On February 3, 2026, the Department of Health and Human Services Office of Inspector General published the Medicare Advantage Industry Segment-Specific Compliance Program Guidance — the second ICPG in the OIG's modernization effort following the Nursing Facility ICPG (November 2024). For hospitals running Medicare Advantage contracts alongside physician arrangements, this changes what defensible compliance documentation looks like.
The headline most compliance teams have missed: the MA ICPG creates new audit expectations for the intersection of MA risk-adjustment, encounter data integrity, and the physician arrangements that drive both. Hospitals that have been tracking physician arrangements in spreadsheets — and there are many — now face an additional review surface that didn't exist in the 2005 Hospital Supplemental Compliance Program Guidance.
This post covers three things: what the MA ICPG actually says about physician arrangements, where its expectations diverge from the 2024 General Compliance Program Guidance, and what hospital compliance officers should audit in the next 90 days.
What's actually in the MA ICPG
The Medicare Advantage ICPG is structured in four sections: a user's guide, compliance risk areas and recommendations for mitigation, compliance program structure and activities, and a conclusion. Together with the November 2023 GCPG, it functions as the OIG's centralized source of voluntary compliance program guidance for MA entities.
For hospitals — most of which are not MA plans themselves but provide services to MA enrollees through MA contracts — the document still matters. Hospitals are MA "downstream entities" under most MA contract structures, and the MA ICPG's expectations flow downstream through contract terms.
The MA ICPG's risk area discussion specifically addresses:
- Risk adjustment data integrity
- Encounter data accuracy
- Provider network adequacy and credentialing
- Marketing and beneficiary protection
- Conflicts of interest in clinical decisions
- Quality and performance bonus payments
Of these, the risk adjustment data integrity and conflicts of interest in clinical decisions sections directly implicate physician arrangements at hospitals.
Where physician arrangements meet MA scrutiny
Three patterns the MA ICPG sharpens for hospitals running MA contracts:
1. Diagnosis capture incentives in physician compensation. The MA ICPG addresses physician compensation arrangements that could incentivize over-coding or risk-adjustment manipulation. If a hospital's medical-directorship arrangements with MA-participating physicians include any compensation tied to diagnosis capture, encounter coding completeness, or HCC-level coding — even indirectly through productivity metrics — the arrangement now sits at the intersection of Stark Law exception requirements and MA ICPG risk-adjustment scrutiny.
The Stark Law analysis hasn't changed. The MA ICPG analysis is new.
2. Quality-incentive arrangements that compound MA bonus exposure. Many hospital-physician arrangements include quality-incentive components tied to HEDIS measures, Star Ratings inputs, or value-based-care metrics. These structures have always required Stark Law exception fit (typically Personal Service Arrangements at 42 CFR §411.357(d)) and AKS safe harbor coverage (typically Personal Services and Management Contracts at 42 CFR §1001.952(d)). The MA ICPG adds a third lens: whether the quality incentives could be structured in ways that compromise clinical independence in MA-enrolled patient care.
A compliant Stark exception doesn't automatically clear the MA ICPG independence concern. They're parallel standards.
3. Credentialing and exclusion screening at the MA contract boundary. The MA ICPG's network adequacy and credentialing section reinforces what hospitals already do for OIG LEIE screening — but adds explicit expectations for ongoing monitoring and documentation that some hospitals haven't tightened up to.
How this diverges from the 2024 GCPG
The November 2023 General Compliance Program Guidance set the seven foundational elements of an effective compliance program. The MA ICPG doesn't replace those elements — it tells MA entities and their downstream contractors how to operationalize them for MA-specific risk areas.
Three practical differences:
| Dimension | 2024 GCPG | 2026 MA ICPG |
|---|---|---|
| Audience | All healthcare entities | MA entities + downstream contractors |
| Risk focus | Foundational compliance program structure | MA-specific risk areas (risk-adjustment, encounter data, network adequacy) |
| Documentation expectations | General (compliance program documentation) | Specific (MA-specific risk assessments, ongoing monitoring records) |
For hospitals running MA contracts, both apply. The GCPG sets the floor; the MA ICPG sets the MA-specific ceiling.
What hospital compliance officers should audit in the next 90 days
Six concrete questions:
1. Do any of your physician arrangements with MA-participating physicians include compensation tied to diagnosis capture or HCC coding completeness? If yes, document the FMV opinion specifically addresses non-volume/value-of-referrals structure for the MA-relevant component.
2. Do your quality-incentive arrangements distinguish between MA-enrolled patient outcomes and broader patient outcomes? If they don't, the MA ICPG's independence concern can be addressed through structure (per-capita measures across all patients) rather than carve-outs.
3. Is your OIG LEIE screening cadence documented in a way the MA contractor can audit? Monthly batch screening is the standard expectation; the MA ICPG reinforces that documentation of when the screening ran is as important as that it ran.
4. Do your medical directorship arrangements with MA-network physicians have FMV opinions current within 12 months? The MA ICPG doesn't impose a 12-month standard, but recent enforcement matters (including settlements analyzed in our enforcement library) increasingly cite FMV opinion staleness as a factor in compromise.
5. Has your compliance committee reviewed the MA ICPG since its February 2026 publication? This is the simplest audit question. Most committees haven't, because the document is new and hospitals aren't its primary audience. But MA contractor audits will increasingly reference it.
6. Does your General Counsel's review of MA-contract physician arrangements include MA ICPG framing in the periodic exception re-validation cycle? Stark Law exception fit and AKS safe harbor coverage are typically handled by qualified healthcare counsel; the MA ICPG layer adds independence and risk-adjustment considerations that GCs and CFOs should explicitly bring into their periodic re-validation memos. If MA ICPG framing isn't surfacing in counsel's review, it's worth a structured conversation.
A note on the forthcoming hospital ICPG
OIG has indicated that hospital and clinical laboratory ICPGs are in the publication pipeline ("ICPG coming soon" per the OIG compliance guidance page). When the hospital ICPG publishes, it will likely supersede portions of the 2005 Supplemental Compliance Program Guidance for Hospitals and provide hospital-specific risk area guidance comparable to what the MA ICPG provides for MA entities.
Until then, the active framework for hospital physician arrangement compliance is the 2024 GCPG plus the 2005 Hospital Supplemental Guidance — and now, for MA-relevant arrangements, the 2026 MA ICPG as well.
Why this matters operationally
The compliance officers we work with most often describe the same problem: they know what the standards require, but they don't have a system for proving compliance when an investigator asks. Spreadsheet-based arrangement tracking can capture the data; it can't produce timestamped, tamper- evident evidence packets when a subpoena arrives — and increasingly, when an MA contractor audit arrives.
ArrowISE is purpose-built compliance infrastructure for physician arrangements: real-time FMV expiration alerts, automated safe harbor and Stark exception element validation, OIG LEIE screening with cryptographically verifiable audit trails, and tamper-evident evidence exports that satisfy both qualified defense counsel preparation and MA contractor audit response.
The MA ICPG didn't change what hospitals need to track. It made the documentation expectations harder to meet without infrastructure.