NEMT Compliance Guide 2026: Complete Requirements, Regulations & Checklist

Introduction: Why NEMT Compliance Determines Your Business Survival

A single HIPAA breach can cost your NEMT company $350,000 in settlements. One False Claims Act investigation can trigger $4.2 million in penalties. Miss your monthly OIG exclusion screening, and you’re facing immediate broker contract termination—along with 40-80% revenue loss within 30 days.

NEMT compliance isn’t paperwork. It’s the difference between a thriving transportation company and bankruptcy court.

The numbers tell a brutal story. Providers facing Medicaid audits experience 40-60% revenue crashes. Those excluded from federal healthcare programs lose 100% of their Medicaid revenue stream—often permanently. FMCSA safety violations stack up at $1,584 per day. And the legal defense costs? Budget $150,000 to $500,000 before you even see a courtroom.

Here’s what most NEMT owners don’t understand: compliance failures cascade. A missed driver background check triggers broker termination. Broker termination triggers insurance non-renewal. Insurance non-renewal makes you uninsurable in the standard market. Suddenly, you’re paying 300% higher premiums through surplus lines carriers—if anyone will cover you at all.

But compliant providers? They see the opposite trajectory. Preferred broker status. 12-18% EBITDA margins. 140% valuation growth over five years. Stable insurance coverage at competitive rates.

This guide covers every federal, state, and broker requirement you need to master in 2025-2026. Whether you’re launching your first vehicle or managing a multi-state fleet, the information here will protect your business, your drivers, and your patients.

If you’re evaluating whether NEMT is profitable, understand this first: profitability depends entirely on compliance. Non-compliant providers don’t stay in business long enough to turn a profit.

---

What Is NEMT Compliance?

NEMT compliance is the complete system of federal regulations, state Medicaid rules, broker contracts, and operational standards that govern non-emergency medical transportation providers. It determines whether you can bill Medicaid, contract with brokers, and legally operate your fleet.

Think of compliance as a four-layer hierarchy:

Federal requirements form the floor. Every NEMT provider receiving Medicaid funds must meet standards set by CMS, HHS, DOT, FMCSA, FTA, and HHS OCR. These include 42 CFR § 431.53 (the transportation assurance mandate), HIPAA privacy and security rules, ADA accessibility standards, and drug testing requirements.

State Medicaid rules add another layer. Each state implements federal mandates differently through their Medicaid State Plan. California requires CPUC TCP permits. Texas mandates TxDMV livery plates. New York has Article 19-A driver programs. You must meet your state’s specific requirements—not just federal minimums.

Broker and MCO contracts often impose the strictest standards. ModivCare, MTM, Veyo, and Access2Care each have credentialing requirements that exceed state and federal floors. Miss their documentation deadlines or performance thresholds, and you’re de-fleeted regardless of your regulatory standing.

Internal operational controls make everything work. Your policies, procedures, training programs, and monitoring systems determine whether you actually achieve compliance—or just have good paperwork.

The hierarchy operates on a “strictest standard applies” principle. If federal law requires annual vehicle inspections but your broker contract demands semi-annual inspections, you do semi-annual. If your state requires $500,000 auto liability but ModivCare requires $1.5 million, you carry $1.5 million.

Non-compliance at any level blocks Medicaid reimbursement. A provider with perfect federal compliance but an expired state permit can’t bill. A provider meeting all government requirements but failing broker credentialing can’t receive trips.

For detailed guidance on starting your NEMT billing operations, compliance must come first—before you submit a single claim.

---

Federal NEMT Compliance Requirements

Federal requirements establish the baseline every NEMT provider must meet. These aren’t optional guidelines—they’re conditions for Medicaid participation and legal operation.

42 CFR § 431.53: Transportation Assurance Mandate

The foundation of NEMT compliance sits in 42 CFR § 431.53, which requires state Medicaid programs to assure transportation to medical services. This regulation creates the entire NEMT industry by mandating that beneficiaries have access to transportation for covered services.

