CMS releases RFI for CRUSH efforts with focus on DMEPOS suppliers: Key topics

On February 27, 2026, the Centers for Medicare and Medicaid Services (CMS) published a Request for Information (RFI) in the Federal Register to gather stakeholder feedback on 13 topics that may be included in a potential upcoming proposed set of rules, referred to as the Comprehensive Regulations to Uncover Suspicious Healthcare (CRUSH).

The CRUSH RFI is part of the Trump Administration’s larger “commitment to preserve and protect the integrity of government programs,” which includes addressing waste, fraud, and abuse in federal healthcare programs such as Medicare and Medicaid, as evidenced in President Donald Trump’s June 2025 Presidential Memorandum. Comments on the CRUSH RFI are due by March 30, 2026.

CMS announced the CRUSH RFI in tandem with a recent initiative – the nationwide moratorium on Medicare enrollment for certain Durable Medical Equipment, Prosthetics, Orthotics, and Supplies (DMEPOS) suppliers – and is aimed to “crack down” on Medicare and Medicaid fraud.

The CRUSH RFI reflects an overall increased emphasis on addressing fraud detection and prevention in the Medicare and Medicaid programs and appears focused on DMEPOS suppliers in particular.

This alert highlights the key topics outlined in the CRUSH RFI and notable issues on which CMS is soliciting comment.

Specific program integrity initiatives

Modifications to program integrity requirements

CMS notes that it has historically relied on a wide array of methods to address fraud, waste, and abuse, such as provider enrollment criteria, payment suspensions, data analytics, pre-payment edits, audits, medical review, revocations, re-enrollment bans, coordination with law enforcement partners, and provider education.

As part of CRUSH, CMS is seeking feedback on how to more effectively use its existing statutory authority or alter current regulatory and sub-regulatory policies to increase the agency’s authority, flexibility, and enforcement reach. CMS has specifically asked whether it should expand its authority to direct Medicare Advantage Organizations (MAOs) and Part D sponsors to suspend payments to providers and suppliers, akin to its authority under Traditional Medicare (Parts A and B), signaling the agency’s interest in expanding its enforcement role.

Enhanced identity proofing and ownership requirements

Citing concerns about increased Medicare fraud by foreign actors and what it views as opaque ownership structures that hinder enforcement, CMS seeks comments on improving identity verification for individuals associated with Medicare-enrolled entities by imposing broader identification and disclosure requirements.

This includes, among other things, citizenship or legal resident requirements for individuals with 5-percent or greater ownership or control interest in Medicare-enrolled entities. It also includes potentially requiring managing employees, less-than-5-percent owners, or other individuals affiliated or working with an organization to undergo fingerprinting and criminal background checks.

CMS is interested in understanding challenges that such policies may have on entities with foreign parent companies, international investors, or legitimate cross-border structures.

Preclusion List and MAO enrollment requirements

The Preclusion List sets out providers and prescribers who are precluded from receiving payments for Medicare Advantage items and services furnished to Medicare beneficiaries. CMS has expressed doubt regarding the effectiveness of its current Preclusion List to adequately serve the needs of MAOs in identifying and preventing payments to providers and suppliers that may pose fraud, waste, or abuse risks. To address deficits identified by CMS in the Preclusion List, the agency has asked, among other things, whether it should require providers and suppliers to enroll in Traditional Medicare even if they are only participating in MAOs. Currently, this is not required; thus, CMS also appears interested in learning what operational, administrative, and financial impacts a requirement to enroll in Traditional Medicare would have on providers and suppliers that currently only bill MAOs.

Reducing risks from non-participating DMEPOS suppliers in MAOs

Following the Department of Health and Human Services Office of Inspector General’s (HHS OIG) 2024 report – finding that non-participating DMEPOS suppliers are fraudulently billing MAOs for unrendered or unnecessary services – CMS has asked, among other things, whether there are analytical techniques, models, or data sources that MAOs could utilize to detect and prevent fraudulent activity by non-participating DMEPOS suppliers. In parallel, CMS is seeking feedback on whether MAOs would prefer that DMEPOS suppliers be accredited and enrolled in a similar manner to Traditional Medicare in order to ensure that suppliers meet minimum supplier standards.

