By Jeannie Hennum
General Manager, Value Based Care
Verisma
June 24, 2025

My esteemed colleague and government affairs/policy guru Elizabeth McElhiney recently published a blog for providers detailing an announcement from the Centers for Medicare and Medicaid Services (CMS) regarding their initiative to rapidly administer outstanding Risk Adjustment Data Validation (RADV) audits and expand the parameters of new RADV audits by September 1.

The audits are important to the entire healthcare system – safeguarding the accuracy and integrity of health plan data, and the effort is part of the federal government’s effort to remove fraud, waste and abuse (FWA) in Medicare Advantage (MA) programs.

RADV Refresher

Because this hasn’t been an active program for eight years, let’s review.

Risk Adjustment is a CMS process that is used by health plans to determine their enrollees’ (patients, members) health status, specifically identifying any chronic conditions the patients have (or potentially will have), which in turn most likely will result in the need for additional healthcare and services. Hierarchical Condition Categories (HCC) coders review the medical records, identifying and coding the patients’ chronic conditions. The coding results are used to generate each enrollees’ Risk Adjustment Factor (RAF) score and provide the basis for reporting submissions to CMS. These results also help support care management programs for the patients. Based on the health plans’ submissions, CMS then provides additional funding needed to ensure the patients receive the necessary benefits and services promoting better health outcomes for the patients.

RADV (Risk Adjustment Data Validation) audits are generated by CMS to ensure the health plans have submitted accurate diagnosis data. RADV audits require health plans to submit the best medical record to validate the patients’ chronic conditions – basically, to provide a “receipt.” The RADV audits have short timeframes and stringent requirements. Failure to validate potentially has significant financial penalties for health plans, primarily stemming from recoupment of overpayments.

Recent changes to RADV for payment years beginning in 2018 will let CMS extrapolate to calculate the overpayment from the sample and then recoup that total amount. For instance, if the health plan has coded/submitted the “diabetes” for a patient, but they cannot provide the medical record to support this diagnosis during the RADV audit, CMS may recoup the funding back from the health plan for this patient and for all other members diagnosed with diabetes. Other penalties the health plan may face are false claims liability and exclusion from government healthcare programs.

Accurate risk adjustment is crucial for ensuring health plans receive appropriate compensation for the care of patients, promoting fairness and stability in the healthcare system.

Where It All Began

RADV audits started in 2002 with the Improper Payments Information Act (IPIA), and it has been revised numerous times. CMS is several years behind finishing these audits, and the Trump administration wants to complete all RADV audits for payment years (PY) 2018 to 2024 by early next year.

To do so, CMS is hiring 2,000 coders and deploying enhanced tech to meet the deadline. They’re also increasing the amount of medical records it will audit from 35 records per health plan to 200, and audits from 60 MA plans annually to all (approximately) 550 plans – a 900 percent increase.

RADV’s Importance

• Financial Accuracy: RADV ensures health plans are compensated accurately based on the risk profiles of enrollees, encompassing significant financial implications for health plans.
• Quality Care: Accurate data is essential for identifying high-risk individuals and ensuring they receive necessary care, helping improve health outcomes.
• Compliance: RADV audits help ensure compliance and mitigate the risk of penalties and sanctions.

Important Health Plan Considerations

• Implement robust data validation processes and regularly review and update information to prevent errors.
• Align with providers to ensure medical records are complete and accurate.
• Train staff on the importance of correct diagnosis coding and documentation to help improve data accuracy and reduce the risk of errors during RADV audits.

RADV is a crucial element of the healthcare system, ensuring CMS funding is accurate and payment is made only for documented services and diagnoses. Health plans can promote financial stability, improve quality of care, and ensure CMS regulation compliance.

Verisma has helped providers navigate accurate health information for 20+ years and we’re ready to meet the demand of these volumes for payers, too. Contact us today to discuss how we can help.

By Elizabeth McElhiney, MHA, CHPS, CPHIMS, CDH-L, CRIS, CC
Director of Government Affairs and Policy
Verisma
June 23, 2025

The Centers for Medicare and Medicaid Services (CMS) announced an initiative late last month to rapidly complete outstanding Risk Adjustment Data Validation (RADV) audits while expanding the parameters of new RADV audits by September 1. The audits ensure the accuracy and integrity of health plan data, and the effort is part of the federal government’s effort to eliminate fraud, waste and abuse (FWA) in Medicare Advantage (MA) programs – impacting providers and patients.

