Governance at Scale: How Health Plans Should Risk-Tier Their LLMs

Governance at Scale

As artificial intelligence reshapes healthcare operations—from member outreach to risk adjustment—health plans face a pivotal question: how to harness large language models (LLMs) safely and strategically. The answer lies in robust governance that tiers each model based on its capacity, accuracy, bias risk, and regulatory exposure.

The Landscape: Capabilities Without Guarantees

Large language models have emerged as versatile tools capable of generating fluent, contextually rich content and responding to queries across a wide spectrum of domains. Some models excel in conversational fluency, while others focus on delivering traceable, source-backed answers. However, fluency and technical metrics like perplexity—which measure how well a model predicts the next word in a sequence—do not guarantee factual reliability, safety, or fairness.

While these models demonstrate strong baseline performance, they can generate incomplete, outdated, or hallucinated content. A 2023 Stanford study found that some models hallucinated in over 20% of healthcare-related outputs, particularly when asked to summarize or recommend treatments¹. These shortcomings make rigorous evaluation and governance essential when applying LLMs in healthcare, where the stakes include patient safety, regulatory compliance, and operational integrity.

Strengths and Limitations in a Healthcare Setting

Clinical studies and operational evaluations suggest that general-purpose LLMs show promising results in areas like patient communication, decision support, and knowledge synthesis. However, assessments also reveal inconsistencies in accuracy, response variability, and hallucination of data or references. A Mayo Clinic review found that only 59% of model-generated clinical advice aligned with actual medical guidelines when left unchecked ². Models often struggle with nuance in medical context or decision-making logic, and may underperform in real-world clinical alignment.

These limitations reinforce a critical truth: even the most sophisticated LLMs must be carefully validated and monitored, particularly when integrated into healthcare workflows that impact diagnoses, treatments, or member experiences.

A Regulatory Horizon: LLMs as High-Risk Medical Tools

Governance is becoming non-negotiable. The FDA’s AI/ML Action Plan calls for lifecycle monitoring, model versioning, and real-world performance auditing. The European Union’s AI Act classifies healthcare-related AI as "high-risk," and evolving HIPAA interpretations increasingly cover algorithmic transparency and data traceability.

A Deloitte report from 2023 found that 71% of healthcare executives believe AI regulations will significantly affect future digital strategies, particularly around LLM use³. For health plans, this means implementing a rigorous framework that risk-tiers LLMs based on their application, capability, and potential for harm.

A Four-Tier Risk Framework for Health Plan LLMs

Mizzeto proposes a structured tiering model aligned with payer priorities in compliance, automation, and member impact.

Tier 1: Advisory or Information Retrieval

Tier 1 includes models used for non-clinical functions such as internal knowledge bases, FAQ bots, and general education. These applications typically present minimal risk, as they do not influence care decisions or involve sensitive data handling. The primary concerns here are outdated content and potential inaccuracies, which can usually be mitigated with well-defined content review cycles.

Governance strategies at this level should focus on basic controls: logging user interactions, conducting periodic accuracy audits, and performing Privacy Impact Checks (PICs) to ensure no protected health information (PHI) is inadvertently introduced. These models are well suited for provider self-service portals, employee onboarding, and low-risk internal search applications.

Tier 2: Administrative Automation

Tier 2 applies to models assisting with operational workflows such as claims triage, prior authorization support, and provider communications. These models play a more active role in administrative decision-making, which introduces a higher risk of downstream impact. Errors at this level could lead to incorrect approvals, delays in processing, or provider dissatisfaction.

Due to this elevated risk, governance must include human-in-the-loop oversight for high-stakes outputs. Logs should capture both prompts and model responses, and performance monitoring should track error rates, bias, and hallucination frequency. Following NIST-aligned frameworks, health plans should incorporate calibration tests to measure overconfidence in outputs and reduce automation bias.

Tier 3: Clinical-Support Applications

This tier includes use cases that directly assist clinical staff or members in understanding care options, interpreting medical information, or identifying risk factors. These models often influence—but do not finalize—care decisions. Because they operate in a high-stakes domain, even small inaccuracies or biases can disproportionately affect health outcomes or erode trust.

Effective governance in Tier 3 requires multiple layers of human review, ideally involving clinicians who can assess content accuracy and relevance. Models should be stress-tested using adversarial techniques to detect vulnerabilities such as data poisoning or performance degradation over time. Additionally, governance must track model provenance, enforce version control, and implement audit trails aligned with FDA and NIST guidelines.

