Telehealth Billing Compliance Risks Are Rising in Behavioral Health

The $300,000 False Claims Act settlement involving Aptihealth should not be treated as an isolated behavioral health billing dispute. It highlights a larger compliance problem facing telehealth providers as virtual care expands faster than the controls needed to govern documentation, patient communication, attendance, and revenue cycle activity.

The Department of Justice announced that Aptihealth and its affiliated medical practice agreed to resolve allegations involving Medicare and Medicaid claims for appointments that did not occur because patients were no-shows, patient-message responses lacking billable clinical content, and psychological testing services without sufficient documentation. (Department of Justice) The settlement also addressed a patient gift card program that the government contended violated the Anti-Kickback Statute.

The clinical need for virtual behavioral health services remains clear. The HHS telehealth program recognizes that remote behavioral health can improve continuity, privacy, convenience, and access for patients who face transportation, stigma, workforce, or geographic barriers. (telehealth.hhs.gov) But expanding access does not reduce the requirement that each claim reflect an actual, documented, medically necessary service.

Telehealth companies are often built around speed. Rapid intake, centralized scheduling, messaging tools, automated reminders, digital assessments, and platform-based billing can improve patient access. The same operational features can create risk when the distinction between patient engagement and billable care becomes blurred.

No Show Claims Expose a Basic Control Failure

Billing for a no-show appointment is not a difficult compliance question. It is a basic revenue-cycle control issue.

A visit that did not occur cannot be converted into a reimbursable encounter simply because a clinician reserved time, a platform created a note, or a scheduling system marked the appointment as completed. The operational controls around attendance must be strong enough to prevent that result before a claim leaves the organization.

That requires more than relying on a clinician’s schedule. Telehealth organizations need reliable evidence of whether the patient connected, whether the encounter was completed, how long it lasted, which clinician furnished the service, and whether the resulting documentation supports the code submitted. Video logs, platform connection records, appointment status, signed notes, claim edits, and exception reporting should work together.

The HHS Office of Inspector General has identified telehealth billing as an ongoing oversight concern and continues to examine whether services, including psychotherapy and evaluation and management care, meet Medicare requirements. (HHS Office of Inspector General) That attention is likely to intensify as behavioral health providers rely more heavily on virtual care delivery.

For compliance leaders, no-show billing should be treated as a control test. If an organization cannot reliably distinguish completed visits from canceled, abandoned, disconnected, or rescheduled encounters, it has a foundational data problem. That problem can affect patient records, clinician productivity reporting, payer claims, quality metrics, and financial forecasting.

Patient Messages Need Their Own Billing Logic

The allegations involving patient-message responses are equally important because portal communication is becoming a central part of behavioral health care.

Patients may use messaging platforms to ask for medication support, report symptoms, request documentation, seek scheduling help, or raise urgent concerns between visits. Some of those interactions may involve billable clinical work. Others may be administrative, duplicative, too limited in scope, or connected to a recent visit without separate payment eligibility.

The distinction cannot be left to informal judgment. The Centers for Medicare and Medicaid Services maintains specific rules around telehealth services and payment requirements, including which services are payable and under what conditions. (Centers for Medicare & Medicaid Services) A behavioral health platform needs a clear internal framework for separating administrative messages, routine care coordination, clinically substantive communication, and services that may support separate billing.

That framework should be visible inside the workflow. Clinicians should not have to interpret billing rules after sending a message. The platform should prompt for required information, document time and clinical content where appropriate, identify when a service is linked to a recent encounter, and route uncertain cases for review.

Without that discipline, messaging becomes a compliance blind spot. A tool designed to make care more accessible can create inappropriate claims if the organization treats every clinical interaction as a reimbursable event.

Documentation Is the Link Between Care and Payment

The Aptihealth settlement also addressed psychological testing services that were not sufficiently documented. That issue reaches beyond telehealth because documentation failures can undermine claims even when patient care was provided.

