TL;DR
- Federal and state enforcement has built a detailed, dollar-quantified record of how NEMT fraud works. From FY2015 to FY2020, GAO counted 132 criminal convictions and 57 civil settlements, nearly 200 in all, across 25 states.
- Six scheme types recur: phantom trips, no-appointment or ineligible riders, inflated mileage, unauthorized drivers and vehicles, falsified signatures, and billing anomalies. Each one maps to a specific software control.
- Most of the dollars are not fraud. In CMS’s FY2025 measurement, 77% of Medicaid improper payments were insufficient documentation. That reframes the whole problem: structured documentation is the single highest-impact control.
- OIG is running an active project that targets NEMT billing with anomaly indicators. The audit is coming whether or not your controls are ready.
- The honest version of “fraud prevention software” is not a fraud-detection bolt-on. It is building the controls into how trips are captured, claimed, and reconciled in the first place.
An audit letter arrives. It asks you to produce, for a sample of trips you billed eighteen months ago, the proof that each ride actually happened: who drove, in what vehicle, from where to where, for which appointment, with what documentation. For most NEMT operators, that letter is the moment they discover which of those things their systems never captured. The trips were real. The proof was not built to survive a review.
I run engineering at Mindbowser, and the fraud-and-integrity side of NEMT is one of the clearest cases I know where the right software design at the point of the trip is worth more than any amount of cleanup after. The government has done something unusual here: through GAO, the HHS Office of Inspector General, the Department of Justice, and state attorneys general, it has documented exactly how NEMT fraud happens, scheme by scheme. And every scheme it describes is a software control waiting to be built. This is that mapping.
What the federal record actually shows
Start with the scale, because it sets the stakes. In its September 2022 report on NEMT fraud, the Government Accountability Office found that from fiscal year 2015 through 2020, state investigations produced 132 criminal convictions and 57 civil settlements or judgments involving NEMT providers, across 25 states. That is 189 outcomes, which GAO rounds to nearly 200. The cases concentrated in a handful of states, New York with 56, Ohio with 36, Indiana with 18, though GAO is careful to note that the distribution reflects where investigations happened, not where fraud is worst.
The Inspector General audits tell the same story in dollars. One review of New York City NEMT claims examined $269.6 million in payments and recommended the state refund $84.3 million, with another $112 million flagged as possibly noncompliant. Of 100 sampled claims, 17 were fully compliant, 41 were not, and 42 could not be determined either way. A Massachusetts audit found at least $14.1 million in improper payments, with 86 of 100 sampled service lines noncompliant, and for all 100, the driver qualifications and vehicle documentation were not adequately documented.
Now the number that reframes everything. In CMS’s FY2025 measurement, the Medicaid improper payment rate was 6.12%, about $37.39 billion. But CMS is explicit that an improper payment is not a measure of fraud, and that 77% of the improper amount was insufficient documentation, generally not indicative of fraud or abuse. Read that carefully, because it is the most useful fact on this page. The largest category of loss is not stolen money. It is money paid for real trips that could not be properly documented. And documentation is something software controls directly.
So the goal is not a fraud-detection product bolted onto a billing system. It is building, into the trip itself, the proof that each of the six schemes below cannot survive. Let me take them one at a time.
Scheme 1: Phantom trips, stopped by GPS proof-of-trip
The oldest scheme is billing for trips that never happened. GAO documented providers billing for trips to facilities that were closed, or for appointments that did not exist, or for members who were nowhere near the vehicle. The claim looks clean on paper because paper does not know where the van was.
The control is GPS proof-of-trip. When the trip is captured as a GPS breadcrumb, the start point, the route, and the destination, with system-generated, unmodifiable timestamps for each leg, a phantom trip stops being billable. A geofenced pickup and drop-off confirms the vehicle was actually at the member’s location and at the destination. The claim cannot be created without the trip data to back it. This is the same GPS and route data operators already collect for dispatch, turned into the evidentiary spine of the claim instead of a discarded byproduct.
