The U.S. Health Department Put ChatGPT in Charge of Auditing All 50 States' Medicaid — With No Error Rate, No Appeals, No Deadline

ChatGPT just took a seat in the government's auditor chair

Here's the deal: The U.S. Department of Health and Human Services (HHS) has started using ChatGPT to comb through five years of Medicaid audit reports across all 50 states. The program is called AERO — Audit Enhancement via Rollup Operations. Any entity receiving more than $1M in federal funds is in scope: state agencies, hospitals, nonprofits, all of them. The target is an estimated $100-200 billion in annual fraud.

So far this sounds like "use AI to catch waste — great." But the reason healthcare and legal circles are up in arms is something else. This AI audit has no published error rate, no appeals process, and no deadline. Meaning: when ChatGPT flags an entity as "suspicious," there's no stated figure for how often it's wrong, no clear channel for the flagged party to push back, and no fixed timeline for resolution.

Why is that heavy? An audit isn't just a bookkeeping check — it can decide whether an organization's federal funding gets cut. Handing the first-pass screening of such decisions to a language model that outputs probabilistic answers, while leaving out the mechanisms that protect a person's right to correct an error (due process), puts efficiency and due process on a direct collision course.

So here's what we'll unpack: what AERO actually does, why HHS brought ChatGPT in, what critics fear, and what it means inside the broader push to embed AI into government work. Three players: HHS, ChatGPT (OpenAI), and the states, hospitals, and grantees on the receiving end.

The players — HHS, ChatGPT, and the audited

First, HHS. The department that spends trillions a year on huge public health programs like Medicaid and Medicare. The scale makes fraud and waste a perennial headache, and human auditors alone simply can't read five years of reports across 50 states. For HHS, AI is appealing as a tool that "lets you see what you couldn't see before." The push was led by HHS's Gustav Chiarello, who formalized the generative-AI audit expansion on May 21.

Next, ChatGPT (and OpenAI). Here ChatGPT isn't a chatbot but an analysis engine that reads mountains of documents and flags anomalies. Language models are strong at quickly summarizing vast audit reports and spotting where patterns break. The problem is their tendency to confidently produce plausible-but-wrong answers — hallucination. In a domain like auditing where factual accuracy is everything, that weakness can be fatal.

Third, the audited — state governments, hospitals, nonprofit grantees. For them an audit is existential. Get classified as "suspect" once and funding stalls, reputation wobbles, and defending yourself costs a fortune. Now imagine the flag came from an AI, not a person — and you don't know how accurate that AI is, and the channel to rebut it is unclear. What these organizations fear most is being wrongly suspected with no path to set it right.

One sentence ties it together: a department that must catch waste in a giant health budget (HHS) handed five years of audit records no human could fully review to an AI (ChatGPT), but left out the safeguards for the side getting flagged (states and hospitals). That's the skeleton.

What AERO actually does

Talk scatters, so here are the confirmed facts in a table.

Item	Detail
Program	AERO (Audit Enhancement via Rollup Operations)
Run by	U.S. Dept. of Health and Human Services (HHS)
Tool	ChatGPT
Reviewed	Five years of state Medicaid single-audit reports
Scope	Every entity receiving >$1M in federal funds
Mode	Rolling, repeated scans
Target	Estimated $100-200B in annual fraud
Formalized	May 21, 2026, by HHS's Gustav Chiarello
Core criticism	No published error rate, appeals process, or deadline

Line by line. First, the "5 years × 50 states" scale is the crux. That's more than even an army of human auditors could realistically read. The rationale for using AI is legitimate — "see what you couldn't see." The problem is that seeing and judging are different. AI is useful for skimming and narrowing candidates, but the step that decides whether a candidate is actually fraud must include human verification.

Second, "everything over $1M" means nearly every major U.S. health and welfare grantee now sits inside this AI audit net. Small clinics might slip out, but hospitals, state health authorities, and large nonprofits are almost all caught. So the fallout from a wrong flag is national in scale.

Third, the absence of error rate, appeals, and deadline is the central contradiction. The most basic governance when using an AI system for administrative decisions is exactly those three: measure how often it's wrong (error rate), correct it when it is (appeals), and don't drag on forever (deadline). All three are missing — which means the procedural vacuum around the tool is a bigger risk than the tool's performance. The same ChatGPT, with safeguards versus without, is an entirely different thing.

Who gets what

Start with HHS's win. First, overwhelming throughput: running a full five-year scan no human could attempt can surface waste, duplication, and anomalous spending long buried. Second, a political result: "we're using AI to catch tens of billions in annual waste" is a powerful message to taxpayers and ties directly to budget-savings claims. Third, standardization: applying one model uniformly, instead of audit standards that vary by individual, raises consistency.

OpenAI (ChatGPT) wins too. First, a marquee government reference: a federal department using ChatGPT for core audit work signals to other agencies and big enterprises that it's a "proven tool." Second, entry into a high-value market: beyond simple chat, the door opens to regulation, audit, and compliance — a market that pays serious money for accuracy. Third, data and feedback: the feedback accumulated in real audit work becomes an asset for specializing the model in that domain.

For the audited entities, though, risk outweighs reward. An honestly run organization benefits if the AI clears it cleanly — but get wrongly flagged by a hallucination and you eat the cost of rebuttal and reputational damage. With no clear official process to recover that loss, "fear of a wrong call" runs ahead of "hope of benefit." That asymmetry is exactly what the healthcare world objects to — the government captures the efficiency upside while the audited bear the misjudgment risk.