While you’re familiar with Medicare Risk Adjustment (MRA) reviews, it’s unlikely you’ve seen a RADV audit. So, what’s the difference?

• Annual MRA audits, issued first, are used by MA plan to determine patient risk adjustment factor (RAF) to predict healthcare costs by reviewing medical records, evaluating diagnoses, and assessing demographical information including age and gender to determine health status and provider payments. The higher the RAF, the more money CMS pays the MA plan.
• RADV audits, issued second, are for data validation to gauge if insurance companies have correctly calculated RAF scores. These audits ensure treatment leading to diagnosis in a RAF score is documented in the medical record, removing risk MA plans don’t say patients are sicker than they are. If the government finds a RAF score is calculated incorrectly or doesn’t receive records to audit, it can recoup the overpayment from the MA plan and the facility. Recent changes to the RADV program will let CMS extrapolate the overpayment amount for a health plan from the sample and then recoup that total amount. These changes are similar to how the RAC program can recoup overpayments.

Why am I just hearing about this?

RADV audits have been around since 2002’s Improper Payments Information Act (IPIA) and the program has been modified multiple times. Because CMS is several years behind completing these audits, the Trump administration wants to finish all remaining RADV audits for payment years (PY) 2018 to 2024 by early 2026.

This initiative received widespread attention because efforts to detect and eliminate FWA are high priorities for the current administration. CMS will hire approximately 2,000 coders in the upcoming months and deploy enhanced technology to meet this deadline. At the same time, CMS is increasing the number of medical records it will audit from 35 records per health plan to 200, and its audits from 60 MA plans annually to all (approximately) 550 plans – a 900 percent increase.

While your practice or organization probably sees many MA patients, the odds of encountering a large number of RADV audits has always been low. Selected records are based on MA plan participation and these patients could have been treated by any provider. The only commonality is their MA plan.

Preparing for RADV Audits

It’s important to remember RADV audits need to be returned to the health plan and not CMS. This can be confusing for new ROI specialists and health information (HI) professionals because the request packet will come with a CMS letter. HI professionals must comply with these requests quickly, ensuring records are provided to the requestor by the due date.

Preparation is key. Here are some steps healthcare providers can take:

• Maintain Accurate Records: Ensure all diagnosis data is accurately documented and updated.
• Regular Training: Provide ongoing staff training on proper documentation practices, releasing appropriate records, and RADV compliance requirements.
• Create an Action Plan: Train staff to identify RADV audits and notify management when they’re received. Examine whether you can handle additional audits with existing staff or if you will need to supplement with external resources.

RADV audits are a critical component of the healthcare system, ensuring MA payments are accurate and payment is made only for the services and diagnoses documented. By understanding the importance of these audits and taking proactive preparation steps, healthcare providers can navigate the process smoothly and maintain compliance with CMS regulations.

By Elizabeth McElhiney, MHA, CHPS, CPHIMS, CDH-L, CRIS, CC
Director of Compliance and Government Affairs
Verisma
June 10, 2025

I had the opportunity this spring to appear before a Florida State Senate committee to share a personal story pulled from my nearly 20 years as a health information professional – emphasizing the importance of protecting patient privacy and opposing SB 1606 as written.

As I prepared my testimony, I remembered the countless individuals who entrusted me with their most sensitive information. The important story I shared underscores the critical need for maintaining patient privacy protection.

A little over ten years ago, a woman came to my office with her children. She was there to request medical records, which at first seemed routine. However, as she completed the necessary forms, she quietly pulled me aside and made a special request: she asked me to ensure any bills related to her records would be sent directly to her attorney instead of her home.

The records she needed were related to abuse evaluations. She feared if her husband saw an invoice for medical record copies, he would realize she had taken the children to see a doctor and would know she was planning to leave him. This brave mother was concerned not only for her own safety, but also for the wellbeing of her children.

Fortunately, under existing HIPAA regulations, she was able to narrowly select the information to be released and designate an alternate address for communication to protect her privacy. However, this protection could be jeopardized by proposed legislation, including Florida’s SB 1606.

