The Justice Department’s 2026 National Health Care Fraud Takedown netted 455 defendants and $6.5 billion in alleged false claims across 56 federal districts—a nearly 40 percent jump in defendants from the prior year. Yet, the underlying vulnerabilities remain unaddressed, as a recent House Energy and Commerce subcommittee hearing on Medicaid fraud underscored.
Despite these headline-grabbing numbers, the system’s flaws are not new. In Ohio, a field investigation by my team focused on home healthcare agencies in Columbus, using publicly available data from the Department of Health and Human Services’ Open Data Platform, corporate registrations, and licensing records. One agency had received roughly $11.1 million in Medicaid payments since 2018. Its website featured stock photos, its contact email was a Gmail address, and a phone call was answered with a single word: “Hello.” No business name or proper greeting followed. When we posed as a family seeking a caregiver, the responder said none were available and hung up. A visit to the office revealed cubicles but no intake process or available caregivers. No one returned our call.
None of this proves fraud, but it creates a signal—one visible in public data before we ever set foot in Columbus. A mid-sized home healthcare agency billing several million dollars annually typically supports 150 to 250 patients, employs 12 to 18 administrative staff, and operates from 2,500 to 4,000 square feet of commercial space. Billing volume is a proxy for operational scale; when the two diverge, that mismatch is observable in data already in the public domain.
The problem is compounded by the scale of fraud. The House Oversight Task Force on Ohio Medicaid waiver fraud estimated losses in the state’s personal care services program alone at $1.2 billion. A March 2025 Inspector General report found that 36 percent of all convictions reported by state Medicaid Fraud Control Units in fiscal year 2024 involved personal care services—more than any other program type. This sector, where provider footprints are hardest to verify, is the dominant fraud category in Medicaid enforcement.
The deficiency at the core of this issue is straightforward: systems that enroll and pay Medicaid providers do not routinely check whether a provider’s operational reality matches its billing profile. Enrollment processes verify licenses, provider numbers, and tax IDs, but they do not systematically ask whether an address associated with $5 million in annual billing looks like a functioning business. Answering that question requires only public data and an analytical framework that treats billing volume as a proxy for operational scale.
Florida has taken a step forward. Gov. Ron DeSantis recently announced a Medicaid integrity initiative that includes enhanced provider screening, an enrollment moratorium in high-risk categories, and a statewide revalidation of all active providers. The question remains whether other states will follow before the next round of criminal charges is filed.
The fraud targeting Medicaid home healthcare does not require sophistication. It requires only a registered address, a provider number, and a system that processes paperwork without verifying reality. The operational reality of a functioning agency is harder to fake than the documents describing it—but only if someone is actually looking. The data to support that scrutiny is already public. What has been missing is the institutional commitment to treat mismatches between billing and observable reality as a signal worth following up on every time, not just when a research team drives to Columbus and knocks on a door.
