A systematic constraint analysis of the largest open-source Medicaid billing dataset in history — demonstrating that a 2,400-year-old structure of knowing can detect what conventional methods cannot.
All providers billing H0034/H0036/H2017/H2019. Prestige Healthcare (marked *) indicted by DOJ August 2024. TOCA identified from data alone.
| NPI | Entity | Growth | Revenue | Status |
|---|---|---|---|---|
| 1619279940 | Preventive Measure of DC | 1,805% | $10.4M | Open |
| 1033685953 | Wellness Health Services | 1,600% | $7.4M | Open |
| 1366939225 | District Healthcare Services | 1,354% | $7.6M | Open |
| 1396048070 | MBI Health Services | 1,273% | $7.3M | Open |
| 1437628914 | New Hope Health Services | 1,053% | $5.2M | Open |
| 1144516824 | Prestige Healthcare Resources * | 864% | $3.3M | DOJ Indicted |
| 1447716733 | NYA Health Services | 824% | $4.6M | Open |
| 1255857405 | Kinara Health & Home Care | 736% | $3.9M | Open |
| 1982182150 | Abundant Grace Health Svcs | 640% | $3.6M | Open |
| 1083062871 | CityCare Health Services | 446% | $2.7M | Open |
| 1417432733 | Wellness Healthcare Clinics | NEW | $3.7M | Open |
| 1720271836 | PSI Services III | 102% | $801K | Open |
| 1942451216 | Potential 13th member | 2,266% | $92.5M | Open |
Claims-per-beneficiary ratios that exceed physical service delivery limits. These are not outliers — they are impossibilities.
| NPI | Entity / Location | Code | Peak Ratio | Physical Max | Multiple |
|---|---|---|---|---|---|
| 1417409509 | Daily Home Care, TX | S5125 | 1,454.6 | ~120 | 12× |
| 1538343983 | Transport entity | T2041 | 1,352.9 | ~120 | 11× |
| 1407430143 | Lifeline Inc, DC | 99509 | 1,237.7 | ~100 | 12× |
| 1720171895 | Counseling entity | H1000 | 854.5 | ~60 | 22× |
| 1225163876 | SW CT Agency on Aging | 1286C | 782.0 | — | — |
| 1922477975 | Ogbatue, Riverside CA | T1019 | 463.8 | ~96 | 5× |
| 1457621633 | JARC, Bloomfield Hills MI | H2015 | 494.5 | — | — |
15 providers across Michigan billing exclusively H2015 (Comprehensive Community Support). Many with taxonomy mismatches.
| NPI | Entity | City | Max Ratio |
|---|---|---|---|
| 1457621633 | JARC | Bloomfield Hills | 494.5 |
| 1144989351 | Starr's Watchful Eye | Southfield | 376.1 |
| 1619374899 | Elmira Inc | Inkster | 204.6 |
| 1922157411 | Community Admin Services | Clinton Twp | 162.3 |
| 1629464227 | Integrated Living Inc | Sterling Heights | 124.5 |
| 1396068771 | Quality Choice HC | Troy | 118.5 |
| 1891010542 | Turning Leaf | Lansing | 117.2 |
| 1922181312 | Community Opportunity Ctr | Livonia | 116.7 |
| 1871538108 | Quest Inc | Livonia | 113.7 |
| 1376633297 | Angels' Place | Southfield | 107.0 |
| 1316059850 | IMPACT | Port Huron | 105.6 |
| 1184836082 | Kadima Jewish Support | Southfield | 91.8 |
NPI 1659769446 · 28 confirmatory drug test codes per specimen · Matches DOJ prosecution pattern (Millennium Health, $256M settlement)
| Year | Revenue | Monthly Avg | Growth from 2018 |
|---|---|---|---|
| 2018 | $7.1M | $592K | — |
| 2019 | $11.7M | $975K | +65% |
| 2020 | $18.5M | $1.55M | +160% |
| 2021 | $28.8M | $2.40M | +306% |
| 2022 | $40.4M | $3.37M | +469% |
| 2023 | $44.2M | $3.68M | +522% |
| 2024 | $39.9M | $3.32M | +462% |
| Pattern | 20% Sample | Full Dataset (Est.) |
|---|---|---|
| T1015 phantom clinics | $13.3B / 9,228 providers | $15–20B / 12–15K providers |
| New entity flooding | $3.07B / 16,677 entities | $8–15B / 40K+ entities |
| DC behavioral health cluster | $380M+ / 13 providers | $400M+ (fully captured) |
| National H-code pattern | Emerging | $1B+ |
| Drug testing mills | $190.6M | $500M+ (est.) |
| Physically impossible billing | Dozens of cases | Hundreds of cases |
| Regional clusters | 2 confirmed (DC, MI) | 5–10 estimated |
| E&M upcoding epidemic | 534 surges / 78% of findings | Under quantification ($60B+ in analyzed band) |
| TOTAL FLAGGED EXPOSURE | $17B+ | $30–50B |
On February 13, 2026, the Department of Government Efficiency (DOGE) and the Department of Health and Human Services released the largest open-source Medicaid billing dataset in history — 10.32 gigabytes of provider spending data spanning 2018–2024. They invited the public to help find fraud.
