DOJ FCA Enforcement Is Escalating: 5 Compliance Risks to Watch

The Department of Justice just reported another record-breaking year for False Claims Act (FCA) enforcement, and healthcare organizations once again accounted for the overwhelming majority of recoveries.

In fiscal year 2025 alone, DOJ announced more than $6.8 billion in FCA settlements and judgments, with approximately $5.7 billion tied to healthcare-related cases. Whistleblower lawsuits reached historic highs, while government-initiated investigations continued to increase as regulators rely more heavily on data analytics and proactive enforcement strategies.

For compliance teams, the message is clear: enforcement is evolving, scrutiny is intensifying, and organizations need compliance programs that are proactive, measurable, and operationally effective.

Here’s a quick breakdown of five False Claims Act risk areas from our webinar on this topic.

1. Medicare Advantage & Risk Adjustment Scrutiny

Medicare Advantage enforcement remains one of the government’s top priorities, particularly around risk adjustment and diagnosis coding practices.

Several recent DOJ settlements focused on allegations involving:

• Unsupported diagnosis codes
• Retrospective chart reviews
• Improper provider queries
• Inflated risk scores designed to increase reimbursement

Importantly, enforcement is no longer limited to payers. Physician groups, health systems, and provider organizations are increasingly being pulled into these investigations as the government examines how diagnoses are documented, validated, and submitted.

One key takeaway from recent enforcement activity is that regulators are paying close attention to whether organizations are intentionally influencing documentation practices to maximize reimbursement.

Questions Compliance Teams Should Ask

• Are diagnosis codes clinically supported?
• Are retrospective reviews independently validated?
• Are provider query practices appropriately governed?
• Are risk adjustment audits part of the annual audit plan?

Organizations should assume that diagnosis trends and coding patterns are being actively analyzed by regulators.

2. Medical Necessity & Utilization Patterns

Medical necessity remains a foundational FCA enforcement area, and one that continues expanding in scope.

Recent cases highlighted allegations involving:

• Medically unnecessary procedures
• Improper inpatient admissions
• Modifier 25 misuse
• Upcoding
• Overutilization of higher-paying services

In many cases, the government alleged that organizations financially benefited from billing patterns that were not adequately supported by documentation or clinical necessity.

Modifier 25 continues to receive significant attention, particularly when evaluation and management (E/M) services are billed alongside procedures. Likewise, inpatient admission decisions remain heavily scrutinized under Medicare rules.

Compliance teams should recognize that coding accuracy alone is not enough. Increasingly, enforcement focuses on whether services were medically appropriate in the first place.

Questions Compliance Teams Should Ask

• Are audits evaluating medical necessity, not just coding accuracy?
• Are high-risk modifiers being monitored routinely?
• Are utilization trends benchmarked against peers?
• Are inpatient admissions being reviewed for appropriateness?

Including clinical expertise in audit processes is becoming increasingly important, particularly for high-risk specialties and service lines. Compliance Manager supports these efforts by allowing teams to manage internal and external audits, track remediation activities, and maintain documentation within a single system.

3. Prescription Drug & Anti-Kickback Risk

DOJ continues aggressively pursuing FCA cases tied to prescription drugs, manufacturer relationships, and anti-kickback allegations.

Recent settlements involved allegations related to:

• Improper financial assistance arrangements
• Co-pay assistance programs
• Pricing practices
• Financial inducements tied to federal healthcare program business

These cases reinforce an important compliance reality: arrangements that appear commercially reasonable may still create significant risk if they influence federally reimbursed care.

The government has repeatedly emphasized that it will “follow the money,” particularly when financial relationships could impact prescribing behavior, referrals, or reimbursement.

Questions Compliance Teams Should Ask

• Are financial relationships regularly reviewed for compliance risk?
• Are co-pay assistance arrangements appropriately structured?
• Are contracts and incentives reviewed through a compliance lens?
• Are high-risk vendor and manufacturer relationships audited?

Organizations should ensure compliance teams are actively involved in evaluating operational and financial arrangements, not simply reviewing them after issues emerge. Compliance Manager’s third-party management capabilities help organizations maintain visibility into vendor relationships, contract timelines, oversight activities, and related compliance documentation.

4. Quality of Care & Substandard Care Allegations

One of the most significant shifts in FCA enforcement is the increasing focus on quality and patient safety.

Historically, many organizations viewed quality oversight and compliance oversight as separate functions. Regulators no longer see them that way.

Recent enforcement actions included allegations involving:

• Infection control failures
• Inadequate staffing
• Unsafe patient conditions
• Grossly substandard care

The government’s position is increasingly clear: billing federal healthcare programs for services that fail to meet basic standards of care may constitute a False Claims Act violation.

This is especially important for nursing facilities, long-term care organizations, behavioral health settings, and other high-risk care environments.

Questions Compliance Teams Should Ask

• Does compliance collaborate with quality and patient safety teams?
• Are quality concerns incorporated into risk assessments?
• Are incident trends escalated appropriately?
• Are patient safety issues tracked through corrective action workflows?

Organizations that treat quality and compliance as disconnected programs may be leaving significant risk gaps unaddressed.

5. Weak Internal Reporting & Reactive Compliance Programs

Whistleblower activity continues rising year after year, and many FCA investigations begin because employees feel they have nowhere else to report concerns.

At the same time, DOJ and OIG continue emphasizing what an “effective compliance program” should look like:

• Well-designed
• Adequately resourced
• Operational in practice
• Continuously monitored and improved

Policies sitting on a shelf are not enough.

Regulators increasingly expect organizations to demonstrate:

• Ongoing risk assessments
• Meaningful auditing and monitoring
• Consistent investigations
• Corrective action management
• Accessible reporting mechanisms
• Leadership engagement

Risk assessments, in particular, are receiving greater emphasis than ever before. OIG now explicitly includes “Risk Assessment” within the auditing and monitoring element of compliance program guidance.

Questions Compliance Teams Should Ask

• Do employees trust internal reporting channels?
• Are reports investigated consistently?
• Are corrective actions documented and tracked?
• Is the audit plan tied directly to organizational risk?
• Could the organization demonstrate compliance effectiveness to regulators today?

The most effective compliance programs are proactive, data-driven, and integrated into operational decision-making, not reactive programs that only respond after problems surface. Compliance Manager centralizes reporting, investigations, risk assessments, audits, corrective actions, and documentation, making it easier to demonstrate consistency, accountability, and program effectiveness.

Final Thoughts

False Claims Act enforcement is not slowing down. In fact, recent DOJ activity suggests the opposite: broader investigations, more whistleblower activity, heavier reliance on data analytics, and expanding scrutiny into areas like quality of care and operational oversight.

For compliance leaders, this creates both pressure and opportunity. Organizations that invest in strong risk assessments, targeted auditing, specialized compliance management software, and cross-functional collaboration will be better positioned not only to reduce enforcement risk, but also to strengthen overall organizational integrity.

To download this blog post as a pdf, fill out the form below.