Escalating Enforcement in Healthcare: “Record Recoveries, Aggressive Tactics, and What Providers Must Do in 2026”

I’ve never seen program integrity efforts as coordinated, data-driven, and relentless as they are today, and I have been doing this for 30 years. The Centers for Medicare & Medicaid Services (CMS), Department of Justice (DOJ), Office of Inspector General (OIG), Unified Program Integrity Contractors (UPICs), and other contractors are operating with unprecedented aggression and sophisticated tools to combat fraud, waste, and abuse (FWA). 

Fiscal year 2025 delivered the clearest signal yet: The DOJ recovered a record $6.8 billion in False Claims Act (FCA) settlements and judgments, the highest single-year total in the statute’s history, with more than $5.7 billion (approximately 84%) tied to healthcare matters. These recoveries, largely returned to the Medicare Trust Fund, reflect not just bigger cases but a systemic shift toward proactive detection and swift enforcement. 

This post breaks down the key tools and tactics federal entities are deploying, spotlights current initiatives (including the ongoing OIG review of hyaluronic acid injections), examines challenges like the TPE program, and most importantly, outlines concrete steps providers can take to protect themselves through robust, living compliance programs. 

Federal Arsenal: Tools Driving Record Enforcement

Agencies now combine traditional authorities with advanced analytics, artificial intelligence, and interagency data sharing: 

•   Data Analytics & Predictive Modeling — CMS and contractors use claims data to identify outliers in real time. 
•   Civil Investigative Demands (CIDs) The DOJ is issuing CIDs more aggressively as a powerful pre-litigation tool to compel documents, interrogatories, and testimony. This allows rapid evidence gathering before deciding on intervention or direct suits. 
•   Audits & Payment Suspensions — UPICs and other contractors conduct targeted reviews, often with short response windows, leading to extrapolated overpayments and payment holds when fraud is suspected. 
•   OIG Oversight — Audits, evaluations, and referrals that frequently trigger Corporate Integrity Agreements or exclusions. 

The result is earlier intervention and higher-stakes consequences for providers. 

OIG Activity: Hyaluronic Acid Knee Injections

One active OIG project I previously blogged about focuses on Medicare payments for intra-articular hyaluronic acid (viscosupplementation) injections for knee osteoarthritis. Announced in 2024 and still in progress (estimated completion in FY2026), the review examines whether payments complied with medical necessity, documentation, and coverage requirements under applicable LCDs and NCDs. Providers offering these services should immediately verify documentation against current criteria, many denials stem from insufficient evidence of failed conservative treatments or repeated injections without clear benefit. 

Rising Aggression: UPICs, CIDs, and TPE Challenges

UPIC Activity has intensified, with contractors leveraging broad authority for record demands, on-site reviews, and payment suspensions. Providers in high-risk areas (DME, wound care, therapy) report shorter turnaround times and frequent use of statistical extrapolation, turning small error rates into six- or seven-figure demands. In 2025 I saw an honest, heavily relied upon Laboratory forced out of business by the unethical tactics of a few at a UPIC. The fact is there are a few who just do not care and want to see the earth burn, which is unfortunate because there are so many good people, I know working at UPICs.  

DOJ CIDs continue their upward trajectory as a go-to investigative tool, enabling the government to build strong cases efficiently, often pressuring early resolutions. This is the only too in the quiver of a prosecutor that can compel disclosure(s), and it is a powerful tool!  

CMS’s Targeted Probe and Educate (TPE) Program, while framed as educational, this process frequently frustrates providers. Common issues include overly rigid interpretations of LCD language, limited flexibility for clinical judgment, and escalation after three rounds to 100% prepayment review or referral for further action. The newer Low Biller Probe and Educate variant extends scrutiny to smaller-volume providers. Success requires meticulous documentation, prompt responses, and strong appeal strategies when denials appear inconsistent with LCD intent. The worst part about the TPE is that even when they are wrong, and they are often, they will not change their error rate and force the provider to go through the appeal process to try and lower the rate to avoid further rounds! The program needs to be corrected desperately!  

