Request for Information (RFI) Related to Comprehensive Regulations To Uncover Suspicious Healthcare (CRUSH)

#  Request for Information (RFI) Related to Comprehensive Regulations To Uncover Suspicious Healthcare (CRUSH)

**AGENCY:**

Centers for Medicare & Medicaid Services (CMS), Department of Health and Human Services (HHS).

**ACTION:**

Request for information.

**SUMMARY:**

This request for information (RFI) solicits stakeholder feedback on potential regulatory changes that might be included in a potential upcoming CRUSH proposed rule, as well as other programmatic changes that could be implemented to make CMS more effective in crushing fraud to protect taxpayer dollars and the Americans we serve.

**DATES:**

To be assured consideration, comments must be received at one of the addresses provided below, by March 30, 2026.

**FOR FURTHER INFORMATION CONTACT:**

Kathleen O'Malley, (410) 786-8987.

**ADDRESSES:**

In commenting, refer to file code CMS-6098-NC.

Comments, including mass comment submissions, must be submitted in one of the following three ways (please choose only one of the ways listed):

1. *Electronically.* You may submit electronic comments on this regulation to *http://www.regulations.gov.* Follow the “Submit a comment” instructions.

2. *By regular mail.* You may mail written comments to the following address ONLY: Centers for Medicare & Medicaid Services, Department of Health and Human Services, Attention: CMS-6098-NC, P.O. Box 8013, Baltimore, MD 21244-8013.

Please allow sufficient time for mailed comments to be received before the close of the comment period.

3. *By express or overnight mail.* You may send written comments to the following address ONLY: Centers for Medicare & Medicaid Services, Department of Health and Human Services, Attention: CMS-6098-NC, Mail Stop C4-26-05, 7500 Security Boulevard, Baltimore, MD 21244-1850.

[ *Note:* This ZIP code is for express mail or courier delivery only. This ZIP code specifies the agency's physical location.]

For information on viewing public comments, see the beginning of the *SUPPLEMENTARY INFORMATION* section.

**SUPPLEMENTARY INFORMATION:**

*Inspection of Public Comments:* All comments received before the close of the comment period are available for viewing by the public, including any personally identifiable or confidential business information that is included in a comment. We post all comments received before the close of the comment period on the following website as soon as possible after they have been received: *http://www.regulations.gov.* Follow the search instructions on that website to view public comments. CMS will not post on *Regulations.gov* public comments that make threats to individuals or institutions or suggest that the commenter will take actions to harm an individual. CMS continues to encourage individuals not to submit duplicative comments. We will post acceptable comments from multiple unique commenters even if the content is identical or nearly identical to other comments. CMS encourages commenters to include supporting facts,  research, and evidence in their comments. When doing so, commenters are encouraged to provide citations to the materials referenced, including active hyperlinks. Likewise, commenters who reference materials that have not been published are encouraged to upload relevant data collection instruments, data sets, and detailed findings as a part of their comment. Providing such citations and documentation will assist CMS in analyzing the comments.

**I. Background**

On June 6, 2025, President Trump issued a Presidential Memorandum on Eliminating Waste, Fraud, and Abuse in Medicaid expressing this Administration's commitment to preserve and protect the integrity of government programs. Similarly, President Trump, U.S. Department of Health and Human Services (HHS) Secretary Kennedy, and Centers for Medicare & Medicaid Services (CMS) Administrator Oz have strongly demonstrated this administration's dedication to crushing fraud in Medicare, Medicaid, the Children's Health Insurance Program (CHIP), and the Marketplace. In alignment with this strategic objective, CMS is issuing this RFI to solicit stakeholder feedback on potential regulatory changes that might be included in a potential future proposed rule, as well as other programmatic changes that could be implemented to make CMS more effective in crushing fraud to protect taxpayer dollars and the Americans we serve.

