Managing Genetic Testing Risk and Lessons from Recent DOJ Enforcement

April 8, 2026

Managing genetic testing risk and lessons from recent DOJ enforcement

Rachel Carey, Emily A. Johnson, Elizabeth Sullivan McDonald Hopkins + Follow Contact LinkedIn Facebook X Send Embed Over the last several years, federal concern about genetic testing has been steadily growing. Regulators have watched Medicare Part B spending on molecular and genetic tests spike while a relatively small number of laboratories, marketers, and telemedicine vendors drove a disproportionate share of claims, often through schemes that targeted seniors in venues like health fairs, assisted living facilities, and nursing homes. Several notable national takedowns, including actions alleging more than a billion dollars in fraudulent genetic testing and telemedicine claims, confirmed that this was not an isolated problem but a repeated business model.

Recent enforcement activity underscores that the government’s concerns should be taken seriously. In the last year alone, federal prosecutors have charged a Florida laboratory owner who used telemarketing campaigns and purchased physician orders to bill tens of millions of dollars in medically unnecessary genetic tests to Medicare, sentenced an Alabama physician who signed prepopulated telemedicine orders for cancer‑risk testing and durable medical equipment based on call‑center scripts, and secured a conviction against a former NFL player who ran a cardiovascular genetic‑testing lab that paid per‑sample kickbacks to marketers. Taken together, these cases highlight that genetic testing fraud often involves a schemebuilt on the same core elements: telemarketing to vulnerable seniors, thin or nonexistent clinical oversight, and high‑dollar panels ordered at volume, and that labs, prescribers, and investors can all find themselves at the center of an investigation when those elements align.

That growing suspicion appears ripe to crystallize into a formal regulatory framework. In early 2026, the Centers for Medicare & Medicaid Services (CMS) rolled out its Comprehensive Regulations to Uncover Suspicious Healthcare (CRUSH) initiative, signaling the most aggressive, data‑driven fraud posture the agency has taken in a decade. Through a wide‑ranging Request for Information and related policy announcements, CMS has asked how it should “crush” fraud in laboratory testing, explicitly calling out genetic and molecular diagnostics, and is exploring tools such as expanded registration requirements, enhanced ownership and identity checks, and real‑time payment suspensions powered by advanced analytics. For providers, CRUSH is more than another acronym; it is a public declaration that lab and genetic testing fraud now sit squarely at the center of enforcement focus of an AI‑enabled oversight apparatus.

Against that backdrop, post‑acute settings, skilled nursing facilities (SNFs) and assisted living facilities (ALFs), where residents are frequent targets of “free DNA test” campaigns, should expect their genetic testing claims and vendor arrangements to draw heightened attention. The organizations that fare best will be those that act now to audit billing practices, pressure‑test their lab and vendor relationships, and prepare a clear playbook for addressing compliance problems before the CRUSH spotlight lands on them.

CRUSH meets the genetic testing gold rush

High‑dollar molecular tests that once lived only in academic centers are now widely marketed, including to seniors in long‑term care, often under the banners of “medication matching,” “cancer screening,” or “dementia risk.” Many of these tests are clinically appropriate in the correct circumstances, but the combination of complex coding, large per‑test reimbursement, and vulnerable populations creates the exact conditions that draw fraud and abuse scrutiny in the genetic lab space.

Enforcement trends in recent years show recurring patterns: a handful of labs and telemedicine entities generating large volumes of claims; identical panels ordered for broad populations regardless of individual need; and beneficiaries who do not recall a meaningful discussion about why testing was ordered or how results would affect care. CRUSH effectively takes these concerns and embeds them in a more systematic, data‑driven oversight framework focused on outlier patterns and questionable arrangements across the Medicare program.

For SNFs and ALFs, that means genetic testing activity that might once have flown under the radar will increasingly be viewed as inherently high‑risk. High‑dollar claims tied to residents in institutional settings will be natural targets for CRUSH’s analytics, especially where a small number of laboratories, marketers, or telehealth prescribers account for most of the volume.

