Table of Contents
Ready to See Results?
From strategy through execution, Atlantic Health Strategies integrates compliance, operations, and growth into durable, measurable results. Let’s put our expertise to work for your organization.
The direct answer: HHSC-OIG is publishing its playbook, and most Texas operators are not reading it
Texas HHSC-OIG audits are catching documentation, consent, staff training, and billing failures that most operators still treat as clerical noise, and the agency publishes every finding on a public website. If you run a behavioral health treatment center in Texas, the Texas Health and Human Services Commission Office of Inspector General (HHSC-OIG) is telling you exactly what will get you recouped, and most operators are not reading the reports.
The recurring findings are not exotic. Missing signatures on treatment plans. Consent forms that omit required Texas Administrative Code elements. Service notes that do not support the code billed. Staff training gaps. Level-of-care transitions billed on days that should not have been billed.
The dollars behind the enforcement are not small. In the third quarter of FY2026 alone, HHSC-OIG reported recoveries exceeding $148 million. In Q2 FY2026, the agency recovered more than $95.7 million, with $88.9 million from provider integrity work alone. Founders and COOs who treat audit prep as a once-a-year exercise are getting caught by a regulator that literally publishes its target list.
What the recent Texas HHSC-OIG audit reports actually say
The findings repeat across providers. At Cypress Creek Hospital, a Houston behavioral health facility, HHSC-OIG auditors reviewing STAR+PLUS inpatient psychiatric services determined the hospital needed to improve processes related to documentation, timing of orders, patient consent, and patient evaluations. Of 137 required psychoactive medication consent forms tested, 18 were never obtained, 13 were obtained after the medication was administered, and 60 could not be dated at all. Of the ten involuntarily admitted patients tested, eight records (80 percent) were missing the appropriate court order. That is not a paperwork problem. That is a patient-rights problem with a Texas Administrative Code citation attached.
The Cenikor Foundation audits tell a longer story. In the original Region 7 audit, HHSC paid Cenikor $3,495,797 for services to 1,405 clients between September 1, 2018 and February 29, 2020, and OIG concluded Cenikor did not consistently comply with core contractual requirements. On follow-up, auditors determined Cenikor had not completed implementation of all recommendations for three out of four issue categories, with nine of 11 reviewed staff missing co-occurring psychiatric and substance use disorder training and two of three supervising counselors missing required continuing education in clinical supervision. The follow-up assessment ordered Cenikor to return $124,509.66 to the state of Texas, including an extrapolated $121,194.66 for residential detoxification and intensive residential services. Those are qualified-staff and service-delivery findings that go directly to whether the service was reimbursable at all.
The Homeward Bound audit, covering a Dallas substance use disorder provider, found that for 19 of 57 (33 percent) clients in detoxification, records did not support that the client received an individual counseling session each day the client was in treatment as required. The Cenikor Region 4 audit in Tyler calculated overpayments on transition days where the provider was paid both withdrawal management and intensive residential daily rates for the same client. Your census log and your billing file have to agree, every day.
Why HHSC-OIG is finding these problems (and why your internal audits are not)
HHSC-OIG runs a continuous risk assessment and publishes its Audit and Inspections Plan every year. The FY2026 plan names behavioral health providers, local mental and behavioral health authorities, inpatient hospitals, and targeted case management in mental health rehabilitation recovery as audit and inspection topics, and the underlying appropriations universe it oversees totals $52.7 billion for HHSC and DSHS.
Data mining does the rest. The HHSC-OIG audit team uses RAT/STATS statistical software from the federal HHS Office of Inspector General and follows the sampling and overpayment estimation processes described in the CMS Medicare Program Integrity Manual. That approach mirrors what the U.S. Department of Health and Human Services Office of Inspector General and the Centers for Medicare and Medicaid Services (CMS) do at the federal level. Commercial payer Special Investigations Units run the same play.
Internal QA programs at most treatment centers do not simulate that pull. Their teams audit a rolling sample by clinician, not a claims universe by procedure code. Their chart checks focus on clinical quality, not on whether the progress note supports the exact HCPCS billed, whether the modifier matches the level of care under the ASAM Criteria 4th Edition, whether written informed consent was on file before the service, and whether the rendering provider was actively enrolled with Texas Medicaid on the date of service. Those are the specific test steps Myers and Stauffer LC, the CPA firm HHSC-OIG contracts for provider audits, runs on behalf of the state.
HHSC-OIG describes its own work in plain language: “risk-based performance, provider and information technology audits to assess the accuracy of medical provider payments, the performance of HHS contractors, and HHS programs, functions, processes and systems.” Even a near-clean audit produces findings. The standard is not “mostly right.” The standard is documented.
What operators should do before the surveyor pulls the sample
Read the source documents. The Cypress Creek report, the Cenikor follow-up, the Homeward Bound report, the Nueces Center audit, and the FY2026 Audit and Inspections Plan are all posted on the HHSC-OIG reports page. Those documents are free playbooks written by the people who will one day pull your claims. Treat them the way an offensive coordinator treats film.