**II. Solicitation of Public Comments**

While CMS invites all relevant input, we are specifically inviting responses on the following topics listed in this section of this RFI. This RFI does not necessarily solicit comments on the full scope of topics that could be included in a potential, future CRUSH Rule.

**A. Modifications to Program Integrity Requirements**

CMS takes a variety of actions to crush fraud, waste and abuse, including provider enrollment screening, suspending payments when there is a credible allegation of fraud or reliable indication of overpayment, data analytics of claims, imposing automatic pre-payment claims edits, conducting investigations and audits, post-payment review of medical records, revocations, re-enrollment bans, coordinating with law enforcement partners on enforcement actions, and providing education to reduce improper payments. CMS is looking for ways to strengthen its fraud-fighting toolbox and invites public comments on how to achieve this. Specifically, we seek comments on the following questions and related topics around CMS' existing program integrity authorities and processes:

• Are there ways in which CMS could better use existing statutory authorities to expeditiously prevent bad actors from engaging in fraud, waste, and abuse?

• Are there ways to modify provider enrollment (including revocation), medical review, investigation, audit, payment suspension, and other program integrity oversight policies to provide CMS with increased authority and flexibility to expeditiously prevent bad actors from engaging in fraud, waste, and abuse? (See, for example, Title 42 Code of Federal Regulations (CFR) 405.371 *et seq.* (payment suspension), part 424, Subpart P, especially 424.510 (general requirements), 424.516 (additional requirements), 424.530 (enrollment denial), 424.535 (revocation), and 424.540 (deactivation of billing privileges).)

• Are there existing requirements or policies, including those issued through regulations, memoranda, administrative orders, subregulatory guidance documents, or policy statements that could be altered to increase CMS' ability to promote payment accuracy and efficiency to protect the integrity of Medicare, Medicaid, CHIP, and the Health Insurance Marketplace®? [^1]

[^1] Health Insurance Marketplace® is a registered service mark of the U.S. Department of Health & Human Services. The Health Insurance Marketplace® is also known as the Federally facilitated Exchange, which we use synonymously later in this document.

• What changes could CMS or its contractors make to existing processes to promote their ability to effectively deter fraud, waste, and abuse and promote payment accuracy and efficiency, including by more expeditiously gathering actionable information?

• What types of analytics, methodologies, or data-driven approaches would be most effective in identifying indicators of potential fraud, waste, or abuse? We welcome feedback on specific analytical techniques, models, technologies, mechanisms, or data sources that could strengthen our ability to proactively detect and prevent fraudulent activity.

• A core component of crushing fraud to protect taxpayer dollars is transparency to the Americans we serve about CMS' program integrity undertakings. How can CMS improve its transparency about its oversight and enforcement activities?

• CMS currently does not have an affirmative, regulatory authority to direct Medicare Advantage (MA) organizations and Part D plan sponsors to suspend payments to providers and suppliers that operate exclusively in Part C or Part D or both. Should CMS establish regulatory requirements that allow MA organizations and Part D sponsors to implement payment suspensions under circumstances similar to the payment suspension authority that exists for Traditional Medicare under 42 CFR 405.371, and require suspensions when directed by CMS?

**B. Enhanced Identity Proofing and Ownership Requirements**

CMS has identified significant concerns that Medicare fraud is increasingly perpetrated through international fraud schemes characterized by opacity of ownership structures. These schemes often involve owners who reside outside of the United States, owners who are not permanent residents or U.S. citizens, and individuals who operate beyond the reach of U.S. law enforcement authorities. The lack of robust identity verification and the ability of non-U.S. residents to maintain ownership in Medicare-enrolled entities creates substantial program integrity vulnerabilities and impedes fraud investigation and prosecution efforts. CMS is seeking stakeholder feedback on potential provisions that would require enhanced identity proofing of individuals associated with Medicare-enrolled entities and impose citizenship or legal residency requirements for ownership.

• What would be the impact on Medicare-enrolled entities if CMS established a requirement for U.S. citizenship or legal permanent residency for all individuals with an ownership or control interest of 5 percent or greater in a Medicare-enrolled provider or supplier?

