As government funding flowed increasingly toward behavioral health services in 2020 and 2021—driven by pandemic-related mental health crises, opioid epidemic responses, and expanded Medicaid coverage—regulatory scrutiny intensified proportionally. Attorney Jennifer Evans’ observation that enforcement actions against behavioral health organizations were “on the rise, especially for those that participate in Medicare and Medicaid” reflected a predictable pattern: increased public dollars attracted heightened oversight, and providers unprepared for this attention faced substantial legal and financial consequences. The warning signs Evans and fellow Polsinelli shareholder Asher Funk identified—outdated compliance programs, investigative demands, unexplained payment changes—revealed how organizations that grew rapidly or operated with insufficient administrative infrastructure became vulnerable to enforcement actions that could threaten their continued operations regardless of clinical quality or treatment outcomes.
The Compliance Infrastructure That Growth Outpaced
Funk’s emphasis on “ill-fitting compliance plans” as a primary audit risk captured a fundamental challenge within behavioral health’s consolidation and expansion era. Organizations that began as small, founder-led operations with informal processes scaled rapidly through organic growth, private equity investment, or acquisition roll-ups—but compliance infrastructure frequently lagged operational expansion. A compliance program adequate for a single-site provider with 20 employees and $2 million in annual revenue became dangerously insufficient when that organization grew to 15 locations, 300 staff, and $30 million in government reimbursement.
This scaling gap manifested in multiple operational vulnerabilities. Small organizations might have managed billing oversight through owner review of every claim, ensuring appropriate documentation and medical necessity. As volume increased, this personal oversight became impossible, yet many organizations failed to implement systematic audit processes, statistical sampling protocols, or compliance analytics that scale required. The result was that billing errors, documentation deficiencies, or inappropriate coding patterns could proliferate undetected until external auditors identified them—at which point isolated mistakes had become systematic problems generating substantial overpayment liability.
Employee complaint mechanisms presented similar scaling challenges. In small organizations, staff could raise concerns directly to leadership, and informal resolution processes often sufficed. Larger operations required formal reporting channels, investigation protocols, and documentation systems ensuring that compliance issues surfaced and received appropriate attention. Without these structures, problems that employees recognized—improper billing practices, inadequate clinical supervision, fraudulent documentation—remained unaddressed until whistleblowers bypassed internal channels and reported directly to government agencies or filed qui tam lawsuits.
Funk’s observation that “you don’t know what you don’t know” highlighted the insidious nature of compliance gaps—organizations operating with inadequate programs often believed they maintained appropriate oversight until enforcement actions revealed otherwise. This false confidence partly stemmed from behavioral health’s historical informality and the sector’s clinical rather than administrative cultural orientation. Many behavioral health leaders excelled at treatment delivery and clinical programming but lacked healthcare compliance expertise or appreciation for regulatory complexity that Medicare and Medicaid participation entailed.
The Clean Slate Example That Illustrated Good-Faith Vulnerability
Evans’ reference to Clean Slate Centers—sued by Massachusetts Attorney General Maura Healey for alleged Medicaid fraud despite appearing “cognizant of these laws and trying to get it right”—demonstrated that even well-intentioned organizations with compliance awareness faced enforcement risk when program implementation fell short of regulatory requirements. The Clean Slate situation suggested that understanding applicable rules didn’t necessarily translate to operational adherence, and prosecutors didn’t necessarily credit good intentions when billing irregularities generated substantial overpayments.
This case illustrated several dynamics that made behavioral health providers particularly vulnerable. Substance use disorder treatment involved complex billing rules around medication-assisted treatment, counseling services, and medical management that varied by state Medicaid programs and frequently changed as policies evolved. Organizations could genuinely attempt compliance while inadvertently violating technical requirements around service bundling, clinical documentation, or provider qualifications. When these violations accumulated across thousands of claims over extended periods, even small per-claim errors generated damages sufficient to trigger False Claims Act liability and massive settlement demands.
