The One-Way Problem in a Two-Way World
CMS has been explicit about how it wants plans to use the supplemental data submission process: as a two-way street. Plans should submit diagnoses that chart reviews identified as clinically valid but previously uncaptured. They should also remove diagnoses that can’t be supported by adequate clinical documentation. Adding and removing. Both directions. That’s the expectation.
Most retrospective programs in the Medicare Advantage industry were never built for both directions. They were built for one: adding. Find codes in charts. Submit them to CMS. Measure success by volume. The removal side of the equation was ignored because it didn’t generate revenue. Nobody got a bonus for deleting a code.
The DOJ settled with Kaiser for $556 million and Aetna for $117.7 million (March 2026) over programs that operated exactly this way. OIG’s February 2026 guidance formalized the risk by naming add-only chart reviews as a high-risk practice. The regulatory position is clear: one-way programs create the coding intensity patterns that CMS interprets as evidence of payment inflation.
How One-Way Programs Create Population-Level Red Flags
The risk from add-only coding isn’t limited to individual chart failures. It creates a statistical signature that CMS monitors at the population level. When a plan’s risk scores trend upward year after year, but its members’ clinical outcomes (hospitalizations, mortality, cost trends) don’t move in the same direction, the divergence tells a story. It says the plan is getting sicker on paper without getting sicker in reality.
That divergence is a product of asymmetric coding. Every chart review that adds a code without evaluating existing submissions pushes risk scores up. Nothing pushes them down. Over multiple review cycles, the cumulative effect is a risk profile that drifts further from clinical truth with each passing year.
CMS doesn’t need to audit individual charts to see this pattern. Population-level analytics reveal it across an entire contract. By the time a RADV audit confirms what the data already suggested, the plan has years of one-directional coding to explain. The Aetna settlement, which covered activity from payment year 2015 through 2023, shows how far back that exposure can reach.
Building the Two-Way Workflow
Converting an add-only program to a two-way program requires changes at three levels. The technology needs to evaluate documentation in both directions. AI that scans a chart should identify potential adds (missed diagnoses with strong MEAT evidence) and potential deletes (submitted codes without adequate clinical support). Both recommendations need the same evidence trail: specific clinical language, MEAT element mapping, and explainable reasoning.
The process needs to include deletion as a standard workflow step, not an exception. Every chart review should produce both an add set and a delete set. Quality assurance should validate both. Provider queries should address documentation gaps for codes that are candidates for removal, not just for codes being added. The deletion workflow should mirror the addition workflow in every structural respect.
The culture needs to recognize deletions as compliance wins. Performance metrics should track accuracy and defensibility alongside volume. Removing an unsupported code that would have failed an audit should be measured as protecting revenue, because that’s exactly what it does. A code that gets submitted without support and then clawed back in a RADV audit costs the plan more than if the code had never been submitted.
The Math That Makes This Urgent
Plans running one-way retrospective programs accumulate additional audit exposure with every review cycle. Each cycle adds codes without removing any, widening the gap between submitted diagnoses and clinical reality. The longer the program runs in one direction, the more expensive the correction becomes when regulators force it.
Organizations restructuring their programs around Retrospective risk adjustment coding that operates in both directions are closing that gap proactively. Every code submitted gets validated. Every unsupported code gets flagged for removal. The risk profile stabilizes at levels that reflect actual patient complexity rather than drifting upward on coding activity alone. That’s what defensible looks like, and it’s the only model that aligns with where CMS enforcement is heading.