Under this rule, states must describe their Methods of Administration for providing transportation in their State Plans. Providers participating in these programs inherit specific documentation, eligibility verification, and service delivery requirements tied to federal financial participation (FFP).

CMS Medicaid Provider Requirements

CMS establishes provider screening and enrollment standards through 42 CFR Part 455. NEMT providers face “moderate” or “high” risk categorization under § 455.450, requiring:

• Criminal background checks for owners with 5%+ ownership
• NPI registration with correct taxonomy codes (343900000X for ambulette, 342000000X for wheelchair van)
• SAM.gov registration and Unique Entity ID (UEI)
• Monthly OIG/LEIE exclusion screening
• Site inspections for initial enrollment and relocation

Revalidation occurs every 1-5 years depending on state and risk level. Miss a revalidation deadline, and your billing privileges freeze.

OIG Exclusion Screening Obligations

The OIG List of Excluded Individuals/Entities (LEIE) screening isn’t a suggestion—it’s a federal mandate. Under 42 CFR Part 1001, you cannot employ or contract with excluded individuals for any services reimbursed by federal healthcare programs.

Screen all employees and contractors monthly against:

• OIG LEIE database
• SAM.gov exclusion records
• State Medicaid exclusion lists

Document every search with timestamps, search parameters, and results. A single day of employing an excluded individual triggers overpayment liability for all claims during that period.

FMCSA Regulations for Commercial Vehicles

Vehicles with Gross Vehicle Weight Rating (GVWR) of 10,001 lbs or more fall under FMCSA jurisdiction per 49 CFR § 390.5. Requirements include:

• Driver qualification files per 49 CFR Part 391
• Hours-of-service compliance per 49 CFR Part 395 (if applicable)
• Vehicle inspection, repair, and maintenance per 49 CFR Part 396
• Drug and alcohol testing per 49 CFR Part 382

Even if your vehicles fall below GVWR thresholds, state laws and broker contracts often impose equivalent standards.

FTA Drug and Alcohol Testing Requirements

Providers receiving FTA funding (Section 5310, 5311 programs) must comply with 49 CFR Part 655 drug and alcohol testing requirements:

• Pre-employment testing (mandatory)
• Random testing (50% drug, 10% alcohol annually)
• Post-accident testing (within 32 hours for drugs, 8 hours for alcohol)
• Reasonable suspicion testing
• Return-to-duty and follow-up testing

The DOT 5-panel drug test screens for marijuana, cocaine, amphetamines, opiates, and PCP. Positive results or refusals require immediate removal from safety-sensitive functions.

ADA Accessibility Standards

ADA Title III and DOT regulations (49 CFR Parts 37 and 38) mandate accessibility for demand-responsive transportation:

• Wheelchair lifts with minimum 600 lb capacity (brokers often require 1,000 lb)
• 30-inch clear width, 48-inch platform length
• 4-point securement systems meeting WC18/WC19 crash-testing standards
• Interlock systems preventing vehicle movement when lifts are deployed
• Grab bars, slip-resistant flooring, and proper signage

Daily pre-trip lift testing and annual load tests are standard requirements.

2025-2026 Federal Policy Updates

The CMS-0057-F Interoperability and Prior Authorization Rule is reshaping NEMT operations. Key changes include:

• Electronic prior authorization (ePA) requirements through standardized APIs
• Shortened PA decision timelines (7 calendar days standard)
• Automated compliance verification through interoperability APIs

Providers should prepare for increased electronic documentation requirements and real-time eligibility verification mandates.

For complete guidance on NEMT prior authorization requirements, review both federal timelines and your specific state/broker obligations.

---

NEMT Driver Compliance Requirements

Your drivers are the front line of compliance. A single unqualified driver can trigger broker termination, insurance claims, and regulatory penalties that cascade through your entire operation.

