2026 is a turning point for Medicare Advantage risk adjustment. Risk Adjustment Data Validation, or RADV, tests whether submitted diagnoses and Hierarchical Condition Categories, or HCCs, are supported by the medical record. CMS is moving to full V28 payment, issuing PY 2018 findings, and launching several new audits on a set schedule.
Key Takeaways
2026 rewards plans that treat RADV readiness as a standing operating process, not a once-a-year scramble.
- Extrapolation starts with PY 2018. One unsupported sample can affect the full contract, not just the reviewed records.
- CMS has set a visible 2026 audit calendar. PY 2020, 2021, 2024, and 2023 initiations are already on the schedule.
- V28 changes coding risk. Old HCC habits can create new errors when payment runs on the 2024 CMS-HCC model at 100 percent.
- Most invalidations are preventable. Missing signatures, thin progress notes, and unsupported HRA diagnoses still lead the list.
- AI helps before the audit starts. Pre-screening tools can catch record defects early, but human review and audit logs still matter.
- A 90-day sprint can reduce risk fast. Governance, mock audits, documentation cleanup, and appeal prep deliver the quickest gains.
What RADV Audits Actually Involve in 2026
RADV in 2026 is a contract-level record review with real extrapolation risk, so process discipline matters as much as coding accuracy.
Scope, Selection, and Sampling
CMS audits each Medicare Advantage contract separately. For PY 2018, it selects a statistically valid random sample of 35 enrollees per audited contract. Reviewers then test each audited HCC for a face-to-face encounter, an acceptable provider type, and complete authentication.
Records fail for predictable reasons: missing signatures, missing credentials, wrong member, wrong date of service, or a document that is not a valid medical record. CMS may accept a CMS-generated attestation for certain outpatient records when a signature is missing, but that should be a backup, not a routine fix.
2026 Activity Timeline
CMS has given plans a usable audit calendar, which makes delays harder to justify.
| Payment Year |
Audit Initiation  |
|---|---|
| PY 2020 | March 2026 |
| PY 2021 | May 2026 |
| PY 2024 | August 2026 |
| PY 2023 | November 2026 |
CMS also expects to begin issuing PY 2018 findings in mid-2026, with appeals activity following. Even if dates shift, the volume is high enough that staffing, retrieval, and review workflows need to be ready before spring.
Medical Record Requirements
A valid record must identify the right member, match the correct data collection year, come from an acceptable provider, and include legible, signed, and dated content. Problem lists can help, but they do not stand alone unless the face-to-face note shows assessment and management of the condition.
Non-face-to-face documentation does not generally support risk adjustment. Plans should also review internal RADV intake, retrieval, and escalation paths so requests move quickly once a sample is issued.
Teams that are aligning sampling, retrieval, authentication, and escalation controls often benefit from a short reference on definitions, timelines, reviewer expectations, and common failure points before they formalize workflows for the year ahead. If you want a neutral primer that can help frame those moving parts in one place before the enforcement developments below, see CMS RADV audits.
CMS Enforcement Signals and Policy Changes to Watch
Recent CMS, OIG, and DOJ actions show that unsupported diagnoses now carry a larger payment and enforcement risk.
The 2023 RADV Final Rule
CMS codified extrapolation beginning with PY 2018 and said it will not apply the historical Fee-For-Service Adjuster. That means payment error findings can be projected to the full contract, not limited to the reviewed sample.
OIG and DOJ Signals
HHS-OIG has reported that diagnoses drawn only from health risk assessments, or HRAs, and chart reviews were tied to billions in risk-adjusted payments without linked service records. DOJ’s 2023 settlement with The Cigna Group, about $172.3 million, reinforced that diagnosis submission practices are under active scrutiny.
Model Changes That Affect Auditing
CY 2026 payments use the 2024 CMS-HCC model, known as V28, at 100 percent. Some V24 HCCs disappeared, split, or remapped, so payer teams should not assume historical coding patterns remain safe under the new model.
For technology buyers, this is where Medicare Advantage compliance technology matters. Tools should validate source notes, provider type, signatures, and encounter alignment before a code reaches payment or an audit response.
Documentation and Coding Gaps Audits Typically Expose
The highest-value fixes are basic documentation controls that remove avoidable invalidations.