Scheme 2: No-appointment and ineligible riders, stopped by claim-to-appointment matching
A subtler version bills for a real ride that should never have been covered: a trip for a member who was hospitalized or deceased on the date of service, or a ride with no actual medical appointment at the other end. The vehicle moved. The trip was not a covered benefit.
The control is matching, in two directions. Real-time eligibility verification at booking, through the standard 270 and 271 transactions, catches the member who is not covered on the date of service before the trip is dispatched. And claim-to-appointment matching ties each billed trip to a confirmed appointment, so a ride to nowhere has nothing to attach to. Both checks belong at the point of booking and claim creation, not in a post-payment review. Building them into the billing flow is the difference between catching the problem before the trip and refunding it after the audit, which is the same discipline that runs through purpose-built NEMT billing software.
Scheme 3: Inflated mileage and fake tolls, stopped by system-calculated distance
GAO and state cases describe a family of overbilling tricks: inflating the miles driven, adding tolls that were never paid, and splitting a single trip into several billable segments. Each one depends on a human entering a number the system does not check.
The control is to take the number out of human hands. When mileage is calculated by the system from the actual GPS route rather than entered by a driver or biller, inflation has nowhere to live. Tolls reconcile against the route. A trip that was run once cannot be split into three because the trip data describes one continuous trip. The pattern across all of these is the same: anywhere a billable value is typed in by a person, it is a place to substitute a system-computed value derived from the trip record.
Scheme 4: Unauthorized drivers and vehicles, stopped by credential gating
This is the scheme the Massachusetts audit put in sharp relief: for all 100 sampled service lines, driver and vehicle documentation was inadequate. Across cases, providers billed for trips run by drivers with suspended licenses or in vehicles that were uninspected or uncertified. The trip happened. The person or vehicle was not allowed to be doing it.
The control is credential gating. The system holds each driver’s license, certification, and background-check status and each vehicle’s inspection and registration, and it blocks a trip from being assigned, or a claim from being created, when any of those is expired or missing. This is not a nice-to-have report. Under 42 CFR 455.450, NEMT providers are often treated as high-risk, subject to fingerprint background checks and site visits, with continuous revalidation expected. Software that revalidates credentials automatically and refuses to bill on an expired one turns a recurring audit finding into a non-event.
Scheme 5: Falsified signatures and documentation, stopped by structured capture
GAO described providers asking members to sign for trips that were not provided, and falsifying the supporting documentation that is supposed to prove a trip occurred. The signature is the weak point, because a paper signature proves almost nothing about what actually happened.
The control is structured, tamper-evident capture, and this is where the 77%-documentation finding pays off. When the trip record is captured electronically at the moment of service, the member confirmation, the GPS-verified location, the timestamps, and the driver attestation, all bound together and unmodifiable after the fact, there is no loose signature to falsify. And the rule that ties it together is simple: no claim without a complete record. If the documentation that CMS requires is not present and structured, the claim cannot be submitted. That single rule converts the largest category of loss, insufficient documentation, from an audit liability into a system constraint. It also closes one of the most expensive of the everyday Medicaid NEMT billing challenges, the documentation gap that turns real trips into clawed-back claims.
Scheme 6: Billing anomalies, stopped by anomaly detection
The last scheme is less a single trick than a pattern: duplicate trips, impossible mileage, a driver credited with more trips in a day than the hours allow, the same trip billed twice. Individually each looks plausible. In aggregate they are a signature.
The control is built-in anomaly detection. The system flags duplicate claims, mileage that exceeds what the route supports, trip volumes per driver or per day that are physically impossible, and trips that do not match an appointment. This is exactly the lens regulators are now applying. OIG has an active Work Plan project running targeted reviews of Medicaid NEMT using billing-anomaly indicators, which means the anomalies you do not catch are the ones an auditor will. Catching them inside your own system, before submission, is the entire point. The same anomaly-and-integrity discipline runs through revenue-cycle work generally, which is why this connects to broader healthcare billing integrity practice.
