How to Prepare for an Insurance Audit (Behavioral Health)

By Rindie Eagle, MA, LPCC

June 13, 2026

Color-coded tabbed clinical binder open on a desk, representing how to prepare for a behavioral health insurance audit.

To prepare for an insurance audit, build every chart to the medical necessity standard before any request arrives: a current diagnosis, documented functional impairment, an evidence-based intervention, and a reason for continued treatment in each note, with signatures, time documentation, and consents in order. When a records request lands, read it closely, confirm the requester’s authority, send only what was asked for, and keep a copy of everything. A routine self-audit is what keeps you ready, so an audit is a formality rather than a scramble.

Few things rattle a private-practice clinician like a message from a payer requesting records. An audit is a documentation review, not a judgment of your clinical skill, and a chart built to a clear standard handles one without drama. The clinicians who come through audits calmly are the ones who prepared before the request arrived and who know what to do in the first day after it does.

This post covers both halves: what an audit reviews and what tends to trigger one, how to respond when a records request lands, what to send and what to hold back, and how a routine self-audit keeps you ready. None of this is legal advice, and for an active audit your malpractice carrier and an attorney familiar with your state are the right first calls.

What an audit is and what tends to trigger one

An insurance audit is a payer’s review of the documentation behind claims it has paid or is being asked to pay. The payer is checking that the services billed were delivered, were medically necessary, and were documented to the standard your contract and their policies require. Most audits are routine rather than accusatory.

A few things tend to draw a review. Billing patterns that stand out from peers, such as a high proportion of longer-session codes, can flag an account. So can frequent use of a single code, time-documentation that does not match the code billed, a client complaint, or simple random selection. Knowing the common triggers is less about avoiding them than about recognizing that an audit often has nothing to do with wrongdoing, and that the response is the same either way: produce a clean, complete record.

What payers request and review

When a payer audits, it typically asks for the clinical record behind specific dates of service: the diagnostic assessment, the treatment plan, the progress notes for the dates in question, and often the consents and authorizations on file. Across those documents, a reviewer is checking a consistent set of things.

  • Medical necessity. Does each date of service show a qualifying diagnosis, functional impairment, an appropriate level of care, and a reason continued treatment was warranted. This is the core of most reviews, and it is covered in full in medical necessity in therapy.
  • Time and code match. For time-based codes, the documented start and stop times or total time have to support the code billed. If you billed 90837, the record should show 53 minutes or more of psychotherapy.
  • Signatures and dates. Each note signed with credentials, dated, and finalized within a reasonable window.
  • Consents and required forms. Informed consent, the HIPAA acknowledgment, telehealth consent where relevant, and any payer-specific forms.
  • Consistency across the record. The diagnosis, the plan, and the notes telling one coherent story, which is the golden thread a reviewer follows from intake forward.

When a records request arrives

The first day matters less for speed than for care. Before sending anything, take a few deliberate steps.

Read the request closely and identify exactly what is being asked for: which client, which dates of service, which documents. Confirm the requester and their authority; a payer reviewing claims it is paying for the current episode is generally authorized to see the relevant records, but you still verify who is asking and that the request is what it appears to be. Note the deadline and calendar it with margin. Then assemble only what was requested, in a complete and legible form, and keep an exact copy of everything you send along with a log of what went out and when. If anything about the request is unclear or feels out of scope, that is the moment to call your malpractice carrier’s risk line before you respond. A payer audit is not the same as a legal subpoena, which carries its own rules, so when a request comes from an attorney or a court rather than a payer, treat it differently and consult first.

Progress notes versus psychotherapy notes

One distinction protects you and your client in an audit, so it is worth being precise about. Progress notes are the clinical record of the service: the documentation a payer is entitled to review for the claims it covers. Psychotherapy notes, in the specific HIPAA sense, are the clinician’s separate process notes, kept apart from the medical record, and they carry extra protection and are not part of what an audit of claims requires.

The discipline that matters here is that there is one clinical chart, not two. Psychotherapy notes are a narrow, separately stored exception, not a second set of clinical notes that holds the real account of care. Your progress notes should be complete enough to stand on their own in review, without anything important hidden in a parallel file. Know what your state and your payer require, and keep the clinical record whole.

