OIG's first major MA Compliance Program Guidance since 1999.

HHS-OIG published the Industry-Specific Compliance Program Guidance for Medicare Advantage in February 2026. ICPG is the formal vehicle the federal government uses to communicate compliance expectations to a specific industry. The last MA-specific guidance was issued in 1999. Twenty-six years later, the federal government rewrote the document and dropped it without much fanfare.

The ICPG calls out by name three operational practices common in MA-aligned medical groups:

• Misusing chart reviews to mine for diagnoses. OIG describes the practice of retrospectively reviewing charts to surface diagnoses not previously coded, where the diagnosis is added solely to lift risk scores without changing care delivery.
• Deploying in-home HRAs primarily to capture codes. OIG specifically targets HRAs whose primary purpose is diagnosis capture rather than care management. The test cited: were the captured conditions actually considered in the care, treatment, or management of the enrollee.
• Downstream provider arrangements that pay for diagnosis capture. OIG names contractual structures where physician compensation is tied to diagnosis volume or specificity, particularly where the contracts incentivize capture independent of clinical care delivery.

Why the ICPG matters more than any single audit

Single OIG audits target specific contracts or plans. The ICPG sets the enforcement framework that audits and DOJ FCA cases will reference for the next decade. Whistleblower lawyers will quote it in qui tam complaints. Defense counsel will cite it in compliance program design. CMS will reference it in delegation oversight. Plans will revise downstream arrangements with physician groups using it.

For the first time, OIG put the operational playbooks of MA-aligned medical groups in writing as compliance risk. That is a different threshold than enforcement actions on specific contracts. It is a baseline expectation.

The audits dropped alongside the ICPG

OIG released two specific contract audits in early 2026 that demonstrate the methodology behind the ICPG.

Gateway Health Plan H5932: OIG sampled 286 enrollee-years. 232 had at least one unsupported diagnosis code. That is an 81 percent unsupported rate. Net overpayment on the sample: $830,000. Before extrapolation. After extrapolation to the full enrollee population, the recovery becomes seven-figure or eight-figure depending on contract size.

Priority Health H2320: similar methodology, results not yet fully publicized but Morgan Lewis analysis suggests a comparable unsupported rate.

Both audits used the methodology OIG operationalized in 2024 and refined through 2025: sample roughly 100-300 enrollee-years from the contract, validate each captured diagnosis against the underlying clinical record, extrapolate the error rate to the full population, demand refund of the implied overpayment.

What changes in your compliance program

If your group has an HCC capture program built around in-home visits, retrospective chart reviews, or coder-driven addendum workflows, the ICPG is the document your compliance committee needs to map every workflow against.

The mapping question is straightforward: for each capture workflow, can you document the clinical decision-making, not just the code. If the answer is no for any single workflow, that workflow is now an ICPG-flagged compliance risk. Not theoretical. Documented as risk in the federal compliance framework.

What to watch next

OIG is expected to release additional individual contract audits through 2026, all using the methodology the ICPG operationalizes. Plans will revise delegation agreements with physician groups to push the ICPG compliance burden downstream. Expect new contractual language in Q3 and Q4 2026 around downstream provider attestation and audit cooperation.