OIG Publishes Medicare Advantage Industry-Specific Guidance
06/17/26
The Department of Health and Human Services Office of Inspector General (“OIG”) is supplementing its general compliance program guidance with Industry Segment-Specific Compliance Program Guidance (ICPG) as a resource to help identify risk areas in particular industry segments. This year OIG issued its Medicare Advantage ICPG to help Medicare Advantage Organizations (“MAOs”) prevent and monitor fraud, waste, and abuse risks (https://oig.hhs.gov/compliance/ma-icpg/). The OIG’s guidance focuses on risk mitigation for network adequacy and provider directory accuracy, utilization management tools (including prior authorization), improper financial incentives, deceptive marketing practices, risk adjustment, quality of care, oversight of third parties, and compliance programs within vertical organizations and other ownership structures.
The OIG’s guidance discusses the “seven elements of an effective compliance program” through the lens of a Medicare Advantage program, including:
- Written Policies and Procedures. MAOs should implement policies that guide their program through specific issues, for example, a reimbursement policy to ensure that the data the MAO submits to CMS for reimbursement is accurate, complete and truthful.
- Compliance Leadership and Oversight. MAOs should appoint a compliance officer who has the requisite knowledge and experience to oversee the compliance program, and who has direct access to the board of directors of the entity.
- Training and Education. Among other things, MAOs should implement general compliance training for all employees as well as specialized training for certain groups, for example, marketing employees on the risks associated with marketing, enrollment and the Federal Anti-Kickback Statute.
- Effective Lines of Communication with the Compliance Officer and Disclosure Programs. Effective lines of communication should be implemented both internally to identify noncompliance as well as externally to maintain compliant partnerships with other entities.
- Enforcing Standards; Consequences and Incentives. MAOs should implement routine monitoring and review of compliance through internal and external audits to evaluate compliance with applicable laws. Audits may be tailored to the various compliance risk areas and should focus on areas of risk that are particularly prevalent within the Medicare Advantage Program.
- Risk Assessment, Auditing, and Monitoring. Best practices include routine review of key performance metrics, work plans detailing oversight activities, and reports being shared within the compliance department and with relevant organizations.
- Responding to Detected Offenses and Developing Corrective Action Initiatives. MAOs must have clear policies and procedures regarding non-compliance. For example, an effective program would have the compliance officer perform internal investigations, complete applicable reporting, develop a corrective action plan, and ensure implementation of such plan by tracking and measuring effectiveness.
The guidance does not provide an exhaustive list of elements that will ensure an effective program; however, an entity that incorporates the seven elements is able to create a strong foundation for compliance. The OIG encourages Medicare Advantage providers not only adhere to CMS regulations, but to implement more stringent safeguards to oversee internal practices. For example, as it relates to utilization management tools, the OIG recommends reviewing trends in claims denials and prior authorization denials to ensure that denials do not inappropriately restrict coverage. In addition, the guidance specifically suggests that providers review the use of any artificial intelligence or other algorithm-based tools to ensure that decisions on claims and prior authorization decisions focus on patients’ individualized circumstances, such as their medical history, physician recommendations, and medical records, rather than just large-scale data sets.
MAOs and other health care organizations should be warned that failure to maintain compliance may expose Medicare Advantage participants to enforcement under federal fraud and abuse laws, including the False Claims Act, the Federal Anti-Kickback Statute, and the Civil Monetary Penalties Law. This warning is all the more important given the Department of Justice’s recent formation of the National Fraud Enforcement Division (“NFED”), and its specific focus on healthcare fraud.
To avoid the risk of investigation and enforcement actions by NFED, providers should ensure their management teams are aware of NFED’s formation, its underlying goals and understand that its formation is expected to increase investigative activity for healthcare providers and entities. Once briefed, management and compliance teams should review their existing risk assessments to determine if there are any areas that pose a particular risk. For example, providers who participate in Medicare Advantage plans should review the OIG’s new compliance guidance, work to implement its recommendations, and train employees in key compliance areas to ensure that the policies in place are being implemented in practice. Similarly, all providers should stay current on new guidance, including, when applicable to their practice, the OIG Medicare Advantage guidance, and understand how that guidance is being enforced and monitored by NFED’s oversight and investigation.
The OIG has identified additional ICPGs to be issued for the following segments (but has not announced a time frame) including: hospitals, clinical laboratories, pharmaceutical manufacturers, and hospices.
Bodman PLC can provide guidance on this matter and others and can provide practical advice to meet your needs. To discuss these or any other legal issues affecting your organization, please contact Brandon Dalziel at (313) 393-7507 or bdalziel@bodmanlaw.com, Annalise Lekas Surnow at (313) 392-1059 or alekas@bodmanlaw.com or Grace Connolly (313) 393-7563 or gconnolly@bodmanlaw.com. Bodman cannot respond to your questions or receive information from you without first clearing potential conflicts with other clients. Thank you for your patience and understanding.