Driver Licensing and Qualification Standards

Minimum driver requirements across most states and brokers:

• Age 21+ (some states allow 18+ for non-CDL vehicles)
• Valid in-state driver’s license held for minimum 3 years
• CDL with passenger endorsement for vehicles over 15 passengers or 26,001 lbs GVWR
• DOT Medical Card (MCSA-5876) current and valid
• State-specific endorsements (for-hire, livery, chauffeur) where required

California requires VSSI certification. New York mandates Article 19-A compliance including biennial road tests and medical exams. Texas requires TxDMV livery endorsement for all for-hire vehicles.

Background Check Requirements

Criminal background screening must cover:

• Multi-jurisdiction criminal database search (7-year lookback minimum)
• County and state criminal court searches
• Federal court search
• FBI fingerprint-based check (required in FL, PA, NY, and increasingly elsewhere)
• Sex offender registry (National Sex Offender Public Website + state registries)
• Child and adult abuse registries
• State-specific registries (AHCA Clearinghouse in Florida, Justice Center in New York)

Permanent disqualifiers typically include:

• Sex offenses requiring registration
• Violent felonies (homicide, kidnapping, assault)
• Human trafficking
• Child or elder abuse
• Healthcare fraud or Medicaid fraud

Most brokers require background check completion within 30 days of hire and annual re-screening thereafter.

Motor Vehicle Record (MVR) Standards

MVR requirements vary by state and broker but generally include:

• 3-7 year lookback period
• Maximum point thresholds (4-6 points typical)
• Zero tolerance for DUI/DWI within lookback period
• No more than 2-3 moving violations
• No at-fault accidents involving serious injury
• No reckless driving, hit-and-run, or racing violations

Pull MVRs pre-hire, then annually at minimum. Many brokers require quarterly or continuous MVR monitoring. Drivers must self-report any violations within 24-72 hours.

Drug and Alcohol Testing Programs

Whether DOT-regulated or not, most NEMT programs require:

Pre-employment testing: 5-panel minimum (10-panel increasingly common) Random testing: Typically 50% drug, 10% alcohol annually Post-accident testing: Following accidents meeting defined thresholds Reasonable suspicion testing: When supervisors observe signs of impairment Return-to-duty testing: After any positive result, following SAP evaluation

DOT-regulated drivers must be enrolled in the FMCSA Drug & Alcohol Clearinghouse. Positive results or refusals create permanent records affecting future employment.

Required Training and Certifications

Standard certification requirements include:

• PASS Certification (Passenger Assistance, Safety and Sensitivity): 8-16 hours covering passenger assistance, disability awareness, and safety protocols
• CPR/AED Certification: American Heart Association or Red Cross, renewed every 2 years
• First Aid Certification: Basic first aid, renewed every 2 years
• HIPAA Training: Annual training on PHI handling for transportation
• Defensive Driving: Initial and refresher training every 2-3 years
• Wheelchair Securement: Hands-on training for 4-point tie-down systems
• Bloodborne Pathogens: OSHA-compliant training per 29 CFR 1910.1030

Document all training with dates, content covered, assessment scores, and signed attestations. Brokers audit training records quarterly.

Physical Examination Requirements

DOT Medical Cards are required for CDL drivers and often mandated by brokers for all drivers. Examinations must be conducted by National Registry-listed medical examiners and renewed every 24 months (or more frequently if medical conditions require).

Ongoing Compliance Verification

Continuous monitoring prevents compliance gaps:

• Monthly OIG/LEIE screening for all drivers
• Quarterly MVR pulls (or continuous monitoring service)
• Annual background check refresh
• Tracking expiration dates for licenses, certifications, and medical cards
• Automated alerts 60, 30, and 7 days before any credential expires

Modern NEMT software platforms include credential tracking with hard-lock dispatch features—preventing non-compliant drivers from receiving trip assignments.

