DOJ’s First Health Care Fraud Non-Prosecution Agreement Signals Enforcement Priorities
The U.S. Department of Justice (DOJ) Criminal Division and the U.S. Attorney’s Office for the Western District of North Carolina recently announced the first non-prosecution agreement (NPA) from DOJ’s Health Care Fraud Unit following the release of its updated Corporate Enforcement and Voluntary Self-Disclosure Policy (CEP) and enforcement priorities in May 2025.
This development reflects the DOJ’s continued focus on health care fraud, highlighting that enforcement approaches under the new administration remain consistent with prior ones. The May 12 enforcement memorandum from Matthew R. Galeotti, head of DOJ’s Criminal Division, emphasized targeting ten high-impact areas, with “waste, fraud, and abuse, including health care fraud and federal program and procurement fraud” as the top priority.
The DOJ also stressed balancing criminal investigations with minimizing unnecessary burdens on businesses. Prosecutors are now directed to impose penalties that reflect the misconduct’s severity, the company’s cooperation, remediation efforts, and the effectiveness of compliance programs. Independent compliance monitors will only be required when necessary.
NPA Details: Troy Health, Inc.
On August 20, 2025, DOJ announced an NPA with Troy Health, Inc., resolving a criminal probe into fraudulent Medicare Advantage enrollment practices. Although Troy did not qualify for voluntary self-disclosure credit under the CEP, DOJ recognized the company’s early reporting to the Centers for Medicare & Medicaid Services (CMS), substantial cooperation, and remediation steps.
Troy avoided a compliance monitor and received a reduced penalty of approximately $1.43 million based on inability to pay.
Troy’s case involved the use of artificial intelligence (AI) to expand fraud. Under a senior executive’s direction, Troy employees cold-called Medicare beneficiaries using pharmacy-sourced customer lists obtained without consent. Pharmacies were financially motivated to supply customer data to Troy’s AI platform, Troy.ai. Employees misrepresented themselves as pharmacy staff and falsely assured beneficiaries that switching plans wouldn’t affect their insurance providers. Many beneficiaries were enrolled without their knowledge or consent, sometimes via automatic enrollment. One day saw over 300 unauthorized enrollments.
Despite CMS’s directive to verify enrollments after a surge and complaints, Troy treated outreach calls as “welcome” calls. Evidence, including text messages between senior executives, confirmed the scheme’s illegality. Troy admitted to illicit proceeds exceeding $1.8 million.
Key Provisions of the NPA
DOJ declined to fully dismiss charges because Troy did not self-disclose directly to DOJ as required by CEP. However, the NPA term was limited to 18 months due to two main factors:
- Cooperation: Troy self-reported to CMS before DOJ involvement, provided timely investigation updates, produced relevant documents on its AI systems, and gave factual presentations. DOJ noted some early cooperation shortcomings, particularly in preserving and producing key evidence.
- Remediation: Troy removed the Chief Operating Officer, censured the Chief Pharmacy Officer, suspended all Troy.ai functions related to member recruitment, and enhanced its compliance program for member enrollment.
These efforts earned a 20% reduction from the Sentencing Guidelines fine range. DOJ also ruled that an independent compliance monitor was unnecessary, citing Troy’s strengthened compliance framework and agreement to ongoing self-reporting. The company’s penalty was capped at $1.43 million due to inability to pay.
What Healthcare Companies Should Take Away
- Health care fraud, especially involving Medicare, remains a top DOJ enforcement priority and will face close scrutiny.
- DOJ actively monitors Medicare data for outliers, increasing risks for companies lacking strong oversight of sales and marketing activities.
- Maintaining effective compliance programs and a culture of ethical conduct is essential.
- The use of AI in fraudulent schemes introduces new enforcement considerations. Companies should assess risks related to AI and implement appropriate controls to ensure legal compliance.
- Voluntary self-disclosure to DOJ before misconduct is uncovered remains crucial for maximizing mitigation benefits.
- DOJ’s inability-to-pay analysis shows commitment to imposing penalties that reflect financial realities but still hold companies accountable.
- The relatively short 18-month NPA term with self-reporting reflects DOJ’s approach to balancing accountability with reasonable business impact when companies act responsibly.
This case underscores the importance of early, full cooperation and timely remediation to align with DOJ’s goals of enforcing the law while promoting ethical business practices. Troy’s 20% discount on fines highlights that partial cooperation yields benefits, but falling short of expectations limits maximum reductions.
Healthcare organizations should carefully evaluate how emerging technologies like AI affect compliance risks and ensure their programs keep pace with evolving enforcement priorities.
For those interested in exploring AI tools and compliance training to better manage such risks, resources are available at Complete AI Training.
Your membership also unlocks:
