Compliance risks are escalating for behavioral health providers in 2024. Here’s why.

Sr. Vice President of Compliance & Coding

If you’ve been paying attention, you’ve noticed more than a few signs that regulatory scrutiny has been tightening for all healthcare providers since 2022.

Now, as we head into 2024, behavioral health providers in particular are facing the hot seat due to major changes affecting compliance.

I’ll be addressing these changes in detail in my new Weekly Compliance Report throughout 2024. Today’s email is the first of a weekly series in which I’ll share a detailed look at what’s going on in compliance — and how your organization needs to respond.

New updates require top-to-bottom attention.   

First, let’s talk about two major compliance updates that have taken place in the past two years that impact not just behavioral healthcare providers but ALL healthcare providers.          

Physician practices, treatment centers, counseling offices, inpatient and outpatient facilities, and all other settings where behavioral healthcare is provided are among the providers affected by these changes.  

Updates in late 2022 to security measures under HIPAA, the Health Insurance Portability and Accountability Act, have brought about important changes in access to medical records for patients, broadening patient rights regarding PHI access, and establishing multiple requirements to avoid discrimination. 

SimiTree Behavioral Health’s compliance experts have been working with organizations across all healthcare settings to conduct HIPAA Privacy Risk Assessments required under the new guidance. Our certified healthcare consultants help clients identify where they may be in violation of new requirements and understand how to meet new security demands. We also provide training for key personnel and help organizations update policies as needed.  

The most recent update just occurred.

In November of 2023, the Office of the Inspector General (OIG) of the U.S. Department of Health and Human Services further intensified its focus on compliance, issuing comprehensive new compliance guidance.

The OIG’s General Compliance Program Guidance, known as the GCPG, is the most comprehensive healthcare guidance ever issued. It references relevant Federal laws, compliance program infrastructure, OIG resources and other information. It reiterates the need for organizations to meet seven specific elements of compliance set out by the OIG, implement effective compliance monitoring, and fully involve the governing board in ongoing compliance efforts.

The bottom line? The new compliance guidance means your healthcare practice or organization needs a full compliance assessment, and possibly a few new policies, processes, and procedures as well.

SimiTree Behavioral Health offers both a HIPAA Privacy Analysis and a full compliance assessment for all provider types. Our consultants can work with you to correct any problem areas, update policies, and implement new processes.

These factors are driving behavioral health compliance risks.

With so many moving parts in the area of compliance across all sectors of healthcare, you may wonder why I am focusing so heavily on behavioral healthcare in this new Weekly Compliance Report.

Much of the information I want to provide here will be valuable throughout the healthcare industry, but there are some particular reasons that behavioral healthcare providers need to pay closer attention to compliance right now.

One of the most important compliance considerations is the burden created under the No Surprises Act, well-intentioned legislation for healthcare cost transparency that has unfortunately opened a Pandora’s box of administrative headaches in behavioral healthcare.         

Here are a few other reasons:

  • Medicare has embraced behavioral health. As of 2024, some addiction counselors are allowed to bill Medicare for their services. We’ve seen several new billing codes this year for behavioral health services. The Center for Medicare and Medicaid Services (CMS) is carving more and more behavioral health services into the Medicare program, and the need to understand medical review methodology is growing. At SimiTree, we’re the experts in Medicare methodology. We know how to help providers understand medical necessity from Medicare’s point of view and identify risky billing practices. We help providers understand and identify potential Medicare program integrity risks and set in place processes, procedures, and policies to get organizations on track for full compliance.

  • Primary care models are also embracing behavioral health. We are increasingly seeing behavioral health included in primary care models, driven by whole-person, transdisciplinary care initiatives.

  • We’re seeing explosive growth in technology use. COVID-19 has forever changed the telehealth landscape and ushered in a host of new compliance issues ranging from an expanded definition of telehealth practitioners to thorny new questions about practicing across state lines. Behavioral healthcare providers will continue to see some significant changes in telehealth as they implement numerous new Medicare provisions allowed under the Medicare Physician Fee Schedule (MPFS) Final Rule for CY 2024.

  • New business models and reimbursement bring new risk. Healthcare delivery is changing in a way I never could have imagined when I started out as a nurse so many years ago. We’re seeing innovative new partnerships, new service lines, new types of investors, new reimbursement models, new managed care plans, and the list goes on. This is particularly true in the field of behavioral health with explosive technological growth. Anytime you have new this or new that in a field as heavily regulated as healthcare, you have something else as well: new opportunities for compliance risk.

Make sure you’re subscribed.

All this means it's more important than ever to stay abreast of compliance issues in 2024 — and I don’t want you to miss any of my new Weekly Compliance Reports tackling these issues in detail. Be sure to add your name to the subscription list, and why not invite all the compliance officers you know to sign up as well?

Next week: New Risk-Adjusted Data Validation Audits (RADV) may impact behavioral health providers.

Have a compliance question?

SimiTree’s team of certified healthcare experts is made up of former auditors and surveyors who have the know-how and the experience to help your organization mitigate risk. Reach out to us today with all your compliance needs.

J’non Griffin serves as Senior Vice President for the Compliance as well as Coding divisions at SimiTree. With a healthcare career that spans three decades, she has a track record of helping many provider types implement effective compliance programs. She has worked with organizations nationwide  to develop compliant emergency preparedness and operation plans, implement fully compliant plans of care, and meet regulatory demands. As an AHIMA ambassador, Griffin was instrumental in preparing the coding community for the launch of ICD-10.