By Matt Harrington, BCBA · Behaviorist Book Club · Research-backed answers for behavior analysts
A policy states the organization's values and commitments — for example, 'All clinical services require documented informed consent before delivery begins.' A procedure operationalizes the policy into specific behavioral steps — the sequence of actions staff follow to obtain and document consent. A template standardizes the document that records the procedure's completion — the consent form itself, with all required elements included. All three components work together: the policy establishes the standard, the procedure defines how to meet it, and the template ensures consistent documentation that the standard was followed.
Several sections bear directly on organizational management: Section 1.01 (truthfulness, including billing accuracy), Section 2.06 (informed consent), Section 2.10 (records management), Section 5.04 (responsibilities of employers and supervisors), and Section 6.01 (compliance with laws and regulations). BCBAs who own or manage practices are responsible for creating organizational conditions in which staff can meet all applicable ethical standards — which requires that operational policies explicitly support ethical compliance rather than inadvertently creating barriers to it.
Highest-priority policy areas are those where gaps create the most immediate risk: informed consent (client safety and ethics compliance), supervision documentation (BACB and state licensure requirements), billing and authorization management (financial and legal exposure), incident reporting and crisis response (immediate safety), and records confidentiality and retention (HIPAA and state compliance). Secondary priorities include employee conduct, telehealth service delivery, and documentation quality management. Practices building infrastructure from scratch should address the first tier completely before developing secondary policies.
State licensure requirements and BACB ethics standards overlap substantially but are not identical. States may require documentation formats, supervision ratios, or records retention periods that are more specific than BACB requirements. They may also impose restrictions or requirements that do not appear in BACB standards. Policies developed to meet BACB standards alone may not satisfy state licensure boards. BCBAs who own or work in licensed practices should review their state's licensure regulations explicitly and ensure that organizational policies meet the more stringent standard when requirements differ.
A complete behavior plan template should include: client identifying information, baseline data on target behaviors, operational definitions sufficient for inter-observer reliability, functional hypothesis when FBA has been conducted, measurement system specification, intervention procedures written in implementer-accessible language, reinforcer identification, prompting hierarchy if applicable, criterion for goal mastery, data review schedule, plan for generalization and maintenance, and signature and date fields for the authorizing BCBA, caregiver, and other relevant team members. Templates that omit any of these elements create documentation gaps that may be identified during audits or treatment efficacy reviews.
Authorization management requires a documented procedure that specifies: who is responsible for submitting authorization requests and when, what documentation must accompany each request, how authorization approvals are recorded and communicated to clinical staff, what triggers an authorization renewal request and when, and what happens when services are delivered without confirmed authorization. Billing procedures must specify how session notes are reviewed before billing submission, who is authorized to submit claims, and how billing disputes are investigated and resolved. Practices should train all billing-adjacent staff on these procedures and audit billing documentation regularly.
BACB supervision requirements specify minimum percentages of supervisee work that must be directly observed and supervised, the formats acceptable for supervision, and the documentation required for supervision to count toward credentialing experience. Organizational supervision policies must operationalize these requirements: defining the maximum supervisee-to-supervisor ratio the practice will maintain, the format and frequency of supervision meetings, the documentation system for supervision logs, the process for addressing supervisee performance concerns, and the policy for when a supervisee may provide services independently versus when supervision must be present.
Standardized session note templates should include fields for: session date and time, services delivered, client attendance and engagement, target behaviors observed with data, interventions implemented during session, caregiver or staff communication during or after session, and clinician signature. Templates that include these elements as required fields rather than optional text boxes reduce the likelihood of omissions under time pressure. Practices should also establish a note review procedure where supervisor or billing staff review a sample of notes regularly for completeness, clinical accuracy, and match between services documented and services billed.
HIPAA requires that covered entities maintain records for a minimum of six years from creation or last effective date. Many states impose longer retention requirements for behavioral health records, and some require extended retention for records related to minors until they reach adulthood. ABA practices should establish retention policies that meet the most stringent applicable standard, specify how records are stored securely during the retention period, define who has access to records, and establish a documented destruction process for records that have reached the end of their retention period. Electronic records must meet the same security standards as paper records.
Section 5.04 of BACB Ethics Code 2.0 requires that BCBAs who manage or employ others not require staff to act in ways that violate the ethics code. When an organizational policy creates a conflict with ethical obligations, the BCBA should first attempt to resolve the conflict by modifying the policy. If the conflict cannot be resolved internally, the BCBA may need to consult with legal or ethics resources, document the conflict and their attempts to resolve it, and in extreme cases, consider whether continuation in the role is consistent with their ethical obligations. Loyalty to the organization does not override the ethics code.
The ABA Clubhouse has 60+ on-demand CEUs including ethics, supervision, and clinical topics like this one. Plus a new live CEU every Wednesday.
Ready to go deeper? This course covers this topic with structured learning objectives and CEU credit.
How to Build Policies, Procedures, & Templates for Your ABA Business — Erin Mayberry · 0 BACB General CEUs · $0
Take This Course →BACB General CEUs · $0 · BehaviorLive
Research-backed educational guide with practice recommendations
Side-by-side comparison with clinical decision framework
All behavior-analytic intervention is individualized. The information on this page is for educational purposes and does not constitute clinical advice. Treatment decisions should be informed by the best available published research, individualized assessment, and obtained with the informed consent of the client or their legal guardian. Behavior analysts are responsible for practicing within the boundaries of their competence and adhering to the BACB Ethics Code for Behavior Analysts.