The Non-Negotiable: A Living, Breathing Compliance Program

A paper compliance program offers ZERO protection in today’s environment. The OIG demands programs that are actively implemented, regularly tested, and woven into daily operations, the true meaning of “living and breathing.” 

Core elements must include: 

•   Written standards updated annually to reflect new risks (e.g., AI documentation tools, telehealth). 
•   An empowered compliance officer with direct board access and adequate resources. 
•   Ongoing, role-specific training with documented effectiveness metrics. 
•   Anonymous reporting channels and non-retaliation policies that are genuinely used. 
•   Proactive auditing and monitoring, including targeted reviews of OIG Work Plan items. 
•   Consistent disciplinary action and swift corrective measures, including self-disclosure when warranted. 
•   Regular effectiveness assessments, board-level reporting, third-party reviews, and adjustment based on audit findings or enforcement trends. 

Organizations treating compliance as a dynamic risk-management function, rather than a checkbox exercise, significantly reduce exposure. 

Steps to Mitigate Risks

1. Conduct Annual Risk Assessments — Focus on high-risk services (e.g., injections, MA risk adjustment, high-volume procedures) using internal data analytics. 
2. Strengthen Documentation — Ensure every claim reflects medical necessity, patient-specific factors, and compliance with payer rules. Implement peer review or AI-assisted checks where appropriate. 
3. Enhance Pre-Billing Controls — Coding and documentation audits before submission. 
4. Train Relentlessly — Regular sessions on emerging risks, with testing and refreshers. 
5. Prepare Response Protocols — For audits, CIDs, or subpoenas, engage counsel early and preserve privileges. 
6. Leverage Voluntary Self-Disclosure — When issues are identified, timely disclosure to OIG or DOJ often yields better outcomes than waiting for government action. 
7. Monitor and Adapt — Track OIG Work Plan updates, DOJ announcements, and CMS initiatives quarterly. 

Emerging Federal Programs and Collaborative Efforts

•   CMS WISeR Model (Wasteful and Inappropriate Service Reduction) launched in January 2026 across six states. It uses AI, machine learning, and clinical review for prior authorization on services prone to FWA (e.g., certain knee procedures and skin substitutes). 
•   Health Care Fraud Data Fusion Center — A DOJ-led initiative harnessing cloud computing, AI, and analytics for faster scheme detection. 
•   Medicare Advantage Audit Expansion — Dramatic workforce growth and broader auditing using technology to accelerate reviews and recover overpayments. 
•   Healthcare Fraud Prevention Partnership (HFPP) and related interagency working groups facilitate public-private data sharing to identify patterns proactively and develop prevention strategies. 

These efforts signal a shift from reactive enforcement to predictive, technology-enabled program integrity. 

Final Thoughts: Compliance as a Strategic Imperative

The 2025 record recoveries and 2026 initiatives make one thing clear: Federal entities are more proactive, better resourced, and technologically advanced than ever. Providers who treat compliance as a living system, regularly tested, updated, and championed from the top, will not only reduce risk but position themselves for sustainable success. 

If your organization wants an objective review of its compliance program, audit readiness assessment, or assistance responding to current scrutiny, reach out to Sean M. Weiss at [email protected] or 800.635.4040 . In this environment, preparation is the best defense. 

About The Author: 

Sean M. Weiss is a political Appointee (voting member) to The Board of Scientific Counselors for The National Committee on Vital Health and Statistics (NCVHS) for The Centers for Disease Control (CDC). Sean holds 9 national auditing, coding, compliance, and management certifications. Weiss is a sought-after subject matter expert with specialized skills in federal civil and criminal fraud cases serving both the prosecution and defense. He is also a frequent speaker at medical and management society meetings around the country.     

Contact Us