• CMS currently requires fingerprinting and criminal background checks for all individuals with a 5 percent or greater ownership interest in a provider/supplier organization that is part of the “high” risk category as described in 42 CFR 424.518. Should this be expanded to include, for instance, the provider's managing employees, less than 5 percent owners, or other individuals who are affiliated with or working for the organization?

• What alternative identity proofing measures could effectively verify the identity and location of owners while balancing program integrity objectives  with the operational needs of legitimate Medicare providers and suppliers?

• Are there specific provider or supplier types for which enhanced identity proofing and citizenship or residency requirements would be most critical to preventing fraud?

• Are there additional individuals on the enrollment record for whom enhanced identity proofing and citizenship or residency requirements would help prevent fraud?

• What challenges would these requirements create for entities with foreign parent companies, international investors, or legitimate cross-border business structures?

**C. Preclusion List and Medicare Advantage Enrollment Requirements**

CMS has identified significant deficits in the effectiveness of the preclusion list in preventing fraudulent billing in MA. Under current policy, providers and suppliers that are revoked from Traditional Medicare for reasons not considered “detrimental to the best interests of the Medicare program” are not included on the preclusion list. CMS has observed that providers and suppliers revoked from Traditional Medicare for these reasons often shift their billing operations to MA plans, where they can continue to submit claims and receive payment. This gap in the preclusion list undermines program integrity efforts and allows bad actors to circumvent CMS oversight. CMS is seeking feedback from MA organizations and other stakeholders on potential improvements to the preclusion list and whether requiring enrollment in Traditional Medicare could enhance program integrity.

• What changes could CMS make to better effectuate the preclusion list to prevent Traditional Medicare-revoked providers and suppliers from continuing to bill MA plans?

• Does the current preclusion list adequately serve the needs of MA organizations in identifying and preventing payments to providers and suppliers that pose fraud, waste, or abuse risks?

• Would MA plans support a requirement for all providers and suppliers to enroll in the Traditional Medicare (Fee-for-Service) program as a condition of billing MA plans?

• Should such a requirement apply only to high-risk provider and supplier types?

• What operational, administrative, and financial impacts would a requirement to enroll in the Traditional Medicare program have on providers and suppliers that currently only bill MA plans?

• Are there alternative mechanisms that could achieve similar program integrity objectives without requiring enrollment in Traditional Medicare?

**D. Reducing Medicare Fraud Related to Laboratory Tests Including Genetic Tests and Molecular Diagnostic Tests**

In 2024, Medicare Part B or Traditional Medicare spending on clinical diagnostic laboratory tests (lab tests) totaled $8.4 billion—a five percent increase over the previous year per a January 2026 U.S. Department of Health and Human Services' Office of the Inspector General (OIG) Report. [^2] Part B spending on lab tests has been shifting increasingly toward genetic tests, including tests related to cancer, infections, and epilepsy. [^3] Although genetic tests represented only 5 percent of lab tests paid under Part B in 2024, they accounted for 43 percent ($3.6 billion) of Part B lab spending. The OIG and the Department of Justice have issued multiple reports [^4] and fraud alerts, [^5] and have engaged in multiple enforcement actions [^6] related to fraud in lab tests, particularly genetic tests, including molecular diagnostic tests. CMS is concerned about fraud, waste, and abuse related to lab tests and has targeted this as a focus area through its Fraud Defense Operations Center (FDOC), which is a high-tech unit formed in 2025 that utilizes cross-functional teams to target fraud in real time and has expedited the issuance of payment suspensions, resulting in $1.8 billion in taxpayer savings in 2025, over $100 million of which was related to suspect laboratories.