The proactive half: a self-audit before you need one

Everything above is easier when the chart was already built to the standard, which is the case for a clinician who self-audits as a habit. A self-audit is a structured read of your own records, against the standard a payer would use, on your own schedule. It is where you catch the outdated treatment plan, the thin medical-necessity language, or the missing signature while the fix is still a quick correction rather than an audit finding.

The full method, reading a chart chronologically and across document types, with focus questions for each document, is laid out in the clinical documentation self-audit. The short version: if you can answer “why was this service necessary today?” for every note, and a reader could follow each chart from intake to discharge without guessing, an external audit becomes a formality rather than a scramble.

A short readiness check

You do not need a dedicated audit binder. You need a handful of things to be reliably true across your charts, so that producing records is a matter of printing rather than repairing. Before a request ever arrives, confirm that:

  • Every active client has a current, signed treatment plan that matches the work the notes describe.
  • Each progress note shows medical necessity for its date and references a treatment-plan goal.
  • Time documentation supports the codes billed, with start and stop times or total time recorded for time-based services.
  • Every note is signed with credentials and dated, and finalized within your usual window.
  • Informed consent, the HIPAA acknowledgment, and any telehealth or payer-specific forms are on file and current.

If these are dependably in place, you are most of the way to audit-ready before anyone asks. The self-audit is how you confirm they actually are, chart by chart, rather than assuming.

If findings come back

Sometimes a review returns findings, and a clear-headed response matters more than panic. Read the findings carefully to understand exactly what was identified. Correct your documentation practices going forward, and where you amend a record, do it transparently and with a date, following your EHR’s and payer’s rules for addenda rather than altering original entries. If a repayment is requested, your carrier and, where appropriate, an attorney can help you understand and respond to it. The aim throughout is an honest, corrected record and a documentation practice that is stronger for the experience, not a defensive one.

Frequently asked questions

What happens in a therapy insurance audit?

A payer requests the clinical records behind specific dates of service and reviews them for medical necessity, time-and-code match, signatures, consents, and overall consistency. You produce the requested documentation, the payer evaluates it against its standards, and the review either closes or returns findings. Most audits are documentation reviews, not accusations.

What triggers an insurance audit?

Common triggers include billing patterns that stand out from peers (such as heavy use of longer-session codes), frequent use of a single code, time documentation that does not match the code billed, a client complaint, or random selection. An audit often reflects a pattern flag rather than any suspicion of wrongdoing.

What do I do when I get a records request?

Read it closely to identify the client, dates, and documents requested; confirm the requester and their authority; note and calendar the deadline; send only what was requested in complete, legible form; and keep an exact copy and a log of what you sent. If anything is unclear or seems out of scope, or if the request is from an attorney or court rather than a payer, consult your malpractice carrier before responding.

What is the difference between progress notes and psychotherapy notes in an audit?

Progress notes are the clinical record of the service and are what a payer is entitled to review for the claims it covers. Psychotherapy notes, in the HIPAA sense, are the clinician’s separate process notes, stored apart from the medical record, with extra protection, and are not part of a claims audit. There should be one complete clinical chart, with psychotherapy notes as a narrow, separately kept exception rather than a second set of clinical notes.

What happens if an audit finds problems?

You read the findings, correct your documentation practices going forward, and amend records transparently and with dates where appropriate, following addenda rules rather than altering originals. If repayment is requested, your carrier and an attorney can help you respond. The goal is an honest, corrected record and a stronger practice.

How do I keep my charts audit-ready?

Build documentation to the medical-necessity standard from the start, use consistent note structure, write notes promptly, and run a routine self-audit so gaps are caught early. The aim is an audit-ready record that holds up to review.

The fastest way to get ready before a request ever arrives is to audit your own charts the way a payer would. The Clinical Documentation Audit Tool is a 126-point self-audit built from payer, state, and treatment-record standards, and the free Golden Thread and Medical Necessity primer teaches the framework the whole Write it Right series is built on.

Therapist Resources provides educational content only, not medical or legal advice. This material is not a substitute for professional help, and it is not a substitute for guidance from your malpractice carrier or an attorney during an active audit. No provider-client relationship is created through use of these materials. In emergencies, call 911.

therapistresources.com · An Encouragement Ink Brand

behavioral health clinical documentation hipaa insurance audit medical necessity progress notes records request utilization review

Write documentation that holds up

Session-ready courses, worksheets, and clinical tools built for working therapists — no prep time required.

Explore Courses Visit the Shop

Related Posts