Executive Summary
Disrupt, don’t just detect: build a kill-chain across enrollment through recovery to break AI-enabled fraud before first claim and after last dollar. Manage to targets: -25% enrollment anomalies and -30% UPIC referral cycle time within 12 months.
Anchor enrollment to NIST SP 800-63 IAL2/IAL3 and CMS risk-based screening to defeat synthetic identities, deepfaked credentials, and concealed ownership arrangements.
Harden communications: combine FCC STIR/SHAKEN caller authentication with AI-era hotline playbooks: no-transfer policies, call-backs to verified numbers, and liveness Q&A aligned to FTC impersonation rules.
Adopt graph-native claims analytics tied to UPIC workflows and evidence-grade case files, streamlining referrals and recoupment under CMS Program Integrity guidance.
Set program-integrity KPIs and governance now; regulators have escalated enforcement on impersonation scams and robocalls and are expanding AI-related requirements.
Executive Position: Build a Kill-Chain, Not a Point Solution
Bottom line: build a kill-chain that links identity proofing, authenticated communications, graph analytics, and case-grade evidence. Manage to outcomes: target a 25% reduction in enrollment anomalies (12 months), a 30% reduction in UPIC referral cycle time, ≥95% signed inbound caller authentication, and 100% evidence-complete impersonation cases. Expect fewer improper payments, faster recoveries, and less beneficiary harm as impersonation attacks escalate.
The blueprint below aligns with the federal identity stack (NIST SP 800‑63), CMS risk-based screening, FCC call authentication, and FTC impersonation rules to withstand adversarial AI while supporting UPIC-centered investigations.
Pillar 1 Enrollment: Defeat Synthetic Providers at the Gate
What CMS requires today
CMS mandates risk-based screening of all initial, revalidation, and certain change-of-ownership applications at “limited,” “moderate,” or “high” categorical risk, with site visits at moderate and high, and fingerprint-based FBI checks at high risk tiers (for 5%+ owners) under 42 CFR §424.518 and related provisions. The rule applies at initial enrollment, revalidation, and new practice locations, with categorical assignments (e.g., DMEPOS suppliers and newly enrolling HHAs designated “high”). CMS complements this with expanded site visit authorities and resumed post-PHE screening operations Strengthening Provider & Supplier Enrollment Screening.
Ownership and control disclosures plus ongoing reporting are governed by 42 CFR §424.516. CMS may deny or revoke billing privileges for noncompliance, adverse legal actions, or other enumerated reasons under §424.530 (Denial) and §424.535 (Revocation).
How to harden enrollment against AI-driven impersonation
Federal digital identity guidance provides the blueprint. NIST SP 800‑63A details enrollment and identity proofing at IAL2/IAL3, including document verification and supervised remote proofing; IAL3 requires in‑person or supervised remote proofing with robust operator oversight and fraud controls SP 800‑63A. To resist presentation/injection attacks, NIST requires biometric liveness/PAD and live capture comparisons during verification 63A verification guidance. NIST’s 2025 draft update further addresses forged and injected media in proofing pipelines SP 800‑63A (draft revision).
Operationally, providers use PECOS to enroll and revalidate, with identity controls layered via CMS Identity Management Remote Identity Proofing (RIDP) and role management before access to protected functions PECOS Fact Sheet. RIDP is documented in CMS Identity Management user guidance: CMS Identity Management (IDM) user guide.
Control checklist: Map CMS screening to NIST SP 800‑63 (PECOS‑ready)
| Area | Key actions | Regulatory anchors |
|---|---|---|
| Risk-tier assignment | Assign categorical risk at initial, revalidation, and location changes; apply site visits at moderate/high. | §424.518 |
| Fingerprint checks | Require FBI fingerprint-based checks for all 5%+ owners at high-risk tiers (e.g., DMEPOS, HHAs). | §424.518 (PDF) |
| Ownership & control | Collect/maintain disclosures; report specified changes within 30/90 days; deny or revoke for noncompliance or adverse actions. | §424.516 |
| Identity proofing | Use IAL2 for remote enrollment; upgrade to supervised remote or in-person proofing for high risk; capture live biometrics and enforce liveness/PAD; prepare for anti-injection controls. | SP 800‑63A; 63A verification; draft |
| Post-enrollment access | Require phishing-resistant AAL2 or AAL3 for sensitive functions. | SP 800‑63B |
Risk-tier assignment and triggers
Assign categorical risk and apply screening at initial, revalidation, and location changes (see §424.518).
