Compliance Checklist: Where and How to Report Suspected Fraud, Waste, and Abuse Incidents

Use this Compliance Checklist: Where and How to Report Suspected Fraud, Waste, and Abuse Incidents to decide the smartest path for submitting a tip. It maps the primary fraud reporting mechanisms and shows exactly what to include so investigators can act quickly.

Whether you are a patient, employee, or contractor, you can use confidential reporting channels to share concerns, protect beneficiaries, and support Medicare program integrity and fair use of public funds.

Reporting Channels for Suspected Fraud

Before you report: quick actions

• Prioritize safety; do not confront the suspected individual or alter records.
• Capture specifics while fresh: dates, times, names, locations, claim or invoice numbers.
• Preserve evidence lawfully (emails, EOBs, logs); keep originals intact and submit copies.
• Review any internal policy on compliance hotlines and reporting steps.

Primary fraud reporting mechanisms

• Internal options: compliance officer, manager, or anonymous compliance hotlines.
• Federal option: OIG Hotline for issues involving Medicare, Medicaid, or other HHS programs.
• State options: Attorney General offices, Medicaid Fraud Control Units, and state Department of Insurance hotlines.
• Health plan options: Special Investigations Units (SIUs) at commercial or Medicare Advantage plans.
• Program options: official Medicare and Medicaid channels for beneficiary and provider tips.
• Law enforcement: use when there is immediate danger or active criminal activity.

Choosing a confidential reporting channel

• If the concern involves your leadership or compliance team, use an external channel first.
• Prefer channels that allow anonymous or confidential reporting and provide a case number.
• You may report to more than one channel when jurisdictions overlap.

Providing Detailed Incident Information

Information checklist

• Who: names, roles, organizations, provider identifiers (e.g., NPI), and contact details if available.
• What: clear description of the scheme (upcoding, unbundling, kickbacks, phantom billing, altered records).
• When: specific dates and times; note whether the conduct is ongoing or ended.
• Where: sites of care, facility addresses, and departments.
• How: method used, steps observed, tools or systems involved, and who authorized actions.
• Money: amounts billed/paid, claim counts, and any patient or plan cost impact.
• Programs: indicate Medicare, Medicaid, commercial plan, or multiple programs.
• Records: claim numbers, EOBs, invoices, policy or member IDs (share only what you are allowed to disclose).
• Witnesses: names and roles of others who can corroborate.
• Evidence: emails, screenshots, timelines, or policy excerpts that support your account.

Documentation and confidentiality tips

• Submit copies; do not remove originals or access records you are not authorized to view.
• Separate facts from opinions; present a concise timeline with key events.
• Protect sensitive data; include the minimum necessary to explain the issue.
• Keep your reference or case number and a personal log of what you submitted.

Reporting to the Office of Inspector General

The OIG Hotline accepts tips about suspected fraud, waste, and abuse affecting federal healthcare programs. It supports anonymous and confidential reporting and routes matters to the right investigative teams.

Use precise facts and attach non-privileged, relevant documents. If you choose anonymity, provide a way for follow-up questions, or monitor your case number for updates.

When to prioritize the OIG Hotline

• Medicare or Medicaid billing schemes, kickbacks, false cost reports, or grant misuse.
• Quality-of-care concerns tied to billing or improper payments.
• Schemes spanning multiple states, providers, or health plans.

What to expect after reporting

• Triage and referral to investigators or program integrity teams.
• Requests for additional documentation if needed.
• Limited status updates to protect investigations and confidentiality.
• Retention of your submission under whistleblower protections and applicable law.

Utilizing State Agency Hotlines

State agencies operate hotlines for healthcare fraud and patient abuse, including Medicaid Fraud Control Units, Attorneys General, and Departments of Insurance. These channels often accept anonymous tips and coordinate with federal partners when programs overlap.

Report the provider’s license number, Medicaid ID, facility address, and the county where services occurred. Note whether the practice crosses state lines or involves multiple locations.

State-level details to include

• Facility or practice name, address, and type (e.g., long-term care, home health).
• Provider identifiers and any known enrollment numbers.
• Claims, dates of service, and the pattern you observed (frequency, amounts, codes).

Reporting to Health Insurance Providers

Commercial insurers and Medicare Advantage or Part D plans run SIUs and compliance hotlines to investigate suspected member, pharmacy, or provider fraud. These confidential reporting channels can stop payments quickly and flag high-risk patterns.

What to include for plan investigations

• Member and policy identifiers, provider name and location, and claim or prescription numbers.
• Dates of service, amounts billed and paid, and the suspected scheme (e.g., phantom fills, upcoding).
• Any related communications, referrals, or prior complaints.

Follow-up and confidentiality

• Ask for a case or reference number and the best method to supply documents.
• If you fear retaliation, request an anonymous path or use an external channel.
• Escalate to the OIG Hotline or state agencies if a conflict of interest exists.

Healthcare Organization Reporting Procedures

If you work for a healthcare entity, follow your compliance program: report to your supervisor, the compliance officer, or the organization’s anonymous compliance hotlines. Document what you reported and when.

If leadership is implicated, or prior reports were ignored, use an external channel immediately. Good-faith reports are protected by non-retaliation policies and applicable whistleblower protections.

Retaliation safeguards

• Policies prohibit retaliation for good-faith reports through authorized channels.
• Federal and state laws protect employees who report suspected fraud, waste, and abuse.
• Keep contemporaneous notes and your case number to support any retaliation claim.

Reporting to Medicare and Medicaid Programs

For Medicare program integrity issues, report suspected provider or beneficiary fraud through official program channels or the OIG Hotline. Include claim numbers, dates of service, amounts, and EOB details to speed screening.

For Medicaid fraud reporting, contact your state Medicaid agency or Medicaid Fraud Control Unit. Provide the provider’s Medicaid ID, facility location, and whether the conduct targets managed care or fee-for-service.

Medicare-specific tips

• Note the plan type (Original Medicare, Medicare Advantage, or Part D) and any denial or prior authorization details.
• Flag patterns such as identical claims across multiple beneficiaries or services not received.
• Attach EOBs or other records that substantiate the concern.

Medicaid-specific tips

• Identify the managed care plan (if any) and the state where services occurred.
• Report facility-based abuse, neglect, or misappropriation alongside billing concerns.
• Explain whether the scheme is ongoing and the estimated financial impact.

Conclusion

Choose the channel that best fits the conduct, include precise facts, and safeguard confidentiality. Using the OIG Hotline, state hotlines, health plan SIUs, and internal compliance hotlines together strengthens Medicare program integrity and accelerates corrective action.

FAQs

What information should I include when reporting fraud?

Provide who, what, when, where, and how; the programs affected; claim or prescription numbers; amounts billed and paid; supporting documents; and witness names. Add provider identifiers (e.g., NPI or Medicaid ID), facility addresses, and whether the activity is ongoing.

How can I report suspected fraud anonymously?

Use channels that allow anonymous tips, such as the OIG Hotline, state agency hotlines, or organizational compliance hotlines. Anonymity can limit follow-up, so supply detailed facts and keep any case number to check for requests.

What protections exist for whistleblowers reporting fraud?

Organizations maintain non-retaliation policies, and federal and state laws provide whistleblower protections for good-faith reporting. Keep records of your report and seek guidance if you experience retaliation.

Where can I report Medicare-related fraud?

Report to the OIG Hotline and the official Medicare channels, and notify any involved health plan’s SIU. Include claim numbers, dates of service, amounts, and EOB details to support swift triage.