Five Signs Your Risk Adjustment Program Was Designed for a Regulatory Era That’s Over

The Five Warning Signs

Health plan leaders don’t always recognize when their risk adjustment program has fallen out of alignment with the current regulatory environment. The program generates revenue. The coding team stays busy. The quarterly reports show codes submitted. Everything looks operational. The problems surface during audits, investigations, or settlements, not during routine operations.

These five indicators suggest a program was designed for a regulatory era that ended in 2025. Any one of them warrants investigation. Multiple indicators together signal urgent restructuring.

Sign One: Your Program Only Adds Codes

If your retrospective chart review produces additions and zero deletions across consistent review volumes, you’re running an add-only program. OIG’s February 2026 guidance named this as a high-risk practice. The DOJ’s Aetna settlement ($117.7 million, March 2026) specifically targeted an add-only chart review program. CMS monitors for the population-level coding asymmetry that add-only programs produce. If your deletion rate is zero or near-zero, that’s the first sign your program predates the current enforcement standard.

Sign Two: Your Evidence Trail Is a Spreadsheet

If the output of your coding process is a spreadsheet listing member IDs, diagnosis codes, and HCC numbers without documented clinical evidence for each code, your evidence trail won’t survive an audit. CMS expects to see which clinical note supported the diagnosis, which MEAT criteria were satisfied, and how the coding decision was made. A spreadsheet with codes and no evidence documentation is a submission record, not a defense.

Sign Three: Your AI Can’t Show Its Work

If your technology produces coding recommendations but can’t demonstrate the reasoning behind them, you have an explainability gap. CMS’s January 2026 HPMS memo specified that AI should serve as a “medical coder support tool” with human final determinations. If your compliance team can’t audit the AI’s decision-making process, you can’t verify it’s applying current MEAT standards, current V28 mappings, or current documentation quality thresholds. Opaque AI was acceptable when enforcement was light. It’s a governance failure now.

Sign Four: Your Coders Are Measured Only on Volume

If performance metrics track codes added and RAF uplift without measuring accuracy, defensibility, or deletion rates, the incentive structure rewards the wrong behavior. Coders will optimize for whatever they’re measured on. Volume-only metrics produce volume-optimized output, which is the exact coding pattern that generated the Kaiser and Aetna settlements. Programs designed for compliance measure quality alongside quantity.

Sign Five: You Can’t Score Your Own Defensibility

If your organization can’t produce a defensibility score for its submitted HCCs, showing what percentage have strong MEAT evidence, what percentage are marginal, and what percentage are unsupported, you’re operating without visibility into your own risk exposure. Plans that can’t quantify their audit readiness are carrying unquantified liability on their balance sheet.

What to Do About It

Each of these signs points to the same underlying issue: the program was optimized for revenue capture in a low-enforcement environment. The current environment demands optimization for defensibility. Any Risk Adjustment Solution deployed going forward must address all five: two-way coding, evidence-based documentation, explainable AI, quality-weighted metrics, and defensibility scoring. Programs that exhibit these warning signs aren’t just outdated. They’re actively generating the regulatory exposure that nine-figure settlements are made of.