Dr. Oz Launches New Era of Scrutiny of Medicare Advantage Overpayments

When President Trump announced he would appoint Dr. Mehmet Oz to lead the Centers for Medicare & Medicaid Services (CMS), observers quickly identified Dr. Oz’s support for Medicare Advantage (MA) as one of the few health policy positions that the surgeon and former talk show host had staked out. Industry expectations that Dr. Oz would take it easier on MA plans than prior CMS administrators, however, now seem overblown.

In one of his first actions related to MA, Dr. Oz issued a on May 21, 2025 that announces much more extensive audits to identify federal overpayments to MA plans than has ever previously been attempted. According to the release, CMS plans to begin “immediately” auditing all eligible MA contracts—until now, CMS had audited no more than 60 a year, and audits have taken more than a decade to complete.  

These audits, known as Risk Adjustment Data Validation (RADV) audits, determine the accuracy of risk-adjustment data supplied by MA plans and whether diagnoses are appropriately supported by providers’ medical records. Because federal payments to MA plans are risk-adjusted, the sicker the patient appears in the data, the higher the payments to the MA plan. Thus, the RADV auditing process serves to confirm whether MA plans are correctly paid.

Now, citing a commitment to “crushing fraud, waste and abuse,” CMS plans to rapidly expand the pace and scope of RADV reviews. The announcement projects that CMS will complete all remaining RADV audits for payment years 2018 through 2024 by early 2026. To do so, CMS will employ “enhanced technology,” suggesting the use of artificial intelligence (AI) in the agency’s reviews of diagnoses and medical records. Dr. Oz has previously embraced AI as a key tool to root out fraud, waste and abuse in federal health care programs.

The technology will be bolstered by workforce expansion, raising the number of medical coding professionals involved in RADV audits from 40 to 2,000 by September, a huge and surprising expansion at a time of massive layoffs elsewhere in the Department of Health and Human Services.

CMS projects these enhanced capabilities will allow it to accelerate the pace of reviews and expand their scope—the press release predicts CMS will audit all eligible plans for each year (about 550). Additionally, for each plan, CMS will increase the number of records reviewed from the current 35 each, to a range of 35 to 200 depending on plan size.

The acceleration of RADV audits, and the particular attention to audits for payment years 2018 through 2024, may expose plans with poor audit findings to significant financial liability. In a 2023 regulation, CMS said it would “extrapolate” the results of the individual medical records identified as erroneous to the contract as a whole, beginning with the 2018 audits. That is, rather than reverse and recoup payments associated with specific members whose diagnoses were erroneous or unsupported, CMS will recoup a much larger sum from plans on the presumption that the error rate from that small sample is representative of the error rate among all diagnoses submitted for all beneficiaries. The press release confirmed CMS’s intent to extrapolate from audit results and, by accelerating the payment year 2018 to 2024 audits, CMS seems poised to quickly recoup extrapolated sums. Ongoing litigation in federal district court in Texas challenges CMS’s ability to extrapolate from the RADV audits, so this may be far from the last word on this issue.

Regardless of the fate of extrapolation, these newly extensive CMS RADV audits join ongoing scrutiny of MA plans from Office of Inspector General audits, as well as whistleblower and Department of Justice actions under the False Claims Act.

Therefore, all MA plans need to be ready for intense scrutiny:

• Plans should evaluate their risk adjustment data collection and provider coding practices to minimize the coding errors that may be identified in audits, especially smaller regional plans that might not have faced regular RADV audits in the past.
• Plan compliance efforts that identify unsupported codes, especially systemic problems, should be addressed promptly, including through appropriate deletes from risk adjustment submissions.
• Provider network contracting and risk-sharing arrangements should be evaluated in the context of risk adjustment data collection compliance. Careful attention should be paid to whether the arrangement financially incentives a provider to “find” diagnoses; if so, plans should perform additional monitoring of those data collection processes.
• Plan accountants and actuaries should re-evaluate how they project the results of RADV audits in their financial results and in MA bids.
• Plans should scrutinize CMS auditing practices, including potential use of AI tools, to identify flaws in CMS’s methodology or the AI itself for potential legal challenges.

There are many reasons, good and bad, why RADV audits have taken as long to complete as they have. The announcement that CMS expects to complete so many more audits rapidly indicates that CMS intends to take a completely different approach from past audits. MA organizations will need to watch closely.