We accepted.
Not because we expect a bounty. Because this dataset is the first public test of whether the structure we spent fifteen years recovering from Aristotle's ἐπιστήμη can do what we claim it can: detect structural invalidity that conventional methods miss.
Within 48 hours, our methodology independently identified a provider that the Department of Justice had indicted for $10 million in Medicaid fraud — without knowing the indictment existed. We found it from the data alone. Eleven of the twelve co-clustered providers remain apparently uninvestigated.
This page documents everything: what we found, how we found it, and how you can apply the same methodology. We would rather everyone know how to detect fraud than somehow profit from this. That would be more profit than we would ever hope for.
The Tetrahedral Ontological Closure Architecture applies four constraints derived from Aristotle's theory of complete knowing. When applied to billing data, these constraints test not whether a claim is statistically unusual, but whether it is structurally possible.
Conventional fraud detection sorts by billing volume and investigates the largest billers. This catches the obvious. TOCA catches the rest — because it tests against limits that cannot be explained by legitimate variance.
Learn the full Hexis architecture →
During analysis of Tranche 6, TOCA flagged a cluster of 12 Washington DC behavioral health providers with synchronized explosive growth. NPI 1144516824 was identified as one of the twelve.
Subsequent investigation revealed that on August 2, 2024 — six months before our analysis — the U.S. Attorney's Office for the District of Columbia indicted the CFO of Prestige Healthcare Resources (that same NPI) and five community support workers for $10M+ in Medicaid fraud.
We found it from data patterns alone. The 11 remaining cluster members show equal or worse patterns and appear uninvestigated. The single largest entity in the cluster ($92.5M) exceeds the indicted entity by 28×.
The dataset (10.32 GB CSV) was downloaded from the DOGE/HHS public data portal. Each row represents a provider-code-month combination with columns for NPI, HCPCS code, month, beneficiary count, claim count, and total paid amount.
The dataset was processed in 50MB tranches (~1 million rows each), sorted by total payment descending. This allowed systematic coverage from highest-billing to lowest-billing providers, with the top tranches capturing the highest-exposure entities first.
Each tranche was subjected to a four-constraint battery:
K-Constraint scan: Calculate claims-per-beneficiary ratios. Any ratio exceeding physical service limits (accounting for code-specific service durations) is flagged as impossible.
T-Constraint scan: Compare 2018–2019 baseline billing to 2023–2024 billing. Growth exceeding 500% with no corresponding market explanation is flagged.
R-Constraint scan: Identify single-code providers (billing only one HCPCS code with zero diversification) and taxonomy-code mismatches where available.
S-Constraint scan: Cross-reference flagged entities by geography, code family, growth timing, and entity creation date. Clusters of coordinated behavior are escalated.
Every finding was cross-referenced against public DOJ records, state Medicaid fraud reports, and news sources to determine whether patterns had been previously identified.
Findings were catalogued in sequential submissions, each covering a batch of tranches. This page aggregates all submissions into a single reference.
These are not individual anomalies. These are structural features of the Medicaid billing system that suggest endemic, organized fraud operating at scale.
Thousands of providers billing exclusively code T1015 (Clinic Visit) with zero other service codes. No diagnostic imaging, no labs, no prescriptions, no procedures. A legitimate clinic generates diverse codes because patients present with real conditions. An entity billing millions in visits with nothing else is not operating as a clinic.
Thirteen DC-area behavioral health providers showing synchronized 446–2,266% growth in H0034/H0036/H2017/H2019 codes. One confirmed by DOJ indictment (Prestige Healthcare Resources, August 2024). Twelve apparently uninvestigated. The largest uninvestigated entity ($92.5M) exceeds the indicted entity by 28×.
