ABA Claims Compliance Is a Two-Way Responsibility: It’s Time Payors Owned Their Part

Applied behavior analysis has gone from a Medicaid afterthought to a nearly $2 billion annual program in roughly a decade. Federal mandates, expanded autism diagnoses, and years of advocacy built that access, but the oversight infrastructure did not keep pace. Now, the enforcement cycle has arrived and it is landing hardest on the providers doing the work.

The conversation around ABA billing compliance has defaulted, almost entirely, to provider accountability. What to document, how to code, and how to survive an audit are all necessary guidance for providers. However, this guidance falls short when real liability is on the line and clarity is lacking.

A question that needs to be addressed is this: when auditors find errors in every claim reviewed across four separate states, is that a provider problem, or a system problem?

Read on to learn why ABA compliance requires accountability from both providers and payors, where the responsibility lies, and what providers can do to protect themselves until the tides turn and payors begin to own their share.

Key takeaways:

• The ABA audit crisis is a system failure, not just a provider failure.
• There’s a critical difference between fraud and documentation deficiencies, and conflating them has consequences.
• The technology to solve this already exists. What’s missing is payor accountability.

The audit wave is real, and it’s not slowing down

The HHS Office of Inspector General launched a planned series of nine state-level ABA audits in 2022. Four are complete, and the pattern in each is consistent: there is a need to define true fraud against missed documentation details.

The list of audit discrepancies is long:

• In Indiana, auditors found that at least $56 million in fee-for-service Medicaid ABA payments were improper during the 2019–2020 period, with an additional estimated $76.7 million flagged as potentially improper. 
• The Wisconsin audit, published in July 2025, identified at least $18.5 million in improper payments. 
• Maine came in at $45.6 million in improper fee-for-service payments. 
• Colorado’s audit, released in February 2026, estimated at least $77.8 million in improper payments, with an additional $207 million in potentially improper payments.

Across all four states, OIG recommended states return a combined almost $125 million to the federal government. The numbers matter. And what matters more: in every state audited, every sampled enrollee-month contained at least one improper or potentially improper claim.

The impact of audits on ABA practices

Recoupment demands disrupt cash flow, and the effect on providers is concrete. Many ABA practices operate with thin margins, where the bulk of every claim payment goes to the clinicians providing care. These practices simply cannot absorb large recoupments without consequences. They end up reducing Medicaid caseloads, closing locations, and in some cases shutting down entirely. When a practice closes, it is the low-income families who lose access.

The difference between fraud and documentation deficiencies 

Real fraud exists in this space. Documented cases of ABA providers billing for services never rendered, fabricating session notes, and exploiting Medicaid reimbursement structures are part of why auditors are here, and those cases deserve enforcement.

But fraud is not the whole story. The dominant finding across the OIG audit series is not fabricated claims. It is documentation deficiencies: 

• missing signatures
• incomplete session notes
• unsupported CPT code billing
• and supervision ratio disputes. 

These are not the same thing as fraud. But the financial consequences can be indistinguishable. And for providers who were doing their best with the information and tools they had, that gap between intent and outcome is where the real harm lives.

When all sampled cases contain errors across four separate states and four different provider populations, the result points somewhere beyond individual provider failure. It points toward a system issue.

The compliance requirements providers are being held to

To understand the compliance problem, it helps to understand where compliance requirements actually live and how difficult they are to find, interpret, and apply consistently.

ABA providers billing Medicaid operate inside a layered regulatory structure: 

• At the top is federal Medicaid law, which establishes coverage requirements under the Early and Periodic Screening, Diagnostic, and Treatment (EPSDT) benefit and sets floor-level program integrity rules. 
• Below that sits state Medicaid policy, which varies substantially from state to state.
• Below that are MCO contracts, which govern how most Medicaid services are delivered in managed care states. 
• And below that, often the most operationally specific layer, are payor-specific reimbursement manuals and billing guidelines.

The variability of state-specific requirements

The federal regulations at 42 CFR 438 require states to maintain oversight of their MCO contracts and ensure providers receive program requirements. In practice, those requirements are distributed across:

• provider contracts
• authorization policies
• CPT code guidance documents 
• and reimbursement manuals.
  

