The four audit programs every home health agency should know by name. The statute that lets CMS freeze your payments before they tell you. And the cash-flow gap that closes most agencies before the appeal is even heard.
Most agency owners learn this the hard way. The Code of Federal Regulations gives the Centers for Medicare and Medicaid Services three distinct ways to claw back payments — and the most aggressive one requires no court order, no appeal, and no prior notice.
Triggered by a "credible allegation of fraud" — defined broadly enough to include a complaint hotline tip, a UPIC data anomaly, or a competitor's report. No prior notice required. The OIG reports 99% of fraud-based suspensions are imposed before the provider is even informed.
The 2025 DOJ National Health Care Fraud Takedown blocked $4 billion in payments using exactly this authority. Suspension can run up to 180 days plus extensions. DOJ can extend it beyond 18 months if the case is still active.
Limited prior notice required, but the practical effect is the same: the agency's claims stop paying. CMS uses this when the case is administrative rather than criminal — but the cash-flow impact on a small agency is identical.
New claims dollars are withheld and applied to a prior alleged overpayment. Recoupment begins on Day 41 after the demand letter. The 2025 Final Rule starts the 60-day self-disclosure clock the moment a provider "should know" about an overpayment — meaning the agency is on the hook the day they have constructive knowledge, not the day they're certain.
Think of it like a bank freezing your account because someone reported suspicious activity. Except the "bank" is also the government, there's no appeals court, and the freeze can last up to two years while they investigate. By the time you get the rebuttal letter, you've already missed payroll.
Your MAC — CGS, NGS, or Palmetto depending on jurisdiction — pulls a sample of 20 to 40 of your claims. If your denial rate is above their threshold (15% to 25%), you fail the round. Three rounds. Failing all three escalates to UPIC or SMRC referral.
An ADR letter arrives. The agency has 30 to 45 days to produce documentation supporting a sample of claims. Miss the deadline by even a day — Day 46 — and the claim is automatically denied. UPIC-issued ADRs sometimes give only 15 days.
RAC contractors get paid a percentage of what they recover. Region 5 — Performant Recovery — handles all home health nationally. They mine three years of claim data, identify patterns, and issue extrapolated demands. A 30-claim sample failure can turn into a six-figure repayment demand applied to thousands of claims.
UPICs are the descendants of the old ZPICs — federal contractors whose entire job is to find fraud. They have authority to issue ADRs, conduct site visits, recommend payment suspension, refer cases for criminal prosecution, and demand statistically extrapolated repayments running into the hundreds of thousands to millions.
Once on prepayment review, payment cycles shift from 30 to 45 days into 90 to 120 days per claim. For a $200K-per-month biller, that's a $400K to $600K cash gap that opens before the first hearing.
House Ways & Means testimony, April 2026: "Medicare payments continued to be made with limited real-time verification and still resemble a pay-and-chase model that pays claims first and recovers payments later, if ever."
307 site visits per year. 704 law enforcement referrals. $236M prevented through pre-payment intervention.
$125M recovered in 2025 alone. Texas OAG actively using DOGE data to mine claim anomalies.
8 major indictment batches since summer 2025. New data-mining infrastructure in 2026. 41% TPE Probe 1 denial rate.
$200M attendant care recoupment demand issued April 2026. 27.96% TPE denial rate.
Same fraud-team contractor as Florida — investigative infrastructure already on the ground.
OIG sampled 100 of 18,422 claims, found documentation issues on 20. Extrapolated. Final demand: $100,696.
65%+ documentation error rate. MaineCare issued a $390K demand. Owner walked away — agency disappeared.
Large health-system home health agency failed a ZPIC audit. Immediate billing shutdown imposed. Came within weeks of closure before McBee restored compliance.
Personal care services billing fraud. Convicted on FCA + criminal charges. Restitution: $100M. Sentence: 12 years.
Pennsylvania AG, March 2026. Twenty defendants. CEO sentenced to 11.5 to 23 months incarceration. $1.76M restitution.
ZPIC audit findings on five patient files. No fraud allegation issued. Full payment suspension imposed. Hospice unable to make payroll. Doors closed.
VisitLock isn't fraud insurance. It's the documentation layer that prevents a UPIC from having grounds to suspect fraud in the first place. The difference between "here's biometric proof of every visit" and "here's the same falsified-records pattern that just got a Houston owner 75 months in federal prison" is the entire ROI argument.
It starts the day an aide didn't show up and you billed anyway. Make sure that day never happens.
Book a Demo →42 CFR § 405.371 · DOJ June 2025 Takedown via HHCN · NY State Comptroller / Rivkin Radler · KFF — Medicaid Home Care Fraud Enforcement · Wachler Associates — FCA 2025 · OIG / HRS Audit via HHCN · National Law Review — ZPIC hospice closures · PA AG — ComfortZone sentencing · Weiss Zarett — Prepayment Review