Multi-state behavioral health telehealth billing and compliance: what leaders need to know

If you are a Chief Medical Officer (CMO) or a Clinical Operations Director, your daily reality in 2026 is no longer defined by the rapid adoption curves of the pandemic era. That era has matured into a period of deep structural complexity. Telehealth is no longer a pilot project or an emergency contingency; it is a permanent pillar of behavioral health care delivery, codified into the fabric of the healthcare system. However, for leaders in the Consideration stage of a technology or revenue cycle management (RCM) refresh, the “telemedicine cliff” has been replaced by something more operationally dangerous: the compliance knot.

As an organization running clinics across multiple jurisdictions, you are managing a workforce that must reconcile conflicting program mandates daily. This is especially true for multi-program providers dealing with Substance Use Disorder (SUD), Intellectual and Developmental Disabilities (IDD), and mental health therapy. Each of these programs often requires incompatible reporting silos and distinct billing logic that generic electronic health records (EHRs) were never designed to handle.

The stakes for navigating this maze correctly are immense. In a high-volume multi-state environment, routine miscalculation in Place of Service (POS) codes or a failure to adapt to shifting state documentation standards does not produce a single denial. It represents a systemic threat to unit economics. The financial impact of POS code accuracy on reimbursement is material and locality-dependent—a dynamic that will be examined in detail in Section V.

The multi-state reality check

Consider a behavioral health organization operating across North Carolina and West Virginia. Each represents a fundamentally different operating environment. North Carolina’s Tailored Plan structure requires compliance with LMEMCO contracts across four managed care organizations, each with distinct prior authorization workflows and NC HealthConnex reporting. West Virginia confirmed the end of its COVID-era telehealth flexibilities as of December 31, 2024. One organization. Two states. Two entirely different compliance rulebooks, and if your EHR uses the same documentation template for both, you have a structural problem that no amount of staff training will fix.

This guide moves beyond the basics of how to do telehealth to address the specific compliance architecture behavioral health leaders need to build in 2026. It is an operationally specific blueprint for organizations that recognize that scaling without automated, rules-based systems is no longer an administrative inconvenience, it is a direct threat to long-term sustainability.

In 2026, the primary objective for your RCM and clinical leads is protecting the “non-facility” rate associated with home-based care. For behavioral and mental health services, Medicare has made permanent the removal of traditional geographic and originating-site limits. Behavioral health clinicians can provide telehealth to beneficiaries in their homes, with no rural-location requirement and no originating-site restriction, while other telehealth flexibilities for non-behavioral services currently extend only through December 31, 2027.

However, there is a critical distinction between the permanence of general telehealth access and the temporary nature of current flexibilities regarding home-based and audio-only delivery. Under current law, including the Consolidated Appropriations Act, 2026, Medicare’s specific waivers for originating sites and the use of audio-only communication are currently secured through December 31, 2027. This creates a high-stakes strategic window for organizations to harden their multi-state billing infrastructure before the regulatory environment shifts again.

The conditional status of audio-only services

While audio-only services are recognized, CMS and private payers have moved toward a more conditional framework. Through the end of 2027, audio-only behavioral health is widely permitted when the patient is at home. Starting January 1, 2028, audio-only will be allowed only when the practitioner is technically capable of audio-video communication, and the patient either cannot access or does not consent to video.

For your clinical staff, this means the risk has shifted decisively from what code is billed to what is documented inside the clinical note. To survive a 2026 retrospective audit, your documentation must reflect:

• Modality Justification: Clinical notes must capture a specific technical or clinical reason why video was not utilized. A generic, templated checkbox is insufficient and often serves as a primary trigger for recoupment.
• Accurate Modifiers: Professional claims must accurately utilize Modifier 93 for audio-only behavioral health to reflect this conditional policy, ensuring that the claim stands up to automated payer scrutiny.

2026–2027 strategic milestones

• The CPT Coding Fork: A major operational challenge in 2026 is the “two-tier” coding system. While the AMA introduced new telemedicine E/M codes (98000–98015) in 2025, Medicare has largely declined to adopt them as payable. Consequently, your RCM team must maintain dual-track templates: Medicare continues to rely on traditional evaluation and management (E/M) codes (99202–99215) with modifiers, while commercial payers are evaluating or selectively piloting the 98000-series codes and may diverge in their telemedicine billing rules.
• Teaching Physician Rule: Beginning January 1, 2026, teaching physicians may provide virtual supervision through real-time audio-video technology during the key portion of a Medicare telehealth service. This is a permanent change that offers significant staffing flexibility, but it requires robust documentation that the “virtual presence” occurred via live video—audio-only is insufficient for supervision.