The Clean Slate matter also highlighted reputational and operational consequences that enforcement actions created regardless of ultimate legal outcomes. Once sued or investigated, organizations faced immediate challenges: referral sources hesitated sending patients to providers under regulatory scrutiny, payers imposed enhanced oversight or payment holds, staff worried about organizational stability, and investors questioned valuations and growth prospects. Even providers ultimately exonerated after lengthy legal proceedings suffered substantial damage from investigation periods, making proactive compliance investments far preferable to reactive legal defense.
For the broader industry, high-profile cases against seemingly reputable organizations created compliance awareness that might have otherwise remained theoretical. When prosecutors pursued established providers with national footprints and institutional backing rather than limiting enforcement to obvious bad actors, it signaled that regulatory tolerance for billing irregularities had decreased and that all Medicare and Medicaid participants required robust compliance infrastructure regardless of organizational mission or clinical quality.
The Investigation Cascade That Demands Immediate Response
The progression Funk described—from civil investigative demands or subpoenas through potential False Claims Act complaints—outlined the enforcement timeline that organizations needed to understand for appropriate response. Civil investigative demands represented government’s information-gathering phase, where prosecutors investigated potential violations without necessarily committing to litigation. Organizations receiving these requests faced critical decisions about legal representation, response strategy, and internal investigation that would significantly influence ultimate outcomes.
The recommendation to “immediately engage outside counsel” reflected recognition that organizational responses during investigative phases profoundly affected whether matters proceeded to enforcement action or resolved favorably. Experienced healthcare defense attorneys understood what information government requests actually sought, how to position responses that protected client interests while demonstrating cooperation, and when proactive settlement discussions might avoid litigation. Organizations attempting to respond independently—particularly those whose internal counsel lacked specialized healthcare enforcement experience—risked inadvertent admissions, inadequate privilege protections, or response strategies that escalated rather than resolved government concerns.
The whistleblower dynamic Funk mentioned—where government investigations frequently stemmed from employee qui tam complaints—created additional complexity around internal investigations and response strategies. Organizations learning of government interest often didn’t know whether investigations originated from whistleblowers, routine audits, data analytics identifying billing anomalies, or referrals from other enforcement actions. This uncertainty complicated decisions about internal investigation scope and whether organizations should proactively disclose identified problems versus waiting for government to articulate specific concerns.
The possibility that organizations’ first notice could be “getting a copy of the unsealed False Claims Act complaint served on you” represented the nightmare scenario where government bypassed preliminary investigation entirely and proceeded directly to litigation. This typically occurred when prosecutors possessed compelling evidence—often from detailed whistleblower disclosures including internal documentation—that made additional investigation unnecessary. Organizations facing this situation entered immediate crisis mode requiring aggressive legal defense, operational disruption management, and strategic communications addressing stakeholder concerns.
The Payment Disruptions That Signaled Payer Scrutiny
Evans’ description of payment pattern changes—sudden stoppages, extended delays, or holds on specific billing codes—identified early warning signs that providers could potentially address before formal enforcement actions. State Medicaid programs routinely employed pre-payment review, payment holds, and enhanced oversight when fraud analytics or complaints triggered concerns about particular providers. Organizations monitoring their accounts receivable and payment cycles could detect these changes and investigate underlying causes before issues escalated.
The “pre-payment review” designation Evans mentioned represented formal notification that Medicaid identified concerns warranting enhanced scrutiny. Under pre-payment review, states examined claims before processing payment rather than conducting post-payment audits, dramatically slowing reimbursement and creating immediate cash flow pressures. While pre-payment review alone didn’t constitute enforcement action, it indicated elevated regulatory attention that could proceed to recoupment demands, exclusion proceedings, or fraud referrals if reviews identified systematic problems.
