“DOGE” Reportedly Accesses CMS Contracting and Payment Systems

Last week, agents of the U.S. Digital Service, renamed the U.S. DOGE Service (DOGE), reportedly obtained access to and reviewed data and other information housed in the Centers for Medicare and Medicaid Services (CMS) contracting and payment systems. This post provides an overview of what we currently know about DOGE’s activities at CMS and considerations for potentially affected stakeholders.

What DOGE Reviewed and CMS’ Involvement

The full scope of DOGE’s activities at CMS so far remains unclear. DOGE is purportedly focused on rooting out what it considers to be “waste, fraud, and abuse,” as well as cancelling agency spending on initiatives and contracts related to diversity, equity and inclusion, or DEI. Elon Musk, who is leading the DOGE team, responded on X to reports of DOGE’s visit to CMS by asserting that the agency was “where the big money fraud is happening.”

Early reports indicate that DOGE received read-only access to key agency payment and contracting systems data, including the CMS Acquisition Lifecycle Management system (CALM). CMS uses the CALM system to manage all aspects of contract acquisition within CMS, including writing contracts, tracking milestones, and performing contract audits. It remains to be seen whether DOGE will access databases that include Medicare or Medicaid enrollees’ individually identifiable health information, or the Healthcare Integrated General Ledger Accounting System (HIGLAS), an accounting system used by CMS to track and manage Medicare payments and Medicaid and Children’s Health Insurance Program (CHIP) grants.

CMS appears to be cooperating with DOGE; it reportedly “has two senior Agency veterans — one focused on policy and one focused on operations — who are leading the collaboration with DOGE, including ensuring appropriate access to CMS systems and technology.” CMS says it is “taking a thoughtful approach to see where there may be opportunities for more effective and efficient use of resources in line with meeting the goals of President Trump.”

Potential Implications

While this is a developing situation, DOGE’s scrutiny of CMS payments and systems — and actions it may take in response — could have profound repercussions across the healthcare and life sciences industry. CMS payment structures are complicated and vary by program, often involving layers of contractors and other companies.

Right now, stakeholders are left with many unanswered questions. It’s unclear, for example, what legal authorities or administrative processes will apply to any actions that DOGE may take regarding any instances of alleged “waste, fraud, or abuse” that it identifies. Nor is it clear what avenues, if any, healthcare providers and other affected stakeholders will be able to pursue in response to any adverse actions that may result from DOGE review or recommendations. Another question is whether and how DOGE’s review of CMS data will relate to other federal and state entities that are already responsible for healthcare-related enforcement, such as the U.S. Department of Justice (DOJ), the U.S. Department of Health and Human Services Office of Inspector General (OIG), and state Medicaid Fraud Control Units.

Considerations for Potentially Affected Stakeholders

Life sciences companies, healthcare providers, suppliers, CMS contractors, and other stakeholders should consider taking proactive steps to prepare for the potential impact to their business operations, including, for example:

• Assess the scope of the potential impact to business operations, procurement contacts, and other funding awards. Consider internal audits to understand any potential vulnerabilities in advance. Programs and payments that DOGE may scrutinize in connection with its review of CMS data could include:
  • CMS contracts, grants, direct payments, loans, and other funding awards
  • Sunshine Act reporting data regarding financial relationships between manufacturers and providers
  • Prescribing patterns, costs, and rebates for drugs
  • Internal data metrics related to sales and marketing programs, sales initiatives and incentives, and other data collected and leveraged by life sciences companies
  • CMS payments to Medicare Advantage plans
• For larger organizations, establish an internal cross-functional working group that includes representatives from legal, public relations/marketing, finance, and leadership, to monitor developments (e.g., references to your company or practice on social media).
• Regularly monitor your payments for any indication that federal program payments have been delayed or withheld.
• Formulate a response plan to address any DOGE-related actions. A rapid response will be critical. Among other things, such plan should include:
  • A public relations strategy in the event your organization is publicly targeted or identified on social media or otherwise
  • A comprehensive response strategy for accusations of improper payments or utilization
  • A potential legal response to actions brought by CMS, HHS, DOJ, or DOGE in connection with DOGE-related reviews, including challenges to DOGE’s authority
  • A consideration of potential administrative options to address any efforts by DOGE or CMS to cease or reduce payments

This situation is rapidly evolving, and potentially impacted businesses should be prepared to respond quickly. We will continue to monitor developments in this area. Please contact any of the authors or members of Arnold & Porter’s White Collar Defense & Investigations group and Life Sciences & Healthcare Regulatory group if you have any questions or would like to discuss further.

© Arnold & Porter Kaye Scholer LLP 2025 All Rights Reserved. This Blog post is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.