Fifteen or more Michigan providers billing exclusively H2015 (Comprehensive Community Support) with >1,000% growth. Several exhibit taxonomy mismatches — home health agencies billing community psychiatric support they cannot deliver.
The Michigan H2015 pattern extends to Illinois and North Carolina with identical code concentration and growth, suggesting interstate coordination or exploitation of a common billing vulnerability.
Sixteen thousand entities created in 2023–2024 collectively billing $3.07 billion in under 24 months. Disproportionately clustered in personal care, behavioral health, and transportation codes.
Evaluation & Management codes (99213, 99214, 99283, 99284, 99285) account for 78.3% of all surge-growth findings in the 20–40% band. The dominant vector is 99214 (Level 4 office visit): 191 independent providers surging an average of 446%. Providers systematically upcode Level 3 visits to Level 4, and Level 4 ED visits to Level 5. Multiple NPIs surge across 3+ E&M codes simultaneously, indicating practice-wide billing escalation. The pattern spans 2018–2024 — it predates COVID and continues through the most recent data.
H-code explosive growth extends beyond DC nationally. Providers outside the DC cluster show identical code families and growth trajectories, suggesting a national vulnerability in behavioral health Medicaid billing.
These are not statistical outliers. These are billing volumes that violate the laws of physics.
1,454 attendant care claims per beneficiary in a single month. At 15-minute units, this equals 363 hours per beneficiary — in a month that contains 720 total hours. This provider claims each patient receives more than half of every hour in existence as attendant care. Even 24-hour care caps at ~120 claims. Actual: 12× the theoretical maximum.
A single entity billing $190.6 million across 84 months, including 28 distinct confirmatory urine drug test codes per specimen. Clinical standard: 1 presumptive + 2–5 confirmatory. This entity: 1 presumptive + 28 confirmatory. The textbook pattern prosecuted in United States v. Millennium Health ($256M settlement).
Each submission covers a batch of tranches. Analysis began February 15, 2026 and is ongoing.
| Submission | Tranches | Findings | Key Discovery |
|---|---|---|---|
| 001 | 1–2 | 1–5 | Initial patterns, Columbia Valley dental anomaly |
| 002 | 3–4 | 6–12 | Michigan H2015 statewide, multi-state H2015 |
| 003 | 3–4 (cont.) | 13–17 | T1015 $7B concentration, new entity pattern |
| 004 | 5–6 | 18–20 | DC behavioral health cluster, physically impossible ratios |
| 005 | 7–20 | 21–23 | 10% milestone, expanded patterns validated |
| 006 | 21–40 | 24–26 | Drug testing mill ($190.6M), new entity explosion |
| 007 | — | — | 20% strategic assessment & Treasury submission |
| 008 | Tranche 2 (42 chunks) | 27–805 | 40% milestone. 42.1M rows, $79.5B. 95 R-constraint, 682 T-constraint, 2 K-constraint. Pattern 6 confirmed: E&M upcoding (78% of surges). Filed with OIG Feb 17, 2026. |
This analysis identifies statistical anomalies in publicly released federal data. No finding on this page or in any associated report constitutes an accusation of fraud against any individual, entity, or organization. The providers, NPIs, and billing patterns identified herein are flagged solely as deviations from expected statistical norms that are consistent with indicators of potential fraud as recognized by the following cognizant bodies and professional standards:
Each finding represents an anomaly warranting further investigation by qualified authorities — not a determination of wrongdoing. Confirming fraud requires: medical record review; on-site inspection and patient verification; corporate ownership analysis; financial flow tracing; interview of providers, patients, and referring physicians; cross-referencing with OIG exclusion lists and state licensing boards; and law enforcement investigation with subpoena authority. This analysis performs none of these investigative steps.
Legitimate explanations may exist for some flagged patterns, including specialist scope of practice (R-constraint), pandemic-era billing volatility (T-constraint), and data reporting anomalies. The methodology is designed as a screening tool that minimizes false negatives; some false positives are expected and do not indicate wrongdoing.
For a subset of flagged providers, independent verification was conducted using publicly available records — separate from the TOCA statistical methodology. Business license records, property/address validation via county assessor databases, NPPES authorized official patterns, and publicly available patient reviews were checked for consistency with detected anomalies. These checks produced corroborating findings but are illustrative, not comprehensive.
