The Government Is Using AI to Find Fraud. Are You Using AI to Prevent It?

On March 3, the House Energy and Commerce Committee sent letters to the governors and health agency leaders of 10 states — California, Colorado, Massachusetts, Maine, Nebraska, New York, Oregon, Pennsylvania, Vermont, and Washington — demanding detailed records on Medicaid fraud, improper payments, provider screening, and enforcement activity.

States that cannot demonstrate adequate program integrity controls risk the same consequences Minnesota experienced earlier this year: deferred federal Medicaid funding.

The letters follow a February 3 Congressional hearing titled “Common Schemes, Real Harm: Examining Fraud in Medicare and Medicaid,” where witnesses named Applied Behavioral Analysis, a therapy oft described as the gold standard treatment for children with autism spectrum disorder, and substance abuse treatment as programs with “high rates” of fraud and abuse.

The actions are notable because they signal a shift in how lawmakers are thinking about fraud.

Previously, Medicaid and Medicare fraud enforcement efforts have focused primarily on identification of bad actors after the fact.

Last year, for example, the Department of Justice announced a multi-billion dollar fraud takedown targeting providers who had engaged in kickbacks, internal schemes to upcode, or had billed services never rendered. Earlier this year, federal prosecutors identified widespread fraud in Minnesota, including shell companies, doctors fabricating diagnoses, and practices employing unqualified staff.

Now, lawmakers are trying to identify fraud, waste, and abuse upstream. During the recent hearing and in the March 3 letters, lawmakers told providers they intend to detect fraud, waste, and abuse before it occurs.

"We applaud law enforcement efforts that investigate and prosecute fraud, but we can save more money by detecting and preventing fraud before it occurs, rather than paying and chasing funds after they are paid to criminals," said Congressman John Joyce.

They will use AI to do so. Federal and state watchdogs are boosting their AI investments to aid oversight of behavioral health billing.

As the government leans on technology to audit, providers must also invest in tech-enabled compliance to protect their clinical documentation and revenue.

What the Letters Actually Asked

The 10 congressional letters asked states to answer specific questions about Medicaid activity from January 1, 2021 through the present. They asked about improper payment rates and recovery efforts, how providers are screened and revalidated, what steps are being taken to sanction or disenroll fraudulent providers, and how criminal referrals are being made to law enforcement.

The letters also explicitly ask whether states use AI or data analytics to detect irregular claims. That question signals lawmakers consider automated oversight a table stakes expectation for any state that wants to demonstrate adequate program integrity — not an advanced capability, not a nice-to-have.

The implication for providers is direct. If states are now being evaluated on whether they use AI to monitor claims, providers who bill into those state programs will face scrutiny from AI systems. This means gaps in documentation will become more obvious, including vague language, copy and pasted notes, contradictions between documentation types, and logical gaps in session notes.

The Quiet Part, Said Out Loud

As scrutiny of ABA and behavioral health increases, payers will assume there are documentation errors to be found.

“I think I would be concerned about a state that didn’t have any cases of fraud. That would suggest to me that they weren’t looking," Vermont’s Medicaid director, responding to the congressional letter her state received.

Investigations leveraging AI are more likely to turn up documentation problems than manual reviews because they can surface errors that are more difficult to see, like copy-pasted notes.

Providers likewise should check that their compliance processes are thoroughly reviewing documents to find all possible problems, and not rely on the peace of mind offered by a few successful manual spot checks.

This is particularly pressing because the federal government is open-sourcing claims data and inviting everyone to hunt for fraud.

Plus, the cost of delaying systematic, thorough review becomes larger the longer it's put off.

For example, Maine had not conducted a statewide post-payment review of ABA providers since its program began in 2010. For fifteen years, no one looked. The OIG looked — and found $45.6 million in confirmed improper payments.

Then Came CRUSH

In February, the Trump administration staged a White House press event with Vice President Vance, HHS Secretary Kennedy, and CMS Administrator Dr. Oz to announce what may be the most aggressive coordinated anti-fraud posture in a decade. At its center is the CRUSH initiative — Comprehensive Regulations to Uncover Suspicious Healthcare — a formal CMS regulatory effort that is now accepting stakeholder input through March 30, 2026.

The stated philosophy is a shift from “pay and chase” to “detect and deploy.” Secretary Kennedy described it as replacing retrospective recoupment with real-time fraud prevention using advanced AI tools.

Administrator Oz put it more bluntly: “CMS is done trying to catch fraudsters with their hands in the cookie jar — instead, we’re padlocking the jar and letting them starve.”

The CRUSH Request for Information covers more than a dozen high-priority areas, including enhanced provider enrollment screening, ownership disclosure, behavioral health services oversight, AI-assisted coding, and state Medicaid program integrity coordination. It is designed to inform a formal proposed rule — the CRUSH Rule — which would represent the most significant CMS anti-fraud rulemaking in years.

Separately, DOGE-HHS released what it called “the largest Medicaid dataset in agency history” — provider-level claims data by billing provider, procedure code, and month, spanning 2018 through 2024 across fee-for-service, managed care, and CHIP claims.

The intent was explicit: crowdsource fraud detection. Third-party tools connecting that dataset to the NPI Registry — enabling easy lookup of provider addresses and contact information — appeared within days.

The AI Arms Race

The compliance environment is shifting from retroactive review to proactive hunting, enabled by AI.

CMS suspended $5.7 billion in suspected fraudulent Medicare payments in 2025 using advanced analytics and cross-agency coordination. Anyone can join the fight against fraud now that DOGE and HHS published provider-level billing data. Congressional leaders are demanding states deploy AI in their fight against fraud. The Trump administration has said publicly that it intends to make fraud detection real-time and pre-payment, not retrospective.

The window between a billing deficiency and an enforcement action is closing.

Providers who have historically relied on the old rhythm — bill now, respond to audits later, clean up on recoupment — are operating on borrowed time. The model that replaces it asks a harder question: is every note defensible before it is billed?

What This Means in Practice

The CRUSH initiative is still in the comment period. The congressional investigation will take time to produce results. But both send the same signal: the federal government is building infrastructure to identify compliance problems faster and at greater scale than it ever has before, and it is making no secret of the tools it intends to use.

Providers who wait for that infrastructure to reach them are making a choice. The providers who are best positioned are the ones who are already asking the same questions that infrastructure will eventually ask — on every chart, before every bill.

Vermont’s Medicaid director was right. An absence of flagged problems is not proof of compliance. It is a signal that no one is looking hard enough. The government is now looking very hard. The question for ABA and behavioral health providers is whether they are looking at their own documentation with the same rigor — and whether they are doing it before the audit, or after.

The best practices will vet their own documents pre-billing, leveraging AI to systematically check every document that goes out the door.