Healthcare Enforcement Q2 Highlights: What Providers Need to Know

Healthcare enforcement activity in the second quarter of 2026 reflects continued, assertive federal oversight with an emphasis on large-scale and coordinated fraud prosecutions and task-force activity, whistleblower-driven False Claims Act (FCA) cases and proactive enforcement arising from the government leveraging data analytics and artificial intelligence (AI). This quarter also included the announcement of various U.S Department of Justice (DOJ) initiatives and organizational shifts, and most recently, the president’s nomination of Acting Attorney General Todd Blanche for United States attorney general.

Federal agencies, including the DOJ and the U.S. Department of Health and Human Services Office of Inspector General (HHS-OIG), in addition to state attorneys general, continue to signal that healthcare fraud remains a top enforcement priority, continuing its momentum from record-setting activity in 2025.

DOJ Fraud Enforcement Involving Providers

In the second quarter, we saw the DOJ bring numerous enforcement actions against healthcare providers and systems for activities involving improper billing, kickbacks, medically unnecessary services and Stark Law violations. Below we provide an overview of actions in these areas. Notably, in several of these cases, the DOJ opened investigations after company insiders or external analytics firms filed qui tam complaints in federal court under the False Claims Act’s whistleblower provisions. In light of the ongoing whistleblower and enforcement activity, healthcare providers should consider regularly assessing the effectiveness of their internal reporting mechanisms, ensuring timely investigations of reported concerns and reinforcing a strong culture of compliance to mitigate external reporting and enforcement exposure.

• Improper Billing. The DOJ filed criminal healthcare fraud charges against eight individual California-based healthcare providers, alleging that they billed Medicare for hospice services to patients who were not terminally ill. Additionally, the DOJ entered into a civil settlement agreement with a Virgina-based health center to resolve False Claims Act allegations that the center billed Medicare for annual wellness visits provided by pharmacists without a physician’s presence or supervision. The HHS-OIG also entered into civil settlement agreements with providers to resolve improper billing allegations. Specifically, a Texas ambulatory surgery center and a Montana hospital agreed to settle allegations that they billed for services furnished by an unlicensed nurse, and an Illinois hospital agreed to settle allegations that it submitted claims for annual wellness visits that did not meet coverage criteria.
• Kickbacks. The DOJ announced multiple criminal matters involving kickbacks in exchange for durable medical equipment (DME) business or home healthcare business. For instance, a California-based owner and operator of multiple DME companies pled guilty in the Southern District of California to healthcare fraud charges that she and co-conspirators paid kickbacks to marketing companies in exchange for fake DME prescriptions. Additionally, a jury in the Eastern District of Michigan convicted a home healthcare agency owner of healthcare fraud for bribing a hospital nurse for stolen patient information, which the owner then used to submit claims to Medicare containing false or fabricated information.
• Medically Unnecessary Services. The DOJ resolved numerous False Claims Act investigations into healthcare providers, including a urology practice (N.D. Ga.), a vascular practice (C.D. Cal.), an ophthalmology practice (D. Mass.) and skilled nursing facilities (N.D. Ill.), for billing medically unnecessary services to federal healthcare programs. For example, a urology practice and a physician in Georgia agreed to pay $14 million to resolve allegations that they billed Medicare and Georgia Medicaid for procedures and tests that were medically unnecessary or were never performed, in violation of the U.S. False Claims Act and the Georgia False Medicaid Claims Act. This investigation arose after a former employee and former physician at the practice separately filed qui tam complaints and resulted in a coordinated settlement between the DOJ and Georgia attorney general’s Office. Additionally, three skilled nursing facilities in Illinois agreed to pay $300,000 after an external analytics firm filed a qui tam complaint in the Northern District of Illinois alleging that the facilities billed for medically unnecessary rehabilitation services.

DOJ Initiatives and Organizational Changes

New initiatives and organizational shifts continued to reshape the Justice Department in the second quarter. Since early April, the DOJ has announced the establishment of the National Fraud Enforcement Division, the West Coast Health Care Fraud Strike Force and the Fraud Oversight through Careful Use of Statistics (FOCUS) initiative. The DOJ also recently announced reforms to accelerate the review of False Claims Act whistleblower complaints alleging fraud against public benefits programs. Taken together, these initiatives potentially reflect a broader shift toward centralized enforcement driven by cross-agency and department collaboration, and analytics-led and resource-efficient case generation. While results of these initiatives have yet to be seen, healthcare providers should keep an eye on these developments and expect to see more centralized and data-driven enforcement strategies coming from the DOJ.

