The U.S. Department of Health and Human Services Office of Inspector General (OIG) updated its compliance guidance for the Medicare Advantage program in a February 2026 Industry Segment-Specific Compliance Program Guidance (ICPG). As outlined in the OIG’s General Compliance Program Guidance (GCPG) issued in November 2023, ICPG are intended to build on the comprehensive compliance framework established in the GCPG by identifying compliance topics for specific industry participants. While the most recent ICPG is directed to Medicare Advantage organizations (MAOs), it repeatedly highlights the compliance role, and potential compliance risks, for healthcare providers participating in Medicare Advantage arrangements.

For physician practices, this non-binding guidance is notable for calling out potential enforcement activities directly against physicians related to their participation with Medicare Advantage plans.

Risk Adjustment Continues to Drive Enforcement Against MA Providers

Provider documentation plays an important role in the calculation of the risk score of MA enrollees. This risk score is derived, in large part, from diagnoses the MAOs submit to CMS, and those diagnoses are in turn derived from provider documentation. CMS pays a higher per member per month (PMPM) rate to the MAOs to manage the care for MA enrollees with higher risk scores.

The compliance guidance emphasizes that risk adjustment, and the diagnosis assignment practices underlying risk adjustment, remain a top OIG enforcement concern. The OIG devotes a substantial portion of its new guidance to provider diagnosis assignment practices. Areas of specific concern include activities by physician practices that increase an MA enrollee’s risk score by adding unsupported diagnoses or diagnoses not considered in the care, treatment, or management of the enrollee.

OIG specifically highlights its concern with electronic medical record prompts and other software tools that may promote the addition of diagnosis codes. As the physician’s documentation of diagnosis codes directly impacts payments to the MA, the physician is at risk of investigation and potential penalties for engaging in a practice of artificially adding or augmenting diagnosis codes to the patient record because of its direct impact on the payment amounts to the MAs.

OIG's Discussion of AI Deserves Particular Attention

One of the most noteworthy aspects of the guidance is OIG's discussion of artificial intelligence and algorithm-based tools. OIG specifically references AI-generated prompts and algorithms used in both risk adjustment and utilization management activities.

Although OIG does not prohibit the use of AI, it cautions against its use, pointing out the potential compliance risks, including use of AI to generate prompts to query physicians to add risk-adjusting diagnoses that patients did not have or that did not affect the care, treatment, or management of the patient. Organizations implementing AI-enabled workflows should consider whether their governance structures have kept pace with the technology.

Physician practices increasingly adopting ambient documentation tools, coding assistance software, diagnosis assistance tools, and predictive analytics platforms, should consider how diagnosis codes are generated, the validation processes behind the assignment, the level of physician review, and monitoring of any vendors involved in the process.

Expect Increased Oversight From Medicare Advantage Plans

The OIG places significant emphasis on oversight of First Tier, Downstream, and Related Entities (FDRs) third parties, including physician organizations participating in MA programs. In addition to signaling the OIG’s intent to directly enforce the actions of physician organizations, the guidance reminds MAOs that if a third party fails to comply with program requirements, CMS can hold the MAO responsible. The OIG encourages MAOs to strengthen their oversight of delegated entities (such as physician practices) through audits and monitoring, compliance attestations, reporting requirements, corrective action plans, training obligations, and contractual compliance provisions.

What Physician Practices Should Consider Now

The guidance provides a useful opportunity for physician practices to assess whether existing compliance infrastructure is aligned with evolving MA expectations.

Leadership teams may wish to:

• Review risk adjustment audit programs.
   
• Evaluate governance of AI-assisted coding and diagnosis assignment tools.
   
• Review existing MA contracts to understand audit rights, reporting obligations, repayment provisions, and compliance certification requirements before those provisions become a focus of plan oversight efforts.
   
• Review incentive compensation structures tied to coding, diagnosis assignment or risk adjustment.
   
• Update compliance training to address MA-specific risks.

Final Takeaway for Physician Practices

Although OIG's new guidance is directed primarily at MA organizations, physician groups play a central role in how MA plans are paid and can face direct enforcement actions. For practices participating in risk-sharing arrangements, diagnosis capture initiatives, delegated functions, or value-based care models, the guidance offers a useful indication of where regulators are likely to focus future audits, investigations, and enforcement activity. Organizations that proactively evaluate these risk areas will be better positioned as MA oversight continues to intensify.

For more information, please contact us or your regular Parker Poe contact. Click here to subscribe to our latest alerts and insights.