CMS Audit Updates 2025: What Medicare Advantage Plans Need to Know

On April 25, 2024, CMS released a major update to its audit protocols, confirming that all Medicare Advantage (MA) plans will now face annual audits focused on fraud, waste, abuse (FWA), and overpayments.

CMS audit changes in 2025: Key updates

This isn’t just a policy update, it’s an operational overhaul. CMS isn’t increasing audits on paper alone; it’s scaling its entire audit infrastructure, using technology to expand its reach and precision:

• CMS plans to increase the number of Medicare Advantage (MA) plan audits from ~60 per year to over 550, covering nearly every eligible contract.
• The number of records reviewed per plan will rise from 35 to up to 200, depending on plan size.
• To support this, CMS is expanding its team of medical coders from 40 to 2,000 by September 1, who will manually verify flagged diagnoses.
• CMS will also coordinate with the HHS Office of Inspector General to actively pursue recovery of overpayments from prior audits.

This is a powerful shift, from sampling and spot checks to full-spectrum oversight. This isn’t a temporary enforcement spike, it’s a shift in how CMS expects plans to operate.

This is no longer a matter of if an audit will happen, it’s when. The message is loud and clear: oversight is no longer episodic; it’s continuous.

Audit readiness is now a year-round priority. For payers, it’s no longer a seasonal task for compliance teams. Your systems, data, documentation, and controls must stay aligned and defensible at all times.

Three intertwined factors drive CMS’s decision:

• Escalating payment errors and growing FWA concerns: Improper payment rates in Medicare Advantage are estimated to be above 9%, translating to billions in recoveries and disputes annually. CMS is under pressure to plug these leaks. #Datacheck: In FY 2024, the CMS reported that the Medicare Advantage (Part C) program had an estimated improper payment rate of 5.61%, amounting to approximately $19.07 billion in improper payments.

• Systemic data inconsistencies and lagging modernization: Many health plans still rely on siloed, legacy systems that lack traceability, audit trails, and standardized validations, making it hard to detect, report, or correct errors in time.
• A broader push for payer accountability: With growing scrutiny from GAO, OIG, and Congress, CMS is now shifting from reactive enforcement to proactive oversight.

Impact on Medicare Advantage organizations

While it may feel like pressure, this change is an opportunity to:

• Clean up internal processes
• Establish trust-based partnerships with CMS and regulators
• Build member confidence through transparency
• Streamline administrative costs through automation and standardization

Here’s the mindset shift payers must adopt: Annual audits are not a compliance burden; they’re a governance benchmar

Where to begin: A practical roadmap to year-round audit readiness

So, where do you start when audits are no longer a one-time event but a constant expectation?

It doesn’t have to be overwhelming. Here’s how to break it down:

1. Start with a clear risk map: Identify risk areas, claims, payments, contracts, and delegated entities. Manual handling and unclear policies create room for error. Set up automated checks and alerts to flag issues early. Ensure your internal policies align with current CMS expectations, not outdated ones.
2. Ditch the spreadsheets and manual logs: Spreadsheets don’t scale for complex audits or large delegated networks. You need tools that help you generate CMS universes automatically, scrub the data for accuracy, track audit findings, and manage corrective actions, all in one place. It saves time, reduces errors, and keeps your team from scrambling when the audit letter lands. It’s time to modernize.
   • #DataCheck: In its 2024 announcement of enhanced Medicare Advantage audit strategies, CMS clearly reinforced the need for robust, automated audit tracking systems that support accurate billing and timely reporting.
3. Treat your data like a compliance asset, not an afterthought: Clean, consistent, and audit-ready data is now a must-have. Set up systems that validate data at the source, flag formatting issues, and ensure a single source of truth across teams. If CMS finds inconsistencies before you do, it’s already too late.
4. Let AI do the heavy lifting: Use GenAI and automation to handle routine tasks, like summarizing CMS guidance, flagging key impacts, and filling audit templates. AI also helps spot policy mismatches, so your teams can focus on issue resolution and trend analysis instead.
5. Don’t forget your vendors and delegated entities: Some of your biggest audit risks come from outside your four walls. Make sure you’re actively monitoring performance, compliance status, and data accuracy across your partners. And yes, you need more than quarterly check-ins and PDFs, they’re not going to cut it anymore.
   • #DataCheck: A 2023 CMS Program Audit Trends Report found that over 55% of compliance issues originated from third-party vendors or delegated entities.

Zooming out: This isn’t just a compliance problem, it’s an enterprise imperative

Let’s be clear: while this new audit cadence starts in compliance, its ripple effects quickly extend across operations, finance, and vendor oversight.

• Operations will need to revisit workflows and reduce rework from failed audits.
• IT must break down data silos and ensure system interoperability across platforms.
• Finance will face pressure to quantify the cost of overpayments and recovery disputes, and fund the tools needed to fix them.

Leveraging technology for audit readiness

This is the moment for payers to adopt an enterprise-wide approach to audit readiness. Not another band-aid, not another department-level workaround. But a strategic reset, powered by unified systems, clean data, and shared accountability.

That requires a platform mindset, not just tools for compliance, but a foundation that aligns technology, processes, and people across the enterprise.

And the good news is, payers don’t need to build this from scratch. Inovaare has spent years engineering an audit-first, compliance-smart Health Cloud Platform, built with CMS expectations in mind.

RADV Audit today, Program Audit tomorrow, payers just need to be data-ready  

CMS’ new directive isn’t a passing storm, it’s the new climate. RADV, audits, or OIG probes expose plans that delay modernization to corrective actions, reputational damage, and recoveries.

But those that invest now in automation, data quality, internal alignment, and AI augmentation will be the ones trusted to lead. 

Not sure where you stand? Take the Data Readiness Assessment

Connect with our experts to start building year-round audit readiness, before CMS calls.