March 31, 2026

OIG Releases New Compliance Program Guidance for Medicare Advantage Organizations

LinkedIn Facebook X Send Embed

For the first time in more than two decades, the U.S. Department of Health and Human Services, Office of Inspector General (OIG) released new Industry Segment-Specific Voluntary Compliance Program Guidance (ICPG) for Medicare Advantage Organizations (MAOs). This new Medicare Advantage ICPG broadens the scope of the guidance’s application and serves as a key resource for the Medicare Advantage (MA) industry directly and for related entities. This guidance represents CMS’s acknowledgment of the ever-growing Medicare Advantage program and OIG’s possible enforcement priorities. The ICPG details risks for Medicare Advantage providers and provides practical considerations for mitigation. This voluntary, nonbinding guidance is intended to complement CMS regulations to “further focus and enhance compliance.”

The ICPG identifies seven key risk areas for Medicare Advantage Organizations:

1. Access to Care (Network Adequacy and Prior Authorization) MAOs should ensure that enrollees can access all covered services and applicable supplemental services through 1) provider networks adequacy and directory accuracy; and 2) proper use of utilization management tools like prior authorization.

Provider Network Adequacy:

The ICPG states that “MAOs must maintain and monitor provider networks that are sufficient to provide their enrollees with adequate access to covered services to meet their needs.” As part of this duty, MAOs should proactively make sure provider networks meet enrollees’ needs. MAOs should make timely updates to provider directories to avoid inadvertently submitting false information to CMS. By taking such proactive measures, providers may avoid misleading possible enrollees into enrolling into an MA plan without sufficient provider access based on “false, outdated, or incomplete” provider information.

Utilization Management Tools:

MAO should evaluate where utilization management tools, like prior authorization, could inappropriately limit access to medically necessary services. MAOs must “make medical necessity determinations based on the individual patient’s circumstances.” If an algorithm is used to support medical necessity determinations, MAOs should not determine “coverage based on a larger data set instead of the individual patient’s medical history, the physician’s recommendations, or clinical notes.” Recommended compliance steps include reviewing trends in claim and prior authorization denials (including denials overturned on appeal), pulling sample claims for individualized medical necessity reviews, and reviewing algorithm-based tools to ensure “decisions on claims and prior authorization focus on patients’ individualized circumstances.”

1. Marketing and Enrollment

Medicare Advantage Organizations must ensure their marketing and enrollment activity 1) does not create improper financial incentives; and 2) avoids deceptive marketing practices.

Improper Financial Incentives:

Marketing and enrollment practices should avoid efforts “that may not be in the best interests of enrollees and potential enrollees.”

Enrollment and marketing programs should avoid agent and broker payments for steering patients, meeting enrollment volume targets, not offering plans that competitors offer, or that are tied to enrollee health. Payments for MA marketing and enrollment “should not create incentives for agents and brokers to enroll individuals in MA plans that may not best meet the individuals’ health care needs.”  Improper financial incentives also risk administrative sanctions, False Claims Act civil liability, or Federal Anti-Kickback liability.

Deceptive Marketing Practices:

MAO compliance programs should oversee third parties conducting marketing on behalf of it. Under CMS regulations, MAOs may not “mislead, confuse, or provide materially inaccurate information to current or potential enrollees.” To mitigate this risk, MAOs should establish a process to review and approve marketing materials, ensure they are clear certain benefits may not be available to all enrollees, periodically audit and require attestations from third party marketers, track and investigate complaints against agents or brokers, and monitor problematic outlier enrollment trends (especially outside the annual enrollment period).

1. Risk Adjustment
   MAOs may be paid on a capitated per member per month rate, which are in part based on the person’s health risk score. Since higher risk scores result in higher payment rates to MAOs, OIG has raised concerns about risk-assessment scores generated by in-home assessments and chart reviews. MAOs should make sure diagnoses are supported by medical records, as this area is a frequent target for audits and enforcement by OIG.

2. Quality of Care
   A portion of MAO reimbursement may be tied to quality of care based on a 5-star quality rating system. OIG suggests that MAOs monitor their contracted providers to make sure that no providers have been excluded by the CMS Preclusion List and requiring providers to be enrolled in Medicare to maintain Star Rating data integrity.

3. Oversight of Third Parties
   Relationships between MAOs and supporting entities are essential to keeping MA programs running efficiently. However, OIG stated that “CMS regulations emphasize that MAOs maintain the ultimate responsibility for fulfilling the obligations of their contracts with CMS.” OIG provided guidance on the relationships between MAOs and First Tier, Downstream, or Related Entities (FDRs). MAOs can only outsource certain compliance functions to FDRs and may be required to audit and monitor the FDRs. Before delegating anything to an FDR, OIG recommends that MAOs conduct a thorough review of risk evaluation to determine the possible “level of compliance or fraud and abuse risk presented by working with a particular third party.” Additionally, MAOs’ contacts with FDRs should be drafted to explicitly secure compliance-related rights and obligations.

4. Compliance Programs with Vertically Integrated Organizations and Other Ownership Structures

Vertical integration of entities in the MA industry presents distinct compliance challenges. OIG emphasizes that compliance officers should have sufficient experience, empowerment at their subsidiary MAO, and access to organization-wide leadership. OIG particularly flagged that investors who are less familiar with Medicare Advantage programs may not be familiar with the pitfalls inherent in Medicare Advantage program compliance. It suggested that investors new to the health care industry and MA industry consult the General Compliance Program Guidance and ensure robust training and communications.

1. Submission of Accurate Claims MAOs must certify that the data they submit is accurate to receive payment or else face liability under the False Claims Act or other statutes. OIG recommends robust internal controls, regular audits, and prompt corrective action to promote organization-wide data accuracy at MAOs.

The ICPG is an opportunity for MAOs and MA-participating organizations to enhance their current compliance frameworks. It represents OIGs enforcement priorities and offers practical guidance for managing risk.

Send Print Report

Latest Posts

• New DEI-Focused Executive Order Implements Expansive Audit Authority and Imposes DEI Certification Obligations on All Federal Contractors, Subcontractors
• OIG Releases New Compliance Program Guidance for Medicare Advantage Organizations
• KLUTCH vs. KLUTCH - A Cleveland Trademark Battle
• The Supreme Court Update - March 25, 2026
• The Supreme Court Update - March 23, 2026 See more »

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
Attorney Advertising.

©
Dorsey & Whitney LLP
2026

Written by:

Dorsey & Whitney LLP Contact + Follow Jamie Buskirk McCarty + Follow Sumner Pitt + Follow

PUBLISH YOUR CONTENT ON JD SUPRA

• ✔ Increased readership
• ✔ Actionable analytics
• ✔ Ongoing writing guidance Join more than 70,000 authors publishing their insights on JD Supra

Start Publishing »

Published In:

Anti-Kickback Statute + Follow Centers for Medicare & Medicaid Services (CMS) + Follow Department of Health and Human Services (HHS) + Follow False Claims Act (FCA) + Follow Health Insurance + Follow Medicare Advantage + Follow New Guidance + Follow OIG + Follow Regulatory Oversight + Follow Risk Management + Follow Government Contracting + Follow Health + Follow Insurance + Follow more

Dorsey & Whitney LLP on:

Solve with 2Captcha

Solve with 2Captcha