In the ever-evolving landscape of Medicare Advantage (MA), compliance isn't just about passing an audit — it's about continuous vigilance across all contracts and enrollees. A common misunderstanding among Medicare Advantage Organizations (MAOs) is that when they’re under a CMS Risk Adjustment Data Validation (RADV) audit, their obligation to identify and report overpayments is fully suspended. However, that is not the case.

CMS has made it explicitly clear: while overpayment reporting for sampled enrollees under RADV audit is paused during the audit cycle, MAOs must continue to identify, report, and return overpayments for non-sampled enrollees within the same contract. This blog breaks down the rule, the risks of non-compliance, and how MAOs can navigate this complex requirement effectively.

Understanding the RADV Audit Process

The RADV audit is CMS's primary mechanism to ensure Medicare Advantage payments are accurate by verifying the validity of submitted diagnoses that impact the Risk Adjustment Factor (RAF) and, consequently, plan payments. CMS conducts these audits by:

• Selecting a sample of enrollees from an MA contract

• Validating submitted diagnosis codes through medical records

• Extrapolating any identified error rate across the entire contract if overpayments are detected

But while RADV samples represent a subset of enrollees, the obligation to ensure data accuracy applies to the entire contract — not just those under audit.

 CMS’s Position on Overpayment Self-Reporting Outside RADV Samples

As per the official CMS guidance — “Payment Error Calculation Methodology for RADV,” Section 4 — MAOs are still accountable for self-reporting overpayments outside of the audit sample:

“For plan-identified overpayments related to enrollees in the subject MA contract that are not included in the sampling frame for this RADV audit, your organization is required to report and return any potential overpayment to CMS in accordance with section 1128J(d) of the Act and 42 CFR 422.326.”
— CMS Payment Error Calculation Methodology, Section 4

This statement leaves no ambiguity. The self-reporting and return obligations under Section 1128J(d) of the Social Security Act continue in full force for non-sampled enrollees, even while a RADV audit is in progress for that same contract.

Key Takeaway:

Self-reporting for non-sampled enrollees is not suspended just because a RADV audit is ongoing.

The Legal Backbone: Section 1128J(d) of the Social Security Act

Section 1128J(d) stipulates that:

• MAOs must report and return overpayments within 60 days of identification

• Failing to do so can constitute a False Claims Act violation, exposing plans to significant penalties, interest, and legal actions

Combined with 42 CFR §422.326, these requirements form the backbone of CMS's overpayment return policy, reinforcing that compliance must be an ongoing, proactive responsibility — not a reactive task post-audit.

Common Pitfalls for MAOs During RADV Audits

Many MAOs inadvertently expose themselves to regulatory risk by:

• Focusing solely on the RADV sample and pausing broader overpayment reviews

• Failing to implement contract-wide data integrity checks during the audit cycle

• Misinterpreting CMS’s guidance and believing that all reporting obligations are suspended

This misunderstanding can lead to:

• Accumulating unreported overpayments

• Increased financial exposure post-RADV

• Non-compliance penalties under CMS program integrity guidelines

How MAOs Can Stay Compliant

To stay compliant and minimize both regulatory and financial risks, MAOs should:

1. Implement Continuous Overpayment Detection

   Maintain real-time monitoring systems to flag potential overpayments across the entire contract population — not just sampled enrollees.

2. Establish Robust Self-Reporting Processes

   Use CMS’s Risk Adjustment Overpayment Reporting (RAOR) module via HPMS to report and return overpayments within the statutory 60-day period.

3. Enhance Documentation and Coding Validation

   Even if sampled enrollees are shielded during RADV, the same coding, chart review, and documentation standards should be applied uniformly across all enrollees.

4. Engage in Proactive Internal Audits

   Conduct periodic internal audits of encounter data, diagnoses, and submitted HCCs to ensure compliance with risk adjustment accuracy.

5. Leverage Technology for Compliance Automation

   AI-driven platforms can:

   • Crosswalk submitted encounters against coding standard

   • Validate HCC submissions for accuracy and completeness

   • Track payment integrity across the full contract spectrum

How Health Data Max Supports MAOs Across RADV and Self-Reporting

At Health Data Max, we’ve built solutions that ensure MAOs remain compliant across both sampled and non-sampled populations, even amidst an active RADV audit:

• Encounter Data Validation: Pre-submission checks ensure only valid diagnoses go to CMS

• MAO-004 and MAO-002 Monitoring: Identify gaps in accepted vs. rejected codes in near real-time

• Overpayment Flagging: Automated tools surface potential overpayments well before the 60-day clock starts ticking

• Audit Defense Readiness: Even beyond RADV, our documentation alignment services ensure MAOs have a full defensible record of coding decisions

Final Thoughts

A RADV audit is a focused review — but your compliance obligations span the entire contract population. CMS has made it clear: self-reporting does not stop for non-sampled enrollees. Ignoring this can result in regulatory penalties and financial risks that extend far beyond the RADV process itself.

By embracing continuous data integrity checks, real-time overpayment monitoring, and proactive reporting, MAOs can safeguard their contracts — and ensure they remain on the right side of compliance.

Need help building a RADV-proof, CMS-compliant risk adjustment strategy?
Contact Health Data Max for a consultation.