HCFAC Turns 25 & Continues to Thrive in the Fight Against Fraud

Posted by Joe Stefansky on August 23, 2022 in HIPAA,

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established a national Health Care Fraud and Abuse Control Program (HCFAC or Program) under the joint direction of the Attorney General and the Secretary of the Department of Health and Human Services (HHS), acting through the Inspector General. HCFAC was designed to coordinate federal, state, and local law enforcement activities with respect to health care fraud and abuse. In its 25th year of operation, the Program’s continued success confirms the soundness of a collaborative approach to identifying and prosecuting the most egregious instances of health care fraud, preventing future fraud and abuse, and protecting program beneficiaries.

Comparison of HCFAC Performance in Recent Years

As noted below, HCFAC’s performance continues reflect its successes through the collaborative work of the DOJ, HHS-OIG, the FBI and other agencies. A comparison of the last three fiscal years’ performance is illustrative. One striking statistic for this work: The return on investment (ROI) for the HCFAC program over the last three years (2019–2021) is $4.00 returned for every $1.00 expended.

Health Care Fraud Judgements & Settlements (J&S)>$2.6 billion>$1.8 billion>$5.0 billion
Return to Feds (from current and prior years’ J&S)$3.6 billion$3.1 billion$1.9 billion
Enforcement Actions
New Criminal Health Care Fraud Investigations10601,148831
Criminal Cases Filed485412462
Criminal Convictions528440312
New Civil Health Care Fraud Investigations1,1121,079805
Pending Civil Health Care Fraud Investigations at YE1,3431,4981,432
Operational Disruptions of Criminal Fraud Orgs558407559
Dismantled Criminal Enterprises151101107
Criminal Actions related to Medicare/Medicaid Fraud747578504
Civil Actions related to Medicare/Medicaid Fraud684781669
Crimes related to Medicare or Medicaid1,194891569
Crimes related to other health care programs335316267
Crimes related to beneficiary abuse or neglect238230145
Exclusion due to state licensure revocations576509536

OIG Enforcement Highlights from 2021 Related to COVID-19

The COVID-related waivers and flexibilities necessitated to ease care delivery challenges in 2020 also created new fraud risks in federal health programs. Using fraud, waste, and abuse mitigation strategies including data analyses and studies, targeted investigations, and the development of new fraud prevention models and edits, CMS, DOJ, HHS-OIG, and other law enforcement agency partners worked together to investigate and prosecute frauds from identified risks and related schemes. The influx of new fraud schemes included:

  • Additional, unnecessary services: Offering COVID-19 tests to Medicare beneficiaries in exchange for personal details, including Medicare information, when the services are unapproved and illegitimate. The personal information collected can be used to fraudulently bill federal health care programs and commit medical identity theft.
  • Telehealth fraud: Fraudsters are targeting beneficiaries in a number of ways, including telehealth for Evaluation and Management up-coding or services not rendered, telemarketing calls, text messages, social media platforms, and door-to-door visits. Telemedicine has been used to facilitate fraud schemes for unnecessary services.
  • Unnecessary laboratory testing: Performing additional tests when conducting COVID-19 tests, such as expensive tests or services that may or may not be related to COVID-19. For example, some laboratories are billing a COVID-19 test with other far more expensive tests, such as Respiratory Pathogen Panels (RPP), which test for a variety of respiratory infections along with COVID-19, and antibiotic resistance tests. Other potentially unnecessary tests being billed along with COVID-19 tests include allergy, genetic and cardiac panel testing. Some laboratories are also billing respiratory, gastrointestinal, genitourinary, and dermatologic pathogen code tests.
  • Health care technology schemes: False and fraudulent representations about COVID-19 testing, treatments, or cures that are used to defraud federal health programs.

The National Rapid Response Strike Force (NRRSF) has led the Department’s efforts to combat health care fraud arising from the COVID-19 pandemic. The NRRSF leads the COVID-19 Working Group, which is chaired by the Criminal Division’s HCF Unit, and comprised of leadership from over 10 key government agencies, including the FDA, HHS, CMS, the Small Business Administration (SBA), the VA, FBI, the DEA, and Homeland Security Investigations (HSI). The purpose of the Working Group is to identify, investigate, and prosecute COVID-19 health care fraud schemes, and enable coordination, deconfliction, and efficient staffing of COVID-19 health care fraud investigations. The work of the Strike Force and the Working Group included the 2021 COVID-19 Health Care Fraud Enforcement Action, which resulted in charges against 14 defendants in seven federal districts across the United States for their alleged participation in various health care fraud schemes that exploited the COVID-19 pandemic and resulted in over $143.0 million in false billings.

Other Highlights of HHS-OIG 2021 Enforcement Activities

Exclusion from Federal Health Care Program Participation. The HHS-OIG has been actively engaged in many inter-agency activities, including the Strike Forces noted above. HHS has also pursued other enforcement activities to assure that the providers, suppliers and entities who participate in federal health care programs meet the high standards required to serve Medicare and Medicaid patients.   One mechanism that HHS-OIG uses to safeguard program beneficiaries and help ensure the quality of care provided to them is excluding providers and suppliers who have engaged in crimes related to Medicare or Medicaid, patient abuse or neglect, financial misconduct, controlled substances, or as a result of license revocation. In FY 2021, HHS-OIG excluded a total of 1,689 individuals and entities.

The effect of an HHS-OIG exclusion is that no federal health care program payment may be made for any items or services furnished: (1) by an excluded person or (2) at the medical direction or on the prescription of an excluded person. HHS-OIG completed the deployment of a new service for MFCUs to report convictions through a central web-based portal for exclusion. HHS-OIG is also responsible for reinstating providers who apply and have met the requirements of their exclusions.

