Medicaid Program Integrity ยท White Paper

The 2027 Analytics Mandate

Washington Proved It, Then Prescribed It. The Clock for State Medicaid Program Integrity Runs Out in 2027.

David Thorne, CEO & Founder | July 2026 | Sentinel Integrity Group

Executive Summary

Two federal signals landed within days of each other in mid-2026. Read together, they define a deadline.

In late June 2026, the Department of Justice and the HHS Office of Inspector General announced the 2026 National Health Care Fraud Takedown, the largest in American history. Four hundred fifty-five defendants. More than $6.5 billion in alleged fraud. And for the first time, Medicaid led: a record 295 defendants and more than $518 million in false Medicaid claims, with 50 state Medicaid Fraud Control Units participating, the most ever. The takedown was not built on tips or luck. It was built on data analytics and artificial intelligence that flag suspicious billing before the check goes out.

Days earlier, the Medicaid and CHIP Payment and Access Commission (MACPAC) delivered its June 2026 Report to Congress, recommending that states be given real tools to hold managed care plans accountable, and noting that "little is known" about how states actually monitor plan performance today. One agency proved analytics works. The other told Congress that most states cannot yet do it.

That gap is now on a clock. Beginning January 1, 2027, states must redetermine eligibility for the expansion population every six months. And under P.L. 119-21, states whose PERM eligibility error rate exceeds 3 percent will lose federal matching dollars, a threshold nearly a quarter of states already fail. The states that build pre-payment analytics capability now will lead. The ones that do not will get audited, penalized, or a call from the Inspector General. This paper lays out why 2027 is the inflection point, what leading states are already doing, and the capability gap that separates them from the rest.

The thesis in one line

Federal enforcement has shifted Medicaid program integrity from pay-and-chase to detect-and-deploy. 2027 is the year states must have the analytics to keep up, or absorb the fiscal and reputational cost of not having it.

The Signal: A Record Takedown, With Medicaid in the Lead

455
Defendants charged, the largest health care fraud takedown in U.S. history
$6.5B
In alleged fraud across 56 federal districts and 45 states and territories
295
Medicaid defendants, a record, leading the takedown for the first time
50
State Medicaid Fraud Control Units, the most in DOJ history

On the surface, the 2026 National Health Care Fraud Takedown reads as a familiar enforcement headline. Underneath, it marks a structural shift. Historically, Medicare was the center of gravity in federal takedowns and Medicaid a secondary player. In 2026 that inverted: Medicaid carried the largest share of defendants, 295, with more than $518 million in false claims, and every eligible state fraud unit but three joined in. The message to state capitals is unambiguous: Medicaid is now the front line of federal fraud enforcement, and states are expected to be full partners, not bystanders.

Alongside the criminal charges, HHS-OIG moved to restore more than $10 billion in flagged and suspended payments, and investigators seized over $182 million in cash and assets. But the most instructive number never made the press-release headline: how the government found the fraud.

Not tips. Not luck. Data analytics and AI, catching the fraud before the check goes out.

From Pay-and-Chase to Detect-and-Deploy

For decades, Medicaid program integrity ran on a "pay-and-chase" model: pay the claim, then try to claw the money back after the fraud is discovered, usually years later, usually for cents on the dollar. The 2026 takedown showcased the replacement. DOJ and CMS have publicly committed to a "detect-and-deploy" posture that uses AI to flag suspicious billing before payment, and DOJ's Fraud Section, HHS-OIG, and the FBI have stood up a Health Care Fraud Data Fusion Center built on cloud computing, artificial intelligence, and advanced analytics.

The proof point is concrete. In the prior year's takedown, DOJ's Data Analytics Team detected anomalous billing through proactive analytics and stopped all but roughly $41 million of a $4.45 billion stream of payments that had been scheduled to go out the door, an interdiction of more than 99 percent of the intended loss, before it paid. That is the entire thesis of modern program integrity in a single figure: the money you never pay is worth infinitely more than the money you chase.

This matters for states because the federal architecture is being rebuilt around the assumption that program integrity is a data discipline. Encounter-data validation, provider-screening analytics, eligibility verification, and anomaly detection are no longer optional add-ons. They are the mechanism through which oversight now happens. States that still treat integrity as a post-payment audit function are, by definition, operating a generation behind the federal partners they answer to.

Why this is a state problem, not just a federal one

The federal government can run analytics on the claims it sees. But in managed care, the state and its plans sit on the encounter data, eligibility files, and provider networks where most Medicaid fraud, waste, and abuse actually lives. Federal detection capability only reaches as far as state data capability lets it. When a state cannot see its own risk, neither can Washington, until it shows up in an audit.

