FY 2025 Was a Record Year for Healthcare Fraud Enforcement

$6.8B in FCA recoveries. Labs are a primary target. Is your program current?

FY 2025 was a record year for healthcare fraud enforcement—and labs were a primary target.

The Department of Justice announced $6.8 billion in False Claims Act settlements and judgments, the highest annual total in the statute's history. Over $5.7 billion came from healthcare matters alone. Whistleblowers filed a record 1,297 qui tam lawsuits, and DOJ opened 401 new investigations. The message is clear: enforcement is expanding, scrutiny is intensifying, and compliance gaps that went unnoticed for years are now creating material exposure.

For clinical laboratories, the enforcement landscape has shifted. Traditional billing and medical necessity issues remain targets, but DOJ and OIG are now pursuing sales compensation structures, third-party arrangements, AI-assisted coding, and cybersecurity compliance with equal focus.

If your compliance program hasn't been reviewed against current enforcement priorities, you're operating with outdated protection.

Compliance Areas Under Heightened Scrutiny in 2026

🔍 Sales compensation structures — EKRA enforcement is accelerating. Unlike the Anti-Kickback Statute, EKRA has no safe harbor for volume-based compensation to employees. Percentage-based pay to marketers creates criminal exposure—not just civil liability.

🔍 Medical necessity documentation — Blanket testing orders without individualized patient determinations remain a top enforcement focus. Labs that rely on standing orders or panel-based testing without documented clinical justification face significant risk.

🔍 Third-party billing arrangements — Improper relationships with billing vendors, collection agencies, and revenue cycle partners are drawing increased attention. If your billing partner's compensation is tied to collections, the arrangement warrants review.

🔍 AI and data integrity — Labs using AI for coding, documentation, or result interpretation face new scrutiny around accuracy, validation, and human oversight. DOJ is now using AI and advanced analytics to identify fraud patterns—and expects labs to have controls around their own AI use.

🔍 Cybersecurity compliance — The Illumina $9.8 million settlement for cybersecurity vulnerabilities signals that data security is now an FCA enforcement theory. Labs handling patient data and federal program claims need documented security controls.

6 Best Practices for Strengthening Your Lab Compliance Program

1️⃣ Audit Your Sales Compensation Against EKRA Requirements

Review every compensation arrangement with sales representatives, account managers, and third-party marketers. If any element ties pay to test volume, referrals, or revenue—even for W-2 employees—you have EKRA exposure. Unlike AKS, there is no employee safe harbor under EKRA.

2️⃣ Document Medical Necessity at the Individual Patient Level

Ensure every test order is supported by documentation showing why that specific test was medically necessary for that specific patient. Standing orders, reflex panels, and "routine" testing protocols require clinical justification that auditors can trace to the patient record.

3️⃣ Review Third-Party Billing and Collection Arrangements

Examine contracts with billing vendors, collection agencies, and revenue cycle partners. Compensation structures tied to collections or revenue percentages can create kickback exposure. Ensure arrangements reflect fair market value for services actually rendered.

4️⃣ Establish AI Governance and Validation Protocols

If you're using AI for coding suggestions, documentation assistance, or clinical decision support, document your validation process, accuracy monitoring, and human oversight requirements. AI-generated errors that result in false claims create the same liability as human errors—potentially more if you can't demonstrate reasonable controls.

5️⃣ Conduct an Annual Compliance Program Effectiveness Review

Don't just update your policies—test whether they're working. Review a sample of claims against documentation. Interview staff on compliance awareness. Assess whether your hotline is being used. OIG's compliance guidance emphasizes that programs must be "effective," not just present.

6️⃣ Update Your Risk Assessment for 2026 Enforcement Priorities

Your compliance workplan should reflect current DOJ/OIG focus areas, not last year's priorities. Add EKRA, cybersecurity, AI governance, and third-party arrangements to your annual risk assessment if they're not already there.

Where LabMetrics Consulting Can Help

At LabMetrics Consulting, we help labs build compliance programs that reflect current enforcement realities—not outdated checklists. Our team combines regulatory expertise with operational understanding to identify where exposure exists and how to address it.

Our compliance services include:

✅ OIG compliance audits and scorecards — Structured assessment against current enforcement priorities

✅ EKRA compensation reviews — Sales and marketing arrangement analysis for criminal exposure

✅ Mock inspections — CAP, CLIA, and state-specific survey preparation

✅ Compliance workplan development — Annual planning aligned with DOJ/OIG focus areas

✅ Third-party arrangement reviews — Billing vendor, collection agency, and partner contract analysis

✅ AI governance framework development — Validation, oversight, and documentation protocols

✅ Corporate Integrity Agreement (CIA) support — For labs under enhanced compliance obligations

What Labs Typically See: Compliance assessments often identify 3–5 material exposure areas that weren't on leadership's radar—particularly around sales compensation, third-party arrangements, and documentation gaps. Labs that address these proactively avoid the average $2–5 million settlement costs and reputational damage that come with enforcement actions.

Your Next Step

OIG is releasing updated compliance guidance for clinical laboratories in 2026. If your program hasn't been reviewed against current enforcement priorities, now is the time.

Ready to pressure-test your compliance program? Let's talk.

P.S. Whistleblowers filed a record 1,297 qui tam lawsuits in FY 2025, and $5.3 billion in recoveries came from those cases. Your next compliance issue may already be documented by someone inside your organization.

LabMetrics Consulting | Compliance, Revenue Cycle Optimization & Strategic Planning