Tier 4: Regulated Diagnostic or Therapeutic Support

The highest tier is reserved for models that directly assist with diagnosis, treatment planning, or other regulated medical functions. These systems are considered Software as a Medical Device (SaMD) and must comply with FDA clearance pathways, such as 510(k) or De Novo classifications. They are subject to the highest scrutiny due to their potential to directly impact patient care.

Governance in Tier 4 must be rigorous and comprehensive. This includes validated performance benchmarks, adherence to GxP practices, explainability standards, and the ability to override model recommendations in real time. These systems also require continuous real-world monitoring to ensure safety and effectiveness, as well as extensive bias testing to ensure equitable performance across diverse populations. Only models that have met these stringent requirements should be deployed in high-impact diagnostic or therapeutic environments.

Why Tiering Matters for Health Plans

A tiered governance model offers multiple strategic advantages. It enables fast rollout of low-risk tools while dedicating due diligence to high-risk applications. It ensures compliance with regulatory bodies like the FDA and aligns with global standards such as the EU AI Act. Most importantly, it focuses oversight where it matters most—on applications where errors can cause harm.

Health plans can operationalize this framework by cataloging LLM use cases and mapping them to the appropriate tier. Governance committees—spanning compliance, clinical, and IT—can establish playbooks, monitoring protocols, and update cadences. Dashboards tracking hallucination rates, bias drift, and PHI leakage support transparency and continuous improvement. This governance strategy dovetails with Mizzeto’s core philosophy: Protect People, Prioritize Equity, and Promote Health Value.

Additionally, implementing this model encourages a culture of responsible innovation. It gives organizations a structured way to experiment with new LLM applications while minimizing exposure to risk. Teams across legal, compliance, product, and data science can speak a common governance language, ensuring that development velocity doesn’t outpace safety and trust requirements.

Mizzeto has already begun implementing this governance model at scale for a Fortune 500 healthcare company, supporting LLM deployment across multiple departments including claims operations, care coordination, and digital member services. By embedding tiered oversight into AI adoption, Mizzeto has helped this client reduce operational risk, meet regulatory expectations, and confidently scale their use of generative AI while keeping patient safety and data integrity at the forefront.

The Road Ahead

As LLM adoption accelerates, governance frameworks must evolve. Explainable AI is essential for clinician trust. Bias detection mechanisms are critical for fair outcomes. Guardrails against data poisoning and alignment with NIST/WHO guidelines will future-proof these systems.

Notably, a McKinsey report found that 60% of healthcare leaders plan to expand generative AI initiatives in 2024, but only 21% have implemented formal governance structures to manage associated risks⁴. These gaps underscore the need for structured oversight like the tiering approach outlined here.

Health plans are at a turning point. Poorly governed AI can result in clinical missteps, regulatory fines, or reputational harm. Smart governance, on the other hand, transforms risk into strategic advantage. By stratifying LLMs into risk-aligned tiers, Mizzeto empowers health plans to deploy AI responsibly, drive innovation, and safeguard patient trust. Governance isn’t just compliance—it’s the infrastructure for sustainable, scalable AI success in healthcare. 

If your organization is navigating the complexities of LLM deployment and seeking a structured, proven approach to governance, Mizzeto is here to help. With deep experience implementing tiered risk models for Fortune 500 healthcare clients, we understand how to balance innovation with compliance, safety, and ROI. Whether you're exploring administrative use cases or deploying LLMs in clinical environments, our team can guide you through every step of responsible integration. Please reach out to Mizzeto to learn how we can help you properly risk-tier your LLMs and deploy them with confidence.

‍

¹AI on Trial: Legal Models Hallucinate in 1 out of 6 (or More) Benchmarking Queries

²Medical Hallucinations in Foundation Models and Their Impact on Healthcare

³About 40% of health execs say generative AI pays off, Deloitte finds

⁴Generative AI in healthcare: Current trends and future outlook

Preparing For Member Enrollment Season

Each fall, as open enrollment begins, health plans find themselves on the front lines of one of the most complex operational efforts in the industry: onboarding new members. For those managing a health plan, the stakes are high. A single misstep during enrollment can cascade into months of backlogs, errors, and missed care — damaging not just reputation, but patient outcomes.

That’s why this season, more health plans are turning to automation.

A Critical Moment for Member Experience

Enrollment is often the first impression a new member has of your health plan. It’s also one of the most resource-intensive processes for healthcare operations teams — requiring precise coordination between eligibility checks, ID card generation, network matching, and regulatory compliance. Last year’s open enrollment season set new records. During the 2024 Open Enrollment Period, a staggering 21.4 million members either selected or were automatically re‑enrolled in Marketplace plans—a 31% increase over the prior year. That includes 16.4 million through HealthCare.gov and 5.1 million via state‐based Marketplaces.

