A Michigan home health owner paid $130K in CashApp kickbacks to a hospital nurse, then fabricated physician certifications. Jury convicted her May 14.

On May 14, a federal jury in the Eastern District of Michigan convicted Ruby Scott, 55, of Farmington Hills, on five counts of health care fraud, a conspiracy count, and four counts of paying illegal health care kickbacks. Scott owned and operated Delta Home Health Care LLC. The scheme ran from 2018 through 2021 — $1.6 million billed to Medicare, and $130,000 in kickback payments traced through CashApp, PayPal, checks, and cash. Sentencing is scheduled for September 24.

The mechanics: Scott identified a discharge nurse at a Detroit-area hospital and paid her $100 for every Medicare patient record she faxed to Delta. At $100 per patient, $130,000 in traceable payments implies at least 1,300 referrals sourced through a single paid pipeline. For each of those patients, Scott billed Medicare for home health services. Medicare requires a physician to certify the patient is homebound and needs skilled care — a face-to-face encounter documented before the episode starts. Scott didn't have those certifications. She fabricated them, inserting the names of real physicians onto documentation those physicians had never signed, for patients they had never met.

Two separate compliance failures, one conviction

The Anti-Kickback Statute prohibits paying anything of value — money, services, gifts — to induce referrals for services billed to a federal health care program. $100 per patient referral is a textbook violation. That the payments flowed through CashApp and PayPal rather than cash in an envelope didn't obscure them. It documented them: every transaction carries a timestamp, a payer, a payee, and an amount. Federal investigators subpoenaed those records. The $130,000 in traceable payments built the conspiracy count alongside the individual kickback charges.

The second thread is the fabricated certifications. The CMS-485 plan of care must be signed by a physician, NP, CNS, or PA who has evaluated the patient and documented homebound status and skilled need. Scott submitted certifications under the names of real, licensed physicians who had no clinical relationship with those patients. The FBI and HHS-OIG traced the falsified signatures back to providers who had never seen the patients. That documentation gap — billing for episodes without a valid physician certification — is also the basis for Medicare denial, overpayment demand, and OIG exclusion, independent of the criminal case.

Why this conviction lands now

The Scott verdict came two weeks after CMS launched its six-month HHA enrollment moratorium and committed explicitly to "intensified targeted investigations and advanced data analytics" against enrolled providers. The DOJ Fraud Division has brought 450 enforcement actions since April 1. This case isn't a historical artifact of a scheme that ended in 2021 — it describes the exact pattern integrity contractors are running against enrolled agencies' billing data right now: referral volumes inconsistent with documented physician relationships, certifications bearing provider signatures with no corresponding clinical history, and financial flows from agency accounts to individuals who were also a source of referrals.

What your agency needs to audit

1. Audit your certifying physician relationships. For every CMS-485 in the last two years, can you document that the certifying physician had an actual clinical encounter with the patient before signing? A face-to-face certification signed by a physician who has no visit note in the chart is a documentation risk whether the signature is fabricated or simply a rubber stamp. The enforcement standard is the same for both.
2. Review every financial relationship with referral sources. Any payment — compensation, gifts, consulting fees, or informal transfers — to a hospital discharge planner, physician office staff member, or facility employee who also refers patients needs Anti-Kickback safe harbor analysis. The list of safe harbors is specific; "we paid for legitimate services" is not one of them unless the arrangement meets the employment or fair-market-value requirements precisely.
3. Run a payment-app audit on your agency's accounts. CashApp, PayPal, Venmo, and Zelle transactions from agency accounts to individuals who were also referring patients are subpoenable and create a direct evidentiary chain for the conspiracy charge Scott faced. If those transactions exist, they need to stop and they need to be disclosed to counsel immediately.
4. Confirm your face-to-face documentation standard. Every Medicare episode requires a face-to-face encounter documented in the certifying clinician's own words, dated before or contemporaneously with the SOC. Missing or generic FTF documentation is both a billing compliance gap and the starting point for a fraud investigation when referral patterns attract scrutiny.

What we built for this

Carelytic's certification workflow requires a documented face-to-face encounter before a plan of care can be submitted to billing. The certifying provider's NPI is validated against active Medicare enrollment, and the system flags any mismatch between the signing provider and a provider with a documented clinical relationship in the patient's visit record. Every certification carries an immutable audit trail — timestamp, user ID, and the supporting visit record that anchors it. If a program integrity contractor or federal investigator requests records, the chain of evidence from first encounter to signed CMS-485 is already constructed in the system, not assembled after the fact.