DOJ’s New Health Care Fraud Enforcement Playbook Is Data-Driven, Coordinated, and Moving Fast

The Department of Justice is sending a clear message to the health care industry: fraud enforcement is accelerating, and the government is investing in the tools, people, and policies needed to detect alleged misconduct earlier. Three recent developments are especially important for providers, health care technology companies, billing companies, investors, and entrepreneurs operating in the health care space: DOJ’s new FOCUS initiative for data-miner whistleblowers, the launch of a West Coast Health Care Fraud Strike Force, and DOJ’s expanded corporate voluntary self-disclosure policy.

Taken together, these developments show that DOJ is not relying only on traditional insider whistleblowers or after-the-fact audits. It is combining public data, artificial intelligence, interagency coordination, and stronger incentives for corporate self-reporting. For health care businesses, that means compliance programs need to be more proactive, more data-aware, and faster at responding to internal concerns.

1. DOJ’s FOCUS Initiative: The Rise of the Data-Miner Whistleblower

On April 30, 2026, DOJ’s Civil Division announced the Fraud Oversight through Careful Use of Statistics initiative, or “FOCUS,” aimed at improving how DOJ works with whistleblowers who use data analytics to identify potential False Claims Act cases. DOJ explained that it has seen a rapid increase in qui tam complaints filed by “data miners”—individuals or entities that analyze publicly available government data for potential fraud indicators, rather than relying on firsthand insider knowledge.

The numbers are significant. DOJ reported 980 qui tam complaints in fiscal year 2024, nearly 1,300 in fiscal year 2025, and more than 780 already in fiscal year 2026. Since fiscal year 2024, DOJ says data miners have filed more than 45% of all qui tam complaints.

FOCUS does not mean DOJ will blindly pursue every statistical anomaly. DOJ emphasized that the quality of data-driven FCA cases depends on the reliability of the underlying data and the analytics applied to it. DOJ said it will prioritize data miners who can show analytical rigor, familiarity with program rules, legally sufficient allegations, and a reliable connection between the data signal and actual fraud. DOJ’s guidance also reminds relators and counsel that FCA fraud claims must satisfy Rule 9(b)’s heightened pleading standard and should address alternative explanations for the observed data, including how the facts suggest both falsity and scienter.

For health care companies, the practical point is straightforward: if your billing patterns, prescribing patterns, referral relationships, utilization rates, diagnosis coding, medical necessity documentation, or patient-acquisition practices look unusual in public or semi-public data, someone outside the company may be looking at the same information. DOJ’s FOCUS initiative gives sophisticated relators a more formal path to get DOJ’s attention.

2. The West Coast Strike Force: DOJ Expands Coordinated Health Care Fraud Enforcement

Also on April 30, 2026, DOJ’s National Fraud Enforcement Division announced the West Coast Health Care Fraud Strike Force. The new Strike Force unites DOJ’s Health Care Fraud Section with the U.S. Attorney’s Offices for the District of Arizona, District of Nevada, and Northern District of California. DOJ described the Strike Force model as responsible nationally for prosecuting more than 6,200 defendants who collectively billed federal health care programs and private insurers more than $45 billion.

DOJ specifically highlighted Northern California as a major health care technology hub and pointed to what it described as the migration of fraud schemes to Arizona and Nevada. The announcement referenced recent prosecutions involving digital health technology, wound care, sober homes, substance abuse treatment, and medical technology companies.

The Strike Force will work with HHS-OIG, the FBI, the DEA, and other law enforcement partners. DOJ stated that the initiative reflects a coordinated and data-driven approach to identifying, investigating, and prosecuting health care fraud, including schemes involving Medicare, Medicaid, and TRICARE.

This development matters beyond the West Coast. Strike Force activity often produces repeatable theories of liability. Once DOJ develops a successful theory in one region—whether involving telehealth prescribing, sober living arrangements, wound care billing, managed care data, kickbacks, or medical necessity—it can apply that same theory to other providers, platforms, and investors across the country.

3. DOJ’s Voluntary Self-Disclosure Policy: More Incentive, But Less Time to Hesitate

The third major development is DOJ’s first department-wide Corporate Enforcement and Voluntary Self-Disclosure Policy for criminal matters, released on March 10, 2026. DOJ says the policy applies to all corporate criminal matters handled by the Department, except antitrust violations.