In short: It’s a moment of truth. And getting it right matters.

At Mizzeto, we’ve seen how fragmented systems and manual processes can bog down enrollment efforts, causing slowdowns that frustrate patients and strain staff. That’s why modernizing these workflows isn’t just a tech upgrade — it’s a care upgrade.

‍The Problem: Fragmented Systems Are Failing Member Enrollment

Despite the growing complexity of member enrollment, many health plans are still relying on outdated, manual processes. These inefficiencies introduce friction at every step—from eligibility verification delays and incomplete forms to ID card mailing lags and compliance tracking gaps. In a landscape where digital-first expectations are rising and operational resilience is essential, failing to modernize enrollment workflows can lead to increased churn, compliance risk, and unnecessary administrative spend.

These inefficiencies introduce friction at every step of the enrollment process—creating bottlenecks that frustrate members, drain staff capacity, and increase the risk of downstream errors. Eligibility verification delays can leave members in limbo, unable to access care or benefits while systems catch up. Incomplete or manual form entries lead to data inaccuracies that require costly rework and erode trust. Delays in ID card mailing not only slow access to care but also flood call centers with avoidable support requests. And without automated compliance tracking, plans face serious regulatory exposure—missing disclosures, outdated acknowledgements, or lack of documentation altogether.

In a landscape where digital-first expectations are becoming the norm and operational resilience is more critical than ever, continuing to rely on outdated, siloed systems is no longer viable. The cost isn’t just inefficiency—it’s higher member churn, avoidable compliance violations, and mounting administrative overhead. Modernizing enrollment workflows is no longer a nice-to-have; it’s a strategic necessity.

‍How Automation Transforms Member Enrollment

Automation isn’t just a convenience—it’s the foundation for a modern, resilient member enrollment experience. Leading health plans are replacing fragmented, manual processes with integrated, automated workflows that accelerate onboarding, reduce errors, and improve satisfaction for both members and staff.

It starts with intelligent eligibility verification and smart intake handling. Automated systems connect directly with payer databases to verify eligibility in real time, eliminating the need for back-and-forth with exchanges or internal teams. In parallel, OCR (Optical Character Recognition) technology can extract data from scanned or faxed UM intake forms—automatically digitizing key information and routing it into downstream systems. This dramatically reduces the need for manual re-keying, lowers the risk of transcription errors, and speeds up the review and approval of services tied to enrollment.

Next is instant benefit activation and guided plan selection. Once eligibility is confirmed, members receive their digital ID cards in seconds—no waiting for print-and-mail cycles. Simultaneously, automated plan matching tools can recommend the best-fit providers and plans based on a member’s location, prior care usage, and preferences. This seamless experience not only boosts confidence in the plan but also reduces early churn by ensuring the member is matched to care that fits their needs from day one.

Finally, end-to-end communication and compliance tracking close the loop. Automated reminders, email nudges, and portal prompts guide members through every stage of enrollment, improving completion rates and reducing support tickets. On the compliance side, automation ensures that every disclosure, acknowledgement, and timestamped interaction is captured and logged—helping payers stay audit-ready while reducing risk.

In today’s environment of staffing shortages and rising digital expectations, automation isn’t a luxury—it’s a strategic imperative. These integrated solutions not only streamline enrollment operations, they also lay the groundwork for stronger member relationships and long-term retention.

Benefits of Streamlined Enrollment Automation

When member enrollment workflows are automated, health plans see measurable improvements across the board. First impressions become lasting trust as members experience smooth onboarding from day one. Operational resilience increases as real-time systems prevent delays, misrouted claims, and network mismatches. Compliance becomes proactive instead of reactive, with automation flagging missing documentation and capturing disclosures automatically. And staff morale gets a boost as tedious manual tasks are replaced with meaningful, high-value work—improving retention and productivity at once

Today’s members expect digital ease and instant access—not paperwork and phone tag. With more than 21 million people navigating enrollment annually, even small inefficiencies can scale into major issues. As member expectations evolve, enrollment must evolve with them. That means modernizing not just the tech, but the entire experience—from eligibility and activation to communication and care coordination. Member enrollment isn’t just a task to complete; it’s the foundation for lasting engagement and plan loyalty.

Why It’s Worth the Investment

Beyond speed and accuracy, automation reduces burnout. Fewer manual entries mean fewer mistakes. Fewer mistakes mean fewer member complaints. And fewer complaints mean happier teams and healthier retention.

