The 2026 Medicaid Fraud Crackdown: DOGE, CMS, and $37 Billion in Waste
Something unusual is happening in Medicaid enforcement. CMS is threatening to withhold federal payments from states over fraud. DOGE is pushing AI-powered fraud detection. California just busted a massive hospice fraud ring. And the Bipartisan Policy Center is asking hard questions about the PERM program. Here's a data-driven breakdown of the most aggressive Medicaid fraud crackdown in years.
CMS Gets Aggressive: Withholding Federal Payments
In a move that would have been unthinkable a year ago, CMS is now using the nuclear option: threatening to withhold federal Medicaid payments from states that don't address fraud quickly enough. According to KFF, CMS sent formal notices to several states in early 2026 demanding corrective action plans for potential fraud in their Medicaid programs.
Minnesota was the first high-profile target. After our own analysis identified the state as America's Medicaid fraud capital — with 4x its expected share of fraud-heavy exclusions — CMS threatened to withhold payments unless the state submitted a revised corrective action plan. Minnesota complied on March 20, 2026.
This represents a fundamental shift. Historically, CMS has been a passive payer — processing claims and relying on after-the-fact audits to catch problems. The new approach puts states on notice: if your fraud controls are inadequate, federal dollars stop flowing.
DOGE's Medicaid Experiment: Crowdsourced Fraud Detection
Federal News Network reported in April that DOGE's Medicaid initiative has evolved beyond simple data releases. The new approach combines public data transparency with AI-powered fraud detection tools — essentially trying to build what we've been doing at OpenMedicaid, but at the federal level.
The idea has merit. Our own experience shows that machine learning models can surface fraud signals that traditional audits miss. We flagged 1,860 providers using statistical anomaly detection, Benford's Law analysis, and billing velocity checks — methods that scale to hundreds of millions of records in ways that human auditors can't.
But there's a catch. DOGE's approach also ties into the work requirements debate. As Federal News Network noted, the initiative frames work verification and fraud detection as two sides of the same coin: “proving that they've been working or going to job training or school for X amount of hours per month” as a way to “cut down on spending.” That conflates eligibility verification with fraud detection — they're related but different problems requiring different solutions.
California's Hospice Fraud Bust
On April 9, 2026, California Governor Newsom announced the takedown of a major hospice fraud scheme in Los Angeles. The state identified suspicious billing activity, stopped improper payments, and immediately suspended the providers involved. The California Department of Justice's Division of Medi-Cal Fraud and Elder Abuse is pursuing criminal charges.
Hospice fraud is a growing concern nationally. The basic scheme: enroll patients who aren't terminally ill, bill for hospice services that aren't provided, and collect reimbursement at hospice rates that are significantly higher than standard care. LA has been a particular hotspot for this type of fraud.
What's notable about California's response is the speed. The state says its “safeguards worked quickly and effectively — identifying suspicious activity, stopping improper payments in their tracks.” That's the kind of pre-payment detection we've been advocating for. Our change point detection analysis found 170 providers whose billing shifted 3x+ overnight — the same kind of signal that flags fraud before it accumulates.
The PERM Problem: Measuring What's Broken
The Bipartisan Policy Center published a detailed analysis in April on the Payment Error Rate Measurement (PERM) program — the federal system CMS uses to estimate improper payments. Their key finding: “improper payments” don't necessarily mean fraud. Many errors stem from documentation gaps, technical eligibility mistakes, or administrative processing issues.
This matters because the $37.4 billion improper payment figure is often cited as evidence of rampant fraud. The reality is more nuanced. Our own improper payments analysis breaks this down: the 6.12% error rate includes everything from a missing signature on a form to a completely fabricated claim. Conflating the two makes it harder to solve either problem.
The OBBBA proposes changes to the PERM program, including more frequent state measurements and financial penalties for high error rates. In theory, this creates accountability. In practice, states worry that they'll be penalized for administrative complexity rather than actual fraud — essentially punishing paperwork errors while the real fraud goes undetected.
Oregon: Fraud at the Individual Level
While federal enforcement grabs headlines, state-level prosecutions reveal the human scale of Medicaid fraud. In April, Oregon's Attorney General announced charges and convictions in three separate Medicaid fraud cases in Multnomah County. One defendant pled guilty to Theft in the First Degree and Making a False Claim for Health Care Payment after submitting fraudulent claims between December 2022 and December 2024.
These cases are important because they show the spectrum: from massive organized fraud networks (Minnesota's $9 billion problem) to individual providers gaming the system. Both need enforcement, but they require different tools. Network analysis catches organized rings. Statistical anomaly detection catches individual outliers. A comprehensive approach needs both.
What Actually Works: Lessons From the Data
After analyzing 227 million Medicaid records and watching the 2026 enforcement landscape unfold, several patterns are clear:
- Pre-payment detection — California's hospice bust shows real-time monitoring can stop fraud before it accumulates
- Data transparency — DOGE releasing data (even if it was already public) puts more eyes on the problem
- State accountability — CMS withholding threats forced Minnesota to act on known fraud issues
- AI/ML tools — Both CMS and independent analysts (including us) are proving that algorithms can surface patterns humans miss
- Recovery rates — Only $1.4B recovered from $37.4B in improper payments (3.7%). Detection without recovery is theater
- Conflating fraud and eligibility — Work requirements address eligibility, not the $226B flowing through our 1,860 flagged providers
- Blanket cuts — The OBBBA's $880B in cuts don't distinguish between New York's home care machine and a rural clinic in Idaho
- After-the-fact enforcement — The 2025 takedown was $14.6B in intended losses. Most of that money is gone
The Bottom Line
2026 is shaping up as a turning point for Medicaid accountability. For the first time, multiple enforcement mechanisms are operating simultaneously: federal payment threats, state-level prosecutions, AI-powered detection, and public data transparency. The question is whether this momentum translates into structural reform or just political theater.
The data says the problem is real — $37.4 billion in improper payments, organized fraud networks, providers billing while banned. But the data also says the solutions being proposed don't always match the problems being identified. Work requirements don't catch the providers on our watchlist. FMAP cuts don't stop the providers filing impossible claim volumes. And recovering 3.7% of improper payments isn't accountability — it's a rounding error.
What works is what California demonstrated: detect it fast, stop payments immediately, prosecute aggressively. Scale that nationwide with the tools that already exist — statistical analysis, ML models, exclusion list cross-referencing — and $37.4 billion in annual waste starts to look like a solvable problem.
Track the data yourself: search providers, review the watchlist, explore by state, or check any provider.