Precedents — what worked and what didn't

There's a notorious case of automation backfiring in government: Michigan's MiDAS. Michigan deployed an algorithmic system to auto-catch unemployment fraud — and its false-positive rate was so high it wrongly branded tens of thousands as fraudsters, leading to mass lawsuits and refunds. The lesson is clear: automate decisions that affect people's livelihoods while stripping out verification and remedy, and you get a major disaster, not efficiency. AERO's missing error rate and appeals process head straight for that trap.

On the other side is the success of tax and financial fraud detection. The IRS and banks have long used anomaly-detection algorithms with real results. The difference? There, when the AI narrows "suspect candidates," a human investigator must add verification, and the subject is guaranteed a chance to respond. The AI only narrows candidates at the top of the funnel; final judgment and remedy stay with humans and process. The same "AI fraud detection," with or without those safeguards, succeeds or fails on that distinction.

So the core isn't "use AI or not" — it's "how you use it." Using AI to skim five years across 50 states and narrow anomalies is reasonable. But at the step where results turn into actual actions like funding cuts, guardrails — published error rates, human re-verification, appeals, deadlines — must come attached. On the information disclosed so far, AERO looks strong at the entrance (scanning) and empty at the exit (remedy), which makes the criticism fair.

How rivals counter

The first to move will be the legal community and patient/provider advocacy groups. They'll likely pursue administrative and judicial action on due-process grounds: "if an AI flagged us with no known error rate and no channel to rebut, that's a constitutional due-process violation." With the MiDAS lawsuits as precedent, this counter can carry real force. If HHS doesn't strengthen procedure, it could get tripped up in court.

Rival AI camps (Anthropic, Google, etc.) counter with "governance differentiation." For high-risk domains like government audits, they can push "models that reduce hallucination and trace their reasoning" and "workflows with a built-in audit trail" as safer. Not "our model is smarter," but "we show you why we were wrong when we were" — that becomes a new weapon in public-sector sales.

The states themselves can counter too. Rather than being unilaterally dragged into a federal AI audit, they can pre-screen the same reports with their own AI to "prove they're clean," or build leverage by demanding the feds codify verification and remedy procedures. AI auditing is likely to become not a one-way street but a setup where both sides hold the same tool and contest the procedure.

So what actually changes

If you're a regular citizen or patient, there's almost no direct effect — AERO audits funded organizations, not individuals. But the big picture matters: it's an attempt to use AI to catch leaks in your tax dollars, and at the same time it opens the real question of "when the government uses AI to judge someone, is that judgment fair?" Today the target is hospitals, but the same approach can spread to welfare, taxes, and immigration — areas citizens touch directly.

If you work at a health or welfare organization, this is an immediate operational issue. Assume AI auditing: manage the data consistency of your audit reports more rigorously, and pre-attach explanatory rationale to items that could look anomalous. Also simulate in advance how you'd respond if flagged. The more opaque the process, the less the side that prepared first gets hurt.

If you care about policy and governance, this is a touchstone for "AI in administration." The core question isn't "use AI" but "do you bolt on the guardrails — published error rate, human re-verification, appeals, deadlines — at the same time?" Chase efficiency without them and you replay a MiDAS-style disaster. Get them right and a well-guarded AI audit could become a model case for other agencies. Which way AERO goes will gauge the direction of American-style "AI administration."

One step further — "AI at the entrance, humans at the exit"

The core lesson here, in one line: use AI at the funnel's entrance, but put humans and process at the exit. Skimming five years across 50 states to narrow suspects plays to AI's strengths and is a legitimate use — it's physically impossible for humans alone. The danger is when that candidate list flows straight into an "action." Hand the final judgment on a heavy decision like a funding cut to a model that can hallucinate, and leave no channel to correct an error, and you've automated risk, not efficiency.

The deeper thing to watch is a shift in the burden of proof. In traditional audits, the side raising suspicion (the government) had to muster the evidence. But when AI floods the system with candidates and the flagged entity has to prove its own innocence, the burden of proof effectively shifts to the subject. "The right not to be suspected" becomes "the obligation to clear suspicion." The truly scary part of AI auditing isn't its performance — it's that it quietly moves this center of gravity.

In the end, the question AERO poses isn't whether ChatGPT is smart. It's "how do you cage a powerful analysis tool inside a process that protects people's rights?" The tool is already powerful enough. What's needed now is the guardrails around it — and whether HHS discloses those guardrails will decide the program's legitimacy.

🥄 Three Things You're Probably Wondering

— So what does this mean for me? If you're a patient or ordinary citizen, almost no direct effect — AERO audits funded organizations, not individuals. But "is the government's AI judgment fair" is a question that may eventually spread to welfare and taxes, so it's not entirely someone else's problem.

— Doesn't ChatGPT auditing make it more accurate? Speed and coverage clearly improve. Accuracy is separate. Language models hallucinate plausibly, so in an accuracy-critical domain like accounting, human verification has to come attached. "AI narrows, humans judge" is powerful; "AI judges too" gets dangerous.

— If I'm wrongly flagged, how do I push back? That's exactly the problem. The information disclosed so far specifies no appeals process and no deadline — which is why the criticism is loud. Until HHS codifies a remedy process, it's hard to say how a flagged entity can defend itself.

Sources

• HHS Launches AI-Powered Audit Crackdown on States, Grantees — Becker's Hospital Review
• HHS Deploys ChatGPT on Medicaid Audits: No Error Rate, No Appeals, No Deadline — TechTimes
• HHS Goes All-In on ChatGPT for State Audits — On Healthcare Tech
• U.S. Department of Health and Human Services official site
• Michigan Integrated Data Automated System (MiDAS) — Wikipedia

Numbers and criteria are as of announcement and may change.