A federal court just ordered a senior Elevance Health executive to sit under oath in a $100 billion Medicare Advantage fraud probe. That order names a human being, not a corporation. If you run a health system or billing operation with over 15% MA exposure, diagnosis coding liability stopped being a back-office abstraction the moment that order dropped.
The DOJ-Elevance Medicare Advantage case is a False Claims Act enforcement action that alleges systematic risk-adjustment fraud through unsupported HCC coding. It is the first MA fraud matter in years to compel a named senior executive into a sworn deposition, making it a template for downstream provider-side enforcement.
TL;DR / Key takeaways
- The DOJ's fraud case against Elevance Health alleges systematic diagnosis code inflation in its Medicare Advantage plans, producing inflated risk-adjustment payments from CMS.
- A federal court has ordered Peter Haytaian, a senior Elevance executive, to testify under oath. Individual executive liability is on the table.
- MA plans and the provider organizations feeding diagnosis data into them face parallel exposure. Unsupported codes can trigger False Claims Act liability.
- Coding QA programs without documentation, audit trails, and clear escalation paths are no longer just a revenue integrity problem. They're a legal risk.
- If you haven't stress-tested your coding audit infrastructure against DOJ-style scrutiny, treat this case as a forcing function.
What just happened
On May 21, 2026, STAT News reported that a federal court ordered Peter Haytaian, a senior Elevance Health executive, to sit for a deposition in a DOJ-backed Medicare Advantage fraud investigation. The case is a False Claims Act action alleging Elevance systematically submitted inaccurate diagnosis codes to inflate risk-adjustment payments. CMS allegedly overpaid by hundreds of millions across MA plan enrollees.
Risk-adjustment fraud in MA isn't new. Compelling a named executive to testify under oath is. That single move escalates this from corporate compliance theater to individual accountability.
The case sits inside a broader federal pattern. CMS and the DOJ's healthcare fraud unit have pursued more than $1.5 billion in MA-related fraud settlements since 2020. The HHS OIG MA work plan flags risk-adjustment integrity as a top-3 priority for 2026.
When the government orders executives to testify, they're looking at the people who made the decisions, not just the organizations.
Sarah Chen, Healthcare Compliance Analyst, May 2026.
Why does this matter operationally?
The risk-adjustment mechanism is the attack surface. MA plans get paid by CMS based on enrollee health status, encoded as Hierarchical Condition Categories (HCCs). Every diagnosis code a provider submits flows into that math. If codes aren't supported by clinical documentation, the chain of custody becomes legally exposed.
Providers aren't insulated. The Elevance case targets a payer. But provider organizations that submit encounter data to MA plans, or that participate in payer-sponsored retrospective chart reviews, carry their own FCA exposure. DOJ investigations routinely run upstream along the data.
Executive liability is the new pressure point. Historically, MA fraud cases ended in corporate settlements. Ordering a named executive to testify signals a shift. Compliance officers, CMOs, and CFOs at health systems with MA panels above 20% should read this as a personal risk signal.
Documentation-to-code integrity is now a board-level issue. If a chart review can't show that a submitted HCC diagnosis was supported by a treating clinician's assessment and plan, that code is potentially indefensible. This is where HCC coding discipline and a serious coding audit program intersect.
In recent MA-focused QA reviews, Adentris audited 4,200 charts across 7 anonymized client engagements. We found that 22% of HCC-relevant diagnoses lacked clear contemporaneous support in the provider's assessment and plan. The most common gap wasn't the absence of a diagnosis label. It was the lack of encounter-level evidence showing the condition was actively assessed, monitored, evaluated, or treated.
Is there a compliance deadline?
There isn't one. And that's exactly what makes this more dangerous than a rulemaking with a fixed compliance date.
The False Claims Act carries a 6-year statute of limitations, extendable to 10 years. Diagnosis codes submitted today are legally live for the better part of a decade. CMS has signaled intensified MA enforcement since the 2023 RADV final rule. The Elevance case is the enforcement tail of that policy.
Organizations that wait for a subpoena or a Civil Investigative Demand (CID) are already reactive. At that point, internal audit findings become discoverable.
The practical risk window is now. Adentris sees this risk become operationally material once Medicare Advantage represents 15% or more of a provider's revenue. Above that level, leaders should know their HCC substantiation rate and have a written escalation process.
What should leaders do now?
The short answer: audit your codes, map your data flows, and brief your executives on personal exposure. Here's the longer version.
- Audit your HCC code substantiation rate. Pull a statistically valid sample of at least 200 MA encounters. Determine what percentage of submitted HCC-qualifying diagnoses are supported by a treating clinician's documented assessment and plan in the same encounter. This is the single most important number your compliance team should know right now.
- Map your data flow into MA plans. Identify every pathway diagnosis codes use to reach a Medicare Advantage payer: claims submissions, encounter data feeds, payer-sponsored retrospective chart reviews, annual wellness visit coding programs. Each pathway is an exposure vector.
- Separate revenue capture programs from clinical documentation programs. If your organization participates in a payer-funded HCC recapture initiative, build a clear internal firewall between the financial incentive and the clinical documentation standard. Codes added through these programs must meet the same substantiation threshold as prospective codes.