Complete Driver Compliance Checklist

Requirement	Standard	Frequency	Documentation
Driver’s License	Valid, in-state, appropriate class	Continuous	Copy in file
CDL + Endorsements	P endorsement for 16+ passengers	Continuous	Copy in file
DOT Medical Card	MCSA-5876, National Registry examiner	Every 24 months	Original or copy
Criminal Background	7-year lookback, all databases	Pre-hire + annual	Screening report
MVR	Clean per state/broker standards	Pre-hire + quarterly	MVR report
OIG/LEIE/SAM Screening	No exclusions	Monthly	Search logs
Drug Test	5-panel or 10-panel negative	Pre-hire + random	Lab results
PASS Certification	Current, approved provider	Every 2-3 years	Certificate
CPR/First Aid	AHA or Red Cross current	Every 2 years	Certificate
HIPAA Training	Annual completion	Annual	Signed attestation
Defensive Driving	State-approved course	Every 2-3 years	Certificate

---

NEMT Vehicle Compliance Requirements

Vehicle compliance protects passengers, satisfies regulators, and keeps your fleet on the road. One failed inspection can ground a vehicle for days—costing you revenue and potentially triggering broker penalties.

Federal DOT Vehicle Standards

FMCSA regulations under 49 CFR Part 396 establish maintenance and inspection requirements for commercial motor vehicles:

• Systematic inspection, repair, and maintenance programs
• Driver Vehicle Inspection Reports (DVIRs) for pre-trip and post-trip inspections
• Annual inspections by qualified inspectors per § 396.17
• Documentation retention for vehicle life plus 3 years
• Immediate repair of any condition likely to cause accident or breakdown

Vehicles must display current inspection decals where required. Out-of-service violations result in immediate grounding until repairs are completed and re-inspection passed.

State Safety Inspection Requirements

State inspection requirements vary significantly:

California: VSSI (Vehicle Safety Systems Inspection) through BAR-certified stations; CHP BIT inspection for vehicles over 10,001 lbs GVWR Texas: Annual DPS safety inspection New York: Semi-annual NYS DOT and TLC B-26 inspections for ambulettes Florida: Annual state inspection Ohio: OSHP inspection for ambulette certification Pennsylvania: Semi-annual inspection for vehicles over certain age thresholds

Check your state’s specific requirements—many Medicaid programs and brokers impose inspection frequencies stricter than general state law.

ADA Accessibility Equipment Standards

Wheelchair accessible vehicles must meet 49 CFR Part 38 specifications:

Wheelchair Lifts:

• Minimum 600 lb platform capacity (1,000 lb broker standard)
• 30-inch minimum clear width
• 48-inch minimum platform length
• 1.5-inch platform barriers on sides
• Interlock preventing vehicle movement during operation
• Annual load testing and quarterly lubrication

Securement Systems:

• 4-point tie-down with floor anchors
• Lap and shoulder belts
• WC18/WC19 crash-tested components rated for 20-g forces
• 2,000 lb per strap minimum capacity

Interior Requirements:

• 30 x 48-inch minimum securement area
• 56-68 inch door height depending on vehicle length
• Grab bars (1.25-1.5 inch diameter)
• Slip-resistant flooring
• International Symbol of Accessibility signage

Daily Pre-Trip Inspection Requirements

Every vehicle requires documented pre-trip inspection before dispatch:

System	Inspection Points
Tires	Tread depth, inflation, no bulges/cuts/damage
Brakes	Pad thickness, drum/rotor condition, no leaks
Fluids	Oil, coolant, power steering, brake fluid levels
Lights	Headlights, brake lights, turn signals, hazards
Wheelchair Equipment	Lift deploy/retract test, securement hardware, control labels
Climate Control	A/C and heater functional
Safety Equipment	Fire extinguisher, first aid kit, triangles present
Interior	Clean, no odors, seats intact, floors dry
Exterior	Mirrors secure, no damage affecting safety

Drivers must sign DVIRs documenting inspection completion. Any defects require documentation and repair tracking.

