Healthcare compliance risks rise as CMS expands fraud enforcement

With recent developments highlighting the Trump administration’s emphasis on healthcare fraud prevention, providers should ensure their compliance processes are working optimally.

The administration has taken various steps in 2026, including this month.

On May 13, CMS announced it was withholding $1.3 billion in Medicaid funding from California. During media availability at the White House that day, Vice President J.D. Vance said New York and Hawaii also are undergoing scrutiny.

Earlier in the year, CMS deferred nearly $260 million in federal Medicaid payments to Minnesota over concerns about unsupported or potentially fraudulent claims in areas such as personal care services (e.g., assistance with activities of daily living) and home- and community-based services (HCBS).

Both California and Minnesota retorted that the growth of their home health programs should be seen as a success, allowing Medicaid beneficiaries to avoid high-cost venues such as skilled nursing facilities.

Nonetheless, “we can expect some of the Minnesota tools to be applied to other states,” said Jennifer Evans, a healthcare attorney at Polsinelli, specifically pointing to CMS’s push for off-cycle revalidation of Medicaid eligibility among selected providers.

Revalidation is “expensive, it’s time consuming, it’s likely to make some providers choose to exit the Medicaid program just because of the administrative hassle,” Evans said.

Congressional activity adds another layer of oversight

On Capitol Hill, the House Energy and Commerce Committee has launched or expanded Medicaid fraud investigations in at least 11 states, among them California, New York and Pennsylvania.

“That’s very unusual to see the congressional branch of government getting involved in the oversight of Medicaid programs,” Evans said. “Typically, their oversight is more connected to the folks at CMS who are managing Medicaid. So that’s another layer of complication that Medicaid providers have to be ready for.”

Legislatively, a House bill would strengthen Medicare program-integrity tools by obligating CMS to deactivate provider identifiers that are tied to Medicare-based fraud exclusions. The bill also would enhance tracking of telehealth billing and require additional provider identification data on certain Medicare Advantage claims.

The Senate has a 2026 proposed bill that would expand the role of state Medicaid Fraud Control Units to investigate beneficiary fraud, in addition to provider and supplier fraud.

CMS uses enrollment moratoria to curb fraud risk

Along with cutting off funding to states, the administration has temporarily halted Medicare enrollment for entire stakeholder groups that are deemed to be high-risk.

In February, a six-month moratorium on enrollment was issued for medical supply companies, a large subcategory of durable medical equipment, prosthetics, orthotics and supplies (DMEPOS) vendors. CMS said the moratorium could be extended in six-month increments if needed.

The freeze “will allow CMS to explore additional safeguards to further mitigate longstanding instances of fraud, waste and abuse perpetrated by certain DMEPOS companies,” the agency said in a news release.

This past week, CMS implemented a similar moratorium for hospices and home health agencies.

“This is about protecting patients, restoring integrity and safeguarding taxpayer dollars,” Mehmet Oz, MD, CMS administrator, said in a written statement about the latest moratorium.

In prior comments, Oz has said ramped-up program integrity measures are important to ensure the sustainability of Medicare and Medicaid.

Compliance lapses can create financial exposure for providers

Even when providers are not directly targeted in such initiatives, their funds may be at risk.

“Any attention on fraud will ultimately look to the providers who were paid for services,” Evans said.

In such an environment, attention to detail in healthcare compliance efforts has never been more essential.

With a good compliance program, “if the government does show up, if they do come knocking, you’re on solid ground,” said John Kelly, healthcare industry practice chair with Barnes & Thornburg. “You can point to the steps you’re taking.”

“Providers need to invest in getting it right the first time,” Evans said. “Always, they need to invest in writing down all of their efforts and all of their compliance with the various rules, whether it’s electronic visit verification or getting the claim right, whatever the obligation may be.”

Compliance efforts also can help providers fix discrepancies before they become meaningful problems.

“What I see a lot is issues around coding, issues around billing, issues that could have been prevented had [they] been caught — had enough work been done on the front end to make sure that your revenue cycle management program was running as close to perfect as you can,” Kelly said. “That’s where you’ll see overpayments develop. There’s just a mistake made, and usually it’s a completely honest mistake.”

Documentation and revalidation gaps can trigger compliance problems

Being mindful of administrative snags also is key, Evans said.

“We’ve seen repeatedly [that] providers who are doing the right thing, who really aren’t targets of any sort of investigation, nonetheless get caught up in this investigation nomenclature, get terminated [from Medicare or Medicaid], have their payments suspended because they failed to respond to a letter, because they failed to follow their paperwork,” she said.

A specific area that gets overlooked is routine revalidation of Medicare or Medicaid enrollment.

“We see people miss that all the time, because it just doesn’t seem like an important detail,” Evans said. “Maybe it gets routed to the wrong office, [or] it comes in a letter or it comes on a website, and so it’s not as obvious to providers.”

DME is an area that merits special attention at provider organizations.

The government may view physicians as being complicit in DME company scams, Kelly said, if they sign orders for medically unnecessary equipment, or even if they simply fail to document medical necessity.

There have been instances where DMEPOS marketers contact Medicare beneficiaries and record the conversation, with physicians ordering equipment based on the recording — despite not interacting with the patient, Kelly noted.

“It’s being really careful about how you’re engaging with your patients, making sure it’s legitimate, it’s medically necessary, and then documenting [what] you need to document,” he said.

Anti-fraud enforcement can carry financial consequences for patient care

While recognizing the need for anti-fraud efforts, Evans said such approaches can go too far.

“We need to be conservative in getting into fights about these things, because it’s money that is not being used for patient care,” she said. “If providers are required to give that money back, to pay penalties, to expend resources defending themselves, there will be less funds for patients, and there will be less funds for healthcare.”