Authentication problems remain the most common defect. Missing signatures, absent credentials, and late electronic signature dates can invalidate an otherwise sound note. E-signature standards should be checked at intake, not after an audit request arrives.
Problem lists and diagnosis lists are not enough by themselves. The progress note needs clear evidence that the diagnosis was evaluated, addressed, or monitored during a face-to-face encounter in the data collection year.
HRA-only diagnoses and unlinked chart reviews deserve special attention. If a condition does not connect to a qualifying encounter, suppress it from submission and queue it for follow-up. Plans also need reliable retrieval because MA organizations must retain records for 10 years under 42 CFR 422.504.
How Technology and AI Are Reshaping Audit Preparation
AI helps most when it strengthens review discipline, not when it tries to replace coders or compliance staff. A practical setup uses rules and natural language processing, or NLP, to screen for member match, service dates, provider type, signature presence, and likely HCC evidence. Broader healthcare technology and AI coverage tracks the same shift across other parts of payer and provider operations, where machine learning is being deployed to catch defects before they reach claims, audits, or clinical documentation reviews. Failed records should route to operations for correction before they reach a RADV sample or a final risk adjustment submission.
NLP can also highlight evidence sentences, spot missing MEAT elements, and flag contradictions across notes. MEAT means monitored, evaluated, assessed, or treated. Even so, coder adjudication, version control, and a clear audit trail are non-negotiable.
When comparing platforms, look for reviewer workbenches, CMS-style invalid reason checks, encounter data quality dashboards, appeals packet assembly, secure document exchange, and configurable rules. Just as important are SOC 2 Type II controls, protected health information (or PHI, redaction, clinician-in-the-loop review, and integration with core payer systems.
Practical Steps to Reduce Audit Risk in 90 Days
A focused 90-day sprint can lower invalid record rates before the 2026 audit calendar tightens.
Day 0 to 15: Set governance. Name an executive sponsor and a RADV response lead. Inventory delegated entities, identify your highest-paid HCCs, and separate diagnoses that originated from HRAs or chart review.
Day 16 to 30: Run a mock RADV. Pull a 35-member sample for each priority contract and score it against CMS-style invalid reason checks. Report invalid rates, signature defects, and unsupported non-face-to-face records to leadership.
Day 31 to 45: Fix documentation hygiene. Send targeted provider education, deploy attestation workflows where allowed, and re-request illegible or incomplete notes before they become audit exhibits.
Day 46 to 60: Reconcile encounter data. Compare source records, clearinghouse output, and CMS encounter acceptance reports to catch missing National Provider Identifiers, or NPIs, specialty mismatches, and date errors.
Day 61 to 90: Build the appeal playbook and turn it into routine practice. Standardize file structure, draft templates for common denial reasons, and collect provider credential proofs. Set a service level for assembling an appeal package within 10 business days.
After the sprint, move to quarterly scorecards with targets for signature defects, encounter rejections, and retrieval speed. Plans that measure every contract the same way can spot drift before CMS does.
Conclusion
Plans that start now will be in a stronger position when PY 2018 findings and new audit requests arrive.
RADV readiness in 2026 is not just a coding project. It is a cross-functional program spanning compliance, coding, provider operations, chart retrieval, encounter data, and appeals. The winning approach is simple: validate earlier, fix defects faster, and keep every response packet audit-defensible.
FAQs
These questions come up most when payer teams turn policy into day-to-day audit operations.
Do Problem Lists Count as Support for HCCs in RADV?
No. A problem list may support the note, but it does not replace face-to-face documentation showing the condition was assessed or managed during the year.
Can Non-Face-to-Face Documentation Support HCCs?
Usually no. Limited interpreted diagnostic material may help in specific cases, but plans should expect each audited HCC to tie back to a qualifying face-to-face encounter.
What if a Provider Note Is Unsigned or Lacks Credentials?
Try to cure the defect quickly. A CMS-generated attestation may be allowed for certain records, but plans should also tighten intake checks so missing authentication is caught upstream.
How Should We Prioritize Fixes Ahead of PY 2018 Findings?
Start with high-value HCCs, HRA-sourced diagnoses, signature defects, and encounter mismatches. Those areas tend to create the fastest reduction in extrapolation risk.
