Lessons from the Frontlines: A Case Study in Medical Necessity Enforcement 

About the Medical Necessity Series 

This is the third in our series of articles on medical necessity. In the first, we described the compliance risks associated with submission of claims for medically unnecessary services.   

In the second, we highlighted a case where an organization of long-term care hospitals were alleged to have violated the Federal False Claims Act (FCA) for holding patients in the hospital longer than medically necessary to increase reimbursement from Medicare. 

In this next article, we spotlight another recent example of a healthcare provider entity agreeing to pay a six-figure sum to resolve allegations of submission of claims for medically unnecessary services1.  This time, the providers consisted of three affiliated skilled nursing facilities (SNF) that were alleged to have submitted claims for medically unnecessary rehabilitation services.   

False Claims Act Metrics Make Significance Clear 

The Department of Justice has reported that False Claims Act settlements and judgments reached $6.8 billion in Fiscal Year 2025. Over $5.7 billion of that total was derived entirely from the healthcare sector. Most of these healthcare recoveries stem from whistleblower lawsuits targeting corporate billing schemes, upcoding, and medically unnecessary services. 

Case Involves SNF Reimbursement Dispute Over Therapy Services 

For the period in question, skilled nursing facilities (SNFs) were reimbursed for therapy services based on a patient’s resource utilization group (RUG). The RUG was determined by the amount of services the patient received, such as: 

  •  Physical therapy 
  • Occupational therapy  
  • Speech pathology services 

In short, the more services provided, the higher the reimbursement.  However, as discussed in our two prior articles, if the services don’t meet medical necessity requirements, they should not have been performed or billed in the first place. 

Whistleblower Lawsuit Triggers Investigation 

As is frequently the case, these allegations were first brought forth through a qui tam, or whistleblower, lawsuit. The whistleblower, or relator, claimed the defendants implemented a five-pronged scheme to fraudulently bill for unnecessary “Ultra High Rehab,” (the most intensive therapy provided by SNFs) and to keep patients in Ultra High Rehab for longer than necessary. 

The five prongs of the alleged scheme were: 

  1. Pressure to perform excessive, unnecessary services: The organization’s leadership exerted pressure on therapy staff to administer excessive Ultra High Rehab and to do so for longer than necessary.   

This pressure was exerted not only by administrators who oversaw SNF operations, but also by regional directors of operations who managed the facility administrators. Such pressure was also exerted by directors of rehab (DORwho managed therapists at each facility, and regional managers who directly managed the DORs.  

whistleblowers in medical necessity

In other words, management, from top to bottom, spoke to therapists and staff in one voice: increase Ultra High Rehab, regardless of patient need. 

  1. Financial vs. medical reasons to provide care:  Instead of letting therapists determine the appropriate level of therapy needed based on their professional evaluation, leadership insisted that each patient’s level of therapy be at least in part determined by whether the patient qualified for lucrative Medicare Part A benefits. 
  1. Care for functional patients: The organizations pressured therapists to continue providing therapy to patients who were fully functional and in no way required intensive therapy. A scheme called “Bridge to Success” was employed which mandated an additional week of Ultra High Rehab be tacked on even after patients were ready for discharge. 
  1. Too sick for care: The organizations pressured therapists to provide therapy to patients who were too sick to benefit from therapy and even to patients who were actually harmed by it.  

Since therapy minutes were dictated by management and not assigned based on the professional opinion of evaluating therapists, patients ended up receiving more therapy than they could tolerate, including instances where therapy was forced on patients about to pass away. 

  1. Maximizing minutes: The focus on maximizing therapy minutes to hit therapy goals also resulted in leadership encouraging an array of fraudulent billing practices. 

This included: 

  • Billing non-therapeutic minutes as therapy  
  • Allowing therapists to bill for therapy without actually providing it 
  • Encouraging therapists to bill evaluation sessions as therapy. 

Widespread Occurrences Involve $14.6+ Billion in Alleged Intended Losses 

Federal enforcement actions emphasize the commonality of these practices. The 2025 National Health Care Fraud Takedown alone resulted in criminal charges against 324 defendants nationwide, involving over $14.6 billion in alleged intended losses tied to fraudulent billing and medical necessity abuses. 

The most compelling argument for compliance leaders is that medical necessity fraud carries dual liability: 

  • Financial Risk: Organizations face mandatory treble damages (three times the government’s actual loss) plus steep statutory penalties for every individual false claim submitted. 
  • Human Risk: Unlike administrative billing errors, medical necessity fraud directly compromises patient care. Overutilization exposes vulnerable patients to unnecessary, exhausting or potentially harmful procedures simply to satisfy corporate revenue targets. 
medical necessity fraud and liability image

Three Takeaways from Medical Necessity Cases 

Much can be learned from the themes of these allegations, even if your organization isn’t an SNF or doesn’t provide therapy services. Medical necessity requirements are common across most healthcare organizations. 

