Payors and Providers Take Note: Health Care Fraud and Abuse Trends to Know in 2026
In 2026 so far, the U.S. Department of Health and Human Services' Office of Inspector General (OIG) and Department of Justice's (DOJ) fraud and abuse enforcement efforts are at an all-time high, attributable in part to the OIG and DOJ's use of artificial intelligence (AI) systems to assist in monitoring and penalizing providers. The DOJ also reported record-breaking False Claims Act recovery numbers in fiscal year 2025. Fiscal year 2026 is on track to result in the same financial recoveries for the federal government. What hasn't changed: the onus is still on providers to ensure they are implementing proactive strategies to maintain compliance and avoid harsh penalties and reputational harms.
Q1 Fraud and Abuse Settlements and Cases:
What can we glean about the DOJ and OIG's areas of focus from fraud and abuse cases filed in the first quarter of 2026? Below we summarize five cases, including two of the largest settlements to date, both of which involve goliath payors—Kaiser Permanente (Kaiser) and Aetna. The Kaiser and Aetna settlements represent a strategic shift in federal enforcement to target large-scale fraud in payors' risk adjustment practices.
1. Kaiser Permanente Settlement
The Kaiser settlement is the largest False Claims Act settlement involving Medicare Advantage claims in history. On January 14, 2026, Kaiser Permanente and the DOJ entered into a settlement whereby Kaiser agreed to pay $556 million to resolve allegations that it violated the False Claims Act by submitting roughly 500,000 unsupported diagnosis codes for Medicare Advantage beneficiaries from 2009 to 2018 in an effort to increase its Medicare reimbursement. The unsupported codes caused patients' risk scores under the Medicare Advantage risk adjustment model to balloon, resulting in Kaiser receiving a greater Medicare reimbursement than it was entitled to. As part of its scheme, Kaiser allegedly pressured providers to retroactively add unsupported diagnosis codes to patient records, oftentimes months or years after the patient visits occurred.
2. Aetna Inc. Settlement
A few months after the Kaiser case, on March 11, 2026, Aetna settled a similar case with the DOJ regarding alleged Medicare Advantage "upcoding" that violated the False Claims Act. The DOJ alleged that Aetna engaged in a pattern of submitting inaccurate and more expensive diagnosis codes for Medicare Advantage enrollees, thereby inflating Medicare reimbursement to Aetna.
The DOJ found that in 2015, Aetna conducted internal “chart reviews” that identified additional billing codes that the charts supported (but were not billed), as well as other billed codes that the charts had not supported. Aetna allegedly "cherry-picked" the data by submitting new codes for additional payments after the chart review but not withdrawing and repaying claims for the codes that were inaccurate and unsupported by the chart review.
Additionally, from 2018 to 2023, in an effort to increase Centers for Medicare & Medicaid Services (CMS) payments for Medicare Advantage beneficiaries, Aetna submitted inaccurate and false diagnosis codes indicating morbid obesity for patients. The medical records for many patients diagnosed as morbidly obese evidenced a Body Mass Index reading inconsistent with morbid obesity.
Aetna ultimately settled with the DOJ and agreed to pay $117.7 million to resolve the False Claims Act violations.
The Kaiser and Aetna settlements are indicative of the federal government's inclination to investigate Medicare Advantage plans and billing practices. Payors and providers alike should take note of fraudulent risk-adjustment practices and the importance of coding honestly with medical necessity as the guidepost. It seems likely that the federal government will continue to pursue risk-adjustment upcoding as its biggest health care fraud initiative and pursue large recoveries that may be financially damaging to some plans.
The federal government has also prioritized enforcement of "upcoding" by individual providers that bill for a higher acuity or more expensive service than what was actually rendered to a patient, resulting in higher payments to the provider for the service.
3. Keith Gray Case
Keith Gray owned two clinical laboratories—Axis Professional Labs LLC (Axis) and Kingdom Health Laboratory LLC (Kingdom)—that billed Medicare for cardiovascular genetic tests. Gray allegedly offered and paid kickbacks to marketers in exchange for their referral of Medicare beneficiaries' DNA samples, personally identifiable information (including Medicare numbers), and signed test orders from medical providers authorizing the medically unnecessary genetic tests.
The marketers would engage other telemarketing companies to solicit Medicare beneficiaries and "doctor chase," whereby the companies would obtain the identity of beneficiaries' primary care physicians and pressure the physicians to approve the medically unnecessary genetic tests for patients who had "qualified" for the testing based on phone calls with non-medical personnel (not physicians) who worked for the telemarketing companies. Gray paid the companies for their efforts but disguised the payments as marketing and software fees.