Apply site visits for moderate/high tiers; resume/expand site visits per CMS policy (see CMS screening fact sheet).
High-risk biometric/fingerprint checks
Require FBI fingerprint-based checks for all 5%+ direct/indirect owners at high risk tiers (e.g., new DMEPOS, HHAs) §424.518 (govinfo PDF).
Ownership, control, and adverse actions
Collect and maintain ownership/control disclosures; report specified changes within 30/90 days (see §424.516).
Deny/revoke for noncompliance or adverse actions (see §§424.530 and 424.535).
NIST identity proofing (overlay on PECOS)
IAL2 baseline for remote enrollment with document verification and fraud checks; upgrade to supervised remote or in‑person proofing for high‑risk entities (per SP 800‑63A).
Capture live biometric and evidence images; enforce liveness/PAD (per 63A verification guidance).
Prepare for updated anti-injection media controls in forthcoming NIST revisions (see SP 800‑63A draft).
NIST authenticator assurance (post-enrollment access)
Require phishing-resistant AAL2 or AAL3 for sensitive functions; 63B defines AALs and authenticator properties SP 800‑63B.
Add fraud-atom checks to enrollment validation: mismatched licensing, reused addresses/phones across NPIs, unexplained management turnover, and “phoenix” patterns (revoked entities reappearing under new shells). Use ownership and control data (see §424.516) and indicators of concealed or proxy ownership to prioritize prepayment holds where risk is elevated.
Pillar 2 Secure the Phones: Stop Spoof and Cloned Voices
Regulatory baseline for call authentication
Under the FCC’s rules, voice service providers must implement STIR/SHAKEN caller ID authentication and sign calls consistent with attestation policies, with obligations codified at 47 CFR §64.6301 and related orders Call Authentication Trust Anchor. In 2024, the FCC initiated further rulemaking on AI-related disclosures and definitions for robocalls AI robocalls NPRM.
Agent playbook for Medicare hotlines and prior authorization lines
Caller authentication and routing
Ingest STIR/SHAKEN metadata from carriers; downgrade or detain calls without valid signatures (per §64.6301).
Apply a “no-transfer policy” for identity-uncertain calls; require re-dial from a verified number on file or a call-back to the official line.
Publish and consistently use verified numbers; the official Medicare number is 1‑800‑MEDICARE Medicare contact page.
Liveness and challenge response
Deploy agent scripts that require dynamic, account-specific facts not exposed in breaches (avoiding KBA trivia), consistent with phishing-resistant authentication principles in SP 800‑63B.
Require short “hold and call-back” flows when voices sound synthesized, caller ID appears spoofed, or attestation is weak; remind beneficiaries that caller ID can be faked FTC Medicare scam guidance.
Evidence and escalation
Record provenance and consent, retain STIR/SHAKEN fields, and store challenge-response transcripts for any case flagged as impersonation (see FTC rule below).
When suspicious calls reference benefits or ordering, route to SIU/UPIC queue with call metadata attached.
Pillar 3 Graph-Native Claims Analytics Tied to UPIC Workflows
Network patterns in tele-fraud, DME, and genetic-testing rings
Fraud rings often bootstrap from contact centers into rapid ordering and billing pipelines: short-duration call bursts to beneficiaries; immediate ordering of DME or tests; out-of-area prescribers; repeated device/test panels; and transient addresses/phones that hop between NPIs.
While specific patterns vary, a graph model should compute features across entities (NPI/EIN), relationships (ownership/control), locations, communication fingerprints, and time to surface ring cohesion and “rapid-fire” sequences for prepayment review. Use CMS ownership/control reporting as anchor attributes (see §424.516) and apply indicators of concealed or proxy ownership.
Know-Your-Provider (KYP) graph model
Entity layer: NPI, EIN, licensing numbers, accreditation, sanctions; ownership/control nodes from enrollment disclosures (see §424.516).
Communications layer: phone numbers, calling signatures, STIR/SHAKEN attestation history; hotline interaction risk signals.
Place layer: practice/service addresses, geo-consistency, co-location with other high-risk nodes.
Behavioral layer: ordering-to-billing latencies, temporal spikes, SKU/device/test panel repetition, beneficiary clusters.
