CMS Audits Are Evolving: What Home Health and Hospice Providers Need to Know About Today’s Enforcement Environment

Emma S. Bekhet, Christopher S. Mayer and Alex Keoskey

Article

As the Centers for Medicare & Medicaid Services (CMS) continues to expand its use of data analytics and targeted enforcement, home health and hospice providers face a regulatory landscape that looks very different from just a few years ago. Audits are becoming more sophisticated, ownership changes receive heightened scrutiny, and providers increasingly find themselves selected for review based on perceived risk rather than evidence of fraud. Increasingly, CMS is relying on front-end program integrity tools that can delay or suspend Medicare billing long before a traditional post-payment audit would have occurred.

During the Home Care & Hospice Association of New Jersey (HCHANJ) 2026 Annual Conference, several important themes emerged regarding CMS’s evolving audit and enforcement priorities and the steps providers should take now to reduce regulatory risk. Every home health and hospice organization should be paying close attention to these developments.

Not All CMS Audits Are the Same

One of the biggest mistakes providers make is treating every CMS audit the same. In reality, CMS employs multiple audit programs, each designed to address different concerns and each requiring a different response strategy. Beyond PPEO and TPE audits, providers may also encounter Supplemental Medical Review Contractor (SMRC), Recovery Audit Contractor (RAC), and Comprehensive Error Rate Testing (CERT) reviews, each with its own scope and operational impact.

For providers opening a new location, completing a change of ownership (CHOW), or enrolling a new agency, the Provisional Period of Enhanced Oversight (PPEO) presents one of the greatest operational challenges. These audits subject providers to heightened scrutiny during the provisional enrollment period and may include payment holds while CMS evaluates compliance. For organizations investing significant capital into growth, delayed Medicare reimbursement can quickly create serious cash-flow challenges.

By contrast, Targeted Probe and Educate (TPE) audits are intended to identify billing and documentation deficiencies while giving providers an opportunity to improve. However, many organizations underestimate how quickly these audits can escalate. Providers generally receive up to three rounds of review before CMS considers additional enforcement activity, including overpayment determinations or referrals for further investigation.

Many providers also experience what has become known as audit fatigue. Simultaneous audits, documentation requests, and record production requirements consume valuable clinical and administrative resources. Ironically, the effort required to respond to one audit can strain operations enough to create new documentation deficiencies that trigger additional scrutiny.

Understanding which audit program you are facing is often the first step toward developing an effective response.

Data Analytics and Documentation Are Driving CMS Enforcement

Today’s CMS enforcement model is increasingly data driven. Provider selection is rarely random.

CMS continuously analyzes Medicare claims data using sophisticated predictive analytics designed to identify billing anomalies, utilization trends, and other statistical outliers that may warrant additional review. Rapid growth, unusually high utilization patterns, high live-discharge rates in hospice, extended lengths of stay, or significant changes in billing practices may all trigger closer examination. Sudden changes in ownership, management, or control may also independently increase CMS scrutiny.

Importantly, none of these indicators necessarily suggests fraud. A provider may experience legitimate growth because of expansion into a new market, successful outreach efforts, or increased patient demand. However, when growth is not supported by consistent, individualized clinical documentation, it can quickly become a compliance concern.

Recent hospice enforcement actions illustrate this point. CMS has revoked Medicare billing privileges for providers whose documentation failed to adequately support hospice eligibility, even where allegations centered on documentation deficiencies rather than intentional fraud. Eligibility determinations must be supported by individualized clinical findings and contemporaneous documentation, not generalized certifications or retrospective justifications after a patient’s condition declines.

Larger organizations face additional challenges because CMS increasingly evaluates data across multiple locations rather than viewing each agency independently. Documentation inconsistencies or elevated risk indicators that appear isolated at one location may reveal broader compliance concerns when analyzed across an enterprise.

For expanding organizations, compliance can no longer operate independently at each branch. Standardized documentation practices, centralized oversight, and enterprise-wide quality assurance have become essential components of an effective compliance program.

Growth Through Acquisition Brings New Regulatory Risks

Mergers and acquisitions remain common throughout the home health and hospice industry, but today’s regulatory environment demands that providers look beyond financial due diligence.

Following a CHOW, CMS frequently initiates PPEO audits focused on documentation quality, billing practices, and ownership affiliations. New owners often discover that inherited compliance problems become their responsibility shortly after closing.

Regulatory diligence should therefore include far more than reviewing financial performance. Organizations should also evaluate historical claims data, prior audit findings, documentation practices, ownership affiliations, and the effectiveness of clinical and compliance processes before completing a transaction. Buyers should carefully evaluate prior audit activity, Medicare enrollment history, documentation practices, ownership affiliations, staff credentials, and any previous enforcement actions before completing a transaction.

Providers should also recognize the growing importance of CMS’s expanded affiliation authority. Under current regulations, CMS may consider an organization’s relationships with owners, officers, directors, managing employees, or other affiliated individuals when evaluating enrollment and billing privileges. In some circumstances, affiliations with previously sanctioned entities or individuals can create significant regulatory exposure, even if the underlying conduct occurred years earlier.

These developments make continuous compliance monitoring increasingly important. Organizations should regularly screen owners, board members, managing employees, and medical directors against available federal exclusion and preclusion databases rather than limiting screening to the hiring process. Addressing potential affiliation issues proactively is almost always less costly than responding to them during an active CMS investigation.

Preparation Is the Best Defense

One of the clearest lessons from recent enforcement actions is that providers cannot afford to wait until they receive an audit notice before preparing their response.

The timeline from audit initiation to payment suspension, revocation, or other enforcement action can move much faster than many organizations expect. Appeal deadlines are short, documentation requests are extensive, and operational demands continue while providers attempt to respond.

Every home health and hospice organization should have a written audit response plan in place before it is needed. That plan should identify who communicates with CMS, how documents will be preserved and produced, when healthcare regulatory counsel should become involved, and how leadership will coordinate clinical, operational, and legal responsibilities throughout the audit process.

Providers should also regularly evaluate their own billing and utilization data using the same proactive mindset CMS employs. Identifying unusual trends internally, and confirming that documentation supports legitimate business growth, can often prevent small issues from becoming much larger regulatory problems.

Ultimately, the providers best positioned to navigate today’s enforcement environment are those that view compliance as an ongoing operational function rather than a reaction to government scrutiny. Leadership and governing boards should view CMS audits as enterprise-wide business risks rather than isolated compliance events. Investing in proactive oversight today protects not only reimbursement but also organizational continuity, reputation, and future transaction readiness. Strong documentation, consistent internal oversight, thoughtful regulatory diligence, and proactive planning remain the most effective tools for reducing enforcement risk.

How Frier Levitt Can Help

CMS’s enforcement priorities continue to evolve, and providers must evolve with them. Whether responding to an audit, preparing for a change of ownership, or strengthening an existing compliance program, experienced legal counsel can help organizations identify risks before they become enforcement actions.

Frier Levitt’s Healthcare Regulatory attorneys regularly represent home health agencies, hospice providers, healthcare investors, and post-acute care organizations in Medicare audits, enrollment disputes, payment suspensions, revocations, administrative appeals, and regulatory compliance matters. We also advise clients on healthcare transactions, regulatory due diligence, and post-acquisition compliance strategies designed to mitigate risk and support long-term operational success.

If your organization is evaluating its compliance program, preparing for an acquisition, or responding to CMS scrutiny, our team is ready to help you navigate today’s increasingly complex regulatory landscape.