Troy Health, Inc., a North Carolina-based Medicare provider, entered a non-prosecution agreement with the Department of Justice after admitting to using artificial intelligence and automation software to fraudulently enroll Medicare beneficiaries without their consent and steal their identities.
What happened
Troy Health defrauded the Medicare program from October 2020 through the end of 2022 by enrolling beneficiaries in Medicare Advantage plans without their knowledge or consent. Under executive direction, Troy's Territory Managers used proprietary software to unlawfully access pharmacy records and customer lists containing sensitive personal information, including names, addresses, dates of birth, Medicare ID numbers, and insurance information. Troy used this stolen data to make unsolicited sales calls to potential beneficiaries, with sales personnel falsely claiming they represented the beneficiaries' pharmacies and misrepresenting Troy's Medicare Advantage plan as a supplement rather than a replacement plan. The company also misused its AI-based healthcare management platform, Troy.ai, by offering pharmacies kickbacks for enrollment referrals. During the 2022 open enrollment period, Troy enrolled over 2,700 new Medicare Advantage members through automatic batch enrollments, including over 300 beneficiaries in a single day with enrollments occurring approximately one minute apart.
Going deeper
Troy executives developed proprietary software specifically to unlawfully access pharmacy records and customer databases. The company marketed Troy.ai as a product that would leverage data and machine learning to lower healthcare costs and improve health outcomes, but instead used it as part of their fraudulent enrollment scheme. Troy employees also manually entered fraudulent enrollments directly through the Centers for Medicare and Medicaid Services (CMS) website. The scheme followed a 2021 board meeting where a Troy executive announced an "aggressive but achievable" plan to triple Troy's enrollment during the 2022 open enrollment period.
What was said
Acting Assistant Attorney General Matthew Galeotti stated, "Troy told low-income Medicare beneficiaries that it would use new technologies, including its proprietary artificial intelligence platform, to improve patient health outcomes. Instead, the company misused patient data to enroll beneficiaries in its Medicare Advantage plan without their consent."
Assistant Director Jose A. Perez of the FBI's Criminal Investigative Division said, "The subjects in this case defrauded not only their own patients, but also the taxpayers who help fund Medicare."
Deputy Inspector General Christian J. Schrank of HHS-OIG stated, "The defendant's use of stolen identities to fraudulently enroll individuals in Medicare Advantage plans was a deliberate scheme to boost profits at the expense of vulnerable patients and the integrity of the Medicare program."
By the numbers
- Scheme operated from October 2020 through end of 2022
- Over 2,700 new Medicare Advantage members enrolled during 2022 open enrollment period (January 1 - March 31, 2022)
- Over 300 beneficiaries enrolled on March 2, 2022 alone
- Enrollments occurred approximately one minute apart during batch processing
- Criminal penalty: $1,430,008 (adjusted based on Troy's ability to pay)
- Goal announced at 2021 board meeting: triple enrollment during 2022 open enrollment period
Why it matters
This case represents the first major enforcement action targeting the misuse of artificial intelligence in healthcare fraud schemes, establishing a precedent for how the Justice Department will prosecute companies that weaponize AI technology to defraud Medicare. The scheme specifically targeted low-income Medicare beneficiaries, a vulnerable population that relies on these programs for essential healthcare coverage. Troy's abuse of pharmacy data access demonstrates how healthcare technology partnerships can be exploited for fraudulent purposes, potentially undermining trust between patients, pharmacies, and Medicare providers. The case also shows the ease with which bad actors can manipulate Medicare's enrollment systems, conducting hundreds of fraudulent enrollments in minutes through automated processes.
The bottom line
Healthcare companies developing AI-powered solutions must ensure their technology serves legitimate patient care purposes rather than enabling fraud. This case signals that the Justice Department will pursue both individuals and companies that exploit healthcare AI technologies to defraud Medicare, with enforcement focusing on protecting vulnerable populations and maintaining program integrity. Organizations using AI in healthcare should implement compliance controls to prevent misuse of patient data and ensure all technology applications align with regulatory requirements.
FAQs
What is a non-prosecution agreement (NPA)?
An NPA allows a company to avoid criminal prosecution if it admits wrongdoing, cooperates with authorities, and meets compliance conditions.
How does AI enable large-scale fraud in healthcare?
AI and automation can rapidly process stolen data and execute mass enrollments that would take humans much longer.
Why were Medicare Advantage plans specifically targeted?
They often involve higher reimbursements and commissions, making them attractive for fraudulent enrollment schemes.
How can beneficiaries know if they’ve been fraudulently enrolled in a Medicare plan?
They should regularly check their Medicare statements and contact Medicare directly if they see unrecognized plan changes.
What safeguards does CMS have against batch enrollments like this?
CMS employs monitoring systems, but this case shows vulnerabilities when fraudulent activity mimics legitimate high-volume enrollments.
