — risk scores will fully reflect the Version 28 model.

• RxHCC Model:
  Risk scores will use 100% of the updated 2026 RxHCC model (calibrated with 2022/2023 data).
  Separate normalization factors continue for MA-PDs and PDPs.

• ESRD Model:
  CMS will continue using the 2023 ESRD model for dialysis, transplant, and post-graft populations.

2. Special Rules for PACE Organizations

PACE organizations will still operate under a blend of models, maintaining continuity while gradually moving toward newer methodologies:

• CMS-HCC: 10% 2024 CMS-HCC (encounter + FFS only) + 90% 2017 CMS-HCC (RAPS + encounter + FFS).

• RxHCC: 10% 2026 RxHCC (2022/2023 calibrated) + 90% 2026 RxHCC (2018/2019 calibrated).

• ESRD: 10% 2023 ESRD + 90% 2019 ESRD.

-> Translation: PACE remains on a slower glide path, heavily weighted toward legacy data sources.

3. Updates to Reports: MMR and MORs

• MMR (Monthly Membership Report):
  Expanded Risk Adjustment Factor Type Codes for PACE will be added in the November 2025 PCUG update. These codes will better capture dialysis, graft, institutional, and dual-eligibility variations.

• MOR (Model Output Reports):

  • Record Type J will be retired.

  • Record Types M, L, and 6 will now also apply to PACE.

  • New record type usage:

    • M = CMS-HCC V28

    • 6 = 2026 RxHCC (2022/2023 calibration)

    • 7 = 2026 RxHCC (2018/2019 calibration, for PACE only)

    • L = 2023 ESRD V24

-> Plans must update their internal MOR processing logic before initial 2026 runs.

4. Major Shift: From SAS to Python

CMS has officially announced its software transition plan:

• CY 2026 Midyear/Final: SAS + Python (test version)

• CY 2027 Initial & Midyear/Final: SAS + Python

• CY 2028 Initial and beyond: Python only

-> This is a huge operational signal: Plans must ensure IT and actuarial teams are ready to integrate Python-based model software into workflows.

5. Timeline of Risk Score Updates

CMS clarified how risk scores will update across the year:

• January 2026: Initial risk scores (using July 2024 – June 2025 data).

• July 2026: Mid-year risk scores (using CY 2025 data), with retroactive adjustments back to January.

• June 2027: Final risk scores (using CY 2025 data, month-by-month community/LTI and LIS status).

-> Plans should expect payment volatility at midyear and final reconciliations.

Key Takeaways for Plans

1. MA organizations must prepare for the full effect of the 2024 CMS-HCC model — coding accuracy and encounter data completeness are critical.

2. Part D sponsors should note the shift to the fully updated RxHCC model with 2022/2023 calibration.

3. PACE programs continue with blended methodologies, but must update systems for expanded RAF codes.

4. Operations teams need to adapt to MOR/ MMR changes to avoid reconciliation surprises.

5. IT and actuarial teams should begin preparing for the end of SAS and a future where Python is the only supported risk adjustment software.

Final Thought

The CY 2026 HPMS memo signals a new era of modernized risk adjustment — complete model transitions, expanded reporting granularity, and a software migration that will reshape how plans operate. Proactive preparation today will help plans avoid surprises in 2026 payments and stay ahead of compliance expectations.

If Medicare Advantage and Part D payments were like hospital rounds, then the September 2025 Payment Information is the chart you don’t want to skim too quickly. A few new notes, some important corrections, and the usual reminders are tucked inside — all of which could make a real difference to your bottom line.

So, grab your (virtual) stethoscope — let’s diagnose what’s changed.

1. Risk Adjustment Reconciliation Rerun (PY 2020)

Think of this like prescribing the wrong year’s drug formulary — CMS accidentally used the 2012 CPT/HCPCS list when reconciling 2020 risk scores. Oops.

That meant beneficiaries with Fee-for-Service enrollment during the data collection year didn’t have their scores aligned properly.

The fix? CMS reran the reconciliation for Payment Year 2020, and a rerun for PY 2021 (with 2020 codes) is already on deck.

Translation: Correct codes = correct payments. Accuracy matters.

2. User Fee Adjustments

Ever notice how hospital cafeteria prices mysteriously go up or down? Same idea here. The user fees for September got a little shuffle:

• National Medicare Education Campaign (NMEC):

  • MA-PD bumped up to 0.038% (from 0.023%).

  • PDP dipped down to 0.0012% (from 0.024%).

• Coordination of Benefits (COB): Holding steady at $0.078 per Part D member.

Not huge, but every fraction of a percent counts when you’re talking thousands of members.

3. Retroactive Cleanups (Because We All Miss a Spot Sometimes)

Several payment corrections landed this month — and if you’ve ever gone back to fix a charting error, you’ll appreciate the cleanup:

• Frailty Factor Fix: Missing for 2023–2024 PACE enrollees.

• Adjustment Display Glitch: Some 2023 payment adjustments went MIA.

• New Enrollee Factors: Risk adjustment was misapplied in 2024 & 2025.

• Part D Direct Subsidy: A handful of 2025 members were assigned zero risk factor.

You’ll see these changes as ARC 94 entries with unique cleanup IDs on your Monthly Membership Report (MMR).

4. Sequestration Reminder

Like the diet you swore you’d stick to — sequestration is still here. The 2% cut, paused during the pandemic, is now fully back since July 2022.

• 1% cut: April–June 2022.

• 2% cut: July 2022 onward.

So yes, it’s still trimming payments, month after month.

5. Reporting Payment Issues

If your premiums or payments don’t look right, don’t panic. Plans should submit trouble tickets to the MAPD Help Desk.

Pro tip: If lots of plans see the same issue, CMS may roll it into one big master ticket — like turning multiple patient complaints into a single case study.