Preventive Maintenance Schedules

Interval	Service Items
Daily	Pre-trip/post-trip inspection, fluid top-off
Monthly	Detailed fluid check, minor service items
Quarterly	Battery test, ADA equipment lubrication, HVAC check
Every 3,000-5,000 miles	Oil and filter change, tire rotation
Every 6,000-12,000 miles	Brake inspection, tire alignment
Semi-annual	Major systems check, electrical inspection
Annual	Full safety inspection, lift load test, brake service
Every 30,000 miles	Detailed inspection, spark plugs, coolant flush

Vehicle Age and Mileage Limits

Brokers and state programs impose vehicle age and mileage caps:

State/Broker	Age Limit	Mileage Limit
Virginia DMAS	12 years	250,000 miles
California Medi-Cal	10-15 years	250,000-300,000 miles
Texas MTP	7-10 years (new enrollment)	200,000 miles
Ohio ODM	15 years	350,000 miles
ModivCare	10 years typical	200,000-300,000 miles
Veyo	10 years	Varies by state

Wheelchair accessible vehicles sometimes receive 2-3 year extensions if passing enhanced clinical-grade inspections.

Required Safety Equipment

Every NEMT vehicle must carry:

• Fire extinguisher: 2A:10B:C rated, 5 lb minimum, secured mount
• First aid kit: ANSI-compliant Class A contents
• Emergency triangles: DOT-compliant reflective triangles (3)
• Spill kit/biohazard kit: For body fluid cleanup
• Seatbelt cutter: Driver-accessible
• Wheel chocks: For wheelchair loading on inclines

Stretcher vehicles may require AED equipment. Check broker and state requirements for additional mandates.

Vehicle Documentation and Record Retention

Maintain complete Vehicle Life Files containing:

• Registration and title documents
• Insurance certificates (ACORD 25 with vehicle VIN)
• All inspection reports and certificates
• Maintenance receipts with dates, mileage, work performed
• Lift certifications and load test results
• DVIR logs
• Accident and incident reports
• Cleaning and sanitation records

Retention requirement: Vehicle life plus 3 years minimum. Brokers require 24-48 hour document retrieval capability for audits.

Complete Vehicle Compliance Checklist

Requirement	Standard	Frequency	Documentation
Registration	Current, matching VIN	Annual renewal	Certificate
Insurance	Meets state/broker minimums	Continuous	ACORD 25
State Safety Inspection	Pass all required points	Annual/semi-annual	Decal + certificate
DOT Annual Inspection	§396.17 compliant	Annual	Inspection report
ADA Lift Certification	Load test passed	Annual	Certification document
Pre-Trip Inspection	DVIR completed	Daily	Signed DVIR
Preventive Maintenance	Per schedule	Per schedule	Service records
Safety Equipment	All items present and functional	Daily verification	Pre-trip log
Vehicle Markings	Company name, NPI where required	Continuous	Visual verification
GPS/Telematics	Functional, transmitting	Continuous	System logs

---

HIPAA Compliance for NEMT Providers

NEMT providers handle Protected Health Information (PHI) every day—patient names, addresses, medical conditions, appointment details, and Medicaid IDs. This makes you a Business Associate under HIPAA, subject to Privacy Rule, Security Rule, and Breach Notification requirements.

HIPAA violations in NEMT aren’t theoretical. OCR settlements in healthcare transportation have reached $5.55 million. A single unsecured driver tablet can expose thousands of patient records.

Understanding PHI in Medical Transportation

Your operations generate and handle extensive PHI:

Patient Identifiers: Full names, dates of birth, Social Security Numbers, Medicaid/Medicare IDs, phone numbers, home addresses

Medical Information: Diagnoses (ICD-10 codes), mobility status, oxygen requirements, infectious disease status, behavioral health flags

Trip Data: Pickup and drop-off locations (often medical facilities), appointment times, reasons for transport

Billing Records: Prior authorization codes, claim numbers, Explanation of Benefits

Operational Records: Driver notes, trip manifests, Proof of Delivery documents, GPS coordinates with timestamps

All of this is PHI. All of it requires protection.