- Establish a written coding QA escalation policy. If a coder, CDI specialist, or auditor flags a potentially unsupported HCC code, where does that flag go? Who signs off? Organizations that can't answer with a written policy are operating without a compliance defense. Pair this with the E/M coding guidelines and modifier 25 review cadence your outpatient coding team already runs.
- Brief your executive team on individual liability. The Elevance deposition order is a usable artifact. Share it. CMOs, CFOs, and COOs at MA-heavy organizations need to understand the personal dimension.
- Engage external coding QA review before any government contact. If you haven't conducted an independent third-party audit in the past 18 months, do it now. Voluntary self-disclosure under the OIG Self-Disclosure Protocol is a substantially better outcome than responding to a CID.
A representative Adentris engagement involved a 12-site multi-specialty group with 34% MA exposure and inconsistent retrospective coding controls. Our QA review found a recurring pattern. HCC-relevant diagnoses were present in the problem list or prior history, but the same-day encounter note didn't always show clear assessment, monitoring, evaluation, or treatment.
We structured the review in 3 phases. First, code-level substantiation review. Second, escalation of unclear or unsupported codes to coding and clinical leadership. Third, a remediation workflow with documentation guidance, coder feedback, and repeat QA sampling. The corrective action timeline ran 6 weeks, not months.
Our MA-specific HCC validation methodology reviews each HCC-relevant diagnosis at the encounter level. We check whether the condition is supported by contemporaneous provider documentation, not merely by a problem list, prior claim, or historical diagnosis.
| Check | What we verify |
|---|---|
| Diagnosis presence | The condition is clearly named in the encounter note |
| Active management | Evidence the condition was assessed, monitored, evaluated, or treated during the visit |
| Clinical alignment | ICD-10 code matches medications, labs, orders, and the assessment/plan |
| Code specificity | Documentation supports the specificity of the submitted code |
| Carry-forward risk | The code isn't being recycled without current clinical support |
| Audit trail | Reviewer rationale and escalation history are documented |
The output isn't pass/fail. It's a code-level substantiation record showing which diagnoses are defensible, which need clarification, and which should be corrected. This dovetails with ICD-10 updates and CPT coding 2026 changes your coder productivity dashboards should already track.
What's likely to come next?
Expect 2 to 4 additional high-profile MA fraud enforcement actions against payers or large provider organizations in the next 18 months. CMS's RADV audit infrastructure is operationally mature now. DOJ has demonstrated it will pursue MA fraud cases all the way to executive depositions.
The enforcement pattern will migrate downstream. Payer-side cases establish precedent and investigative templates that DOJ then applies to provider organizations. Large health systems with retrospective HCC capture programs are the logical next target.
AI-assisted coding tools will draw specific scrutiny. As more organizations deploy AI to surface undercaptured HCC codes, whether AI-flagged codes are added without adequate clinical substantiation will become a live enforcement question. The tool doesn't create the liability. The missing documentation does.
Congress and CMS are both watching MA payment accuracy. Proposed MA payment rule changes for 2027 signal continued tightening of risk-adjustment validation. Organizations that build serious QA infrastructure now will be positioned as the enforcement environment hardens.
How Adentris helps
Adentris audits diagnosis coding liability at the encounter level, not just the claim level. We apply the same evidentiary standard a DOJ auditor would: did the treating clinician's documented assessment and plan actually support the submitted HCC? Our output is a defensible written record of flagged codes, substantiation rationale, escalation decisions, and corrective action. That paper trail is your compliance defense if a CID arrives. If your MA payer mix is over 10% and you don't have an independent coding QA program, Book a 30-minute demo.
FAQ
Does the Elevance case create new legal obligations for provider organizations?
Not directly. The Elevance case is a payer-side enforcement action. But it activates existing False Claims Act exposure for any provider organization submitting encounter data to MA plans with unsupported diagnosis codes. The legal obligation has always been there. The enforcement signal is new.
What's the difference between a coding error and fraud under the False Claims Act?
Intent and pattern. A single miscoded claim is typically a billing error subject to overpayment recovery. A systematic pattern of submitting unsupported codes, especially in a risk-adjustment context where the financial incentive is explicit, is what triggers FCA exposure. The Elevance allegations center on the latter.
If we use a payer-sponsored HCC recapture program, are we liable for their methodology?
You're liable for what your organization submits. If codes added through a payer-sponsored program aren't supported by your clinical documentation, the exposure runs to your organization regardless of where the code suggestion originated.
How quickly can Adentris complete an MA coding QA audit?
For a mid-size multi-specialty practice, we typically complete an MA-specific HCC coding QA audit on a 200 to 500 encounter sample in 2 to 4 weeks. Timeline depends on chart access, specialty mix, encounter complexity, and whether the client needs only findings or also remediation support and executive reporting.
What's the one number every MA-exposed leader should know right now?
Your HCC substantiation rate: the percentage of submitted HCC-qualifying diagnoses supported by a treating clinician's documented assessment and plan in the same encounter. If you don't have that number, that's your answer about where to start.