In the end, enrollment isn’t just about signing up members. It’s about setting the tone for how care will be delivered — efficiently, personally, and reliably.

Enrollment is no longer just an administrative necessity—it’s a strategic differentiator. A fast, seamless enrollment experience sets the tone for the entire member relationship. With automation, health plan payers don’t just survive enrollment—they own it.

Ready to turn enrollment into a competitive advantage? Book a meeting with Mizzeto to see how our solutions can transform your member experience from day one.

Breaking Bottlenecks in Utilization Management

Utilization Management (UM) remains a fundamental component of health plan operations—ensuring that care is medically necessary and delivered efficiently. However, legacy systems and manual processes continue to impede decision speed, inflate administrative costs, and undermine provider and member satisfaction. Health plan executives are under mounting pressure to modernize these workflows. This article examines two key chokepoints in UM and outlines how automation and artificial intelligence (AI) can reengineer the process for better outcomes.

Fragmented Intake Channels: An Unresolved Legacy

Despite significant investments in digital infrastructure, most prior authorization (PA) requests still arrive through outdated, unstructured channels—faxes, phone calls, emails, scanned PDFs, or even smartphone photographs. These formats demand manual transcription and interpretation, driving up labor costs and introducing errors.

According to the CAQH, only 31 percent of prior authorization transactions were processed fully electronically via ASC X12N278, while 37 percent remained fully manual—processed by phone, fax, mail, or email¹. Manual processing is considerably more expensive and time-consuming. The CAQH Index shows payer-side costs average $3.50 per manual PA, compared to just $0.05 for fully electronic transactions. On the provider side, each manual submission consumes approximately $10–11 in staff effort².

This fragmentation affects the downstream UM workflow. Staff must sort through entries, clarify ambiguities, and reconcile incomplete information—all of which extend turnaround times. Providers frequently complain of submitting faxes or emails only to receive phone calls requesting additional details days later. For health plans, this creates backlogs, missed performance targets, and strained provider relations.

Documentation Overload: Reviewing the Irrelevant Along with the Relevant

Once intake is complete, UM nurses face another critical challenge: the volume of clinical documentation submitted in support of authorization requests. Providers often send extensive electronic medical record printouts, diagnostic reports, test results, and specialist notes—sometimes totalling hundreds of pages per case.

Reviewers must manually scan these documents, identify relevant facts, cross-check coverage guidelines, and reach a clinical determination. The process varies significantly in duration, often ranging from 30 minutes to several hours per case. In workloads of 20+ cases per day, this becomes a considerable staff burden.

From the health plan perspective, these delays translate into higher appeal volumes and compliance risks. When documentation is inconsistent or unnecessarily voluminous, decision-making becomes harder to standardize, resulting in variance across reviewers and potential errors that attract regulatory attention.

Automation at Intake: Converting Chaos into Standardized Data

The advent of Intelligent Document Processing (IDP) and Natural Language Processing (NLP) transforms how unstructured intake is handled. These tools can extract structured data from faxes, PDFs, and images, identifying key fields—member demographics, diagnosis codes, CPT codes, dates of service—and automatically populating intake systems.

Phone-based submissions can be converted to text via speech-to-text and NLP solutions. The value is not in eliminating humans, but in creating a single, reliable digital intake stream.

Health plans that implement these tools report dramatic improvements. One regional insurer processed over 200,000 authorizations annually through automated systems, achieving 90 percent first-pass accuracy and reducing data-entry burden by 40 percent. These gains support compliance with evolving CMS mandates on electronic prior authorization standards³.

AI-Infused Clinical Review: Enabling Smarter Decision-Making

Automation’s benefits extend into the clinical review phase when AI-driven tools analyze and summarize documentation. Models trained on medical language and entitlement policies can identify prescribed treatments, prior interventions, labs, and imaging outcomes relevant to PA criteria.

This allows for a triaged review model: routine, low-complexity requests may be auto-approved; ambiguous or high-risk requests are flagged for clinical review. Clinicians are presented with summaries and highlighted evidence, eliminating the need to browse hundreds of pages manually.

Health plans deploying these tools report up to a 50 percent reduction in average case review time. AI-assisted systems enhance consistency and reduce cognitive overload for UM staff, while preserving human oversight for critical decisions.

Regulatory Alignment: Meeting CMS Requirements Efficiently

The CMS Interoperability and Prior Authorization Final Rule (CMS‑0057‑F), effective January 1, 2026 (with APIs required by 2027), imposes strict requirements: seven‑calendar‑day turnaround for standard requests, 72‑hour turnaround for expedited requests, public reporting of authorization metrics, and standardized API-based communication⁴.

