Healthcare fraud allegations carry consequences that can dismantle everything you have built: the loss of your medical license, exclusion from Medicare and Medicaid, civil penalties reaching into the millions of dollars, and federal prison time.
These fraud penalties are not theoretical risks. The Department of Justice and its partner agencies actively prioritize healthcare fraud prosecution, recovering billions of dollars annually in settlements and judgments.
But an investigation is not a conviction. The path from audit to indictment is long, and at every stage, a skilled defense attorney can intervene, challenge the government’s case, and protect your livelihood.
This guide will demystify the process, explaining who investigates healthcare fraud, what laws apply, the evidence the government is looking for, and precisely what you should do from the moment you suspect you are under scrutiny
What Does the Government Have to Prove in a Healthcare Fraud Case?
The single most important concept in any healthcare fraud case is willfulness. Federal law does not criminalize billing errors. It criminalizes intentional, knowing conduct. Such as submitting claims you know to be false to obtain payment you know you are not entitled to receive.
Healthcare billing involves CPT codes, modifiers, payer-specific rules, and documentation and legal requirements that shift constantly. Honest coding mistakes happen in virtually every practice. The legal question is always whether an error reflects negligence and complexity, or deliberate deception.
| Type of Fraud Case | What It Involves | Potential Outcome |
|---|---|---|
| Honest Billing Error | Miscoded service, clerical mistake, reliance on faulty software | Repayment demand, administrative penalty |
| Reckless Disregard | Ignoring obvious red flags, failure to audit known problems | Civil False Claims Act liability |
| Intentional Fraud | Knowingly submitting false claims, fabricating records | Criminal prosecution, prison, exclusion |
Which Organizations Investigate Healthcare Fraud Claims?
Healthcare fraud investigations are rarely the work of a single agency. Expect coordination among multiple federal and state bodies:
- Department of Justice (DOJ) — Prosecutes criminal cases and brings civil False Claims Act actions
- HHS Office of Inspector General (OIG) — Audits, investigates, and recommends exclusion from federal programs
- Centers for Medicare & Medicaid Services (CMS) — Administers payment programs and initiates contractor audits (RAC, MAC, ZPIC)
- Federal Bureau of Investigation (FBI) — Conducts criminal investigations, executes search warrants
- Medicaid Fraud Control Units (MFCUs) — State-level units investigating Medicaid-specific fraud
Civil vs. Criminal Liability: How Your Practice Audits Escalate
From Audit to Investigation: The Escalation Timeline
1. Routine CMS Audit
CMS contractors review billing and flag statistical outliers or anomalies.
2. OIG Referral
Contractors refer these flagged anomalies to the Office of Inspector General (OIG).
3. DOJ Involvement
The OIG shares its findings with the Department of Justice (DOJ).
4. Criminal Inquiry Opens
The DOJ officially opens a criminal inquiry based on the shared data.
5. Target Letter Issued
By the time you are notified, federal agents may have been building a case quietly for months or even years.
Understanding Liability Tracks
*Note: Civil and criminal tracks can, and often do, run simultaneously.*
| Civil Liability | Criminal Prosecution |
|---|---|
|
Burden of Proof: Preponderance of the evidence. The government only needs to show it is “more likely than not” that fraud occurred. |
Burden of Proof: Beyond a reasonable doubt. Carries far greater consequences, including the risk of incarceration. |
What begins as a routine CMS audit can quietly become a federal criminal investigation. CMS contractors flag statistical outliers in your billing and refer anomalies to the OIG. The OIG shares findings with the DOJ. DOJ opens a criminal inquiry. By the time you receive a target letter, agents may have been building a case against you for months or years.
Civil liability requires only a preponderance of the evidence — meaning the government needs to show it is more likely than not that fraud occurred. Criminal prosecution requires proof beyond a reasonable doubt, but carries far greater consequences, including incarceration. Both tracks can, and often do, run simultaneously.