Behavioral health leaders are currently facing an era of unprecedented data-driven scrutiny. A 2024 Premier Inc. survey of hospitals, health systems, and post-acute care providers found that nearly 15% of medical claims submitted to private payers were initially denied, with Managed Medicaid running at 15.1% and Medicare Advantage at 15.7%. Behavioral health telehealth sits persistently at the higher end of denial ranges due to the complexity of time-based coding and evolving state mandates—a pattern that has drawn sustained regulatory attention.

The OIG’s Work Plan has maintained an active and ongoing focus on psychotherapy and telehealth services. The agency utilizes sophisticated data analytics to identify statistical outliers across large claims datasets. As KFF’s analysis of Medicare telehealth oversight notes, MedPAC has specifically recommended that CMS apply additional scrutiny to “outlier” clinicians who deliver more telehealth services than others. Organizations that do not proactively map their own utilization data against these scrutiny criteria are operating with a significant blind spot.

Specific triggers currently flagging providers for review

• CPT 90837 Documentation Precision: This 60-minute psychotherapy code is among the most audited items in behavioral health. CMS billing guidance specifies a minimum of 53 minutes of face-to-face therapeutic time. Missing start and stop times or consistently documenting sessions that fall exactly on the hour, are documentation gaps that draw systematic review. If a disproportionate share of your psychotherapy claims uses 90837 without documented clinical rationale, your practice presents a statistical pattern that payer data analytics are designed to identify.
• Telehealth-Only Utilization Patterns: Payers are increasingly comparing in-person versus telehealth ratios across provider networks. Practices that bill near-total virtual volume for all clinicians are being targeted for review to ensure that modality choices are patient-centered and clinically appropriate rather than purely operational.
• Cloned Documentation: Analytical tools are now widely used to detect repetitive or nearly identical progress notes across different patient visits. EHR templates that encourage “copy-forward” behavior without enforcing session-specific customization are high-risk triggers for automated denials.
• Missing Audio-Only Notation: Audio-only claims without session-specific notation explaining the absence of video are structurally vulnerable. A claim will not survive a retrospective review without the modality justification notation, regardless of whether the session was clinically legitimate.
• Prior Authorization Gaps: Authorization errors and eligibility verification failures remain among the top causes of behavioral health claim denials. In multi-state environments, prior authorization requirements vary not just by payer but by state, meaning a process that works correctly in New York may fail in North Carolina without modification.

The consequences of audit exposure in behavioral health telehealth are not theoretical. Post-payment recoupments require organizations to return revenue already received, creating cash flow crises. According to KFF’s analysis of ACA marketplace claims data, insurers upheld their original denial decision in more than half of appealed claims. More critically, the majority of denied claims across the industry are never resubmitted at all, meaning revenue that enters the denial pipeline has a high probability of never being recovered. Prevention is not a compliance preference. It is a financial imperative.

Federal regulators have signaled a clear interest in cases involving high-volume prescribing and standardized protocols that may limit clinical discretion. High-profile prosecutions have highlighted the risks of “auto-refill” technology features that bypass meaningful clinician-patient interaction.

While federal telemedicine prescribing flexibilities have been extended through December 31, 2026, your EHR must capture comprehensive interaction logs as the DEA evaluates permanent telemedicine prescribing frameworks beyond the current extension. The clinical record must be the primary defense. A defensible tele-prescribing workflow in 2026 must be built into the system architecture:

• Identity and Location Verification: Documentation must verify the patient’s identity and physical location at every encounter to satisfy evolving federal and state expectations.
• Legitimate Medical Purpose (LMP): Notes must reflect session-specific medical rationale connecting the presenting symptoms to the medication choice, rather than relying on static diagnosis lists.
• PDMP Workflow Integration: State-specific Prescription Drug Monitoring Program (PDMP) checks, such as North Carolina’s CSRS, must be workflow-enforced. A reminder is insufficient; the prescriber should be prevented from finalizing a controlled-substance prescription until the PDMP check is recorded.

The Place of Service (POS) code selected remains the most financially consequential decision in your behavioral health revenue cycle. As the CMS Physician Fee Schedule confirms, POS 02 applies when the patient is at a facility, paying the lower facility rate, while POS 10 applies when the patient is at their residence, paying the higher non-facility rate.