All of which are updated without consistent notice to the provider community. This means a provider billing a single Medicaid managed care plan must potentially track:

• the state Medicaid provider manual 
• the MCO’s own provider manual 
• the MCO’s prior authorization policies 
• any plan-specific documentation addenda 
• and provider portals that require providers to log in and check for changes on any of the above. 

In addition, states are home to multiple MCOs, each with their own requirements which can frequently diverge from one another even within the same state and for the same CPT codes.

BCBA and RBT individual and group credentialing confusion

The credentialing landscape illustrates how acute the variation is. Even a well-documented area like BCBA billing credentialing has significant payor-to-payor variation that is not clearly or consistently communicated. For example: 

• Some payors require every BCBA to be individually credentialed
• Others allow BCBA billing under a group credential 
• Some payors require individual enrollment for RBTs
• Others require RBTs to bill under the supervising BCBA’s credentials

None of this is standardized, and the authoritative source for each payor’s rule is, typically, that payor’s own documentation. Leaving providers to find, access, and interpret all of this information on their own.

Is recommended guidance enough when it comes to ABA compliance?

The OIG audit recommendations in Wisconsin and Indiana give this concrete form. After identifying widespread documentation deficiencies, both states were directed to provide additional guidance to ABA facilities about how to document services, including:

• information needed in session notes
• billable time
• and signature requirements.

The guidance was a recommendation because it had not yet been clearly provided. With so many cases of documentation deficiency, and the variability of compliance mandates across multiple touchpoints, guidelines aren’t enough to address the foundational challenges faced by providers today.  

Read more about best practices and compliance tips for ABA documentation.

When the rules aren’t written down, who gets blamed?

This is the question the compliance conversation keeps avoiding. And it has a documented, current answer.

The Massachusetts case

In February 2026, officials with the Massachusetts Executive Office of Health and Human Services directed its contracted MCOs to recover 2024 Medicaid payments from ABA providers that did not maintain a ratio of 10 hours of paraprofessional therapy to 1 hour of BCBA supervision. 

Provider associations and individual practices pushed back immediately. Their position was clear: the 10:1 ratio had existed as a clinical guideline. It had not been communicated as a condition of payment. Using it retroactively as a basis for recoupment was not compliance enforcement. It was retroactive standard-setting.

The legal demand letter filed by attorneys for the Massachusetts Providers for ABA Access and Quality (MPAAQ) and the Massachusetts Association of Applied Behavior Analysis (MassABA) noted that providers were not given adequate notice of the audited standard or reasonable timelines to respond before recoupment was initiated.

While this instance may be specific to Massachusetts, the underlying problem is not. Practices in every state are navigating the same gap between what is expected and what is put into writing.

How technology can help write the compliance rulebook

The Office Puzzle experience

Office Puzzle serves more than 750 ABA practices nationwide, and as an all-in-one practice management platform, the development team has direct experience with what it takes to build compliance features. The platform integrates scheduling, session note documentation, supervision tracking, and billing in a system that reflects payor requirements.

In attempting to build payor-specific compliance functionality for a major Medicaid MCO, Office Puzzle’s team sought specific, written, codified requirements from that payor:

• What supervision ratios were required as a condition of payment? 
• What elements were required in a valid session note? 
• How should credentialing rules apply at the provider level versus the group level?

The team was unable to obtain clear, buildable requirements. The guidance that existed was vague, internally inconsistent, and not documented in a form that could be systematically applied in software. The requirements were not absent from a provider portal. They were absent from the system itself.

This is the operational reality behind the compliance conversation. Practice management technology can enforce documented requirements in real time by:

• flagging incomplete session notes before submission 
• validating supervision ratios before billing
• and checking credentials against payor rules. 

The technology is ready. But, you cannot build a compliance check against a requirement that does not exist in writing.

Can clear payor standards address fraud and documentation discrepancies?