Bottom Line

The September 2025 payment cycle is another reminder that details matter:

• Correct codes = correct revenue.

• Retroactive cleanups can help (or surprise) your books.

• User fees may be tiny but worth tracking.

• Sequestration isn’t going anywhere.

The takeaway? Stay vigilant. Monitor those reconciliations. And remember, even small adjustments can ripple into large financial impacts across your member population.

At Health Data Max, we make sure you don’t just react to changes — you get ahead of them. Our AI-powered platform helps plans monitor risk scores, validate chart documentation, and stay compliant while protecting revenue.

Ready to make payment accuracy stress-free? Visit Health Data Max to learn more.

When it comes to Medicare Advantage audits, some diagnosis codes are riskier than others. In fact, there are eight high-risk groups that account for an overwhelming number of errors in risk adjustment audits.

These conditions aren’t just on the radar; they’re practically under a microscope. And the stats are sobering — in some cases, error rates are over 90%. Every unsupported diagnosis that gets removed during an audit doesn’t just reduce your risk score — it could mean significant revenue loss, especially when extrapolation is applied.

That’s why having a proactive, AI-powered compliance strategy isn’t optional anymore — it’s essential.

The Eight High-Risk Groups & Their Common Pitfalls

1. Acute Stroke

• Error Rate: 96%

• Common Pitfalls: Using acute stroke codes for past events, missing onset date or stroke type, no imaging confirmation.

• Best Practice: Document active-phase evidence, neurologist notes, and imaging.

• HDM Advantage: Our AI engine flags stroke codes lacking active-phase proof before they’re ever submitted.

2. Acute Myocardial Infarction (Heart Attack)

• Error Rate: 95%

• Common Pitfalls: Coding for acute MI long after the event, missing cardiology notes or lab evidence.

• Best Practice: Only use acute MI codes during the treatment phase; use “history of” codes after recovery.

• HDM Advantage: Links diagnosis timelines to event dates to prevent late-phase miscoding.

3. Embolism

• Error Rate: 79%

• Common Pitfalls: Missing imaging or lab proof, unclear site of embolism, “suspected” without confirmation.

• Best Practice: Confirm diagnosis and specify exact location.

• HDM Advantage: NLP scans charts for missing test confirmations.

4. Lung Cancer

• Error Rate: 88%

• Common Pitfalls: No biopsy/pathology proof, unspecified laterality or site, no treatment plan.

• Best Practice: Include biopsy reports, staging, and treatment documentation.

• HDM Advantage: Automated cross-check for staging, laterality, and treatment status.

5. Breast Cancer

• Error Rate: 96%

• Common Pitfalls: Missing pathology/surgery documentation, unclear laterality, or absent treatment notes.

• Best Practice: Provide operative reports, treatment history, and pathology details.

• HDM Advantage: AI validation ensures cancer documentation matches coding requirements.

6. Colon Cancer

• Error Rate: 94%

• Common Pitfalls: Missing colonoscopy/pathology proof, vague terminology, unclear treatment status.

• Best Practice: Link diagnosis directly to test results and specify current status.

• HDM Advantage: Smart linkage detection ensures diagnostic evidence is present.

7. Prostate Cancer

• Error Rate: 89%

• Common Pitfalls: Missing biopsy results, absent PSA test references, or coding remission cases as active.

• Best Practice: Include test results, staging, and treatment details.

• HDM Advantage: Automated alerts for missing cancer stage or test confirmation.

8. Potentially Mis-Keyed Diagnosis Codes

• Error Rate: 81%

• Common Pitfalls: Typing errors, transposed numbers, mismatched ICDs.

• Best Practice: Cross-check claims and charts for accuracy.

• HDM Advantage: AI-driven validation catches code-entry mistakes in real time.

Where Health Data Max Comes In

At Health Data Max, our AI-powered Risk Adjustment Platform is designed to make compliance second nature by embedding these best practices into daily workflows.

Here’s how we turn these principles into operational wins:

• Real-Time Chart Auditing – Our platform acts like a subject matter expert inside every chart, ensuring all diagnoses have matching clinical documentation.

• AI-Powered Error Detection – Identify and correct unsupported HCCs before they appear in an audit sample.

• Risk Score Simulation & Monitoring – Track the financial impact of coding decisions and ensure alignment with member demographics and clinical evidence.

• Compliance Dashboards – Always know where you stand with up-to-date compliance metrics and audit readiness scores.

• Chart Copilot Chat – Interact directly with your chart data using natural language, so compliance and coding teams can instantly retrieve documentation, verify codes, or resolve queries.

• Automated Sample Validation – Cross-check sampled enrollee records against clinical, demographic, and historical data to confirm support before audit submission.

• Proactive Outlier Detection – Identify providers, regions, or conditions with higher-than-expected HCC prevalence to prioritize education and intervention.

The Compliance Advantage

By integrating these high-risk condition safeguards with our intelligent automation, MA plans can:

• Reduce audit exposure and defend against extrapolated recoveries

• Minimize payment clawbacks by preventing errors at the source

• Improve documentation quality and coding accuracy

• Protect revenue while maintaining compliance

• Build a continuous compliance culture that’s audit-ready year-round

Bottom Line
High-risk conditions carry high error rates, and the cost of getting them wrong is too big to ignore. By combining clinically specific documentation with AI-powered pre-audit checks, organizations can protect revenue, ensure compliance, and stay one step ahead of auditors.

Let’s talk about making compliance your competitive advantage. Visit www.healthdatamax.com or email sales@healthdatamax.com to get started.

When it comes to Risk Adjustment Data Validation (RADV) audits, a diagnosis isn't just a diagnosis—it's the heartbeat of your reimbursement. And just like in medicine, even small errors can have serious consequences.

