Protecting Your Practice from Payer Recoupments

If you think audits are a payer problem, you’re delusional. In 2025 CMS announced an aggressive expansion of Medicare Advantage audits and fast-tracked RADV backlogs — that’s a direct upstream risk to practices, especially those in risk-sharing arrangements or that bill MA patients. You must run proactive coding audits — Protecting Your Practice from Payer Recoupments not to play defense after a notice, but to find problems, fix them, and insulate your revenue now. 

How a Proactive coding Audit works?

A proactive coding audit is a routine, systematic chart-review program that does four things well: (1) measures code accuracy against the documentation, (2) finds documentation gaps that create audit exposure, (3) spots recurring coder and provider mistakes, and (4) produces corrective action — training, CDI queries, and EHR fixes. The real objective is to make your coding defensible in an extrapolation exercise and to close holes before a payer finds them.

Why do this in 2026 Specifically?

This isn’t fearmongering — it’s calendar watching. CMS has publicly committed to auditing every eligible Medicare Advantage contract annually and to clear the RADV backlog for payment years 2018–2024 by early 2026. That means more plans will be audited, those audits will have larger record samples, and any overpayments found will be pursued more aggressively. Plans that suffer large extrapolated overpayments have every incentive to protect margins — and many will pass recoupment risk down to network partners and risk-sharing providers. You can either wait for a demand letter or make the fixes before the auditor shows up. 

On top of that, FY-2026 ICD-10/RAF mapping and code changes shifted how diagnoses map to HCCs — unspecified or vague documentation that might have been tolerated previously could stop mapping and suddenly deflate RAF. Proactive audits give you time to adapt templates and provider habits to the new mapping rules. 

How to design a cost-effective, high-impact proactive audit program?

Below is a practical blueprint you can implement without hiring an army. The emphasis: do the minimum work that gives the maximum protection.

1) Scope: pick the right target areas

Start where the money and risk meet.

Practical priority list:

• HCC capture accuracy and specificity (chronic conditions, stages, laterality).
  
• Outpatient E/M leveling errors (where small documentation gaps change payment).
  
• High-dollar/procedure CPTs (things that trigger high audit attention).
  
• Codes or providers with recent spikes in denials.
  

Don’t audit every chart — audit smart. Focus on areas that move RAF, create large dollar exposure, or historically fail in RADV reviews.

2) Sampling: statistically defensible but brutally practical

You don’t need perfection; you need repeatable, defensible results.

A practical sample mix:

• High-value outliers: top 5% of paid claims by dollar value in the last 90 days.
  
• Rotating random sample: 10–20 charts per provider each month (rotate providers to cover everyone quarterly).
  
• Focused investigative samples: if denials spike, pull a targeted sample around that CPT/diagnosis.
  

If a plan or auditor later asks how you sampled, you should be able to show the logic. Stratified sampling — mixing random and risk-based cases — is both defensible and action-oriented.

3) Use a standardized audit tool & scoring rubric

Build one clean, one-page audit form. The goal is consistency.

Required fields (example):

• Chart ID, DOS, provider, payer (MA vs commercial), setting.
  
• Diagnosis(es) reviewed and whether documentation supports the code.
  
• Code billed vs code supported (yes/no).
  
• Documentation gap % (simple rubric: 0 = fully supported, 1 = minor missing element, 2 = insufficient for code).
  
• Estimated dollars at risk.
  
• Recommended action (CDI query, coder correction, provider training).
  
• Final score (0–100).
  

Score every chart numerically so you can trend individuals, teams, and error types.

4) Pair audits with concrete CDI intervention

Audits alone are paperwork. The value is in the remediation loop.

When an audit shows a missing element, trigger one of three actions:

• Immediate CDI query — if documentation omission can be corrected reliably. Use templated, compliant query language.
  
• Coder correction — if the documentation supports a different code.
  
• Provider coaching — if the issue is documentation habit (e.g., missing CKD stage).
  

Closing the loop in 14–30 days matters. If you only log problems and never fix them, you’ve wasted money.

5) Monthly KPI dashboard & corrective action

Make metrics that mean something.

Track these KPIs monthly:

• Coding accuracy rate (%) by category (HCC, E/M, procedures).
  
• Dollars at risk (estimated).
  
• Repeat error rate by provider/coder.
  
• Time from audit finding to remediation.
  
• Post-remediation re-audit pass rate.
  

If a category drops below your threshold (I use 95% as a hard threshold for most categories), require a corrective action plan — not a lecture, a plan with dates, owners, and measurable targets.

6) Provider engagement — the only non-optional part

If you punish or shame, providers will hide or push back. Do this right:

• Present aggregated, anonymized findings first. Show trends and examples.
  
• Use case examples (redacted) that teach, not embarrass.
  
• Offer short, focused coaching tied to clinician pain points (workflow, time, templates).
  
• Make improvement measurable and public to the practice leadership — not punitive, but not optional.
  

Trust is the bridge you need to get providers to change documentation behavior. But be firm: improvement is required, not “suggested.”

Sample Audit Checklist for Payer Recoupments

Use this as a one-page crib sheet for auditors:

• Is the diagnosis documented clearly and linked to the visit?
  
• Does the note support the E/M level selected (history, exam, MDM elements or time)?
  
