Connect with Us

Program Integrity, Fraud, Waste and Abuse Prevention Consulting

Arizona’s AHCCCS program has faced one of the most significant Medicaid fraud crises in American history. Since 2022, fraudulent behavioral health billing schemes targeting Indigenous and vulnerable populations generated 1,400+ open investigations at peak. As of August 2025, 270 active cases remain — thirty times the 2019 baseline of nine cases. More than 100 provider payment suspensions have been issued. Federal criminal prosecutions include a $69 million fraud scheme. At least 40 individuals died in fraudulent sober living facilities. Beginning July 2026, AHCCCS launches an AI system to review medical records before paying Medicaid claims.

Every behavioral health provider, MCO, and health system operating in Arizona’s Medicaid space now faces an enforcement environment unlike anything in the program’s history. Hess III Consulting brings AAPC Certified Professional Compliance Officer (CPCO) credentials, CPHQ certification, Lean Six Sigma Black Belt methodology, and 18+ years of Medicaid compliance consulting to help organizations prevent fraud, detect it early, and respond to enforcement with credibility and speed.

Schedule a Free Consultation
pexels-tima-miroshnichenko-6266273

Program Integrity and Compliance Services

Fraud, Waste & Abuse Prevention Program Design

  • Comprehensive FWA prevention program development for providers and MCOs — aligned with AHCCCS OIG requirements, CMS Medicaid Integrity Program standards, and Federal False Claims Act obligations under 42 U.S.C. § 1396a(a)(68)
  • Written FWA policies and procedures for identification, reporting, investigation, and corrective action
  • Required FWA staff training for organizations receiving $5M+ in annual Medicaid payments — Federal False Claims Act and FERA (Deficit Reduction Act, Section 6032)
  • AHCCCS OIG provider self-disclosure program navigation — identification, voluntary disclosure strategy, and remediation planning before enforcement escalation
pexels-jsme-mila-523821574-29372735
pexels-helenalopes-3688761

Fraud Detection Preparedness Audit

  • Documentation and billing audit designed to identify patterns likely to flag under AHCCCS’s July 2026 AI claims review system
  • Same-day service billing review — validating compliance with AHCCCS same-day service rules implicated in current fraud enforcement
  • Staff credentialing and licensure verification — ensuring all billing practitioners are credentialed with each MCO prior to claims submission
  • Service code validation against AHCCCS AMPM requirements and MCO-specific provider manuals (Mercy Care, Arizona Complete Health, Care 1st)
  • Pre-audit readiness report with prioritized remediation recommendations — actionable before July 2026 launch

Corrective Action Plan Development & Resolution

  • Root cause analysis and corrective action plan development for providers facing AHCCCS, ADHS, Joint Commission, or CMS enforcement actions
  • Documented track record: Settled a two-year ADHS corrective action plan for Southwest Key Programs in six months across 11 residential treatment centers in Arizona, Texas, and California — reopening 650 beds in the process
  • Performance improvement planning aligned with regulatory findings — Lean Six Sigma methodology applied to root cause elimination
  • Stakeholder engagement with AHCCCS OIG, ADHS-OBHL, and MCO compliance teams during active corrective action
pexels-rdne-7648222

Frequently Asked Questions

How do I prepare for AHCCCS’s AI fraud detection system launching July 2026?

Starting July 2026, AHCCCS will screen medical records before paying Medicaid claims using an AI system that ranks claims by fraud risk. Preparation requires: (1) auditing billing and documentation for patterns that trigger AI review — including same-day high-volume services, services billed without corresponding documentation, and codes inconsistent with diagnoses; (2) ensuring all documentation meets AHCCCS AMPM requirements; (3) reviewing your compliance program; and (4) training staff on proper documentation standards. Hess III Consulting provides AI fraud detection preparedness audits and can complete them before July 2026.

What is a Credible Allegation of Fraud (CAF) suspension and how do I respond?

