Skip to main content

Medicaid Fraud Case Signals Systemic Oversight Gaps in Long-Term Care

August 14, 2025
Image: [image credit]

Victoria Morain, Contributing Editor

The federal indictment of a Pittsburgh-based residential care owner on charges of Medicaid fraud, false health care statements, money laundering, and Social Security abuse is more than a criminal proceeding. It highlights structural vulnerabilities in how state Medicaid agencies oversee home- and community-based services (HCBS). According to prosecutors, the owner of SerenityCare LLC allegedly ran a seven-year scheme involving inflated billing and concealment of material facts, defrauding Pennsylvania Medicaid and misusing benefits for vulnerable residents with intellectual disabilities.

Although the legal process is still underway, the scale and scope of the indictment should prompt executive-level scrutiny across the care delivery and compliance ecosystem. Executives overseeing Medicaid-funded services, particularly in the HCBS sector, face rising expectations to modernize internal controls, audit practices, and cross-agency coordination. This is not an outlier. It is a warning.

Medicaid’s Scale Is Growing Faster Than Its Guardrails

The SerenityCare case revolves around HCBS, a Medicaid-supported care model designed to reduce institutionalization by funding in-home and residential support for people with disabilities. This model now accounts for more than 60 percent of all Medicaid long-term services and supports spending, according to the Kaiser Family Foundation. But oversight mechanisms have not kept pace with expansion. In 2023, the Government Accountability Office cited persistent challenges in state-level monitoring of HCBS providers, pointing to inconsistent auditing protocols and limited real-time fraud detection capabilities.

This lack of infrastructure creates an environment where fraudulent billing, overreporting of services, and improper beneficiary management can go undetected for years. In the SerenityCare case, the defendant allegedly operated from 2016 to 2023 before facing formal charges. The indictment also includes allegations of Social Security fraud, an indicator of poor safeguards in the dual role some providers play as both caregivers and financial agents for their clients.

Technology Adoption Remains Patchy Across HCBS Providers

While federal law now mandates Electronic Visit Verification (EVV) for Medicaid-funded personal care services, implementation has been slow. States continue to report delays in achieving full EVV compliance, citing vendor mismatches and provider pushback. The fragmented IT landscape across smaller care agencies further complicates adoption. A 2024 survey by HIMSS found that fewer than 40 percent of post-acute care providers had successfully integrated claims data systems with state Medicaid programs.

This lack of interoperability leaves major blind spots in billing verification, documentation, and service traceability. It also reduces the effectiveness of fraud prevention tools such as the Fraud Prevention System operated by the CMS Center for Program Integrity. Although the system is designed to flag high-risk claims before payment, its reach into HCBS environments remains limited.

Fraud at the Edges Has Central Consequences

When providers serving intellectually or developmentally disabled individuals are accused of financial exploitation, the reputational and regulatory consequences ripple beyond a single facility. Allegations of falsified claims, concealment of patient information, and financial mismanagement erode public confidence in both Medicaid and the provider community. They also cast doubt on the reliability of subcontracted care models, particularly when oversight of small providers remains weak.

This matters for large systems as well. Health systems that subcontract with residential care agencies or community providers risk downstream liability and brand exposure when partners commit fraud. Due diligence processes must extend beyond credentialing. Executives should be investing in analytics tools capable of flagging anomalies in subcontractor billing, documentation irregularities, and inconsistent service logs. Internal audit teams must also build shared fraud risk profiles in partnership with state agencies and federal compliance programs.

The Regulatory Perimeter Needs Expansion

Fraud cases involving both Medicaid and Social Security, as in the SerenityCare indictment, raise questions about interagency visibility. The Social Security Administration relies on representative payees to manage benefits for beneficiaries who cannot do so themselves. But when care providers also serve as financial stewards, agencies must implement stronger dual-role oversight, particularly in residential care settings. The current regulatory model assumes integrity where systems should enforce it.

Integrated data models between SSA, CMS, and state Medicaid programs remain largely aspirational. In its 2023 report, the GAO urged Congress to support greater data sharing between these agencies. Yet technical, legislative, and procedural barriers remain high. Until cross-program analytics and case management tools are developed and adopted at scale, fraud detection will lag fraud execution.

Institutional Trust Depends on Operational Integrity

The healthcare system cannot afford to let fraud cases unfold over multi-year timelines without detection. Each year, the Office of Inspector General at HHS reports billions in recoveries from fraud investigations, often involving the same types of community-based providers now under scrutiny. Compliance leaders must assume that enforcement is retrospective and reconfigure operations for prospective risk prevention.

Executives responsible for Medicaid-funded care delivery should not interpret the SerenityCare indictment as an outlier, but as a test case. What structural, operational, or data deficiencies exist within their own organizations that could allow similar behavior to go unnoticed? What protocols are in place to monitor representative payee activity, ensure accuracy of billing reports, and validate the delivery of services?

These are not compliance hypotheticals. They are executive accountabilities. And if left unaddressed, they become liabilities.