The Healthcare Fraud Legal Statutes You Need to Know
Understanding which laws apply to your situation is foundational to building a defense. Healthcare fraud cases almost always involve one or more of the following statutes.
| Statute | Nature | Key Penalty |
|---|---|---|
| False Claims Act (FCA) | Civil & Criminal | Up to 3x damages + $27,000+ per false claim |
| Anti-Kickback Statute (AKS) | Criminal | Up to 10 years per violation |
| Stark Law | Civil (strict liability) | Up to $15,000 per improper referral |
| Healthcare Fraud (18 U.S.C. § 1347) | Criminal | Up to 10 years; up to 20 if serious injury results |
| EKRA | Criminal | Up to 10 years for lab/recovery home kickbacks |
| Civil Monetary Penalties Law (CMPL) | Civil/Administrative | Exclusion + per-claim penalties |
- The False Claims Act is the government’s most powerful tool. It allows private individuals, including your own employees, to file lawsuits on the government’s behalf and share in any recovery. Civil penalties compound rapidly. A practice submitting thousands of claims per year can face liability exceeding any actual loss to the government.
- The Anti-Kickback Statute prohibits offering, paying, soliciting, or receiving anything of value to induce or reward referrals of federal healthcare program business. Critically, the AKS requires proof of intent — but courts have held that a single purpose of inducing referrals is sufficient, even if other legitimate purposes exist.
- The Stark Law is a strict liability statute. There is no intent requirement. If a physician refers patients to an entity in which the physician or an immediate family member has a financial relationship, and no regulatory exception applies, the arrangement is illegal — period. Stark violations are civil, not criminal, but they can trigger False Claims Act liability when paired with Medicare billing.
- EKRA (Eliminating Kickbacks in Recovery Act) extended anti-kickback prohibitions beyond federal programs to cover all health plans, with a specific focus on clinical laboratories, recovery homes, and clinical treatment facilities.
Frequently Targeted Roles and Sectors in Healthcare Fraud Investigations
- Physicians and Specialists — particularly those billing high volumes of evaluation and management codes, or operating in specialties with expensive procedures (oncology, cardiology, orthopedics)
- Medical Directors — Individuals receiving compensation from labs, home health agencies, or DME suppliers in exchange for referrals, even when dressed up as legitimate employment
- Healthcare Executives (CEOs/CFOs) — Executives who knowingly approve fraudulent billing practices can face personal criminal liability, separate from their organization
- Pharmacists — At risk for dispensing outside the usual course of professional practice, opioid diversion, and compounding fraud
- Medical Billers and Coders — Can face personal liability when they knowingly submit false codes at a provider’s direction, or when they operate billing companies that service multiple fraudulent practices
Which Are The Most Highly Scrutinized Healthcare Sectors?
| Sector | Primary Fraud Concerns |
|---|---|
| Telehealth & Telemedicine | Phantom billing, lack of established patient relationships, prescribing without examination |
| Home Health & Hospice | Certifying ineligible patients, falsifying homebound status, and kickbacks from agencies |
| Clinical Laboratories & Toxicology | Unnecessary testing, specimen splitting, and kickbacks to referring physicians |
| Durable Medical Equipment (DME) | Billing for equipment not delivered, forged prescriptions, and kickback arrangements |
| Compounding Pharmacies | Off-formula compounding, fraudulent prescriptions, and AKS violations with marketers |
What Are the Common Healthcare Fraud Allegations and Red Flags?
Billing Schemes
The OIG and CMS have sophisticated data analytics systems that identify statistical anomalies across provider billing patterns nationwide. Common red flags include:
- Upcoding — Billing a higher-level E/M code (e.g., a 99215) for visits that documentation supports only a lower level (e.g., a 99213)
- Unbundling — Billing separately for services that CMS requires to be billed as a single bundled code
- Billing for services not rendered — The most straightforward form of fraud, which includes billing for procedures that never occurred or for deceased patients
- Duplicate billing — Submitting the same claim multiple times across different payers
- Phantom patients — Using real patient identifiers to submit claims for services never provided
Kickbacks and Improper Financial Relationships
Sham medical directorships are one of the most commonly prosecuted AKS schemes. For example, a lab, home health agency, or DME supplier pays a physician a “medical director fee” that far exceeds the fair market value of any legitimate services rendered — in exchange for a flow of referrals. The label on the arrangement does not determine legality; the substance does.
Improper joint ventures between referring physicians and the entities they refer to are similarly scrutinized. If a physician’s financial interest in a venture correlates with referral volume rather than genuine investment, both Stark and AKS exposure follow.