• National Fraud Enforcement Division. On April 7, Acting Attorney General Todd Blanche announced formation of the National Fraud Enforcement Division, which is being led by Senate-confirmed Assistant Attorney General Colin M. McDonald. According to an April 7 memorandum released by Acting Attorney General Blanche, the DOJ Criminal Division’s Tax Section, the Health Care Fraud Unit and the Market, Government and Consumer Fraud Unit are now under the operational control, oversight and direction of the new National Fraud Enforcement Division. Next steps included realignment of criminal prosecutorial resources into the Division, designation of an experienced prosecutor from each U.S. attorney’s office to be detailed-in-place to the Division, designation of a liaison from the Civil Division, and consideration of whether non-criminal elements should be brought within the Division, among other things. Overall, the new Division is intended to effectuate a comprehensive and coordinated approach to fraud prosecution by coordinating agencies, developing more efficient fraud detection systems and processes, and equipping prosecutors with data-driven investigative techniques. Since the announcement, the Division, which supports the White House’s Task Force to Eliminate Fraud, has announced numerous healthcare fraud arrests, convictions and sentences, such as the May 21 announcement of a Minnesota Health Care Fraud Takedown resulting in criminal charges against childcare center owners and Medicaid providers for various fraud schemes. It has also announced the development and expansion of resources such as the West Coast Health Care Fraud Strike Force described below and, more recently, the funding of new prosecutors to combat Medicaid fraud across the country.
• West Coast Health Care Fraud Strike Force. On April 30, the National Fraud Enforcement Division announced the establishment of the West Coast Health Care Fraud Strike Force, which combines resources from the National Fraud Enforcement Division’s Health Care Fraud Section with the U.S. Attorney’s Offices for the District of Arizona, District of Nevada and Northern District of California. Modeled after health care fraud strike forces in other regions, the new initiative will build on recent prosecutions and bring enhanced federal enforcement resources to Northern California — one of the nation’s most significant healthcare technology hubs — and Arizona and Nevada, where data analytics is showing increased fraud schemes. Like the strike forces in other regions, the West Coast Health Care Fraud Strike Force will also partner with other enforcement agencies, including the HHS-OIG, the FBI and the Drug Enforcement Administration, to identify, investigate and prosecute healthcare fraud.
• Fraud Oversight through Careful Use of Statistics (FOCUS) Initiative. On April 30, the DOJ Civil Division announced the FOCUS initiative, an anti-fraud initiative intended to strengthen the DOJ’s working relationship with qui tam whistleblowers. Noting that it had received a “surge” of qui tam cases from data miners who analyze publicly available government data for potential signals of fraud, the DOJ stated that it would prioritize engagement with data miners who “demonstrate an insightful application of sophisticated technological capabilities” to identify fraud and provided guidance to facilitate high quality data miner qui tam actions, available here. Through this initiative, data miners will have an opportunity to meet with the Civil Fraud Section to discuss their capabilities and outline why and how their data reliably correlates to fraud. By partnering with data miners that meet these criteria, the DOJ seeks to take advantage of more sophisticated data analytics to identify high-quality, actionable matters.
• Memorandum on Accelerating Review and Enhancing Enforcement in Benefits Fraud Matters. On May 27, the DOJ Civil Division announced reforms to accelerate review of False Claims Act whistleblower complaints alleging fraud against federally funded, state-administered benefits programs. Specifically, these reforms require the DOJ Civil Division prosecutors to conduct an initial review of new benefits fraud qui tams within the 60 days contemplated by 31 U.S.C. § 3730(b)(4) and no later than 120 days. Thereafter, the prosecutors must decide whether to permit the relator to proceed with and assume primary responsibility for the action, subject to the government’s oversight and ultimate control of the matter; conclude the allegations warrant further investigation to be conducted within 120 additional days; or determine the qui tam should be dismissed. The reforms also direct the prosecutors to use a “whole-of-government” approach to ensure accelerated review and evaluation for all available enforcement options, including sharing matters with affected agencies for potential administrative action and referral to the Criminal Division and/or the National Fraud Enforcement Division for potential criminal action. The stated goal of these reforms is to allow the DOJ Civil Division to proceed more efficiently on meritorious qui tam cases and maximize finite resources.

For more information, you can find links to relevant DOJ press releases here, here, here and here.