[^2] Total Medicare Part B Spending on Lab Tests Rose in 2024, Driven by Increased Spending on Genetic Tests. OIG Report Number OEI-09-25-00330. January 23, 2026. Available at: *https://oig.hhs.gov/reports/all/2026/total-medicare-part-b-spending-on-lab-tests-rose-in-2024-driven-by-increased-spending-on-genetic-tests/.*

[^3] Id.

[^4] Id. See also: OIG Semiannual Report to Congress. October 1, 2024 to March 31, 2025.

[^5] Fraud Alert: Genetic Testing Scam. Last updated September 27, 2019. Available at: *https://oig.hhs.gov/fraud/consumer-alerts/fraud-alert-genetic-testing-scam/.*

[^6] Lab Operator Convicted of $4M Medicare Fraud Scheme. February 25, 2025. Available at: *https://oig.hhs.gov/fraud/enforcement/lab-operator-convicted-of-4m-medicare-fraud-scheme/.* See also: Federal Law Enforcement Action Involving Fraudulent Genetic Testing Results in Charges Against 35 Individuals Responsible for Over $2.1 Billion in Losses in One of the Largest Health Care Fraud Schemes Ever Charged. September 27, 2019. Available at: *https://www.justice.gov/archives/opa/pr/federal-law-enforcement-action-involving-fraudulent-genetic-testing-results-charges-against.*

• What new statutory or regulatory authorities would empower CMS to more effectively prevent, identify, and address fraud in lab tests, including genetic tests and molecular diagnostic tests?

• What types of tools, data analytics, and methods would assist CMS to increase program integrity related to lab tests, including genetic tests and molecular diagnostic tests?

In 2011, the Molecular Diagnostic Services Program (MolDX Program), administered by Palmetto GBA on behalf of CMS, was established to determine and streamline coverage and reimbursement for molecular diagnostic tests on behalf of the Medicare program. It aims to provide uniform policies across multiple Medicare Administrative Contractors (MACs) and currently spans 28 states.

CMS is interested in understanding if a requirement to register in the MolDX program, that other payors may have, has had an impact on the risk of fraud, waste and abuse related to laboratory testing. CMS also wants to understand the rationale as to why other payors and MA organizations require laboratories to be registered in MolDX even when they are not located in a MolDX state.

• What prompted other payors and MA organizations to require registration in the MolDX program?

• What safeguards or challenges has the MolDX program provided to your organization regarding laboratory testing?

**E. Reducing Risks From Non-Participating Durable Medicare Equipment, Prosthetics, Orthotics and Supplies (DMEPOS) 
                    7

                     Suppliers in Medicare Advantage**

[^7] Examples of DMEPOS include: mobility aids (wheelchairs, walkers, canes, scooters), respiratory aids (oxygen, CPAP machines, ventilators), hospital beds, prosthetic limbs/eyes, orthopedic braces, diabetes supplies (meters, strips, lancets), ostomy supplies (bags, pouches), and infusion pumps, that serve recurring medical needs at home.

There is a significant risk of fraud, waste, and abuse with certain high-risk services, including the provision of DMEPOS. The OIG and MA organizations have identified that non-participating DMEPOS suppliers [^8] are fraudulently billing MA plans for millions of dollars of services not rendered and not needed. [^9] We would  like the public's feedback on solutions related to non-participating DMEPOS suppliers in MA.

[^8] Medicare “participation” means that the supplier agrees to accept assignment on all claims for all Medicare-covered services furnished to the supplier's patients. By accepting assignment, the supplier agrees to accept Medicare-allowed amounts as payment in full. The supplier cannot collect more from the patient than the applicable Medicare deductible and coinsurance or copayment. See *https://www.cms.gov/medicare-participation* for more information.