All analysis derives from medicaid-provider-spending.csv (10.32 GB), released February 13, 2026 by DOGE/HHS via opendata.hhs.gov. NPI numbers are public identifiers maintained by CMS in the NPPES registry. No protected health information (PHI) was accessed. The submitter is not a licensed auditor, certified fraud examiner, or medical professional. Findings are submitted in good faith under protections of the False Claims Act and Anti-Money Laundering Act whistleblower provisions (31 U.S.C. 5323). Nothing in this analysis constitutes legal, medical, financial, or professional advice.
Transparency is a core principle of this project. Below is the exact text we submitted to the HHS Office of Inspector General Hotline on February 17, 2026. We publish this for three reasons: to document what was filed, to demonstrate that the filing actually occurred, and to give anyone who identifies additional anomalies a template for their own submission.
The OIG does not provide confirmation numbers or receipts for hotline complaints. This public record is our proof of filing.
Important: The OIG portal rejects special characters and emojis. All filed text uses plain ASCII only — double hyphens instead of dashes, spelled-out “dollars” and “percent,” and “and” instead of ampersands. If you use our template, maintain this convention.
At tips.oig.hhs.gov, select “Healthcare fraud” → “Improper billing”. This routes your complaint to the team that handles Medicaid billing anomalies.
This is the main complaint field. OIG says: provide details about when it happened, where, how it was committed, and how you learned about it. Here is what we submitted:
SUBJECT: Systematic Medicaid Billing Fraud -- 805 Statistical Anomalies Across 289+ Providers Identified via Data Analysis of DOGE/HHS Dataset SUMMARY OF COMPLAINT: I am reporting systematic Medicaid billing fraud identified through constraint-based statistical analysis of the medicaid-provider-spending.csv dataset (10.32 GB), released February 13, 2026, by DOGE/HHS via opendata.hhs.gov. Analysis of 40 percent of the dataset (approximately 70 million rows covering 1.04 trillion dollars in Medicaid claims) has identified 805 statistical anomalies across 289+ unique National Provider Identifiers (NPIs) consistent with indicators of fraud as defined by OIG (42 CFR 455.2), ACFE, AICPA (AU-C Section 240), GAO Yellow Book standards, and CMS Program Integrity Manual (Chapter 4). This is Submission II (Tranche 2), covering bytes 2.0-4.1 GB of the dataset (42.1 million rows, 79.5 billion dollars). A prior submission (Submission I, 26 findings, 960 billion dollars, 20 percent coverage) was filed February 16, 2026. METHODOLOGY: Three constraint-based tests were applied systematically: K-Constraint (Volume Impossibility): Identifies providers whose claims-per-beneficiary ratios exceed what is physically possible, for example billing more service hours per patient than exist in a day. R-Constraint (Single-Code Concentration): Identifies providers billing exclusively one HCPCS/CPT code above a dollar threshold over sustained periods. Single-code billing at high volumes is recognized by the ACFE and OIG as a primary indicator of phantom billing, upcoding, or service fabrication. T-Constraint (Temporal Surge): Identifies providers with year-over-year billing increases exceeding 300 percent, which CMS and OIG recognize as fraud indicators. FINDINGS -- SUBMISSION II (40 Percent Milestone): 1. R-CONSTRAINT (Single-Code Providers): 95 findings across 95 NPIs. Providers billing exclusively one procedure code above 100,000 dollars per year. T1015 (Medicaid clinic visits) and T1017 (targeted case management) continue to dominate, confirming Pattern 1 identified in Submission I. This pattern now extends across all payment tiers, not just high-volume providers. 2. T-CONSTRAINT (Surge Growth): 682 findings across 209 NPIs. The dominant finding: Evaluation and Management (E and M) codes account for 78.3 percent of all surge-growth findings. Designated System Pattern 6: E and M Upcoding Epidemic. - 99214 (Level 4 office visit): 191 providers surging average 446 percent - 99213 (Level 3 office visit): 88 providers - 99285 (Level 5 ED visit): 62 providers - 99283 and 99284 (Level 3-4 ED visits): 78 providers combined Highest surge: NPI 1730491945, 2,921 percent increase on code 99214. 