Automation is essential for compliance. Without it, health plans risk missing deadlines, misreporting metrics, and exposing themselves to regulatory sanctions. Automated intake and AI-supported review systems facilitate meeting timeliness standards, improve denial rationale transparency, and generate structured data required for public disclosures.

Operational and Strategic Returns

Adopting automation and AI in UM workflows delivers measurable operational and strategic advantages:

• Faster turnaround times, supporting regulatory compliance and enhanced provider/member experience
• Lower administrative costs, with per-case cost reductions from dollars to cents
• Improved decision consistency, reducing variability and appeal risk
• Better provider relationships, fostering collaboration and satisfaction
• Scalable operations, capable of handling volume without linear staffing growth

According to CAQH projections, universal adoption of electronic PA could save the healthcare system nearly $500 million annually.

Governance and Change Management

Implementing automation successfully requires more than technology. Integration with core UM systems such as QNXT or Facets is a prerequisite. Oversight mechanisms must be in place to audit automated decisions and ensure human review for denied cases. Clinician training is essential to shift from manual workflows to supervisory roles. Transparency—through AI outputs aligned to policy rationale—is critical for provider acceptance.

Monitoring key performance indicators—including intake accuracy, review time, first-pass approval rates, and provider satisfaction—is essential for evaluating ROI and guiding continuous improvement.

Conclusion

In today's healthcare environment, utilization management processes demand urgent modernization. Fragmented intake channels and documentation overload threaten decision efficiency, care quality, and compliance. Automation and AI offer pragmatic, scalable solutions that improve accuracy, reduce administrative friction, and enhance both provider and member experience—all while supporting regulatory alignment.

For health plan executives, investment in intelligent UM is not optional; it is a strategic imperative. At Mizzeto, we partner with plans to deploy integrated technology solutions that optimize intake, augment clinical review, and embed rigorous governance. To explore a tailored blueprint for digitally transforming your UM operations, contact us today.

‍

Sources Cited

¹2023 CAQH Index Report

²Administrative Transaction Costs by Provider Specialty

³Navigating The CMS Prior Authorization Final Rule: What Health Plans Need to Know

⁴CMS Interoperability and Prior Authorization Final Rule (CMS-0057-F)

‍

CMS Tightens Oversight of Medicare Advantage Plans

In the coming year, the nation’s Medicare Advantage insurers – which cover over 31 million Americans – face an unprecedented wave of regulatory changes and scrutiny. The Centers for Medicare & Medicaid Services (CMS) has quietly ushered in a more aggressive audit regime for Medicare Advantage (MA) plans, alongside significant updates to how these plans are paid for the health risks of their enrollees.

Health plan CEOs, whose organizations collectively received about $455 billion in Medicare payments last year, are now grappling with what these changes mean operationally and financially. Many are preparing for a future in which annual federal audits become a routine part of doing business and risk adjustment rules are rewritten to curb excess payments.

Oversight Intensifies: RADV Audits Expand in 2025

Late this spring, CMS announced a dramatic expansion of its Risk Adjustment Data Validation (RADV) audits – the primary tool for verifying that MA plan payments are justified by members documented health status. Historically, CMS audited only a small sample (around 60) of MA contracts each year, targeting plans suspected of excessive billing. That is changing effective immediately: CMS will audit all eligible Medicare Advantage contracts annually (approximately 550 plans in total)¹. In addition, the agency is fast-tracking a backlog of past years’ audits, pledging to complete all outstanding audits for payment years 2018 through 2024 by early 2026. This means health plans could be hit with multiple audit findings in short succession, condensing what might have been a decade of scrutiny into a much shorter window.

“We are committed to crushing fraud, waste and abuse across all federal healthcare programs,” Dr. Mehmet Oz, the CMS Administrator, said in a statement announcing the new audit strategy. While emphasizing the value of Medicare Advantage, Oz underscored that CMS must ensure [plans] are billing the government accurately².

The RADV audits themselves will also become more intensive. CMS is increasing the sample size of medical records it reviews for each plan from about 35 records to as many as 200 records per plan annually¹. By reviewing a larger slice of each plan’s claims, CMS aims to make any identified error rates more credible for extrapolation – a process of projecting the sample’s error rate onto the plan’s entire member population¹. CMS finalized a rule in 2023 that, for the first time, allows auditors to extrapolate overpayment findings starting with audits of 2018 claims onward. In the past, if an audit uncovered (for example) $100,000 in improper payments in the sample, the plan would repay that amount; now CMS can multiply that figure across all similar cases in the year – a change that could turn modest audit findings into multimillion-dollar liabilities for plans.

