AMARILLO, TX – As part of its ongoing responsibility to identify and combat fraud, waste, and abuse of the Medicare Trust Fund, the Centers for Medicare & Medicaid Services (“CMS”) is always looking toward the industry and key industry players for input on how to enhance program integrity and compliance.

Together with the federal Medicaid funding deferral and DMEPOS enrollment moratorium set forth in the February 25, 2027, CMS Press Release entitled “Trump Administration Prioritizes Affordability by Announcing Major Crackdown on Health Care Fraud”, CMS announced a Request for Information (“RFI”) related to the Comprehensive Regulations to Uncover Suspicious Healthcare (“CRUSH”) initiative.

Specifically, the RFI “seeks input from a broad range of stakeholders – including states, providers, suppliers, payers, technology companies, patient advocates, beneficiaries, and others – on ways to strengthen CMS’ ability to prevent, detect, and respond to fraud, waste, and abuse, and program inefficiencies in Medicare, Medicaid, the Children’s Health Insurance Program (CHIP), and the Health Insurance Marketplace.” Comments were due to CMS by March 30, 2026, to be considered for the CRUSH initiative, but the topics raised provide helpful insight into the enforcement and regulatory focus of CMS in the near future.

The summary below focuses on compliance topics most relevant to DMEPOS providers and highlights key takeaways from CMS’s RFI:

Program Integrity Requirements
Currently, CMS, in partnership with the Office of Inspector General (“OIG”) and the Department of Justice (“DOJ”), has various tools at its disposal to prevent, identify, and enforce against fraud, waste, and abuse. But, to “strengthen its fraud-fighting toolbox,” the RFI requests comment regarding (paraphrased):

• How to improve its oversight and enforcement undertakings, including but not limited to modifications of the enrollment or claims review processes, or of CMS policies or guidance documents
• Input on whether CMS should pursue delegating authority to Medicare Advantage (“MA”) organizations and Part D plan sponsors to suspend payments to providers and suppliers under certain circumstances
• Options for analytics, methodologies, or data-driven approaches to better identify fraud, waste, and abuse

Key takeaways
• We anticipate that CMS will continue to implement the use of data analytics (and potentially Artificial Intelligence) to identify claim submission patterns and other red flags for non-compliance
• CMS may be looking to increase (and delegate, with limitations) its enrollment revocation and billing suspension authority

Enhanced Identity Proofing and Ownership Requirements
The RFI focuses on soliciting input related to the impact of fingerprinting/background checks for controlling interests and/or affiliates of select providers and suppliers and proposes citizenship/residency requirements for owners and controlling interests in Medicare-enrolled providers and suppliers.

Key takeaways
We may see additional enrollment criteria with regard to ownership and controlling interests, especially for a provider/supplier organization that is part of the “high” risk category as described in 42 CFR 424.518, such as DMEPOS suppliers.

Preclusion List and Medicare Advantage Enrollment Requirements
The RFI explains that “CMS has observed that providers and suppliers revoked from Traditional Medicare for [reasons other than those considered detrimental to the best interests of the Medicare program] often shift their billing operations to MA plans, where they can continue to submit claims and receive payment.” The RFI solicits input on how to identify providers/suppliers that take advantage of this gap to “circumvent CMS oversight” and suggests that a Fee-for-Service enrollment requirement for participation in MA plans is one option under review.

Key takeaways
Providers that have had their Fee-for-Service Medicare enrollment revoked may be at risk for removal from MA plan participation. To best mitigate this risk as CMS considers its options related to this issue, upon receipt of any notice of revocation from CMS, providers/suppliers should undertake every option available to dispute the revocation to best preserve its future ability to submit claims to both Fee-for-Service Medicare and MA plans.

Reducing Risks From Non-Participating DMEPOS Suppliers in Medicare Advantage
The RFI notes that “The OIG and MA organizations have identified that non-participating DMEPOS suppliers are fraudulently billing MA plans for millions of dollars of services not rendered and not needed.” As a result, the RFI requests feedback on best practices a MA organization may utilize to bolster its proactive fraud, waste, and abuse, detection and prevention activities. One particularly interesting option under consideration is whether MA organizations should be permitted to require that DMEPOS suppliers be accredited and enrolled (in a manner similar to Fee-for-Service enrollment) to require, and better ensure, that such suppliers satisfy the supplier standards set forth in 42 C.F.R. 424.57(c).

Key takeaways:

• We may see a more robust application of the DMEPOS Supplier Standards to MA plan participants, and an increase in the MA organization’s scrutiny of non-participating DMEPOS suppliers.
• This compliance topic, and the related conclusions cited in the RFI, appear to have been drawn from an OIG report entitled Durable Medical Equipment Fraud and Safeguards in Medicare (Project Number: OEI-02-24-00310) that is still in progress (the “Report”). Importantly, while the RFI conclusion alleges fraudulent billing by non-participating DMEPOS suppliers, the Report pertains to non-enrolled DMEPOS suppliers’ submission of claims to MA plans. A non-participating supplier is one that does not accept assignment on all claims for Medicare-covered items; however, even non-participating suppliers must be enrolled in Medicare. Therefore, there appears to be a disconnect between the alleged fraudulent billing (carried out by non-participating providers, as alleged by the RFI), and the evidence upon which the allegation is based (i.e. the Report data concerning non-enrolled providers). The Report is estimated to be completed in 2026. CMS may modify its approach to updating the regulatory landscape with respect to DMEPOS claim submissions to MA plans based on the final Report and comments received from the RFI.

The CRUSH Initiative seems to contemplate other areas to combat fraud, waste, and abuse (including but not limited to restrictions on unsolicited DMEPOS Supplier contact with Medicare beneficiaries, use of data analytics to enhance accuracy of billing and incidents of over/under payments, and imposing shorter claim filing deadlines), which, along with the topics discussed herein, may require DMEPOS suppliers to closely review and update their compliance programs regularly. Though it is unclear how CMS will respond and implement the guidance and recommendations provided by the industry, broad regulatory changes to provider enrollment standards and Medicare Advantage plan oversight and operations, as well as the increased use of data analytics technologies, might be on the horizon. 

Phuong D. Nguyen, Esq., is a member of the Health Care Group at Brown & Fortunato, PC, a law firm with a national healthcare practice based in Texas. He represents pharmacies, infusion companies, HME companies, manufacturers, and other healthcare providers throughout the United States. Mr. Nguyen can be reached at (806) 345-6307 or [email protected].  

Kianna L. Sitarski, Esq., is a member of the Health Care Group at Brown & Fortunato, PC, a law firm with a national healthcare practice based in Texas. She represents pharmacies, infusion companies, HME companies, manufacturers, and other healthcare providers throughout the United States. Ms. Sitarski can be reached at (972) 684-5788 or [email protected].