CMS Doesn't Just Look at Yes or No

Think of a RADV audit like a lab test. CMS doesn’t just say “positive” or “negative.” Instead, it gives a more detailed diagnosis of your diagnosis codes. These audit results are placed into different buckets—each one telling a different story about how well your documentation supports your claims.

Here’s a quick look at how CMS classifies them:

• Confirmed – The gold standard. Diagnosis is backed by solid documentation.

• Confirmed Higher – Surprise bonus! CMS found your documentation supports an even more severe condition than what was originally coded.

• Discrepant – Uh-oh. CMS couldn’t find any evidence in the chart to back up the diagnosis.

• Discrepant Lower – CMS found a less severe condition than what you coded.

• Administrative Exception – Rare, but sometimes CMS decides not to count the HCC in the payment error calculation for certain technical reasons.

But Here's the Catch...

Any diagnosis that doesn’t land in the “Confirmed” category can lead to a financial hit.

Even if the diagnosis is partially correct, or close, it might still cost you. It's like prescribing the right medication for the wrong dosage — the intent was there, but the outcome could still be harmful.

Let’s say your team submitted a code for a complex chronic illness, but CMS only finds support for a mild version. That downgrade might seem small, but across a large population, it adds up quickly—especially with extrapolation involved.

Why Should You Care?

• One error = Risk score drop = Less payment.

• Repeated errors = Extrapolated losses = Bigger clawbacks.

• Even “smaller” errors can cause big overpayment recovery bills.

And remember: CMS audits aren’t just about one patient or one claim. They use these results to estimate payment errors for your entire contract.

So, What’s the Prescription?

Just like you wouldn’t skip a follow-up appointment, don’t skip over “small” errors in your risk adjustment coding. Every diagnosis should be documented like it’s going to be audited—because it just might be.

Here’s your action plan:

• Aim for "Confirmed" – Train providers to document thoroughly and specifically.

• Check Your Work – Run internal audits before CMS does.

• Use Tech to Your Advantage – AI-powered tools like Health Data Max’s Chart Copilot can scan records like a seasoned clinician and flag weak spots before they reach CMS.

Final Thought

Think of your documentation as a patient chart under review by a second opinion specialist—CMS. Your goal is to make sure that when they open the file, everything is clear, specific, and defensible.

In risk adjustment, even small missteps can cause big ripples. So don’t just code. Code carefully. Code completely. And if you’re not sure where to start, Health Data Max is here to help.

Reach out at sales@healthdatamax.com or visit www.healthdatamax.com to explore how we’re making RADV audits less scary—and a lot smarter.

If RADV audits were a clinical exam, your plan doesn’t get partial credit—you get one shot per diagnosis. That’s because CMS only uses a single “best” medical record (MR) to validate each HCC for every audited enrollee. Think of it like choosing your strongest lab value or most telling X-ray—you want to lead with your best evidence, not your full chart.

CMS’s “One and Done” Rule: What’s Really Happening?

When CMS conducts a RADV (Risk Adjustment Data Validation) audit, it’s not flipping through an entire patient file or cross-referencing all the SOAP notes you sent in. Nope. For each Hierarchical Condition Category (HCC) under audit, they select just one medical record—and that’s the only one that counts.

This selected MR is used to determine whether the diagnosis is valid or discrepant. If it doesn't confirm the HCC, even if another one might have, tough luck. That diagnosis doesn’t count. It’s the healthcare equivalent of submitting just one vital sign to determine an entire treatment plan—so make sure it’s the right one.

How Does CMS Pick That One Record?

Good news: CMS usually starts with the records you submit and the order in which you rank them. Bad news: they don’t have to follow your ranking. CMS applies its own clinical logic to identify the most appropriate record based on a few core principles:

• Top-Down Clinical Validation: If a lower-ranked record supports a more severe diagnosis (i.e., a higher-weighted HCC in the same hierarchy), CMS picks that.

• Direct Confirmation Wins: If a record directly confirms the exact HCC being audited, it may be selected—unless another supports a higher HCC.

• If No Record Confirms the HCC: The HCC is marked as a discrepancy, which could lead to extrapolated overpayment calculations.

This means that record prioritization isn’t just admin—it’s a clinical strategy.

Why It’s a Big Deal

Let’s say you submit five records for a patient with metastatic cancer. Four mention “malignancy,” but only one ties the primary site to the metastatic spread with the right documentation. If you rank that golden chart last, and CMS uses your top pick instead—which lacks the necessary detail—you risk a discrepancy.

In RADV, one bad pick can cost thousands. Or, put another way: You don't bring your whole surgical tray to the table—you bring the instrument you trust most.

Practical Takeaways

Here’s what every Medicare Advantage Organization should keep in mind:

• Rank Smart, Not Just Fast: Know which records have the strongest documentation and rank them accordingly.

• Audit-Proof the Chart: The selected chart needs to stand on its own. Don’t assume context from other records will help—it won’t.

• Train Like It’s an Exam: Abstractors, coders, and auditors should be trained to recognize the gold standard of documentation per HCC.

• Use Tech That Thinks Like a Clinician: AI-powered tools (like ours at Health Data Max) can help flag the most defensible charts, rank records automatically, and simulate audit scenarios—before CMS comes knocking.

The Bottom Line

In RADV audits, every HCC only gets one lifeline. One medical record. One shot. So don’t gamble. Make sure the record CMS uses is the one you’d take to grand rounds.

Ready to make your chart submissions audit-proof? Let Health Data Max help you with documentation validation, and risk analytics that speak CMS’s language.

Contact us at sales@healthdatamax.com or visit www.healthdatamax.com

When it comes to Risk Adjustment Data Validation (RADV), many assume the overpayment calculation is an annual lump sum exercise. In reality, CMS takes a more granular approach—errors are measured monthly, for each member, before being rolled up into a final total.