The enforcement is live, and getting closer
None of this is historical. State enforcement is active and escalating. In January 2025, the New York Attorney General announced action against 54 transportation companies, recovering more than $10 million, following a December 2024 round of convictions of five owners and seven companies for more than $4.4 million in Medicaid theft. In Minnesota, the state’s Medicaid agency reported 71 open investigations into NEMT providers in a roughly $127 million program, and imposed an enrollment moratorium on new providers in the Twin Cities metro counties.
The direction is unambiguous. Investigators are using data, the dollar figures are real, and the documentation bar is rising. The providers who treat fraud controls as a compliance afterthought are the ones writing refund checks. The ones who build the controls into how trips are captured and billed are the ones who turn an audit from an existential threat into a routine request they can answer in an afternoon.
How Mindbowser approaches a fraud-control build
We build the controls into the platform, not on top of it. In practice that means GPS proof-of-trip as the basis of the claim, real-time eligibility and claim-to-appointment matching at booking, system-calculated mileage, credential gating that blocks billing on expired documentation, structured tamper-evident trip capture with a no-claim-without-complete-record rule, and billing-anomaly detection before submission. Six controls, one platform, designed so the proof exists by the time the claim does.
I want to be straight about proof, because this is a topic where vendors quote dramatic recovery numbers. Our differentiator is the engineering to build these controls correctly into a custom NEMT platform, demonstrated across our healthcare billing and integration work. I am not going to borrow a fraud-reduction percentage from someone else’s deployment and present it as ours. When we ship a delivered NEMT integrity build with its own measured result, that number will live here. Until then, the capability is the claim, and against an audit, the capability is what matters.
The demand is real and specific. A New York Medicaid NEMT operator we worked with named the core gap directly: GPS data was never reconciled against the billed trips. That single unreconciled seam is where most of these six schemes hide, and closing it is the foundation the rest of the controls build on. If you want the full picture of what a custom build covers across dispatch, billing, and integrity, that is custom NEMT software development.
Where this goes next
The audit letter is not a question of if. It is a question of whether, when it arrives, your systems can produce the proof. Every one of the six schemes above is something the government has already mapped, and every one has a control that belongs at the point of the trip, not in a scramble after the review.
If you cannot today reconcile your GPS data against your billed trips, that is the seam to close first, and the foundation the rest of the controls build on. Tell us where your trip data and your billing live now, and our custom NEMT software development team will walk through what an integrity build would take.
The federal record points to a handful of recurring schemes: billing for phantom trips that never happened, trips for ineligible or no-appointment riders, inflated mileage and fake tolls, unauthorized drivers or vehicles, falsified signatures, and billing anomalies like duplicate claims. Importantly, CMS’s own measurement shows the largest category of improper payment is insufficient documentation, not confirmed fraud, which is why documentation controls matter most.
GPS proof-of-trip captures the start point, route, and destination of each trip as an unmodifiable record with system-generated timestamps, and geofences the pickup and drop-off to confirm the vehicle was actually there. A phantom or altered trip cannot produce a clean GPS record, so the claim cannot be created without genuine trip data behind it. The same data also satisfies state trip-verification requirements.
The HHS Office of Inspector General has an active Work Plan project conducting targeted reviews of Medicaid NEMT using billing-anomaly indicators. Past OIG audits have found large shares of sampled claims noncompliant, often for inadequate driver and vehicle documentation. The practical takeaway is that anomaly detection and complete documentation are exactly what reviewers are checking, so building those controls in advance is the best preparation.
No, and the distinction matters. CMS states that improper payments are not a measure of fraud. In its FY2025 Medicaid measurement, 77% of improper payments were due to insufficient documentation, generally not indicative of fraud or abuse. That means most recoverable loss is real trips that were not properly documented, which structured documentation software addresses directly.
Off-the-shelf fraud-detection tools analyze claims after the fact. The stronger approach builds the controls into how trips are captured and billed, so the proof exists before the claim is submitted and the bad claim is never created. For an operator whose revenue depends on surviving Medicaid and broker audits, integrity built into the platform is more defensible than detection layered on top.









BLOGS
NEWSROOM
CASE STUDIES
WEBINARS
PODCASTS
ASSET HUB
EVENT CALENDAR 



















