By Anupriyo Chakravarti, Chief Technology & Product Officer at Verisma

January 30, 2026

Healthcare data management is at a crossroads. Labor costs have risen 15 percent year–over–year, regulatory complexity continues to expand, and the pressure to do more with less has never been greater. In my conversations with health system CIOs and technology leaders, one theme emerges consistently: the organizations treating AI governance as a strategic capability, not a compliance checkbox, will define the next era of healthcare operations.

I had the opportunity to test this thesis at CHIME25 – Fall Forum, where I led a focus group titled “Rewriting Healthcare Data Rules: Digital Leaders, Innovators, and Disrupters Unite.” We surveyed attendees before the conference to understand how they’re approaching artificial intelligence, legacy systems, interoperability, and vendor relationships. The findings confirmed what I’ve observed across hundreds of client engagements: most organizations recognize AI’s potential, but few have built the governance foundation to capture it safely.

Here’s what the data revealed – and what it means for healthcare technology strategy.

Key Findings: An Industry in Transition

1. Data Governance Ownership Remains Fragmented
CIO/IT leadership drives data governance in most organizations, with joint committees and compliance/legal playing supporting roles. Fewer than 10 percent reported no clear ownership. The implication: Organizations with dedicated governance structures will move faster on AI adoption.

2. AI Training Data Concerns are Real – but Nuanced
While there’s openness to AI innovation, organizations remain vigilant about third–party data access. Most enforce strict controls over vendor use of data for model training. The strategic insight: Healthcare leaders aren’t anti-AI; they’re anti-opacity. Vendors who provide transparency, auditability, and clear data boundaries will earn trust.

3. Interoperability Remains a Multi–Front Battle
While organizations struggle equally with standards adoption, system integration, and partner data sharing, no single blocker dominates. Most have policies in place, but consistency and enforcement vary widely. What this signals: Point solutions won’t solve interoperability. Organizations need integrated platforms – built with universal connectors in addition to APIs – that address the full data lifecycle, from intake through archive.

4. Legacy Decommissioning is Reactive, not Strategic
Most organizations archive legacy systems to mitigate risk rather than as part of a deliberate data strategy. There’s growing openness to monetizing de-identified data for research, but risk concerns dominate decision-making. The opportunity: Organizations shifting from reactive archiving to strategic data lifecycle management can unlock cost savings and new revenue streams.

5. Global Resource Sentiment is Shifting
Opinions on using global resources for data-related tasks lean toward caution, but a meaningful minority, about 25 percent, is open to increased global partnerships. Looking ahead: As AI handles more routine tasks, the calculus around global delivery models will evolve.

The AI Maturity Gap

We asked respondents which stage of AI/data governance maturity best reflects their organization:

• Level 1: Ad hoc tools, minimal governance, data silos
• Level 2: Emerging AI/machine learning use with basic automation and foundational policies
• Level 3: Standardized platforms, governed data, formalized policies

The majority cluster at Levels 1 and 2. Very few have reached Level 3, and almost none have progressed beyond it to advanced stages where AI augments decision–making across operations.

This maturity gap represents a risk and opportunity. Organizations remaining at Level 1-2 will struggle to capture efficiency gains while managing compliance exposure. Those accelerating to Level 3 and beyond can achieve 40-60 percent productivity improvements in data-intensive workflows while strengthening compliance posture.

Verisma’s AI Maturity Model: A Framework for Transformation

Based on these findings and our experience partnering with 2,300+ healthcare organizations, we developed an enhanced maturity framework.

The model assesses five dimensions:

1. Technology Infrastructure – From siloed tools to integrated intelligent platforms

2. Data Governance – From ad hoc policies to enterprise–wide standards with automated enforcement

3. Process Automation – From manual workflows to AI–augmented operations

4. Value Realization – From cost–center metrics to measurable business outcomes

5. People and Change – From resistance to adoption to workforce enablement and upskilling

What makes this framework different: It’s not theoretical. Each maturity level includes specific benchmarks, implementation tools, and a phased roadmap with measurable success criteria. We built it for organizations that need to show progress quarterly, not just aspire to transformation over years.

The Strategic Moat: Human-in-the-Loop AI Governance

I’ll share a perspective that may diverge from the industry hype: organizations that win with AI won’t automate the most, they’ll automate responsibly.