What recent DOJ cases tell us

• Florida lab owner (approx. $52M): Florida laboratory owner admitted using marketers and telemarketing‑style outreach to generate DNA swabs and physician orders, then billing about $52 million to Medicare for medically unnecessary genetic tests; the labs received tens of millions in payments. The scheme hinged on kickbacks, purchased orders, and mass‑ordered test panels disconnected from individualized clinical need. U.S. Dep’t of Just., Press Release, Florida Laboratory Owner Pleads Guilty to $52M Medicare Fraud Scheme Involving Genetic Tests (Jan. 25, 2026), https://www.justice.gov.
• Alabama telemedicine doctor (approx. $6M / $2.7M paid): Alabama physician pled guilty and was later sentenced for signing prepopulated telemedicine orders for cancer‑risk genetic tests and DME based on call‑center scripts, resulting in over $6 million in claims and about $2.7 million in paid amounts to Medicare. He had little or no legitimate physician–patient relationship and relied on telemarketing leads targeting Medicare beneficiaries. Press Release, U.S. Att’y’s Office for the Dist. of Mass., Alabama Doctor Sentenced to Over One Year in Prison for $2.7 Million Telemedicine Health Care Fraud Scheme (Mar. 22, 2026), https://www.justice.gov.
• Former NFL player / lab owner ($328M billed / ~$54M paid): A Texas lab owner and former NFL player, was convicted for orchestrating a cardiovascular genetic‑testing scheme in which his labs billed about $328 million and received roughly $54 million from Medicare. He paid per‑sample kickbacks to marketers who ran telemarketing campaigns, collected DNA samples and personal identifiers, and engaged in “doctor chasing” by pressuring primary‑care physicians to sign off on genetic tests prequalified by nonmedical staff; the kickbacks were concealed through sham marketing contracts and bogus “software” and “loan” arrangements. U.S. Dep’t of Just., Press Release, Former NFL Player and Laboratory Owner Convicted in $328M Genetic Testing Fraud Scheme (Feb. 19, 2026), https://www.justice.gov. What recent DOJ cases reveal about the model

Taken together, three recent federal cases illustrate how the same basic genetic testing business model is used by perpetrators of these schemes. Across all three matters, the same risk features recur: telemarketing campaigns aimed at Medicare beneficiaries, high‑dollar genetic panels ordered at scale, thin or nonexistent clinical evaluation, and financial relationships that tie testing volume to marketer compensation. Those are precisely the patterns an AI‑enabled oversight program like CRUSH is designed to detect, especially when they surface in institutional settings like SNFs and ALFs.

The NFL case underscores that enforcement is not limited to traditional healthcare actors. A former NFL player turned laboratory owner was convicted not just for billing medically unnecessary cardiovascular genetic tests but for orchestrating the underlying kickback and money‑laundering structure, including sham marketing contracts reverse‑engineered to match per‑sample payments. While celebrity or high‑net‑worth investors may not design the day‑to‑day billing strategy, these cases show that capital backing and ownership do not insulate individuals from liability when they finance or control labs and marketing enterprises that depend on telemarketing, doctor‑chasing, and volume‑based compensation for genetic testing.

Nor is this the first time athletes and other public figures have surfaced in healthcare fraud matters: DOJ has previously prosecuted schemes involving former NBA players who submitted fraudulent claims through the NBA Players’ Health and Welfare Benefit Plan, and similar cases continue to draw attention to the reputational and legal risk that comes with lending a name, or capital, to complex healthcare businesses without a deep understanding of compliance obligations. Office of Pub. Affs., U.S. Dep’t of Just., Press Release, 19 Defendants Charged With Defrauding the National Basketball Association Players’ Health and Welfare Benefit Plan (Oct. 7, 2021), https://www.justice.gov.