This needs to be said plainly: there are documented cases of ABA providers billing for services never rendered, fabricating documentation, and deliberately exploiting Medicaid reimbursement structures.

• In Indiana, one provider received approximately $340,000 per child in Medicaid payments in a single year. 
• In Minnesota, federal prosecutors have brought criminal fraud charges against ABA providers. These cases cause direct harm to families and to the field, and they deserve enforcement.

The OIG audit series exists in part because of this. The rapid growth in Medicaid ABA spending — from $21 million in Indiana in 2017 to $611 million in 2023, a pattern replicated in state after state as coverage expanded nationwide — created conditions that attracted both good-faith providers and bad actors. Oversight that did not keep pace with that growth created risk and the federal government is now correcting for that.

As we’ve already discovered, the OIG audit findings include two distinct categories: genuine fraud and documentation deficiencies. And, the current enforcement net has not been distinguishing between them. What if payors stepping up to play their part in creating clearer standards could actually help separate the fraudulent cases from the mistaken discrepancies?

There’s a good chance it could. Clearer payor standards could make it easier to identify genuine fraud because compliance would become a defined baseline. A provider whose documentation meets clearly stated requirements and still fabricates services is unambiguously acting in bad faith. A provider whose documentation falls short of requirements that were never clearly communicated is a different problem, requiring a different response.

What Shared Accountability Actually Looks Like

The compliance problem in ABA billing is not going to be resolved by expecting providers to figure out requirements that payors have not codified. 

Instead, it will depend on shared accountability.

Provider compliance obligations that are not in dispute

ABA providers have vital compliance obligations:

• Documented session notes are required 
• CPT codes must be used correctly and supported by documentation
• Supervision ratios must be maintained
• Credentials must be current, accurate, and properly tied to the claims being submitted

These obligations are not unfair, in fact, they are needed to ensure ethics and proper care across the ABA field.

Additionally, the BACB Ethics Code for Behavior Analysts requires behavior analysts to: 

• Supervise only within their scope of competence
• Take on a volume of supervisory activity commensurate with their ability
• Maintain documentation of supervision

These are professional obligations that exist independent of payor requirements. Providers must build internal compliance systems, train staff, and audit their own documentation against the most demanding standards they can find in writing.

These requirements are clear, and directly related to the quality of care clinicians must uphold.

Payor obligations — currently undefined

Payors have obligations in a functioning compliance system, and those obligations are currently under-defined. Specifically:

• Published, specific requirements: The documentation elements required for a valid session note should be stated explicitly. Not implied, distributed across multiple documents, or variable across MCOs operating in the same state.
• Supervision ratio standards as conditions of payment: If a supervision ratio is a condition of payment, it should be communicated as such proactively, in writing before auditors use it to recoup payments.
• Credentialing rules by provider type: Whether BCBAs and RBTs must be individually credentialed, billing under a group credential or supervisor, and what the specific requirements are should be specified in writing by each payor. 
• Advance notice of standard changes: When requirements change, providers need notice before the change takes effect, not recoupment demands after the fact.

These clarifications are necessary to achieve operational clarity in ABA compliance and success for the providers and the system itself.

5 ways providers can build a strong audit foundation

The accountability argument matters for the long term. In the near term, providers have to operate in the system as it exists, and there are concrete steps that reduce exposure while the larger conversation continues.

1. Audit your documentation standards against the most demanding payor requirements you can find in writing. 

Do not aim for the average. Aim for the most specific, stringent documented standard in your payor mix and use that as your standard. If your documentation passes the strictest written standard, it is more defensible against all of them.

2. Request requirements in writing from every payor you contract with. 

Ask your MCOs directly: 

• What elements are required in a valid session note for each CPT code you bill?
• What supervision ratio is required as a condition of payment? 
• What are your RBT credentialing requirements? 

Document the requests, response, and non-responses. That record is relevant if an audit ever challenges your documentation against a standard you attempted to clarify and could not get a written answer on.

