← Features / Compliance & Reports

Compliance posture most NEMT platforms don’t document.

HIPAA Business Associate Agreement with named hosting provider. A 7-year retention commitment in writing. Automatic fraud detection. Audit-defense reports generated from the same GPS trail that defended the trip.

Book a Demo Start 14-Day Trial

Regulatory Posture

  • HIPAA compliant — AWS Business Associate Agreement signed, covering all PHI stored and processed.
  • AWS US-region hosting with multi-AZ Aurora MySQL cluster and managed failover.
  • 256-bit TLS in transit, per-company database segregation and encryption at rest.
  • Per-company encryption key on driver-device backup files — files emailed between driver devices and dispatch are not readable cross-tenant.
  • Minimum 7-year retention on trip-level and billing-level records — meets or exceeds common Medicaid and HIPAA retention expectations.

Audit Trail & Accountability

  • Every trip interaction logged — who touched it, why, when. Persistent even if the broker loses the trip.
  • GPS breadcrumb per trip and per driver-day, mappable.
  • Triple-redundant data capture — offline driver app, daily backup file, dispatcher-side restore.
  • Auditor CSV export available per-trip, per-driver for a given day, or per-vehicle for a given day.

Fraud & Anomaly Detection

  • Automatic fraud detection on suspicious completions — trips completed unusually fast are color-flagged and surfaced to dispatch. Catches device-tap fraud and accidental double-completions before billing.
  • Attributed cancellation tracking — rider vs. broker vs. dispatcher cancellations are distinguished per trip, so disputed “no-show” charges can be resolved from the record.
  • On-time performance color coding — green/yellow/red flags late trips and late broker transmissions visually.
  • Signor-type tagging on passenger signatures (Self / Facility / Parent-Guardian / UTS) — removes ambiguity in post-trip audits.

LOS Compliance — Enforced at Assignment

  • DriveBoss prevents LOS mismatches rather than reporting on them after the fact.
  • Dispatcher cannot assign a wheelchair trip to an ambulatory-only vehicle — system blocks with an error.
  • Override possible only by explicit dispatcher force — logged in the audit trail (who forced, when, which trip).
  • Net effect: LOS fraud (“billed for WCH, executed with AMB”) is near-zero, and any override is attributable.

Compliance-Positioned Reports

  • Mileage-Fraud & Route-Adherence Audit — defends against Medicaid mileage-padding audits with the optimizer’s own planned route, not Google’s shortest path.
  • Broker SLA & Hours-of-Service Compliance — OTP %, # Late PU, # Late DO for broker SLA evidence. Total Hours Logged In vs. Total Hours Worked, both machine-captured.
  • Wage-and-Hour, LOS, Rate-Reasonableness Audit — Break Time auto-calculated from app events (strong DOL evidence). Cost formula includes driver rate, fuel estimate, vehicle cost.
  • Specialty reports: Patient Care Report (PCR), Post-Incident Acknowledgement Form, New Jersey WMAV Report.
← Previous: Billing & Reconciliation Compliance & Reports — 3 of 4 Next: AI & Platform →

Ready to face your next broker audit with confidence?

Book a 30-minute demo to see the audit-defense reports in action.

Book a Demo