CT EVV for Medicaid compliance

Medicaid EVV compliance, automatic.

All six federally mandated 21st Century Cures Act data points captured on every visit. Zero manual entry, zero missed fields. Avoid penalties up to $5,000 per violation while running an EVV solution your caregivers will actually use.

Schedule a compliance review How compliance works
6/6
Federal data points captured
$5,000
Per-violation penalty avoided
Audit-ready
Tamper-evident trail on every visit
What the Cures Act requires
The 6 federal EVV data points

21st Century Cures Act, Section 12006: all of these must be captured for every Medicaid-funded personal care and home health visit.

  • Type of service performed
  • Individual receiving the service
  • Date of the service
  • Location of service delivery
  • Individual providing the service
  • Start and end time of the service
All 6 data points
Captured automatically
Tamper-evident
Cryptographic audit trail
HIPAA-aligned
Encryption + access control
Multi-state ready
Federal mandate handled uniformly
Why this matters

EVV compliance penalties are real, but the bigger risk is failing the audit.

The 21st Century Cures Act, Section 12006 (2016) requires Medicaid programs to use Electronic Visit Verification for personal care and home health services. The federal mandate carries the threat of reduced federal Medicaid match (FMAP) for non-compliant states, which states pass through as penalties on agencies. Per-violation costs can reach $5,000, and rejected claims for visits without proper EVV data accumulate fast.

But the bigger risk is the structural one: when a state Medicaid audit reviews EVV data and finds inconsistencies — missing data points, edited records, GPS that doesn't match documented locations, late entries that look reconstructed — the consequences scale beyond per-visit penalties. Recoupment, increased audit frequency, and provider status reviews become possible.

CT EVV captures all six federal data points automatically on every visit, with a tamper-evident audit trail that survives audit scrutiny. Type of service, individual receiving service, date, location (GPS-verified), provider (biometrically authenticated), and start/end time — none of these are manually entered, none can be silently edited, and the cryptographic audit log shows every action with timestamps. The compliance posture isn't a posture; it's the actual data.

What audit-ready Cures Act compliance requires
  • All 6 data points captured automatically — no manual entry, no missed fields
  • GPS-verified location — so the location data point is actually verified
  • Biometric authentication — so the provider data point is actually who claims to provide it
  • Tamper-evident audit trail — so edited records are detectable
  • Exportable evidence packages — so audit response is fast
How CT EVV satisfies the federal mandate

Compliance built into the platform, not bolted on.

All 6 data points captured automatically

Every visit captures type of service (selected from configured visit types), individual receiving service (from consumer record), date (system clock), location (GPS at check-in), provider (biometrically authenticated user), and start/end time (system-recorded check-in/check-out). Zero manual entry.

GPS-verified location at check-in

The location data point isn't 'whatever the worker said' — it's actual GPS coordinates captured at the moment of check-in. Continuous GPS during the visit + movement detection alerts add additional verification that the worker stayed at the location.

Biometric authentication of the provider

Face ID, Touch ID, and Fingerprint mean the provider data point is actually the authenticated user, not just whoever logged in. Credentials in hardware-backed secure storage prevent shared logins. Buddy-punching becomes detectable.

Tamper-evident audit trail

Every visit produces a cryptographically signed record. Edits to visit records are themselves logged; you can see if and when something was changed and by whom. Audit certificates show every action: viewed, edited, signed, with timestamps and user attribution.

Audit-ready exports

When a state Medicaid audit asks for evidence, you can filter visits by date, consumer, worker, or program and export complete records including all 6 data points, GPS coordinates, audit trail, and signatures. What used to be a panic week of evidence collection becomes a 30-minute task.

Multi-tenant compliance isolation

Each agency's compliance posture is isolated from every other agency's. Per-tenant configuration of visit types, consumers, workers, and program mappings. Audit responses scope cleanly to the agency without exposing other tenants.

What it looks like in practice

A few ways teams use this.

