Atlantic Health Strategies

DOJ’s FOCUS Initiative Puts Behavioral Health Billing Data in the Crosshairs

Table of Contents

Ready to See Results?

From strategy through execution, Atlantic Health Strategies integrates compliance, operations, and growth into durable, measurable results. Let’s put our expertise to work for your organization.

FOCUS Changes Who Files Qui Tam Cases Against You

Short answer: On April 30, 2026, the DOJ Civil Division launched the FOCUS initiative (Fraud Oversight through Careful Use of Statistics), which formally invites “data miner” whistleblowers to bring False Claims Act qui tam cases built from publicly available CMS claims data rather than insider tips. For a behavioral health operator in Florida, Georgia, or Tennessee, a sealed FCA complaint can now land on your desk without a single former employee ever walking into a plaintiff’s firm.

The framing matters. In the DOJ press release, Assistant Attorney General Brett A. Shumate said “Sophisticated data analytics have become an increasingly important means of identifying fraud trends and uncovering patterns of misconduct across federal programs,” and that FOCUS “reflects our commitment to ensuring that the Civil Division is engaging with the strongest and most effective partners in the war against fraud.”

The volume is not abstract. DOJ reported that whistleblowers filed 1,297 qui tam lawsuits in FY 2025, the highest number in a single year, and DOJ has already received more than 780 qui tam complaints midway through FY 2026. Data miners have accounted for the surge. Since FY 2024, data miners have filed more than 45 percent of all qui tam complaints.

The historical assumption that an FCA case starts with a disgruntled biller or former clinical director is no longer the only path. A data miner with access to Medicare and Medicaid claims sets can model your billing curve against peers, flag what looks aberrant, and file under seal. By the time you hear about it, DOJ has been reading your claims for months.

What Patterns Light Up in the Data

DOJ's FOCUS Initiative Puts Behavioral Health Billing Data in the Crosshairs — What Patterns Light Up in the Data

Behavioral health claims data tells stories. Some accurate. Some only look bad because the documentation behind them was never tightened. Either way, the same patterns repeatedly draw attention from DOJ, the HHS Office of Inspector General, and state Medicaid Fraud Control Units.

Arnold & Porter’s FCA team put the current dynamic plainly. DOJ is “openly inviting insiders and analytics firms to mine claims data for potential False Claims Act (FCA) cases”, and Winston & Strawn’s analysis warns that “Entities with atypical billing, pricing, or utilization patterns may face heightened risk.”

The high-risk patterns AHS surveyors flag in chart audits, and that mirror what data miners are modeling:

  • PHP (ASAM Criteria, 4th Edition, Level 2.5, an outpatient level of care) billed without the weekly hour minimums actually being met
  • IOP claims with attendance gaps that the UR notes never reconcile
  • Every patient stepping through the exact same level-of-care ladder regardless of ASAM 4 assessment
  • Group therapy billed at individual rates, or group sizes that exceed payer limits
  • Lab panels unbundled or billed at frequencies inconsistent with medical necessity
  • Authorizations that do not match the level of care delivered or documented

None of these require an insider to detect. They surface in claims data. What protects a treatment center operator is not the absence of patterns. It is whether the documentation in the chart actually supports what was billed.

Why This Is a Material Escalation, Not a Press Release

FCA exposure runs at treble damages plus per-claim penalties. Per the Federal Register final rule, the FCA minimum penalty increased from $13,946 to $14,308 per claim and the maximum from $27,894 to $28,619, applicable to penalties assessed after July 3, 2025. For a PHP or IOP program billing thousands of claims a year, the math gets ugly fast even when the underlying conduct was a systems failure rather than fraud.

DOJ does not have to prove you intended to defraud anyone. Reckless disregard and deliberate ignorance are enough under 31 U.S.C. § 3729.

The dollars behind FCA enforcement are not theoretical either. DOJ reported FCA settlements and judgments exceeding $6.8 billion in FY 2025, the highest single-year total in the statute’s history, with over $5.7 billion tied to the healthcare industry, or about 83 percent of recoveries. Whistleblowers received sizable relator shares out of that pool.

Recent behavioral health settlements have followed the same data-driven pattern. On September 26, 2024, Acadia Healthcare agreed to pay $16,663,918 to the United States to resolve False Claims Act liability for allegedly false Medicare, Medicaid and TRICARE billings, plus an additional $3,186,082 to Florida, Georgia, Michigan and Nevada. DOJ alleged Acadia falsely billed federal health care programs for inpatient behavioral health services that were not medically necessary between 2014 and 2017.

State Medicaid programs are running parallel analytics through their MFCUs. The federal and state pipelines are converging. Read the FOCUS announcement next to the FY 2025 numbers, and the practical message to operators is direct: your next relator may be a spreadsheet.