[^9] HHS OIG Work Plan for “Durable Medical Equipment Fraud and Safeguards in Medicare,” Project Number: OEI-02-24-00310. (“Each year, Medicare payments for durable medical equipment,  prosthetics, orthotics, and supplies (DMEPOS) top more than $7 billion in traditional Medicare alone. Although CMS has a number of safeguards in place to prevent bad actors from billing DMEPOS in Medicare, fraudulent billing for DMEPOS continues to be a major concern. Recent cases demonstrate that DMEPOS continues to be a target of fraudulent billing and that new schemes have developed. OIG's review will provide information about current fraud schemes and the safeguards and monitoring that CMS has to prevent fraud, waste, and abuse. These findings will result in multiple products. The first product will look at billing for DMEPOS in Medicare Advantage, specifically by suppliers that are not enrolled in Medicare fee-for-service.”) Available at: *https://oig.hhs.gov/reports/work-plan/browse-work-plan-projects/durable-medical-equipment-fraud-and-safeguards-in-medicare/.*

• What changes would MA organizations need to make to existing processes to promote the ability to effectively deter fraud, waste, and abuse and promote payment accuracy for non-participating DMEPOS suppliers?

• Are there existing requirements (including those issued through regulations, memoranda, administrative orders, guidance documents, contracts, or policy statements) that could be altered to increase MA organizations' ability to promote payment accuracy and efficiency to protect the integrity of the program for non-participating DMEPOS suppliers?

• What types of analytics, methodologies, or data-driven approaches are most effective in identifying indicators of potential fraud, waste, or abuse for non-participating DMEPOS suppliers? We welcome feedback on specific analytical techniques, models, or data sources that could strengthen MA organizations' ability to proactively detect and prevent fraudulent activity.

• Would MA organizations prefer DMEPOS suppliers to be accredited and enrolled similar to Traditional Medicare, ensuring suppliers meet minimum supplier standards?

**F. Reducing Fraudulent Medicare Parts A and B (Traditional Medicare) Claim Submissions**

Due to the significant risk of fraud, waste, and abuse with certain high-risk items and services (for example, DMEPOS), CMS is seeking feedback about the impact of reducing the Medicare Parts A and B (Traditional Medicare) 1-calendar year claim filing deadline for high-risk items and services, including but not limited to DMEPOS. Ensuring claims are filed more promptly will assist CMS in evaluating data and reduce the ability of providers to back-bill for fraudulent claims.

• How would a claim filing deadline of 90 to 180 calendar days, which is consistent with private industry norms, impact your practice?

• Are there certain claim or provider types for which these deadlines would not be feasible?

• What would be the best way to implement a shorter claim filing deadline for certain high-risk items and services? What are the benefits or drawbacks of imposing a shorter claim filing deadline for all of the following:

++ All claims filed by specific high-risk provider or supplier types (for example DMEPOS suppliers).

++ All claims filed for specific high-risk items or services.

++ All claims filed by specific providers who are high-risk.

++ Some other method(s).

• Would it be beneficial to apply this standard to all items and services rather than only to high-risk items and services to reduce unnecessary administrative complexity?

• Would the current flexibilities in 42 CFR 424.44 or additional flexibilities for a shorter claim filing deadline be appropriate to support such a change, and if so, what would those flexibilities be?

**G. Artificial Intelligence in Medicare Advantage Coding Oversight and Hospital Billing**

CMS is seeking input from stakeholders about the availability, use, efficacy, and cost of using artificial intelligence (AI), based on machine learning and other methods, to assist with accurately and efficiently abstracting diagnoses from medical record documentation as part of a medical records review. More specifically, CMS is seeking input on the following topics:

• What types of AI solutions (including commercial off-the-shelf (COTS) products) are most effective and efficient for assisting human coders with large volumes of records?

• What key features and learning capabilities should an AI solution include to improve accuracy, incorporate coder feedback, and prevent errors or “hallucinations”?

• How should AI-generated coding recommendations be displayed to human reviewers, and what compliance risks should be considered and mitigated?

• What lessons have been learned from implementing AI solutions, including pricing structures and use within cloud-based IT environments?

• Are there AI solutions that address coding issues related to overpayments and underpayments, and can those AI solutions be used for compliance oversight?

