Identity insights are critical in preventing provider enrollment fraud for government programs

Provider fraud in Medicare and Medicaid is a persistent, complex, and costly challenge, threatening the integrity of the nation’s most vital healthcare programs. Fraudulent activities, ranging from billing for services not rendered to kickbacks to identity theft and misuse, cost taxpayers billions of dollars each year, draining critical resources designed to serve the nation’s most vulnerable populations. Proactive fraud prevention not only protects taxpayer resources but also reduces unnecessary friction for honest providers, allowing them to focus on delivering care to beneficiaries without being burdened by excessive oversight or delays.

In this piece, I will focus on one specific aspect of provider fraud that has become increasingly common: provider enrollment fraud. Provider enrollment fraud occurs when individuals or entities falsify information to gain access to Medicare or Medicaid billing privileges. This can include misrepresenting credentials, concealing ownership, or using stolen identities. Once enrolled, these providers can submit fraudulent claims and divert funds intended for legitimate care.

Recent headlines highlight the scale of this challenge. The Justice Department’s takedown earlier this year resulted in 324 defendants charged in connection with over $14.6 billion in fraudulent healthcare schemes and included 96 healthcare providers across the United States.  A nationwide investigation known as “Operation Gold Rush” exposed how criminal networks and transnational groups exploited online portals to buy durable medical equipment companies across the United States, then submitted $10.6 billion in fraudulent claims to Medicare using the stolen identities of over one million Americans.

These cases highlight how identity theft and straw ownership converge and continue to exploit weaknesses in the provider enrollment process. The Government Accountability Office has emphasized the importance of enhanced provider screening and enrollment monitoring, especially after COVID-era waivers.

These findings underscore a core problem: it is becoming increasingly difficult for Medicare and Medicaid to “know their providers” due to fragmented data and complex ownership structures that make schemes like straw ownership more prevalent.  While existing systems such as NPPES, PECOS, and APS play a critical role in the enrollment and monitoring process, gaps between these systems, such as mismatched data, reliance on self-reporting, or delayed updates, can create vulnerabilities that fraudsters find and quickly exploit.

By purchasing existing businesses already approved to bill Medicare, fraudsters exploit self-reported information and verification processes that, while diligent, are limited. They have access to stolen identities to use for billing, but are missing the ability to submit fraudulent claims and receive payment. As illustrated in Operation Gold Rush, criminals buy existing businesses, fail to notify Medicare/Medicaid of the acquisition and then bill the government billions of dollars. Fraudsters have found loopholes and tactics to avoid or delay reporting changes in ownership despite the legal requirement to report such changes within 30 days.  

The Centers for Medicare & Medicaid Services’ (CMS) commitment to “crush fraud, waste and abuse” is a step in the right direction, along with the provision in Public Law 119-21 requiring additional, mandatory checks for providers enrolled in Medicaid.  However, relying heavily on claims and deceased data is reactive and does not tell the whole story of a provider, their networks, and other underlying risk factors. Claims are submitted at a snapshot in time and understanding the behavioral drivers and risks of the provider submitting them is key to preventing fraudulent enrollment, before any billing can occur. To shift towards more holistic and proactive fraud prevention, government agencies should leverage comprehensive identity insights that can reveal the relationships, behaviors, and affiliations behind the claims.

Looking proactively for professional risks such as unreported changes in ownership, criminal history, and misrepresenting credentials allows Medicare and Medicaid to more effectively intervene not only at the time of initial enrollment but also during ongoing monitoring.  

It is important to look beyond just professional risk – fraudulent behavior among healthcare providers often stems from personal behavioral drivers that signal deeper vulnerabilities. Indicators such as bankruptcy, criminal history or financial distress can reveal a provider’s susceptibility to unethical practices, especially when under pressure to maintain operations or income.

The integration of AI and automation offers unprecedented efficiency gains but relies on quality data for effective outcomes. With agencies increasingly asked to “do more with less,” these technologies can provide the robust, detailed analysis required to uncover hidden relationships and networks that manual investigations cannot keep pace with. For identity intelligence to be effective, it must be built on referential data with comprehensive coverage that reflects real-world relationships, behavioral motivations, and personal and professional risks.

An identity-centric approach to risk detection grounded in decades of curated healthcare data enables agencies to screen, verify, and monitor provider entities. By resolving disparate data sets to a unique identity and uncovering hidden relationships, identifying personal risks, and performing data validation, LexisNexis can partner with government agencies to thwart provider enrollment fraud through real-time data analysis, industry-leading referential insights, and superior linking. 

Bringing together professional and personal insights about providers, their networks, and their associations will enable government agencies to protect taxpayer resources, support ethical providers, reduce administrative burden, and ensure beneficiaries receive uninterrupted, high-quality care, building trust in the entire healthcare ecosystem.

For more information on LexisNexis Risk Solutions, visit here.