Risk heuristics: phoenix patterns (revoked → new shell), concealed/proxy ownership markers, recycled assets (phones/devices/addresses), and sudden specialty pivots.
Score prepayment risk using combined graph centrality, anomaly features, and communications provenance. Prioritize UPIC referral for high-cohesion rings and order holds when risk exceeds predefined thresholds aligned to program-integrity tolerance.
How UPICs fit and how to feed them
UPICs investigate suspected fraud, waste, and abuse across Medicare and Medicaid under CMS program integrity policies. Use CMS Program Integrity Manual (PIM) guidance to structure data exchange, referrals, and case documentation workflows PIM, Ch. 10: Provider and Supplier Enrollment.
Standardize referral packets with: enrollment artifacts; ownership graphs; call metadata (STIR/SHAKEN, recordings); ordering/billing timelines; and beneficiary impact summaries. Track referrals and investigative artifacts in the national case management systems as required by CMS program integrity procedures.
Pillar 4 Evidence-Grade Auditability Aligned to FTC Impersonation Rules
The FTC’s Trade Regulation Rule on Impersonation of Government and Businesses (effective Apr 1, 2024) strengthens enforcement and remedies for government/business impersonation scams FTC Impersonation Rule (Final). The Commission has proposed expanding the rule to cover impersonation of individuals and related facilitators, with proceedings ongoing SNPRM: Individuals & Facilitators.
Translate the rule into case-file requirements
Provenance chain for recordings: timestamps, agent IDs, consent language, and unaltered audio originals; hash and store with retention policies matching legal holds.
Communications evidence: STIR/SHAKEN attestation fields, call route headers, and carrier traceback identifiers where available §64.6301 requirements.
Challenge-response transcripts: prompts, caller answers, and the decision log that justified escalation or denial.
Deception artifacts: screenshots or files showing misuse of government branding, spoofed numbers/URLs, or AI-voice indicators, mapped to prohibited tactics under the FTC rule.
Victim/beneficiary notifications and remediation steps documented per consumer-protection best practices (impersonation losses are significant, with FTC reporting $2.95B in 2024 across impersonation categories) FTC 2025 overview.
Operating Model: Roles, RACI, and Artifacts
Roles and Key Outputs
Program Integrity KPI Dashboard (Targets)
Reference anchors: §424.518 tiers; STIR/SHAKEN; FTC Impersonation Rule.
Data-sharing touchpoints and artifacts
Enrollment → Analytics/SIU: IAL/AAL outcomes, document forensics results, ownership graph extracts, site-visit findings, fingerprint status.
Communications → Analytics/SIU: STIR/SHAKEN fields, call recordings and consents, challenge-response transcripts, call-risk scores.
Claims/Payments → Analytics/SIU: ordering-to-billing timelines, provider/bene panels, SKU/device codes, geospatial summaries.
SIU/Analytics → UPIC: standardized referral packets with evidence indexes and chain-of-custody notes aligned to program-integrity guidance (see PIM, Ch. 10).
Targets and KPIs: Managing to Outcomes
Leaders should set a tight KPI suite that links actions to recoveries and risk reduction, while anchoring definitions to federal rules and measurements:
Enrollment anomaly rate by risk tier (per §424.518 categories) with time-to-decision and percent placed on supervised proofing.
Caller authentication pass rate and detain/deflect rate on low-attestation calls (per STIR/SHAKEN policy).
Impersonation case closure cycle time with complete FTC-rule artifacts FTC Final Rule.
Prepayment hold yield and UPIC referral acceptance rate (per standardized packet criteria).
Beneficiary harm prevention: number of impersonation attempts deflected and consumer notifications issued (context: FTC reports continued high losses to impersonation) FTC 2025 overview.
Visual A The AI Fraud Kill-Chain Map
AI Fraud Kill-Chain Map
End-to-end control points and evidentiary artifacts across the payment lifecycle.
Enrollment (PECOS)
Controls: §424.518 risk-tiering; site visits; high-risk fingerprints; IAL2/IAL3 proofing with liveness/PAD.
Artifacts: ownership/control disclosures; doc-forensics results; proofing logs.
Communications (hotlines/prior auth)
Controls: STIR/SHAKEN attestation; no-transfer; call-back to verified numbers; liveness Q&A; record provenance.
