If you think documentation is “just paperwork,” then you’ve probably never lived through an audit. The stakes of compliance aren’t theoretical when missed details and billing errors can mean paybacks, penalties, or even lost contracts. And with more eyes on behavioral health records than ever, compliance isn’t getting any easier—or any less stressful.

On a recent episode of the No Notes podcast, Dr. Denny Morrison sat down with Laura Siclari, Esq., Managing Partner at Siclari Law Group and longtime general counsel to one of New Jersey’s largest behavioral health providers. Together, they dug into why compliance risk is getting harder to manage, what really causes those audit-triggering errors, and how AI-driven tools are shifting the way organizations approach documentation and billing.

The conversation doesn’t shy away from the messiness of compliance, including burnout, shortcuts, and the pitfalls that trip up even the most diligent teams. But it also gets practical about what’s working—especially when it comes to AI tools.

Didn’t catch the episode? Listen to the full conversation here.

Or, read on for highlights and takeaways you can put to work immediately (no law degree required).

Why Proactive Management of Documentation Compliance Matters

According to Siclari, audits don’t just put one claim under the microscope; they often lead to a much more scrutinous and comprehensive review to expose all underlying problems an organization hasn’t addressed.

“The problem is…they don’t just audit the one claim that’s at issue, they will do a much broader audit,” Siclari said. “They’re gonna find, once they peek under the hood, probably a much broader problem that could result in very, very significant penalties to the organization—everything from Medicare and Medicaid paybacks to even loss of licensing if the issues are that egregious.”

Healthcare attorney Laura Siclari, Esq., breaks down how a single Medicare or Medicaid payer dispute can snowball into a wide-reaching audit, exposing systemic issues and triggering major penalties.

That means taking a reactive approach to compliance management is a risky move. Even if your team successfully catches errors, auditors are looking for more than just an admission of mistakes. They want to see exactly how you responded—and what steps you took to prevent similar issues from happening again.

As Dr. Morrison pointed out, “Auditors want to see what you did to remediate that problem…[ideally you can] say, ‘Yeah, we found this, it was an error. We realized that and here’s what we did about it.’”

Common Behavioral Health Documentation & Billing Pitfalls

Some compliance risks come up again and again, no matter how experienced the team. Siclari pointed out that providers typically aren’t taking shortcuts out of bad intentions—they are simply being stretched too thin.

Copied-and-pasted notes, for example, are “a real thing that does happen,” Siclari said. But, “the reason that clinicians sometimes cut corners in their notes is really, not from any kind of nefarious reasons, but that they are just really overbooked during the day with back-to-back clinical appointments…and they’re up late at night sometimes trying to catch up from the day and to get clinical notes in.”

Healthcare attorney Laura Siclari, Esq., sheds light on a common issue in behavioral health: shortcuts in clinical documentation. As she explains here, providers typically are not submitting inadequate notes due to bad intentions—they are simply overburdened by back-to-back sessions and impossible administrative workloads.

That pressure often results in documentation that is too bare-bones—or notes written from memory after several overloaded days.

As Siclari explained, this can lead to notes that “don’t really reflect what went on in the session and what the goals are…you’re not meeting the standards of care at that point when your notes don’t contain everything they need to.”

And compliance problems extend beyond documentation. Upcoding or downcoding mistakes—sometimes pushed by revenue cycle management (RCM) tools promising more money—can introduce even more risk.

Siclari specifically flagged concerns around companies that contract with healthcare organizations to manage claims processing. “If they’re broadcasting themselves as being able to either save you money or make you more money, then you’re wondering how they’re doing that—and if they are getting cute with the coding,” she said.

Dr. Denny Morrison and Laura Siclari, Esq., discuss how some RCM solutions may cause organizations to “getting cute with coding”—a move that can quickly raise red flags with federal and commercial payers.

There’s also the issue of multiple edits to the same note. “Every time you go into your electronic health record and you edit a note, there is an electronic footprint of that,” Siclari explained. “That would be a red flag for any kind of an auditing regulatory agency to be seeing lots of edits on the back end that didn’t happen contemporaneously.”

That’s why drafting compliant notes from the outset is so crucial.

Want to see exactly how AI helps mitigate common progress note issues from the start? Check out our compliant note examples here for a side-by-side analysis of manual versus AI-supported documentation.

