Real Results for New Jersey Healthcare Providers

!The Challenge

The agency was processing Electronic Visit Verification through a combination of HHAExchange manual entries and paper timesheets. Caregivers frequently forgot to clock in using the mobile app, leading to missing GPS coordinates. Billers spent an average of 12 hours per week reconciling EVV exceptions before submitting claims to Conduent. Denial rates hovered around 18%, primarily due to mismatched visit times, missing member IDs, and late submissions. The agency had already received a corrective action letter from the MCO warning that continued denial rates above 10% could trigger contract review.

⚒The Solution

Via Lucra conducted a two-week discovery engagement that mapped every step of the visit-to-claim lifecycle. We identified three root causes: (1) caregivers were not trained on the HHAExchange mobile app's offline mode, causing data gaps in low-signal areas; (2) the biller had no automated way to flag visits where clock-in and authorization windows didn't overlap; (3) there was no pre-submission validation against the 837P format requirements. We built a Python-based reconciliation pipeline that pulls EVV data from HHAExchange via API, cross-references it with authorization records from the agency's care management system, and generates a nightly exception report. Visits with time discrepancies greater than 15 minutes, missing GPS data, or mismatched procedure codes are flagged for review before claims are batched. We also created a caregiver training module covering offline clock-in, GPS permissions, and common error scenarios.

✓Measurable Results

• Claim denial rate dropped from 18% to 4.7% within 90 days
• Weekly biller reconciliation time reduced from 12 hours to under 3 hours
• MCO corrective action was lifted after two consecutive clean audit months
• Pre-submission validation catches an average of 23 exceptions per week before they become denials
• Agency retained full ownership of the reconciliation codebase and runs it on their own AWS account

!The Challenge

The provider tracked DDD Individual Service Plans and unit authorizations using a shared Excel workbook maintained by three program coordinators. Each ISP specifies a monthly allocation of authorized units for services like Community-Based Supports, Career Planning, and Behavioral Supports. When staff delivered services, hours were logged in a separate timesheet system that had no connection to the authorization tracker. At least twice per quarter, the agency discovered—after the fact—that they had delivered services beyond the authorized units for specific members. These overruns were unrecoverable: the state does not reimburse for units delivered above the ISP ceiling unless a prior authorization amendment was approved. Over the previous fiscal year, the agency estimated $47,000 in unreimbursed services due to authorization overruns and late amendment requests.

⚒The Solution

Via Lucra replaced the shared Excel workbook with a structured authorization tracking system built on a PostgreSQL database with a lightweight Next.js admin interface. Each member's ISP is entered with their authorized service categories, monthly unit caps, and effective dates. As staff log hours, the system calculates remaining units in real time and triggers alerts at 75% and 90% utilization thresholds. Program coordinators receive a weekly digest showing all members approaching their unit ceilings, giving them time to request authorization amendments from the DDD case manager before overruns occur. We also built a historical reporting module that shows utilization trends by member, service category, and group home—giving the executive team visibility into which homes are consistently under- or over-utilizing their authorizations.

✓Measurable Results

• Zero authorization overruns in the first two full quarters after deployment
• Estimated $47,000+ in annual savings from prevented unreimbursed service delivery
• Amendment requests now submitted an average of 11 days before unit exhaustion, up from 2 days after
• Program coordinators reduced authorization tracking time from 6 hours per week to under 45 minutes
• Executive team uses utilization dashboards for staffing and budget forecasting

!The Challenge

The agency had grown through acquisition, inheriting three different technology stacks across its branch offices. Patient records lived in a mix of on-premise servers, desktop applications, and cloud-based systems with inconsistent security controls. A HIPAA risk assessment revealed critical gaps: PHI was transmitted via unencrypted email between branches, two servers lacked current patch levels, backup procedures were undocumented, and there was no centralized audit log showing who accessed patient records. The agency's compliance officer flagged these findings ahead of an anticipated state survey and gave the IT team six months to remediate. The internal IT staff of two people lacked cloud and security expertise to execute the remediation independently.

⚒The Solution

Via Lucra designed and implemented a consolidated cloud infrastructure on AWS that brought all five branches onto a single, HIPAA-aligned platform. We started with a thorough inventory of all systems touching PHI, mapping data flows between branches, external partners (MCOs, clearinghouses, labs), and state systems. The architecture centered on a landing zone pattern: a dedicated AWS Organization with separate accounts for production, staging, and shared services. All PHI storage uses AES-256 encryption at rest via AWS KMS with customer-managed keys. Data in transit is enforced through TLS 1.2+ with certificate pinning for API integrations. We deployed a centralized logging stack using CloudTrail, VPC Flow Logs, and GuardDuty findings aggregated into a Security Hub dashboard that the compliance officer reviews weekly. Access controls follow role-based patterns through AWS IAM Identity Center, with MFA enforced for all users accessing PHI systems. We wrote Terraform modules for the entire infrastructure, enabling repeatable deployments and drift detection. The team also received 16 hours of hands-on training covering incident response procedures, log review workflows, and infrastructure change management.

✓Measurable Results

• All five branches consolidated onto a single HIPAA-aligned AWS platform within 5 months
• Passed state survey with zero PHI-related findings for the first time in agency history
• Centralized audit logging reduced compliance officer review time from 20 hours per month to 4 hours
• Mean time to detect unauthorized access attempts improved from "unknown" to under 15 minutes via GuardDuty alerts
• Infrastructure-as-code coverage reached 100%, eliminating configuration drift across environments
• Agency IT team independently manages day-to-day operations using runbooks and SOPs delivered during knowledge transfer