By Matt Harrington, BCBA · Behaviorist Book Club · Research-backed answers for behavior analysts
The primary ABA CPT codes are 97151 (behavior identification assessment — the initial and ongoing assessment conducted by a BCBA), 97152 (behavior identification supporting assessment — assessment conducted by a technician under BCBA direction), 97153 (adaptive behavior treatment by protocol — the direct treatment provided by behavior technicians following the BCBA-designed treatment plan), 97155 (adaptive behavior treatment with protocol modification — the BCBA's direct treatment activities including assessment, protocol modification, and supervision with the client present), 97156 (family adaptive behavior treatment guidance — caregiver training activities), and 97157 (group adaptive behavior treatment guidance — group caregiver training). Each code has specific requirements regarding who can provide the service, what activities are included, and how the service must be documented. Understanding these requirements is essential for accurate billing and compliance.
The most common billing errors include coding for a higher-level service than was provided (for example, billing 97155 for activities that should be coded as 97153), billing for time not spent in clinical activities (including billing for documentation time when payer contracts do not cover it), incorrect unit calculation (misapplying the 8-minute rule for time-based codes), billing for services provided by uncredentialed providers, and failing to use required modifiers. These errors may result from inadequate training, unclear organizational policies, or system errors in billing software. Regular internal audits that compare documentation to submitted claims are the most effective way to detect and correct billing errors before they attract external scrutiny.
Audit-ready documentation includes several key elements for every session: the date, start time, and end time of the service; the specific CPT code that describes the service; identification of the rendering provider and their credentials; the treatment goals addressed during the session; the specific interventions implemented; the client's response to intervention including quantitative data where applicable; any clinical decisions made and the rationale for those decisions; and the provider's signature. Documentation should be specific enough that a reviewer who was not present at the session can understand what occurred, why it was medically necessary, and how it relates to the approved treatment plan. Generic language that could describe any session with any client (such as 'continued implementation of behavior plan with good progress') is insufficient for audit purposes.
Payer audits may be triggered by unusual billing patterns (such as billing significantly more hours per client than peer organizations, unusual distributions across CPT codes, or sudden increases in billing volume), complaints from clients, families, or other providers, random selection as part of routine audit programs, data analytics that identify statistical outliers, and referrals from whistleblowers or regulatory agencies. Organizations cannot prevent random audits, but they can minimize the risk of triggered audits by maintaining billing patterns consistent with clinical norms, addressing client and family complaints promptly, ensuring that billing accurately reflects services provided, and monitoring their own billing data for patterns that might attract attention.
A typical audit begins with notification that specifies the scope (which clients, which date range, which services) and the documentation requested. The organization gathers and submits the requested records — typically clinical documentation, billing records, and authorization files for a sample of clients. The auditor reviews these records to verify that services billed were actually provided, that documentation supports the services billed, that services were medically necessary, that the rendering provider was properly credentialed, and that the services were authorized. Findings may range from no issues identified to documentation deficiencies requiring corrective action, to overpayment findings requiring financial recoupment, to allegations of fraud requiring legal response. The organization typically has the opportunity to respond to findings before final determinations are made, and appeal processes are available for disputed findings.
Preparation should be ongoing rather than triggered by audit notification. Maintain organized, complete clinical files at all times. Conduct regular internal audits to identify and correct compliance issues proactively. Train staff on documentation standards and billing accuracy. Establish compliance monitoring systems that track key metrics. When an audit is announced, designate a single point of contact for all audit communications, gather requested documentation promptly and completely, review records before submission to identify any issues, cooperate fully and professionally with the audit process, and consult with healthcare legal counsel if the audit involves allegations of fraud or significant overpayment. Organizations that have maintained strong compliance practices will find the audit process confirms their diligence rather than revealing problems.
Medical necessity is the thread that connects clinical practice to insurance billing compliance. Every service billed to insurance must be medically necessary — meaning the service addresses a diagnosed condition, is consistent with accepted clinical standards, is expected to produce meaningful improvement, and is provided at an appropriate intensity and duration. Documentation of medical necessity must be present at every level: the initial assessment must establish medical necessity for treatment, the treatment plan must justify the specific services and intensity recommended, session notes must demonstrate that each service session addresses the treatment plan goals, and progress reports must show that treatment continues to be necessary. When medical necessity documentation is thorough and consistent, it simultaneously supports clinical decision-making, authorization requests, and audit defense. When it is absent or inadequate, the organization's clinical rationale is invisible to reviewers, creating compliance vulnerability regardless of the actual quality of care provided.
Payer contracts establish the specific terms under which an ABA organization provides services to the payer's members. These terms typically include covered services and their CPT codes, reimbursement rates, authorization requirements and procedures, documentation standards, credentialing requirements, timely filing deadlines for claims, and audit rights and procedures. The contractual terms may differ from one payer to another, creating complexity for organizations that participate in multiple networks. Compliance requires understanding and adhering to each payer's specific terms, which may impose requirements beyond general regulatory standards. For example, one payer may require treatment plan updates every six months while another requires them every three months. One payer may accept telehealth services while another does not. Managing these variations requires systematic tracking of payer-specific requirements and training staff on the differences.
Credentialing establishes that a provider meets the payer's requirements for participating in their network and providing services to their members. Services provided by providers who are not credentialed with the applicable payer may be unbillable, and billing for services rendered by uncredentialed providers is a compliance violation. Credentialing management involves initial credentialing when new providers join the organization, re-credentialing at required intervals (typically every two to three years), maintaining current information with each payer (address changes, credential updates), and monitoring pending applications to prevent gaps in credentialing status. Organizations should maintain a credentialing tracking system that monitors all providers across all payer networks and generates alerts when re-credentialing deadlines approach.
Building a compliance culture requires leadership commitment, structural support, and ongoing reinforcement. Leaders must communicate that compliance is a non-negotiable organizational value, not an afterthought or obstacle. Structural support includes dedicated compliance staff or resources, documentation templates and systems that facilitate rather than impede compliance, regular training on evolving requirements, and internal audit processes that identify and correct issues proactively. Ongoing reinforcement means recognizing and rewarding staff who maintain excellent documentation and billing accuracy, addressing compliance failures constructively and promptly, integrating compliance metrics into performance evaluation alongside clinical and productivity metrics, and creating an environment where staff feel comfortable reporting compliance concerns without fear of retaliation. Organizations that treat compliance as everyone's responsibility — from the front desk to the CEO — build cultures that naturally maintain the standards that regulatory bodies expect.
The ABA Clubhouse has 60+ on-demand CEUs including ethics, supervision, and clinical topics like this one. Plus a new live CEU every Wednesday.
Ready to go deeper? This course covers this topic with structured learning objectives and CEU credit.
Workshop: Demystifying Organizational Compliance — Kim Mack Rosenberg · 4 BACB Ethics CEUs · $105
Take This Course →4 BACB Ethics CEUs · $105 · BehaviorLive
Research-backed educational guide with practice recommendations
Side-by-side comparison with clinical decision framework
You earn CEUs from a dozen different places. Upload any certificate — from here, your employer, conferences, wherever — and always know exactly where you stand. Learning, Ethics, Supervision, all handled.
No credit card required. Cancel anytime.
All behavior-analytic intervention is individualized. The information on this page is for educational purposes and does not constitute clinical advice. Treatment decisions should be informed by the best available published research, individualized assessment, and obtained with the informed consent of the client or their legal guardian. Behavior analysts are responsible for practicing within the boundaries of their competence and adhering to the BACB Ethics Code for Behavior Analysts.