• How could AI be used to increase the efficiency and accuracy of hospital billing?

**H. Beneficiary Solicitation**

Medicare beneficiaries are often subject to unsolicited outreach by unscrupulous individuals seeking to obtain their personally identifiable information to submit fraudulent Medicare claims. Beneficiaries are sometimes offered free money, items, or services in exchange for their information. There is currently a prohibition against unsolicited contact via telephone by DMEPOS suppliers ( *see* section 1834(a)(17) of the Social Security Act (the Act) and 42 CFR 424.57(c)(11)). We are seeking feedback from stakeholders about the impact of expanding this prohibition to other types of providers and suppliers through legislation and expanding the existing DMEPOS regulation to other forms of communication, such as email, text message, or social media.

• What means of communication do Medicare beneficiaries find are being used to solicit them for their Medicare information? How do beneficiaries respond when they have been contacted by an inappropriate direct solicitation?

• If the prohibition on unsolicited contact via telephone by DMEPOS suppliers was expanded to other forms of communication, what obstacles would that create for DMEPOS suppliers that could hinder your ability to effectively serve Medicare beneficiaries? In what ways could CMS mitigate those concerns while still expanding protections for beneficiaries?

• If CMS were to pursue a legislative proposal to expand the prohibition against unsolicited contact by DMEPOS suppliers to other provider and supplier types, are there other provider or supplier types that should be included?

• In what other ways should CMS expand the prohibition on unsolicited contact via telephone by DMEPOS suppliers? For example, should CMS explicitly prohibit DMEPOS suppliers from collaborating with marketing agencies or other third parties acting on their behalf to perform solicitation?

**I. Beneficiary Contact**

CMS encourages Medicare beneficiaries or their authorized legal representatives to review their Medicare Summary Notices (MSNs) and other CMS-issued materials, such as the Medicare & You handbook (see page 105 available at *www.medicare.gov/publications/10050-medicare-and-you.pdf* ) and the CMS website to  identify services or items that may be incorrect, unfamiliar, or potentially fraudulent. These communications include instructions on how beneficiaries can report suspected fraud, waste, or abuse, including contacting CMS, the MACs, or the OIG. While these existing efforts provide important information and reporting pathways, we are interested in understanding whether additional or alternative communication methods could further improve beneficiary awareness, trust, and ease of reporting. Accordingly, we are exploring whether and how other approaches or tools could be utilized to better support beneficiaries in identifying and reporting potentially suspicious Traditional Medicare claims.

• How would beneficiaries prefer to be contacted by CMS or its contractors about potentially suspicious claims? Would they prefer that this contact occur before or after processing the claim?

• What concerns, if any, would beneficiaries have regarding privacy, burden, or confusion related to prepayment verification outreach? In what ways could CMS distinguish these communications to make them easy to identify and to make it clear that they are legitimate and trustworthy communications and that beneficiaries need to take action? What form(s) of communication (for example, telephone, mail, secure electronic communication) would beneficiaries find acceptable for such verification?

• What could CMS be doing that it is not already doing to make it easier for beneficiaries to report a potentially suspicious claim?

**J. Surety Bonds**

In accordance with section 1834(a)(16) of the Act (and as codified in 42 CFR 424.57(d)), DMEPOS suppliers are required to maintain a surety bond of at least $50,000 in order to enroll and maintain enrollment in Medicare. We request public feedback on means of strengthening our existing surety bond requirement. We are especially interested in suggestions on how CMS should use its surety bond authorities to be more effective in the fight against fraud, such as increasing the required bond amount, expanding the types of Medicare providers and suppliers that must maintain a surety bond, or taking tougher actions against bond companies that are not meeting their obligations when fraud is found. In addition, how can CMS strengthen surety bond requirements in Medicaid and CHIP, for example, with respect to Medicaid and CHIP home health providers?

