Global Life Sciences Update

OIG Releases Long-Awaited Medicare Advantage Compliance Program Guidance

February 10, 2026

On February 3, 2026, the U.S. Department of Health and Human Services, Office of Inspector General (OIG) released new industry segment-specific voluntary compliance program guidance (ICPG) for the Medicare Advantage program. The Medicare Advantage ICPG updates and expands upon OIG’s 1999 Compliance Program Guidance for Medicare+Choice Organizations Offering Coordinated Care Plans, most notably in its application beyond Medicare Advantage organizations (MAOs) to a broader universe of entities and individuals that participate in, or engage with, the Medicare Advantage program, including healthcare providers and first tier, downstream, and related entities (FDRs) (collectively, “MA Parties”). OIG notes that the Medicare Advantage ICPG may be updated periodically to “address newly identified risk areas,” ensure that the guidance is “timely and meaningful,” and to “respond to stakeholder feedback.” Stakeholders are invited to submit written feedback on the guidance to Compliance@oig.hhs.gov.

The Medicare Advantage ICPG is the second industry-specific compliance publication since OIG announced its intent to publish new guidance for “each industry subsector” in November 2023 and follows OIG’s December 2024 release of industry segment-specific guidance for nursing facilities (NF-ICPG), previously discussed in a Sidley Update available here.

The Medicare Advantage ICPG is the latest signal that enforcement agencies are continuing to closely scrutinize Medicare Advantage arrangements under healthcare fraud and abuse laws.

MAOs should carefully review OIG’s recommendations and consider whether enhancements should be made to address particular risk areas. Entities looking to contract with MAOs should anticipate greater compliance oversight and look to revamp their own compliance processes and procedures to align with the heightened MAO expectations.

Key elements of the Medicare Advantage ICPG are described in greater detail below.

Motivation Behind the Medicare Advantage ICPG

OIG cites its own work in “uncover[ing] fraud, waste, and abuse involving MA Parties,” as well as “[o]ngoing work” by CMS, the Department of Justice (DOJ), and other law enforcement partners to “continue to identify potentially abusive practices involving MA Parties” as motivation for the Medicare Advantage ICPG. Indeed, in July 2025, the DOJ and OIG announced a renewed False Claims Act Working Group to target fraud and abuse with the first priority being the Medicare Advantage program, previously discussed in a Sidley Update available here. OIG also observes that the rise of Medicare Advantage has fundamentally changed the Medicare program, both in terms of how enrollees access healthcare and how the government pays for such care.

OIG believes that guidance is needed in response to the “evolving set of challenges” facing the Medicare Advantage industry, including MAOs’ relationships with a broad array of entities and individuals, including new companies and contractors entering the market, and merger activity that has created “novel combinations of different entity types.”

Interaction With CMS Medicare Advantage Regulations

OIG states that the Medicare Advantage ICPG and OIG’s General Compliance Program Guidance (GCPG) are intended to “complement CMS’s compliance program regulations,” set forth at 42 C.F.R. §§ 421.1 et seq., which are mandatory for MAOs. According to OIG, if the recommendations and practical considerations in the ICPG and GCPG are adopted by MA Parties, it could “help facilitate compliance” with applicable law and regulations. OIG further clarifies that the Medicare Advantage ICPG is broader than existing CMS regulations because it applies to entities beyond MAOs and offers additional voluntary measures “beyond the compulsory CMS compliance program regulations” that may “further focus and enhance compliance.”

Key Risk Areas

The Medicare Advantage ICPG includes compliance recommendations to address the following key risk areas, which OIG makes clear are not the only risk areas relevant to MA Parties:

Access to Care (Network Adequacy and Prior Authorization). The Medicare Advantage ICPG emphasizes that “[e]nsuring access to care is a core requirement” of Medicare Advantage and encourages MAOs to take proactive measures to ensure that provider networks are adequate to meet enrollee needs. This goal is consistent with another one of the key enforcement priorities listed in the DOJ/OIG False Claims Act Working Group – “barriers to access to care, including violations of network adequacy requirements.”