Run a mock survey against a claims universe, not a chart sample. Pick one high-volume HCPCS code (H2014 skills training, H0015 IOP, H0004 individual counseling), pull every paid line for the last 24 months, sample 60 to 100 lines randomly, and test each against service delivery record, rendering provider enrollment with Texas Medicaid, modifier accuracy, written consent date, and progress note support.
Rebuild consent forms against Texas Administrative Code. Cypress Creek’s homegrown medication consents are exactly why operators should never draft consents in Word without a compliance attorney reading them against the current TAC citation and 42 CFR Part 2, which the federal Substance Abuse and Mental Health Services Administration (SAMHSA) enforces for substance use disorder records.
Close the training file. The Cenikor follow-up caught co-occurring disorder training gaps, trauma-informed care timing gaps, and clinical supervision CEUs. Every one of those is documentable in advance, and CARF and The Joint Commission surveyors ask for the same evidence during accreditation surveys.
Watch level-of-care transitions. The Cenikor Region 4 audit calculated overpayments on days a client was billed at both withdrawal management and intensive residential daily rates. If you operate a residential withdrawal management program and step patients down inside the same facility, your census log and your billing file have to reconcile line by line.
The operator takeaway
The surveyor and the Myers and Stauffer contract auditor are pulling paid claims, testing them against Texas Administrative Code and the HHSC contract attachment, and publishing every finding.
When a founder or COO tells me they were surprised by an audit finding, my first question is whether anyone on their team read the last three HHSC-OIG reports on comparable providers in Texas. Usually the answer is no. That is the fixable part. The unfixable part is the recoupment letter that arrives after you had a chance to read the file and did not.
If you operate in Texas, or you are a private-equity buyer diligencing a Texas platform, the audit reports are your cheapest form of payer readiness and utilization management training. Read them before the effective date of your next contract renewal, not after.
Frequently asked questions
What is the Texas HHSC Office of Inspector General and what does it audit in behavioral health?
The Texas HHSC-OIG is the state inspector general responsible for detecting fraud, waste, and abuse in Texas health and human services programs. Its Audit and Inspections Division conducts risk-based performance, provider, and information technology audits to assess the accuracy of medical provider payments, the performance of HHS contractors, and HHS programs, functions, processes, and systems. Final audit reports are posted to the OIG website when issued. In Q3 FY2026 alone, HHSC-OIG reported recoveries exceeding $148 million across all programs.
What are the most common HHSC-OIG audit findings at Texas behavioral health treatment centers?
Recurring findings across recent reports include missing or late medication consent forms, missing court orders for involuntarily admitted patients, progress notes that do not support the HCPCS code billed, staff training and clinical supervision gaps, and overlapping billing across levels of care. At Cypress Creek Hospital, 18 of 137 required medication consent forms were never obtained and 13 more were signed after administration. At Homeward Bound in Dallas, 33 percent (19 of 57) of detoxification clients tested lacked documentation supporting the required daily individual counseling session.
How does the Texas HHSC-OIG select behavioral health providers for audit?
HHSC-OIG uses a continuous risk assessment process and statistical sampling software (RAT/STATS from the federal HHS OIG) plus billing pattern data mining to flag providers whose claims deviate from norms. It also publishes an annual Audit and Inspections Plan naming focus areas. The FY2026 plan named behavioral health providers, local mental and behavioral health authorities, inpatient hospitals, and targeted case management in mental health rehabilitation recovery as audit and inspection topics, spanning an appropriations universe of $52.7 billion for HHSC and DSHS.
What should a behavioral health operator do to prepare for a Texas HHSC-OIG audit?
Pull a claims universe by high-volume HCPCS code across the last 24 months, sample 60 to 100 lines, and test each against service delivery records, rendering provider enrollment with Texas Medicaid, modifier accuracy, written consent timing under 42 CFR Part 2, and progress note support. Rebuild consent forms against the current Texas Administrative Code citations, confirm every clinical staff file contains current co-occurring disorder, trauma-informed care, and clinical supervision documentation, and read the most recent HHSC-OIG audit reports on comparable providers before the surveyor does.
References
- Texas HHSC-OIG, Report Released for Second Quarter of Fiscal Year 2026 ($95.7M recovered; $88.9M from provider integrity)
- Texas HHSC-OIG, Behavioral Health Hospital Audited by OIG (Cypress Creek Hospital, Houston)
- Texas HHSC-OIG, Follow-Up Assessment: Cenikor Foundation, Region 7 (AUD-24-026)
- Texas HHSC-OIG, OIG Audits Substance Use Disorder Treatment Provider (Cenikor Region 7)
- Texas HHSC-OIG, Audit Report: Homeward Bound, Inc. (AUD-21-001)
- Texas HHSC-OIG, Annual Audit and Inspections Plan, Fiscal Year 2026
- Texas HHSC-OIG, Audit and Inspections Division
- Texas HHSC-OIG, Reports (public audit and inspection reports)