CMS CRUSH Initiative: What the New Anti-Fraud Rules Mean for Providers

By Elena Pak, Credentialing Department, WCH

KEY TAKEAWAYS

CMS launched CRUSH — a real-time, AI-powered anti-fraud framework targeting molecular diagnostics, DMEPOS, and billing practices.

A six-month nationwide moratorium on new Medicare enrollment for certain DMEPOS suppliers is now in effect.

5,586 providers have already had their Medicare billing privileges revoked. Revocation cascades to Medicaid and commercial payers.

CMS is publishing revoked providers’ NPIs and reasons publicly — reputational and operational exposure is immediate.

Compliant providers face collateral risk: AI-triggered denials may target legitimate orders; appeals are slow and under-resourced.

What Happened

On February 25, 2026, the Trump administration — through Vice President J.D. Vance, HHS Secretary Robert F. Kennedy Jr., and CMS Administrator Dr. Mehmet Oz — announced a sweeping crackdown on Medicare and Medicaid fraud. The centerpiece is a new regulatory initiative called CRUSH: Comprehensive Regulations to Uncover Suspicious Healthcare.

The administration framed the shift as moving from a reactive “pay and chase” model to a proactive “detect and deploy” approach — using advanced AI and data analytics to stop improper payments before they go out the door.

Key actions already underway:

• 5,586 providers and suppliers have had Medicare billing privileges revoked for inappropriate behavior.
• 372 fraud referrals covering an estimated $3.7 billion in billing have been sent to law enforcement.
• $259.5 million in quarterly Medicaid federal matching funds deferred in Minnesota pending investigation.
• A six-month nationwide moratorium on new Medicare enrollment for certain DMEPOS suppliers is now active, applying to initial enrollments and changes in majority ownership.
• CMS will publicly publish revoked providers’ National Provider Identifiers (NPIs) and revocation reasons.

Why Molecular Diagnostics Are in the Crosshairs

Federal investigators have documented large-scale fraud schemes involving molecular diagnostic tests billed to Medicare. In 2019, Operation Double Helix resulted in the arrest of 35 individuals charged with fraudulently billing Medicare over $2.1 billion. The pattern was consistent: telemarketing firms would contact Medicare beneficiaries and sell genetic screening panels — often pharmacogenomics or cancer risk tests — without clinical justification.

In 2024, Medicare Part B spending on clinical diagnostic lab tests reached $8.4 billion — a 5% increase year-over-year — even as the number of enrolled beneficiaries with lab claims declined. Genetic testing now accounts for 43% of all Part B lab spending ($3.6 billion). This concentration has intensified CMS scrutiny.

CMS is also reviewing whether mandatory registration in the Molecular Diagnostic Services Program (MolDX), which spans 28 states, should be expanded as a gatekeeping mechanism to reduce fraud risk.

The CRUSH Request for Information

On February 27, CMS issued a formal Request for Information (RFI) soliciting stakeholder feedback on potential CRUSH rulemaking. Topics include: enhanced identity proofing and ownership requirements, modifications to the preclusion list, mandatory enrollment in Traditional Medicare for providers billing Medicare Advantage plans, and new authorities to address lab and molecular diagnostic fraud. The comment period closes March 30, 2026 (Federal Register, CMS-6098-NC).

What This Means for Providers

The shift from retrospective audit to AI-driven preemptive denial creates a new compliance environment. The most immediate risks for compliant providers are not deliberate fraud — they are collateral damage from automated systems acting on imperfect data.

Billing Revocation Has Cascade Effects

A Medicare billing revocation does not stay within CMS. It typically triggers exclusion or suspension in state Medicaid programs and can be contractually grounds for termination with commercial payers. For many practices and labs, a revocation is existential — it may make continuing operations functionally impossible while the appeal is pending.

David Lipschutz, co-director for law and policy at the Center for Medicare Advocacy, warned explicitly: “There’s a real danger that medically necessary care can be denied or targeted here.” CMS’s own enforcement capacity for appeals has been reduced by staffing cuts, meaning resolution timelines are unpredictable.

MBI Lookup Tools: New Monitoring Controls

CMS has identified theft and misuse of Medicare Beneficiary Identifiers (MBIs) through MAC portal lookup tools. Starting now, CMS is cross-referencing MBI lookups against claims submitted with associated NPIs. A high ratio of lookups without corresponding claims may result in tool access being revoked. Providers must ensure MAC portal users are properly linked to the NPIs in their organization. The deadline for MAC portal user updates is May 7, 2026.

What Providers Should Do Now

Immediate Compliance Steps

• MAC portal audit: Verify that all staff with MBI lookup access are tied to the correct NPIs in your organization by May 7, 2026.
• Ordering documentation: Ensure every molecular diagnostic order has documented clinical indication in the patient record. Generic or boilerplate justifications are insufficient.
• DMEPOS suppliers: If your practice works with DMEPOS companies, confirm they hold current Medicare enrollment. The moratorium means new suppliers cannot enroll for six months — plan accordingly.
• Referral arrangements: Review any medical directorship or referral compensation arrangements for AKS and Stark Law compliance. DOJ has signaled renewed focus on these arrangements.

Prepare for Heightened AI Scrutiny

• Audit your own billing patterns using the lens CMS will apply: outlier test volumes, orders lacking diagnosis codes, patterns that could resemble telehealth-driven mass ordering.
• Document clinical decision-making explicitly for high-cost molecular tests. Payer auditors and AI systems will flag absence of documented medical necessity.
• If your practice uses AI-assisted documentation or coding tools, implement human-in-the-loop review for all AI-generated outputs before submission.

Monitor CRUSH Rulemaking

• Submit comments to the CRUSH RFI by March 30, 2026. CMS is actively seeking provider input — this is an opportunity to shape the final rule.
• Track MolDX program developments closely. Mandatory registration may become a nationwide requirement, with compliance timelines that could affect lab operations.
• Engage legal counsel familiar with False Claims Act exposure now, before any audit or revocation notice arrives. Proactive self-disclosure typically results in significantly better outcomes than reactive defense.

If You Receive a Revocation Notice

• Act immediately. Billing privileges can be suspended with little or no warning. The window for administrative appeal is narrow.
• Request a full explanation of the basis for revocation, including the specific AI-generated flag or data pattern that triggered it.
• Notify commercial payers in parallel with your appeal, as many contracts require prompt notice of government action.

Sources

1. CMS Press Release: “Trump Administration Prioritizes Affordability by Announcing Major Crackdown on Health Care Fraud,” February 25, 2026. cms.gov/newsroom
2. Federal Register, CMS-6098-NC: “Request for Information — Comprehensive Regulations to Uncover Suspicious Healthcare (CRUSH),” February 27, 2026. federalregister.gov
3. Medscape: “New US Anti-Fraud Measures for Diagnostics: What Doctors Need to Know,” March 13, 2026. medscape.com
4. Morgan Lewis: “CMS Announces Sweeping Anti-Healthcare Fraud Initiatives,” February 2026. morganlewis.com
5. Paul Hastings: “Healthcare Enforcement Roundup: What Providers Need to Know,” 2026. paulhastings.com
6. White & Case: “Healthcare Fraud Enforcement in 2025: A Year of Aggressive Action and Expanding Risk,” 2026. whitecase.com
7. CMS MLN Connects Newsletter, February 26, 2026. cms.gov/training-education
8. HHS-OIG: Annual Report on Medicare Part B Lab Test Spending, January 2026.