This article was originally posted in the Journal of Health Care Compliance (JHCC).
Andra M. Popa – Assistant Director, Healthcare Content at CITI Program.
Introduction
Entities with physicians billing Medicare Advantage face intense regulatory scrutiny as the Centers for Medicare & Medicaid Services (CMS) deploys artificial intelligence (AI) and advanced technology to conduct exhaustive audits, ensuring accurate risk-adjusted payments and high-quality patient care. CMS’s aggressive audit strategy, encompassing annual audits of all eligible Medicare Advantage contracts, an increase in its coder workforce from 40 to 2,000 by September 2025, and sophisticated AI-driven analytics, signals that the government will uncover nearly all compliance issues with unparalleled precision. A 2025 CMS Press Release highlights the agency’s strategy to accelerate Medicare Advantage audits.
A critical risk area involving human-computer interaction is the improper use of Electronic Health Record (EHR) systems, where physicians untrained in documentation practices may copy and paste outdated or irrelevant diagnoses, such as high-risk codes like acute stroke, acute heart attack, embolism, vascular claudication, lung cancer, breast cancer, colon cancer, prostate cancer, and major depressive disorder, leading to errors identified by the Office of Inspector General (OIG). OIG discusses these risks in a 2023 audit report involving Keystone Health Plan East.
This article delves into practical considerations for Medicare Advantage audits, emphasizing the pivotal role of AI and advanced technology in auditing and monitoring to detect discrepancies, the urgent need for physician training on EHR systems to prevent copy-and-paste errors, and strategies to enhance physician education. By integrating CMS’s technological advancements and OIG insights, this guide equips entities with detailed methodologies to strengthen compliance, mitigate financial risks, and foster accountability among physicians billing Medicare Advantage.
Preparing the Audit
Establish Audit Requirements
Preparation for Medicare Advantage audits demands the establishment of rigorous, technology-informed audit standards to align with CMS’s regulatory expectations. CMS mandates that medical records include valid beneficiary identification, acceptable provider types, and adherence to International Classification of Diseases (ICD) coding standards for validating Hierarchical Condition Categories (HCCs). Auditors must review OIG findings, which highlight high-risk diagnoses like acute stroke and lung cancer as prone to miscoding, to anticipate areas where CMS’s AI-driven audits will focus. (OIG Report, p. 4). AI technologies, such as machine learning models trained on historical audit data, enable CMS to predict and flag potential non-compliance areas by analyzing patterns in diagnosis code submissions. (CMS Press Release). For instance, natural language processing algorithms can extract and validate diagnosis codes from unstructured EHR notes, identifying discrepancies in seconds. Entities should implement internal AI tools, like predictive coding software, to pre-audit records, ensuring physicians meet documentation standards. A significant risk is physicians copying outdated diagnoses in EHRs, such as a resolved acute heart attack reported as active, which AI flags as non-compliant. Mandatory EHR training protocols must be established to teach physicians to verify diagnoses for relevance. Verbally communicating these standards to stakeholders fosters collaboration, setting the stage for a transparent audit process aligned with CMS’s expectations.
During the Audit
Communicate
Effective communication during Medicare Advantage audits is crucial to synchronize with CMS’s AI-driven processes and resolve issues swiftly. CMS’s advanced analytics, integrated into the Centralized Data Abstraction Tool, process millions of medical records in real time, detecting issues like invalid attestations, mismatched enrollee names, or copied diagnoses such as major depressive disorder no longer relevant. (OIG Report, CMS Press Release). AI-powered anomaly detection algorithms identify outliers, such as a high volume of high-risk codes from a single provider, triggering immediate review. Weekly communication between auditors and entities, facilitated by secure collaboration platforms, ensures progress updates, technical issue resolution, and discussion of findings, such as EHR copy-and-paste errors. Automated dashboards provide real-time audit insights, allowing entities to address discrepancies before they escalate. This dialogue demonstrates compliance commitment, aligning with CMS’s 2026 audit timeline. (CMS Press Release).
Maintain Auditor Independence
Auditor independence is essential for credible Medicare Advantage audits, particularly as CMS’s AI technologies demand unbiased HCC validation. (CMS Press Release). Independent auditors ensure objective assessments, critical when AI flags discrepancies in high-risk diagnoses like embolism or breast cancer, often perpetuated by EHR copy-and-paste errors. (OIG Report). AI-driven audit tools, such as blockchain-based audit trails, maintain a tamperproof record of reviewer actions, ensuring impartiality per 42 CFR § 422.310(d)(1). Auditors must follow ethical guidelines, avoiding conflicts that could compromise objectivity. Entities should provide unaltered records, as AI’s pattern recognition can detect tampering or copied irrelevant diagnoses. Independence reinforces audit integrity and builds regulator trust, essential under CMS’s scrutiny.
Audit with Education in Mind
Audits should prioritize physician education, leveraging AI to deliver precise insights while addressing EHR misuse risks. Auditors should produce two reports: one meeting CMS’s compliance standards and another with detailed comments explaining findings, such as unsupported diagnoses like vascular claudication copied from prior EHR entries. (OIG Report). AI tools, including natural language processing and deep learning, analyze unstructured EHR data to identify documentation gaps, such as missing face-to-face encounter evidence, generating comments in milliseconds. (CMS Press Release). These comments should clarify why a diagnosis was unsupported—for example, a historical prostate cancer code copied without active treatment—and recommend EHR practices, like disabling auto-copy features or flagging outdated codes. AI-driven chatbots can provide real-time guidance to physicians during documentation, reducing errors. Embedding these insights into reports helps entities design education programs emphasizing EHR training, aligning with CMS’s coding accuracy expectations and reducing future errors.