A Month-by-Month, Member-Specific View

According to CMS’s RADV Payment Error Calculation Methodology, the process begins at the individual enrollee level. For each sampled member, CMS determines whether submitted diagnosis codes were supported by medical records. When discrepancies are found—such as missing or invalid documentation—those unsubstantiated diagnoses are removed from the risk score calculation.

Rather than stopping at a revised annual score, CMS does the following:

1. Recalculates monthly risk payments based on a revised enrollee risk score for each month the member was enrolled.

2. Compares those amounts against the original payments that were made during the same period.

3. Calculates the monthly difference—positive (overpayment), negative (potential underpayment), or zero—and sums those to determine the member’s total annual payment error.

This member-level, month-specific accounting ensures that only the portions of the year where risk payments were overstated contribute to the overpayment determination. If a diagnosis was only invalid for part of the year, the adjustment reflects that.

Why This Matters

This methodology matters because it provides a fair and precise accounting of risk payments. It ensures that MAOs are only held responsible for overpayments tied directly to unsupported diagnoses and only for the timeframes in which they were paid.

The level of precision used by CMS in RADV calculations also underscores the need for airtight documentation practices. Every claim, every diagnosis, and every medical record entry must be auditable and defensible—month after month.

Key Takeaway

CMS isn’t just looking at whether a member’s diagnoses were supported—it’s examining when they were supported and how long they affected payment. Understanding and planning for this month-by-month approach to RADV audits is essential for compliance and financial accuracy in Medicare Advantage risk adjustment.

Schedule a free demo today at sales@healthdatamax.com to know more

In Medicare Advantage, risk adjustment isn’t just a compliance checkbox — it’s the core of your financial health and audit security. But between disjointed claims data, rigid CMS submission rules, shifting HCC models, and RADV audits waiting in the wings, the process is often fragmented and risky.

Health Data Max (HDM) is built to change that. Our comprehensive risk adjustment and compliance platform supports your entire workflow — from the first claim to the final audit defense.

Step 1: Clean Claims — The Start of Risk Accuracy

Everything begins with claims data. Our platform ingests Part C and Part D provider claims and refines them into structured, ready-to-use information that forms each member’s risk and clinical profile.

What we deliver:

• Early risk profiles for every member

• Provider quality trends and insights

• Detection of documentation gaps before they become CMS issues

Think of it as creating a solid foundation — because clean inputs set the stage for clean outcomes.

Step 2: EDI 837 Encounter Submissions — Streamlined and Automated

After adjudication, we transform your claims into CMS-ready EDI 837 encounters. With our Encounter Submission Engine, your data is prepared for seamless submission.

We help you:

• Format encounters to CMS standards — no rejections for structure

• Automate Part C and D submissions

• Monitor and trace responses to know exactly what CMS accepted or flagged

Your data isn’t just submitted — it’s delivered polished and ready for audit scrutiny.

Step 3: Decoding CMS Responses — From EDI Confusion to Clarity

Once your data is with CMS, responses start rolling in — and we’re ready. Our platform translates every feedback file into actionable insights:

• TA1: File received? 

• 999: Syntax approved? 

• 277: Claim-level status updates 

• MAO-002: Final CMS verdict — accepted, rejected, or retry 

We provide:

• Real-time error alerts

• Clear resolution pathways

• Visual dashboards that simplify EDI feedback

No need to interpret complex codes — we do the heavy lifting.

Step 4: Owning the Monthly CMS Files — MAO-004, MMR, MOR & More

Many solutions focus solely on submissions. We go deeper, helping you unlock the insights from monthly CMS files:

• MAO-004: Did your diagnoses pass the CMS filter?

• MMR: What payments did CMS send, and how were they calculated?

• MOR: Which HCCs counted toward your risk score?

With HDM, you stay in control of payments, documentation gaps, and audit preparedness — without surprises.

Step 5: Smarter Medical Chart Coding — Driven by AI/NLP

Compliance starts with accurate documentation. HDM’s AI/NLP-driven chart review module sharpens your coding process:

• Validate each diagnosis against the clinical record

• Detect undercoding or missing HCCs

• Identify mismatches between what providers submit and what CMS records

Plus, we’ve made chart reviews faster and smarter:

• Smart Summary: AI-generated snapshots of the entire chart

• Chart Copilot: Chat directly with chart content to clarify codes or spot inconsistencies

In a RADV audit, “almost accurate” isn’t enough — we help you get it right.

Step 6: Beyond Compliance — Managing Population Risk Proactively

Risk adjustment is about more than meeting CMS standards — it’s a strategic lever for population health and financial forecasting.

With HDM, you can:

• Monitor real-time risk shifts across populations

• Pinpoint high-risk members needing intervention

• Predict revenue based on coding trends and gaps

• Prepare for RADV with confidence, not scramble

We help you move from reactive to proactive — managing both risk and opportunity.

Why Choose Health Data Max

• End-to-end workflow support: From claims to CMS to audits

• Built-in compliance checks: Reduce rejections, mitigate audit risks

• Financial transparency: Know where every CMS dollar comes from

• AI-driven intelligence: For faster, smarter coding reviews

When CMS regulations evolve and audit scrutiny intensifies, Health Data Max ensures your risk adjustment stays compliant, optimized, and profitable.

Ready to Transform Your Risk Adjustment Strategy? Schedule a demo today at sales@healthdatamax.com

In the ever-evolving landscape of Medicare Advantage (MA), compliance isn't just about passing an audit — it's about continuous vigilance across all contracts and enrollees. A common misunderstanding among Medicare Advantage Organizations (MAOs) is that when they’re under a CMS Risk Adjustment Data Validation (RADV) audit, their obligation to identify and report overpayments is fully suspended. However, that is not the case.

CMS has made it explicitly clear: while overpayment reporting for sampled enrollees under RADV audit is paused during the audit cycle, MAOs must continue to identify, report, and return overpayments for non-sampled enrollees within the same contract. This blog breaks down the rule, the risks of non-compliance, and how MAOs can navigate this complex requirement effectively.