The locality-dependent reimbursement gap

The financial impact of POS selection varies by geographic locality and specific payer contracts. CMS established the higher non-facility rate specifically to reflect the practice expenses of providers in mental health and other specialties who maintain an office for in-person services while also delivering telehealth. Leaders should model these impacts against their specific 2026 Medicare fee schedule locality data to quantify the revenue currently at risk from miscoding. The per-visit gap is material and compounds significantly at scale.

The 2026 modifier matrix

Modifier selection is a high-frequency source of billing errors that trigger denials and underpayments. Multi-state practices should consider automate the application of:

• Modifier 95: The standard for synchronous audio-video telehealth for Medicare and many commercial payers.
• Modifier 93: Required for Medicare audio-only behavioral health services.
• Payer-Specific Modifiers: Certain programs, such as North Carolina Medicaid, utilize specific modifiers like KX for telephonic services in select behavioral health policies.
• RHC/FQHC Context: For mental health telehealth in Rural Health Clinic or Federally Qualified Health Center settings, CMS uses a distinct set of modifiers, including FQ for audio-only services in those specific settings. Note that FQ is not a general telehealth modifier; it applies specifically within the RHC/FQHC billing context.

The challenge is not simply knowing these rules, it is ensuring they are applied correctly for every clinician, every modality, and every state-payer combination every single time.

The core of the multi-state maze is the documentation infrastructure failure that sits underneath the billing problem. Every state where you operate has its own clinical documentation rulebook. A provider working across ten states is technically managing ten different sets of legal standards simultaneously. Generic EHRs use a single template for everyone, creating a structural problem that training alone cannot fix.

Operating across different realities

Consider the operational footprint of an organization growing across North Carolina, and West Virginia:

• North Carolina: The July 1, 2024 launch of North Carolina’s Behavioral Health/IDD Tailored Plans layered full managed-care accountability on top of Tailored Care Management, which has been operating since December 1, 2022. For example, NC Medicaid policy utilizes the KX modifier for telephonic delivery in select policies, and covered provider types and state-funded programs are subject to NC HealthConnex HIE connectivity requirements.
• West Virginia: West Virginia confirmed the end of its COVID-era Public Health Emergency telehealth flexibilities as of December 31, 2024. Providers must now update documentation protocols to reflect the specific service modalities and clinical indications required under current state policy for CTBS-type codes in rural settings where audio connectivity is common. Organizations should review current state policy documentation directly for the most up-to-date requirements.

The Infrastructure Problem

A generic EHR does not know that your New York patient needs an informed consent log or that your North Carolina patient requires a KX modifier for audio-only care. It does not know that your West Virginia patient’s documentation must reflect a specific modality under current state policy. This leads to a single template that complies with no state’s requirements completely, creating silent compliance gaps that only become visible during an audit. The documentation problem is not a training problem. It is an infrastructure problem.

Getting paid in a multi-state environment requires high-speed enrollment that keeps pace with your clinical growth. As of July 1, 2025, NCQA tightened the Primary Source Verification (PSV) time limit to 120 calendar days for accredited organizations. This requirement applies to all credentialing files processed on or after that date.

Recent analyses of credentialing delays show that a 90–120 day lag can easily translate into six-figure revenue loss for physicians, underscoring how quickly backlogs convert into real dollars left on the table. For a behavioral health group adding providers across multiple states, compressing credentialing timelines to the 30–45 day range is not an operational preference, it is a revenue protection imperative.

Stricter verification standards

In 2026, re-credentialing is no longer a background task; it is a core operational risk. Many payers now require earlier submissions and continuous monitoring of licenses, sanctions, and exclusions via OIG LEIE and SAM.gov, rather than periodic reviews every few years. A single-day lapse in a provider’s home-state compact privilege can trigger a multi-state billing blackout, a risk that compounds significantly in organizations operating across multiple compact frameworks simultaneously.

Payer-specific rules: the hidden compliance layer

Beyond enrollment, the ongoing payer-specific rules and reporting obligations create a compliance layer that most behavioral health organizations consistently underestimate. These include:

• Structured Assessment Data Requirements: Payers increasingly require structured assessment scores (PHQ-9, GAD-7, ASAM) in specific formats as part of claims data or in utilization management portals. If your EHR cannot be configured to meet these varying requirements automatically, clinicians are forced into duplicate documentation workflows, increasing burnout and creating data mismatches that trigger audits.
• Separate Prior Authorization Frameworks: Each payer operating in each state maintains its own prior authorization requirements for telehealth versus in-person services, including session limits, diagnosis-specific authorization thresholds, and step-therapy requirements.
• Reporting Format Variation: Different payers require different clinical summary formats for utilization management reviews, different data capture forms, and different reporting standards for value-based care contract compliance. The administrative burden of managing these variations manually is unsustainable at scale.
• Network-Specific Re-Credentialing Timelines: Some commercial payers require re-credentialing every two years; others operate on three-year cycles. In a multi-payer, multi-state environment, this means dozens of active re-credentialing windows may be open simultaneously.