To support this ambitious oversight agenda, CMS is bolstering its audit arsenal. The agency will deploy “enhanced technology” – including advanced data analytics, and potentially artificial intelligence, to flag suspect diagnoses in billing data¹. It is also undertaking a massive workforce expansion, increasing its team of medical coders from just 40 to roughly 2,000 by September 2025 to manually review records and confirm unsupported codes². This 50-foldstaffing surge underscores the scale of CMS’s commitment. All Medicare Advantage plans can now expect an audit each year, a stark departure from an era when many insurers never faced a RADV audit at all¹.

For health plans, the immediate implication is a significant operational burden. Insurers will need to respond to ongoing documentation requests, often under tight deadlines, and may find themselves in perpetual audit preparation mode. Some plans are already ramping up their own internal audit teams and processes to mirror CMS’s efforts, aiming to catch and correct errors proactively before federal auditors arrive.

A Revamped Risk Adjustment Model and Policy Changes

Behind the audit crackdown is a broader effort to refine how risk adjustment – the system that pays more for sicker patients – is administered. In 2024, CMS began phasing in a new risk adjustment model (known as “V28”) for Medicare Advantage, the first major overhaul in years. This updated model recalibrates which diagnoses count toward a patient’s risk score and how much they raise payments. Notably, CMS removed over 2,000 diagnosis codes from the model that it deemed prone to being “up-coded” – the practice of documenting extra or more severe conditions to inflate payments³. The goal is to target codes most likely to be abused and ensure that payments better reflect genuine health status.

The transition to the new model is occurring gradually to mitigate disruption. For payment year 2024, risk scores were calculated with a blend (33% new model, 67% old model). By 2025, the balance flips to 67% new model (V28) and 33% old⁴, and by 2026 the new model will be fully in place. The V28 model introduces 115 condition categories (up from 86 in the previous model) but with a more selective set of diagnosis codes – 7,770 codes mapping to those categories, versus 9,797 codes in the old model⁴. In practical terms, some diagnoses that used to boost payments will no longer do so, or will do so to a lesser degree. Chronic conditions like diabetes, depression, or vascular disease are among those seeing coding criteria tightened or subdivided to prevent overstating a patient’s illness burden, according to policy analysts.

CMS argues these changes will improve payment accuracy and curb excess spending. Agency officials noted that Medicare Advantage plans have been paid billions more than similar patients in traditional Medicare, partly due to aggressive coding practices. Indeed, CMS now estimates MA plans overbill the government by about $17 billion a year through unsupported diagnoses, with some estimates as high as $43 billion. The new risk model, coupled with stepped-up audits, is designed to rein in this overspending. Med PAC, a congressional advisory body, has reported that payments to MA plans in 2024 were on track to be roughly $83 billion higher than they would have been in fee-for-service Medicare for the same enrollees – a gap these policies seek to narrow.

Health plans and providers, however, have voiced concern about the speed and impact of these changes. The industry pushed back hard when the new model was proposed, prompting CMS to adopt the three-year phase-in rather than an immediate switch³. Many insurers and health systems fear the model’s stricter coding could reduce payments for vulnerable patients, potentially affecting benefit offerings. CMS’s own projections suggested that despite the model changes, average plan payments per enrollee would still rise in 2024 and 2025, due to other adjustments. But those increases may be smaller than plans are used to, and impacts will vary byplans³.

The American Medical Group Association, representing provider organizations, cautiously noted that the phase-in gives CMS “an opportunity to refine the plan” if unintended consequences emerge by 2026. In essence, while regulators see the new model as a needed course correction, the industry sees a potential budget cut in disguise, to be fought or at least closely watched.

Operational and Compliance Challenges for Health Plans

For health plan executives, the confluence of comprehensive audits and new risk scoring rules translates into a daunting compliance agenda. Operationally, plans must strengthen their documentation practices and IT systems immediately. Every diagnosis code submitted for payment must be backed by proper medical record evidence – not just to withstand a CMS audit, but to ensure the plan isn’t overstating its risk scores under the refined model. Many insurers are conducting internal RADV-style audits on 2018–2022 data right now, essentially red-flagging any diagnosis in their system that might not hold up to scrutiny. By performing these self-audits and deleting or correcting unsupported codes in CMS’s database, plans can mitigate future penalties⁴. This proactive approach, encouraged by consultants, aims to “reduce and manage RADV financial exposure” by addressing issues before the government does.

