How Healthcare Fraud Investigations Actually Work Step by Step

healthcare fraud investigations

Most healthcare organizations don’t learn they are under investigation until federal agents appear at the door. Investigations are deliberately kept covertsometimes for months or yearswhile agencies build a case that, by the time it surfaces, is already formidable. In 2025, DOJ Fraud Section prosecutors charged 265 defendants with aggregate estimated fraud losses exceeding $16 billionmore than double the figure from 2024. The HHS OIG’s Spring 2025 Semiannual Report identified more than $16.6 billion in healthcare fraud, overpayments, and improper payments in just a six month period.

Behind every one of those prosecutions is a structured investigative process that most healthcare providers, compliance officers, and executives never fully understanduntil they’re in the middle of one. This guide demystifies that process, walking through how healthcare fraud investigations actually work from the first detection signal to final resolution.

Stage 1: Detection How Investigations Begin

Healthcare fraud investigations typically begin in one of four ways, and the starting point shapes everything that follows.

Data analytics and algorithmic flagging. This is now the dominant detection mechanism. CMS’s Fraud Prevention System applies machine learning to billions of claims, flagging statistical outliers before payment is released. The DOJ’s Health Care Fraud Data Fusion Centerlaunched in 2025integrates AI tools across CMS, HHS OIG, DEA, and FBI data simultaneously. In 2025, “Operation Gold Rush” AI tools alone prevented $4.45 billion in fraudulent Medicare payments by identifying anomalies in durable medical equipment billing before those funds were disbursed. Providers whose billing patterns deviate significantly from specialty and regional peers are surfaced automatically.

Whistleblower and hotline complaints. The HHS OIG Hotline receives thousands of reports annually from patients, employees, competitors, and contractors. The False Claims Act’s qui tam provisions generated a record 1,297 whistleblower lawsuits in FY2025the highest annual total ever recorded. Because insiders have the best view of fraud, whistleblower complaints are consistently the most productive detection mechanism for complex schemes that don’t yet appear in billing data patterns.

Audits by Medicare contractors. Medicare Administrative Contractors (MACs), Recovery Audit Contractors (RACs), and Unified Program Integrity Contractors (UPICs) conduct routine and targeted billing audits. When an audit surfaces a pattern of irregular claims, the finding is referred to HHS OIG for investigation.

Inter agency referrals. A fraud pattern identified by one agencyCMS, DEA, IRS Criminal Investigation, or a state Medicaid Fraud Control Unit (MFCU)may generate a referral that opens a federal healthcare fraud investigation. In FY2024, 53 MFCUs operating across all 50 states, D.C., Puerto Rico, and the U.S. Virgin Islands recovered $1.4 billion$3.46 for every $1 spentwith criminal recoveries at their highest level in a decade.

Our post on how fraud investigations differ from internal audits explains the important distinction between internal and external investigative triggers.

Stage 2: Preliminary Investigation Building the Case Covertly

Once a detection signal is generated, investigators begin building the casequietly and methodically, with the target typically unaware.

The HHS OIG’s Office of Investigations (OI) takes the lead, frequently working in partnership with the FBI, DOJ, and relevant U.S. Attorney’s Office. At this stage, investigators:

  • Pull and analyze claims data comparing the target’s billing history against peer benchmarks, looking for patterns consistent with upcoding, phantom billing, unbundling, or kickback arrangements. As we covered in our post on upcoding and unbundling fraud, statistical deviation from peer norms is one of the clearest early indicators.
  • Identify and prepare witnesses patients, employees, former staff, and employees of other entities may be approached for information. Agents assess what each witness knows and whether they are willing to cooperate.
  • Conduct covert surveillance in some cases, investigators observe clinic operations, track patient flow against billed encounters, and verify whether services described in claims are actually being delivered.
  • Issue subpoenas HHS OIG agents can compel targets and witnesses to produce records or testimony. Subpoenas for financial records, billing systems, clinical documentation, and electronic communications are common at this stage.

What the target almost never knows during this period: an active federal investigation is underway. Subjects of healthcare fraud investigations routinely learn of their investigation only when criminal charges are filed, a civil investigative demand (CID) arrives, oras HHS OIG agents doinvestigators appear at the office for what they describe as a “routine inspection.”

Stage 3: Formal Investigation Evidence Collection and Agency Coordination

As the preliminary investigation builds sufficient cause, the case escalates to formal investigative status. This is where the multi agency collaboration that defines modern healthcare fraud enforcement becomes most visible.

The DOJ’s Health Care Fraud Unit operates eight Strike Forces across the countrycoordinated teams that bring together the DOJ Fraud Section, FBI, HHS OIG, DEA, IRS Criminal Investigation, and U.S. Attorneys’ Offices. In April 2026, the DOJ announced the launch of a new West Coast Health Care Fraud Strike Force covering Arizona, Nevada, and Northern Californiadirectly responding to documented emerging fraud patterns in those regions.