Investigate HCC Code Origins
Investigating HCC code origins is paramount as CMS’s AI traces diagnoses across EMRs, CMS Form 1500, and invoices with high precision. (CMS Press Release). Auditors must verify EMR diagnoses align with physician notes, ensuring HCCs are substantiated by face-to-face encounters, especially for high-risk codes like acute heart attack or colon cancer. (OIG Report). A major risk is physicians copying outdated diagnoses in EHRs, such as a resolved acute stroke reported as active, which AI’s semantic analysis flags by comparing note content to code submissions. Auditors should use AI-powered data linkage tools to review CMS Form 1500 and invoices, tracing code entry to detect fraud or errors from copied codes. For example, graph databases can map relationships between codes, providers, and encounters, revealing anomalous patterns. This approach ensures compliance and prepares entities for CMS’s audit capabilities, underscoring the need for EHR training to eliminate copy-and-paste errors.
Complete Audits Early
Completing Medicare Advantage audits ahead of schedule allows entities to address AI-flagged errors, demonstrating proactive compliance. Early completion provides time to correct discrepancies, such as invalid credentials or copied diagnoses like lung cancer without active treatment, identified by CMS’s predictive models. (OIG Report; CMS Press Release). A cover letter noting initiated EHR-focused education signals commitment, enhancing regulatory presentation. AI-driven workflow automation streamlines audit tasks, enabling early submission. This aligns with CMS’s 2026 timeline, preparing entities for rapid cycles. Early completion builds regulator confidence, reducing penalty risks under CMS’s scrutiny.
Education
Delivering Findings
Delivering audit findings to physicians requires clarity, using AI-generated insights to foster accountability. Auditors should present results in a structured format, explaining errors like copied outdated codes, such as major depressive disorder, detected by CMS’s analytics. (OIG Report; CMS Press Release). AI-powered dashboards visualize errors and corrections, making findings accessible and encouraging physician buy-in. Discussions emphasize EHR best practices to avoid perpetuating irrelevant diagnoses. Clear communication translates findings into actionable change, aligning with CMS’s physician responsibility focus.
Physician Review
Physicians must review AI-generated audit comments to correct errors, supported by technology insights. Miscoded diagnoses like vascular claudication, often from copied historical codes, require targeted feedback review. (OIG Report). CMS’s AI highlights EMR discrepancies, ensuring physicians understand unsupported diagnoses. (CMS Press Release). Annotated reports clarify invalid codes, emphasizing EHR navigation skills. Structured review sessions foster learning, reducing error recurrence. This ensures physicians internalize lessons, enhancing compliance.
Institutional Policy Development
Entities must update policies to address deficiencies, leveraging AI to identify gaps. Policies should specify documentation standards for high-risk diagnoses like acute stroke and include EHR guidelines to prevent copy-and-paste errors. CMS’s analytics pinpoint issues, guiding policy updates. (CMS Press Release). Regular reviews ensure alignment with evolving expectations. Codified standards institutionalize compliance, supporting physicians. Updated policies reduce audit risks by promoting consistent documentation.
Tailored Education
Physician education must target errors, prioritizing EHR training to eliminate copy-and-paste issues. High-risk diagnoses like lung cancer, miscoded due to copied historical codes, require training on verifying active conditions. (OIG Report). AI identifies error patterns, supporting e-learning modules and case studies. (CMS Press Release). Training includes coding exercises and EHR tools like diagnosis verification prompts. Tailored programs correct deficiencies, aligning with CMS’s standards. This reduces audit risks, fostering compliance.
Conclusion
CMS’s AI and advanced technology revolutionize Medicare Advantage audits, detecting nearly all compliance issues. (CMS Press Release). Entities must adopt proactive strategies—establishing standards, communicating regularly, ensuring independence, auditing with education in mind, investigating code origins, completing audits early, and delivering EHR-focused education—to address risks in high-risk diagnoses like acute stroke and cancers. (OIG Report). These considerations mitigate penalties, improve documentation, and uphold Medicare Advantage program integrity. As CMS’s capabilities evolve, these practices are critical for physicians to meet expectations and deliver high-quality care.
Endnotes
1. CMS Press Release, “CMS Rolls Out Aggressive Strategy to Enhance and Accelerate Medicare Advantage Audits” (May 21, 2025) (hereafter referred to as CMS Press Release), available at https://www.cms.gov/newsroom/press-releases/cms-rolls-out-aggressive-strategy-enhance-andaccelerate-medicare-advantage-audits#:~:text=Workforce%20Expansion%3A%20CMS%20will%20increase,flagged%20diagnoses%20to%20ensure%20accuracy.
2. HHS-OIG Report, Medicare Advantage Compliance Audit of Specific Diagnosis Codes That Keystone Health Plan East, Inc. (H3952) Submitted to CMS (May 2023), A-03-20-00001, p.4 (hereafter referred to as OIG Report), available at https://oig.hhs.gov/documents/audit/6851/A-03-20-00001-Complete%20Report.pdf.