Reducing fraudulent Medicare Parts A and B claim submissions

CMS is considering shortening the claim filing deadline for certain Medicare Part A and Part B high-risk items and services (including, but not limited to, DMEPOS) from one year to a 90-to-180-day period. CMS has asked for feedback on whether a shortened claim filing period should apply to high-risk provider/supplier types, high-risk items or services, or all claims filed by specific providers who are high-risk; or, alternatively, whether it should apply to all items and services to reduce unnecessary administrative complexity. According to CMS, a shorter claim filing deadline would assist the agency in evaluating data, reduce providers’ ability to back-bill for fraudulent claims, and align with current norms in the private industry.

Beneficiary solicitation

CMS is evaluating whether to expand the existing DMEPOS beneficiary solicitation regulation, which prohibits suppliers from engaging in unsolicited contact with beneficiaries via telephone. Of particular note for DMEPOS suppliers is a potential expansion of the prohibition to forms of communication other than telephone (e.g., email, text message, social media) and to collaborations with marketing agencies or third parties. CMS may be considering pursuing potential legislation to extend the prohibition to other types of providers and suppliers. CMS’s questions in the RFI suggest that the agency may seek to evaluate the benefits of expanding the prohibition to additional forms of communication and additional types of providers or suppliers, while weighing those benefits against potential adverse impacts on affected entities’ ability to serve Medicare beneficiaries.

Beneficiary contact

To improve Medicare beneficiaries’ identification and reporting of suspicious or fraudulent services, items, and claims, CMS is seeking input on communication methods that could improve beneficiaries’ awareness, trust, and ease of reporting concerns about suspected fraud, waste, and abuse. Relatedly, CMS has also expressed interest in determining beneficiaries’ preferred methods of contact from CMS or its contractors about potentially suspicious claims or pre-payment verification requests and, in particular, including which forms of communication beneficiaries view as legitimate and trustworthy when action is required.

Surety bonds

According to the CRUSH RFI, CMS is looking to improve the surety bond requirement for DMEPOS suppliers and potentially expand the requirement to other types of Medicare providers and suppliers in response to bond companies that have reportedly failed to meet their obligations when fraud has been identified. Potential recommendations proposed by CMS include increasing the bond amount, taking more significant actions against bond companies that have not met their obligations when fraud has been found, and strengthening surety bond requirements in Medicaid and the Children’s Health Insurance Program (CHIP).

Other CRUSH topics

Reducing Medicare fraud related to laboratory tests, including genetic and molecular diagnostic tests

In January 2026, the HHS Office of Inspector General (OIG) issued a report showing substantial spending by Medicare Part B on lab tests, particularly on genetic tests, despite a low volume of such tests ordered. In response to this report, coupled with the United States Department of Justice’s enforcement actions against genetic testing fraud – including most recently in February 2026 – CMS seeks to continue using its Fraud Defense Operations Center to identify fraud and issue payment suspensions for genetic and molecular diagnostic testing.

In addition to considering expansion of statutory or regulatory authorities, the CRUSH RFI indicated the agency is interested in receiving feedback regarding tools and methods that payors and MAOs already know or use. In the RFI, CMS noted particular interest in requiring nationwide registration with the Molecular Diagnostic Services Program, also known as the MolDX Program.

AI in Medicare Advantage coding oversight and hospital billing

CMS is exploring how to use artificial intelligence (AI) for compliance oversight and to improve accuracy and efficiency in medical record review and hospital billing. The agency’s questions focus specifically on how AI can address coding issues for overpayments and underpayments, while also mitigating the risk of AI system errors or “hallucinations.”

Medicaid and CHIP

With ongoing investigations of fraud in state Medicaid and CHIP programs, CMS has asked how to improve its use of oversight authority and integrate AI technologies, with a specific focus on more frequent re-validation of “high-risk providers”; program access by individuals without “satisfactory immigration status”; improving the integrity of fee-for-service programs; and addressing fraud, waste, and abuse concerns in differential payments of public and private providers and non-federal share financing sources, such as inter-governmental transfers.