For the leader ready to transition from navigating the maze to solving it, the following roadmap converts regulatory complexity into a sustainable competitive advantage:

1. Immediate Revenue and POS Audit: Review your 2025/2026 telehealth claims mix to ensure POS 10 is correctly applied for home-based services based on your specific locality fee schedules. Identify state-payer combinations operating without validated modifier templates.
2. Scrutiny and Utilization Mapping: Map your current CPT 90837 utilization rates and documentation precision (start and stop times) to identify outlier patterns that may trigger medical necessity reviews per OIG guidance.
3. State-by-State Documentation Gap Analysis: For every state in your footprint, evaluate clinical templates against specific requirements for telehealth consent, audio-only modality justification, and state-mandated PDMP integration.
4. Credentialing Modernization: Shift from reactive enrollment to proactive, continuous monitoring to address the 120-day PSV bottleneck and prevent billing blackouts caused by home-state license lapses.
5. Systems Orchestration Evaluation: Assess your current tech stack for its ability to act as a “central nervous system” for compliance, unifying clinical, billing, and scheduling rules into a single, automated workflow.

For a practical look at how blueBriX supports compliant, state-aware virtual care across jurisdictions, see its multi-state care delivery use case.

The administrative lift of multi-state behavioral health operations is no longer sustainable through manual workflows. Organizations that successfully scale in 2026 are those that treat compliance as an orchestration challenge, embedding regulatory intelligence directly into the care delivery process.

AI orchestration for documentation

blueBriX dynamically adapts documentation templates to align with jurisdiction-specific standards. The system can be configured so clinicians see, for example, North Carolina HealthConnex reporting prompts or West Virginia OHFLAC/BMS compliance fields automatically based on patient location and payer. This enforces correctness by design rather than relying on clinician memory.

Compliance hard stops

The platform allows for configurable rules that help prevent scheduling or billing actions that create exposure. If a clinician’s license is approaching expiration or a CPT 90837 claim lacks required start and stop times, the system can flag the issue before submission, protecting your revenue from the audit triggers described in Section III.

Integrated revenue intelligence

By connecting clinical activity, payer rules, and billing workflows in real-time, blueBriX assists organizations in improving clean claim performance and managing accounts receivable toward benchmark performance levels. The platform’s ability to maintain dual-track coding templates, Medicare versus commercial payer, resolves the two-tier CPT coding challenge described in Section II without creating separate administrative workflows.

No-code configurable data capture

Assessment scores required by specific payer contracts (PHQ-9, ASAM, GAD-7) are captured in the format that the payer’s utilization management system requires. The blueBriX Form Builder allows for dynamic behavior where selecting a symptom can trigger additional state-required questions automatically, directly addressing the payer-specific reporting variation described in Section VII.

Multi-location operational dashboard

Centralized infrastructure provides real-time visibility across multi-state footprints. Compliance leads can generate state-specific and program-specific quality metric reports without custom development cycles, directly supporting the reporting needs of Medicaid managed care. For organizations with operational complexity across states like North Carolina, New York, West Virginia etc. this unified visibility replaces the reconciliation burden of running disconnected systems.

Why blueBriX?

Most platforms will tell you they support telehealth. Fewer can tell you they handle multi-state telehealth compliance across competing managed care contracts, jurisdiction-specific documentation standards, dual-track CPT coding environments, and continuous credentialing monitoring, simultaneously, in the same workflow. blueBriX is purpose-built for exactly this operational reality. It surfaces the right documentation prompts, modifiers, and consent requirements based on the patient’s state and payer at the point of care; configurable hard stops catch documentation gaps before claims are submitted rather than after an audit surfaces them; and its no-code form builder adapts payer-specific data capture requirements without creating duplicate workflows for clinical staff. For organizations operating across states like North Carolina, West Virginia, New York etc., each with its own rulebook, blueBriX replaces the reconciliation burden of disconnected systems with a single, compliance-aware operational infrastructure built for behavioral health.