Frequently asked questions about risk adjustment audits

If your healthcare organization is selected for an audit, preparation is crucial. Begin by gathering and organizing all relevant documentation, including medical records, coding information and supporting clinical evidence. Ensure that these records are complete, easily accessible, and clearly demonstrate the accuracy of your coding and documentation practices.  

Next, conduct an internal review of the selected records to verify that all coding aligns with the latest ICD-10 guidelines and that each diagnosis is well supported by clinical documentation. Address any discrepancies or errors before the audit begins and ensure that your documentation reflects the current health status of your patients.  

Prepare your team by clearly communicating their roles in the audit process. Ensure that coders, providers and compliance officers are ready to provide any additional information auditors may request. A refresher on key documentation and coding practices can help your team respond confidently during the audit.  

Consider conducting a mock audit to identify any potential weaknesses and address them proactively. By following these steps, your organization can be better prepared for the audit, helping to ensure that your risk adjustment practices are accurate, compliant and well-documented. 

In risk adjustment audits, common red flags include inconsistent documentation, such as when diagnoses are not uniformly recorded across different visits or by various providers. This inconsistency raises concerns about the accuracy and reliability of the coding. Additionally, a lack of supporting clinical evidence for documented diagnoses is a major red flag, as auditors expect clear, substantiated records that justify each diagnosis code.  

Overcoding or upcoding is another significant red flag, particularly when there is a pattern of coding more severe or complex conditions than what is supported by the clinical documentation. This can lead to inflated risk scores and higher payments, drawing scrutiny from auditors. Similarly, an unusually high frequency of certain high-risk diagnoses without appropriate justification can suggest errors in coding.  

Other red flags include missing annual documentation for chronic conditions, late or backdated entries, and discrepancies between what is documented in the electronic health record (EHR) and what is submitted in claims data. These issues indicate potential coding inaccuracies which can trigger deeper audits and possible recoupment of payments.  

Risk adjustment audits typically occur on a regular basis as part of both routine and targeted review processes. Here’s how the timing generally breaks down:  

Annual audits — Many healthcare organizations undergo annual risk adjustment audits to ensure compliance and accuracy in coding and documentation. These audits help verify that the risk adjustment data used for reimbursement is accurate and up-to-date.  

Periodic reviews — Regulatory bodies such as the Centers for Medicare & Medicaid Services (CMS) may conduct periodic audits, which can vary in frequency depending on the organization’s risk profile and compliance history. These audits may be scheduled at regular intervals or triggered by specific concerns.  

Ad hoc audits — Ad-hoc audits may be conducted in response to anomalies, red flags, or changes in coding patterns that suggest potential issues. These audits are often more focused and can occur at any time if irregularities are detected.  

Overall, the frequency of risk adjustment audits can vary widely depending on the organization's size, the accuracy of their coding practices and regulatory requirements. Regular audits are essential for maintaining compliance and ensuring the integrity of risk adjustment processes. 

CMS conducts two distinct types of RADV audits to maintain the integrity of the system: 

1. Annual Improper Payment Measure (IPM) audits are primarily aimed at estimating the national Medicare Advantage improper payment rate, which helps to keep the healthcare system financially sustainable.
2. Contract-specific audits, on the other hand, are designed to identify and recover any improper payments made to specific Medicare Advantage Organizations (MAOs). These audits heavily rely on the accuracy and validity of the diagnoses submitted by healthcare providers.