Somewhere in the machinery of the American government runs a formula most people have never heard of, quietly executing one of the largest algorithmic decisions on Earth. It takes as input the recorded diagnoses of roughly thirty-four million older adults. It outputs a number per person. And that number decides how hundreds of billions of dollars flow to private health insurers every year.
The formula is called the CMS-HCC model, and its latest version, V28, is a case study in something technologists rarely get to watch at this scale: what happens when you patch a production algorithm that an entire industry has spent fifteen years optimising against.
How the machine works
The concept is elegant. Paying insurers a flat rate per member would make sick members unprofitable, so insurers would chase healthy ones. To fix that, the payment adjusts for health status. Every diagnosis a patient receives maps to a category, categories carry weights, weights sum to a risk score, and the score multiplies the monthly payment.
The categories are called Hierarchical Condition Categories, HCCs, and the hierarchy matters: within a disease family, only the most severe form counts, so you cannot stack mild and severe versions of the same illness. Diabetes with complications outranks and absorbs plain diabetes. It is a deduplication rule, in effect, written into federal payment policy.
Version 24 of this model ran for years with a known vulnerability: it was calibrated on data that included the industry’s own coding behaviour. Insurers learned which diagnoses moved the score, built software to hunt them in old charts, and coded accordingly. The model learned from data the model itself had distorted. Feedback loops do not care whether the system is a recommender engine or a federal payment formula.
The V28 patch
The government’s response, phased in fully by 2026, reads like a security update. The new version, V28, was recalibrated on cleaner underlying data, restructured the categories, and, most tellingly, constrained or removed the scoring value of thousands of diagnosis codes that had become favourite targets of aggressive coding. Conditions that mysteriously spiked in prevalence whenever they carried payment weight found their weights cut.
The industry impact was immediate and asymmetric. Organisations whose risk scores reflected genuinely sick populations saw modest changes. Organisations whose scores had been inflated by intensive code-hunting watched revenue projections drop hard, because the exact codes their tooling targeted were the ones defanged. A useful technical breakdown of what changed and why lives in this engineer-friendly explainer of the CMS-HCC V28 model, including the category restructuring and which condition groups gained or lost weight.
There is a second patch worth noting. From 2026, diagnoses that arrive only via retrospective chart reviews, unlinked to an actual patient encounter, stop counting toward scores in a growing set of cases. In data terms: the model now requires provenance. A diagnosis needs a real, dated clinician-patient interaction behind it, not just a paperwork trail.
Adversarial dynamics, healthcare edition
For readers who build or break systems, the deeper pattern is familiar. Any scoring algorithm with money attached becomes an adversarial environment. Search engines have SEO. Credit models have credit repair. Fraud models have fraud rings. The CMS-HCC model spawned an entire industry of optimisation, some legitimate, capturing real illness that rushed doctors genuinely missed, and some that federal prosecutors have recently priced at nine figures.
The March 2026 enforcement wave supplied the empirical data. Government auditors sampling high-risk diagnoses at three insurance plans found 81 to 91 percent unsupported by medical records. A major insurer settled with the Department of Justice for 117.7 million dollars over review programmes that only ever adjusted scores upward. The audit agency scaled from tens of reviewers to roughly two thousand certified coders, assisted by AI, running quarterly cycles with statistical extrapolation from samples to full contracts.
Model patch plus enforcement plus audit automation: the full adversarial-ML defence stack, deployed by a government payment office.
What the next version already implies
The trajectory is legible. Each iteration of the model shifts weight away from what is easy to code and toward what is hard to fake: encounter-linked diagnoses, clinically evidenced documentation, patterns consistent across a population rather than spikes that follow payment weights. Population-level anomaly detection is explicitly on the regulator’s roadmap, which means the era of per-chart optimisation is ending and the era of distribution-level scrutiny has begun.
For technologists, the lesson generalises well beyond healthcare. When your algorithm allocates money, publish the assumption that it will be gamed, instrument for provenance from the first release, and expect to recalibrate on adversarially polluted data. The American government just ran that playbook on the largest scoring system most people have never heard of, with thirty-four million people in the training set and an industry of well-funded adversaries probing every weight.
V28 will not be the last patch. Somewhere in the model office, V29 is already being argued over. The algorithm that prices sickness, like every algorithm worth attacking, has entered permanent versioning. The only stable release is the one nobody has an incentive to break, and in a system moving half a trillion dollars, that release does not exist.