OIG’s specific recommendations for MAOs include (but are not limited to): (i) using an independent third-party verification company to confirm provider directory information meets a specific accuracy threshold, (ii) reviewing claim submission volumes of in-network providers to prevent so-called “ghost networks,” or inaccurate or misleading network directories that give the appearance of broader provider availability than is actually present; (iii) conducting secret shopper surveys using independent entities to confirm provider availability and other pertinent directory information; and (iv) reviewing and tracking enrollee complaints about providers and conducting follow-up inquiries based on such complaints, including removing providers from directories, if appropriate.

Related to prior authorization, the Medicare Advantage ICPG stresses that OIG has identified serious concerns about improper denials and delays in care, citing prior OIG reports from April 2022 and July 2023 that addressed these topics. The guidance specifically highlights potential compliance risks associated with using algorithms to make prior authorization or other coverage decisions, particularly where the algorithm fails to rely on the individual patient’s medical history, provider recommendations, or clinical notes to make medical necessity determinations. Notably, the Medicare Advantage ICPG recommends that MA Parties go beyond the obligations in the CMS regulations to establish robust safeguards to address these risks, including reviewing the use of any AI or other algorithm-based tools to ensure that decisions of claims and prior authorization focus on patients’ individualized circumstances.
Marketing and Enrollment. The Medicare Advantage ICPG reiterates the risks highlighted in OIG’s 2024 Special Fraud Alert that addresses marketing schemes involving questionable payments and referrals between MAOs, healthcare professionals, and third-party marketers, discussed in a prior alert here. OIG also specifically identifies improper financial incentives and deceptive marketing practices as key focus areas. OIG warns that improper financial incentives may “skew enrollment in ways that may not be in the best interests of enrollees and potential enrollees” and cautions against misleading or discriminatory marketing practices. OIG further notes that these activities can potentially subject MA Parties to “various legal sanctions,” including administrative sanctions and liability under the federal False Claims Act and the federal Anti-Kickback Statute.

To mitigate risk created by improper financial incentives, OIG recommends that MAOs consider the following compliance measures (among others) for their marketing programs:
- Develop and monitor systems and policies for initiating arrangements for marketing and enrollment functions, including policies that identify the individuals with authority to initiate an arrangement and that specify the legitimate business need or rationale required to initiate an arrangement;
- Develop systems for documenting all fair market value (FMV) determinations for any arrangement for marketing or enrollment services, including the FMV amount or range and corresponding time periods, the dates of completion of the fair market valuations, the individuals or entities that determined the FMV amount or range, and the names and positions of the individuals who received or were otherwise involved with the FMV determinations;
- Review and monitor payment data and associated work (service and activity logs) performed under any such arrangements to ensure that parties are performing the services required; and
- Provide compliance-focused training to agents and brokers, as well as to MAO employees who oversee marketing expenditures to third parties.
OIG further advises that MAOs take the following actions (among others) to prevent deceptive marketing practices:
- Establish a consistent process to review and approve marketing and communications materials, including using the latest model marketing materials published by CMS;
- Ensure that all marketing messaging clearly states when certain benefits may not be available to all enrollees;
- Monitor marketing and enrollment activities by third parties acting on behalf of the MAO, including via periodic attestations and audits; and
- Monitor agent and broker activities to identify potentially problematic outliers, such as rapid disenrollments or enrollments or a high volume of complaints, and appropriately respond to any identified outliers or trends.

Risk Adjustment. The Medicare Advantage ICPG emphasizes that federal investigations have identified fraudulent and abusive conduct by MAOs in the risk adjustment process, including relying solely on chart reviews to identify diagnoses that increase risk scores, conducting in-home Health Risk Assessments (HRAs) to generate additional diagnoses, and failing to remove unsupported diagnosis codes previously submitted to CMS when chart reviews provide information that the codes were unsupported.

