OIG Work Plan 2026: Compliance Priorities Every Medical Coder Must Monitor

OIG Work Plan 2026: Compliance Priorities Every Medical Coder Must Monitor

The federal government has made clear that 2026 is not a year to relax on coding compliance. The Office of Inspector General released its first Medicare Advantage (MA)-specific compliance guidance since 1999 in February 2026, and its Q1 2026 Work Plan updates doubled down on diagnosis coding accuracy, upcoding in MA plans, and documentation integrity across evaluation and management services. Meanwhile, CMS has quietly expanded its own audit capacity by an order of magnitude. For medical coders and compliance officers, these signals demand immediate attention.

What the Q1 2026 OIG Work Plan Updates Actually Say

The OIG Work Plan is a rolling document that signals where federal investigators plan to focus scrutiny. The Q1 2026 additions, analyzed in a May 2026 report by Forvis Mazars, flag several areas directly affecting medical coders:

• Medicare Advantage diagnosis coding accuracy: OIG will examine whether MA organizations are submitting unsupported diagnoses -- particularly HCC-triggering codes -- to inflate risk scores and capitation payments.

• Evaluation and management upcoding: OIG is reviewing whether providers are consistently selecting higher-complexity E/M levels than documentation supports, a pattern that audit algorithms now detect at scale.

• Place-of-service errors: Facility versus non-facility coding discrepancies remain a top-returning target, generating significant overpayment risk.

• Telehealth billing post-PHE: OIG continues to audit whether telehealth claims filed after the public health emergency waiver period accurately reflect the services rendered and the appropriate modifiers.

• Documentation supporting HCC risk scores: As CMS-HCC Model V28 fully phases in during 2026, OIG is scrutinizing whether diagnosis codes submitted for risk adjustment are supported by the clinical record.

These are not hypothetical risk areas. OIG pursues recovery actions and exclusion referrals based on its work plan findings, and MA organizations flow that pressure directly to their contracted provider groups.

The Medicare Advantage Compliance Overhaul

The February 2026 OIG Industry Segment-Specific Compliance Program Guidance (ICPG) for Medicare Advantage is the most significant MA compliance document in a generation. It is the first guidance of this type since 1999 -- a span of 27 years during which MA has grown from a niche product to covering more than half of all Medicare beneficiaries.

What the ICPG Requires

The ICPG sets expectations that go well beyond a checklist. MA organizations and their downstream coding contractors must implement effective compliance programs that include regular audits of diagnosis submissions, robust training for coders on HCC documentation standards, and clear policies for correcting and resubmitting unsupported codes. OIG is particularly focused on whether organizations have mechanisms to detect and remediate systemic coding errors -- not just one-off mistakes.

CMS's Audit Surge: The Numbers

Alongside the ICPG, CMS has restructured its own audit infrastructure. CMS grew its team of dedicated medical coders from approximately 40 to nearly 2,000 in 2025, enabling a shift from auditing roughly 60 MA plans per year to covering all approximately 550 eligible MA plans annually. This is not incremental scaling -- it is a categorical change in enforcement reach. Any MA plan that previously assumed it was unlikely to be audited in a given year can no longer make that assumption.

Where Documentation Risk Concentrates for Coders

The OIG's priorities converge on a core problem: codes submitted without clinical documentation that clearly establishes diagnosis, severity, and treatment. Under CMS-HCC Model V28, many chronic condition codes now carry higher weight, making unsupported submissions both more tempting and more visible to auditors. The OIG has signaled it will use its own data analytics to identify outlier coding patterns at the plan and provider level -- meaning coders cannot rely on auditors reviewing charts at random.

Specific documentation red flags that OIG and CMS are tracking include: diagnoses that appear only on problem lists without supporting clinical notes; HCC conditions documented in prior years but not revalidated in the current encounter; and E/M level selections that do not align with the medical decision-making or time documented in the note.

How Agentic AI Changes the Compliance Calculus

The enforcement environment OIG is building assumes that plan-level and provider-level coding patterns are visible through data analytics. The same logic applies in reverse: providers and coding teams that use agentic AI to systematically surface documentation gaps before submission have a structural advantage in a audit-dense environment.

Agentic AI systems designed for medical coding do not simply suggest codes. They evaluate whether the clinical documentation in the encounter note is sufficient to support the code -- flagging an HCC diagnosis as potentially unsupportable if the note lacks a clinical assessment, treatment plan, or ordering physician attestation. When integrated into the coding workflow, this creates a real-time compliance checkpoint that catches the exact documentation deficiencies OIG is designed to find.

The compliance benefit compounds at scale. A coder reviewing 50 charts manually cannot apply consistent scrutiny to every HCC assertion on every chart. An agentic system can. Plans and provider groups using these tools are not just coding faster -- they are coding defensibly, with an audit trail that demonstrates due diligence if OIG or a Recovery Audit Contractor comes calling.

What Coding Teams Should Do Right Now

The Q1 2026 OIG Work Plan additions and the new MA ICPG are not distant threats. Recovery Audit Contractors and Unified Program Integrity Contractors are already operationalizing these priorities. Coding teams should review their internal policies on HCC documentation requirements, confirm that E/M level selection criteria are consistently applied, and audit a sample of recent telehealth claims for proper modifier usage and place-of-service coding. If your organization uses AI-assisted coding tools, verify that the tools flag documentation gaps -- not just suggest codes -- before submission.

Compliance in 2026 is not about avoiding the auditors. It is about coding accurately enough that an audit produces nothing to recover.

To learn how Medikode's automated medical coding platform helps organizations code defensibly and catch documentation gaps before submission, visit medikode.ai.