The policy gives companies a clearer path to a declination if they voluntarily self-disclose misconduct to the appropriate DOJ criminal component, fully cooperate, timely and appropriately remediate, and have no aggravating circumstances. A declination still requires payment of disgorgement, forfeiture, restitution, or victim compensation, and DOJ says declinations under the policy will be public.

The policy also creates a “near miss” category. If a company cooperates and remediates but does not qualify for a declination because its report does not meet the technical definition of voluntary self-disclosure, or because aggravating factors require a criminal resolution, DOJ says it generally will provide a non-prosecution agreement, a term of fewer than three years, no independent compliance monitor, and a 50% to 75% reduction off the low end of the U.S. Sentencing Guidelines fine range, absent particularly egregious or multiple aggravating circumstances.

One provision is especially important for health care companies with hotlines or internal reporting systems. If a whistleblower reports internally and also submits information to DOJ, the company may still qualify for a declination if it self-reports to DOJ as soon as reasonably practicable, and no later than 120 days after receiving the internal report, while satisfying the other requirements of the policy.

That 120-day window can move quickly. Health care organizations that receive internal complaints about billing, coding, medical necessity, kickbacks, patient inducements, controlled substances, or referral practices need a triage process that can preserve privilege, assess credibility, gather key facts, stop ongoing misconduct if necessary, and support a disclosure decision before the window closes.

Why These Developments Matter Together

These initiatives should not be viewed in isolation. FOCUS increases the likelihood that DOJ will receive data-driven FCA allegations from outside the company. The West Coast Strike Force increases DOJ’s regional and interagency capacity to pursue health care fraud cases. The voluntary self-disclosure policy creates stronger incentives for companies to move quickly when they discover potential criminal misconduct.

The government is also coming off a record FCA year. DOJ announced more than $6.8 billion in FCA settlements and judgments for fiscal year 2025, the highest annual total in FCA history, with more than $5.7 billion involving the health care industry. DOJ also reported 1,297 qui tam lawsuits in fiscal year 2025, the highest number in a single year.

For providers and health care businesses, the lesson is not that every error is fraud. Health care billing and reimbursement rules are complex, and good-faith mistakes happen. But DOJ’s enforcement posture shows that companies should not wait for a subpoena, civil investigative demand, search warrant, or payer audit to understand their own risk profile.

Practical Steps for Health Care Companies

Health care companies should consider conducting a “relator’s-eye” review of their own data. That means asking what a whistleblower, competitor, payer, journalist, or DOJ analyst could infer from publicly available billing data, ownership records, marketing materials, job postings, patient volume, prescribing trends, referral relationships, or government payment information.

Companies should also update their internal reporting and investigation protocols. The voluntary disclosure policy makes speed important, but speed without structure can create risk. A credible protocol should identify who receives hotline complaints, who escalates them, how privilege is maintained, when outside counsel is engaged, how documents are preserved, and who decides whether disclosure is warranted.

Compliance programs should be tested against the company’s actual business model. A telehealth startup, MSO, DME supplier, behavioral health provider, medical device company, pharmacy, or billing platform may face very different enforcement risks. A generic compliance manual is unlikely to be enough if the company’s real risks involve referral compensation, contractor relationships, prior authorizations, diagnosis coding, medical necessity, subscription-based care models, controlled substances, or patient acquisition.

Finally, companies should document remediation. DOJ’s policy focuses not only on disclosure and cooperation, but also on timely and appropriate remediation. That includes root-cause analysis and an effective compliance and ethics program tailored to the organization’s size, resources, and risk profile.

Bottom Line

DOJ’s recent announcements reflect a more coordinated, data-driven approach to health care fraud enforcement. Whistleblowers do not need to be insiders. Prosecutors do not need to wait for traditional investigative leads. And companies that discover potential misconduct may have a narrower window to preserve the benefits of voluntary self-disclosure.

For health care businesses, the best response is not panic—it is preparation. Companies that understand their data, respond quickly to internal concerns, and build compliance systems around their actual risk areas will be in a stronger position if DOJ, a relator, a payer, or a regulator comes knocking.

This article is for informational purposes only and does not constitute legal advice.