Many vendors offer point solutions for robotic process automation or document classification. Verisma’s approach is fundamentally different. We’ve built an integrated platform spanning the full health information lifecycle – intake, retrieval, quality assurance, disclosure, and archiving – with human oversight embedded at every decision point
.
Why does this matter, strategically:

• Regulatory durability: Healthcare AI regulations are tightening. Solutions built on black–box automation face compliance risk. Human-in-the-loop architectures are designed for the regulatory environment that’s coming, not just today’s requirements.
• Quality assurance: Our AI workflows use confidence thresholds automatically triggering human review when certainty falls below acceptable levels. This isn’t a safety net, it’s a design principle. Organizations using this approach achieve 38 percent faster turnaround times while reducing unauthorized disclosure incidents by 50 percent.
• Auditability: Every AI decision is logged with immutable trails, reviewer attestations, and exception documentation. When regulators or auditors ask, “How did this decision get made?” There’s a clear answer.
• Workforce enablement: We don’t replace health information professionals; we amplify them. Staff handle exceptions and complex judgments while AI manages routine processing.

The Path Forward: From Maturity Assessment to Business Outcomes

Based on our CHIME25 research and client experience, here’s what I believe healthcare technology leaders should prioritize:

1. Assess honestly. Most organizations overestimate their AI maturity.

2. Governance before acceleration. The organizations moving fastest on AI adoption aren’t the ones with the biggest budgets. They have the clearest governance frameworks measuring and optimizing outcome metrics.

3. Demand transparency from vendors. Ask tough questions: Where does my data go? How are models trained? What happens when the AI’s uncertain?

4. Measure business outcomes, not AI activity. For instance, for release of information, track turnaround time and compliance incidents, not number of AI models deployed.

5. Plan for workforce transition. AI will change roles, not eliminate them.

Looking Ahead

In the next three years, I expect 75 percent of routine healthcare data tasks to be AI–assisted. The organizations thriving won’t adopt AI first. They’ll build governance, infrastructure, and workforce capabilities to adopt AI well.

Healthcare technology leaders are ready for this transformation. They’re looking for partners understanding operational realities and delivering practical innovation with transparency and accountability. If you’re evaluating your organization’s AI maturity, let’s chat.

About the Author

Anupriyo Chakravarti is Chief Technology & Product Officer at Verisma, leading technology strategy and product development for healthcare’s leading health information management platform. He speaks regularly on AI governance, healthcare data transformation, and technology leadership at industry conferences including AHIMA, CHIME and HIMSS.

By Jeannie Hennum
General Manager, Value Based Care
Verisma
June 24, 2025

My esteemed colleague and government affairs/policy guru Elizabeth McElhiney recently published a blog for providers detailing an announcement from the Centers for Medicare and Medicaid Services (CMS) regarding their initiative to rapidly administer outstanding Risk Adjustment Data Validation (RADV) audits and expand the parameters of new RADV audits by September 1.

The audits are important to the entire healthcare system – safeguarding the accuracy and integrity of health plan data, and the effort is part of the federal government’s effort to remove fraud, waste and abuse (FWA) in Medicare Advantage (MA) programs.

RADV Refresher

Because this hasn’t been an active program for eight years, let’s review.

Risk Adjustment is a CMS process that is used by health plans to determine their enrollees’ (patients, members) health status, specifically identifying any chronic conditions the patients have (or potentially will have), which in turn most likely will result in the need for additional healthcare and services. Hierarchical Condition Categories (HCC) coders review the medical records, identifying and coding the patients’ chronic conditions. The coding results are used to generate each enrollees’ Risk Adjustment Factor (RAF) score and provide the basis for reporting submissions to CMS. These results also help support care management programs for the patients. Based on the health plans’ submissions, CMS then provides additional funding needed to ensure the patients receive the necessary benefits and services promoting better health outcomes for the patients.

RADV (Risk Adjustment Data Validation) audits are generated by CMS to ensure the health plans have submitted accurate diagnosis data. RADV audits require health plans to submit the best medical record to validate the patients’ chronic conditions – basically, to provide a “receipt.” The RADV audits have short timeframes and stringent requirements. Failure to validate potentially has significant financial penalties for health plans, primarily stemming from recoupment of overpayments.

Recent changes to RADV for payment years beginning in 2018 will let CMS extrapolate to calculate the overpayment from the sample and then recoup that total amount. For instance, if the health plan has coded/submitted the “diabetes” for a patient, but they cannot provide the medical record to support this diagnosis during the RADV audit, CMS may recoup the funding back from the health plan for this patient and for all other members diagnosed with diabetes. Other penalties the health plan may face are false claims liability and exclusion from government healthcare programs.

Accurate risk adjustment is crucial for ensuring health plans receive appropriate compensation for the care of patients, promoting fairness and stability in the healthcare system.

Where It All Began

RADV audits started in 2002 with the Improper Payments Information Act (IPIA), and it has been revised numerous times. CMS is several years behind finishing these audits, and the Trump administration wants to complete all RADV audits for payment years (PY) 2018 to 2024 by early next year.