At this stage, investigators use a range of formal evidence collection tools:

  • Search warrants When sufficient probable cause exists, agents may execute search warrants at clinics, billing companies, or executives’ residences, seizing computers, paper records, medical devices, and financial documents.
  • Grand jury subpoenas In criminal cases, grand jury subpoenas compel testimony and document production with significantly broader reach than administrative subpoenas.
  • Financial tracing Forensic accountants trace fraudulent payments through bank accounts, real estate transactions, cryptocurrency wallets, and business entities. The 2025 national takedown included asset seizures of $245 million in cash, cryptocurrency, luxury vehicles, and real estate.
  • Undercover operations In some cases, federal agents pose as patients, medical equipment buyers, or kickback facilitators to gather direct evidence of fraudulent activity.
  • Electronic surveillance With appropriate court authorization, investigators may monitor phone communications and electronic messaging between targets.

The scale of evidence gathered at this stage is designed to support both civil and criminal prosecution simultaneously. Nearly 500 False Claims Act civil cases were initiated by HHS OIG between April and September 2025 alone.

Our post on what evidence fraud investigators actually look for explains the specific documentation patterns that surface most consistently in healthcare fraud cases.

Stage 4: Resolution Civil, Criminal, or Both

Once the investigation is complete, the DOJ and U.S. Attorney’s Office evaluate the evidence and determine how to proceed. Healthcare fraud cases typically resolve through one of three paths:

Criminal prosecution targets individuals and organizations where willful intent is clearly established. Healthcare fraud under 18 U.S.C. § 1347 carries up to 10 years per count, increasing to 20 years if serious bodily injury results and life imprisonment if death occurs. The DOJ’s Health Care Fraud Unit conducts more trials than any other DOJ component, and conviction rates are high in cases that reach trial.

Civil settlement under the False Claims Act is the most common resolution for organizational defendants. FCA civil liability includes treble damages plus per claim civil penalties of $13,508–$27,018 per false claimgenerating enormous financial exposure even for mid sized providers. Many organizations choose to resolve FCA exposure through negotiated settlements before charges are filed, sometimes through the OIG’s voluntary self disclosure process, which can meaningfully reduce penalties.

Administrative action includes program exclusion (mandatory upon certain criminal convictions), civil monetary penalties, and corrective action plans. Exclusion bars a provider from billing any federal healthcare programfor most organizations, a potentially fatal sanction.

Self disclosure as a strategic option. Organizations that discover potential fraud through internal audits or compliance reviews can voluntarily disclose to HHS OIG under its Provider Self Disclosure Protocol. Voluntary disclosuredone correctly and immediatelyconsistently produces more favorable outcomes than waiting for investigators to arrive. This is a decision that requires legal counsel; our guide on what happens during a forensic accounting investigation explains how the quantification and documentation process works in preparation for disclosure or litigation.

Stage 5: How Organizations Protect Themselves During an Investigation

Whether an organization is the target, a cooperating witness, or a third party with relevant records, the moment a federal healthcare fraud investigation touches you, your response matters enormously.

Key protective steps for organizations:

  • Retain legal counsel immediately ideally white collar healthcare specialists who have handled federal fraud investigations before. Attorney client privilege protects communications made in anticipation of litigation.
  • Issue a litigation hold preserve all potentially relevant records and communications immediately. Document destruction after an investigation is initiated is an independent criminal offense.
  • Do not make voluntary statements to investigators without counsel HHS OIG agents conducting “routine inspections” are gathering evidence. Employees have rights regarding voluntary cooperation.
  • Engage a forensic accountant to independently quantify potential billing irregularities before the government doesso your organization understands its exposure before negotiations begin
  • Assess whistleblower exposure if internal complaints have been filed previously, evaluate whether a qui tam case may already be under seal. Our post on whistleblower retaliation explains the protections that apply and what they mean for organizational response.

For compliance officers who want to understand the detection signals before an investigation begins, our post on the 7 signs of corporate fraud most companies ignore applies directly to healthcare billing fraud patterns.

Frequently Asked Questions (FAQ)

Q1: How long does a healthcare fraud investigation typically take? Timelines vary significantly based on case complexity, the number of agencies involved, and whether the target cooperates. Simple single provider cases may resolve in months. Complex multi defendant schemes involving multiple agencies and grand jury proceedings can take two to five years from initial detection to final resolution. Our post on how long fraud investigations take covers general investigation timelines in depth.

Q2: Will an organization know it is under federal healthcare fraud investigation? Usually not until relatively late in the process. Federal investigations are deliberately covert to prevent evidence destruction and witness influence. Most targets learn they are under investigation when charges are filed, when a Civil Investigative Demand arrives, or when agents appear for what they characterize as an administrative inspection.

Q3: What triggers a healthcare fraud investigation most commonly? Statistical billing anomalies flagged by CMS or AI analytics, whistleblower qui tam complaints, audit findings by Medicare contractors, and inter agency referrals are the four primary triggers. Whistleblower complaints remain the single most productive source for complex schemes that don’t yet appear in routine billing data analysis.

