Verification of benefits for treatment centers: the complete workflow

Verification of benefits (VOB) for an addiction treatment center is the process of confirming a prospective patient's insurance is active, what it covers, and whether the level of care being requested (detox, residential, PHP, IOP, OP) needs prior authorization, before the patient is admitted. Technically, the coverage check itself runs on a HIPAA-mandated electronic transaction: the ASC X12N 270 eligibility inquiry sent to the payer, and the 271 response the payer sends back with active/inactive status and benefit details. The best VOB software for treatment centers automates that 270/271 exchange, then layers on the addiction-specific data points (level-of-care limits, single case agreements, SUD-specific benefit riders) that a generic medical eligibility check leaves out.
What "verification of benefits" actually means, technically
Every electronic eligibility check rests on a transaction standard the federal government mandated under HIPAA (level-of-care questions specific to SUD are often still resolved by phone with the payer, as Step 5 below covers). HHS adopted Version 5010 of the ASC X12N 270/271 transaction as the standard format for the "eligibility and benefit inquiry and response" transaction, with a compliance date of January 1, 2012 for the standard itself and January 1, 2013 for the federally mandated operating rules that govern it (CMS, Adopted Standards and Operating Rules).
In plain terms:
- The 270 is the inbound request a provider (or one health plan) sends to a health plan asking about a specific enrollee's eligibility and coverage (CMS, Health Plan Eligibility Benefit Inquiry and Response).
- The 271 is the payer's response, confirming eligibility status and benefit details for that enrollee.
Since January 1, 2013, the federally mandated operating rules require health plans to respond to eligibility inquiries in real time with specific financial detail, not just an active/inactive flag. That real-time response must include deductibles, co-pays, and coinsurance; coverage information for specific service types; and secure access to that information over the internet (CMS, Health Plan Eligibility Benefit Inquiry and Response). A 270/271 exchange is what happens electronically in the background every time front desk or admissions staff say they "ran a VOB."
Separately, HIPAA also standardized the prior authorization and referral transaction as ASC X12N 278, Version 5010, with the same January 1, 2012 standard compliance date (CMS, Referral Certification and Authorization; CMS, Adopted Standards and Operating Rules table). This is the transaction that matters for level-of-care authorization: a 271 response tells you the patient has active coverage; a 278 request is what actually asks the payer to authorize a specific level of care, like residential or PHP.
The VOB workflow, step by step
- Collect complete demographic and insurance data at first contact. For Medicare specifically, CMS requires the patient's Medicare number (HICN, MBI, or RRB number), full first name, full last name, and date of birth as the minimum data set to run an eligibility search; commercial payers have equivalent minimum-match requirements (CMS, HETS 270/271 FAQ).
- Submit the 270 eligibility inquiry. This can run through a clearinghouse, a payer portal, or directly against the payer's real-time eligibility system.
- Read the 271 response for more than a yes/no. Under the federal operating rules, the response should include patient financial responsibility (deductible, co-pay, coinsurance) and service-type-specific coverage, not just a status flag.
- Check date-of-service validity. Payer eligibility systems apply lookback and lookahead windows. Medicare's HETS system, for example, accepts eligibility requests for dates of service up to four years in the past and four months in the future; a request outside that range returns a specific rejection code (the 2100C loop's AAA segment, error code AAA03 = "62," meaning "Date of Service Not Within Allowable Inquiry Period") rather than a benefit answer (CMS, About HETS 270/271).
- Identify whether the requested level of care needs prior authorization. Not every VOB question is answered by the 270/271. Level-of-care specific authorization (detox, residential, PHP) typically requires a separate 278 referral/authorization request, or a phone call to the payer's utilization management line, because the 271 response format was not designed to carry medical-necessity level-of-care detail.
- Apply level-of-care criteria before submitting for authorization. Payers and managed care organizations that use, license, or reference the ASAM Criteria are expected to apply the same Dimensional Admission Criteria used by clinicians (a multidimensional assessment across six clinical dimensions) when deciding what level of care to cover (ASAM, About the ASAM Criteria).
- Document everything captured, with a timestamp. The 271 response is explicitly a point-in-time snapshot: CMS's own FAQ states the data in a 271 response "is to be considered true and accurate only at the particular time of the transaction" (CMS, HETS 270/271 FAQ). A VOB done three days before admission can be stale by the time the patient walks in the door.
What to capture during a benefits check
A VOB that only confirms "active coverage" isn't complete for a behavioral health admission. At minimum, admissions and utilization review staff need:
| Data point | Why it matters |
|---|---|
| Eligibility status (active/inactive) and effective dates | Baseline gate before scheduling admission |
| Plan type (HMO, PPO, EPO) and network status | Determines whether prior auth and single case agreements are needed |
| Deductible, coinsurance, and out-of-pocket max (met vs. remaining) | Sets patient financial responsibility, required under the federal operating rules |
| Behavioral health / SUD-specific benefit riders | Some plans carve out BH/SUD benefits to a separate administrator entirely |
| Level-of-care specific authorization requirements | Whether detox, residential, PHP, or IOP each need separate 278 authorization |
| Authorized number of days/units and review dates | Prevents care from continuing past what's actually authorized |
| Utilization management contact and reference/auth number | What gets cited on the claim to avoid a downstream denial |
Common denials that trace back to a bad VOB
Claim denials that look like billing problems often started as verification problems weeks earlier:
- Eligibility was checked too early and coverage lapsed before admission. Because a 271 response is only accurate "at the particular time of the transaction" (CMS, HETS 270/271 FAQ), a VOB run at intake and never re-verified at admission can miss a coverage change.