How genetic testing risk shows up in SNFs and ALFs

Zooming in on post‑acute care, genetic testing risk rarely starts as an intentional scheme by facility leadership. It tends to show up through routine‑seeming encounters:

• A vendor offers to host a “free DNA screening event” on site, focusing on cancer, dementia, or medication response for residents.
• Marketers visit rooms with cheek swabs, assuring residents and families that “Medicare pays for this” and that the test will prevent adverse drug events.
• A telehealth prescriber, unknown to the facility’s attending physicians, appears as the ordering provider for dozens of residents’ genetic tests.
• Claims data reveal high‑dollar molecular pathology codes often in the 81400‑81408 Tier 2 range, panel codes in the 8141x–8145x range, or unlisted code 81479 tied to a small set of laboratories. In many of the national genetic testing fraud cases targeting seniors, laboratory and marketing entities have exploited precisely these dynamics in long‑term care and community settings. Residents often do not fully understand the testing, do not see results, and do not experience changes in their care plans, which raises questions about informed consent and medical necessity—even when facility leadership did not explicitly design the program.

When investigators arrive, they will ask straightforward questions:

• Who approved these vendors to operate on premises?
• What diligence was done on the laboratories and telehealth prescribers?
• How were residents selected and consent obtained?
• What documentation exists in the chart to support the specific tests and codes billed?
• What documentation exists in the chart to support that the test results were received and utilized in treatment? Facilities that cannot clearly answer these questions risk being characterized as passive participants in arrangements that CRUSH is explicitly designed to detect. Legitimate labs must also keep in mind that they need to have trust in the operations of their ordering providers. If labs are working with facilities that cannot appropriately address the final three bullet points above, that increases the risk of insufficient documentation for medical necessity.

How to audit your genetic testing activity

In a CRUSH environment, a targeted billing audit focused on genetic and molecular testing is the most immediate step SNFs, ALFs, and their affiliated providers can take to “get ahead” of scrutiny. Providers also have different resources to allocate to compliance initiatives, which vary based on the provider’s revenue. Whether you are able to hire a compliance consultant in order to outsource compliance completely to a vendor or simply looking for a roadmap to start the compliance improvement journey, the important thing is to start now with the resources that you have instead of burying your head in the sand.

A practical audit framework can include:

Define the code universe. Have your internal team, revenue cycle management company, or a hired external third party auditor to focus on:

• Tier 2 molecular pathology codes 81400–81408 (frequently implicated in improper “stacked” billing).
• Hereditary cancer and multi gene panel codes in the 8141x–8145x range.
• Unlisted molecular pathology code 81479, often used for proprietary or bundled panels.
• Pharmacogenomic / drug gene codes (e.g., common CYP related codes such as 81225–81227 and related Tier 1 PGx codes) that are frequently referenced in CMS and payer guidance.

Look for suspicious clustering. Your analytics should be able to catch any:

• High utilization of these risky codes tied to one or two laboratories or ordering clinicians.
• Spikes over discrete time periods that correlate with new vendor relationships or on site events that indicate more investigation is warranted.
• Multiple residents receiving identical panels on the same dates of service, regardless of differing clinical profiles.

Tie claims back to clinical reality. For a meaningful sample of residents:

• Confirm that a legitimate treating clinician is documented and that there is an audit trail and medical record with clinical rationale for the test.
• Check for appropriate indications, such as treatment failures, adverse drug reactions, relevant family history, or guideline supported use, rather than general “screening” or curiosity in visit notes and medical record.
• Verify that results are present in the chart, were reviewed, and (ideally) influenced medication changes or care plans.

Evaluate medical necessity and coding.

• Compare findings to CMS coverage articles and local policies for pharmacogenomic and molecular testing, which often specify narrow circumstances where certain genes or panels are considered reasonable and necessary. Overuse of broad panels or codes that do not match the documented indications should be flagged for further review and potential repayment.

SNF and ALF risk assessments: Pressure‑testing vendor and lab arrangements

Billing audits tell you what is happening; facility‑level risk assessments explain why it is happening and where the next problem is likely to surface. For SNFs and ALFs, that means looking beyond claim lines to the web of relationships with laboratories, telehealth companies, and marketers that can quietly set a high‑risk genetic testing program in motion. Regulators are increasingly interested in those relationships and incentives, not just the billing that flows from them.