Key lessons from this case include: 

  1. Decisions about billing for medical care provided need to be based on clinical and regulatory requirements, especially coverage requirements from Medicare and Medicaid, for example.   Such requirements often include statutes about: 
  1. Regular, focused compliance coding and billing audits may identify aberrant practices. This is especially true for services whose corresponding medical documentation doesn’t support compliance with coding or billing rules.   
     
    For example, Medicare reimbursement rules state that routine, non-skilled services aren’t separately reimbursable. In this case, it was alleged that one therapy assistant was coached to include in therapy minutes the time it took him to arrive at a patient’s room starting with the moment he left the therapy department. 
     
  1. Use data analytics to identify outliers. Most whistleblower cases alleging medically unnecessary services are brought by an individual with knowledge from inside the organization. Many times, the individual is a physician, nurse or other clinician with medical expertise.   
     
    This case was different. It was filed by a private analytics firm using publicly available data. Though rare, these cases do exist. If a private firm using public data could find the alleged aberrations, one would hope the organization’s own compliance professionals would be able to find similar aberrations if given the resources to look.  Additionally, the government is using data analytics to identify cases they want to pursue as well. 

Apply These Takeaways to Your Own Regulatory Compliance Program 

False Claims Act allegations alleging a lack of medical necessity can take many forms. The kind of service or type of provider may also vary, but these key themes appear in many cases. The astute compliance professional will learn from them and apply the principles to the operations and services provided at their own healthcare organization. 

The claims resolved by the settlement are allegations only, and there has been no determination of liability. 


Missed the first two installments? Start with CJ Wolf’s overview of medical necessity compliance risk, then read the second article on a False Claims Act case involving medically unnecessary hospital stays. This third installment continues the series with a recent SNF enforcement example and practical red flags compliance teams can monitor.

First installment downloadable guide is available below:

Second installment downloadable guide is available below:

Medical Necessity: A Guide for Healthcare Compliance Leaders 

CJ Wolf, MD, M.Ed. medical necessity series

This is the first article in a series on medical necessity — an area that many compliance programs struggle with. In this piece, we explain the medical necessity compliance risk in general, while subsequent articles highlight specific examples of enforcement actions experienced by medical providers such as hospitals and health systems. 

Continue reading

OIG Cites Fraud, Waste and Abuse Concerns with Skin Substitutes 

compliance risk for OIG skin sub

Many compliance professionals rely on HHS OIG focus areas as they perform risk assessments and plan subsequent auditing and monitoring activities. In November 2024, the OIG added an item to their Work Plan describing their intention to review Medicare Part B payments for skin substitutes.  

This blog explores the implications for compliance and what health systems need to be aware of.  

Continue reading

How to Avoid Compliance Risk in Peripheral Vascular Reimbursement  

How to Avoid Compliance Risk in Peripheral Vascular Reimbursement

Peripheral vascular disease (PVD) reimbursement is fraught with potential compliance pitfalls. With increased scrutiny and worrisome statistics about improper payments, healthcare providers must identify and mitigate any PVD compliance risks that could jeopardize their operations.

This expert-written blog addresses the pressing concern of compliance risks in PVD reimbursement. It provides insights into regulatory trends, recent investigations and best practices.

Equip yourself with the knowledge to navigate this complex environment and safeguard your organization’s reputation and financial sustainability. Learn effective strategies to mitigate compliance risks in peripheral vascular reimbursement by focusing on medical necessity and adherence to guidelines.

Continue reading

Three Strategies to Align Compliance with Revenue Cycle 

align compliance with revenue cycle

The revenue cycle is the process that starts with a patient’s initial appointment and ends with full payment for services. It encompasses all the administrative and clinical functions that contribute to collecting patient service revenue.  For healthcare organizations that provide services to patients, the revenue cycle is the organization’s financial lifeblood. 

Continue reading

Four Ways to Integrate Compliance with Safety/Quality Efforts 

four ways to integrate compliance with safety/quality efforts

Traditionally, many healthcare compliance programs have left the work of patient safety and quality to other departments. However, according to the Health and Human Services (HHS) Office of Inspector General (OIG), “Entities should incorporate patient safety/quality oversight into their compliance programs.”   

OIG’s recent emphasis on patient safety and quality is not necessarily a call for compliance programs to take over these efforts. Rather, it’s a reminder that a compliance program should be designed to address the significant risks health care organizations face, which includes patient safety and quality of care.  