In sum, Gray's scheme resulted in $328 million billed to Medicare for the genetic tests and almost $54 million in direct payment before it was uncovered. Gray was convicted by a federal jury in February 2026 of five counts of Anti-Kickback Statute violations and three counts money laundering and is awaiting sentencing.
4. Michael Taba Case
Michael Taba, M.D., an orthopedic surgeon, allegedly orchestrated a kickback scheme whereby he accepted millions of dollars in kickbacks from pharmacy owners to prescribe medically unnecessary compound creams to injured federal workers. The compounded pain creams were then billed to the Department of Labor’s workers’ compensation program (DOL-OWCP) and to Blue Cross Blue Shield. Many of the prescriptions were written for patients Taba had never actually seen.
The creams were allegedly compounded at the pharmacies by untrained teenagers at a cost to the pharmacies (also defendants in the case) of around $15 per prescription and then billed to the DOL-OWCP for roughly $16,000 per prescription. Between 2014 and 2017, the pharmacies billed the DOL-OWCP and Blue Cross Blue Shield more than $145 million for the creams and were reimbursed more than $90 million for the prescriptions.
In February 2026, Michael Taba was sentenced to 102 months in federal prison and ordered to pay more than $13 million in restitution. This case is notable because it proves that federal watchdogs care about all federal health care programs—not just Medicare, Medicaid, and TRICARE.
5. Kinex Medical Company, LLC Settlement
Kinex Medical Company, LLC (Kinex) sells and distributes durable medical equipment (DME) to patients across the country. From 2019 to 2024, Kinex allegedly provided medically unnecessary knee, shoulder, and hip braces to beneficiaries covered by Medicare, TRICARE, the Federal Employees Health Benefits Program (FEHBP), and the DOL-OWCP and billed the federal payors for the braces. Kinex allegedly induced patients to accept the braces by waiving patient co-pays for the braces and giving patients other free DME. The federal government alleged that Kinex violated the False Claims Act by submitting the false claims to federal payors. Kinex ultimately paid nearly $7 million to resolve the allegations and also entered into a Corporate Integrity Agreement with the OIG.
In sum, the first two cases demonstrate the DOJ and OIG's newfound interest in the actions of large payors, while the last three cases prove the DOJ and OIG's steadfast commitment to their bread and butter—rooting out old fashioned kickbacks and false claims.
Compliance Tips:
The above cases and settlements are just a sampling of the types of cases that the federal government is pursuing and that are actionable under federal fraud and abuse laws. While the schemes set forth above are varied, they demonstrate that compliance is key in 2026's high-scrutiny health care environment. Payors and providers alike must move beyond “checkbox” compliance and adopt a proactive culture of compliance that permeates their workforces.
To create a culture of compliance, organizations must implement and document intentional internal and external auditing activities. They should also continue to develop comprehensive Compliance Plans based on the OIG's "Seven Elements" framework, which remains the standard in the health care industry. The OIG Seven Elements of an Effective Compliance Program are as follows:
- Written Policies and Procedures
- Compliance Leadership and Oversight
- Training and Education
- Effective Lines of Communication with the Compliance Officer and Disclosure Program
- Enforcing Standards: Consequences and Incentives
- Risk Assessment, Auditing, and Monitoring
- Responding to Detected Offenses and Developing Corrective Action Initiatives
Additionally, organizations should consider the following to create a culture of compliance:
- Implement consistent training for personnel; draft relevant policies for personnel; encourage a reporting culture; and actively monitor, assess, and respond to organizational risks.
- Conduct regular Risk Assessments of their organizations and the unique financial, operational, and clinical risks facing the organization.
- Ensure cybersecurity is part of every risk assessment in this new age of technological threats.
- If/when a risk assessment identifies a code that is frequently billed, ensure documentation validates the medical necessity of the code. Another tip is to regularly compare your E/M (Evaluation and Management) volumes against national and regional averages. Organizations that are billing in high percentiles for certain codes are positioning themselves to be an easy Unified Program Integrity Contractor (UPIC) audit target.
- Document training offered to providers on common billing mistakes to prove to the federal government that the organization is not willfully engaging in problematic billing practices.
For more information about the OIG and DOJ's recent enforcement actions, please contact a member of Shumaker's Health Law Service Line.