Enforcement of Gender-Affirming Care Subpoenas

Federal District Court decisions quashing, blocking or significantly limiting subpoenas seeking information from hospitals and providers related to the provision of gender-affirming care did not deter the DOJ from continued enforcement in Q2. In fact, the U.S. Attorney’s Office in the Northern District of Texas recently issued criminal grand jury subpoenas to institutions seeking gender-affirming care records. Additionally, on May 15 and June 5, the DOJ secured its first civil resolutions with hospitals involving the provision of gender-affirming care.

In the May 15 settlement, which was led by the DOJ’s Civil Division Enforcement and Affirmative Litigation Branch and the Texas attorney general, Texas Children’s Hospital (TCH) agreed to pay $10 million to resolve alleged violations of the Food Drug & Cosmetics Act, FCA and federal fraud and conspiracy laws. DOJ specifically alleged that TCH had fraudulently billed public and private payors to obtain reimbursement for gender-affirming care. As part of the settlement, TCH agreed to terminate all gender-affirming care and establish a specialized clinic focused on restorative care for individuals seeking to discontinue or reverse such interventions. Notably, TCH denied all allegations and did not admit to any wrongdoing.

In another settlement involving a prominent hospital, Cleveland Clinic Foundation agreed to pay $308,000 on June 5 to resolve similar allegations related to the fraudulent billing of public and private payers to obtain reimbursement for gender-affirming care. This settlement, which was led by the DOJ’s Civil Division Enforcement and Affirmative Litigation Branch and Ohio attorney general, included an agreement by Cleveland Clinic to commit $2 million to provide restorative care for individuals seeking to discontinue or reverse gender-affirming care intervention. Like TCH, Cleveland Clinic denied all allegations and did not admit to any wrongdoing.

In other respects, the DOJ had a less successful quarter in enforcing subpoenas seeking gender-affirming care records. In one recent case, a Rhode Island federal judge quashed a DOJ subpoena directed to a Rhode Island hospital seeking such information, even though a federal judge in Texas had already granted a petition to enforce the subpoena. Siding with the hospital (and advocates of the children in the hospital), who accused the government of “playing dirty” by forum shopping and filing a motion to enforce the subpoena in a more favorable jurisdiction, the Rhode Island court emphasized the DOJ’s “drastic overreach” into the informational privacy of children and lack of a congressionally authorized purpose. While these cases continue to unfold, the Rhode Island court cautioned that any practitioner trying to negotiate a DOJ subpoena should be filing motions to quash.

For more information, you can find the DOJ’s press releases here and here, and the Rhode Island judge’s order here.

Anti-Fraud Activity by CMS

Dr. Mehmet Oz, Administrator for the Centers for Medicare & Medicaid Services (CMS), recently asserted that “if you just took the fraud out of Medicare, you would double the life expectancy of the Medicare trust fund.” CMS continues to sharpen its focus on proactive fraud prevention, signaling a shift from traditional retrospective recovery efforts to a more forward-looking detection model. This quarter, CMS has rolled out a series of coordinated anti-fraud initiatives targeting high-growth Medicaid service areas and high-risk areas such as durable medical equipment, prosthetics and orthotic supplies (DMEPOS). These actions underscore CMS’ larger strategy to intervene earlier in the payment lifecycle, strengthen program oversight and identify improper payments before they occur.