State Medicaid audit review

State audit team requests EVV data for 50 randomly-selected visits from the prior quarter. You filter the admin view to those specific visits, export each one's complete record — all 6 federal data points, GPS coordinates, audit trail, signatures, admin notes — into a clean evidence package. The auditor reviews and confirms compliance. What would have been a week of manual evidence assembly is a half-day of file management.

Investigation of a billing discrepancy

Insurance flags a visit as potentially fraudulent — claim received but they don't believe service was rendered. You pull the visit: GPS shows worker was at the consumer's location for 2 hours, biometric login confirms it was the assigned worker, signature capture shows consumer's signed acknowledgement, no audit-trail edits. The investigation closes in your favor with a complete evidence package.

Year-over-year compliance reporting

End of fiscal year, you need to report on EVV compliance metrics across all visits for the year. The admin view exports aggregate compliance data: percentage of visits with complete data points (target: 100%), percentage with GPS within tolerance, percentage with biometric authentication, percentage with audit-trail integrity. The report writes itself.

Frequently asked

Common Medicaid EVV compliance questions.

Does CT EVV satisfy the 21st Century Cures Act for all required service types?
CT EVV is built around the federal Cures Act mandate for personal care services (PCS) and home health services (HHS). The platform captures all six federally required data points (type of service, individual receiving service, date, location, provider, start/end time) automatically on every visit. Specific state implementations of the federal mandate can vary; we'll review your state's specific requirements during a compliance review.

What are the penalties for EVV non-compliance?
The federal Cures Act provides for reductions in federal Medicaid match (FMAP) for non-compliant states, which states pass through as penalties on agencies. Per-violation penalties can reach $5,000. Beyond per-visit penalties, structural risks include claim rejection, recoupment, increased audit frequency, and provider status reviews. The cost of non-compliance compounds quickly compared to the cost of a working EVV system.

How does CT EVV handle states that use an aggregator EVV model?
Several states use an aggregator model where multiple EVV vendors feed data into a centralized state aggregator. CT EVV is designed to support these integrations — specific aggregator pairings vary by state and we'll walk through your state's setup during a compliance review. The data captured in CT EVV is the data the aggregator needs.

What evidence does CT EVV provide for an audit?
Every visit produces a complete record exportable for audit: all 6 federal data points, GPS coordinates with timestamps, biometric authentication confirmation, signature capture, admin notes with attribution, audit trail of every action on the visit record. Records are tamper-evident — edits are themselves logged with attribution, so any post-visit modification is detectable. This is the evidence package state Medicaid audits expect.

Does CT EVV work for HCBS waiver services beyond personal care and home health?
Yes. While the federal Cures Act mandate specifically covers personal care services (PCS) and home health services (HHS), CT EVV's underlying capture works for any visit-based service — including HCBS waiver services like respite, supported employment, day habilitation visits, and others where state programs require visit verification. Visit types are configurable per agency.

How does CT EVV's tamper-evident audit trail actually work?
Every visit record is cryptographically signed at the time of capture. Subsequent edits are themselves logged as separate events with attribution and timestamps, and the audit certificate shows the full history. The signature math means a record cannot be silently altered after the fact — any modification is detectable through the cryptographic chain. This is the standard auditors and forensic reviewers expect.
Related

More on CT EVV

CT EVV

EVV software for home health agencies

The full home health agency tour — field app + admin web view, audit-ready by design.

Read more
CT EVV

GPS visit verification for caregivers

Continuous GPS, movement detection, and tamper-evident logs — the proof under the compliance posture.

Read more
CT EVV

CT EVV overview

The full mobile-app-and-admin-web-view tour of the EVV platform.

Read more

Cures Act compliance, without the per-visit penalty risk.

Schedule a compliance review. We'll walk through your state's specific EVV requirements and how CT EVV satisfies them with an audit-ready trail.

Schedule a compliance review Back to CT EVV