Evans’ warning about billing staff “inadvertently making admissions” when calling Medicaid to inquire about payment changes highlighted risks that well-intentioned operational personnel posed to organizations during regulatory scrutiny. Billing staff accustomed to routine communications with Medicaid contractors might discuss billing practices, documentation approaches, or coding decisions in ways that prosecutors later characterized as admissions of knowing violations. Without legal counsel guidance, employees couldn’t recognize which statements carried legal implications versus technical discussions about claims processing.
This dynamic created tension between operational imperatives—resolving payment issues quickly to maintain cash flow—and legal risk management requiring careful assessment before external communications. Organizations facing payment disruptions needed protocols determining when billing staff could engage directly with payers versus when matters required legal review before response. Sophisticated compliance programs included decision trees guiding staff through these determinations, ensuring that urgent operational needs didn’t create inadvertent legal exposure.
The recommendation to “do an internal evaluation before calling Medicaid” reflected best practices around payment disruption response. Organizations should first assess whether the affected billing codes involved any documentation deficiencies, medical necessity concerns, or regulatory ambiguities that might have triggered payer scrutiny. This internal review, ideally conducted under attorney-client privilege, allowed organizations to understand their legal position before engaging with Medicaid representatives who might be gathering information for enforcement purposes.
The Proactive Compliance Investments That Reduced Risk
The collective warning signs Evans and Funk identified pointed toward proactive compliance strategies that organizations should implement before regulatory scrutiny emerged. Right-sizing compliance programs for organizational scale, conducting regular internal audits, implementing robust documentation standards, providing ongoing staff training, and maintaining relationships with specialized healthcare counsel represented investments that many behavioral health organizations deferred due to cost pressures or lack of compliance sophistication.
These investments paid dividends through multiple mechanisms. Strong compliance programs detected and corrected problems before they accumulated into substantial overpayment liability, reducing financial exposure from eventual enforcement. Documented compliance efforts demonstrated good faith that prosecutors and judges considered when determining whether violations warranted False Claims Act penalties versus repayment without additional sanctions. Robust internal controls prevented whistleblower claims by addressing employee concerns through established channels rather than forcing staff to report externally.
The compliance infrastructure that scaled organizations required included several core components. Independent compliance officers with direct board reporting relationships and sufficient authority to implement changes across operations. Regular audit programs using statistical sampling to assess billing accuracy, documentation adequacy, and regulatory adherence. Formal policies and procedures covering all operational areas with clear accountability for compliance. Mandatory training programs ensuring all staff understood applicable requirements. Anonymous reporting hotlines with investigation protocols and non-retaliation protections. And sophisticated billing systems with automated compliance checks preventing common errors before claims submission.
For organizations receiving private equity investment or pursuing aggressive growth strategies, compliance infrastructure deserved prioritization equal to clinical programming and operational expansion. Investors increasingly recognized that regulatory enforcement could destroy enterprise value regardless of clinical quality or market position, making compliance due diligence and post-acquisition integration of robust compliance programs essential value protection strategies. Organizations that deferred compliance investments to maximize short-term profitability risked catastrophic enforcement actions that eliminated returns and potentially triggered investor liability.
The Industry Evolution That Raised Compliance Standards
The increasing enforcement activity Evans identified reflected broader evolution within behavioral health toward professionalization and heightened accountability that consolidation and increased government funding accelerated. As the industry attracted more institutional investment, achieved greater scale, and consumed larger portions of public budgets, regulators naturally intensified oversight ensuring appropriate use of taxpayer dollars. This scrutiny would likely continue increasing as behavioral health integration within mainstream healthcare delivery progressed and as value-based payment models created additional compliance complexity around outcome measurement and risk adjustment.
Organizations positioned for long-term success recognized that compliance excellence represented competitive advantage rather than merely defensive cost center. Providers demonstrating superior compliance attracted payer contracts, referral relationships, and investment capital that organizations with regulatory concerns couldn’t access. As enforcement actions accumulated and industry participants learned which organizations faced scrutiny, market dynamics increasingly separated compliant operators from those cutting corners—a separation that would intensify as enforcement visibility increased and stakeholders became more sophisticated about evaluating provider compliance track records.