Behavioral health documentation has to support the clinical reason for the service, the work performed, the professional involved, the time or testing components required, interpretation, and the role of findings in the patient’s treatment. Sparse notes, templated language, missing signatures, incomplete assessments, and disconnected billing codes all create exposure.

An OIG audit of Medicare psychotherapy services found that providers frequently failed to meet Medicare documentation requirements, including missing psychotherapy time and signatures. (HHS Office of Inspector General) The audit predates the current settlement, but its lesson remains relevant. Behavioral health billing risk is often less about a single fraudulent act than about systems that allow incomplete documentation to become routine.

Technology can either strengthen or weaken this connection. A well-designed platform can make required fields, signatures, time documentation, and clinical review unavoidable. A poorly designed platform can encourage copy-forward notes, default coding, automated claim release, and weak exception management.

The difference is governance. Documentation must be designed around care integrity first and billing integrity second. When revenue logic leads clinical workflow design, the risk of overbilling rises quickly.

Patient Incentives Require More Than Marketing Review

The settlement’s reference to gift cards tied to therapy attendance also carries a broader warning. Behavioral health providers have legitimate reasons to improve engagement and reduce missed appointments. Patients may face barriers involving transportation, work, childcare, unstable housing, stigma, or inconsistent access to technology.

But financial incentives connected to federally reimbursed services require careful review. The OIG’s fraud and abuse guidance explains that the Anti-Kickback Statute can apply when remuneration is used to induce or reward referrals or business reimbursable by federal healthcare programs. (HHS Office of Inspector General)

A patient engagement program should therefore be evaluated by compliance, legal, finance, clinical operations, and patient experience leaders before launch. The relevant questions are practical. Is the incentive connected to a service reimbursed by Medicare or Medicaid? Does it influence utilization? Is it available consistently? Is it appropriately limited? Does it create pressure to attend services that may not be clinically necessary?

Behavioral health providers cannot afford to treat incentive design as a marketing decision alone. Engagement strategies can be valuable, but they need safeguards that preserve patient choice and federal program integrity.

Whistleblower Risk Begins Inside Operations

The Aptihealth matter was brought through the whistleblower provisions of the False Claims Act. The Justice Department’s False Claims Act guidance explains that liability can arise when a person knowingly submits or causes the submission of false claims to the government. (Department of Justice)

For telehealth companies, this means compliance risk may surface through employees who see a disconnect between care delivery and claims activity. A former employee may observe coding practices, no-show workflows, incentive programs, message billing rules, or documentation gaps before senior leadership does.

That makes reporting channels and internal investigation processes especially important. Employees need a credible way to raise concerns without fear of retaliation. Compliance teams need authority to investigate operational complaints that may appear small but reveal systemic billing flaws. Leadership needs dashboards that show no-show rates, claim reversal trends, message volumes, documentation completion, incentive activity, and billing exceptions.

A whistleblower complaint is often the final signal, not the first. The earlier signals usually exist inside operational data.

Telehealth Compliance Must Be Built Into the Platform

Telehealth providers should not rely on retrospective chart audits as the primary compliance defense. Audit programs remain important, but the stronger model is preventive.

Appointment status should control claim release. Clinical messages should be classified before billing. Testing services should require sufficient documentation before coding. Incentive programs should be reviewed before deployment. Coding patterns should be monitored for outliers. Claims involving high-risk services should receive targeted review before submission.

The OIG’s General Compliance Program Guidance emphasizes the importance of compliance infrastructure, risk assessment, training, communication, and monitoring. (HHS Office of Inspector General) In a telehealth environment, those elements should be integrated with product design and revenue-cycle operations rather than managed as separate functions.

The central issue is not whether behavioral health telehealth should grow. It should. Patients need more timely access to care, and virtual models can help meet that need. The question is whether providers can scale access without allowing convenience, automation, and revenue pressure to weaken billing discipline.

The next phase of telehealth growth will be judged less by appointment volume than by operational credibility. Behavioral health platforms that can prove services occurred, documentation supports payment, patient messaging is handled appropriately, and incentives are compliant will be better positioned to sustain trust with patients, payers, and regulators.