Understanding the RADV Audit Process

The RADV audit is CMS's primary mechanism to ensure Medicare Advantage payments are accurate by verifying the validity of submitted diagnoses that impact the Risk Adjustment Factor (RAF) and, consequently, plan payments. CMS conducts these audits by:

• Selecting a sample of enrollees from an MA contract

• Validating submitted diagnosis codes through medical records

• Extrapolating any identified error rate across the entire contract if overpayments are detected

But while RADV samples represent a subset of enrollees, the obligation to ensure data accuracy applies to the entire contract — not just those under audit.

 CMS’s Position on Overpayment Self-Reporting Outside RADV Samples

As per the official CMS guidance — “Payment Error Calculation Methodology for RADV,” Section 4 — MAOs are still accountable for self-reporting overpayments outside of the audit sample:

“For plan-identified overpayments related to enrollees in the subject MA contract that are not included in the sampling frame for this RADV audit, your organization is required to report and return any potential overpayment to CMS in accordance with section 1128J(d) of the Act and 42 CFR 422.326.”
— CMS Payment Error Calculation Methodology, Section 4

This statement leaves no ambiguity. The self-reporting and return obligations under Section 1128J(d) of the Social Security Act continue in full force for non-sampled enrollees, even while a RADV audit is in progress for that same contract.

Key Takeaway:

Self-reporting for non-sampled enrollees is not suspended just because a RADV audit is ongoing.

The Legal Backbone: Section 1128J(d) of the Social Security Act

Section 1128J(d) stipulates that:

• MAOs must report and return overpayments within 60 days of identification

• Failing to do so can constitute a False Claims Act violation, exposing plans to significant penalties, interest, and legal actions

Combined with 42 CFR §422.326, these requirements form the backbone of CMS's overpayment return policy, reinforcing that compliance must be an ongoing, proactive responsibility — not a reactive task post-audit.

Common Pitfalls for MAOs During RADV Audits

Many MAOs inadvertently expose themselves to regulatory risk by:

• Focusing solely on the RADV sample and pausing broader overpayment reviews

• Failing to implement contract-wide data integrity checks during the audit cycle

• Misinterpreting CMS’s guidance and believing that all reporting obligations are suspended

This misunderstanding can lead to:

• Accumulating unreported overpayments

• Increased financial exposure post-RADV

• Non-compliance penalties under CMS program integrity guidelines

How MAOs Can Stay Compliant

To stay compliant and minimize both regulatory and financial risks, MAOs should:

1. Implement Continuous Overpayment Detection

   Maintain real-time monitoring systems to flag potential overpayments across the entire contract population — not just sampled enrollees.

2. Establish Robust Self-Reporting Processes

   Use CMS’s Risk Adjustment Overpayment Reporting (RAOR) module via HPMS to report and return overpayments within the statutory 60-day period.

3. Enhance Documentation and Coding Validation

   Even if sampled enrollees are shielded during RADV, the same coding, chart review, and documentation standards should be applied uniformly across all enrollees.

4. Engage in Proactive Internal Audits

   Conduct periodic internal audits of encounter data, diagnoses, and submitted HCCs to ensure compliance with risk adjustment accuracy.

5. Leverage Technology for Compliance Automation

   AI-driven platforms can:

   • Crosswalk submitted encounters against coding standard

   • Validate HCC submissions for accuracy and completeness

   • Track payment integrity across the full contract spectrum

How Health Data Max Supports MAOs Across RADV and Self-Reporting

At Health Data Max, we’ve built solutions that ensure MAOs remain compliant across both sampled and non-sampled populations, even amidst an active RADV audit:

• Encounter Data Validation: Pre-submission checks ensure only valid diagnoses go to CMS

• MAO-004 and MAO-002 Monitoring: Identify gaps in accepted vs. rejected codes in near real-time

• Overpayment Flagging: Automated tools surface potential overpayments well before the 60-day clock starts ticking

• Audit Defense Readiness: Even beyond RADV, our documentation alignment services ensure MAOs have a full defensible record of coding decisions

Final Thoughts

A RADV audit is a focused review — but your compliance obligations span the entire contract population. CMS has made it clear: self-reporting does not stop for non-sampled enrollees. Ignoring this can result in regulatory penalties and financial risks that extend far beyond the RADV process itself.

By embracing continuous data integrity checks, real-time overpayment monitoring, and proactive reporting, MAOs can safeguard their contracts — and ensure they remain on the right side of compliance.

Need help building a RADV-proof, CMS-compliant risk adjustment strategy?
Contact Health Data Max for a consultation.

As contract-level Risk Adjustment Data Validation (RADV) audits ramp up, Medicare Advantage Organizations (MAOs) must understand a critical—and often overlooked—aspect of CMS’s audit methodology: there is no right to appeal the sampling or extrapolation methods used.

This isn’t just a technicality—it has major implications for audit readiness, financial liability, and how plans prepare for seven years of retrospective scrutiny.

What CMS Said: No Appeal Rights on Methodology

Per the CMS FAQ released in December 2023, CMS makes it clear:

“CMS will rely on any statistically valid method for sampling and extrapolation that it determines to be well-suited to a particular audit.”
— [CMS RADV FAQ, Q4, Dec 2023]

Unlike other administrative determinations, MAOs cannot appeal:

• The specific sampling methodology used

• The choice of extrapolation method

• Confidence intervals or stratification techniques applied

While CMS will disclose its methodology to MAOs, this disclosure is informational—not subject to negotiation or appeal.

Why This Matters: Financial Risk Without Recourse

This policy creates a high-stakes environment:

• Even if only a small number of sample records fail validation, extrapolation can magnify that error across the full contract population.