How to Incorporate Quality and Safety into Compliance Practices 

How can your compliance program answer the OIG’s call and include patient safety and quality in your oversight efforts? This blog explores four practices to integrate safety/quality concerns into compliance practices. 

1. Build a Strong Compliance Committee 

2. Provide Safe Reporting for Safety/Quality Concerns 

3. Get Your Governing Board Involved with Quality of Care 

4. Nurture Relationships with Quality and Safety Leaders 

Four Ways to Drive Greater Connection Between Compliance and Safety/Quality 

1. Build a Strong Compliance Committee 

Most mature compliance programs have a compliance committee in some form or fashion. To build stronger safety and quality representation, include individuals responsible for quality assurance and patient safety as members of the committee. 

A strong compliance committee should ensure that appropriate auditing and monitoring of patient safety and quality take place on a regular basis. The OIG goes as far as suggesting that “Compliance committees of entities directly furnishing patient care, particularly entities such as hospitals, long-term care facilities, and other entities providing residential care, should also assess staffing for nursing, therapy, and other clinical services to ensure that the entity has the appropriate quantity, quality, and composition of care providers.” 

2. Provide Safe Reporting for Safety and Quality Concerns 

Compliance programs establish lines of communication for reporting concerns, and anyone aware of patient safety or quality concerns must know how to report such incidents or issues. They must also have confidence they won’t face retaliation.  

Awareness of incidents involving safety or quality is often the first step in developing a correction plan, so it’s essential that those who report know how their information is protected. 

Steps have been taken at the federal level to encourage reporting and analysis of medical errors. The Patient Safety Act and Rule provide federal privilege and confidentiality protections for patient safety information called the Patient Safety Work Product (PSWP). PSWP includes data, reports, records, analyses and written or oral statements related to patient safety events.  

More about the types of protections at the federal level can be found here: https://www.hhs.gov/hipaa/for-professionals/patient-safety/index.html  

safety/quality image

 

3. Get Your Governing Board Involved with Quality of Care 

Governing boards of healthcare entities have ultimate accountability for ensuring quality of care, and their involvement can also ultimately benefit compliance outcomes.  

There are many resources available to educate your board on their responsibilities related to quality. These include: 

Read and share these with board members to help them stay informed more easily.  

4. Nurture Relationships with Quality and Safety Leaders 

Compliance departments aren’t expected to take over the detailed, day-to-day management of quality and patient safety programs. However, it’s essential that compliance leaders develop productive working relationships with leaders and in-house experts within the organization’s quality and patient safety programs

One way to develop productive working relationships is to better understand what quality and safety leaders do. A good resource for learning more about the standards, goals and language often used by quality and safety leaders is the Institute for Healthcare Improvement or IHI (https://www.ihi.org/).  

compliance and quality/safety

This organization offers both introductory, intermediate and advance learning opportunities for those who want to become better-versed in quality and patient safety topics. The IHI Open School (https://www.ihi.org/education/ihi-open-school) is a great place to start. And for those looking for more formal recognition, the IHI offers certifications, such as the Certified Professional in Patient Safety (CPPS)™. 

Compliance, Quality and Safety — Together for Common Good 

The call for compliance programs to become more involved in an organization’s patient safety and quality efforts is getting louder from agencies such as the OIG. It’s also smart business practice.  

In summary, this blog has covered four ways to begin the process: 

  • Considerations for your compliance committee 
  • Ensuring confidentiality of incident reports 
  • Involving the governing board  
  • Broaden understanding of what safety/quality leaders do 

With these practices in your toolkit, you’ll be on the path to a stronger, more effective compliance program.  

And to help with overall regulatory analysis and operations, learn more about how YouCompli compliance software can support your mission. The tools include capabilities to easily map and track responsibilities across functions.  


CJ Wolf, MD, M.Ed. is a healthcare compliance professional with over 22 years of experience in healthcare economics, revenue cycle, coding, billing, and healthcare compliance. He has worked for Intermountain Healthcare, the University of Texas MD Anderson Cancer Center, the University of Texas System, an international medical device company and a healthcare compliance software start up. Currently, Dr. Wolf teaches and provides private healthcare compliance and coding consulting services as well as training.   


Resources for healthcare compliance professionals

Compliance professionals sometimes feel undervalued in comparison to other functions in their organization. They think leaders and colleagues don’t really understand what they do.  

These resources will help. Packed with ideas, tips and recommendations, these pieces were written by professionals with many years of compliance experience. 

You can quickly skim for articles that relate to your needs and interests. Bookmark this page as a reference for future questions or projects.


Download our Latest Whitepaper
Sign-up for our Weekly Newsletter
Qualified compliance professionals do the heavy lifting for you, simplifying regulatory change management  
15 minute youcompli demo