I presented at the HCCA 30th Annual Compliance Institute this year on a session called “When Compliance Fails: Behavioral Health Case Studies Every Leader Should Know.” I want to bring that content here because it’s too important to stay in a slide deck.

These are real cases. Real settlements. Real organizations that thought they were operating fine, until the day they weren’t. The patterns are predictable, and they are preventable.

Why Is This Still Happening?

It’s not about forgetting rules. It’s about patterns leaders overlook because operational pressure makes it easier to keep moving than to fix the root problem: documentation shortcuts that seem harmless, no internal monitoring until an auditor arrives, and financial incentives (like productivity goals) that quietly reward risky billing behavior.

The enforcement landscape makes this more urgent than ever. In FY2025, total civil False Claims Act recoveries exceeded $6.8 billion over 80% of that was healthcare related. Behavioral health is increasingly in the crosshairs.

Case Study 1: Community Options, Inc. (2025) $5M+ Settlement

What happened: Medicaid was billed for services with missing or non-compliant documentation. Identified overpayments were never reported or returned. A whistleblower was involved.

My take: Third Party Auditors don’t care about your intent. They care about your proof. No record, no payment. And when you find an overpayment, sitting on it is not a strategy  the 60-day clock starts the moment you identify it.

Action steps:

• Routinely cross-check billing data against documentation not just when something looks wrong.
• Build and document a formal 60-day overpayment reporting and return protocol.
• Standardize EHR templates with required fields tied to each service line’s regulatory requirements.

Case Study 2: Comprehensive Psychiatric Services (2025) $2.75M Settlement

What happened: Psychotherapy add-on codes (90833/90836) were billed without separate services being delivered or documented. No distinct start and end times. Payer-level pattern detection across multiple federal programs caught it.

My take: Add-on psychotherapy codes are audit magnets. You need a separately identifiable note and separate start and end times. Without them, you cannot justify the add-on regardless of how long the visit was or how clinically warranted the service was.

Action steps:

• Implement EHR hard stops requiring distinct start and end times before add-on codes can be submitted.
• Audit time entries for reasonability if a provider’s billed hours exceed their workday, that’s a flag.
• Train billing and coding staff to randomly pressure test documentation for the E/M component from the psychotherapy component.

Case Study 3: Texas Behavioral Health & UPI (2024) $1.08M Settlement

What happened: Services were billed “incident to” at the 100% Medicare rate under supervising physicians who were out of the country. No “overall direction and control” was being provided. A whistleblower filed a qui tam complaint.

My take: We know that in behavioral health we have been given addition allowance for general supervision. General supervision doesn’t mean no supervision. If your physician is in Cancun, they are not providing direction and control of any kind. Chasing that extra 15% is not worth the False Claims Act exposure when oversight isn’t real.

Action steps:

• Ask honestly: is the 15% gain worth the audit risk? If oversight is inconsistent, bill at 85% under direct NPP billing and remove the exposure.
• Document how supervision is being provided method, availability, communication channel. Make it visible.
• Verify requirements across state Medicaid, Medicare, and commercial carriers are not always the same.

Case Study 4: Supportive Care Holdings (2024) $4.59M Settlement

What happened: Telehealth facility fees (Q3014) were billed in nursing home settings without meeting originating site requirements. The CEO was named individually in the settlement.

My take: Telehealth is a tool, not a loophole. If you bill Q3014, the facility must provide what that code requires. Pandemic-era billing habits are now being audited aggressively. And when a CEO is named individually, that’s a message to every leader in this industry: you own this.

Action steps:

• Confirm whether your facility is the originating site or the distant site before billing Q3014. These are not interchangeable.
• Audit telehealth notes consistently for technology used, where patient and provider are located and patient consent.
• Treat telehealth billing controls as permanent infrastructure. If they were built as a pandemic response, they’re not sufficient.

What These Cases Have in Common

Auditors are not looking for isolated errors. They’re looking for patterns. When billing data shows a spike in add-on codes, psychotherapy volume that doesn’t match staffing, or telehealth claims that don’t fit the setting, it triggers a full review of your documentation infrastructure.

In three of these four cases, a whistleblower was involved. Your staff, your vendors, and your patients can all file a False Claims Act complaint. The through-line across every failure: documentation gaps that should have been caught internally, billing practices prioritizing revenue over regulatory accuracy, and leadership that assumed compliance was someone else’s job.

Final Thought

None of these organizations set out to commit fraud. These failures came from operational shortcuts, supervision gaps, pandemic-era habits that never got cleaned up, and billing practices no one stopped to question.

Behavioral health enforcement is not getting more forgiving. If your organization is not proactively auditing, monitoring, and tightening documentation standards, you are not ahead of this.

Learn from these cases before they become your case study.