JMIR Publications

ABSTRACT

Background:

Home- and community-based services funded through the Medicaid program account for $125 billion in annual federal and state expenditure (Center for Medicare Services, 2023), serving millions of elderly and disabled individuals who receive care in private residences rather than institutional settings. The decentralized nature of home care delivery creates fundamental accountability challenges: services occur in private homes largely beyond direct supervisory oversight, making home care one of the highest-risk categories for Medicaid fraud. Nationwide investigations by the HHS Office of Inspector General from 2011 through 2015 recovered $975 million in fraudulent home health claims (OIG, 2016). A 2024 New York State Comptroller audit documented $14.5 billion in Medicaid personal care payments made without required electronic visit verification (Office of the New York State Comptroller, 2024). In Massachusetts, a 2024 federal conviction established that a home health agency co-owner defrauded MassHealth of at least $100 million over four years through billing for services never rendered (U.S Department of Justice, 2024). Electronic visit verification was mandated under the 21st Century Cures Act (Pub. L. No. 114-255, § 12006, 2016) to address these vulnerabilities by requiring real-time electronic capture of six data elements at each Medicaid-billable visit: service type, recipient identity, date, location, provider identity, and start and end times. MassHealth selected Sandata Technologies as the Commonwealth's designated EVV aggregator, with hard billing edits scheduled no earlier than July 2026 (MassHealth, 2025). Despite widespread EVV implementation nationally, no published peer-reviewed study has empirically characterized visit-level EVV anomaly patterns from operational agency data or documented the industry-wide pre-submission exception management infrastructure through which GPS verification failures are converted into billing-ready records before aggregator transmission. Direct telephone communication with Axxess customer support on June 16, 2026 confirmed that most agencies use the EVV Exception Center and that through this workflow an agency can achieve 100% compliance (Axxess, personal communication, June 16, 2026). WellSky customer support confirmed on the same date that flagged visits can be changed to verified visits prior to state aggregator transmission (WellSky, personal communication, June 16, 2026).

Objective:

This study had two primary objectives. First, to characterize the prevalence, typology, and distribution of EVV anomalies through quantitative analysis of 15,172 de-identified visit records from an operational Massachusetts Medicaid home care agency during the pre-enforcement window preceding MassHealth hard billing edits. Second, to document the industry-wide pre-submission exception management infrastructure across six major documentation platforms through direct vendor communication and systematic platform review, and to characterize the response pattern of Massachusetts home care agencies to voluntary research participation requests.

Methods:

This study employed a five-agency mixed-methods comparative design. Agency A: cross-sectional observational analysis of 15,172 de-identified Sandata EVV visit records from January 1 through May 20, 2026 (140 days; 120 unique patients; 52 caregivers; 11 procedure codes). Written data use authorization was obtained from Agency A leadership. Six anomaly categories were analyzed: GPS location exceptions (GPS_EXCEPTION field); non-verified visit status (VISIT_STATUS field); systematic minimum-time patterns (ACTUAL_TIME = 8.0 minutes exactly); manual time adjustments (both ADJUSTED_IN_TIME and ADJUSTED_OUT_TIME populated); batch backdating (entry creation timestamps versus visit dates); and geographic impossibility (Haversine formula applied to sequential GPS coordinates). Financial exposure was calculated by applying verified 2026 MassHealth fee schedule rates from 101 CMR 350.00 to actual billing units in non-verified visit records. Agency B: operational observation of Axxess Exception Center pre-submission workflows. Agencies C, D, and E: structured professional interviews and research participation solicitation. Twenty additional Massachusetts Medicaid-enrolled agencies were contacted by telephone for voluntary participation between June 15 and 16, 2026. Direct primary source telephone communication was conducted with Axxess and WellSky customer support on June 16, 2026, including step by step exception center workflow on how to correct a mismatched visit. Systematic review of published technical documentation was conducted for six major documentation platforms: Axxess, WellSky/Kinnser, HHAeXchange, AlayaCare, AxisCare, and Alora Health. All analyses were conducted in Microsoft Excel using raw Sandata export data.