HIPAA Privacy Rule Requirements

The Privacy Rule (45 CFR Part 164, Subpart E) governs PHI use and disclosure:

Minimum Necessary Standard: Access only the PHI needed to perform job functions. Drivers need pickup/drop-off names and locations—not diagnosis codes. Billing staff need Medicaid IDs and codes—not complete medical histories.

Permitted Disclosures: You may disclose PHI for:

• Treatment (sharing info with healthcare providers)
• Payment (billing, claims submission)
• Healthcare operations (internal audits, quality improvement)
• Legal requirements (subpoenas, court orders)
• Public health reporting

Patient Authorization: Any disclosure outside these categories requires written patient authorization.

Notice of Privacy Practices: Maintain current NPP and provide to patients upon request.

HIPAA Security Rule Implementation

The Security Rule (45 CFR Part 164, Subpart C) requires technical, administrative, and physical safeguards for electronic PHI (ePHI):

Technical Safeguards:

Control	2026 Standard
Encryption at Rest	AES-256 for all databases, hard drives, cloud storage
Encryption in Transit	TLS 1.3 for all data transmission
Access Control	Unique user IDs, role-based access, no shared logins
Authentication	Multi-factor authentication for all remote access
Automatic Logoff	Workstations: 5 minutes; Mobile devices: 2 minutes
Audit Logging	All PHI access logged, reviewed weekly

Administrative Safeguards:

• Annual risk analysis and security assessment
• Written security policies and procedures
• Designated Security Officer
• Workforce training program
• Incident response procedures
• Business Associate Agreement management

Physical Safeguards:

• Locked server rooms and dispatch offices
• Privacy screens on monitors
• Locked clipboards for paper manifests in vehicles
• DoD-standard wiping for device disposal
• Facility access controls

Business Associate Agreements (BAAs)

You need signed BAAs with every vendor handling PHI:

• Dispatch software providers
• Billing services (including NEMT billing specialists)
• GPS and telematics vendors
• Cloud storage providers
• Email encryption services
• Shredding services

BAAs must specify:

• Permitted uses and disclosures
• Required safeguards
• Breach reporting obligations (10-72 hours)
• Subcontractor flow-down requirements
• PHI return or destruction upon termination

Review and update BAAs annually.

Staff HIPAA Training Requirements

Per § 164.308(a)(5), workforce training is mandatory:

Initial Training: Within first week of hire or before PHI access Annual Refresher: All staff, documented completion Role-Based Content:

• Drivers: PHI handling in vehicles, secure communication, device security
• Dispatchers: Minimum necessary access, secure transmission, verbal PHI protocols
• Billing Staff: Claims security, PHI in billing systems, breach recognition

Required Topics:

• PHI definition and examples in NEMT
• Permitted vs. prohibited disclosures
• Security procedures (passwords, encryption, device handling)
• Incident reporting procedures
• Breach consequences

Document training with dates, attendees, content covered, assessment scores, and signed attestations. Retain records for 6 years.

Breach Notification Procedures

When unauthorized PHI access, use, or disclosure occurs:

Immediate Steps:

1. Contain the breach (secure devices, revoke access)
2. Preserve evidence
3. Document the incident
4. Conduct risk assessment

Notification Timelines:

• Individuals: Without unreasonable delay, maximum 60 days
• HHS OCR: Within 60 days if 500+ individuals affected; annual report if fewer
• Media: Within 7 days if 500+ individuals affected in a state

Safe Harbor: Encrypted PHI breaches may not require notification if encryption meets NIST standards.

Document all breach responses, notifications sent, and corrective actions taken.

