CMS Considers New Ownership and Identity Verification Requirements for Medicare-Enrolled Providers and Suppliers

CMS’s latest Request for Information (RFI) is a cornerstone of its Comprehensive Regulations to Uncover Suspicious Healthcare (CRUSH) initiative, which targets fraud across Medicare, Medicaid, CHIP, and the health‑insurance marketplace. By focusing on ownership transparency, CMS seeks to eliminate the current loophole that allows non‑U.S. citizens or permanent residents to hold significant stakes in Medicare‑enrolled entities without robust oversight. The agency argues that foreign owners residing abroad are beyond the reach of U.S. law‑enforcement, creating a blind spot for investigators and increasing the risk of fraudulent billing schemes.

The proposed citizenship or permanent‑resident requirement would apply to any individual with a 5% or greater ownership or control interest. Providers and suppliers with foreign‑owned holding companies could face mandatory divestiture, restructuring, or even loss of Medicare enrollment unless a grandfather clause is introduced. Legal teams will need to reassess existing joint‑venture agreements, cross‑border financing arrangements, and future acquisition strategies to ensure compliance. The rule could also reshape investment patterns, steering capital toward domestically owned entities and potentially limiting the influx of foreign expertise and capital into the U.S. healthcare market.

In parallel, CMS is contemplating an expansion of fingerprinting and background‑check mandates beyond the current “high‑risk” classification. Extending these requirements to owners with less than a 5% stake, managing employees, and other affiliates would raise compliance costs and operational complexity for many providers. Stakeholders are urged to submit comments by March 30, 2026, as the agency balances fraud‑prevention goals with the practical implications for provider networks. The outcome will signal how aggressively CMS will enforce program‑integrity measures in the coming years.