Provider engagement is another critical piece. Medicare Advantage insurers often rely on networks of physicians and hospitals to document diagnoses, and historically some have incentivized providers to code comprehensively. Now the dynamic is shifting: plans are implementing new provider training and education on the V28 coding changes, stressing accurate and only supported diagnoses. Some plans are also revisiting their contracts with providers. Those that share risk with providers (through value-based arrangements or bonus incentives) may insert clauses making providers financially liable for coding errors that lead to audit recoveries. If a CMS extrapolated audit claws back millions of dollars from a plan, the plan doesn’t want to shoulder that alone – it may seek to recover portions from the physician groups whose documentation was found lacking. This is a delicate conversation, but it reflects how seriously plans are treating the new audit risk.

Internally, compliance and audit departments at MA organizations are bracing for a heavier lift. Plan CEOs are evaluating whether their teams have the bandwidth and expertise to handle continuous audit requests, or if they need to enlist outside help (such as specialized auditing firms or consulting partners). The administrative load of responding to RADV audits – pulling hundreds of medical records from archives, coding them, and submitting rebuttal evidence – is significant, especially for smaller regional plans. Plans must also keep pace with evolving guidance: CMS recently issued updated RADV audit dispute and appeal instructions (effective January 2025), clarifying how plans can challenge audit findings through a reconsideration process². Ensuring the legal team is ready to navigate these appeals, especially when extrapolated sums are on the line, will be crucial.

Finally, IT systems need updates to accommodate the 2025 risk model blend and forthcoming full model transition. Claims and billing software must incorporate the new HCC definitions so that as of January 1, 2025, incoming claims are evaluated under the correct risk adjustment logic. Misalignments here could directly affect revenue projections and compliance. Some plans have had to reconfigure analytics dashboards and retrain their coders and coding vendors on the model’s nuances – for example, which codes no longer map to an HCC (and thus no longer increase payments)⁴. This system work is technical, but vital to avoid errors in submissions that could trigger audits or payment shortfalls.

Financial Stakes and Industry Response

The financial implications of CMS’s 2025 changes are multifaceted. On one hand, Medicare Advantage insurers might see lower revenue growth per patient as risk scores level off under the tighter model. On the other hand, they face the possibility of paying back substantial sums if audits uncover past overpayments. Even a small error rate can translate into a large liability when extrapolated across tens or hundreds of thousands of members. Past RADV audits (2011–2013) found overpayments in the range of 5% to 8%². If a similar error rate were found today and extrapolated, a mid-sized plan with $1 billion in annual revenue might have to refund $50–$80 million for a single year – a heavy hit to earnings.

Compounding the concern, CMS’s decision to finalize audits from 2018 through 2024 in one burst means some plans could be writing checks for multiple years’ worth of overpayments almost at once. Financial officers are reviewing reserves and worst-case scenarios now. “If CMS identifies and extrapolates overpayments for those years, financial losses due to recoupment will be concentrated over a much shorter time period than under the prior timetable,” the Ropes & Gray analysis cautioned¹. In other words, what might have been staggered as a series of smaller repayments over a decade could become a tidal wave of obligations around 2025–2026. This has implications for plan budgeting, dividend plans, and even market valuations – indeed, stock analysts have begun asking public MA insurers about their audit exposures in earnings calls.

Preparing for Change: Mitigation Strategies for Plans

In response to these challenges, savvy health plans are taking a multi-pronged approach to mitigate risk. One key strategy is investing in advanced analytics to identify coding outliers. Plans are leveraging data algorithms to scan claims for patterns – for example, providers who code unusually high rates of certain lucrative diagnoses – and then conducting targeted chart reviews to verify those cases. By doing so, plans can either validate the codes with proper documentation or proactively “unlock” and remove unsupported diagnoses from their submissions, thereby inoculating against future audit findings. This kind of internal cleanup, though potentially reducing payments in the short term, can save a plan from a costly claw-back down the road. Several large insurers have created special RADV task forces for this purpose, blending expertise from compliance, IT, and clinical coding teams.

Education and training are also front and center. Health plan leaders are doubling down on provider education programs to reinforce documentation standards. For example, physicians are being reminded that every chronic condition must be explicitly documented each year in the medical record to count for risk adjustment – and if they add a diagnosis, it should be one actively managed or treated, not just noted in passing. Plans are updating provider handbooks to reflect diagnoses that no longer risk-adjust under the new model, so clinicians don’t waste effort coding conditions that won’t contribute to funding. Some plans are even offering or requiring “documentation integrity” training sessions for network providers, knowing that many audit issues can be prevented at the point of care through better record-keeping.