Washington's Parallel Signal: MACPAC and the Accountability Gap

If the takedown was the proof, MACPAC's June 2026 Report to Congress was the prescription. Chapter 3 recommends that CMS improve the usability of managed care performance data and give states additional guidance and tools to assess and oversee plan performance, an unusually direct acknowledgment that the current toolkit is inadequate. MACPAC observed that although CMS and states have worked to strengthen oversight, "little is known about the accountability tools state Medicaid agencies use" to ensure plans comply with contracts and meet performance expectations.

This is not an abstract governance point. Managed care is now the primary Medicaid delivery system in most states, which means plans themselves hold direct program integrity responsibility under state oversight. MACPAC's ongoing research into the federal role in supporting state program integrity functions is examining exactly this fault line: how CMS, HHS-OIG, the Unified Program Integrity Contractors, and PERM divide responsibility, and where federal-state collaboration in managed care breaks down.

There is a revealing statistic buried in the measurement system. In the 2025 PERM cycle, the reported managed care improper payment rate was 0.00 percent. No serious analyst believes managed care is free of improper payments; the zero reflects a measurement blind spot, not a clean bill of health. It is precisely the blind spot MACPAC is now pressing states and CMS to close, and precisely the gap independent analytics are built to fill.

The 2027 Cliff: Redeterminations and PERM Penalties Converge

Why 2027, and not "eventually"? Because two independent federal mechanisms come due within the same window, and both reward states that have analytics in place beforehand.

Six-month redeterminations begin January 1, 2027

Under Section 71107 of P.L. 119-21, and per CMS State Medicaid Director Letter #26-001, states must redetermine eligibility for the Medicaid expansion population, and comparable Section 1115 groups, every six months for renewals scheduled on or after January 1, 2027. This doubles eligibility-processing volume overnight and sharply raises the stakes on eligibility accuracy, the single largest source of improper payments in the program. States running manual or fragmented eligibility verification will face a compounding workload and error exposure exactly as the federal penalty regime activates.

PERM eligibility penalties put federal dollars at risk

The 2025 PERM results put the national rolling Medicaid improper payment rate at 6.12 percent, with the eligibility component at 4.42 percent and roughly 77 percent of improper payments driven by insufficient documentation. Under P.L. 119-21, beginning October 1, 2029, HHS must reduce federal financial participation for any state whose PERM eligibility error rate exceeds 3 percent, and CMS data show nearly a quarter of states already sit above that line. The penalty bites in FY2030, but the error rate that triggers it is being measured in the cycles that run now. A state that waits until 2029 to act is measuring the wrong year.

Jan 2027
Six-month redeterminations begin for expansion enrollees
3%
PERM eligibility error threshold above which states lose federal match
4.42%
2025 national Medicaid eligibility improper payment rate, above the future penalty line

Redeterminations create the workload; PERM penalties price the errors. Together they convert eligibility integrity from a compliance chore into a direct fiscal exposure, one that analytics-driven verification is designed to contain.

What Leading States Are Already Doing

This is not theoretical. Across the country, states are already moving from policy language to enforcement action, and a clear divide is opening between the states building capability and the states waiting to be told to.

State / BodyActionWhat it signals
Texas
HHSC
Filed a comprehensive two-year provider revalidation strategy with CMS on June 5, 2026 Policy turned into enforcement. A revalidation wave is a screening-and-analytics problem, verifying ownership, exclusions, and eligibility across the entire provider base.
Kansas
Legislature / KDHE
HB 2731, effective July 1, 2026, mandates cross-agency and federal eligibility data matching between DCF and KDHE A statutory requirement for exactly the data-matching capability that reduces eligibility error ahead of the 2027 redetermination cliff.
Florida
OPPAGA / AHCA
State auditors found managed care plans face no penalties for missing fraud-detection targets; AHCA urged to add real accountability measures The cautionary tale, integrity rules without teeth. A documented accountability gap in a state where 73 percent of enrollees are in managed care.
Federal
CMS inquiries
CMS opened inquiries into Medicaid claiming patterns in New York, California, Minnesota, and Maine The "call from the Inspector General" is already being placed. States without a data-driven answer are the ones getting the letter.

The pattern is consistent. Where states have built or mandated analytics capability, Texas's revalidation strategy, Kansas's data-matching law, they are getting ahead of federal expectations. Where they have not, Florida's penalty-free managed care oversight, the four states now under CMS inquiry, the gap is being exposed from the outside. The takedown proved the method; these states show the two roads that follow.

