Navigating a New Era of Oversight in ABA Spend

The rules around ABA are rapidly developing from every direction. Medicaid cuts, accreditation mandates, MCO consolidation, benefit administration changes, licensure requirements. And on top of all of it, a seven-state OIG audit series with three states still to come. Yet the providers absorbing most of the operational and financial burdens are not necessarily the ones driving the underlying issues.

ABA providers are receiving six-figure repayment demands for care they actually delivered.

The HHS Office of Inspector General is in the middle of a seven-state audit series on Medicaid-funded ABA services. Four states have been released so far, and each one shows the same general pattern: large volumes of questioned payments and widespread documentation issues across sampled claims.

But the more revealing detail is what sits underneath the findings. Across all four states, the OIG's recommendations are not primarily framed around fraud prevention. They largely point to the need for clearer, more consistent guidance on pre-payment standards for ABA services.

In many cases, services were delivered and claims were submitted in good faith, but the documentation does not hold up against how those claims are being evaluated today. Many of the claims under review date back years, sometimes as far back as 2019, and are being assessed against standards that were not always clearly defined or consistently understood at the time. That disconnect is surfacing now, when records are harder to piece together, staff have turned over, and the original context behind the claim is no longer easy to reconstruct.

High-profile cases tend to draw attention to egregious examples of abuse in the system. Media reporting has highlighted inappropriate operational practices in some clinics. The New York Times recently reported on clinics waking children from naps to keep billing hours running. But most of what the OIG is actually finding is not fraud. It's waste and abuse rooted in an education and standards problem:

• Late or incomplete session documentation
• Missing or inconsistent timestamps
• Supervision records not meeting timing requirements
• Administrative errors in claim support documentation

Individually, these issues often reflect workflow or systems gaps rather than intentional misconduct. Collectively, they become material when assessed at scale across years of historical claims.

In many cases, providers facing repayment demands delivered clinically appropriate care but operated within documentation systems that weren't fully aligned with payer or audit standards at the time. Most providers have never had to view their claims through an auditor's lens, but that's quickly changing.

Regulatory scrutiny was inevitable once ABA spending grew too large to ignore.

None of this happened in a vacuum. 1 in 31 children in the U.S. are now diagnosed with Autism Spectrum Disorder. Demand was real and the industry responded. Commercial insurance expanded coverage first and Medicaid followed. Between 2019 and 2024, ABA visits on Medicaid grew 298% nationwide. States like Nebraska, Indiana, and Colorado saw spending balloon anywhere from 600% to 2,800% beyond original estimates. And when a program grows that fast, the budget office notices.

The workforce scaled right alongside it. The BACB reports 253,397 RBT certificants as of April 2026, up from 89,122 in 2020, meaning more than half have entered the field in the last five years alone.

However, the infrastructure governing ABA billing and documentation did not evolve at the same pace. Many Medicaid policies and billing frameworks were designed prior to this expansion and were not updated to reflect current volume, complexity, or workforce composition. That gap created an opening, and bad actors found it.

The Wall Street Journal has reported on it and federal prosecutors have brought cases. Some of the fraud was obvious, coordinated, and massive in scale. But those cases represent a small slice of the market, and the scrutiny that followed impacts everyone.

The challenge is that most clinics were never built for this level of scrutiny. Clinics that scaled quickly to meet real demand are now being measured against documentation standards that they never fully understood and infrastructure that was never designed to support them.

Post-payment audits shift the cost of a broken system onto the provider.

When a claim is submitted without a pre-submission validation layer, the only remaining check is the one that happens years later: after payment, after the clinical record has aged, after staff have turned over, after the documentation that should have supported the claim has scattered across disconnected systems.

When discrepancies are identified, repayment responsibility typically falls on providers, regardless of intent or operational constraints at the time of service. The clinic delivered the care, submitted the paperwork in good faith, and is now left reconstructing records from scratch and pulling siloed information from different systems in response to a demand letter.

The impact extends beyond financial repayment. Audit response requires significant administrative effort, diversion of clinical leadership, and extended documentation reconstruction. For smaller providers, this can be materially destabilizing. For scaled platforms, it can meaningfully affect valuation and distract from core operations.

A post-payment audit is casting a wide net on a problem that requires precision.

A recurring challenge in audit enforcement is that it applies a largely uniform standard across different types of noncompliance. In practice, a coordinated fraud scheme and an administrative documentation error can appear similar in claims-level review. Both result in noncompliant billing outcomes under audit criteria.

Under that standard, a sophisticated fraud operation and a solo BCBA who missed a timestamp requirement can look the same on paper. Both fail the same test and both can end up with repayment demands.

This creates a structural limitation in how enforcement distinguishes intent and operational context at scale. As a result, providers operating in good faith can absorb a disproportionate share of compliance cost driven by bad actors elsewhere in the system.

The oversight wave is not slowing down, and the operational standards ABA providers need to meet to stay compliant will continue to evolve:

Separating fraud from noncompliance is possible. What the industry lacks is shared clarity on what fraud, waste, and abuse (FWA) actually looks like at the billing layer, and the real-time visibility into claims behavior that would make that distinction before an auditor has to draw it years later.

ABA platforms continue to scale and transact through this environment, but most underwriting frameworks were not designed to assess claims integrity in detail.

Typical diligence focuses on revenue growth, payer mix, staffing models, and margin profile. It often doesn't include evaluation of:

• Historical claims compliance rates
• Strength of documentation workflows
• Presence of pre-submission validation controls
• Exposure to retrospective audit adjustment risk
• What the recovery process looks like if an audit finding lands

This creates a structural blind spot at a time when enforcement activity is increasing and historical claims are being actively re-evaluated.

When audit findings surface during ownership or near exit, the impact is not limited to repayment liability. It also includes operational disruption and extended periods of compliance remediation that can materially affect financial performance and transaction timelines. For a clinic with $20 million in Medicaid revenue, even a modest documentation failure rate like what has been seen in Indiana or Colorado can translate into seven-figure exposure on claims that were already paid and already baked into EBITDA.

The clinics that navigate this environment successfully are not necessarily those with the strongest intent, but those that built operational infrastructure before scrutiny arrives. The underlying issue is not simply increased enforcement alone, but the timing of when compliance is being evaluated. A significant portion of the improper payments identified in recent audits appear to stem from documentation issues that could have been addressed before submission, rather than after payment.

No compliance setup makes an audit go away, but some make it more manageable. As regulatory scrutiny continues to increase, the key operational question for providers is shifting from whether audits will occur to how claims integrity is being validated in real time or reconstructed retroactively.

Without that layer of validation, the process inevitably runs in reverse. Records must be reconstructed after payment, often across fragmented systems and relying on incomplete institutional memory. In today's environment, that is no longer just an administrative burden, but also a financial exposure.

More audits isn't the answer. Clinicians are not billers and they shouldn't have to be. The ones who suffer most when compliance infrastructure is missing are the ones in the room providing care to children, now buried in audit response instead of doing the job they were trained to do. The fix is widespread adoption of a pre-submission validation layer that makes audits largely beside the point for providers who have the check in the right place: documentation requirements enforced at the point of care, automated flags before claims go out, and a claims integrity layer that catches problems before anything reaches a payer.

For owners and operators looking to get ahead of this shift, three priorities stand out:

Don't navigate this alone. Your state Medicaid director, local ABA association, and RCM partners are resources. If you are unsure where your documentation or billing practices stand, ask for help proactively versus reactively.

The most resilient organizations will be those that evaluate and strengthen processes before external scrutiny requires it.