A practical starting point is simply to map who is in your building and in your residents’ charts. Facilities should be able to identify every laboratory performing genetic or molecular testing for their residents, any mobile testing companies or “infection prevention” or wellness vendors operating on site, and all telehealth groups involved in ordering or interpreting tests. If leadership cannot easily describe that ecosystem, it is difficult to argue that the facility is truly overseeing its genetic testing footprint.

From there, attention should shift to money and contracts. Risk tends to concentrate where labs or vendors provide “free” equipment, supplies, or staff, where marketing or education support is tied (explicitly or implicitly) to test volume, or where agreements grant unusually broad access to residents or data. Even when arrangements are papered as legitimate services, the combination of high‑dollar genetic testing and volume‑sensitive compensation will attract fraud and abuse scrutiny if it is not carefully structured and monitored.

Access, consent, and clinical oversight are the next pressure points. Facilities should know who is authorized to allow vendors to interact with residents, how frontline staff are trained to respond to unsolicited offers of genetic testing, and whether resident consent is being obtained in a consistent, documented way with real clinician involvement. Can you answer questions such as: when residents are swabbed at group events, do their attending physicians know about it, and do results make their way back into care plans, or do the labs and telehealth prescribers effectively operate in a parallel universe? Programs that can answer these are in a much stronger position when enforcement is knocking at the door.

Finally, a credible risk assessment will surface questions of governance. Someone at the senior level (compliance, legal, or clinical) should clearly “own” the approval and oversight of new testing programs, and there should be a defined path for staff to raise concerns about vendor behavior, unusual billing patterns, or resident complaints. Facilities that can demonstrate this kind of intentional oversight will be in a stronger position to show regulators that they are actively managing genetic testing risk, rather than simply providing a venue for others’ business models.

When to consider self‑disclosure in a CRUSH environment

For many organizations, the hardest question is not whether something went wrong in their genetic testing program, but whether what they have found looks enough like the public cases that it warrants a formal self‑disclosure. In a CRUSH environment, that judgment call has become more consequential: DOJ and CMS are bringing cases against actors across the chain from nursing‑home telemedicine prescribers to investor‑backed laboratories where patterns of conduct, not isolated errors, drive enforcement.

Is this a pattern or a pile of mistakes?

A useful starting point is to ask whether the issue is truly episodic or reflects a pattern. One‑off documentation gaps, sporadic use of the wrong code, or a single problematic vendor event can often be addressed through direct repayments, policy updates, and targeted education. By contrast, sustained use of broad genetic panels across large resident cohorts, recurring “free DNA” events, or long‑running relationships with a small cluster of laboratories or telehealth prescribers typically signal something closer to a business model. When the conduct looks organized (scripts, standing order templates, standard panels, recurring marketing visits) leadership should assume such schemes can quickly be picked up by enforcement analytics.

Does it match with recent enforcement cases?

The next lens is whether the internal fact pattern “matches” with what regulators are already litigating. Recent federal cases have centered on the same core features: telemarketing campaigns or call centers driving demand; high‑dollar genetic panels ordered at scale; limited or nonexistent clinical evaluation; and financial relationships that tie compensation to completed tests rather than clinical services. Facilities that discover combinations of these elements, for example, vendors hosting on‑site “cancer risk” or “medication matching” events, telehealth prescribers appearing suddenly in large volumes of orders, or investor‑backed labs aggressively marketing panels to post‑acute residents, should recognize that these are precisely the dynamics reflected in current enforcement actions. The closer the situation is to one of these headlines, the more difficult it is to justify using only internal cleanup to address the matter.

Can you fix this quietly without hiding the ball?