What Operators Should Actually Do This Quarter

Reading about FOCUS and forwarding the article to your compliance officer is not a response. A response from the CEO looks like a structured FCA risk assessment that pressure-tests the codes most likely to draw scrutiny, paired with a chart audit that ties documentation back to billing.

Concrete steps worth doing now:

  1. Pull your top ten billing codes by volume and revenue. Compare outlier rates against peer benchmarks. If you are a high outlier on any of them, document the clinical and operational reason why.
  2. Run a sample chart audit specifically tying UR notes, attendance logs, treatment plans, and ASAM Criteria, 4th Edition documentation to the level of care billed for that week. Not the month. The week.
  3. Review your group therapy billing against payer-specific group size limits and individual versus group code use.
  4. Pull lab utilization data. Frequency, panel composition, and medical necessity documentation. This is one of the most common FCA fact patterns in SUD treatment.
  5. Update your compliance program to include a written FCA risk assessment, not just a generic policy. Document what you looked at, what you found, and what you fixed.

Crowell & Moring reached the same conclusion in its FOCUS analysis, writing that “organizations may benefit from conducting regular, rigorous audits of their own claims, billing, and government-reported data” to identify compliance gaps and understand how a sophisticated data miner might build a qui tam.

Corrective action on the front end changes the conversation entirely if a complaint is later filed. A documented internal review showing your team identified an issue and corrected it is one of the strongest mitigators available when DOJ comes asking questions.

DOJ's FOCUS Initiative Puts Behavioral Health Billing Data in the Crosshairs — What Operators Should Actually Do This Quarter

Where AHS Fits and Where to Find Us

This is the work Atlantic Health Strategies does. Operational and documentation audits that connect clinical delivery, UR, scheduling, attendance, and billing into one coherent picture. FCA risk assessments built around the codes and patterns actually drawing enforcement attention. Compliance program rebuilds that hold up to scrutiny rather than sitting in a binder.

If you are heading to NAATP National in Amelia Island May 4 through 6, AHS is sponsoring the Women in Leadership Luncheon. Allison, Benjamin, Sariah and Leah will all be there. If FOCUS is on your radar and you want to talk through what an internal FCA risk assessment looks like for your organization, find one of us at the conference or reach out beforehand. This is exactly the kind of conversation worth having before a sealed complaint forces it.

Frequently asked questions

What is the DOJ FOCUS initiative and when did it launch?

DOJ’s Civil Division announced the FOCUS (Fraud Oversight through Careful Use of Statistics) initiative on April 30, 2026. It formalizes DOJ’s working relationship with data-miner whistleblowers who file False Claims Act qui tam complaints based on publicly available government data, including CMS claims data, rather than insider knowledge. DOJ has stated it will prioritize data miners who demonstrate analytical rigor, familiarity with program rules, and legally sufficient allegations.

How much can a behavioral health provider owe under the False Claims Act?

FCA liability is three times the government’s damages plus a per-claim civil penalty. After the July 3, 2025 inflation adjustment published in the Federal Register, per-claim penalties run from $14,308 to $28,619 (up from the $13,946 to $27,894 range that applied February 12, 2024 through July 2, 2025). For a PHP (ASAM Criteria, 4th Edition, Level 2.5) or IOP program submitting thousands of claims per year, even a modest per-claim damage figure can produce eight-figure exposure once penalties are stacked. The Acadia Healthcare settlement in September 2024 totaled $19.85 million, with $16,663,918 paid to the federal government and $3,186,082 paid to Florida, Georgia, Michigan, and Nevada.

Do I need a whistleblower for DOJ or HHS-OIG to open an FCA investigation against my facility?

No. Under FOCUS, DOJ explicitly invites data-miner relators who analyze publicly available Medicare and Medicaid claims data to file qui tam complaints. DOJ also self-initiated 401 new FCA investigations in FY 2025 without relying on a relator. Billing outliers themselves can trigger scrutiny before any complaint is ever filed.

What documentation does a behavioral health facility need to defend against an FCA data-mining complaint?

At minimum: ASAM Criteria, 4th Edition level-of-care assessments tied to each admission and continued stay; UR notes that reconcile attendance gaps in PHP and IOP; individualized treatment plans updated on payer-required cadence; group therapy attendance and group-size logs that match the codes billed; lab medical-necessity documentation tied to the clinical indication; and a written, dated FCA risk assessment showing you tested your top codes against peer benchmarks and corrected any gaps. Self-identified and self-corrected issues are among the strongest mitigators DOJ recognizes.

Request a Free Consultation

Scroll to Top