Civil Monetary Penalties.  HHS-OIG has the authority to seek CMPs, assessments, and exclusions under the Civil Monetary Penalties Law (CMPL) against an individual or entity based on a wide variety of prohibited conduct. In FY 2021, HHS-OIG closed cases involving more than $79.9 million in CMPs and assessments.

HHS-OIG brings CMP cases to emphasize HHS-OIG guidance, enhance HHS-OIG work such as audits and evaluations, and fill enforcement gaps.  HHS-OIG uses its CMP authorities in three common ways: (1) false claims and kickback affirmative enforcement, (2) Emergency Medical Treatment and Labor Act (EMTALA) enforcement, and (3) the Self-Disclosure Protocol.

Affirmative Litigation and Exclusion. HHS-OIG may seek a CMP or exclusion against an individual or entity that presents claims to federal health care programs that the individual or entity knows or should know are for items or services that were not provided as claimed or were false or fraudulent. HHS-OIG may also seek a CMP or exclusion against an individual or entity that knowingly and willfully violates the Anti-Kickback Statute by: (1) offering or paying remuneration, directly or indirectly, to induce referrals of federal health care program business; or (2) soliciting and receiving remuneration, directly or indirectly, in return for referrals of federal health care program business. In FY 2021, HHS-OIG recovered more than $9.2 million in false claims and kickback affirmative enforcement actions. HHS-OIG also excluded 39 individuals and entities from participation in federal health care programs based on allegations of false claims and kickbacks.

Recoveries Following Self-Disclosure. The HHS-OIG maintains the Self-Disclosure Protocol (the Protocol) whereby providers may voluntarily identify, disclose, and resolve instances of potential fraud involving federal health care programs for resolution under the CMPL. The Protocol incentivizes persons to detect and prevent fraud internally and to bring potential fraud to HHS-OIG’s attention. Under the Protocol, HHS-OIG provides these persons with speedy resolutions, reduced CMPs, and other benefits compared to affirmative cases brought by HHS-OIG or DOJ for similar conduct. HHSOIG collected $70.5 million under the Protocol in FY 2021.

Corporate Integrity Agreements.  Many health care providers elect to settle their cases before litigation. HHS-OIG provides information on its website that identifies how it evaluates future risk to federal health care programs from providers who settle health care fraud cases (called the Fraud Risk Indicator). As part of the settlements, providers often agree to enter into CIAs with HHS-OIG to avoid exclusions from Medicare, Medicaid, and other federal health care programs. Under a CIA, a provider commits to establishing a compliance program and taking other specified steps to ensure future compliance with federal health care program rules. The compliance programs are designed, in part, to prevent future fraud. HHS-OIG monitors providers’ compliance with these agreements. Parties to CIAs are required to disclose certain “reportable events” which may implicate HHS-OIG’s CMP authorities. HHS-OIG may impose penalties on entities that fail to comply with the requirements of their CIAs, as shown below. HHS-OIG collected more than $500,000 through CIA enforcement.


In its 25th year, the HCFAC continues to be a vital part of the federal fraud prevention, detection and enforcement infrastructure that supports the work of both state and federal regulatory agencies.

The table above only reflects the high-level outcomes of the work of many agencies. This article highlights only selected areas of work in 2021. The 2021 HCFAC report provides a summary of that work but cannot reflect the detail and the many hours and resources expended to combat fraud in its myriad of forms. To fully understand the work of the HHS and CMS, FDA and other agencies in 2021 to prevent fraud, and to support state Medicaid programs’ efforts to detect and address fraud in state programs, as well as the work of other agencies, a full review of the report is required.

About Joe Stefansky

About Joe Stefansky

Joe Stefansky has a keen sense of business opportunities in complex problems, using technology to transform difficulty into efficiency. The CEO and founder of Streamline Verify specializes in solving compliance, legal and administrative issues through intuitively designed software that reduces costs and saves time.

Related Articles

Arizona Medicaid Exclusion

September 14, 2016

Arizona Exclusion The Arizona Health Care Cost Containment System (AHCCCS) Office of Inspector General takes on the task of safeguarding the state’s Medicaid Program which amounts to $9 billion. Its...

Medicare expands mental health access ...

March 28, 2023

A recent and exciting CMS Medicare update for both benefit recipients and healthcare practitioners is that legislation that included expansion to mental health access was signed into law on December 2...


February 7, 2022

On January 19, 2021, sweeping new regulations related to both the CMS Physician Self-Referral Law (Stark) and OIG’s Anti-Kickback Statute (AKS) went into effect, notwithstanding technical issuance d...

Understanding OIG Exclusions

OIG Exclusions Screening Process

Exclusion FAQS

Quick OIG Exclusion Basics

Employing Excluded Individuals

Consequences to Employing an Excluded Individual

OIG Compliance Law

Laws and Publications on OIG Compliance

More Compliance Resources

Our Culture

We build the best, so you can perform at your best.

Trusted for Good Reason

  • ✓ Guaranteed accurate
  • ✓ Certified Secure
  • ✓ Audit Proof
  • ✓ Feature-rich reporting
  • ✓ Round the clock real-time-data
  • ✓ Processing fully automated

Security First

  • ✓ Cloud hosted
  • ✓ Encrypted data
  • ✓ Real-time backups

Trusted for Accuracy

  • ✓ Physical security
  • ✓ Restricted access
  • ✓ Single sign-on
  • ✓ Password security
  • ✓ Certified secure
  • ✓ Cross checking




Average workload reduction by implementing the Streamline Verify program



Establishments trust Streamline Verify nationwide



Serving the healthcare industry’s unique compliance needs since 2011



Setting standards with hourly synchronization to primary source data