**K. Medicaid and CHIP**

Recently, CMS has taken bold steps to address significant, systemic Medicaid fraud that has been discovered in multiple states. CMS is continuously refining its oversight actions and capabilities to ensure that states are proactive in crushing fraudulent activities in these programs. We are seeking stakeholder feedback on how to expand CMS' regulatory authority to act expeditiously to prevent, identify, and address instances of fraud, waste, and abuse in Medicaid and CHIP. We are also soliciting suggestions about cutting-edge technological tools that could be harnessed to advance this work.

• Is there any way that CMS should better leverage or expand its statutory or regulatory program integrity oversight authority?

• In order to strengthen program integrity oversight of provider enrollment, should CMS require that states require their high-risk providers to revalidate more frequently than every 5 years, and if so, how frequently?

• What tools or technologies can CMS or states use to enhance program integrity in Medicaid, CHIP managed care, and fee-for-service programs?

• What tools or guidance can CMS give to states to enhance program integrity in the Medicaid and CHIP managed care and fee-for-service programs?

• What ways can CMS improve the prevention, identification, and resolution of fraud, waste, and abuse related to non-federal share financing sources, including intergovernmental transfers (IGT)?

• How can CMS better prevent, identify, and address Medicaid and CHIP fraud, waste, and abuse in the context of individuals who do not have satisfactory immigration status for full Medicaid or CHIP benefits who are accessing services inappropriately?

• How can CMS better prevent fraud, waste, and abuse associated with the differential payment of public and private providers?

• What data and information should states report to CMS to ensure that fraud, waste, and abuse is being identified, investigated, and resolved?

• What best practices and standardized processes should states implement when responding to recovery audit contractor (RAC) findings?

• What data or information should be made publicly available that would allow for transparency in Medicaid by states, health plans, and providers?

• How can CMS help states to better prevent, identify, and address Medicaid and CHIP fraud, waste, and abuse related to service areas that have been identified as high risk for fraud in certain states, such as the following:

++ Housing stabilization services.

++ Behavioral health services.

++ Personal care assistant (PCA) services.

++ Nonemergency medical transportation.

• How can CMS further enhance the Healthcare Fraud Prevention Partnership (HFPP) to strengthen fraud detection within state agencies and law enforcement?

• What are the best practices for integrating artificial intelligence with existing technologies to maximize effectiveness?

**L. State-Specific Medicaid and CHIP Questions**

• What statutory or regulatory changes are needed to strengthen states' ability to effectively reduce fraud, waste, and abuse in Medicaid and CHIP?

• What regulatory or administrative changes could CMS make to empower states to—(a) pursue bad actors; and (b) better coordinate program integrity efforts with the federal government, law enforcement, and other states?

• What data or tools would facilitate state program integrity activities?

• Would further use of federal databases, such as Do Not Pay (DNP), or non-federal databases provide states with more complete information to move further away from a pay-and-chase model and towards pre-pay review?

• What successful strategies have certain states implemented that others can replicate as best practices?

• What is the best way for states to learn about the most up to date technology or data analytic tools available to effectively reduce fraud, waste, and abuse in Medicaid and CHIP?

• How can CMS help states better prevent, identify, and address fraud, waste, and abuse related to supplemental payments (for example, disproportionate share hospital (DSH) payments) or state directed payments?

• How can CMS help states better prevent, identify, and address fraud, waste, and abuse in section 1915 waiver programs or section 1115 demonstration programs?

• What incentives could be put in place for states to proactively engage in program integrity efforts, and what new penalties might be necessary to address non-compliance by states?

**M. Federally Facilitated Exchange (FFE) and State-Based Exchanges (SBEs)**

• How could CMS strengthen program integrity, including fraud prevention and consumer protection, in both the FFE and SBEs by—(1) better leveraging existing regulatory oversight authority; and (2) identifying areas where additional regulatory authority may be needed?

• How could CMS improve regulations to strengthen oversight of agents, brokers, web-brokers, and direct enrollment entities including compliance standards, training, and fraud prevention in both the FFE and SBEs?

