Risk Adjustment Tools
Built for Revenue, Deployed Into a Compliance Market
Most risk adjustment technology on the market today was designed during a period when the primary objective was straightforward: find more diagnosis codes, submit them to CMS, and increase RAF scores. The tools were judged on volume. How many charts could they process? How many HCCs could they identify? How much revenue uplift could they generate?
That objective aligned with how health plans measured their risk adjustment programs. More codes meant more money. The tools delivered exactly what the market asked for. The problem is that the market’s requirements changed, and most of the tools didn’t change with it.
Between the DOJ’s $556 million Kaiser settlement, the $117.7 million Aetna settlement in March 2026, CMS-HCC V28’s full implementation (January 1, 2026), and OIG’s February 2026 guidance flagging add-only chart reviews as high-risk practices, the regulatory environment now penalizes the exact behaviors these tools were optimized for. Volume without validation. Adds without deletes. Speed without evidence trails.
The Gap Between What Tools Do and What Regulators Expect
CMS auditors don’t evaluate risk adjustment programs on throughput. They evaluate them on defensibility. Every submitted diagnosis needs encounter-linked documentation showing the condition was actively managed, evidence mapped to MEAT criteria (Monitoring, Evaluation, Assessment, Treatment), and an explainable trail showing why the code was assigned.
Most tools on the market do not produce this output by default. They identify potential HCCs in clinical notes. Some apply NLP to extract diagnosis mentions. But few systematically validate whether the documentation meets the evidentiary standard CMS applies during audits. The gap between “this diagnosis appears in the chart” and “this diagnosis is defensibly supported by clinical evidence” is where audit failures concentrate.
The OIG’s BCBS Alabama audit (A-07-22-01207, March 2026) is a case study in this gap. 91% of sampled records had unsupported codes. History-of conditions were coded as active without evidence of current management. The technology those teams used found the codes. It didn’t validate whether the documentation could support them under scrutiny.
What a Compliance-Ready Tool Actually Does
A tool designed for the current environment does three things traditional systems don’t. First, it validates documentation against MEAT criteria before recommending a code, mapping specific sentences in the clinical note to specific evidentiary elements. Second, it identifies both codes to add and codes to remove, supporting two-way review rather than one-directional capture. Third, it produces an evidence trail that connects every coding recommendation to documented clinical language, creating audit-ready output by default.
The AI behind the tool must be explainable. Systems that produce recommendations without showing their reasoning create a new category of risk: the plan submitted a code based on an AI recommendation it can’t explain to an auditor. That’s not defensibility. That’s delegated liability.
Audit simulation adds another layer. Before codes are submitted, the system scores the defensibility of each diagnosis and flags weak documentation for remediation. Plans that catch problems before submission avoid the recoupment demands, appeals, and settlements that follow audit failures.
Evaluating Technology in 2026
The buying criteria for risk adjustment technology have shifted. Plans still evaluating tools primarily on speed, volume, and RAF uplift are applying criteria from a regulatory environment that no longer exists. The evaluation should center on three questions: Does the tool validate documentation quality? Does it support two-way coding? Can it produce audit-ready evidence trails?
Any Risk Adjustment Tool that answers no to any of these questions was built for a different era. Plans selecting technology in 2026 need systems designed for defensibility, not systems designed for revenue that have been retrofitted with compliance features. The distinction shows up in audit outcomes, and the regulatory pressure that exposes the difference is only increasing.
About the Author
