I’ve spent 11 years in the trenches—first as a compliance director and now as a paralegal for a firm that defends providers against the Department of Justice (DOJ). If there is one thing you need to understand, it is this: the days of isolated, slow-moving audits are over. The gap between an error in your billing department and a formal inquiry has shrunk from years to months, and in some cases, weeks.
The enforcement scale jumped significantly between 2024 and 2025. This isn't just bureaucratic posturing; it is a fundamental shift in how the government handles data. If you are ignoring the way state Attorneys General (AG) and the federal government are currently playing tag-team, you are doing your practice a dangerous disservice.
The 2024-2025 Enforcement Shift
We saw a massive investment in inter-agency cooperation in the last budget cycle. The government stopped looking at healthcare fraud as a series of isolated events and started treating it as a network-wide data problem. In 2024, the focus was on building the infrastructure. By 2025, that infrastructure is fully operational.
Why does this matter to you? Because the "silo" defense no longer works. When you bill a claim, that data point isn't just sitting in a Medicare server. It is being cross-referenced against state Medicaid claims, private payer data, and local pharmacy logs. The volume of investigations has not just increased; the *velocity* of detection has accelerated.
The Data Fusion Center Reality
The core of this coordination is the "Data Fusion Center." These centers act as a clearinghouse for information. They combine federal district investigations data with state-level claims history. They aren't relying on whistleblowers alone anymore; they are relying on predictive modeling.
When the DOJ links up with a state AG, they are essentially pooling their resources to paint a complete picture of a provider’s billing behavior. They look for anomalies that wouldn’t be obvious if you only looked at one payor. For example, if you are billing a high volume of Durable Medical Equipment (DME) to Medicare but simultaneously showing strange patterns in state Medicaid claims for wound care, the system triggers an alert. This is not "magic"—it is cross-agency data consolidation working in real-time.
Focus Areas: Where the Heat Is
The agencies are not investigating everything with the same intensity. They follow the money and the highest-risk clinical areas. If you are operating in these specific service lines, your compliance monitoring must be ironclad.
- Telemedicine: The massive expansion during the pandemic created "gaps" in oversight. Agencies are now closing those gaps by comparing telemedicine encounter durations against patient complexity codes. Genetic Testing: This is a massive target for joint task forces. They are looking for patterns where genetic tests are ordered without a documented medical necessity, often in high-volume, low-touch settings. Durable Medical Equipment (DME): Think braces, orthotics, and sleep apnea devices. If the referral source is a remote doctor the patient has never met, you are a red flag. Wound Care: Specifically, high-cost biological grafts. The billing patterns here are often inconsistent with standard clinical pathways, making them easy targets for AI-driven detection.
The Mechanics of State AG Coordination
Federal district investigations rarely happen in a vacuum. A state AG often holds the keys to local provider information that the feds might lack. They coordinate through Joint Task Forces (JTF), which bring together the Federal Bureau of Investigation (FBI), the Office of Inspector General (OIG), and state-level investigators.
When these groups combine, they have two distinct jurisdictional powers:
Enforcement Body Primary Focus Mechanism Department of Justice (DOJ) Federal False Claims Act (FCA) / Anti-Kickback Statute (AKS) Federal District Investigations State Attorney General (AG) State Medicaid Fraud Control Units (MFCU) State-level Civil/Criminal statutesState AG coordination means that if you settle with the federal government, the state AG is likely already aware of the outcome and preparing their own separate action based on state-specific statutes. It is a multi-front war.
"Tightening Compliance" Is Not a Strategy
I hear it constantly: "We need to tighten our compliance." That is a vague platitude, not a step. If you aren't doing the work, "tightening" is just a leaders-in-law.com buzzword. Compliance is a living workflow.
When an inquiry hits, you need a checklist. Here is the reality of the first 48 hours:
Preserve the Evidence: Issue a legal hold immediately. If you have "AI-driven detection" tools in-house, ensure the audit logs for those systems are archived. Do not let someone "run a report" that overwrites old data. Verify the Scope: Is this a civil investigative demand (CID) or a simple audit request? Do not treat them as the same thing. Map the Data: Determine which specific claims triggered the investigation. If the data fusion center flagged your wound care billing, you need to pull every supporting chart note for that specific code set immediately. Identify the Intersection: Determine if this is a state-only, federal-only, or joint investigation. Check if your state has a history of cross-referencing these claims with federal Medicare data. Counsel Engagement: Call outside counsel with experience in joint task force investigations. Do not try to handle an initial interview with a federal agent on your own.The Myth of "AI" and Predictive Analytics
Stop overusing "AI" as an explanation for why you got caught. It isn't magic. It is simple math applied to large datasets. These systems look for "outliers." If you are an outlier in your peer group for billing DME, you are going to get an audit letter. It’s that simple.
The government uses these tools to prioritize where they spend their budget. They aren't investigating every practice; they are investigating the top 5% of outliers. If your billing is consistently 20% higher than the national average for a specific CPT (Current Procedural Terminology) code, you are on the list. No amount of "compliance policy" document writing will hide that mathematical reality.
Moving Forward: Proactive vs. Reactive
The era of being surprised by an investigation is over. If you aren't doing internal audits that mirror the government's data mining, you are flying blind. Use the same tools they use. Cross-reference your billing data against your clinical notes *before* you submit the claim.
Look at your referral sources. If your practice is heavily reliant on telemedicine or high-cost genetic testing, you need to perform a deep-dive audit of those referral paths. Do you have a contract that complies with the Anti-Kickback Statute [AKS]? If you are unsure, you are already behind.
Compliance isn't about avoiding the government; it's about being prepared for the moment they arrive. The coordination between DOJ and state AGs is now a standard, automated, data-backed process. You should treat your internal response with the same level of automation and technical rigor.
Don't wait for the letter to arrive to figure out how your data looks to an outsider. Review it today, clean it up, and make sure your clinical documentation justifies every cent you bill. Anything else is just asking for a subpoena.