How Purpose-Built AI Reduces Compliance Risk

AI is showing up in compliance work in two main ways:

  1. Organizations can improve documentation on the front end, and
  2. They can also catch errors earlier and address issues before they escalate into bigger problems.

Front-End Note Support

AI-driven documentation tools can help clinicians close the gap between what happened in a session and what actually makes it into the note.

According to Siclari, AI can “strengthen document accuracy and billing compliance,” allowing for “real-time review of clinical notes against payer requirements, noting inconsistencies, improper coding, upcoding, downcoding, all of those things.”

But in addition to catching mistakes and helping providers write more compliant notes from the get-go, AI also empowers clinicians to be more present with clients. Even when speaking about the value of AI from a legal perspective, Siclari was sure to emphasize that ultimately, regulations are meant to support quality care, so this AI benefit can’t be overlooked.

“The idea of using something like AI to let a clinician be an active listener and not be worrying about the clinical note that’s not getting written—I can’t overemphasize how huge of a support that can be,” Siclari said.

Dr. Denny Morrison and Laura Siclari, Esq., explain how delayed note-taking leads to shortcuts, incomplete records, and ethical risks.

Back-End Auditing & Dashboards

AI can also change how organizations handle auditing. Instead of relying on manual spot-checks or after-the-fact reviews, automation allows for comprehensive, real-time oversight—which Siclari calls a game-changer.

Learn how Merakey and GRAND Mental Health audit 20x more notes with the power of AI. Get the full story here.

“The idea of an organization auditing 100% of their notes manually is either not gonna happen at all, or it would take so long to do it after the fact that it almost becomes irrelevant at that point,” she said. But with AI, every note can be reviewed before it leaves the system—and dashboards give managers insight into patterns that need attention.

“[The] dashboard feature, from an HR and employer perspective, is a complete game-changer in terms of reporting on data showing which clinicians may be habitually doing incomplete or belated notes—or copying and pasting,” Siclari shared.

Curious how this works in Eleos? Watch a short walk-through of our Compliance product below.

Legal & Privacy Guardrails

Legally, compliance means carefully managing how information is stored, transmitted, and protected. “We’re talking about highly regulated data that requires very stringent HIPAA compliance under our federal and state laws,” Siclari said. 

So, before signing on with any AI vendor, organizations need to dig into the technical and legal specifics of how data is handled. Encryption, storage location, and consent workflows all matter.

“Knowing where the data rests, how the data is transmitted, if it’s fully secured, and if there’s any, let’s say, active listening and recording…proper consents, all of those things need to be in place in order to legally and compliantly use a tool like this,” Siclari explained.

Healthcare attorney Laura Siclari, Esq., outlines the critical importance of maintaining human oversight when using AI tools in behavioral health.

Legal risk also extends to how AI models are developed and maintained. Siclari urges organizations to ask tough questions about the data used to train any algorithm: “The transparency behind a certain AI company’s algorithm, I think, is important when you are evaluating how well you can trust the output from that organization.”

Without transparency, built-in bias or faulty assumptions could affect outcomes—or even trigger additional regulatory scrutiny. And if an error leads to a privacy breach or billing mistake, organizations could face significant penalties under both federal and state law. As Siclari noted, “Misuse of PHI or HIPAA compliance safeguards would be a big one—because if you’re violating federal law, there are likely state laws as well.”

A Future in Predictive Compliance for Behavioral Health

Siclari sees compliance-focused AI in behavioral health as a move toward proactive risk management. She describes a future where organizations use predictive tools to identify compliance issues before they escalate.

“Where I see the future of this going is really in the predictive capability,” Siclari shared. “I like the idea of predictive compliance modeling forecasting regulatory risk.”

She also imagines leaders using AI to improve care and outcomes at the population level. “I also would love to see AI aggregate data based on documentation trends across populations to be able to say, like, this subset of patients is not getting their needs met,” Siclari explained.

At the end of the day, AI can never fully eliminate legal risk—but it can scale the identification and management of the underlying issues that lead to non-compliant documentation (such as time pressure, lapses in memory, and inconsistent auditing).

When you pair purpose-built AI with clear policies and ongoing human oversight, you improve compliance, reduce the risk of paybacks, and keep the focus where it belongs: on delivering exceptional client care.

Subscribe to our Blog