Introduction: Defensibility in the Spotlight
Recent headlines involving UnitedHealth’s Medicare Advantage practices have brought one word to the forefront of risk adjustment practices in healthcare: defensibility.
Risk adjustment practices can no longer focus solely on accuracy or completeness. It must also withstand external scrutiny, internal standards, and growing expectations around ethics and transparency.
One major driver of this shift is regulatory pressure. CMS has announced a significant expansion of its audit operations. All 550 Medicare Advantage plans will now be audited annually—up from just 60. It is also expanding its audit workforce from 40 to nearly 2,000.[1]
Risk adjustment has shifted from a back-office process to a front-line strategy that must be built into workflows, tools, and culture. Defensibility is no longer best practice—it is a baseline expectation.
The Risks of Non-Defensible Practices
In today’s environment, where scrutiny is intensifying and reputational stakes are high, the costs of cutting corners—intentionally or not—can ripple across the organization. Below are major risks associated with non-defensible risk adjustment practices:
1. Perceived Upcoding
A 2024 Health Affairs study estimated that differential coding inflated Medicare Advantage payments by $33 billion in 2021.[2] Even when coding decisions meet regulatory requirements, a lack of transparency or documentation can fuel perceptions of upcoding—where diagnoses appear to be selected primarily to inflate risk scores rather than reflect clinical reality. These perceptions can erode trust with regulators, providers, and the public. Inconsistent logic, opaque AI suggestions, and aggressive documentation practices all contribute to this perception.
2. Audit Failures and Financial Consequences
RADV audits, OIG investigations, and DOJ probes are increasingly targeting past submissions. [1] Without clear audit trails and traceable logic, even valid codes can fail audits- leading to revenue recoveries. Also, repeated failures invite deeper oversight.
3. Provider Disengagement
Irrelevant or unverifiable suggestions from coding platforms lead to cognitive overload, frustration and ultimately, provider distrust. Over time, clinicians stop engaging, undermining documentation quality and weakening the foundation of defensibility.
4. Reputational Harm
Perhaps the most underestimated risk is reputational. Even technically legal practices can damage reputation when framed as questionable in the media. In an era where trust is currency, reputational damage can be harder to recover from than regulatory penalties.
What is Defensible Risk Adjustment?
At its core, defensible risk adjustment means being able to justify and stand behind every diagnosis code submitted for reimbursement. It reflects the organization’s integrity, clinical alignment, and its commitment to responsible use of technology.
In a defensible system, codes reflect patients’ clinical reality. It avoids guesswork and black-box automation, or over-reliance on historical data.
Principles for Defensibility
Defensibility can’t be left to interpretation or intention anymore—it needs structure. Below are the core principles that can serve as the backbone of defensible risk adjustment operations.
1. Transparent Logic for Every Code
Every diagnosis must be explainable and tied to clinical documentation. Transparency helps providers and coders understand why a code was flagged and ensures it can withstand regulatory review. As systems evolve, transparency must be built into their very design—so audit trails are always available rather than assembled after the fact.
2. Responsible and Ethical Use of AI
AI’s role is to surface clinically relevant, documentation-supported opportunities—not flood providers with irrelevant or ambiguous suggestions. Responsible AI requires rigorous training, ongoing evaluation, and disciplined governance to ensure its outputs reflect clinical reality and regulatory standards. When governed this way, AI becomes a force multiplier for defensibility, not a liability.
3. Human Validation and Clinical Oversight
Every defensible system must include human oversight. Clinicians should review AI-suggested codes, confirm clinical alignment, and ensure the documentation supports the diagnosis. This safeguard ensures that coding is always grounded in medical judgment rather than automation alone.
4. Clinician-Aligned Workflows That Drive Engagement
Defensibility depends on provider engagement. When workflows fit naturally into clinical practice, providers respond to queries as collaborators rather than adversaries. The future lies in structured feedback loops that let providers accept, reject, or refine suggestions—feeding insights back into systems and improving accuracy over time.
5. End-to-End Traceability
Traceability means being able to reconstruct the full chain: where a code came from, what triggered its suggestion, who reviewed it, what documentation supports it, and when it was ultimately submitted. This type of audit trail is essential to internal quality control and external defensibility.
6. From Optimization to Justification
Defensibility demands a shift in organizational mindset: from maximizing risk scores to justifying every score. This principle applies regardless of whether a code originates from AI, manual review, or historical inference. The test is not “does this lift RAF?” but “can we stand behind this clinically and ethically?”
7. Only Submit What You Can Defend
The simplest and most enduring principle: if you can’t defend it, don’t submit it. This applies to AI outputs, manual entries, and historical inferences. This principle guided decisions in tools like Bloom Value’s iRAS, where certain AI-suggested codes were excluded because they lacked documentation strength. Building defensibility sometimes means saying no—even when the code could have increased the score.
Conclusion: A Turning Point for the Industry
The era of unchecked optimization is ending. The new mandate is code confidence.
Organizations that design for defensibility—where every decision is explainable, every code traceable, and every submission justifiable—will not only avoid risk but also build trust.
What’s at stake is bigger than audits or RAF scores. It’s the sustainability of Medicare Advantage itself. As the program grows as a cornerstone of value-based care, its future depends on practices that are accurate, ethical, and defensible by design.
References:
[1] CMS Rolls Out Aggressive Strategy to Enhance and Accelerate Medicare Advantage Audits | CMS.gov | May 21, 2025
[2] Differential Coding Inflated Medicare Advantage Payments by $33 Billion in 2021, Study Finds | Brooke McCormick | AJMC | April 7, 2025
