The CMS CRUSH rule is much more than just another anti-fraud policy - its about how to aggressively enforce policies that are already causing real problems for many providers and their billing staffs across the country. CRUSH stands for 'Comprehensive Regulations To Uncover Suspicious Healthcare' and will be the largest enforcement of fraud by CMS since they began using this type of strategy. If your office bills Medicare or Medicaid, then this new initiative will have some direct impact on your organization. Below we explain what CRUSH is, where it has been implemented so far, and what steps your team should take immediately.
What Is the CMS CRUSH Initiative?
- CRUSH is a new framework of the CMS to move from a "pay and chase" method of payment to a "detect and prevent" model using data analytics and artificial intelligence.
- CMS has cancelled the billing privileges of 5,586 providers, and has also suspended $5.7 Billion in suspected fraudulent Medicare payments in 2025.
- A final proposed rule is anticipated after the close of the comment period that closed March 30, 2026.
- High-risk areas for CRUSH are DMEPOS, skin substitutes, lab billing, and risk adjustment coding.
- Every Provider and billing team needs to view CRUSH as an active compliance issue today-not just something down the road.
What Is the CMS CRUSH Rule and Why Does It Matter?
The Administration formally launched an array of significant anti-fraud actions on February 25, 2026; those actions include a $259.5 million deferral of federal Medicaid funds to the state of Minnesota; a national six month moratorium on all new DMEPOS (Durable Medical Equipment Prosthetics Orthotics Supplies) provider enrollment in Medicare; and a Request For Information (RFI) to solicit stakeholder comments regarding potential regulatory and programmatic modifications that will likely be included in a future proposed regulation entitled "Comprehensive Regulations to Uncover Suspicious Healthcare" or the CRUSH Rule.
The CMS stated it has made an intentional transition from the traditional "pay-and-chase" method of identifying and recovering improper payments as they occur, and instead is working to identify and prevent suspicious activity through real-time detection. This includes using predictive analysis and AI-based review of incoming claims data; expanding on site compliance reviews in both hospice and durable medical equipment; and issuing an RFI to develop collaboratively developed solutions to reduce fraud, waste, and abuse.
This is NOT a memorandum. This is a systemic change in how the U.S. federal government polices healthcare provider billing practices. Enforcement mechanisms related to this policy change began immediately upon release.
What CMS Has Already Done: The Numbers Behind CRUSH
Before proposed rule is even posted -- CMS has already stated that CMS crush enforcement will be operational. With the release of both the crush announcement as well as 2025 results on november 2, 2025 -- the numbers are substantial.
In 2025, using a combination of advanced analytics, cross-agency collaboration and law enforcement relationships, CMS was able to suspend an estimated $5.7 billion in suspected Medicare payment fraud. Additionally, CMS stopped an estimated $1.5 billion in suspected Medicare DMEPOS billing fraud. Also, CMS denied 122,658 Medicare claims for medically unnecessary items or services; revoked billing rights for 5,586 providers/suppliers; and referred 372 cases with an estimated total value of $3.7 billion in billed charges to law enforcement for possible prosecution.
Those are not projection. They are finalized actions, and CMS will use CRUSH to increase that rate.
In addition to the information about a provider or supplier's revocation from participation in the Medicare program (including NPI and reason for revocation), CMS intends to make publicly available additional data relating to each such provider or supplier. The fact that this type of data will be made public places an organization's reputation at risk with its customers, investors and other stakeholders as much as it does with regard to potential financial penalties and/or litigation.
What the CRUSH Rule Covers: High-Risk Billing Areas
In its current form, the CMS CRUSH rule covers many different areas. The Request For Information (RFI) includes over a dozen subject matter topics, which include but are not limited to; enhanced provider enrollment screening, identity verification and ownership requirements, improved preclusion lists, laboratory test fraud, enhanced supervision of DMEPOS suppliers, deadline extensions for submitting claims, use of artificial intelligence (AI) to assist with coding, protection from solicitations by beneficiaries, surety bonds, Medicaid and CHIP fraud and marketplace program integrity.
Currently, there are four areas being heavily focused on: DMEPOS, skin substitutes, lab billing, and Risk Adjustment. The agency noted that based on information provided regarding the rate of revocation of licenses or certification of medical supply companies in the impacted categories was 17%, almost three times higher than all other DMEPOS supplier types during the time frame of 2023-2025. Further, those same suppliers billed more than 70% of claims for specific high-risk orthotic bracing codes included on the Master List developed by CMS and more than 80% of claims for off-the-shelf orthotics identified by CMS as having a high potential for fraudulent activity.
Therefore if you have employees who work in one of the four service lines outlined above, treat all billing related to those services as "audit ready" today.
How CRUSH Affects Your Practice and RCM Operations
What does this do to your revenue cycle? In short, it reduces the space in which you have room to document errors.