• Are chronic conditions recorded with sufficient specificity for HCC mapping (e.g., CKD stage, type of diabetes with complications)?
  
• Are required elements for high-risk codes present (staging, labs, imaging with dates)?
  
• Are modifiers justified and documented?
  
• Is there contemporaneous documentation (signed/dated within acceptable time window)?
  
• Is the problem list consistent with the visit documentation and reconciled in the chart?
  

Keep it short; the goal is to make consistent, fast calls.

Remediation and training that actually works

Forget multi-hour seminars. Use targeted micro-learning and enforcement.

• Weekly micro-training (10–15 minutes): target the top three recurring errors. Do it at huddle time or via a 10-minute video. Short, practical, and repeatable beats long one-offs.
  
• Provider scorecards: deliver monthly, with a 90/30/10 rule: 90% aggregated, 30% suggested actions, 10% mandatory remediation items. If a provider is on a repeat offender list, require a documented improvement plan.
  
• EHR templates & smart-phrases: change the environment. Add prompts like “CKD stage (I–V/ESRD): _____” or “Diabetes: type ____; complications ____.” Make the right documentation the path of least resistance.
  
• Post-audit rechecks: after remediation, run a smaller follow-up sample for the same provider in 30–60 days. No improvement? Escalate (leadership review, performance plan).
  

The single biggest ROI move is forcing immediate small changes to the EHR that prompt clinicians at point of care.

Example: How this stops extrapolated recoupments

RADV audits and similar plan audits can extrapolate findings from a small sample to a large population. If your audit fixes a pattern that would otherwise fail in a RADV sample, the downstream benefit is huge — avoiding a single extrapolated recoupment of tens or hundreds of thousands of dollars. In many practices, preventing one such event more than pays for an internal audit function. CMS has increased both the number of audits and the number of records reviewed per plan — the odds of being hit with a material extrapolation have risen. 

Cost vs benefit — be realistic

The math is simple: a lightweight proactive audit program (a part-time senior auditor or vendor, plus CDI support and EHR tweaks) costs orders of magnitude less than even one medium recoupment. Put numbers on the table:

• Cost example (conservative): $60k/year for a part-time auditor + $20k/year for EHR template work + $30k for CDI time = ~$110k.
  
• Benefit example: prevention of a single $50k recoupment already offsets costs; prevention of one extrapolated recoupment of $200k–$500k is obvious ROI. Add improved collections and fewer appeals, and the program is net positive within months.
  

But don’t treat this as purely financial — the non-financial benefits matter: fewer audits, less operational distraction, and lower legal/compliance risk.

Implementation Roadmap for Protecting Practices

If you want something executable, do this:

Days 1–14: scope and baseline. Pull recent claims, identify top-risk CPTs/HCCs, pick 3 providers as pilot.

Days 15–30: build audit tool, define sampling rules, train 1–2 auditors.

Days 31–60: run first pilot (50–75 charts), produce provider scorecards, implement EHR quick fixes.

Days 61–90: scale to full provider cohort, implement weekly micro-training, set KPI dashboard, schedule re-audit cycles.

No perfection here — you need a working loop in place quickly.

Most Practices Screw up three predictable things

Be honest about these and solve them:

1. They audit but don’t close the loop. Findings sit in a spreadsheet and change nothing. Close the loop with CDI queries, EHR edits, and re-audits.
   
2. They blame coders and ignore providers. Many problems are documentation habits. Coaching providers moves the needle more than firing coders.
   
3. They don’t quantify dollars at risk. Without an estimated $ at risk column, audits look academic. Tie findings to dollars and leadership will act.
   

Fix these three and your program will be ahead of 90% of peers.

Policy note — what to watch in 2026

• RADV scale-up and backlog clearance: CMS publicly committed to expanding RADV audits and to completing its backlog for PY 2018–2024 by early 2026 — expect sharply increased scrutiny.
  
• Larger record samples: CMS and industry guidance note an increase in records per plan (historically ~35; new ranges up to ~200 have been discussed), which raises the odds of provider-level documentation being sampled.
  
• ICD-10 and mapping updates for 2026: FY-2026 code updates and mapping changes mean unspecified documentation can cost RAF points. Review the CMS 2026 model mappings and ICD-10 guidance and adjust templates accordingly.
  
• Recoupment pass-through risk: If you participate in risk-sharing or value-based contracts, plans may pass recoupments through to providers depending on contract language — understand your contract now.

Final Checklist:

• Pull 90 days of MA claims and identify top 10 HCCs and top 10 high-dollar CPTs.
  
• Kick off a pilot audit (50–75 charts) focused on HCC specificity and E/M support.
  
• Fix top three EHR templates to require the specific elements you miss most (e.g., CKD stage, diabetes type and complications).
  
• Schedule a 15-minute micro-training next week on the one error type that appears most in pilot charts.
  
• Produce a dashboard template that shows accuracy rate, dollars at risk, and time to remediation.
  

Conclusion:

You’re not going to eliminate audits. You can, however, make them painful for auditors and expensive for payers to challenge you on. That’s the point: make your coding and documentation defensible, measurable, and continuously improving. If you act now — with focused audits, CDI closure, fast EHR fixes, and provider accountability — you’ll survive RADV’s expanded scope and limit whatever recoupments come your way.

ALSO READ – Decoding CPT: Your Guide to Codes and Regulations 2024