904-794-7830

[email protected]

Ongoing Federal Audit & Enforcement Trends

MS and MSOs Beware

What Every MA Partner, Provider, and MSO Needs to Know in 2025

If you’re in healthcare—especially if you’re working with Medicare Advantage (MA) plans or supporting them through billing, coding, or administrative services—you’ve probably felt it: audits are ramping up. And it’s not just a few random checks anymore. The federal government is launching one of its most aggressive oversight campaigns to date.

Let’s walk through what’s happening, what it means for your organization, and what smart teams are doing to stay ahead.

CMS Isn’t Playing Around Anymore

Here’s the big headline: CMS is no longer auditing a small sample of Medicare Advantage plans. It’s now auditing all of them—every year.

In May 2025, CMS officially announced that it would begin annual audits for all eligible Medicare Advantage contracts, up from just 60 plans per year to over 550.

Even more, CMS plans to clear its backlog of audits from 2018 through 2024 by early 2026.

What Are RADV Audits—and Why They Matter Now

At the heart of these audits is something called RADV, or Risk Adjustment Data Validation.

CMS uses RADV audits to verify that the diagnoses submitted by MA plans are accurate, current, and backed by clinical documentation. These diagnoses directly affect how much the plan is paid. More diagnoses = higher reimbursement. But if those diagnoses aren’t real or properly documented? CMS wants their money back.

What RADV Audits Include:

  • A random sample of patient records
  • Requests for medical records supporting each diagnosis
  • A review by coders to confirm the diagnoses meet CMS rules
  • An error rate calculated based on what’s unsupported
  • As of payment year 2018, CMS has been extrapolating audit findings. This means if 10% of reviewed claims are wrong, CMS can apply that error rate to the entire population—resulting in much larger recoupments.

A few mistakes can now turn into millions in recoupment.

CMS Is Bringing In Bigger Teams and Smarter Tools

Here’s what we know:

  • The audit workforce is growing from 40 to 2,000 medical coders by September 2025.
  • They’re pulling 35 to 200 records per plan, depending on size.
  • AI technology is now being used to flag unsupported diagnoses. This shows how serious CMS is. They’re using AI tools to detect unsupported diagnoses, which are codes submitted without proper documentation.
  • As of payment year 2018, CMS has been extrapolating audit findings. This means if 10% of reviewed claims are wrong, CMS can apply that error rate to the entire population—resulting in much larger recoupments.

This isn’t a simple paperwork review. It’s targeted and sophisticated and means that a few documentation errors could now lead to millions in overpayment recoupments.

MSOs Are Front and Center—Like It or Not

MSOs help Medicare Advantage plans by submitting diagnosis-based claims, managing coding, and handling admin tasks. But now, CMS, the DOJ, and the Office of Inspector General (OIG) are auditing MSOs directly, not just the health plans.

Today, CMS and federal enforcement agencies see MSOs as active players in risk adjustment and claims processing. If your MSO is tied to coding errors or unverified diagnoses, your organization could be on the hook—even if the MA plan is the official contractor.

Look at it this way, if an audit shows unsupported or incorrect diagnoses, the financial clawbacks could impact both the MA plan and the MSO that handled the coding. Legal experts are warning that MSOs could face penalties or False Claims Act allegations if tied to overbilling, poor documentation, or vendor missteps. Extrapolated findings and clawbacks could impact the MA plan and the MSO, especially when the coding came from MSO systems or staff.

DOJ and OIG Are Holding Everyone Accountable

The Department of Justice (DOJ) and Office of Inspector General (OIG) are focused on fraud, waste, and abuse in Medicare Advantage—and that includes third-party vendors. As related to this topic it mean that the DOJ is actively investigating billing fraud, kickback arrangements, and inaccurate diagnoses related to MA plans. Settlements in 2024 and 2025 show they’re holding vendors and MSOs accountable, not just insurers. Keep this in mind: if your company contributes to false claims, you can and will be held responsible.

In other words, if you’re a third-party vendor, MSO, or IT partner—if you touch Medicare data—you’re now part of the liability chain.

Even Lab Tests and CPT Codes Are Under Fire

Think this is all about big insurance plans? Think again.

The OIG’s 2025 Work Plan includes a deep dive into the top 25 lab tests by Medicare cost, including CBCs, A1c, lipid panels, and toxicology codes like G0480–G0483. They’re reviewing frequency, documentation, and whether those tests were medically necessary.

Here’s more information about what’s being flagged:

  • Modifier 91 – Repeat Lab Test. This modifier is used when a test is repeated on the same day for medical reasons, not because of lab error. For example, a glucose level is tested in the morning and again in the afternoon to monitor a diabetic patient. The reason this test is flagged is because overuse or misuse of this code can suggest billing the same test twice for extra reimbursement without clinical justification.
  • Modifier 59 – Distinct Procedural Service. Used to show that two procedures billed on the same day were separate and medically necessary. In this case, a valid example could be a skin biopsy and lesion removal done at different sites on the same day. However, modifier 59 is frequently flagged in audits for “unbundling” services that should have been billed as one. Overuse is a red flag.
  • Toxicology codes G0480–G0483. These codes relate to definitive drug testing using mass spectrometry. These tests are expensive and easy to overuse—especially in pain management or behavioral health settings. Billing high-level tests like G0483 on nearly every patient, without documentation, is a red flag for auditors. The table below provides a brief description of each code.

Code

Number of Drug Classes Tested

G0480

1–7 drug classes

G0481

8–14

G0482

15–21

G0483

22 or more

So What Can You Do?

This level of scrutiny can feel overwhelming—but there’s good news: you can prepare. Here are a few action steps we recommend:

Run quarterly internal audits. Catch problems before the government does.
Use certified coders and AI review tools. Clean data = lower risk.
Review your contracts. Make sure responsibilities are clear between you and any MA plan or vendor.
Train your team. Everyone should know how to respond during an audit.
Track enforcement news. Staying informed helps you stay ahead.

How We Help at Taino Consultants and EPI Compliance

At Taino Consultants, we’ve been helping healthcare organizations prepare for federal audits for decades. Whether you’re a provider group, MA plan, or MSO, we’ll help you strengthen your compliance program, conduct internal reviews, and get your documentation in shape.

EPI Compliance provides the technology tools to support it all—secure documentation, coding review modules, risk alerts, and staff training systems designed specifically for federal compliance in healthcare.

Together, we help organizations move from “reactive” to “ready.”

Final Thought

The message from CMS and the DOJ is clear: everyone involved in Medicare Advantage must be accountable. These audits are not random, and they’re not slowing down.

Whether you’re a frontline provider, a billing vendor, or part of an MSO team, now’s the time to reinforce your compliance foundation. The organizations that prepare in advance will be the ones that come through these audits strong and secure.