The federal government indicates that both of its agencies (the Department of Health & Human Services and the Office of Inspector General) are under-staffed and will attempt to staff-up in order to increase their ability to enforce compliance with regulations.
The federal government is increasingly relying upon technology-based tools for detecting fraudulent activity. Providers should expect increased scrutiny by the federal government due to "outliers" identified through the review of claims data, and also should be prepared for possible suspensions of billing rights pending the outcome of investigations that may take years to complete.
Providers should read the above sentence closely; "Outliers" identified in the claims data, even if those outlier claims were properly coded, could result in a provider having their billing rights suspended. Therefore, it is imperative that all aspects of the medical coding service provided to you are completely error-free, that each code entered into the system is supported by documentation at the time that it was entered into the system, and that your denial management services are able to quickly respond when CMS identifies a denied claim as a target of further investigation.
The CMS continued use of its policy to first issue revocation and/or stop payment orders for claims prior to investigating the legitimacy of said claims has the potential to significantly disrupt the operational activities of unsuspecting and compliant providers and suppliers. This is not hyperbole. Many compliant providers are being caught in this regulatory net because their data patterns appear unusual, not because they engaged in improper billing practices.
A strong internal control environment as well as effective healthcare revenue cycle management services will continue to be required in order to separate a provider practice that will survive a CMS audit from a practice that will lose its ability to bill until the investigation into the alleged errors can conclude.
What Should Your Practice Do Now?
There are some specific actions all providers and billing teams should consider taking prior to when a CRUSH-related audit or suspension comes up at your office.
1. Audit your high-risk service lines:
All DMEPOS, lab billing, skin substitute and Risk Adjustment Coding areas need to be reviewed internally. Pull your claims history and see where there may be unusual patterns. The sooner this happens, the less likely it will occur first from CMS.
2. Verify your enrollment records:
CMS intends to perform "enhanced provider enrollment screening including new identity proofing and ownership requirements. Ensure your NPI documents, ownership disclosure forms, and all enrollment documentation are accurate and current.
3. Check your DMEPOS exposure:
If your company bills DMEPOS, verify whether you fall under the moratorium due to the nationwide enrollment stoppage and ensure your medical necessity documentation meets CMS's requirements on each bill.
4. Strengthen your documentation protocols:
Each claim must independently stand on its own. If a CMS AI tool identifies your billing as an anomaly, then the documentation will protect you.
5. Build a suspension response plan:
Identify who will handle a suspension; determine how quickly you can respond and implement processes and services for managing cash flow if a CMS payment suspension occurs.
6. Connect with a qualified billing partner:
Companies such as Human Medical Billing, which monitor regulatory developments continuously, can help identify compliance issues before they develop into administrative enforcement actions.
Frequently Asked Questions About the CMS CRUSH Rule
CRUSH stands for "Comprehensive Regulations To Uncover Suspicious Healthcare." CRUSH is an outline from CMS on how it plans to increase anti-fraud efforts through Medicare, Medicaid, CHIP, and the Health Insurance Marketplace by employing new technologies such as AI/ML (machine learning) monitoring, and enhanced law enforcement tools.
At present time, DMEPOS suppliers; laboratories providing services involving skin substitutes; and, Medicare Advantage Organizations that process risk adjustments may be scrutinized more than others. However, any health care provider whose claim data reveals suspicious patterns may also be investigated.
Yes. Since before proposing a formal rule, CMS has removed the billing privileges of 5,586 providers and frozen about $5.7 billion in potential Medicare payments in 2025. While this is active enforcement - it is not simply a theoretical proposal for regulation.
While the CRUSH RFI had a public comments deadline of March 30, 2026 and asked stakeholders for their input regarding how CMS should construct a final regulation; the proposed rule expected later in 2026 will contain the actual regulations. Therefore, both phases matter since the proposed rule will include many ideas generated during the public comments phase.
The Bottom Line for Billing Teams
The CMS CRUSH Rule has already created an entirely new enforcement environment. The proposed rule will only add to CMS's powers of oversight over physician practices regarding enrollment, suspension of payments, and audits. Delayed action is not a plan. Any physician practice that bills Medicare or Medicaid should regard CRUSH as a current compliance threat and develop internal controls to withstand the use of Artificial Intelligence (AI) in auditing.
Our staff at Human Medical Billing continually monitor all CMS regulatory changes; therefore, we protect our clients from being surprised by any future CMS regulatory change. Whether you require assistance with medical credentialing services to ensure your enrollment files remain compliant or would like a complete evaluation of your revenue cycle, we can assist. We have a "Contact Us" page on this website where you can reach us directly or access our "Xpert Billing Blog" for continuous updates as the CRUSH rulemaking progresses.
Contact Human Medical Billing to schedule a compliance readiness review or learn more about our end-to-end billing and regulatory support services.