Another defensive measure is incorporating more stringent audit clauses in vendor contracts. Many health plans use third-party vendors for chart reviews or in-home assessments to help identify additional diagnoses. In the wake of the RADV rule, plans are making sure those vendors attest to the accuracy of codes they submit on the plan’s behalf – and assume liability if codes don’t hold up in an audit. Similarly, plans in risk-sharing arrangements with providers are clarifying how any recovered payments will be handled, as noted earlier. The overarching aim is to align incentives so that everyone – plan, provider, vendor – has “skin in the game” to only report truthful, supportable diagnoses.

From a financial planning perspective, some insurers are bolstering reserves or reinsurance coverage to cushion against possible repayments. Just as importantly, they are scenario-testing the impact of lower risk scores. CFOs are running models on 2025 revenue under various coding intensity assumptions (for instance, if certain common diagnoses drop out of HCC scoring) to guide bids and benefit design for the upcoming plan year. In extreme cases, a few plans have hinted they might need to trim benefits or adjust premiums if the new model significantly undercuts their payments – a move that would likely invite member and political backlash. For now, most are taking a wait-and-see approach, hoping that improved documentation and coding accuracy can blunt the negative financial impacts.

Navigating the Changes with Technology and Support

As Medicare Advantage organizations brace for this new regulatory landscape, many are turning to technology and specialized support services to adapt more effectively. Digital operations platforms and analytics tools are emerging as essential aids in ensuring compliance without overwhelming internal teams. For example, some health plans are deploying AI-driven software to automatically review medical records for any discrepancies between documented conditions and submitted diagnosis codes. These tools can flag potential unsupported diagnoses in real time, allowing plans to correct errors before they are picked up in a CMS audit. Enhanced reporting systems also help plans continuously monitor their risk score trends under the new model and identify areas where scores are dropping due to the V28 changes – insight that can inform provider outreach and member care programs.

Mizzeto’s healthcare digital operations suite is designed to streamline back-office processes for payers, which now include the heavy compliance workloads. For instance, Mizzeto provides audit and compliance assistance, conducting transactional audits to ensure policy compliance and quality control. Such services can take on the labor-intensive task of reviewing claims and medical records for accuracy, effectively augmenting a health plan’s internal audit department. Mizzeto also specializes in claims processing automation and data management, which helps plans keep their billing accurate and up-to-date with the latest rules. By automating routine claims checks and integrating the new risk adjustment logic into claims workflows, these technologies reduce the chance of human error that could lead to audit findings.

Another area where external partners prove valuable is in financial reconciliation and provider recovery efforts. If a plan does end up owing money back to CMS or identifies overpayments made to providers, Mizzeto’s services include analyzing overpayment situations and even helping to recoup excess payments from providers in the plan’s network. This kind of support is critical when plans are processing the results of an audit or adjusting payments post-review. It ensures that once a compliance issue is identified, the plan can resolve it swiftly on the financial side – whether that means correcting claims, retrieving funds, or crediting CMS – all with minimal disruption to operations.

Crucially, these solutions are not about replacing human expertise but augmenting it. Health plan executives remain at the helm in setting strategy (such as how to respond to CMS rule changes or when to self-audit), but they are leveraging technology and trusted partners to execute those strategies at scale. The result can be a more resilient organization: one that can handle an uptick in audits and shifting payment formulas without sacrificing focus on member care.

Looking ahead, Medicare Advantage plans will continue to refine their approach as real-world data from 2025 rolls in. Early audit results and the first full year of the new risk score model will provide feedback, showing where coding patterns need improvement or which compliance investments yield the best returns. Health plan CEOs are keenly aware that the stakes are high – both in terms of dollar amounts and public trust. Yet, with thorough preparation, the right expertise, and strategic use of technology, plans can navigate these reforms. The overarching goal is aligning Medicare Advantage’s impressive growth with robust accountability. And while the 2025 CMS audit changes pose undeniable challenges, they also present an opportunity: for health plans to demonstrate their commitment to accuracy and quality, strengthening the partnership between the government and private insurers that millions of seniors rely on every day.

‍

¹CMS Announces Significant Changes to RADV Auditing Efforts: Considerations and Next Steps for the Medicare Advantage Industry

²CMS Rolls Out Aggressive Strategy to Enhance and Accelerate Medicare Advantage Audits

³Providers, payers press CMS to get rid of Medicare Advantage risk adjustment changes entirely

⁴Key Areas of Focus for Risk Adjustment as the Calendar Turns to 2025

‍