• MAOs could face multi-million dollar recoveries based on CMS’s chosen extrapolation model—even if the methodology is different from one used in a prior audit.

• There’s no procedural pathway for plans to challenge the validity, accuracy, or fairness of the sampling technique used.

CMS’s Flexibility in Audit Design

CMS has explicitly stated it is not adopting a one-size-fits-all audit design. Instead, for each contract-level RADV:

• CMS will use audit-specific methods it considers statistically valid.

• The exact sampling logic may vary by year, contract, or audit round.

• CMS maintains discretion to adjust extrapolation logic based on circumstances.

This means historical comparisons or prior audit outcomes offer limited protection or precedent.

Preparing for a No-Appeal Audit Environment

Given the lack of appeal rights, MAOs must prepare on the front end:

• Ensure medical record quality and completeness
  Don’t rely on post-audit correction—CMS will use what you submit as-is.

• Audit your sample logic internally
  Run simulations using industry-standard statistical methods so you aren’t surprised by extrapolated outcomes.

• Leverage technology to strengthen defensibility
  AI tools like those in Health Data Max’s Risk Adjustment Platform can:
  - Flag weak documentation
  - Recommend stronger charts for submission
  - Validate HCC support before records go to CMS

• Educate coding and compliance teams
  If they’re not aware that extrapolation choices are final, they may under-prioritize the strategic importance of each chart in the sample.

Final Thought

CMS’s “no appeal” position on sampling and extrapolation methodologies raises the bar for audit preparedness. The methodology may be beyond your control—but your data, documentation, and chart selection process are not.

Want to safeguard your revenue against RADV extrapolation? Let Health Data Max help you build audit resilience with data you can trust—and defend.

Contact us at sales@healthdatamax.com or visit www.healthdatamax.com to schedule a Demo.

Introduction

In the world of Medicare Advantage (MA), precision is everything. A single unsupported diagnosis code may seem minor — until it triggers a full-scale RADV audit, leading to contract-wide overpayment demands. Under CMS’s latest RADV audit methodology, the financial exposure tied to unsupported Hierarchical Condition Categories (HCCs) is more severe than ever before.

What Is an “Unsupported” HCC?

An HCC is deemed unsupported when the diagnosis code submitted by a Medicare Advantage Organization (MAO) cannot be validated by documentation in the medical record during a CMS-conducted RADV audit.

As detailed in CMS’s Payment Error Calculation Methodology for Payment Year 2013, an unsupported HCC results when:

• The diagnosis was submitted by the MAO but not found in the medical record (MR),

• No valid MRs were submitted at all for the sampled enrolee,

• The submitted MR did not support the condition as per ICD coding guidelines.

Each unsupported HCC is labelled “Discrepant” in CMS audit terminology, signalling that the code was used inappropriately for risk adjustment payment purposes.

The Financial Domino Effect: How One Error Becomes a Contract-Wide Liability

CMS doesn’t just flag an unsupported HCC and stop there. Under contract-level RADV audit methodology, the agency extrapolates that one error across the entire Medicare Advantage contract — multiplying the financial impact across potentially thousands of enrolees.

Here’s how it works:

1. CMS selects a random sample of enrolees from an MA contract.

2. For each enrolee, it validates diagnoses using only one “best” medical record per HCC.

3. If an HCC is found to be unsupported, CMS calculates the monthly overpayment for that enrollee.

4. That overpayment is then extrapolated to all similar enrollees in the contract — regardless of whether their charts were reviewed.

According to CMS:
“The total overpayment amount… is the sum of the ‘RADV enrollee total payment error’ amounts for all sampled enrollees. If the sum is greater than $0, an overpayment condition exists.”
— CMS Payment Error Methodology

Real-World Implication:

If a single unsupported HCC (e.g., diabetes with chronic complications) results in a $3,000 monthly overpayment for one enrollee, and CMS extrapolates that error to 2,000 similar enrollees, the total financial recovery demanded could exceed $6 million.

Why MAOs Must Act Now:

CMS no longer gives leeway for missing documentation or coding assumptions. If a diagnosis isn't clearly documented, supported by clinical evidence, and coded per ICD guidelines, it doesn’t count. Period.

And since CMS audits are retroactive (often reviewing data up to 7 years old), a single lapse in documentation today could turn into a multi-million dollar clawback tomorrow.

Takeaway: Accuracy Is Your Audit Shield

Risk adjustment isn't just a revenue strategy — it's a compliance obligation. Your best defence against financial exposure? Ensuring every HCC submitted is:

• Backed by valid face-to-face medical records,

• Documented with clinical clarity,

• Coded precisely according to CMS and ICD guidelines.

Pro Tip:

Leverage internal chart audits and AI-powered coding tools to identify unsupported HCCs before CMS does.

Final Thought:

One error may feel small. But under CMS’s RADV audit methodology, one missed HCC can financially impact your entire contract. Don’t wait for CMS to catch it — validate your risk scores now.

No Extensions – Finalize Your Submissions Now

The Centers for Medicare & Medicaid Services (CMS) has issued a critical reminder via the May 30, 2025 HPMS memo:
All closed period deletes tied to Payment Year (PY) 2022 for Risk Adjustment Data Validation (RADV) must be submitted no later than June 30, 2025.

Important: CMS has confirmed that no extensions will be granted for this deadline. Plans must act now to avoid risk exposure or audit discrepancies.

Why This Matters

This submission deadline is part of CMS’s broader effort to close out historical RADV audit cycles for Payment Years 2018–2024. As CMS increases oversight, timely and complete submissions are essential to:

• Prevent inclusion of unsupported diagnoses in RADV audit samples.

• Ensure audit samples reflect finalized and accurate risk adjustment data.

• Minimize audit findings and associated overpayment liabilities.

