OIG’s Latest Guidance Targets Medicare Advantage Fraud

On February 2, 2026, the Department of Health and Human Services (HHS) Office of Inspector General (OIG) issued its long-anticipated Industry Segment-Specific Compliance Program Guidance (ICPG) for the Medicare Advantage (MA) program — OIG’s first MA-specific guidance since 1999. This first major guidance document issued by new HHS Inspector General (IG) Thomas March Bell reflects the government’s ongoing focus on MA compliance and fraud enforcement. Although the ICPG does not establish new policies or binding requirements, it provides an important resource to guide risk-management and compliance efforts for Medicare Advantage Organizations (MAOs); First Tier, Downstream, and Related Entities (FDRs); and any entities and individuals “participating in or engaged with” the MA program (which OIG collectively refers to as MA Parties).

Part of a Broader Compliance Framework

Consistent with OIG’s current approach to compliance guidance, the MA ICPG complements OIG’s November 2023 General Compliance Program Guidance, which provides extensive, accessible guidance applicable to all involved in the healthcare industry. MA is the second industry area to receive this focused treatment, following OIG’s release of guidance specific to nursing facilities in November 2024. Many observers expected this MA ICPG to be issued about a year ago. OIG’s issuance of the MA ICPG is welcome news because it provides substantive guidance and because it signals OIG’s continued commitment to such user-friendly guidance under the new IG.

As OIG notes, unlike most healthcare entities, MAOs are required to operate compliance programs under regulations issued by the Centers for Medicare & Medicaid Services (CMS). While the CMS regulations set a compliance program floor for MAOs, the OIG MA ICPG provides much more guidance on risks and best practices and is relevant for a broader range of MA Parties.

The ICPG’s Guidance for MA Parties

The ICPG compiles in a readily accessible format OIG’s views on risk areas and compliance best practices based on years of audits, investigations, and enforcement activity. The guidance thus functions as a road map of where the government is looking — and what it expects MA Parties to be thinking about. In an MA-focused enforcement environment, MA Parties that fail to consider OIG’s guidance and take action based on it materially increase their risk of being the target of False Claims Act (FCA) or other enforcement actions. The ICPG identifies the following risk areas:

• Access to Care. CMS regulations require MAOs to ensure that enrollees can access all covered services and any applicable supplemental services. The ICPG provides strategies for ensuring that MAO compliance programs address provider network adequacy, accuracy of provider directories, and appropriate utilization management. OIG explicitly recommends that MA Parties “go beyond” CMS requirements to oversee prior authorization and other utilization management practices.
• Marketing and Enrollment. Compliance programs should carefully oversee marketing and enrollment tasks delegated, and compensation paid, to agents, brokers, field marketing organizations, and other third-party marketing organizations to curb abusive practices (including those highlighted by OIG in a 2024 Special Fraud Alert) and to avoid FCA, Anti-Kickback Statute, and administrative enforcement.
• Risk Adjustment. OIG identifies many of the types of practices the government has alleged lead to risk adjustment fraud, the primary issue in most of the government’s FCA enforcement efforts against MAOs. The ICPG lists many oversight steps that MAOs may consider beyond what is required by the CMS regulations.
• Quality of Care. Consistent with OIG’s overall concerns about the quality of care provided to federal healthcare program patients, OIG discusses the importance of the integrity of information provided to CMS for Star Ratings and suggests compliance measures to further support high-quality care for MA patients.
• Oversight of Third Parties. OIG advises MAOs to consider the following factors when developing a compliance strategy in connection with third parties (including FDRs and other MA Parties): (1) the type of tasks an MAO has delegated to a third party, (2) compliance risks associated with those tasks, (3) the third party’s sophistication and preexisting compliance infrastructure, and (4) current government enforcement and oversight trends. OIG advises MAOs to consider these factors in: (a) selecting third parties, (b) crafting compliance-focused arrangements, and (c) conducting ongoing oversight and taking corrective action. Finally, OIG identifies special considerations for providers.
• Compliance Programs Within Vertically Integrated Organizations and Other Ownership Structures. As the MA program has grown, so have the complex partnership arrangements between MA Parties. Integrated entities and complex business models, such as MAO ownership by private equity funds or other investors, present compliance challenges. Therefore, OIG recommends that MAOs ensure robust training and communication with leadership and staff to help mitigate these compliance risks.
• Submission of Accurate Claims. OIG emphasizes the FCA applies to a broad range of MA-related conduct.

Medicare Advantage Is an Enforcement Priority

The guidance fits squarely within the current enforcement environment. Over the past several years, the federal government has repeatedly identified MA as a priority area, citing concerns about risk adjustment, marketing practices, utilization management, and third-party oversight. For example, in July 2025 DOJ announced the DOJ-HHS False Claims Act Working Group, which expressly identified MA fraud as one of its priority areas. The DOJ Civil Division’s recent report on record-high FCA recoveries ($6.8 billion in fiscal year 2025) demonstrates the government’s ongoing, sustained prioritization of MA and other managed-care enforcement within an FCA portfolio driven largely by healthcare fraud cases.

Taken together, these developments reflect not only a spike in ongoing enforcement but a sustained and coordinated effort across agencies to scrutinize MA conduct — and bring FCA cases against MA Parties.

What This Means for Compliance Programs

While the OIG guidance is voluntary, it provides a consolidated and practical resource to help organizations assess the strength and focus of their compliance programs in light of the government’s requirements and expectations. In an environment of heavy government (and whistleblower) scrutiny on MA, the ICPG offers insight into the controls, oversight, and risk areas enforcers will likely examine when issues arise.

For MA Parties, the guidance should be viewed as an opportunity to benchmark existing compliance efforts, identify potential gaps, and recalibrate risk assessments and compliance efforts in light of clear and repeated government signals.

Takeaway

When viewed alongside OIG’s broader compliance framework, DOJ’s recent FCA enforcement results, and stated ongoing priorities, the message is clear and consistent: MA remains a top enforcement priority, and MA Parties need to review and apply to their organizations the government’s guidance on compliance.

Goodwin’s Government Investigations, Enforcement & White Collar Defense and Healthcare teams will continue to monitor these developments and advise clients on how best to incorporate them into effective, risk-based compliance strategies.

This informational piece, which may be considered advertising under the ethical rules of certain jurisdictions, is provided on the understanding that it does not constitute the rendering of legal advice or other professional advice by Goodwin or its lawyers. Prior results do not guarantee similar outcomes.