In addition to existing CMS requirements with respect to risk adjustment, OIG recommends that MAOs implement additional oversight of the risk adjustment process, including audits of diagnosis data and scrutiny of particularly “high-risk” diagnosis codes (which OIG declines to identify, despite years of audits and investigations that would enable it to do so), both before and after submission to CMS. These additional measures include (but are not limited to):
- Pairing processes designed to ensure complete diagnosis data via reporting of additional diagnoses (e.g., through chart reviews or HRAs) with processes to ensure data accuracy and appropriate care;
- Educating providers, including employed and contracted providers, on proper coding;
- Analyzing provider reporting of diagnoses using data filtering logic and algorithms (including, potentially, AI platforms) to identify outliers and anomalies, such as providers coding at higher rates;
- Benchmarking risk scores and HCC prevalence rates and analyzing changes over time;
- Analyzing providers’ coding intensity, focusing particularly on changes or outliers with respect to specific codes or other trends; and
- Developing systems to monitor FDR compliance regarding risk adjustment data development and submission.

Quality of Care. OIG reiterates that MA Parties are responsible for prioritizing quality-of-care oversight. Noting that CMS regulations outline certain minimum quality of care requirements, OIG further recommends that MAOs ensure their compliance programs include procedures to regularly review the integrity of quality data that is submitted to CMS. OIG notes that the results of CMS quality assessments, and in particular, Star Ratings, play an important role in allowing beneficiaries to make educated decisions about MAOs and emphasizes that “[e]nsuring the integrity of the data” used for Star Ratings “is a key component for MA Parties’ quality-of-care compliance oversight.”
Oversight of Third Parties. The Medicare Advantage ICPG recognizes that MAO relationships with third parties present a “unique set of compliance challenges” both to the MAOs themselves and the entities they work with. Importantly, OIG notes that Medicare Advantage fraud and abuse risks are not limited to MAO interactions with FDRs because “liability under fraud and abuse laws does not turn on any entity’s status as an FDR,” and third parties themselves may be subject to liability for their own conduct.

OIG recommends that MAOs conduct greater diligence on third parties before delegating any Medicare program functions, including through an “initial risk evaluation to determine the level of compliance or fraud and abuse risk presented by working with a particular third party.” MAOs may also consider incorporating compliance-related rights and obligations in agreements with contractors and requiring audits to assist with ongoing compliance monitoring.

OIG also suggests that MAOs considered “tailored compliance processes” where FDRs are healthcare providers, including establishing a separate compliance or oversight team dedicated to monitoring and overseeing the provider.

Compliance Programs Within Vertically Integrated Organizations and Other Ownership Structures. Consistent with FTC and other industry efforts to evaluate vertical integration considerations, the Medicare Advantage ICPG flags compliance challenges associated with complex partnerships and ownership arrangements. To mitigate risk, the guidance recommends robust training and communication with leadership and staff, particularly where there are owners or investors (including private equity funds) that lack experience in healthcare and may be unfamiliar with fraud, waste, and abuse risks.

* * *

MA Parties and stakeholders should stay abreast of any updates or revisions to the Medicare Advantage ICPG and continue to monitor enforcement activity and statements by OIG and the DOJ to identify key areas of risk and tailor their compliance efforts accordingly. OIG encourages stakeholders to submit feedback pertaining to the Medicare Advantage ICPG to Compliance@oig.hhs.gov.

Attorney Advertising—Sidley Austin LLP is a global law firm. Our addresses and contact information can be found at www.sidley.com/en/locations/offices.

Sidley provides this information as a service to clients and other friends for educational purposes only. It should not be construed or relied on as legal advice or to create a lawyer-client relationship. Readers should not act upon this information without seeking advice from professional advisers. Sidley and Sidley Austin refer to Sidley Austin LLP and affiliated partnerships as explained at www.sidley.com/disclaimer.

© Sidley Austin LLP