Blog
Healthcare Fraud Defense: Protecting Doctors and Providers
The Current Enforcement Environment
Most physicians do not commit fraud. The federal government prosecutes them anyway, and the volume of prosecution has reached a point where that sentence functions less as provocation than as description.
In fiscal year 2025, the Department of Justice reported the highest False Claims Act recoveries in the statute’s history, with healthcare cases constituting the vast majority. The 2025 National Health Care Fraud Takedown charged over three hundred defendants across fifty federal districts. The DOJ’s creation of a Division for National Fraud Enforcement earlier this year, combined with the relaunch of the DOJ and HHS working group last summer, signals that the investigative apparatus is not contracting. One reasonably observes, in these figures, not a crisis response but a permanent institutional posture.
For the provider who bills with care, who maintains compliance protocols, who documents every clinical decision, this volume of enforcement presents a specific problem. The systems designed to identify genuine fraud (data mining, claims analytics, statistical outlier detection) also flag practices whose billing patterns deviate from peer averages for reasons unrelated to dishonesty. A provider who treats a patient population with higher acuity, who practices in a specialty where the coding categories carry genuine ambiguity, will appear in the government’s data no different from a provider who upcodes. What follows depends on who introduces the context first.
How Federal Healthcare Investigations Begin
A healthcare fraud investigation rarely announces itself with urgency. The first indication is often a letter: a request for records from a Medicare Administrative Contractor, a Civil Investigative Demand, or a subpoena from the Office of Inspector General. In some cases, there is no formal notice. The first sign is a conversation with a former employee whose questions, considered afterward, carried a different weight.
The investigative process follows a general sequence, though the government does not always proceed through it in order. CMS and HHS review statistical data generated from billing claims to identify outliers. If a practice’s billing volume, code distribution, or reimbursement patterns deviate from the norm, the deviation triggers a preliminary inquiry. Auditors review records. If the audit produces concerns, those concerns become a formal investigation: subpoenas, search warrants, witness interviews. In the months preceding the 2025 Takedown alone, CMS suspended or revoked billing privileges for over two hundred providers.
What the government does not do, at the preliminary stage, is distinguish between a practice that submits false claims and a practice that simply bills outside the statistical norm. The distinction is, if one is being precise, the entire question. But the distinction requires clinical context that billing data cannot supply: patient acuity, local standards of care, the specific coverage determination the provider was following, the competence and training of the staff who converted clinical services into codes. That context enters the record only if someone introduces it. The earlier it arrives, the more it shapes the investigation’s direction.
Whether the government’s data-driven approach is designed to conflate anomaly with fraud, or whether the conflation is an artifact of operating at this scale, is a question the enforcement statistics do not resolve.
Intent and the Architecture of a Healthcare Fraud Charge
Under 18 U.S.C. § 1347, a conviction for healthcare fraud requires proof that the defendant acted knowingly and willfully. The word willfully performs considerable work in that statute. It demands not merely that the provider submitted a claim, and not merely that the claim contained an inaccuracy, but that the provider understood the claim to be false and submitted it with the purpose of obtaining payment to which the provider knew they were not entitled. Negligence does not satisfy the standard. Recklessness, in most circuits, does not satisfy it either.
This is where the complexity of healthcare billing ceases to function as background and becomes the central fact of the defense. The billing infrastructure that governs Medicare, Medicaid, and commercial insurance is (and this is not rhetorical exaggeration) one of the most intricate regulatory systems in American law. CPT codes, ICD codes, HCPCS codes, local coverage determinations, national coverage determinations, modifier rules, bundling requirements, medical necessity standards that shift between payers and between jurisdictions: a physician’s office may process hundreds of claims in a week, each one requiring a series of coding decisions that are, in many instances, judgment calls rather than binary determinations.
