Medicare Fraud and Abuse: How to Recognize and Report It

Medicare fraud and abuse cost the federal government billions of dollars annually and directly harm beneficiaries through denied legitimate care, identity theft, and corrupted medical records. This page covers how the Centers for Medicare & Medicaid Services (CMS) and the Department of Justice define fraud and abuse within the Medicare program, the mechanisms through which these schemes operate, the most commonly encountered scenarios, and the thresholds that distinguish reportable fraud from billing errors. Understanding these distinctions is essential for beneficiaries, providers, and caregivers navigating the program covered broadly at nationalmedicareauthority.com.

Definition and Scope

Medicare fraud involves intentional deception or misrepresentation made to obtain unauthorized benefits or payments from the program. Abuse refers to practices that are inconsistent with sound fiscal, business, or medical practices and result in unnecessary costs — but without the element of deliberate intent to deceive (CMS Medicare Fraud & Abuse: Prevention, Detection, and Reporting).

The legal architecture governing Medicare fraud is anchored in three federal statutes:

  1. The False Claims Act (31 U.S.C. §§ 3729–3733) — imposes civil liability of up to three times the amount of the false claim plus penalties per false claim (U.S. Department of Justice, False Claims Act).
  2. The Anti-Kickback Statute (42 U.S.C. § 1320a-7b(b)) — prohibits offering, paying, soliciting, or receiving anything of value to induce or reward referrals of items or services covered by federal health care programs.
  3. The Physician Self-Referral Law (Stark Law, 42 U.S.C. § 1395nn) — prohibits physicians from referring patients to entities in which the physician or an immediate family member has a financial relationship.

The Department of Health and Human Services Office of Inspector General (HHS-OIG) estimates that the Medicare program made approximately $36 billion in improper payments in fiscal year 2023 (HHS-OIG Work Plan). Improper payments include both fraudulent claims and unintentional billing errors, so this figure represents the outer boundary of the problem rather than confirmed criminal conduct alone.

How It Works

Fraud schemes targeting Medicare typically exploit three structural features of the program: high claim volume, the trust placed in licensed providers, and the complexity of billing codes that makes individual anomalies difficult to detect quickly.

The mechanics follow a recognizable pattern:

  1. A provider, supplier, or criminal enterprise obtains a Medicare provider number — legitimately or through identity theft.
  2. Claims are submitted electronically using valid beneficiary identification numbers and Current Procedural Terminology (CPT) codes.
  3. Payments are issued before CMS or Medicare Administrative Contractors (MACs) complete full post-payment review.
  4. Funds are withdrawn or transferred rapidly, often before an audit is triggered.

Beneficiary identity theft is a distinct entry point. When a Medicare number is compromised, fraudulent claims can be filed without the beneficiary's knowledge, potentially filling annual coverage limits or contaminating the beneficiary's medical record with false diagnoses. The Medicare Beneficiary Identifier (MBI), which replaced the Social Security number–based Health Insurance Claim Number (HICN) in 2018, reduced one category of identity-based fraud but did not eliminate it (CMS MBI Transition).

Common Scenarios

The following scenarios represent the fraud and abuse patterns most frequently identified by the HHS-OIG and the Medicare Fraud Strike Force, a joint DOJ and HHS initiative operating in 29 geographic regions (DOJ Medicare Fraud Strike Force):

Billing for services not rendered — Claims submitted for appointments, tests, or procedures that never took place. This is the most straightforward form of fraud and accounts for a substantial portion of Strike Force prosecutions.

Upcoding — Billing for a higher-complexity service than was actually performed. For example, billing CPT code 99215 (high-complexity office visit) when a brief, low-complexity encounter occurred.

Unbundling — Submitting separate claims for procedures that Medicare requires to be billed together under a single bundled code, artificially inflating the total reimbursement.

Phantom providers — Enrolling fictitious or deceased physicians as Medicare providers to submit claims, exploiting the lag between provider enrollment and auditing.

Durable medical equipment (DME) fraud — Billing for wheelchairs, orthotic devices, or other equipment that was never delivered, was medically unnecessary, or was ordered through kickback arrangements with physicians.

Home health fraud — Enrolling patients who do not meet the homebound requirement under Medicare Part A or Medicare Part B, then billing for extensive home health services.

Prescription drug fraud — Submitting claims under Medicare Part D for drugs not dispensed or billing brand-name drugs while dispensing generic equivalents.

Decision Boundaries

Distinguishing fraud from billing error is critical because the legal consequences differ sharply. The table below frames the key contrasts:

Factor Fraud Abuse / Error
Intent Deliberate deception Negligent or inadvertent
Legal standard Criminal or civil liability Administrative correction, repayment
Governing statute False Claims Act, Anti-Kickback Statute CMS overpayment recovery rules
Enforcement body DOJ, HHS-OIG, CMS Medicare Administrative Contractors
Outcome Prosecution, exclusion, penalties Repayment demand, corrective action plan

A billing error — such as an incorrect diagnosis code on an otherwise legitimate claim — does not constitute fraud absent evidence of intent. CMS requires providers to return identified overpayments within 60 days of identification under the 60-Day Rule (42 CFR § 401.305); failure to do so converts what may have begun as an error into a potential False Claims Act violation.

Beneficiaries who suspect fraud should review their Medicare Summary Notice (MSN) or online claims history at MyMedicare.gov for unfamiliar charges. Reports can be submitted to the HHS-OIG hotline at 1-800-HHS-TIPS or online at oig.hhs.gov/fraud/report-fraud. The Senior Medicare Patrol (SMP) program, funded through the Administration for Community Living, provides free assistance to beneficiaries in all 50 states in identifying and reporting suspicious activity (SMP Resource Center).

Understanding Medicare rights and protections and the Medicare appeals process equips beneficiaries to respond appropriately when a claim is denied or when suspicious activity appears on a billing statement.

References

📜 5 regulatory citations referenced  ·  🔍 Monitored by ANA Regulatory Watch  ·  View update log

Read Next

Medicare Part A: Hospital Insurance Explained Understanding how Part A works — its cost structure, coverage rules, and enrollment mechanics — is essential for anyone... Medicare Part B: Medical Insurance Explained This page explains the structure, cost mechanics, eligibility boundaries, and common points of confusion around Part B,... Medicare Part D: Prescription Drug Coverage This page covers the structure of Part D plans, how formularies and cost-sharing tiers work, the causal factors driving plan...