• Medicaid State-Level Audit Mandates. In April, Dr. Oz announced a national initiative requiring all 50 states to undergo enhanced oversight of their Medicaid programs. As indicated by the reporting of the announcement, this initiative gives every state 30 days to submit a mandatory audit plan addressing revalidation of their Medicaid providers. The audit requires states to confirm that enrolled providers are legitimate, properly credentialed and delivering billed services appropriately. CMS signaled that failure to demonstrate robust oversight through this required audit may result in targeted federal audits and oversight. This 50-state mandatory audit reflects a national approach to federal anti-fraud efforts, which is an escalation from the ongoing individual state-specific investigations and temporary enrollment freezes in high-risk areas, described more below.
• Scrutiny of New York Medicaid Costs. On March 3, Dr. Oz sent a formal letter (available here) to New York Governor Kathy Hochul demanding answers regarding New York’s provider screening and enrollment oversight within New York’s Medicaid program. CMS raised concerns about the state’s $90 billion a year Medicaid program being 36% higher than the national average, and observed that the state’s high Medicaid spending combined with a large long-term care workforce created a high risk environment for fraud waste and abuse. CMS further advised that its analysis of spending, public reporting and federal prosecutions raise concerns in areas such as behavioral health, adult day care services, non-emergency medical transport (NEMT) and home health aide services. The letter demanded responses with supporting documentation to a variety of questions relating to program oversight and fraud detection.
• Withholding of California Medicaid Reimbursements. On May 13, Vice President J.D. Vance and Dr. Oz announced withholding of $1.3 billion in Medicaid reimbursements to California for insufficiently combatting fraud. While this amount is CMS’ largest deferral ever, it is a fraction of California’s total federal Medicaid funding, which was over $90 billion in 2024. In his announcement, Dr. Oz called out hospices in the Los Angeles area as a potential source of fraud. This withholding follows a similar announcement in February, when CMS deferred $259.5 million in federally matching funds to Minnesota’s Medicaid Program over fraud concerns.
• DMEPOS Moratorium. As of February 27, CMS implemented a nationwide moratorium for specific DMEPOS medical supply companies, including those with orthotics and prosthetics personnel, pedorthic specialists, respiratory specialists and pharmacists. During this six-month pause, all initial enrollment applications will be denied, including certain changes in majority ownership, which are treated as new enrollments. This national approach shifts from previous moratoria in geographic “hot spots” and reinforces CMS’ broader strategy of proactive anti-fraud efforts.
• Hospice and Home Health Agency Moratorium. Like the national moratorium for DMEPOS supply companies, on May 13 CMS also announced a six-month moratorium on new enrollments for hospices and home health agencies (HHA), which furthers CMS’ focus on combatting potential fraud. As part of the announcement, CMS shared it will conduct targeted investigations, leverage data analytics and prioritize removing from Medicare hospice and HHA providers who are suspected of committing fraud.

For more information, you can read about the DMEPOS moratorium here, the Home Health Agency moratorium here and the hospice moratorium here.

CMS Rate Announcements Reflect Short-Term Stability and Long-Term Integrity Goals for Medicare Advantage

On April 6, CMS released its finalized calendar year (CY) 2027 Medicare Advantage (MA) capitation rates and Part C and Part D payment policies. According to CMS, the final policies in the CY 2027 rate announcement are projected to result in an increase of 2.48%, or more than $13 billion, in payments to MA plans in CY 2027. CMS indicated that it was seeking to “support the program” while also “advancing our vision of a sustainable and credible Medicare Advantage program in the long run.” CMS stated that its “targeted risk adjustment policies in the CY 2027 rate announcement will promote greater competition and more accurate payments.” The rule is effective June 1 and applies to Medicare Advantage and Part D coverage beginning in 2027.

Focus on Improvements to Prior Authorization

On April 10, CMS released the 2026 CMS Interoperability Standards and Prior Authorization for Drugs Proposed Rule (CMS-0062-P). This proposed rule would extend many of the requirements of the 2024 CMS Interoperability and Prior Authorization final rule, which covered non-drug items and services, to cover prior authorizations for drugs, including application programming interfaces (APIs). Under the proposed rule, CMS is proposing to require impacted payers to “support electronic prior authorization, to make decisions on requests within shorter timeframes that align [with] CMS programs and to increase transparency for the prior authorization of drugs.” The proposal also requires impacted payers to “update health IT standards and to report interoperability API endpoints and API usage metrics to CMS.” Health plans are following this lead, announcing their own reductions in medical services requiring prior authorizations.

OIG’s Updated Fraud and Abuse FAQs: Stark Exception and Fair Market Value Alone Don’t Mitigate Anti-Kickback Statute Risk

On April 23, the HHS-OIG updated its “General Questions Regarding Certain Fraud and Abuse Authorities” FAQs, revising FAQ No. 4 and adding new FAQ No. 17.

First, FAQ No. 4 was revised to clarify that Stark Law compliance does not necessarily equal Anti-Kickback Statute (AKS) compliance. Even if a financial arrangement fully satisfies a Stark Law exception, it can still violate the AKS if the facts show knowing and willful intent to induce or reward referrals of items or services reimbursable by a federal health care program. The Stark Law, also known as the physician self-referral law, is a strict liability statute focusing on prohibited financial relationships. The government does not have to establish a party’s intent with respect to the Stark Law violation. By contrast, the AKS is intent-based, requiring the government to show that a party knowingly offered or received remuneration, while knowing it was improper to do so.

Second, FAQ No. 17 was added to address the fact that fair market value (FMV) is not an AKS safe harbor. While paying at FMV is a best practice and can reduce risk, it does not eliminate AKS risk. An arrangement may be commercially reasonable and FMV-based yet still raise AKS concerns if the surrounding facts suggest inducement for referrals. Intent remains central. An AKS analysis is a facts-and-circumstances inquiry. Compliance reviews should not be limited to whether an arrangement is in technical compliance with the Stark Law or FMV; they must also assess whether the arrangement makes business sense, whether conduct matches the contract and whether any element of the arrangement could be viewed as an improper inducement.