PHI Retention and Destruction Policies

Retention: Minimum 6 years for HIPAA documentation; 7-10 years for trip records and billing files to satisfy Medicaid audit requirements

Destruction:

• Paper: Cross-cut shredding
• Electronic: DoD 5220.22-M standard (3+ pass wipe) or physical destruction
• Devices: Remove from service, wipe, then dispose through certified e-waste vendor

HIPAA Compliance Checklist for NEMT

Requirement	Standard	Frequency	Documentation
Risk Analysis	Full security assessment	Annual	Risk analysis report
Security Policies	Written, current	Annual review	Policy manual
Workforce Training	All staff, role-based	Initial + annual	Training logs, attestations
Business Associate Agreements	All PHI vendors	Continuous + annual review	Signed BAAs
Access Controls	Unique IDs, RBAC, MFA	Continuous	System configuration
Encryption	AES-256 rest, TLS 1.3 transit	Continuous	Technical documentation
Audit Logging	All PHI access logged	Continuous, weekly review	Audit log reports
Incident Response	Documented procedures	As needed	Incident reports
Breach Notification	Per timeline requirements	As needed	Notification records
PHI Destruction	Secure disposal verified	As needed	Destruction certificates

---

NEMT Insurance Compliance Requirements

Insurance isn’t just about protecting against accidents. For NEMT providers, insurance compliance determines whether you can contract with brokers, bill Medicaid, and legally operate your fleet.

Commercial Auto Liability Requirements

Commercial auto liability insurance is mandatory—personal auto policies won’t satisfy any broker or state requirement.

Federal Minimum (49 CFR § 387.9): $750,000 for interstate CMVs

State and Broker Minimums:

Coverage Scenario	Typical Requirement
Sedans, ≤15 passengers	$1,000,000 CSL
Wheelchair vans, ≤15 passengers	$1,500,000 CSL
Vehicles >15 passengers	$5,000,000+ CSL
Medical payments	$1,000-$5,000 per person
UM/UIM coverage	$1,000,000 recommended

Required Coverage Types:

• Combined Single Limit (CSL) for bodily injury and property damage
• Hired and Non-Owned Auto (HNOA) coverage
• Passenger hazard endorsement
• Abuse and Molestation rider

Cost Expectations: $4,000-$18,000 per vehicle annually; wheelchair vans run $8,000-$19,000 depending on state.

General Liability Insurance

General liability protects against third-party claims outside vehicle operations:

• Passenger injuries during boarding/exiting at facilities
• Property damage at pickup/drop-off locations
• Premises liability at your office location
• Professional liability (errors in scheduling, missed appointments)

Typical Requirements:

• $1,000,000 per occurrence
• $2,000,000 aggregate
• Abuse and Molestation sub-limit ($1,000,000 typical)
• Professional liability (Errors & Omissions) where required

Workers’ Compensation Requirements

Workers’ comp is mandatory in most states for employers with any employees:

Monopolistic States (must purchase through state fund): Ohio (BWC), Washington (L&I), North Dakota (WSI), Wyoming (DWS)

Competitive States: Private insurers compete; Texas allows non-subscription (but brokers still require coverage)

Requirements:

• Statutory limits per state
• Employer’s liability ($500,000-$1,000,000)
• Coverage for all employees, including drivers

Your Experience Modifier Rate (EMR) affects premiums—0.8x for excellent safety records, 1.5x or higher for poor records.

State-Specific Insurance Mandates

State	Commercial Auto	General Liability	Workers’ Comp
California	$1M-$1.5M CSL	$1M/$2M	Statutory, unlimited
Texas	$500K-$1.5M CSL	$1M/$2M	Optional but broker-required
New York	$1M-$1.5M CSL	$1M/$2M	Statutory
Florida	$300K-$1M CSL	$1M/$2M	$500K per accident
Pennsylvania	PUC requirements	$1M/$2M	Statutory
Ohio	Varies by vehicle	$1M/$2M	BWC fund, $500K
Virginia	$500K-$1M CSL	$1M/$2M	$500K per accident
Indiana	$500K-$1M CSL	$1M/$2M	Statutory

Multi-state operators must meet the strictest applicable requirement across all operating states.

