The Audit Test Every Software Should Pass
When CMS audits a Medicare Advantage plan’s submitted diagnoses, they don’t ask whether the software was fast. They don’t care about user interface design or implementation timelines. They ask one question: can you show us the clinical evidence that supports this code? If the software your coding team uses can’t produce that evidence trail on demand, you have a technology problem dressed up as a workflow solution.
The OIG’s March 2026 audit of BCBS Alabama (A-07-22-01207) found that 247 out of 271 sampled enrollee-years had unsupported diagnosis codes, a 91% error rate. Acute stroke and myocardial infarction categories failed at 100%. The root cause wasn’t lazy coders. It was documentation that lacked proof of active clinical management, and a process that didn’t catch the gaps before submission. The software those teams used didn’t flag the problem. It enabled it.
That’s the first question to ask any HCC coding system: does it validate documentation quality, or does it just help coders move faster through charts?
Explainability Is Non-Negotiable
The regulatory environment has made one thing clear: opaque AI creates liability. When a system tells a coder “this diagnosis is supported” without showing which specific lines in the clinical note it evaluated, which MEAT criteria (Monitoring, Evaluation, Assessment, Treatment) are satisfied, and which are missing, the coder is making a blind decision. And when an auditor asks for evidence, there’s nothing to produce.
Explainable AI changes the workflow. The system scans the clinical note and maps each suspected HCC to specific documentation. It shows the coder exactly where monitoring activity is referenced, where treatment decisions are documented, and where gaps exist. The coder validates rather than searches. The evidence trail builds automatically because every recommendation is linked to documented clinical language.
Plans that adopted AI tools without requiring explainability are now discovering that speed without transparency doesn’t reduce audit risk. It accelerates it. Codes get submitted faster, but they’re no more defensible than codes assigned through manual review. The DOJ’s $117.7 million Aetna settlement (March 2026) and $556 million Kaiser settlement both involved programs where the process of assigning codes outpaced the process of validating them.
Two-Way Capability Separates Compliance Tools From Revenue Tools
The biggest regulatory red flag in risk adjustment today is add-only coding. Programs that find diagnoses and submit them without ever identifying codes that should be removed are the exact pattern the DOJ has targeted and OIG has flagged in its February 2026 Industry-wide Compliance Program Guidance.
Software that only supports adds is a revenue tool. Software that supports both adds and deletes is a compliance tool. The distinction matters because CMS has described its supplemental data process as a two-way street. Coders need to identify missed diagnoses and flag unsupported ones for removal. That requires technology designed for validation in both directions.
When evaluating systems, ask: can it identify codes in the chart that lack adequate MEAT support? Can it flag previously submitted HCCs that no longer have current documentation backing? Can it generate a deletion recommendation with the same evidence trail it provides for additions? If the answer to any of these is no, the system was built for a regulatory environment that no longer exists.
What the Buying Decision Should Actually Center On
Speed and volume metrics still matter operationally. But the primary evaluation criteria for HCC Coding Software in 2026 should be defensibility. Can the system prove why every code was submitted? Does it validate documentation against MEAT criteria before the code reaches CMS? Does it support two-way review? Is the AI explainable, with evidence trails that an auditor can follow?
Plans selecting HCC Coding Software based on productivity gains alone are optimizing for efficiency in a market that now penalizes efficiency without accuracy. The right system makes coders faster and more defensible simultaneously. That combination is what separates tools built for the current enforcement environment from tools still designed around the old revenue-first model.