3. Build documentation habits that exceed minimum standards. 

• Complete session notes with all required elements. 
• Maintain supervision logs that clearly reflect the dates, times, topics, and signatures involved in each supervision contact. 
• Keep credentialing files current for each provider and updated by payor — not just by credentialing status at the BACB level, but by enrollment status at each individual plan.
  

4. When you receive an audit notice, engage legal counsel immediately. 

The appeal process has strict timelines and the window to request a stay of recoupment is narrow. Missing it can forfeit your ability to contest findings. 

• Preserve all documentation — session notes, supervision logs, credentialing records, billing records, prior authorization communications, and any written communications with payors about compliance requirements.
  

5. Advocate for audit clarity and fairness. 

The Massachusetts situation demonstrates that provider associations can and do push back through legal channels when standards are applied unfairly. Industry voices matter in shaping how audit standards are written, communicated, and applied.

• Join associations, read articles, stay aligned with other professionals. 
• MPAAQ and MassABA have formal demand letters on the record that help shape future policy.

The compliance landscape isn’t going to stabilize quickly. Providers who build stronger documentation systems, accurate records, and engage counsel early when challenges arise are far better positioned than those waiting for the system to get fair on its own. And, providers shouldn’t be left to bear the burden alone.

The technology is waiting

ABA practice management technology is poised to address compliance concerns in real-time. 

This is not hypothetical. The technology and data infrastructure exists to support exactly the type of workflow that is needed to improve compliance outcomes. The missing element is not technical capability. It is codified, accessible requirements to build against.

How Office Puzzle helps ABA practices stay audit ready and compliant 

Office Puzzle’s fully connected practice management platform supports complete session note documentation, data collection, supervision tracking, EVV integration, and billing workflows designed for the compliance demands facing ABA providers today. 

Software should help streamline processes and free up your team to provide better care. That’s why we have a support team who backs our technology, easy on-boarding, and a low-risk, affordable entrypoint. Office Puzzle was designed specifically with clinician-owned practices in mind, and built to scale. Whether you are a small practice, or growing fast, you can access all the features you need to run your practice and stay compliant.

Try Office Puzzle free for 30 days, no credit card required. If it’s right for you, it’s under $20 per user, per month to stay.

Like what you saw?

Frequently Asked Questions

What is an ABA Medicaid audit and why are they increasing?

An ABA Medicaid audit is a review by a state Medicaid agency, MCO, or federal contractor of claims submitted by an ABA provider to verify that services were delivered, documented, and billed in compliance with program requirements. 

Audit activity has increased significantly since a 2014 CMS bulletin that clarified federal coverage requirements under EPSDT, which prompted rapid expansion in every state. Additionally, the HHS OIG launched a planned series of nine state-level ABA audits, with more states planned. The increase reflects both the growth of the field and regulators’ recognition that oversight mechanisms did not keep pace with that growth.

Can an ABA provider be required to repay Medicaid claims even if they weren’t committing fraud?

Yes. Medicaid recoupment can result from documentation deficiencies, supervision ratio disputes, or credentialing compliance issues — not only from intentional fraud. When an audit identifies claims that do not meet documentation or billing requirements, payors can demand repayment of those amounts regardless of provider intent. 

In some cases, statistical extrapolation is used to project findings from a sample across a provider’s entire claims history, which can result in recoupment demands that significantly exceed the value of the sampled claims. Providers have appeal rights, but the process is time-limited and the window to contest findings — including staying recoupment during appeal — is narrow.

Are payors required to publish clear billing requirements for ABA providers?

Federal Medicaid regulations require states to maintain provider manuals and communicate program requirements, but the specificity, accessibility, and timeliness of those requirements vary significantly across states and MCOs. 

In practice, requirements are often distributed across multiple documents:

• provider contracts
• reimbursement manuals
• prior authorization policies
• CPT code guidance

These requirements are updated without consistent notice to providers. There is no uniform federal standard requiring payors to communicate requirements in a single, comprehensive, provider-facing format. Payor-specific rules for documentation, supervision ratios, and credentialing frequently differ even within the same state.

What is the difference between an improper payment and fraud in ABA billing?