• How could CMS expand its regulatory authority to incentivize insurance agencies to thoroughly vet assigned agents, brokers, and web-brokers assisting consumers with enrollment in FFE plans and hold agencies accountable for activities relating to these individuals?

• What specific measures could CMS implement to better curtail the ability of fraudulent agents, brokers, and web-brokers to enroll or change the enrollment of consumers without their knowledge or consent?

• How can CMS strengthen its enforcement activities to better address fraud, waste, and abuse in the FFE and SBEs?

• How could CMS strengthen its standards for corrective action and for suspension or termination of agents', brokers', and web brokers' Exchange Agreements [^10] and what circumstances should trigger each type of action? Should CMS consider additional use of civil money penalties? If so, under what circumstances?

[^10] Exchange Agreements are also called Marketplace Agreements.

• How could CMS improve the accuracy, timeliness, fraud prevention, and any other aspects related to program integrity in income verification for FFE enrollees?

• What successful anti-fraud measures already implemented in SBEs should be adopted in the FFE and vice versa?

• How could CMS enhance *HealthCare.gov* to prevent fraud at the point of enrollment and reduce reliance on post-payment recovery (commonly referred to as “pay-and-chase”), and how could CMS most effectively encourage SBEs to adopt best practices for such fraud prevention within their legal and other authority?

• How could CMS expand its regulatory authority to enhance oversight of enhanced direct enrollment (EDE) partners?

• How could CMS expand its authority to monitor the activity of agents/brokers on EDE platforms?

• How could CMS better detect and mitigate improper dual enrollment in Medicaid/CHIP and subsidized Exchange plans?

• How could CMS leverage advanced technologies, such as AI, to prevent, detect, and address fraud, waste, and abuse in both the FFE and SBEs?

**III. Collection of Information Requirements**

This is an RFI only. In accordance with the implementing regulations of the Paperwork Reduction Act of 1995 (PRA), specifically 5 CFR 1320.3(h)(4), this general solicitation is exempt from the PRA. Facts or opinions submitted in response to general solicitations of comments from the public, published in the *Federal Register* or other publications, regardless of the form or format thereof, provided that no person is required to supply specific information pertaining to the commenter, other than that necessary for self-identification, as a condition of the agency's full consideration, are not generally considered information collections and therefore not subject to the PRA.

This RFI is issued solely for information and planning purposes; it does not constitute a Request for Proposal (RFP), applications, proposal abstracts, or quotations. This RFI does not commit the U.S. Government to contract for any supplies or services or make a grant award. Further, we are not seeking proposals through this RFI and will not accept unsolicited proposals. Responders are advised that the U.S. Government will not pay for any information or administrative costs incurred in response to this RFI; all costs associated with responding to this RFI will be solely at the interested party's expense. We note that not responding to this RFI does not preclude participation in any future procurement, if conducted. It is the responsibility of the potential responders to monitor this RFI announcement for additional information pertaining to this request. In addition, we note that CMS will not respond to questions about the policy issues raised in this RFI.

We will actively consider all input as we develop future regulatory proposals or future subregulatory policy guidance. We may or may not choose to contact individual responders. Such communications would be for the sole purpose of clarifying statements in the responders' written responses. Contractor support personnel may be used to review responses to this RFI. Responses to this notice are not offers and cannot be accepted by the Government to form a binding contract or issue a grant. Information obtained as a result of this RFI may be used by the Government for program planning on a non-attribution basis. Respondents should not include any information that might be considered proprietary or confidential. This RFI should not be construed as a commitment or authorization to incur cost for which reimbursement would be required or sought. All submissions become U.S. Government property and will not be returned. In addition, we may publicly post the public comments received, or a summary of those public comments.

Mehmet Oz, Administrator of the Centers for Medicare & Medicaid Services, approved this document on February 20, 2026.

Robert F. Kennedy, Jr.,

Secretary, Department of Health and Human Services.