The government’s theory in a typical upcoding case is that the provider selected a higher reimbursement code than the documentation supported. The defense, in the cases this firm has handled, often reveals something less dramatic and less culpable: a provider who followed an interpretation of a coding guideline that was reasonable at the time, or a billing department that applied a modifier in a manner that two certified coders would dispute, or a documentation practice that satisfied one payer’s standards while falling short of another’s. The Sixth Circuit’s decision in United States v. Clay last December, which held that healthcare fraud restitution must be limited to actual loss and required proper apportionment under the MVRA, reflects an appellate recognition that not every dollar in a fraud prosecution represents a dollar of intentional wrongdoing.
The gap between what the government characterizes as a scheme and what occurred inside the practice is, in our experience, where most healthcare fraud cases are determined. The question is whether the errors reflect intentional deception, or whether they are the predictable product of a billing system that is, by any measure, unreasonably complex. Every billing record of sufficient size contains errors. The government knows this. The question is what the errors signify.
I am less certain than the preceding paragraph implies that every jurisdiction draws the line in the same place. The Supreme Court’s analysis in SuperValu regarding subjective intent under the False Claims Act has clarified certain standards, but the lower courts continue to diverge on how much weight to assign a provider’s stated belief about compliance when the government presents evidence that the belief was unreasonable. The law on this point is not settled in the way that a definitive statement would require. What we can say is that the intent defense succeeds most often when it is supported not by argument alone but by contemporaneous documentation: compliance manuals followed, legal opinions obtained, coding audits performed before the government arrived.
Civil and Criminal Pathways
Not every healthcare fraud investigation concludes in a criminal prosecution. The civil track, under the False Claims Act, imposes penalties and treble damages; the criminal statutes impose incarceration. A case that begins as a billing audit can travel in either direction, and the factors that determine which path it follows are not always visible to the provider. The existence of a compliance program, the provider’s cooperation with the investigation, the volume and pattern of the billing anomalies, and the provider’s willingness to address prior warnings all influence the government’s calculus.
Channeling a case from the criminal to the civil track is, in practical terms, the most consequential thing a defense attorney can accomplish in a healthcare fraud matter. When the underlying conduct involves coding ambiguities or documentation deficiencies that the provider believed in good faith to be compliant, the argument for civil resolution carries weight. The firm’s role, at that stage, is to present the clinical and regulatory context that the data alone cannot supply, before the government commits to a theory it will be reluctant to abandon.
Timing and Early Intervention
In 2019, before the current wave of data-driven enforcement reached its present velocity, a provider who received an audit letter could treat it as an administrative inconvenience. That assumption was incorrect then. It is more dangerous now, because the government’s investment in analytics and interagency coordination has compressed the distance between a preliminary inquiry and a formal investigation.
The provider who receives a CID or subpoena has already been identified as a statistical outlier. The investigation may have proceeded for months. The government has examined the billing data, formed preliminary conclusions, and constructed a narrative. By the time the provider becomes aware, the narrative has momentum.
What happens next is almost always the same. The provider calls the billing company. Calls the insurer. Speaks to colleagues. Attempts to assemble a defense from inside the situation, as if the problem is a misunderstanding that a phone call will correct.
Sometimes they contact an attorney whose practice does not include federal healthcare fraud defense, and that attorney provides advice calibrated to a different category of risk.
The sequence matters. A response to a Civil Investigative Demand carries legal consequences. Documents produced, statements made, and positions established in the initial stages of an investigation constrain every option that follows. The provider who retains experienced counsel before responding to the first formal request possesses options that the provider who waits will not.
- Assemble the billing data, clinical documentation, and compliance records for the period in question.
- Identify the specific codes, modifiers, or billing patterns that triggered the inquiry.
- Retain counsel with experience in federal healthcare fraud defense before producing any documents or making any statements.
Consultation begins with a review of the billing data, the documentation, and the clinical rationale for the services at issue. From that review, a strategy takes shape: engage the government with context, demonstrate compliance efforts, and, where the record supports it, identify the specific deficiencies and propose remediation. The conversation between attorney and provider need not assume the worst outcome. It assumes only that the government’s investigation, left unanswered, will proceed on the government’s terms. A first call costs nothing and imposes no obligation. The assessment is more useful the earlier it occurs.