The latest federal fraud sweep is not just another enforcement headline. It is a reminder that weak controls become expensive fast. On May 26, the Department of Justice said the National Health Care Fraud Takedown resulted in 324 defendants charged in connection with more than $14.6 billion in alleged fraud. That kind of number is hard to ignore, but the bigger takeaway is simpler: fraud exposure usually starts long before a criminal case. It starts with loose process, weak oversight, and leaders who assume a billing problem is really just a billing problem.

That matters in ABA and pediatric therapy because these businesses are built on repeatable, high-volume care. That is a strength when the controls are tight. It is a problem when they are not. Visit notes, supervision rules, authorization limits, credentialing checks, referral screening, and time-based billing all create points where an organization can drift. Most of the time, the drift is not dramatic. It looks like a note that does not fully support the billed service, a supervision log that is updated late, a referral source that is never really reviewed, or a billing exception that gets waved through because the team is busy.

That is how risk hides. Not in one giant act. In a hundred small shortcuts.

For ABA and pediatric therapy leaders, the uncomfortable truth is that fraud risk is usually a controls problem before it is a compliance problem. If documentation does not match the work being billed, the risk is obvious. If supervision is inconsistent, the risk is obvious. If staff are not sure who owns authorization follow-up, the risk is obvious. What makes these issues dangerous is not that they are complicated. It is that they are easy to normalize.

A lot of organizations only start paying attention after something goes wrong. An audit lands. A payer requests records. A recoupment shows up. Someone notices that the same errors keep happening, just in different forms. By then, the organization is already spending money on cleanup instead of prevention. That is the point where leaders usually discover the hidden cost: denials, delayed payments, appeals labor, write-offs, and management time that never makes it into the original budget.

The better question is what should be checked before an outside party forces the issue.

Start with the basics. Do billed services match the underlying documentation? Are supervision requirements being met and documented on time? Are referral sources reviewed for concentration or relationship risk? Are licensure and credentialing checks actually running on schedule, or are they “tracked” in a spreadsheet that nobody fully trusts? Do billing exceptions get reviewed by a manager, or do they disappear into the daily rush? Can leadership explain why a claim was denied, corrected, or written off without hand-waving?

If the answer to any of those questions is fuzzy, the organization has a control problem. That is true even if revenue is growing.

The reason this matters now is that enforcement pressure tends to expose weak systems, not just bad actors. The DOJ sweep is a reminder that the government is still focused on health care fraud at scale. ABA and pediatric therapy are not being singled out in this case. That is not the point. The point is that any organization with recurring visits, layered documentation, and heavy payer dependency has enough complexity to create exposure if management gets complacent.

A clean compliance program is not a legal decoration. It is part of the revenue engine. Strong documentation reduces denial risk. Clear supervision rules reduce recoupment risk. Better referral controls reduce kickback risk. Tighter billing review reduces waste. All of that protects cash, not just reputation.

If your team has not pressure-tested those controls recently, now is the time. A good fraud review should not just look for obvious violations. It should ask where the process depends on memory, workarounds, or one person who knows how things really work. That is where the risk usually lives.

Aegis can help with a Fraud Review, a Policy and Procedure Consultation, or a Full RCM Review if you want a sharper look at where control gaps may be turning into revenue risk.