To do so, CMS is hiring 2,000 coders and deploying enhanced tech to meet the deadline. They’re also increasing the amount of medical records it will audit from 35 records per health plan to 200, and audits from 60 MA plans annually to all (approximately) 550 plans – a 900 percent increase.

RADV’s Importance

• Financial Accuracy: RADV ensures health plans are compensated accurately based on the risk profiles of enrollees, encompassing significant financial implications for health plans.
• Quality Care: Accurate data is essential for identifying high-risk individuals and ensuring they receive necessary care, helping improve health outcomes.
• Compliance: RADV audits help ensure compliance and mitigate the risk of penalties and sanctions.

Important Health Plan Considerations

• Implement robust data validation processes and regularly review and update information to prevent errors.
• Align with providers to ensure medical records are complete and accurate.
• Train staff on the importance of correct diagnosis coding and documentation to help improve data accuracy and reduce the risk of errors during RADV audits.

RADV is a crucial element of the healthcare system, ensuring CMS funding is accurate and payment is made only for documented services and diagnoses. Health plans can promote financial stability, improve quality of care, and ensure CMS regulation compliance.

Verisma has helped providers navigate accurate health information for 20+ years and we’re ready to meet the demand of these volumes for payers, too. Contact us today to discuss how we can help.

By Elizabeth McElhiney, MHA, CHPS, CPHIMS, CDH-L, CRIS, CC
Director of Government Affairs and Policy
Verisma
June 23, 2025

The Centers for Medicare and Medicaid Services (CMS) announced an initiative late last month to rapidly complete outstanding Risk Adjustment Data Validation (RADV) audits while expanding the parameters of new RADV audits by September 1. The audits ensure the accuracy and integrity of health plan data, and the effort is part of the federal government’s effort to eliminate fraud, waste and abuse (FWA) in Medicare Advantage (MA) programs – impacting providers and patients.

While you’re familiar with Medicare Risk Adjustment (MRA) reviews, it’s unlikely you’ve seen a RADV audit. So, what’s the difference?

• Annual MRA audits, issued first, are used by MA plan to determine patient risk adjustment factor (RAF) to predict healthcare costs by reviewing medical records, evaluating diagnoses, and assessing demographical information including age and gender to determine health status and provider payments. The higher the RAF, the more money CMS pays the MA plan.
• RADV audits, issued second, are for data validation to gauge if insurance companies have correctly calculated RAF scores. These audits ensure treatment leading to diagnosis in a RAF score is documented in the medical record, removing risk MA plans don’t say patients are sicker than they are. If the government finds a RAF score is calculated incorrectly or doesn’t receive records to audit, it can recoup the overpayment from the MA plan and the facility. Recent changes to the RADV program will let CMS extrapolate the overpayment amount for a health plan from the sample and then recoup that total amount. These changes are similar to how the RAC program can recoup overpayments.

Why am I just hearing about this?

RADV audits have been around since 2002’s Improper Payments Information Act (IPIA) and the program has been modified multiple times. Because CMS is several years behind completing these audits, the Trump administration wants to finish all remaining RADV audits for payment years (PY) 2018 to 2024 by early 2026.

This initiative received widespread attention because efforts to detect and eliminate FWA are high priorities for the current administration. CMS will hire approximately 2,000 coders in the upcoming months and deploy enhanced technology to meet this deadline. At the same time, CMS is increasing the number of medical records it will audit from 35 records per health plan to 200, and its audits from 60 MA plans annually to all (approximately) 550 plans – a 900 percent increase.

While your practice or organization probably sees many MA patients, the odds of encountering a large number of RADV audits has always been low. Selected records are based on MA plan participation and these patients could have been treated by any provider. The only commonality is their MA plan.

Preparing for RADV Audits

It’s important to remember RADV audits need to be returned to the health plan and not CMS. This can be confusing for new ROI specialists and health information (HI) professionals because the request packet will come with a CMS letter. HI professionals must comply with these requests quickly, ensuring records are provided to the requestor by the due date.

Preparation is key. Here are some steps healthcare providers can take:

• Maintain Accurate Records: Ensure all diagnosis data is accurately documented and updated.
• Regular Training: Provide ongoing staff training on proper documentation practices, releasing appropriate records, and RADV compliance requirements.
• Create an Action Plan: Train staff to identify RADV audits and notify management when they’re received. Examine whether you can handle additional audits with existing staff or if you will need to supplement with external resources.

RADV audits are a critical component of the healthcare system, ensuring MA payments are accurate and payment is made only for the services and diagnoses documented. By understanding the importance of these audits and taking proactive preparation steps, healthcare providers can navigate the process smoothly and maintain compliance with CMS regulations.