Prescription and Pharmacy Fraud
Opioid diversion — prescribing controlled substances outside the bounds of legitimate medical practice — is prosecuted under both the Controlled Substances Act and the healthcare fraud statute. Pill mills, chronic pain clinics with inadequate documentation, and pharmacies filling prescriptions without corresponding legitimate medical need are all high-priority enforcement targets.
Telehealth Exploitation
The expansion of telehealth during and after the COVID-19 pandemic created significant enforcement activity. The DOJ has prosecuted schemes involving telehealth companies that paid marketers to recruit Medicare beneficiaries, had physicians sign off on orders for DME or lab tests without any real patient interaction, and billed Medicare for telehealth services that never occurred.
The Investigation Lifecycle
The Whistleblower (Qui Tam) Factor
Most people are surprised to learn that federal healthcare fraud investigations frequently originate not with the government, but with insiders. The False Claims Act’s qui tam provisions allow current or former employees, competitors, or even patients to file a sealed lawsuit on the government’s behalf. If the government intervenes and recovers money, the whistleblower receives between 15% and 30% of the recovery.
This means a disgruntled billing employee, a former partner, or a competitor who believes your practice engages in improper billing may have already filed a sealed complaint in federal court — and you would have no way of knowing.
The Fraud Investigation Escalation Ladder from Audits to Criminal Prosecution
| Stage | What’s Happening | Your Risk Level |
|---|---|---|
| CMS Contractor Audit (RAC/MAC) | Routine or triggered records review | Low to moderate |
| OIG Civil Investigation | Referral from contractor; broader records review | Moderate |
| Civil Investigative Demand (CID) | DOJ formally demands documents under civil authority | High — retain counsel immediately |
| Grand Jury Subpoena | Criminal investigation is active | Very high |
| Target Letter | DOJ believes you committed a crime | Critical — retain counsel before responding |
| Search Warrant / Raid | Agents execute a search of your home or clinic | Critical |
Steps To Take in Response to Healthcare Fraud Allegations
The steps you take in the first hours and days after learning of an investigation can determine the entire trajectory of the case.
1. Secure Specialized Legal Counsel — Immediately
Healthcare fraud defense requires a specific and narrow skill set. A general practitioner or a state criminal defense attorney is not equipped to navigate the intersection of federal regulatory law, False Claims Act procedure, and white-collar criminal defense. At Lowther | Walker, our attorneys have successfully defended physicians, executives, lab directors, and medical billers against investigations by the FBI, HHS-OIG, and DOJ — including cases where we convinced the government not to prosecute at all.
2. Implement a Litigation Hold
The moment you are aware of potential litigation or investigation, you have a legal obligation to preserve all potentially relevant documents. Failure to do so — even inadvertently — can result in obstruction of justice charges or adverse evidentiary inferences. Your attorney should immediately issue a litigation hold notice to all relevant personnel, suspending routine document destruction policies.
3. Conduct an Internal Investigation
A confidential internal investigation conducted under the direction of your defense attorney is protected by the attorney-client privilege. This means you can audit your own claims, identify problems, and develop a defense strategy without that work product being turned over to the government. Understanding what the government will find before they find it is an enormous strategic advantage.
4. Control Internal Communications
Federal agents frequently contact employees, staff, and former employees directly — sometimes at their homes, and sometimes before the target of the investigation even knows an inquiry is underway. Employees have the right to speak with an attorney before agreeing to an interview, and they have the right to decline to speak with agents entirely. Brief your staff on these rights without coaching their testimony.
Potential Fraud Defense Strategies
Lack of Intent
Because willfulness is an element of most criminal healthcare fraud charges, demonstrating that billing errors resulted from the complexity of coding guidelines — not deliberate deception — is often the most powerful defense available. Expert witnesses in medical billing, compliance, and clinical practice can explain to a jury exactly why a particular coding pattern, while imperfect, does not represent knowing fraud.
Safe Harbors and Stark Law Exceptions
Both the Anti-Kickback Statute and the Stark Law contain extensive regulatory safe harbors and exceptions. If a financial arrangement between a physician and a referral source meets the technical requirements of a recognized safe harbor — fair market value compensation, a written agreement, a legitimate business purpose — it is not a violation. A thorough analysis of your financial relationships against these protections is a critical part of any healthcare fraud defense.