A CAF payment suspension is AHCCCS’s first enforcement step when fraud evidence is identified — it immediately freezes Medicaid payments for suspended services. You have the right to contest it through a formal review process. The response should include immediate legal consultation, a documentation audit, proactive engagement with AHCCCS OIG, and — if billing errors are found — voluntary self-disclosure. Hess III Consulting has navigated multiple Arizona provider compliance actions.

Is a written Fraud, Waste & Abuse compliance program required, or is it optional?

It is required, not optional. Under Section 6032 of the Deficit Reduction Act (codified at 42 U.S.C. § 1396a(a)(68)), any entity that receives or pays $5 million or more in Medicaid payments in a federal fiscal year must establish written policies covering the federal False Claims Act, the administrative remedies for false claims under 31 U.S.C. §§ 3801–3812, applicable state false claims laws, whistleblower protections, and the entity’s own policies and procedures for detecting and preventing fraud, waste, and abuse. These policies must be provided to every employee, contractor, and agent — and incorporated into the employee handbook if the entity maintains one. Failure to comply is itself a basis for AHCCCS OIG enforcement, separate from any underlying billing error.

What is the Federal False Claims Act and why does my Medicaid organization have to comply?

The Federal False Claims Act (31 U.S.C. §§ 3729–3733) imposes civil liability on any person or entity that knowingly submits — or causes to be submitted — a false claim to the federal government, including Medicaid claims. Penalties include treble damages (three times the amount of the false claim) plus per-claim civil penalties currently exceeding $13,000 per claim (adjusted annually for inflation). “Knowingly” includes actual knowledge, deliberate ignorance, and reckless disregard — you do not have to intend to commit fraud to be liable. Compliance is not discretionary; it is a federal statutory obligation that applies to every Medicaid provider and managed care organization regardless of size.

Am I personally liable if my organization commits Medicaid fraud?

Yes. Under the Responsible Corporate Officer Doctrine and the Yates Memo principles formally incorporated into Department of Justice policy, individual owners, executives, compliance officers, and medical directors can face personal civil liability, personal criminal prosecution, and exclusion from federal health care programs under 42 U.S.C. § 1320a-7 — even when they did not personally submit the false claim. Exclusion is career-ending: an excluded individual cannot be employed by or contract with any provider that participates in Medicare, Medicaid, or any other federal health care program. This is why a documented, operating compliance program is essential — it is the primary evidence that leadership did not act with deliberate ignorance or reckless disregard.

Is FWA staff training optional or required, and how often must it occur?

FWA training is required for organizations subject to Section 6032 of the Deficit Reduction Act and for all Medicaid managed care organizations and their subcontractors under 42 CFR § 438.608. AHCCCS contracts with MCOs further flow these requirements down to contracted providers. Training must occur at the time of hire and annually thereafter, must be documented (attendance rosters, content, date, trainer), and must cover the False Claims Act, whistleblower protections, the organization’s FWA policies, and how to report suspected fraud internally and to AHCCCS OIG. Missing or undocumented training is a finding AHCCCS OIG can cite on its own.

Do I have to report Medicaid overpayments I discover myself, even small ones?

Yes. Under Section 6402 of the Affordable Care Act (42 U.S.C. § 1320a-7k(d)), any Medicaid overpayment identified by a provider must be reported and returned within 60 days of the date it was identified, or by the date a corresponding cost report is due — whichever is later. Failure to return an identified overpayment within that window converts the retained funds into a false claim under the False Claims Act, triggering treble damages and per-claim penalties on every claim associated with the overpayment. The “60-day rule” applies regardless of dollar amount and regardless of how the overpayment occurred — clerical error, system glitch, miscoding, or otherwise. Self-disclosure to AHCCCS OIG is the protective path.

 

 

Connect with Us

We love getting to know good people doing good things. Reach out and schedule a free consultation. We'll gladly share early insights and help figure out how we can best support you and your organization. Absolutely no commitment required.

  • (602) 755-0338
  • info@hess3.com