In sum, healthcare organizations should integrate intent-based risk assessment into compliance reviews, even when arrangements meet Stark exceptions or are FMV-based. Documentation of commercial reasonableness and Stark compliance can help, but they do not replace a thorough analysis of referral inducement risk.

Privacy

Privacy continues to be a priority for healthcare. Privacy activity in this quarter has largely centered around AI tools and use, while cybersecurity and the protection of personal data continue to be areas of focus, seen through a national push for privacy standards and the impact of global dynamics on U.S.-based companies’ operations and earnings.

US House Releases Latest Attempt at a Nationwide Privacy Bill; Prospects Are Uncertain

On April 22, the U.S. House of Representatives released draft legislation that would create a nationwide U.S. privacy law — the House’s third attempt since 2022. While the proposed bills would establish a uniform national standard for protecting individuals’ personal data, they would also largely preempt the 22 states that have privacy laws on the books, including the California Consumer Privacy Act (CCPA).

For more information, read our client alert here: US House Releases Latest Attempt at a Nationwide Privacy Bill; Prospects Are Uncertain.

AI Transcription Tools: When a Robot Is Listening, Courts May Find it Is Wiretapping

Companies are potentially opening the door to significant legal risk as they increasingly turn to AI to power their customer service operations. With few AI-specific laws on the books, regulators and plaintiffs’ attorneys are relying on older statutes like wiretapping and biometrics laws to challenge these practices, as witnessed in several recent California lawsuits.

Learn more about what your business can do to stay protected in our client alert AI Transcription Tools: When a Robot Is Listening, Courts May Find It Is Wiretapping.

Double Trouble: Where Biometrics and AI Converge, Exposure Compounds

Companies are increasingly combining biometric information with AI tools — and privacy plaintiffs are taking notice. The legal risks that each technology carries independently are compounded when the two converge. AI notetaking apps, automated video-interviewing platforms and image-hosting sites are emerging as targets of litigation as plaintiffs craft novel theories under privacy and consumer protection laws to challenge these technologies. Companies deploying AI systems that rely on biometric inputs should take steps to mitigate risk, as we discuss in this client alert: Double Trouble: Where Biometrics and AI Converge, Exposure Compounds.

The FTC’s New Healthcare Task Force: Implications for Industry Participants

On March 20, Federal Trade Commission Chairman Andrew N. Ferguson announced the formation of a Healthcare Task Force aimed at combating anticompetitive behavior in the sector. The announcement underscores the aggressive approach the FTC and the administration have taken to antitrust enforcement in the healthcare sector and has implications for healthcare companies, as we explain in a client alert: FTC’s New Healthcare Task Force: Implications for Industry Participants.

State Regulation of Private Equity in Healthcare

The influence of private equity in healthcare continues to draw heightened scrutiny at the state level. As discussed in our May 2025 client alert, several states (for example, New York and California in 2023) have proposed and enacted legislation to increase oversight of transactions involving private capital investment into healthcare entities, expanding ownership disclosure for healthcare entities and limiting non-physician control of medical decisions. Since then, many of these states have moved their legislative efforts forward and passed laws requiring oversight of healthcare transactions, and additional states have enacted or introduced similar measures to restrict PE activity in healthcare.

We summarize the recent developments in state laws and regulations in this client alert: Compliance Checkup: How States Continue to Regulate Private Equity’s Role in Healthcare Transactions.

Conclusion

The second quarter confirms that healthcare enforcement remains ambitious, data-driven and increasingly complex. Regulators are not only pursuing traditional areas of retrospective fraud and recovery but also leveraging the use of technology to better identify fraud closer to real time. Given regulators’ stated ambitions to curb fraud and abuse, including with the use of data mining and advanced technology, compliance teams should assess their coding and billing controls (i.e., to catch potential issues before claims are submitted) and leverage their own data and technology to monitor key risk areas and identify trends and outliers more quickly. Further, due to the government’s reported “surge” of qui tam cases, compliance teams also should ensure internal channels of communication are known and available to concerned employees and ensure that non-retaliation policies and protections are visible and enforced.

__________________

Life Sciences and Healthcare Consulting Group members Laura A. Skinner and Anita M. Hanlon contributed to this client alert.