CMS is also seeking feedback on ways to improve the mitigation of and response to Medicaid and CHIP fraud in four “high risk” services: housing stabilization, behavioral health, personal care assistance, and non-emergency medical transportation services.

State-specific Medicaid and CHIP questions

In the CRUSH RFI, CMS expressed interest in addressing program integrity concerns with supplemental payments, Section 1915 waiver programs, and Section 1115 demonstration programs; exploring how states can implement and use technology, including AI; and improving coordination between states and the federal government.

Of particular note, CMS has asked what data and tools would facilitate state program integrity activities; whether use of federal databases (e.g., Do Not Pay) or other non-federal databases would support states’ ability to use pre-pay review and move away from “pay-and-chase” models; how CMS could assist states to better prevent, identify, and address fraud, waste, and abuse related to supplemental payments (e.g., disproportionate share hospital, or DSH, payments), state-directed payments, waiver programs, and demonstration programs; and incentives that could be put in place for states to proactively engage in program integrity efforts, including whether new penalties should be applied to states that fail to engage in sufficient proactive responses to these issues.

FFE and SBEs

To address program integrity concerns largely relating to fraudulent enrollments in the Federally Facilitated Exchange (FFE) and State-Based Exchanges (SBEs), CMS has asked for feedback on how to improve regulations and expand its authority to address consumer protection concerns and fraud prevention.

Among other potential measures noted in the CRUSH RFI, CMS is considering increasing the vetting of agents, brokers, and web-brokers by insurance agencies; utilizing HealthCare.gov for proactive fraud identification; expanding oversight of agents, brokers, web-brokers, and direct enrollment partners; and implementing new technologies such as AI to prevent, detect, and address fraud, waste, and abuse in both the FFE and SBEs.

Key takeaways

The CRUSH RFI comes at a critical time for Medicare DMEPOS suppliers since it follows two recent initiatives also designed to address what CMS believes are “long-standing program risks in the DMEPOS supplier community.”[1] The first initiative involves the recent change in majority ownership (CIMO) requirements for DMEPOS suppliers, whereby a new enrollment (and survey) is required for certain types of CIMOs. CMS has stated this is necessary so that CMS can determine “whether the DMEPOS supplier under its new majority ownership will be committed to adhering to all Medicare requirements and to protecting beneficiaries.”[2]

As noted above, another recent change for DMEPOS suppliers is the nationwide moratorium on Medicare enrollment for certain suppliers in response to CMS’s concern that “DMEPOS fraud, waste, and abuse has been a very serious problem for many years, putting hundreds of millions (even billions) of taxpayer dollars at risk and potentially resulting in patient harm.”[3]

While the requests in the CRUSH RFI address other healthcare providers and suppliers and broader initiatives, the announcement’s timing in conjunction with CMS’s recent DMEPOS regulatory initiatives highlight the agency’s heightened focus on DMEPOS suppliers.

Almost every category noted in the CRUSH RFI reflects CMS’s emphasis on leveraging advanced technologies – including AI tools – in efforts to prevent, detect, and address fraud, waste, and abuse. Subsequent regulatory action arising from CRUSH remains to be seen, but the above topics in the RFI perhaps suggest CMS’s roadmap of considerations.

Interested parties may consider submitting comments responding to the questions posed in the CRUSH RFI and that highlight challenges they may face as a result of the issues under consideration. As noted, there is a short 30-day comment period, with responses due by March 30, 2026.

For additional information or questions, please contact the authors of this alert or any member of DLA Piper’s Healthcare Regulatory team.

^{[1] 90 Fed. Reg. 55342, 55475 (Final Rule, Dec. 2, 2025).}

^{[2] 90 Fed. Reg. 55342, 55475 (Final Rule, Dec. 2, 2025).}

^{[3] 91 Fed. Reg. 9855, 9857 (Notice, February 27, 2025).}