On July 6, 2026, the Centers for Medicare & Medicaid Services (“CMS”) proposed a rule that would expand its administrative remedies to combat potential fraud. The proposed rule is the latest in a round of administrative actions that signal CMS’s intent to aggressively pursue allegations of Medicare and Medicaid fraud and heighten the risk of fraud enforcement against even well-intentioned Medicare and Medicaid providers and suppliers.

The proposed rule includes several changes to regulations that govern Medicare billing privileges. Providers and suppliers should be aware that these changes dramatically expand the flexibility afforded to CMS in enrollment and revocation actions, potentially leading to harsh consequences for ministerial and administrative errors. If finalized, moreover, the proposed rule could have material implications for providers and suppliers facing threatened revocation, including heightened risk of overpayment liability and increased hurdles to challenging revocations and denials of enrollment.

Added Flexibility to Existing Revocation Grounds

CMS has proposed to remove a number of factors that the regulations list as relevant to a determination of whether a provider has engaged in “abuse of billing privileges.” While acknowledging that the inclusion of these factors in the regulations was permissive (requiring consideration only where “as appropriate or applicable”), CMS stated that it must be afforded “the maximum flexibility to address all possible . . . scenarios without the rigid constraints of our existing factors.”

CMS provided little guidance as to the outer bounds of what conduct could constitute an “abuse of privileges” that merits revocation of Medicare billing privileges. Instead, CMS noted that a “pattern of practice” of abuse of billing privileges might be established “by a simple finding that several of a provider’s claims do not meet Medicare requirements.”

Similarly, CMS has proposed to expand the regulatory provision that permits revocation of enrollment if a provider certifies as “true” false or misleading information in Medicare enrollment application or renewal forms to include any scenario in which a provider submits “false or misleading information on or associated with any CMS Medicare enrollment-related form,” including materials submitted to Medicare contractors. CMS stated that it interprets this expanded rule to include anything related to Medicare enrollment, and not only those submissions that are “intended to gain or maintain Medicare enrollment.”

If finalized, the proposed rule would add significant flexibility to CMS’s ability to pursue revocation of a provider’s enrollment. While CMS has assured providers that it would “invoke [the revised regulations]. . . only when legitimately warranted under the facts and circumstances and not as a matter of course,” such expanded flexibility threatens unpredictability in the event of even administrative or ministerial errors in submissions and claims. These changes would, moreover, make it more difficult for providers to challenge a revocation action.

Expanded Revocation Grounds

In addition to adding flexibility to existing grounds for revocation, CMS’s proposed rule adds to and expands CMS’s already broad authority to revoke provider and supplier enrollment.

Such proposed changes include adding the following grounds for revocation:

  • Denial of Enrollment Application. Where CMS could previously revoke a provider’s other enrollments if one enrollment is revoked, CMS would also be able to revoke a provider’s existing enrollments if an application for enrollment submitted by the provider is denied.
  • High-Risk Enrollments. CMS would be able to revoke enrollment if it determines the provider or supplier (including owning/managing employees or organizations) poses a high risk of fraud, waste, or abuse due to “. . . an affiliation under [42 C.F.R.] § 424.519” or “the provider’s or supplier’s location within a limited geographic area that has an excessive number of providers and suppliers.”
  • Certain Misdemeanor Convictions. CMS would be able to revoke enrollment if a provider or supplier—or its owners, managing employees, managing organizations, officers, or directors—are convicted of a “misdemeanor related to sexual assault or financial misconduct within the past 10 years that CMS deems detrimental to the best interests of the Medicare program and its beneficiaries.”
  • Ownership Changes (HHA, Hospice, DMEPOS). CMS would have broad authority to revoke enrollment of home health agencies, hospices, and DMEPOS suppliers who do not comply with the regulations governing provider changes of ownership.

These proposed, expanded grounds for revocation are notably broad, and CMS provides only limited guidance as to what conduct might result in revocation under these grounds. As with the proposed expansion of existing grounds for revocation, the open-ended nature of these proposed grounds for revocation may make it more difficult for providers and suppliers to challenge revocation actions.

Expanded Grounds to Deny Medicare Enrollment

As with revocations, CMS proposes to expand the grounds under which a provider’s application to enroll in Medicare can be denied. These expanded and additional grounds include many of the grounds added for revocations, but also include:

  • Medicare Debt or Payment Suspension. CMS proposes expanding the ground to deny enrollment based on Medicare debt or payment suspension to include a provider or supplier’s “managing employee, managing organization, or individual or entity with any other form of business or financial relationship with the provider or supplier[.]” Significantly, this expansive definition (called an “associated party” under the proposed regulation) currently contains no material limitations, meaning almost any person or entity with whom an applicant does business could create denial liability.
  • Sharing Locations with Denied/Revoked Providers or Suppliers. CMS would have authority to deny applications where a “provider’s or supplier’s practice location is in the same suite or office as another provider or supplier whose Medicare enrollment has been revoked or denied.”
  • Hospices with Distant Medical Directors or Administrators. CMS would have discretion to deny hospice applications if the hospice’s medical director or administrator serves “multiple other hospices” or practices/is located “at such a distance (for example, in a different state) from the enrolling hospice that the medical director cannot realistically perform all medical director functions,” with a similar provision for administrators.

In addition, CMS proposes applications denied for “other program termination or suspension,” may be applied to the provider or supplier in its own name or NPI or that of its owners, managing employees, or managing organization regardless of whether any appeals are pending.

Retroactive Revocation

CMS proposed to restructure and expand the regulatory grounds for retroactive revocation of billing privileges. Currently, Medicare regulations provide that revocations are, by default, prospective in nature: effective 30 days after CMS or the CMS contractor mails notice to the provider. Under certain circumstances, the regulations provide for revocations to be retroactive, such as when a provider is convicted of a felony, the date a professional license is suspended, revoked, or surrendered, or when a provider submits a false certification in their enrollment application.

CMS has proposed to reframe the rule so as to default to retroactive revocation of billing privileges. CMS expressed concern that providers may collect payment from Medicare while remaining so non-compliant with enrollment requirements as to merit revocation. To address this concern, CMS proposed that all revocations be retroactive to the date of determined non-compliance.[1] As a result, providers suspected of misconduct or non-compliance are likely to face claims of retroactive overpayments in addition to the immediate concern no longer receiving Medicare payments while their enrollment is revoked.

Reapplication Bar

CMS’s proposed rule expands the grounds from which a provider may be prohibited from seeking reapplication as a Medicare provider. Under current regulations, CMS may prohibit prospective providers from enrolling in Medicare for up to 10 years if its enrollment application is denied because the applicant submitted false or misleading information in its application. Under the proposed rule, CMS will have the discretion to prohibit a provider from enrolling in Medicare if their enrollment application is denied for any reason.

Conclusion

As a part of the federal government’s increasingly aggressive push to combat real or perceived healthcare fraud, the proposed rule both broadens CMS’s authority to revoke and deny Medicare enrollment and raises the stakes for revocation and denial. What the proposed rule does not share is how CMS plans to exercise this expanded discretion: as a result, the proposed rule, if enacted, increases the unpredictability and potential ramifications of even technical noncompliance with CMS rules. As a result, Medicare providers should keep a close eye on potential revisions to these rules and their potential implementation and consider proactively evaluating their compliance under CMS standards.



[1] In the proposed rule, CMS identifies, with respect to each ground for revocation, what it will consider to be the effective date of revocation.