3. K-CONSTRAINT (Volume Impossibility): 2 findings. CONFIRMED SYSTEM PATTERNS (Cumulative): Pattern 1: T1015/T1017 Phantom Clinic Network -- 13.3 billion dollars+ Pattern 2: DC Behavioral Health Cluster -- 380 million dollars+ / 13 providers Pattern 3: Drug Testing Mills -- 190.6 million dollars Pattern 4: Physically Impossible Billing Ratios Pattern 5: New Entity Flooding -- 3.07 billion dollars / 16,677 entities Pattern 6: E and M Upcoding Epidemic -- 534 surges / 78 percent of findings (NEW) Pattern 7: National H-Code Behavioral Health -- emerging DOJ VALIDATION: Prestige Healthcare Resources, LLC (NPI 1144516824, Washington, D.C.) validated against DOJ indictment after TOCA flagged it. SUPPLEMENTAL VERIFICATION: Business license, property, NPPES identity, and public review checks conducted on subset of flagged providers -- all consistent with detected anomalies. PROJECTION: 30-50 billion dollars total fraudulent/abusive billing estimated at full dataset coverage. Filed in good faith under False Claims Act (31 U.S.C. 3729-3733). Steven Easley, Founder/CEO, Echosphere.io
The portal accepts csv, doc, docx, gif, jpg, jpeg, pdf, png, tif, tiff, txt, xls, and xlsx. We attached:
A secondary text field for listing evidence. Here is what we submitted:
ATTACHED DOCUMENTS: 1. TOCA_Submission_II.pdf -- Full 10-page report: 779 findings from 40 percent dataset milestone (42.1M rows, 79.5 billion dollars). Includes methodology, all three constraint analyses (95 single-code, 682 surge-growth, 2 volume-impossible), Pattern 6 confirmation (E and M Upcoding Epidemic), DOJ validation detail, and legal/methodological disclosure. 2. TOCA_Submission_II.txt -- Plain text version for archival. ADDITIONAL EVIDENCE AVAILABLE UPON REQUEST: - Submission I report (20 percent coverage, 26 findings, filed Feb 16, 2026) - Full Treasury submission document (17 billion dollars+ flagged exposure) - Raw analysis scripts and intermediate outputs - Open-source verification documentation (business licenses, property records, NPPES cross-references, patient review screenshots) - Complete methodology specification for the TOCA constraint architecture All materials also available at: https://echosphere.io/pages/proof-medicaid.html This is Submission II of a planned five-submission series covering the complete 10.32 GB DOGE/HHS Medicaid dataset. Submissions III-V (60, 80, 100 percent) will be filed as analysis progresses.
OIG states that every report is reviewed but not every submission results in an investigation. They do not contact every complainant. However, hotline tips are used to build cases, corroborate existing investigations, and identify patterns. Multiple independent reports about the same providers or patterns strengthen the case for formal investigation — which is why your participation matters.
The TOCA constraint battery identifies where to look. Confirming what happened requires eyes on the ground. We are recruiting analysts, investigators, journalists, and concerned citizens to help verify and expand these findings using publicly available data.
For a subset of flagged providers, we conducted supplemental open-source verification. These checks are not part of the TOCA statistical methodology — they represent independent corroboration:
Every flagged NPI is searchable through the CMS NPPES Registry. Here is what independent investigators can check:
Search your state’s Secretary of State registry. Is the entity active? When formed? Do officers appear on other flagged entities?
Use Google Maps, county assessor records, and satellite imagery. Is it a clinical facility? A residence? A vacant lot?
Check state medical/nursing boards. Is the provider licensed? Any disciplinary actions? License consistent with services billed?
Search the HHS OIG LEIE database. Excluded individuals sometimes continue billing through new entities.
Google Reviews, BBB, state AG complaints. Patient reports of fabricated visits or phantom billing are direct evidence.
Join NPPES, CMS Open Payments, state corporate registries, and the DOGE dataset. The new-entity-to-rapid-billing pipeline is one of the strongest fraud predictors.
805 anomalies across 289+ providers. Seven system patterns. One DOJ-validated entity. The dataset is public. The methodology is documented. Every NPI is searchable. Every claim is verifiable. We welcome scrutiny.
Our K/R/T constraint battery is deliberately simple — three tests at scale. Network analysis, Benford’s Law, geographic clustering, and cross-program joins would extend these findings. The DOGE dataset is 10.32 GB of structured CSV — manageable with DuckDB on any modern laptop. If you want to contribute, reach out.
The end of knowledge is not power.
It is completeness.
Echosphere.io — Structure for the age of artificial intelligence