March 17, 2026

Why Risk Adjustment Documentation Must Withstand False Claims Act Scrutiny

Risk Adjustment Is Now a Compliance Issue

Risk adjustment has evolved beyond a financial strategy into a core compliance concern. Under the False Claims Act (FCA), unsupported or inaccurately reported diagnoses can lead to audits, retrospective recoupments, penalties, and reputational risk. As scrutiny increases, organizations must ensure that every reported condition is supported by clear, current, and clinically valid documentation and not just assumed accuracy.

Recent enforcement activity reinforces this shift. For example, Aetna recently reached a settlement related to allegations of overpayments tied to overcoding and overreporting in its Medicare Advantage plan highlighting how risk adjustment practices are increasingly being evaluated through a compliance and legal lens.

Unsupported HCCs Increase FCA Exposure

Hierarchical Condition Categories (HCCs) are essential to risk adjustment, but they also create compliance exposure when documentation does not support them in the current year. Diagnoses that lack clinical validation, specificity, or evidence of active management may be interpreted as false claims. Common risk areas include carried-forward conditions, incomplete documentation, and missing linkage between diagnosis and care. In these scenarios, documentation is the primary defense for organizations.

Overstated Risk Scores Lead to Financial Risk

When risk scores are inflated due to unsupported diagnoses, overpayments can occur. If those diagnoses cannot be substantiated during an audit, repayment demands and penalties often follow. As seen in cases like Aetna, these financial impacts do not always stop at the payer level. Repayment and audit pressure can extend downstream to providers, along with increased scrutiny and potential contractual exposure.

Model Changes Are Raising the Stakes

The transition from V24 to V28 and other model updates have increased the level of specificity required for accurate reporting. These changes reduce tolerance for vague or incomplete documentation and make it more difficult to defend reported conditions without detailed clinical support. As a result, organizations that fail to adapt their documentation practices face greater audit vulnerability.

Data Gaps and Variability Create Exposure

In addition to appropriate documentation practices, defensible risk adjustment depends on alignment across EHRs, claims, and analytics systems. When data is fragmented, organizations struggle to validate diagnoses and respond to audits efficiently. At the same time, variability in provider documentation creates inconsistent risk profiles, making it easier for auditors to identify patterns of potential noncompliance.

Audit Readiness Requires Clear Evidence

Audit readiness depends on the ability to produce traceable, contemporaneous documentation supporting each reported condition. This includes evidence of evaluation, monitoring, or treatment, along with specificity that aligns with current model requirements. Without this level of support, even clinically accurate diagnoses may not be considered compliant.

FCA risk is not about intent, it is about whether documentation can withstand scrutiny. Organizations must ensure that risk scores accurately reflect the care delivered and that every reported condition is fully supported. Strengthening documentation practices is essential to reducing audit exposure, maintaining compliance, and protecting revenue integrity.