CMS Announces Sweeping Anti-Healthcare Fraud Initiatives

The Centers for Medicare & Medicaid Services (CMS) announced sweeping new enforcement actions intended to combat health care fraud, with a particular focus on personal care, home and community-based services in Minnesota, and durable medical equipment, prosthetics, orthotics, and supplies (DMEPOS) suppliers. The measures, which include a nationwide DMEPOS enrollment moratorium and new transparency requirements around billing revocations, mark a significant escalation in CMS’s efforts toward its stated goal of combating and preemptively heading off potential fraud by immediately stopping payments in close to real time.

Key Takeaways

• CMS announced a deferral of $259.5 million of quarterly federal matching funds for Minnesota Medicaid that will have an immediate impact on certain providers.
• CMS also announced that it would be imposing a nationwide, six-month moratorium on new Medicare enrollment for certain DMEPOS suppliers, intensifying scrutiny of billing practices and enrollment applications.
• CMS asked stakeholders for comment on its Comprehensive Regulations to Uncover Suspicious Healthcare (CRUSH) initiative designed to prevent healthcare fraud, waste, and abuse.

CMS’s continued emphasis on a revoke and stop payments first, ask questions later, approach, however, has significant potential to disrupt the operations of unsuspecting and compliant providers and suppliers. Stakeholders should be prepared to quickly respond to adverse and potentially unfounded agency actions based on the sweeping dragnet.

MINNESOTA DEFERRAL

CMS will be deferring $259.5 million in federal funds based on Minnesota Medicaid’s spending from the fourth quarter of FY 2025. The announcement suggests that approximately $244 million of that figure was for “unsupported or potentially fraudulent Medicaid claims.” Specifically, the announcement provides that CMS’s analysis identified “unusually high spending” for services related to personal care, home and community-based services, and “other” practitioner services. CMS will purportedly not release any federal funds until the agency is “satisfied with the state’s corrective action plan to address its program integrity shortcomings.”

DMEPOS ENROLLMENT MORATORIUM

CMS has imposed a six-month, nationwide moratorium on new Medicare enrollment for certain DMEPOS suppliers. The moratorium is a follow-on measure from a purported $1.5 billion in suspected fraudulent DMEPOS billings that CMS claims it stopped last year. The moratorium applies to all applications for initial enrollment and changes in majority ownership for suppliers.

In a corresponding transparency measure, CMS will begin publishing information on providers and suppliers whose Medicare participation has been revoked, including National Provider Identifiers and the reasons for revocation.

CRUSH STAKEHOLDER INPUT INITIATIVE

The announcement also solicits input from industry stakeholders on CMS’s CRUSH initiative. CRUSH has been shorthand for CMS’s efforts under the second Trump administration to preemptively guard against potential fraud in government healthcare programs. One accomplishments bulletin, for example, provides that the CRUSH initiative deployed “automated edits” to prevent improper payments to providers/suppliers. The Request for Information on CRUSH spans the gamut of providers, suppliers, and Medicare/Medicaid programs, all with an eye toward “strengthening CMS’ ability to prevent, detect, and respond to fraud.” For interested stakeholders, comments are due by March 20, 2026.

IMPLICATIONS FOR PROVIDERS AND SUPPLIERS

In the announcement, Secretary of Health and Human Services Robert F. Kennedy, Jr. described these and other related initiatives as a decisive shift from retrospective “pay and chase” tactics to a real-time “detect and deploy” model to prevent fraud “before it occurs.” The announcement emphasizes how these efforts will be data driven and the agency will leverage “advanced AI tools.” To hit home the emphasis on proactive, rather than reactive, fraud prevention measures, CMS Administrator Dr. Mehmet Oz noted “CMS is done trying to catch fraudsters with their hands in the cookie jar—instead, we’re padlocking the jar and letting them starve.”

Akin to the circa-2010 technology world mantra of “move fast and break things,” HHS and CMS are armed with data and “AI tools” to try and cut off funding to purportedly fraudulent actors through adverse actions like billing revocations and claim denials. But this emphasis on prevention raises the question: What information and/or data is CMS considering in order to make appropriate determinations on such adverse actions? Indeed, the announcement touts that the CRUSH initiative has already led to CMS revoking the ability of 5,586 providers and suppliers to bill Medicare because of “inappropriate behavior.” However, the announcement does not illuminate what constitutes sufficiently “inappropriate” behavior to warrant a revocation, let alone what regulatory authority CMS has used to make those determinations.

Ultimately, preemptive efforts based on unknown data and AI tools is going to leave, and already has left, compliant providers and suppliers operating in good faith in the lurch. Revoking a provider or supplier’s billing privileges with Medicare invariably cascades to other government payors like Medicare and even commercial payors. It is not hyperbole to state that a Medicare revocation could be the first step toward a provider or supplier no longer being able to effectively operate and service its patients.

And while CMS and HHS may direct providers and suppliers who have been on the receiving end of such preemptive actions to appropriate appeals mechanisms, that process is challenging and time consuming. There are serious questions about CMS’s ability to handle a potential onslaught of appeals in a timely manner given the reduction in agency staffing that has occurred over the past year. Ultimately, while providers and suppliers attempt to navigate the regulatory requirements to try and reverse CMS’s determinations, their patients are at risk of not receiving necessary services or supplies.

CONCLUSION

CMS’s latest initiatives demonstrate a concerted effort to proactively identify and stop program funds from flowing to potentially fraudulent actors. But this approach will have an expansive impact on providers and suppliers, not just those engaging in potentially fraudulent practices. Providers and suppliers should increase their vigilance for any communications from CMS or Medicare Administrative Contractors related to denied claims or other adverse actions like billing revocations in order to swiftly respond and begin the process of preventing or reversing such a decision. An equally proactive and forceful response may be the difference between the ability to continue serving patients and having to shut down operations.