What You Should Be Doing Now

1. Review your PY 2022 data: Identify any records that require deletion or correction.

2. Submit closed period deletes: Use CMS-approved submission pathways to process deletions before June 30.

3. Cross-reference chart evidence: Confirm that all retained diagnosis codes are supported by documentation.

4. Update internal workflows: Align RADV readiness with this new deadline to reduce compliance risk.

5. Coordinate across departments: Ensure your coding, compliance, and IT teams are aligned and fully aware of the cutoff date.

Pro Tip: Don’t Wait Until the Last Week

Health plans that wait until the final days of June to initiate deletes may face technical issues or delays. Start early to ensure file acceptance, QA validation, and transmission logs are complete.

Contact Details for CMS

• For RADV audit questions: RADV@cms.hhs.gov

• For questions related to overpayment recovery or RADV sampling data submission: RiskAdjustmentPolicy@cms.hhs.gov

How Health Data Max Can Help

Our Risk Adjustment Platform supports automated compliance tracking, error flagging, and streamlined file reconciliation to ensure you meet CMS’s RADV deadlines. With our audit-ready workflow:

• Align chart review and submission integrity

• Flag unsupported HCCs for pre-audit cleanup

Contact us at sales@healthdatamax.com or visit www.healthdatamax.com to schedule a compliance readiness assessment.

As CMS accelerates its oversight of Medicare Advantage Organizations (MAOs), contract-level RADV audits are taking center stage. These audits aren’t just about compliance—they’re about real financial exposure, rooted in complex methodologies like extrapolation and payment error estimation.

CMS's Intent: Closing the Oversight Gap

After years of limited recoveries, CMS is moving to complete all outstanding RADV audits for Payment Years 2018–2024 by early 2026. This means seven years of risk adjustment data will be reviewed under contract-level scrutiny. If your plan hasn’t modernized its audit defenses, now is the time.

 What Contract-Level RADV Really Means

Per CMS’s updated guidance (see: FAQ on Contract-level RADV, Dec 2023), audits are no longer confined to member-level discrepancies. Instead, CMS will calculate payment error rates across a statistical sample of enrollees, then apply extrapolation across the full contract population. This has major implications:

• MAOs could be liable for millions in overpayments based on extrapolated error rates—even if only a small percentage of sampled records contain errors.

• CMS has confirmed it is not required to disclose all potential extrapolation inputs in advance.

• There is no appeal available for methodological decisions like the choice of sampling or error rate formulas.

The Extrapolation Formula: A High-Stakes Equation

In its Payment Error Calculation Methodology document, CMS outlines how it:

• Identifies non-valid HCCs not supported by chart documentation

• Calculates per-member risk score errors, adjusting for demographic weight

• Applies midpoint estimates to extrapolate the total dollar impact

• Uses this extrapolated error to calculate contract-level recoveries

This means that one unsupported diagnosis—if replicated across a contract’s population—can balloon into a multi-million-dollar liability.

Are You Ready for 7 Years of RADV Scrutiny?

Ask yourself:

• Are your HCCs fully supported by clinical documentation?

• Do you have automated controls in place to prevent leakage?

• Are your audit charts strategically selected and defensible?

If not, it’s time to upgrade your approach.

Why Manual Chart Review Workflows Are No Longer Enough

Many health plans still rely on outdated, disconnected processes:

• Manual chart pulling

• Siloed submission validation

• Reactive audit defenses

This results in missed HCCs, documentation gaps, and failed RADV audits.

Meet Health Data Max – AI-Powered RADV Audit Resilience

Our purpose-built Risk Adjustment platform which delivers full-spectrum risk adjustment oversight:

• AI-Powered Chart Selection
  Select the best-supported charts for CMS submission using NLP-based scoring models.

• HCC Compliance Dashboards
  Real-time visibility into coding quality, encounter completeness, and audit risk.

• Pre- and Post-Submission Analytics
  Track HCC integrity from initial coding to MAO-004/MOR confirmation.

• CMS Document Search
  Query regulatory PDFs (like the ones in this blog!) using natural language search.

Don’t Wait for the CMS Audit Letter

RADV is no longer a distant threat—it’s an urgent priority. The 2026 deadline leaves little time for trial-and-error. By combining regulatory insight with AI automation, Health Data Max helps MAOs:

• Minimize extrapolated error risk

• Defend every dollar of risk adjustment revenue

• Future-proof audit processes before CMS arrives

Contact Us to schedule a demo or request a pilot evaluation today.

No Extensions Will Be Granted

On May 30, 2025, the Centers for Medicare & Medicaid Services (CMS) released an official HPMS memo titled “Deadlines for the Submission of Risk Adjustment Data for Risk Adjustment Data Validation Sampling.” The memo outlines a critical compliance deadline for all Medicare Advantage Organizations (MAOs):

All closed period deletes for Payment Year (PY) 2020 must be submitted no later than June 16, 2025.
No extensions will be granted.

This is a firm, non-negotiable deadline. MAOs must ensure timely review and submission to maintain compliance and minimize RADV-related financial risk.

What Are Closed Period Deletes?

Closed period deletes refer to the removal of diagnosis codes submitted for payment in prior years that are no longer eligible for standard correction. These deletes are allowed specifically to prepare for Risk Adjustment Data Validation (RADV) audits, which assess the accuracy of risk-adjusted payments.

CMS permits these deletions prior to the RADV audit sample selection, offering health plans a final opportunity to align submitted data with the supporting clinical documentation.

Key Takeaways from the Memo

• Deadline: All deletes for PY2020 must be submitted by June 16, 2025.

• Applies to: Submissions via both RAPS and EDPS.

• No exceptions or extensions will be provided after the deadline.

• Deletions submitted after this date will not be excluded from RADV sample consideration.