• An improper payment is a Medicaid payment that did not comply with program requirements. This can include payments made without sufficient documentation to verify that a service was delivered appropriately.
• Fraud, by contrast, requires intent — knowingly submitting false claims or billing for services never rendered. 
• OIG audit reports classify findings as improper or potentially improper payments, which is a broader and less legally specific category than fraud.
• Many of the documentation deficiencies identified in recent ABA audits (missing signatures, incomplete session notes, disputed supervision ratios) fall into the improper payment category and do not represent intentional misconduct. 

Conflating improper payments with fraud overstates provider culpability and obscures the role of unclear payor guidance in producing documentation gaps.

What should an ABA practice do if it receives a Medicaid audit notice or recoupment demand?

Upon receiving an audit notice, an ABA practice should:

• Engage healthcare legal counsel immediately, as appeal deadlines are strict and missing them can forfeit the right to contest findings. 
• The practice should preserve all relevant documentation and avoid altering or discarding records.
• Have access to all session notes, supervision logs, credentialing records, billing records, and any prior authorization communications.
• Document any communications with the payor or auditor, including requests for clarification on the requirements at issue, as this record can be relevant to an appeal.

If a recoupment demand is issued, providers generally have the right to appeal and, in many cases, to request a stay of recoupment during the appeals process if the appeal is filed within the required timeframe. 

References

1.  Behavior Analyst Certification Board. (2020, updated 2024). Ethics code for behavior analysts. https://www.bacb.com/wp-content/uploads/2022/01/Ethics-Code-for-Behavior-Analysts-240830-a.pdf

2.  Behavior Analyst Certification Board. (n.d.). Ethics codes. https://www.bacb.com/ethics-information/ethics-codes/

3.  Cato Institute. (n.d.). Autism therapy gold rush. https://www.cato.org/blog/autism-therapy-gold-rush

4.  Centers for Medicare & Medicaid Services. (2014, July 7). Coverage of behavioral health services for children, youth, and young adults with significant mental health conditions. (CIB-07-07-14). U.S. Department of Health and Human Services. https://www.medicaid.gov/federal-policy-guidance/downloads/cib-07-07-14.pdf

5.  Centers for Medicare & Medicaid Services. (n.d.). Federal policy guidance. U.S. Department of Health and Human Services. https://www.medicaid.gov/federal-policy-guidance

6.  Electronic Code of Federal Regulations. (n.d.). 42 C.F.R. Part 438 — Managed care. https://www.ecfr.gov/current/title-42/chapter-IV/subchapter-C/part-438

7.  Medicaid and CHIP Payment and Access Commission. (n.d.). Features of federal Medicaid managed care authorities. https://www.macpac.gov/features-of-federal-medicaid-managed-care-authorities/

8.  Massachusetts Association for Behavior Analysis. (2016, October 16). Updated ABA performance specifications. https://www.massaba.net/wp-content/uploads/Updated-ABA-Perfomance-Specifications-Oct16.pdf

9.  U.S. Department of Health and Human Services, Office of Inspector General. (2026, February). Colorado’s fee-for-service Medicaid payments for applied behavior analysis (Report No. A-09-24-02004). https://oig.hhs.gov/documents/audit/11493/A-09-24-02004.pdf

10.  U.S. Department of Health and Human Services, Office of Inspector General. (2023). Indiana made improper Medicaid payments for applied behavior analysis services (Report No. A-06-23-01002). https://oig.hhs.gov/documents/audit/10497/A-06-23-01002.pdf

11.  U.S. Department of Health and Human Services, Office of Inspector General. (n.d.). Audits of Medicaid applied behavior analysis for children diagnosed with autism (series overview). https://oig.hhs.gov/reports/work-plan/browse-work-plan-projects/srs-a-25-029/

12.  U.S. Department of Health and Human Services, Office of Inspector General. (n.d.). HHS OIG audit finds Maine made at least $45.6 million in improper Medicaid payments for autism services. https://oig.hhs.gov/newsroom/news-releases-articles/hhs-oig-audit-finds-maine-made-at-least-456-million-in-improper-medicaid-payments-for-autism-services/