Results:

Agency A: GPS exception flags were present in 12,683 of 15,172 visits (83.6%). The GPS_CALL_IN_DISTANCE field, available for 4,983 records, revealed a mean clock-in distance of 12,922 meters from the patient address, a median of 391 meters, and a maximum of 156,956 meters (97.5 miles). A total of 1,410 visits (9.3%) recorded distances exceeding 10 kilometers and 516 visits (3.4%) exceeded 50 kilometers. Non-verified visits totaled 3,333 (22.0%), with estimated potential financial exposure of $246,610 for the five-month period applying verified 2026 MassHealth rates (101 CMR 350.00), annualizing to approximately $642,948 at this single agency. A total of 1,992 visits (13.1%) were documented at exactly eight minutes duration, appearing across four procedure codes including G0299 registered nurse and G0300 licensed practical nurse. Employee E18 recorded 1,304 of 1,441 visits (90.5%) at exactly eight minutes — 6.9 times the agency-wide rate — across four service types, sustained over five months without attenuation. Manual time adjustments affected 601 records (4.0%), with five employees accounting for 299 of 601 adjusted visits (49.8%). Sequential visit records required implied travel speeds of 87 to 230 miles per hour between Massachusetts communities, constituting mathematical proof of fabricated location entries. A weekly batch backdating pattern was identified in which no real-time EVV entries were generated Monday through Thursday, followed by retroactive bulk entry on Friday. Agency B demonstrated systematic use of the Axxess Exception Center to normalize GPS exceptions before Sandata submission, self-reporting 96% compliance — illustrating the EVV Compliance Paradox. Agency C quality assurance professionals identified Drive-By Clock-In Fraud, in which caregivers clock in from within GPS geofence range of a patient's address without entering the premises. Agency D identified a theoretical Complicit Patient vulnerability through dual-device registration. Agency E declined research participation, stating their EVV data was problematic and they did not wish attention called to their records. Of 20 additional agencies approached, zero agreed to participate; responses included -direct refusals, non-responses, and one representative who stated no staff member had any knowledge of EVV. Vendor communication confirmed that most agencies use pre-submission exception management and that flagged visits can be reclassified as verified prior to aggregator transmission (Axxess, personal communication, June 16, 2026; WellSky, personal communication, June 16, 2026). Further documented photographic evidence from Axxess help system showing: The Exception Center workflow step by step, their own template example with a geographically mismatched visit, including a four- day visit error and correction steps: “select a reason code, type clinician signature, click update visit.” Upon completion, the visit is a verified record regardless of the original GPS mismatch or duration anomaly.

Conclusions:

EVV data contains substantially more actionable fraud intelligence than current practice extracts. Six anomaly categories affecting thousands of visits in a single Massachusetts agency over five months reflect systemic rather than isolated non-compliance. Geographic impossibility requiring 87 to 230 mph implied travel speeds constitutes mathematical proof of GPS location fabrication. Employee E18's sustained eight-minute visit pattern across 1,441 visits and four procedure codes including licensed skilled nursing is statistically impossible as a naturally occurring clinical pattern. The estimated $246,610 in potential financial exposure over five months illustrates the scale of program integrity risk operating within apparently compliant EVV systems. The EVV Compliance Paradox - confirmed by direct vendor communication - demonstrates that compliance rates in GPS-based systems may reflect exception management sophistication rather than care delivery integrity, including the step by step exception center correction workflow that verifies a patient visit with clear original GPS mismatch. The 0% research participation rate across 21 Massachusetts agencies approached, including one that explicitly cited concern about its own EVV data, suggests widespread institutional awareness of compliance vulnerabilities. GPS-based EVV is necessary but structurally insufficient. Hardware-anchored verification requiring physical presence inside the patient's home, supervised biometric enrollment, and cryptographic visit records are the architectural requirements that GPS-based systems cannot meet. Six federal regulatory recommendations are proposed: mandatory separate reporting of GPS-verified versus manually-verified compliance rates; maximum manual verification thresholds triggering mandatory audit; platform certification and direct CMS reporting requirements; random audit sampling of manually-verified visits; hardware verification mandates; and supervised biometric enrollment standards. Clinical Trial: N/A