The State Capability Gap, and How to Close It

The uncomfortable truth in MACPAC's finding is that most states cannot answer a basic question: how is my program being defrauded right now, and where? Post-payment audits answer it slowly and partially, a year or two after the money is gone. Pre-payment analytics answer it continuously, across the four surfaces where Medicaid fraud, waste, and abuse concentrate:

Closing the gap does not require a state to rebuild its Medicaid enterprise. It requires bolting a dedicated analytics layer onto the data the state and its plans already hold, the same approach the federal Data Fusion Center takes, applied at the state level where the encounter, eligibility, and provider data actually live. This is the role Sentinel Integrity Group was built for: a program integrity analytics capability spanning 36 distinct detection vectors, deployable as a direct-to-state function or as a subcontracted capability alongside a state's existing oversight and EQRO partners.

A 2026 to 2027 Readiness Blueprint

A pragmatic sequence for a state Medicaid program that wants to be on the right side of the 2027 line:

Now through Q4 2026, baseline and instrument

Establish an independent view of eligibility and encounter data. Run a diagnostic against known detection vectors to quantify current exposure, the same data a CMS inquiry would examine, produced on the state's own terms first. Stand up cross-agency eligibility data matching ahead of the January 2027 redetermination surge.

Q1 2027, absorb the redetermination surge

Deploy automated eligibility verification to handle doubled redetermination volume without a proportional rise in error or manual workload. Track the eligibility error rate against the 3 percent PERM threshold continuously, not annually.

2027 and forward, shift to pre-payment

Move detection upstream of payment: provider screening at enrollment and revalidation, encounter-data validation on a rolling basis, and anomaly analytics that flag suspicious billing before it pays. Give the program the ability to answer, on demand, the question MACPAC says most states cannot: how are we holding our plans and providers accountable, and what does the data show?

Which state do you want to be, the one that leads, or the one that gets the call?

The federal government has proved analytics works and told Congress that states need it. The redetermination clock starts January 1, 2027, and the PERM penalty clock is already running. The states that build capability now will set the standard others are measured against.

Schedule a State Readiness Conversation

Sources and Notes

  1. U.S. Department of Justice, "National Health Care Fraud Takedown Results in 455 Defendants Charged in Connection with Over $6.5 Billion in Alleged Fraud," June 2026.
  2. Fierce Healthcare, "DOJ announces $6.5B healthcare fraud takedown with record Medicaid enforcement" (295 Medicaid defendants; $518M in false Medicaid claims; 50 participating MFCUs).
  3. MACPAC, June 2026 Report to Congress on Medicaid and CHIP, Chapter 3, "State and Federal Tools for Ensuring Accountability of Medicaid Managed Care Plans."
  4. CMS State Medicaid Director Letter #26-001, "Implementation of Eligibility Redeterminations, Section 71107 of P.L. 119-21" (six-month redeterminations for renewals on or after January 1, 2027).
  5. CMS, Payment Error Rate Measurement (PERM), 2025 Medicaid Improper Payment Rates (national rolling rate 6.12 percent; eligibility 4.42 percent; managed care 0.00 percent; roughly 77 percent insufficient documentation; 3 percent eligibility-error FMAP reduction beginning FY2030 under P.L. 119-21).
  6. U.S. DOJ Fraud Section and HHS-OIG, Health Care Fraud Data Fusion Center and detect-and-deploy analytics; prior-year interdiction of all but roughly $41M of $4.45B in scheduled payments.
  7. MACPAC, "Managed Care Program Integrity" and April 2026 Issue Brief on Medicaid Program Integrity (federal role in supporting state program integrity functions).
  8. Texas HHSC, Medicaid and CHIP Enrollment and Revalidation, Texas Medicaid Provider Revalidation Strategy submitted to CMS, June 5, 2026.
  9. Kansas Health Institute, "New Kansas Legislation and Its Impacts on Medicaid and SNAP," HB 2731, effective July 1, 2026 (cross-agency eligibility data matching).
  10. Florida OPPAGA, Report 26-02, "Biennial Review of AHCA's Oversight of Fraud, Waste, and Abuse," January 2026 (no penalties for MCOs missing program integrity performance targets; 73 percent of enrollees in SMMC).
  11. Manatt, "Medicaid Program Integrity Update: Recent Activity by CMS, States, and Congress" (CMS inquiries into claiming patterns in New York, California, Minnesota, and Maine).

About Sentinel Integrity Group

Sentinel Integrity Group, a Division of High Value Change, provides AI-powered fraud prevention and program integrity solutions to state and federal agencies nationwide. Our platform spans 36 fraud detection vectors across the program integrity lifecycle, from eligibility and provider screening to encounter-data validation and cross-program anomaly detection. Sentinel partners with state Medicaid programs, legislatures, and their oversight partners to turn oversight authority into operational results.

Prepared by Sentinel Integrity Group, July 2026. Figures reflect federal and state sources published through June 2026 and are cited above; readers should confirm current figures against primary sources before relying on them for decisions. This white paper is provided for informational purposes and does not constitute legal or compliance advice.

← Back to White Papers