A third consideration is whether the organization can credibly resolve the issue without appearing to minimize it. In some instances, it may be reasonable to quantify overpayments, process refunds to payors, terminate or remediate vendor relationships, and document corrective actions without a formal disclosure-especially if the amount identified is under a certain dollar threshold. In others-particularly where potential Anti‑Kickback Statute, False Claims Act, or civil monetary penalties exposure is present-simply sending checks back may be viewed as incomplete if the issue later surfaces through a whistleblower, data analytics, or a broader industry sweep. If leadership is not comfortable explaining to a regulator, after the fact, why the matter was handled entirely in‑house, that discomfort is itself a signal that a more formal, transparent approach may be warranted.

Once an organization leans toward self‑disclosure, execution matters. The first imperative is to define the scope: the relevant timeframe, facilities, laboratories, ordering clinicians or telehealth entities, and the specific code sets implicated. That scoping should support a defensible estimate of financial exposure, using appropriate sampling or extrapolation methods rather than speculative figures. In parallel, immediate remediation should begin by halting problematic testing programs, tightening consent and ordering processes, revising policies that allowed vendors too much access to residents, and reinforcing expectations for clinicians around medical necessity and documentation.

Equally important is the narrative the organization is prepared to present. A credible disclosure does more than list numbers; it explains how the arrangement emerged (for example, a vendor‑proposed “no‑cost” testing initiative, a telehealth partnership aimed at medication management, or an investor‑driven genetics strategy), how internal controls failed to detect or prevent problematic patterns earlier, what the investigation found, and how governance has changed to prevent recurrence. That narrative should be consistent across communications with payors, regulators, boards, and, where appropriate, residents and families.

Practical steps for SNFs, ALFs, and labs to get ahead

For post‑acute providers and the laboratories that work with them, the path to getting ahead of enforcement and the broader genetic testing crackdown can be distilled into a few concrete steps:

• Launch a focused genetic‑testing billing audit centered on high‑risk molecular and PGx codes, looking for clustering by lab, prescriber, and facility.
• Conduct a SNF/ALF‑specific risk assessment of all lab, telehealth, and marketing relationships that touch resident testing, with particular attention to financial flows and access to residents.
• Develop an internal playbook that outlines how leadership will respond if audits uncover significant issues, including criteria for when to consider self‑disclosure. Providers that proactively examine their billing, vendor relationships, and response strategies now will be best positioned to weather the coming wave of scrutiny and, in many cases, to turn a high‑risk area into a demonstration of mature governance instead of a headline.

Send Print Report

Related Posts

• HHS OCR launches civil enforcement program for Part 2: What SUD providers and lawful holders need to do now
• Understanding Price Transparency Laws and Gag Clauses: A Guide for Healthcare Providers
• Ambulatory Surgery Center Trends in Regulation, Compliance, and Enforcement

Latest Posts

• Managing genetic testing risk and lessons from recent DOJ enforcement
• McDonald Hopkins Legal Diagnosis Podcast, Episode 8: Stark Law Video See more »

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
Attorney Advertising.

©
McDonald Hopkins

Written by:

McDonald Hopkins Contact + Follow Rachel Carey + Follow Emily A. Johnson + Follow Elizabeth Sullivan + Follow more less

PUBLISH YOUR CONTENT ON JD SUPRA

• ✔ Increased readership
• ✔ Actionable analytics
• ✔ Ongoing writing guidance Join more than 70,000 authors publishing their insights on JD Supra

Start Publishing »

Published In:

Anti-Kickback Statute + Follow Assisted Living Facilities (ALFs) + Follow Centers for Medicare & Medicaid Services (CMS) + Follow Compliance + Follow Department of Justice (DOJ) + Follow Enforcement Actions + Follow Genetic Testing + Follow Healthcare Fraud + Follow Laboratory Developed Tests + Follow Medicare Fraud + Follow Medicare Part B + Follow Regulatory Oversight + Follow Risk Management + Follow Skilled Nursing Facility + Follow Telemarketing + Follow Telemedicine + Follow Administrative Agency + Follow Criminal + Follow Health + Follow more less

McDonald Hopkins on:

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra: Sign Up Log in ** By using the service, you signify your acceptance of JD Supra's Privacy Policy.* - hide - hide