DOJ Launches National Fraud Enforcement Division, New DEI Executive Order Hits Federal Contractors, CMS Opens Health Tech Ecosystem

The DOJ today launched a National Fraud Enforcement Division, consolidating fraud cases under a single division and signaling a step-up in coordinated prosecutions. A new executive order reshapes DEI-related compliance duties for federal contractors, forcing a near-term review of affirmative action plans and training content. CMS rolled out the first wave of its Health Tech Ecosystem, standing up new information sharing and access tools for covered entities to plug into.

Top 5 Critical Compliance Alerts

1. DOJ Establishes National Fraud Enforcement Division

The Department of Justice stood up a new National Fraud Enforcement Division to centralize prosecution of fraud schemes across healthcare, financial services, and government programs. The reorganization consolidates work previously spread across several sections. JD Supra

Operator Note: Expect more parallel civil and criminal actions. If you touch federal funds, tighten internal controls around billing and vendor attestations before the first wave lands.

2. New Executive Order Reshapes DEI Compliance for Federal Contractors

A new executive order overhauls DEI-related obligations for federal contractors, changing language and reporting around diversity programs, affirmative action, and training content. Contractors have a narrow window to update policies and certifications. JD Supra

3. CMS Launches First Wave of Health Tech Ecosystem

CMS activated the first tools in its Health Tech Ecosystem, a new framework for health information sharing and patient data access. The rollout gives covered entities concrete integration points instead of abstract interoperability goals. HIPAA Journal

4. DermCare, Option Care Health, and Aetna Disclose Breaches

Three healthcare organizations disclosed data breaches in the same window, with Aetna’s incident being the largest. Each breach adds to a February healthcare total that already exceeded 8 million records. HIPAA Journal

Operator Note: The cadence of healthcare disclosures is becoming daily. Tabletop your breach notification timing against your BAA partners now, not after you get the call.

5. CFTC Flags Insider Trading in Prediction Markets as Enforcement Priority

The CFTC signaled it will apply insider trading enforcement theory to prediction market activity, extending Rule 180.1 concepts into event contracts. Firms operating or providing liquidity in these markets need insider trading controls on par with traditional exchanges. JD Supra

Additional Compliance Alerts

Regulatory Updates

• HIPAA’s Next Era - JD Supra breaks down the new HIPAA rules coming for emerging technologies and AI risks, with timelines for covered entities to absorb. JD Supra

• OSHA Updates Heat-Related Hazards NEP - OSHA revised its National Emphasis Program on heat hazards, changing inspection triggers and employer documentation expectations. HIPAA Journal

• More on the Downsizing of the SEC - Compliance Building summarizes ongoing SEC workforce reductions and the practical effect on enforcement throughput. Compliance Building

Audit & Monitoring Tools

• AI Insurance Exists, but Coverage Is Scarce - Carriers are writing AI-specific policies but underwriting standards lag, leaving buyers uncertain what is actually covered. Corporate Compliance Insights

• Compliance Blind Spots in Financial Data - Common data hygiene gaps let compliance-relevant signals slip past monitoring programs, especially when reconciliations live outside the GRC stack. Corporate Compliance Insights

The Axe Report is a daily briefing from Grab The Axe. Need help assessing your organization’s security posture? Take our free Human Attack Surface Score assessment.