Q4: Can an organization voluntarily disclose potential fraud to reduce penalties? Yes. HHS OIG’s Provider Self Disclosure Protocol allows organizations that discover potential fraud through internal compliance programs to report voluntarily in exchange for reduced penalties. The process is complex and requires legal guidance, but consistently produces better outcomes than a post investigation settlement.

Q5: What is the DOJ’s Health Care Fraud Strike Force and how does it operate? The Strike Force is a coordinated enforcement model bringing together DOJ prosecutors, FBI agents, HHS OIG investigators, DEA, and U.S. Attorneys’ Offices in cross agency investigative teams. Currently operating in eight regions with a ninth (West Coast) announced in April 2026, Strike Forces use data analytics, coordinated subpoenas, and joint prosecution to handle the largest and most complex healthcare fraud cases.

Q6: What should a healthcare provider do if HHS OIG agents show up for an “inspection”? Do not assume it is routine. Be cooperative but do not make voluntary statements beyond what is legally required without legal counsel present. Contact your attorney immediately. Agents conducting administrative inspections are gathering evidence and anything said by staff can be used in subsequent proceedings. Politely asking to have counsel present before substantive discussions begin is a legal right.

Conclusion: The Investigation Is Already UnderwayYou Just Don’t Know It Yet

The defining characteristic of modern healthcare fraud enforcement is that investigations are often well advanced before the target knows they exist. AI driven detection systems are running continuously. Qui tam cases may be under seal for years. RAC and UPIC audits generate referrals without any notification to the provider.

The organizations that navigate healthcare fraud investigations most successfully are not those that respond best when agents arrivethey are those that built compliance programs strong enough to prevent fraud, detect it early when it occurs, and respond strategically with experienced counsel when an investigation does surface.

If your organization has received a subpoena, an audit request, or any indication of a federal healthcare fraud inquiryor if you want to build the compliance infrastructure that reduces your investigation riskcontact FraudOrder today to connect with a fraud investigation professional who can help.

References

  1. Arnold & Porter. (2026, February 5). DOJ and HHS OIG Report a Record Year of Enforcement, With Healthcare Fraud at the Center. https://www.arnoldporter.com/en/perspectives/advisories/2026/02/doj and hhs oig report a record year of enforcement
  2. U.S. Department of Justice, Criminal Division. Health Care Fraud Unit. https://www.justice.gov/criminal/criminal fraud/health care fraud unit
  3. U.S. Department of Justice. (2026, May 1). Fraud Division Launches West Coast Strike Force to Target Health Care Fraud Schemes Across Arizona, Nevada, and Northern California. https://www.justice.gov/opa/pr/fraud division launches west coast strike force target health care fraud schemes across
  4. Miller Shah LLP. (2025, July 2). HHS OIG Flags $16.6B in Healthcare Fraud in the Spring 2025 Semiannual Report to Congress. https://millershah.com/blog/hhs oig healthcare fraud 2025 report/
  5. Epstein Becker Green. (2025, July 1). HHS OIG Continues to Highlight How Medicaid Fraud Control Units Recovered $1.4 Billion in FY 2024. https://www.healthlawadvisor.com/hhs oig continues to highlight how medicaid fraud control units recovered 1 4 billion in fy 2024
  6. Whitley Penn. (2025, November 5). U.S. Healthcare Fraud Takedown 2025. https://www.whitleypenn.com/healthcare fraud takedown 2025/
  7. Federal Lawyer.com. (2025, February 21). The Medicare Fraud Investigation Process. https://federal lawyer.com/healthcare defense/defending medicare fraud/investigation process/
  8. Federal Lawyer.com. (2025, October 22). OIG Investigation Process. https://federal lawyer.com/healthcare/pharmacy/compliance/oig investigation process/
  9. ComplianceResource.com. (2025, August 21). OIG Investigation: The Audit Process and Report Findings Explained. https://www.complianceresource.com/blog/oig investigation the audit process and report findings explained/
  10. U.S. Department of Justice. (2026, January 12). False Claims Act Settlements and Judgments Exceed $6.8 Billion in Fiscal Year 2025. https://www.justice.gov/opa/pr/false claims act settlements and judgments exceed 68b fiscal year 2025

Disclaimer: This article is provided for informational purposes only and does not constitute legal, financial, compliance, or professional advice. No attorney client or consulting relationship is created by reading or sharing this content. Healthcare fraud investigation processes, legal obligations, and enforcement priorities vary by jurisdiction, payer type, and individual case circumstances. Always consult a qualified healthcare attorney or certified fraud examiner before responding to any government inquiry. For questions about FraudOrder services, visit https://fraudorder.co/

At Fraud & Order, we are dedicated to uncovering the truth behind complex financial crimes and unethical practices. Our team of experienced investigators, analysts, and compliance experts provides professional fraud detection, forensic analysis, and risk assessment services to businesses, regulatory bodies, and legal partners.

Contact Info

+1 5206896814
info@fando.info
tips@fando.info
7426 N La Cholla Blvd, Tucson, AZ 85741, USA

Follow Us