Medical Necessity Credential Authority Failure Through Provider Orders Accepted Without Clinical Assessment at Medicare Orthotic Brace Telemarketing Operations

Medicare pays for orthotic braces on the basis of a provider order certifying medical necessity. The order is the credential: it certifies that a licensed physician has evaluated the patient, determined that a brace is clinically indicated for a specific condition, and authorized the supply. The clinical assessment is the evidentiary boundary the order is required to represent. Without it, the order is a signature on a document — not a certification of a medical determination.

Beginning at least in the mid-2010s, a systematic fraud pattern emerged in which telemarketing operations contacted Medicare beneficiaries directly, offered them braces at no apparent cost to the beneficiary, and routed their information to telemedicine companies that paid physicians to sign orders without performing the required assessment. In some cases, physicians spoke briefly with patients by telephone. In others, they signed orders with no patient contact at all. One physician signed thousands of prescriptions for over 2,500 Medicare patients during a six-month period without a treating relationship with any of them. The provider orders those physicians signed were then used by durable medical equipment suppliers to bill Medicare for braces the credential certified as medically necessary. The assessment the credential was required to represent had not been made.

Operation Brace Yourself, announced in 2019, charged 24 defendants and identified more than $1.2 billion in alleged Medicare fraud across 130 DME companies. The operation was described at the time as one of the largest health care fraud enforcement actions in U.S. history. It did not close the credential gap. The OIG's May 2024 report documented the same vulnerability — providers ordering braces for beneficiaries with no treating relationship, suppliers concentrated in known fraud geographies, prohibited telemarketing continuing — across claims data from 2018 through 2020, years during and after the enforcement action.

Enforcement has continued through Operation Rubber Stamp and the 2025 National Health Care Fraud Takedown. Individual prosecutions have produced convictions and sentences measured in decades. A CEO of a health care software company was sentenced in December 2025 to 15 years and ordered to pay more than $452 million in restitution for operating a platform that generated false physicians' orders at scale. The platform's function was to produce the medical necessity credential without the clinical assessment it is required to represent. The enforcement record confirms that the credential gap is not a compliance failure at the margins — it is a structural condition that sustained enforcement has not resolved because enforcement operates after the credential has already authorized payment.

The provider order authorizes Medicare payment by certifying that a defined clinical condition is present: the physician examined the patient, assessed the medical indication, and determined that the brace is necessary. Those conditions are the evidentiary boundary the order is required to represent. Medicare pays on the basis of the order. The payment system has no mechanism to evaluate whether the clinical assessment the order certifies was actually performed at the point the order is used to authorize payment.

The telemarketing operations that produced fraudulent orders understood this precisely. The order is the credential. If the order exists and the physician's signature is genuine, the credential moves as sufficient regardless of whether the assessment it certifies was performed. The fraud was not in forging documents — the orders were signed by licensed physicians. The fraud was in the gap between what the order certified and what had actually occurred at the point the credential was generated. The clinical assessment was the condition the credential was required to represent. It was not present. The credential was issued anyway. Medicare paid.

The OIG has identified this gap across more than a decade of reports and recommended CMS strengthen oversight. The recommendations address detection — analytics, audits, enhanced enrollment screening. None of them address the credential condition: the provider order does not encode the evidentiary basis for its medical necessity certification in a form evaluable at the point Medicare uses it to authorize payment. The detection mechanisms identify the gap after payment has occurred. The credential gap that produced the payment remains structurally unchanged.

Enforcement has been sustained and substantial. Operation Brace Yourself (2019), Operation Rubber Stamp, and the 2025 National Health Care Fraud Takedown collectively charged hundreds of defendants across billions of dollars in alleged fraud. Individual convictions have resulted in sentences of 10 to 15 years and restitution orders in the hundreds of millions. Medicare's Fraud Prevention System has blocked payments before disbursement in some cases. CMS has implemented competitive bidding for OTS braces and enhanced supplier enrollment screening.

The OIG's May 2024 report — published five years after Operation Brace Yourself — documents the same vulnerability present at the same structural level. The enforcement record is the remediation artifact of a credential gap that enforcement alone cannot close. Each conviction names, in the evidence presented at trial, the clinical assessment that was not performed before the order was signed. Each conviction is a documented instance of a credential authorizing payment for a condition it did not verify. The credential gap that made each instance possible is the same gap present in every provider order that reaches Medicare payment without encoding the evidentiary basis for its medical necessity certification.

• The provider order is the medical necessity credential — it certifies that a physician assessed the patient and determined clinical indication for the prescribed brace; Medicare pays on the basis of that certification; the payment system has no mechanism to evaluate whether the assessment the order certifies was performed at the point the credential is used to authorize payment
• Orthotic brace telemarketing operations generated provider orders at scale by separating the credential from the condition it is required to represent — physicians signed orders following brief or no patient contact, often paid kickbacks for their signatures; the orders were genuine credentials issued by licensed physicians; the clinical assessments those credentials were required to certify were not performed
• The OIG's May 2024 report documents more than $1 billion in Medicare payments for OTS braces ordered by providers with no treating relationship with the beneficiary — payments authorized by credentials that certified a clinical assessment the ordering provider had not performed; the vulnerability is documented across claims data from 2018 through 2020, years during and after Operation Brace Yourself (2019)
• Sustained enforcement — Operation Brace Yourself, Operation Rubber Stamp, the 2025 National Health Care Fraud Takedown — has produced convictions and restitution orders measured in decades and hundreds of millions of dollars without closing the credential gap; each enforcement action operates after the credential has already authorized payment; the OIG's recommendation record spanning more than a decade addresses detection mechanisms, not the credential condition
• The credential gap is structural: the provider order does not encode the evidentiary basis for its medical necessity certification — the fact of patient examination, the clinical finding, the specific indication for the prescribed device — in a form evaluable at the point Medicare uses it to authorize payment; a credential that cannot demonstrate the assessment it certifies cannot authorize payment for the condition that assessment was supposed to establish
• The enforcement record confirms that the gap is not closed by prosecution — the same credential structure that produced fraudulent orders in 2015 produced them in 2025; each conviction documents the condition precisely: the assessment was not performed; the order certified that it was; Medicare paid; the credential gap that authorized the payment remains present in every provider order that reaches the payment system without encoding the clinical assessment it is required to represent