Challenging Statistical Sampling and Extrapolation
The government frequently audits a sample of your claims and then extrapolates alleged overpayments across thousands or millions of dollars in total billing. This methodology is legally permitted but scientifically contestable. Defense experts can challenge the statistical validity of the sample, the appropriateness of the extrapolation methodology, and the accuracy of the government’s determinations on individual reviewed claims, often dramatically reducing alleged liability.
Negotiation and Resolution
Not every case should go to trial. Strategic early engagement with prosecutors — particularly where the evidence against key elements of the charge is weak — can result in favorable resolutions, including:
- Civil settlements that resolve False Claims Act liability without criminal prosecution
- Corporate Integrity Agreements (CIAs) that allow a practice to continue operating under government monitoring, avoiding exclusion
- Deferred Prosecution Agreements (DPAs) that delay and ultimately dismiss criminal charges upon compliance with specified conditions
Frequently Asked Healthcare Fraud Questions
What is the difference between a billing error and healthcare fraud?
The defining difference is intent. A billing error — miscoded service, documentation gap, software misconfiguration — may result in an obligation to repay an overpayment, but it is not a crime. Healthcare fraud requires that you knowingly and willfully submit a false claim. Prosecutors must prove that element beyond a reasonable doubt.
Can I go to jail for healthcare fraud?
Yes. Federal healthcare fraud under 18 U.S.C. § 1347 carries a maximum sentence of 10 years per count, increasing to 20 years if serious bodily injury results, and life imprisonment if death results. False Claims Act violations can also generate parallel criminal exposure. That said, conviction is far from automatic, and skilled defense representation can make the difference between prosecution and case closure.
Should I speak to federal agents if they show up at my home or clinic?
No. You have a constitutional right to remain silent and to have an attorney present before any questioning. Federal agents are trained interviewers, and anything you say — even in an attempt to explain or cooperate — can be used against you. Politely decline to answer substantive questions and immediately call a defense attorney. This is not an obstruction; it is your right.
What is a Qui Tam lawsuit?
A qui tam lawsuit is filed by a private individual — called a relator — under the False Claims Act, alleging that a healthcare provider committed fraud against the government. The lawsuit is filed under seal, meaning you may not know it exists. If the government investigates and recovers money, the relator receives a percentage of the recovery. Many major healthcare fraud prosecutions begin with a qui tam complaint filed by a current or former employee.
What happens if I receive a fraud target letter?
A target letter from the DOJ is a formal notice that you are the subject of a federal criminal investigation and that prosecutors believe you may have committed a crime. Do not respond to it without an attorney. Retain federal criminal defense counsel immediately — at Lowther | Walker, we have intervened at the target letter stage and successfully convinced DOJ not to prosecute.
Is the investigation over if the DOJ declines to intervene in a whistleblower lawsuit?
No. Even if the government declines to take over the case, the private whistleblower retains the right to pursue the lawsuit independently. These post-declination suits are increasingly common and frequently result in massive financial settlements.
How does the government find out about billing anomalies?
Federal agencies now rely on advanced artificial intelligence and predictive machine learning to monitor claims in real-time. This allows investigators to flag suspicious clusters, telehealth spikes, and statistical outliers instantly, often before an audit is even officially announced.
Speak With a Federal Healthcare Fraud Defense Attorney
If you have received a subpoena, an audit notice, a target letter, or a visit from federal agents, do not wait. Every hour matters. At Lowther | Walker, we have a decades-long background convincing the DOJ not to prosecute healthcare fraud, including United States v. J.P., et al., our case in which we convinced the government not to prosecute in one of the largest healthcare fraud cases in DOJ history.
Lowther | Walker’s founders, Joshua Lowther and Murdoch Walker, have spent decades intervening in healthcare fraud investigations before charges are filed, dismantling the government’s evidence, and securing outcomes that protect our clients’ practices and their futures. We employ former federal agents from the DEA, OIG, FBI, and IRS-CI to conduct our own investigations, giving us the ability to challenge the government’s case on its own terms.
Our attorneys are available 24/7 to respond to your healthcare fraud matter. Schedule your free healthcare fraud defense consultation
Your consultation is completely confidential. There is no obligation.