- The level of care delivered doesn't match the level of care authorized. A 271 confirms coverage exists; it does not confirm the payer will pay for residential when only PHP was authorized under the 278 request.
- Required data elements were missing or generic on the request itself. CMS's own compliance guidance flags that submitting a placeholder value instead of a real provider name in a required field is a HIPAA standard violation and puts the submitter at risk of penalties, separate from any claim-level consequence (CMS, HETS 270/271 FAQ).
- Demographic mismatch between the VOB and the claim. Name, DOB, or identifier discrepancies between what was verified and what's billed can cause an otherwise-eligible patient's claim to reject.
- Date-of-service outside the payer's allowable inquiry window. As with the Medicare HETS four-year lookback / four-month lookahead rule, a benefits check run outside the payer's supported window returns an error instead of a benefit answer, and staff sometimes proceed on stale or assumed data instead of re-running it (CMS, About HETS 270/271).
- Provider NPI wasn't correctly associated with the submitter's trading profile. Medicare's HETS system validates NPI in real time and rejects an NPI not tied to the submitter's trading profile outright rather than returning benefit data (CMS, HETS 270/271 FAQ); commercial payer systems generally apply similar validation.
Frequently asked questions
What's the difference between a VOB and a prior authorization?
A VOB confirms coverage exists; a prior authorization confirms the payer will pay for a specific level of care. The VOB runs on the 270/271 eligibility transaction and tells you the patient's plan is active and what their general benefits look like. Authorization for a specific level of care, like residential or PHP, typically runs on a separate 278 referral/authorization transaction and is evaluated against the payer's medical necessity criteria, commonly the ASAM Criteria (CMS, Referral Certification and Authorization; ASAM, About the ASAM Criteria).
How current does a verification of benefits need to be before admission?
A VOB is only accurate at the moment it was run, so it should be re-verified close to the admission date, not relied on from intake. CMS's own guidance on the 271 eligibility response states the data returned "is to be considered true and accurate only at the particular time of the transaction" (CMS, HETS 270/271 FAQ). Coverage can change between intake and the actual admission date, especially for patients coming out of detox or transferring between levels of care.
What minimum information does a payer need to run an eligibility check?
At minimum, an accurate identifier, full legal first and last name, and date of birth. For Medicare specifically, CMS requires the patient's Medicare number (HICN, MBI, or RRB number) plus full first name, full last name, and date of birth to run a HETS eligibility search, with alternate search options available for edge cases (CMS, HETS 270/271 FAQ). Commercial payers generally require an equivalent minimum match set.
Can a VOB be run for a date of service far in the past or future?
No, most payer eligibility systems enforce a lookback and lookahead window, and requests outside it return an error instead of benefit data. Medicare's HETS system, for example, accepts eligibility requests for dates of service up to four years in the past and four months in the future; anything outside that range returns AAA error code "62," Date of Service Not Within Allowable Inquiry Period, rather than a coverage answer (CMS, About HETS 270/271).
Why would a patient show active coverage on one system but not another?
Different eligibility systems can pull from different underlying data sources with different refresh timing, so the same patient can show different results. CMS's own FAQ acknowledges that a HETS 271 response can differ from other Medicare eligibility sources (like IVR or CWF-based systems) due to timing differences, typically up to 24 hours, in nightly data exchanges between sources (CMS, HETS 270/271 FAQ). Commercial payer systems can behave similarly: an eligibility response reflects the data available to that specific system at that specific moment.
Does a level-of-care assessment tool replace the payer's authorization decision?
No. A clinical level-of-care assessment informs the authorization request, but the payer makes the final coverage decision. The ASAM Criteria is designed to be used by clinicians to recommend a level of care and by payers to determine what level of care they will cover for a given patient using the same dimensional criteria, but the payer's utilization management team still issues the actual authorization (ASAM, About the ASAM Criteria).
Where Ease Health fits
Ease Health's CRM checks insurance eligibility natively as part of the referral and admissions pipeline, so front desk and admissions staff aren't toggling between a separate clearinghouse portal and the record itself to confirm coverage before intake. Because Ease is a unified CRM, EHR, and RCM platform built from the ground up for behavioral health, the same system that captures the referral and runs the eligibility check also carries the patient through census, documentation, and billing, supporting levels of care including Detox, Residential, PHP, IOP, OP, MAT, OTP, and OBOT. Ease supports 42 CFR Part 2 workflows for SUD records, which matters for the consent and disclosure questions that come up during benefits verification and coordination with outside payers and referral sources. Ease's native RCM includes a behavioral-health-specialist billing team, so the eligibility data captured during VOB carries forward into UB-04 institutional billing instead of being re-entered downstream.
Sources
- CMS, About HETS 270/271
- CMS, Adopted Standards and Operating Rules
- CMS, Transactions Overview
- CMS, Health Plan Eligibility Benefit Inquiry and Response
- CMS, Referral Certification and Authorization
- CMS, Health Plan Eligibility and Benefits Transaction Basics (PDF)
- CMS, HETS 270/271 Frequently Asked Questions (PDF)
- ASAM, About the ASAM Criteria

