10 Compliance Risks That Will Define Home Health in 2026

If you believe compliance is simply about checking boxes, you have not looked at the latest enforcement numbers.

In Fiscal Year 2024, the Department of Justice secured a staggering $2.9 billion in False Claims Act settlements. Even more concerning for our sector is that $1.67 billion of that total came directly from the healthcare industry.

The OIG's message is clear. The era of lenient oversight is over. Based on the 2026 Home Health Compliance Guide, here are the 10 critical risks your home healthcare agency will face in the coming year and why claiming ignorance is no longer a valid defense.

Risk 1 is The Medicare Advantage Shift

CMS has announced a strategic goal to move all Traditional Medicare beneficiaries into accountable care relationships by 2030. This creates a massive operational risk for agencies used to Traditional Medicare rules.

Care Delivery Organizations (CDOs) and Medicare Advantage plans operate differently.

• Arbitration vs Appeals: Unlike Traditional Medicare, disputes with CDOs often go to binding arbitration rather than administrative appeals.

• Contract Trap: One missed deadline can invalidate an entire appeal. The Fix: You must audit every payer contract you hold. Do not assume that Traditional Medicare rules apply to your private payer or MA patients.

Risk 2 is Non-Compete Uncertainty

The legal landscape for staffing retention is chaotic. While the FTC 2024 ban on noncompetes was blocked by a federal court in Texas, enforcement is still happening on a case-by-case basis.

Agencies relying on restrictive covenants to keep staff from poaching patients need to be careful. Your employment contracts must focus on non-solicitation of clients and non-disclosure of trade secrets, which remain enforceable even if non-competes are challenged.

Risk 3 is HIPAA Enforcement (Right of Access)

While most agencies worry about hackers, the Office for Civil Rights (OCR) is targeting providers who block patients from seeing their own data. The Right of Access Initiative has already brought over 50 enforcement actions.

The rule is strict. You have 30 days to provide records upon request. If your intake and records department is slow, you are a target. With over 374,000 HIPAA complaints filed historically, patient awareness is at an all-time high.

Risk 4 is The False Claims Act Surge

The $2.9 billion in settlements mentioned above is being driven by whistleblowers. The Department of Justice is aggressively pursuing civil fraud recoveries, which have fluctuated between $2.2 billion and $5.6 billion annually since 2019.

Recent cases show that liability is expanding beyond just billing for services not rendered. It now includes assumptive coding, where billing companies add codes without specific clinical documentation to back them up.

Risk 5 is Criminal Prosecution of Billers

This is the most terrifying shift for 2026. Prosecutors are now seeking prison time for individual billing staff, not just agency owners. A biller was sentenced to 50 months in prison for a $7.3 million scheme.

In Florida, A biller received over 5 years for identity theft.

If your billers are cleaning up claims by adding data that isn't in the clinical note, they are not helping you. They are committing a federal crime.

Risk 6 is Incident To Billing Failures

Agencies using Nurse Practitioners (NPs) or PAs to bill under a physician's NPI to get 100% reimbursement (incident to) are under a microscope.

The requirement is strict. Direct Personal Supervision. If the physician is at the hospital, in surgery, or simply not in the office suite while the NP is seeing the patient, you cannot bill incidentally. Those claims must be billed at the 85% NP rate. We are seeing massive paybacks triggered by third-party billers who do not understand this distinction.

Risk 7 is False Diagnosis Code Liability

You cannot simply carry over diagnosis codes from a hospital referral. Every code on your claim must be supported by your own clinical documentation.

The $34 Million Lesson: Eargo Inc. paid a $34.37 million settlement because they identified unsupported diagnosis codes in an audit, but failed to stop using them. The government does not punish you for making a mistake. They punish you for ignoring it.

Risk 8 is Percentage-Based Compensation

Paying marketers or billers based on a percentage of revenue is a high-risk practice. While not always illegal, it draws scrutiny under the Anti-Kickback Statute and state laws like New York's and Florida's specific restrictions.

If you use percentage-based compensation, your contracts must include clawback provisions. If a claim is denied or recouped, that commission must be returned. Without this, the government views the payment as a kickback for fraudulent volume.

Risk 9 is EHR Audit Trail Scrutiny

Private payers are getting smarter. They are no longer just asking for medical records. They are requesting EHR audit trails.

These digital logs reveal

• When the note was created

• Who accessed the file

• What was changed

If your clinician claims they documented the visit on Friday, but the audit trail shows the note was batch-created on Sunday night, your claim is denied. Auditors are using this metadata to disprove coverage. You need to be monitoring it too.

Risk 10 is Excluded Individual Screening

Employing a single individual who is on the OIG Exclusion List acts as a poison pill for your revenue. Any claim touched by that employee, whether they are a nurse, a biller, or an admin, is subject to recoupment.

Recent penalties include a $377,000 fine for a California pediatric agency that employed an excluded office manager. The Fix: You must screen all staff against the OIG Exclusion Database monthly.

A Special Advisor: The Risk of Bad AI

While not one of the Top 10 regulatory categories, the 2026 Guide includes a critical warning about Artificial Intelligence.

Generative AI is a people pleaser. As attorney Lester Johnson warns, "I can get AI to give me exact opposite answers just based on how I tweak the question". Agencies using generic AI tools face risks of hallucinated vitals and cloned documentation.

This is why Copper Digital uses a human in the loop verification process. Automation is the only way to solve the staffing crisis, but it must be the right automation.