The Medicaid Director Demands States Tackle Fraud

News, as presented on TV, often ignores the decades of policy work behind the headlines. It may be difficult, even for astute consumers, to understand Fox News’ recent reporting, that “Dr. Oz puts all 50 governors on notice over billions lost to Medicaid fraud,” as anything other than a former Oprah TV star punishing every state for Minnesota’s Feeding our Future scandal, in which dozens of people laundered pandemic-era food relief funds. This reading couldn’t be further from the truth. The April 23 letters are the most recent action in a decades-long, bipartisan effort to address provider-side fraud—and they signal the federal government’s intent to move from planning to implementation.

Share

Dr. Mehmet Oz, a cardio-thoracic surgeon who was a professor at Columbia Medical School, leads the Centers for Medicare and Medicaid Services (CMS) within the Department of Health and Human Services (HHS), which has one of the largest budgets in the entire federal government. He signed the letters personally.

Medicaid is second only to education in states’ line-item budget spending, and total Medicaid spending in 2023 reached over $900 billion. This alone makes Medicaid an attractive target for criminals, although the complexity of the system makes such fraud hard to pull off for your average bank robber. Two months ago, the Financial Crimes Enforcement Network of the U.S. Treasury (FinCEN) released an advisory to banks, warning of fraudsters, including transnational criminal organizations, laundering taxpayer money from welfare fraud.

Medicaid Fraud Explained

In 2005, the federal government identified “program integrity” within Medicaid as a priority for reducing the federal deficit. Included in the Deficit Reduction Act of 2005 was encouragement for states to recover false and fraudulent claims (Sec. 6031). It set up a Medicaid Integrity Program within CMS to review and audit Medicaid providers to reduce fraud, waste and abuse (Sec. 6034).

Discussion about Medicaid Fraud is often about participant fraud, not provider fraud. As a result, the concept of “fighting fraud in Medicaid” gets connected to the idea of people losing access to healthcare. The federal government is pushing states to shift their focus to providers who are billing for services not provided, which has been documented since at least 2005. The HHS Office of Inspector General (HHS-OIG) Criminal Enforcement Actions for 2005 looks remarkably similar to today’s docket. One physical therapist was ordered to pay nearly $1 million in restitution for billing services not performed, using unlicensed technicians without supervision, and paying referral kickbacks. A separate home health case involved billing for non-homebound and non-medically-necessary services. Two decades later, the categories of fraud are unchanged; the scale is not.

The Biden administration, in 2021, released a National Strategy on Countering Corruption. Every good strategy requires planning and implementation. The planning stage happened under the Biden administration. Implementation is happening under Trump.

The Letters Demand Planning and Implementation

On April 23, 2026 CMS sent letters to all 50 states and to state Medicaid directors, demanding they cut the flow of money to providers and nonprofits who profit from fraudulent billing practices. These letters were accompanied by a video on CMS’s Twitter/X Account that indicated that more enforcement is coming. These letters demand states immediately share their own planning phase related to Medicaid provider fraud, and they are consistent with the federal government’s implementation of the US Strategy on Countering Corruption. The letter to governors contains an implied threat, that “failure to do so will be considered as we evaluate the likelihood of fraud in each state moving forward.”

At the same time as the governors’ letters, a uniform letter was sent to state Medicaid directors, formally requesting, pursuant to CMS’ oversight responsibilities and state plan obligations, that each state submit a two-year provider revalidation strategy. Within 10 days of the letter, states must signal intent and the plans as they exist, or their intent to develop plans. Within 30 days, Medicaid directors are asked to provide a comprehensive strategy for re-evaluating high-risk Medicaid providers within two years. Once the revalidation is completed, CMS wants the results. That will allow them to cross-check between states.

Reading the Quiet Part

Medicaid recipients will appreciate that besides revalidation, the first paragraph of the letter also addresses provider directory validation. Patients’ frustration with a lack of accurate directory information is real, and it is a burden on both patients and the Medicaid system itself.

The letters specifically call out providers who do not have a National Provider Identification Number (NPI); and a provider’s lack of an NPI is a genuine red flag. However, some small businesses, especially HCBS providers (Home and Community Based Services, often a service provided for individuals with significant disabilities), may have let this slip through the cracks. Protecting good-faith providers who fail to perform administrative obligations is a natural tension in fraud-prevention effort in a system as complex as Medicaid.

In summary, CMS is moving in a consistent direction with regard to the age-old theme of “fighting corruption, fraud, waste, and abuse.” This carries forward anti-corruption priorities announced under the Biden Administration. The threat is real: states’ non-cooperation risks a targeted analysis by the federal government. The enforcement effort deserves support—and careful watching to ensure it lands on the criminal actors it’s meant to reach, not on the small honest providers who keep Medicaid running.

—Sarah Unsicker is a former Missouri legislator who writes about policy and legislative craft from the concept to the courtroom.