Implications for MA Plans

This deadline is especially significant in light of CMS’s broader initiative to accelerate the RADV audit timeline. CMS has announced its intention to complete all remaining RADV audits for PY2018 through PY2024 by early 2026 — compressing seven years of audit activity into a short timeframe.

MAOs should take the following immediate steps:

• Conduct a thorough internal review of all PY2020 diagnosis submissions.

• Identify and submit unsupported or invalid diagnoses for deletion.

• Ensure that retained codes are fully supported by appropriate medical record documentation.

• Confirm that deletes are submitted through the appropriate RAPS or EDPS pathways by the deadline.

Compliance Risk and Financial Impact

Failure to remove unsupported diagnoses before sampling could significantly increase audit exposure and result in repayment obligations. Given the lack of extensions, plans that miss this window may have no recourse to mitigate findings for PY2020 RADV.

Conclusion

The June 16, 2025 deadline represents a critical milestone in CMS’s evolving approach to RADV enforcement. Health plans should act with urgency to complete their data reviews and deletions.

Proactive data validation today is the key to audit readiness tomorrow.

For support with closed period deletes, RADV audit preparation, or risk adjustment data integrity, contact the team at Health Data Max. Our experts assist MAOs in achieving full compliance and minimizing risk exposure.

The Background: Why OIG Audited Coventry 

Under the Medicare Advantage program, CMS makes risk-adjusted payments based on enrollees’ documented health conditions. These diagnoses, submitted by MA organizations, must be backed by medical record documentation. 

But some conditions — especially those with high payment weights — are more susceptible to miscoding or lack of clinical support. 

That’s why the Office of Inspector General (OIG) targeted 10 high-risk diagnosis groups submitted by Coventry Health and Life Insurance Company (Contract H1608) for payment years 2018 and 2019. 

What OIG Found: Unsupported HCCs and Big Overpayments 

In a sample of 300 enrollee-years, OIG found that 249 had unsupported diagnosis codes — a staggering 83% error rate. 

As a result, the audit uncovered: 

• $752,587 in net overpayments within the sample 

• An extrapolated estimate of $6.9 million in net overpayments to Coventry for just 2018 and 2019 

OIG concluded that Coventry’s internal policies and procedures to prevent, detect, and correct HCC coding errors were inadequate, leaving CMS exposed to significant financial loss. 

What the OIG Recommends 

The report didn’t pull any punches. The OIG made three clear recommendations to Coventry: 

1. Refund the estimated $6.9 million in overpayments to the Federal Government 

2. Identify and refund overpayments for similar diagnosis submissions outside of the audit period 

3. Improve compliance processes to better align with CMS’s risk adjustment requirements 

Coventry disagreed with some of the audit’s findings and rejected all three recommendations, but the report stands as a strong signal from OIG and CMS about enforcement expectations. 

What This Means for the Industry 

This isn’t just about one health plan — this is a compliance spotlight moment for the entire Medicare Advantage space. 

The key takeaway is simple but critical: 

If your diagnosis code isn't backed by valid, timely medical documentation — it shouldn't be submitted. 

This includes: 

• Clinical notes showing condition monitoring, treatment, or evaluation 

• Labs, imaging, prescriptions, or referrals supporting the diagnosis 

• Evidence that the condition was present and addressed during the payment year 

Anything less invites audit risk, clawbacks, and reputational damage. 

Lessons for MA Plans, Coders & Providers 

To avoid ending up in a future audit headline, Medicare Advantage organizations should: 

• Conduct internal retrospective audits of high-risk HCCs 

• Validate diagnosis codes before submission, not after 

• Train coders and providers on active condition management documentation 

• Align internal workflows with CMS and OIG expectations for clinical support 

Coding accuracy isn’t just about revenue — it’s about defensibility. 

Final Thoughts: This Audit Isn’t the Last — It’s the Start 

As CMS and the OIG expand their focus on risk adjustment compliance, every MA plan should consider this report a warning — and an opportunity. 

Plans that prioritize clinical validation, invest in documentation improvement, and build audit-ready workflows will not only avoid clawbacks — they’ll lead the way in transparency and patient-centered care. 

Need support reviewing your HCCs before CMS or OIG does? 
Let Health Data Max help you build AI-powered audit defenses and documentation validation workflows. 

Contact Us for comprehensive Risk Adjustment platform including audit support. 

CMS recently announced that it will postpone the planned decommissioning of the CSSC Operations website, which was originally scheduled to occur on May 31, 2025. This site, csscoperations.com, plays an important role in Medicare Advantage and Part D operations, especially when it comes to Risk Adjustment and Prescription Drug Event (PDE) data submission. 

The decision to delay comes as CMS works to ramp up its Risk Adjustment Data Validation (RADV) audits. The agency recognizes that the CSSC website provides essential tools and information that many health plans and system vendors rely on for timely and accurate data submission. Disrupting access during such a critical compliance period could negatively impact reporting, so CMS is hitting pause — for now. 

So what does this mean for you? It means nothing changes just yet. Health plans can continue to access everything they need through csscoperations.com, including file layouts, submission guidance, and technical documentation. The site remains the central hub for encounter data and PDE submissions until further notice. 

CMS hasn’t shared a new date for the transition to CMS.gov, but they’ve confirmed that more information will be provided in a future memo. Until then, you can keep using the same processes and tools you’re already familiar with. 

Support also remains in place. The CSSC Operations Help Desk is still available to answer your questions related to data submissions. You can reach them at csscoperations@palmettogba.com or by phone at 1-877-534-2772. 

This extension is good news — it gives you more time to stabilize your internal systems, ensure submission accuracy, and prepare for whatever the next phase of migration looks like. But it’s also a reminder: while the shutdown is postponed, it’s not canceled. Use this time wisely to stay audit-ready and ahead of future changes. 

Need help preparing your risk adjustment data workflows for future transitions? Contact us at sales@healthdatamax.com or visit healthdatamax.com to get started.