Our friends at Hoyer Law Group, PLLC discuss how for years, False Claims Act enforcement was largely a federal affair. The U.S. Department of Justice set the pace, and state attorneys general often played a supporting role, particularly in joint investigations involving programs like Medicaid. That dynamic is changing, and businesses that have not been paying attention to developments at the state level may find themselves caught off guard. An experienced business lawyer can help companies stay compliant, assess risk exposure, and respond effectively to both federal and state enforcement actions.
Across the country, state attorneys general are stepping out from behind the DOJ’s shadow and pursuing their own civil fraud enforcement agendas. For companies that receive Medicaid reimbursements, contract with state agencies, manage tax obligations, or operate in other regulated spaces, the implications are significant.
A Growing Patchwork of State FCA Laws
More than 30 states and the District of Columbia now have their own False Claims Act statutes. In many ways, these laws look a lot like the federal FCA. They allow private whistleblowers to file qui tam lawsuits on behalf of the state, use similar definitions for key terms like “claim,” “knowingly,” and “material,” and give state attorneys general the power to investigate and litigate suspected fraud.
But the similarities only go so far. Some states have expanded liability well beyond the federal model. Certain states authorize actions involving private insurance claims, not just government-funded programs. Others allow claims tied to state tax violations. And in a move that caught attention across the healthcare industry, Massachusetts amended its FCA law in 2025 to create potential liability for private equity firms that fail to disclose known violations within 60 days of identifying them.
These are not minor tweaks. They represent a deliberate broadening of who can be held liable and under what circumstances. The bottom line is that businesses cannot treat state FCA statutes as carbon copies of the federal law. Each one has its own language, its own scope, and increasingly, its own enforcement priorities.
States Are Going It Alone
Historically, when a case involved a joint federal-state program like Medicaid, state and federal authorities tended to work together. That still happens, but the trend line is clear: state attorneys general are more willing than ever to pursue enforcement actions independently, even in areas where the DOJ has traditionally taken the lead.
Recent state-led settlements tell the story. State attorneys general have independently resolved Medicaid fraud cases involving home healthcare providers, eye care clinics, and pharmacy chains. States have also brought actions addressing unpaid wage obligations tied to Medicaid reimbursements, unclaimed property violations, tax-related misconduct, and alleged worker misclassification.
What makes this particularly important for businesses is the layered risk it creates. A company could face an investigation from a state attorney general even after federal authorities have declined to intervene. Multiple states could coordinate enforcement efforts without DOJ involvement, potentially expanding liability across jurisdictions. And as state AG offices continue to grow their civil fraud enforcement teams, this kind of independent action will only become more common.
Diverging Priorities Mean New Areas of Risk
When federal and state enforcement priorities were closely aligned, businesses could focus their compliance planning around DOJ guidance and feel reasonably confident they were covering their bases. That approach is becoming less reliable.
State attorneys general are increasingly focused on areas that may not sit at the top of the DOJ’s current agenda. Analysts expect this divergence to be especially pronounced in sectors like Medicaid drug pricing and private equity participation in healthcare. For businesses in these spaces, relying solely on federal enforcement trends to gauge risk is no longer sufficient. A jurisdiction-by-jurisdiction analysis is becoming essential.
Whistleblower Activity Adds Another Layer
Whistleblower protections compound the exposure. Many state FCA statutes include qui tam provisions, and relators are paying attention to where enforcement is most active. If a state attorney general’s office has a reputation for being aggressive or responsive to qui tam filings, whistleblowers and their attorneys may strategically choose to file there rather than, or in addition to, bringing a federal action.
As state AG offices devote more resources to civil fraud enforcement, these claims are likely to receive faster attention and more sustained follow-through. Companies that might once have dismissed a state-level qui tam filing as a secondary concern now need to take those actions seriously from day one.
What Businesses Should Be Doing Now
The practical takeaway is straightforward: a compliance program designed solely to address federal requirements may no longer be enough. Companies need to evaluate the specific FCA statute, regulatory guidance, reporting obligations, and recent enforcement history in every state where they do business.
Healthcare entities should take a hard look at billing practices, wage compliance, relationships with investors, and internal reporting mechanisms. Private equity sponsors need to evaluate the compliance structures of their portfolio companies and make sure oversight is robust enough to catch problems early. Companies involved in tax reporting, insurance reimbursements, or state-funded programs should conduct periodic audits to identify vulnerabilities before a state attorney general does so.
And if a state investigation does begin, the response matters enormously. Businesses need to move quickly to preserve documents, coordinate internal reviews, and develop a defense strategy that accounts for the specific state’s statutory framework and enforcement posture. What works in one state may not work in another.
The Bigger Picture
The enforcement landscape heading into 2026 sends a clear message: state False Claims Act activity is no longer a sideshow. It is becoming a central part of civil fraud enforcement nationwide. As states expand liability provisions, assert independent authority, and chart their own enforcement priorities, businesses face a regulatory environment that is more complex and fragmented than it has been in years.
Companies that operate across multiple jurisdictions cannot afford to ignore this trend. The financial penalties, reputational damage, and burden of parallel investigations are real, and the cost of waiting to address compliance gaps is almost always higher than the cost of getting ahead of them.
This blog is for general informational purposes only and does not constitute legal advice. For advice specific to your situation, please consult a qualified attorney.