The Department of Justice just dropped a heavy hammer on New York state, accusing its leadership of letting billions of dollars in Medicaid fraud run completely wild. The headlines read like a standard bureaucratic failure: lazy oversight, incompetent state officials, and greedy scammers slipping through the cracks.
It is a comforting narrative for anyone who loves pointing fingers at government incompetence. It is also entirely wrong.
The lazy consensus dominating the news cycle is that New York simply failed to audit its providers. The mainstream media wants you to believe that if we just hire more investigators and implement stricter compliance algorithms, the bleeding will stop.
As someone who has spent fifteen years analyzing public health finance and watching states torch hundreds of millions of dollars on "integrity management" contracts, I can tell you the DOJ's lawsuit completely misses the structural reality. New York did not fail to regulate its Medicaid program. New York built a system so fundamentally overengineered that massive, systematic leakage is not a bug—it is an inevitability.
The DOJ is treating a catastrophic structural design flaw as a simple police problem. If you try to fix this with more cops and sharper audits, you will destroy care access long before you stop the money from bleeding out.
The Myth of the Careless State
When the Justice Department alleges that New York allowed billions to evaporate, they point to automated billing systems, unverified home-care hours, and third-party managed care plans that looked the other way. The standard question asked by industry pundits is: Why didn't the state check the receipts?
Here is the brutal truth: the state cannot check the receipts because the regulatory framework requires providers to generate billions of data points every single week.
Medicaid is no longer a simple insurer paying bills. It is a highly fragmented, public-private hybrid machine. New York’s program handles over seven million enrollees. The administrative burden of verifying every single interaction, every home-health aid shift, and every physical therapy session requires a level of friction that would ground the entire health system to a halt within forty-eight hours.
When governments try to audit their way out of this problem, a predictable pattern occurs:
- Stricter verification rules are passed.
- Honest, underfunded community clinics get buried under compliance costs and quit the program.
- Large-scale, sophisticated operations—the ones actually committing the fraud—simply hire better compliance lawyers to spoof the metrics perfectly.
Imagine a scenario where a state requires real-time biometric verification for every single home-care worker. The independent operator caring for an elderly neighbor in rural Upstate New York loses internet access, misses a check-in window, and goes unpaid for three weeks. They quit. Meanwhile, a multi-million-dollar agency running a ghost-provider ring uses specialized software to automate the check-ins from an office block in Queens.
The DOJ’s thesis is that New York let fraud flourish. The reality is that the complexity of the program creates a protective canopy where only the most sophisticated bad actors can thrive.
The Compliance Industrial Complex
The underlying problem is that we have outsourced accountability to a massive network of private contractors, managed care organizations (MCOs), and third-party software firms. In theory, shifting Medicaid enrollees into private managed care plans was supposed to save money and reduce waste.
In practice, it created an insulating layer of middle management.
MCOs are paid a flat fee per member by the state. They are incentivized to manage their bottom lines, not necessarily to investigate every suspicious sub-contractor. If a specialized therapy provider submits bills that look cosmetically perfect, the MCO pays it out. The state assumes the MCO is watching the store. The MCO assumes their automated software is watching the store.
No one is watching the store. They are just watching the dashboard.
This creates an environment where the actual delivery of medicine becomes secondary to the performance of compliance. I have watched health systems spend ten times more money designing workflows to pass an audit than they spent on the actual clinical improvements those audits were supposed to measure.
The downside of acknowledging this structural reality is deeply uncomfortable: it means that reducing fraud requires shrinking the system's complexity, which means making hard, politically toxic choices about who gets covered and what services are deemed essential. No politician wants to touch that. It is far easier to wait for a DOJ press release, blame the previous administration, and promise to buy better tracking software.
Stop Trying to Catch Fraud After It Happens
Every standard policy proposal following this DOJ action will center on "pay-and-chase"—the practice of paying bills first and trying to claw back the fraudulent funds years later during an audit. It is a multi-billion-dollar exercise in futility. By the time an investigator reviews a suspicious billing spike from 2024, the LLC that collected the money has been dissolved, the bank accounts are cleared, and the operators have moved on to a new corporate entity.
If New York actually wants to protect its treasury and its patients, it must abandon the current model entirely.
Radical Simplification over Granular Verification
We must stop tracking minutes and start tracking outcomes. The current system rewards volume and granular documentation. A provider who documents an eight-hour home-care shift with twenty pages of logs gets paid, even if the patient was neglected. We must pivot to fixed-fee, capitated models for localized networks where providers are paid to keep a specific population stable, stripping away the hundreds of thousands of individual billing codes that act as camouflage for scammers.
Eliminate the Middle Tier of MCOs
If the state is going to hold the financial risk, the state should run the network. The illusion that private insurance companies add efficiency to Medicaid has been shattered by decades of rising costs and systemic leakage. By removing the corporate intermediaries, the state shortens the distance between public funds and actual care delivery, making the money trail drastically shorter and easier to defend.
Accept the Friction Trade-off
Policy makers must be brutally honest about the cost of security. If you want zero fraud, you will get zero access. The more security gates you add to a public benefits system, the more you lock out the most vulnerable people who lack the bureaucratic literacy to navigate them. We must establish an acceptable threshold of administrative loss, build simple systems to contain it, and stop pretending that a flawless, fraud-free, hyper-complex government program can exist.
The Department of Justice will get its headlines, New York will agree to a massive settlement, and a new army of consultants will be hired to write compliance manuals that nobody reads. The system will remain completely broken because everyone involved is still pretending that the problem is a lack of effort, rather than a total failure of architecture.
If you design a system that requires a mountain of paperwork to verify a single drop of care, do not be surprised when people start selling you fake mountains.