Artifacts: STIR/SHAKEN fields; recordings; challenge-response transcripts.
Ordering
Controls: prepayment holds on unverifiable orders; outlier and ring-cohesion scoring; credential/use checks.
Artifacts: ordering timelines; provider graph risk; specialty/distance checks.
Billing/Payment
Controls: anomaly detection on rapid-fire schemas; documentation sufficiency checks; targeted edits.
Artifacts: claim clusters; SKU/device/test panel repetition; bene impact summaries.
Recovery/Enforcement
Controls: SIU/UPIC referrals; suspensions; revocations/denials per §§424.530-.535; FTC evidence standards.
Artifacts: standardized UPIC packet; legal hold evidence; beneficiary notices.
Medicare Program Integrity KPI Dashboard (2025-2027)
Reference anchors: §424.518 risk tiers; STIR/SHAKEN; FTC impersonation rule.
18-24 Month Outlook: The Emerging Compliance Baseline
Strategic Outlook Matrix
Anchors: FCC AI NPRM; FTC SNPRM; NIST SP 800‑63A draft.
AI-safe communications: Expect sustained FCC pressure on caller authentication, increased traceback, and possible AI-content disclosure obligations as proposed in the AI robocalls proceeding FCC AI NPRM.
Impersonation enforcement: FTC will continue to leverage its final rule and may extend protections to individual impersonation and enablers, raising evidentiary expectations for case files FTC SNPRM.
Prepayment controls: With stronger identity and communications baselines, programs will expand prepayment holds on unverifiable orders and require standardized, audit-ready referral packets to UPICs (per CMS program-integrity processes).
Identity proofing: Expect adoption of supervised remote proofing and stronger liveness/PAD across high-risk tiers as NIST finalizes SP 800‑63 updates SP 800‑63A (draft revision).
Implementation Roadmap (90/180/365 Days)
Implementation Roadmap
- Codify risk-tier overlays; require supervised remote or in-person proofing and liveness/PAD for high-risk enrollments; update PECOS checklists.
- Turn on call safeguards: no-transfer policy, call-back-to-verified numbers, capture STIR/SHAKEN metadata.
- Define UPIC packet template: enrollment artifacts, ownership graph, communications evidence, ordering/billing analysis.
- Deploy KYP graph features; integrate hotline risk data; implement prepayment hold rules for unverifiable orders.
- Instrument KPI dashboard and evidence chain; run table-top exercises on FTC-rule compliance.
- Scale supervised proofing to 100% of high-risk tiers; broaden PAD coverage to defeat deepfake credentials SP 800‑63A.
- Automate UPIC referrals; measure cycle time and acceptance; close loop on revocations and denials under §§424.530-.535.
Appendix (Public One-Pager) How to Spot Medicare Deepfake Calls & What to Do
Share this with beneficiaries, families, and caregivers.
Don’t trust caller ID. Scammers can spoof the display to look like Medicare or a known clinic FTC: Medicare scams.
Hang up and call back using a verified number. Dial 1‑800‑MEDICARE (1‑800‑633‑4227) or the number on your plan card-not a number given by the caller Medicare contact.
Watch for red flags: threats, pressure to act fast, requests for your Medicare or Social Security number, or offers of “free” genetic tests, braces, or equipment.
AI-cloned voices sound real. If a caller’s voice sounds off or scripted, stop. Verify with a call-back to an official number.
Report it. Share details with the plan, 1‑800‑MEDICARE, and the FTC at ReportFraud.ftc.gov. Medical identity theft resources are available from HHS‑OIG OIG consumer alert.
Protect your number. Don’t share your Medicare number for unsolicited offers; talk to your doctor or plan before agreeing to any test or equipment.
Why this matters: Impersonation scams continue to cause substantial consumer losses nationwide, and regulators have increased enforcement powers and penalties for impersonating government and businesses FTC 2025 overview, FTC Final Rule.
Closing: Lead the Kill-Chain
Lead with a kill-chain model that connects identity, communications, analytics, and evidence into one operating system for program integrity. Execute the 90/180/365 plan to harden enrollment, secure phones, activate graph-native prepayment controls, and standardize UPIC-ready case files. This blueprint aligns to NIST, CMS, FCC, and FTC requirements and positions your teams to cut risk exposure, accelerate recoveries, and protect beneficiaries as enforcement tightens.