If SB 1606 and other bills like it pass, it would allow a patient’s attorney – sometimes any attorney – access to their entire medical record, including sensitive information like domestic violence evaluations and behavioral health treatment. This unrestricted access would expose vulnerable individuals to greater risks. In this mother’s case, her abuser could gain access to her sensitive information and even learn about her upcoming appointments, putting her safety in jeopardy.

This story is not unique. Sadly, I have encountered many domestic violence survivors over the years who rely on the privacy protections guaranteed by HIPAA to keep them safe. These laws have been in place for over two decades, ensuring only patients have unfettered access to their medical records because they are best equipped to assess the risks associated with disclosing their health information.

The passage of SB 1606 would strip patients of this critical ability, harming the most vulnerable among us. While there are numerous other concerns regarding SB 1606, this story highlights the deep personal and significant impact such legislation could have.

It is easy to focus on the technical aspects of medical records requests, including turnaround times and compliance, but we must remember each request represents a real person facing a significant challenge. Very few people request their medical records unless something has gone wrong in their lives.

I know the critical importance of patients being able to access their medical records. At the same time, I know patient portals are not designed to limit the information released. If only a patient can access a portal, there is not a need to withhold HIV test results or substance abuse treatment.

The changes proposed by Florida’s SB 1606 would primarily benefit a select few, while causing significant harm to vulnerable patients. It is crucial we continue to uphold the privacy protections that have safeguarded patient information for so long.

Let us remain vigilant in protecting patient privacy and ensure every individual’s sensitive information remains secure.

By Elizabeth McElhiney, MHA, CHPS, CPHIMS, CDH-L, CRIS, CC
Director of Government Affairs and Policy
Verisma
April 30, 2025

This post does not include a link to a speaking engagement or webinar. It is something rather personal. So, I am going to just dive in.

I am autistic, which some may know, and the end of this Autism Awareness month has made me unusually reflective. While I have brought it up during conversations, presentations and roundtables I have not gone out of my way to be vocal about my diagnosis.

Part of it is because I was not officially diagnosed until after I was 40.
I am also frequently told I do not look autistic, to which I want to say you have probably not spent enough time with me and I have had a lot of practice masking it.

In addition, there are real, potential consequences to disclosing my diagnosis. There is still a lot of misinformation about autism. Even if you are disclosing to someone you trust, you never remove the fear you will always have that asterisk after your name.

There is good reason for that fear. Autistic adults may be reluctant to apply to be foster parents because they’re afraid they won’t be accepted. We are also less likely to be believed by some healthcare providers, which can contribute to the average autistic lifespan being two decades less than the American average.

But I have learned not being authentically myself only hurts me, mentally and physically. For instance, I have had actual chest pain but that is a story for another post.

It is in this spirit that I am sharing my story. I think the more autistic people are open about their diagnosis, the better the community will understand the autism spectrum. There is not a typical autistic person, and we all deserve respect and support.

I also think it demystifies autism. I know there are more people out there who have not been diagnosed or were diagnosed later in life. I was told I could not be autistic because I had been in a relationship for 15+ years and could make eye contact. Being diagnosed a decade ago would have saved so much stress.

Finally, autism has reframed my understanding of how policymakers and health information professionals should approach patient privacy. Before my diagnosis, I thought I had a solid understanding of what privacy meant to an individual. It was not until my diagnosis, I truly understood why parents or patients may not share their complete medical history with providers … and the consequences, right or wrong, of disclosing a diagnosis.

There is a saying in the autism advocacy community: “Nothing about us without us.”

I love this motto.

I believe a health information professional’s job is to protect patients, autistic or not, and educate them on their right to disclose protected health information. Patients should be given this information in an understandable format and allowed to decide what, when, and to whom information is disclosed.

I suppose it is fitting HIP Week overlaps with Autism Awareness Month. All patients, particularly those in vulnerable populations, need to feel they control their health information, and it is securely kept. Health information professionals are uniquely positioned to advocate for patients and families. Belonging to both groups has emphasized the critical role my peers play in ensuring a patient’s trust. My hope is more health information professionals will feel comfortable and empowered to leverage experiences to move beyond daily work and examine how they can help patients understand privacy rights.