Choosing Risk Adjustment Services in 2026: What the Settlement Era Demands
The Vendor Selection Criteria Have Flipped
Two years ago, health plans selecting risk adjustment vendors asked three questions: How many charts can you process? What’s your expected RAF uplift? What’s the per-chart cost? The evaluation centered on volume, revenue impact, and price. Compliance was a checkbox, not a differentiator.
The settlement era changed the calculus. After the DOJ collected $556 million from Kaiser and $117.7 million from Aetna (March 2026), after OIG published audits with 91% error rates, and after CMS-HCC V28 restructured the payment model to penalize coding intensity, the selection criteria flipped. The first question plans should now ask any vendor isn’t “how much revenue will you find?” It’s “can your work survive a federal audit?”
That’s a fundamentally different evaluation. It prioritizes documentation quality over volume, evidence trails over throughput, and compliance architecture over revenue projections. Vendors built for the old criteria are scrambling to add compliance features. Vendors built for the new criteria are winning contracts they never would have won two years ago.
What to Evaluate Now
Start with coding methodology. Does the vendor run add-only chart reviews, or do they support two-way review that identifies both missed diagnoses and unsupported codes? OIG’s February 2026 guidance specifically named add-only programs as high-risk. Any vendor still operating an add-only model is carrying regulatory exposure that transfers directly to the plan.
Next, evaluate the evidence trail. When the vendor submits a coding recommendation, does it include the specific clinical language from the note that supports the diagnosis, the MEAT criteria that are satisfied, and the reasoning behind the recommendation? Or does it just deliver a list of HCCs with codes attached? The difference between those two outputs is the difference between an audit-ready program and one that creates liability.
Then look at AI governance. If the vendor uses AI-assisted coding (and most do now), is the AI explainable? Can you see how it reached its conclusions? Can your compliance team audit the AI’s decision-making process? Opaque systems that produce recommendations without transparent reasoning create a category of risk that regulators are increasingly focused on: ungoverned automation making clinical coding decisions without human-interpretable logic.
Finally, assess audit readiness. Does the vendor’s output format align with CMS RADV submission specifications? Can their work product be packaged for audit response without significant rework? Do they support mock audit processes that test defensibility before real audits arrive?
The Services vs. Technology Question
Some plans outsource coding entirely. Others use technology with in-house teams. Most use a hybrid. The question isn’t which model is better in the abstract. It’s which model produces the most defensible output for your organization’s specific situation.
Outsourced services carry a risk: the plan is ultimately responsible for what gets submitted to CMS, regardless of which vendor produced the work. If the vendor’s coding methodology is add-only, the plan bears the regulatory exposure. If the vendor’s documentation validation is inadequate, the plan pays the settlement. Vendor selection isn’t just a procurement decision. It’s a compliance decision with financial consequences that can reach nine figures.
The strongest model combines technology (explainable AI, MEAT validation, two-way coding capability) with expert oversight (certified coders who validate AI output and exercise clinical judgment). Neither technology alone nor manual services alone produces the quality and scale that the current environment requires.
The Bottom Line for 2026
Risk Adjustment Services in 2026 must be evaluated on defensibility first, efficiency second, and cost third. The cheapest vendor producing the highest volume of unvalidated codes is now the most expensive choice when measured against audit exposure, settlement risk, and regulatory remediation costs. Plans that select partners based on evidence quality, two-way methodology, and audit readiness are making the decision that protects their organization through the next five years of increasing enforcement pressure.
READ ALSO: Get More Out of Every Connection: Practical Tips for Using iTop VPN on Windows