Broker Insurance Requirements

Brokers impose specific insurance requirements beyond state minimums:

ModivCare: $1-1.5M CSL auto, $1M/$2M GL, workers’ comp, SAM coverage MTM: $1-1.5M CSL auto, $1M/$2M GL, workers’ comp, abuse/molestation rider Veyo: $1M CSL minimum, SAM coverage, hospital-specific requirements Access2Care: $1M CSL minimum, SAM coverage, MCO-specific additions

All brokers require:

• Named as Additional Insured and Certificate Holder
• Primary/Non-Contributory endorsement
• Waiver of Subrogation
• 30-60 day cancellation notice provision

Certificate of Insurance (COI) Standards

Proper COI documentation prevents de-fleeting:

ACORD 25 (Commercial Auto):

• All covered vehicle VINs or “All Owned Autos”
• Correct CSL limits displayed
• Hired/Non-Owned coverage indicated
• Certificate Holder and Additional Insured fields completed
• 30-day cancellation notice in cancellation field

ACORD 126 (General Liability/Workers’ Comp):

• Per occurrence and aggregate limits
• Abuse/Molestation sub-limit if required
• Workers’ comp statutory compliance indicated
• Same certificate holder and additional insured requirements

Submission Process:

• Upload to broker portals within deadlines (typically Jan 15 for Jan 1 renewals)
• Allow 48 hours for processing
• Respond immediately to any rejection or correction requests
• Set alerts for 60/30/7 days before expiration

Consequences of Lapse:

• Immediate de-fleeting from dispatch
• Trip suspension (7-30 days typical)
• Contract termination (30+ days lapse)
• Revenue loss: 40-80%
• Clawback of payments for trips during uninsured period

Insurance Requirements by State

State	Auto Liability	GL	WC	Broker Requirements
California	$1M-$1.5M CSL	$1M/$2M	Unlimited statutory	Medi-Cal + broker as add’l insured
Texas	$500K-$1.5M CSL	$1M/$2M	Optional (broker-required)	HHSC approval
New York	$1M-$1.5M CSL	$1M/$2M	Statutory	MAS + TLC requirements
Florida	$300K-$1M CSL	$1M/$2M	$500K per accident	AHCA + broker cert holder
Pennsylvania	PUC levels	$1M/$2M	Statutory	MATP grantee requirements
Ohio	Varies	$1M/$2M	BWC	PUCO + Verida requirements

---

Medicaid Billing Compliance

Billing compliance determines whether you get paid—and whether you avoid fraud allegations. Understanding NEMT billing fundamentals is essential for every provider.

Provider Enrollment Requirements

Before billing Medicaid, you must complete federal and state enrollment:

Federal Requirements:

1. NPI Registration (NPPES.cms.hhs.gov): Type 2 for organizations, correct taxonomy code (343900000X ambulette, 342000000X wheelchair)
2. SAM.gov Registration: Unique Entity ID (UEI), updated annually
3. CAQH ProView: Centralized credentialing for MCO participation

State Medicaid Enrollment:

• Application through state portal (PAVE in California, TMHP in Texas, eMedNY in New York)
• Documentation: Business formation, insurance certificates, driver/vehicle records
• Site inspection (most states)
• Background checks for owners with 5%+ ownership
• Enrollment fee ($0-$750 depending on state)
• Processing time: 30-120 days

Revalidation: Every 1-5 years depending on state and risk level. States notify 6 months before deadline. Miss it, and billing privileges suspend.

HCPCS Coding Compliance

Proper coding prevents denials and fraud allegations. For complete code reference, see our NEMT billing services guide.

Base Transport Codes:

Code	Description	Usage
T2001	Non-emergency transport, taxi	Basic sedan transport
T2002	Non-emergency transport, per mile	Mileage billing
T2003	Non-emergency transport, wheelchair	Wheelchair without lift
T2004	Non-emergency transport, wheelchair with lift/escort	Wheelchair with lift
T2005	Non-emergency transport, stretcher	Stretcher/litter transport
A0130	Wheelchair van, no attendant	WAV without aide
A0425	Ground mileage, per statute mile	Mileage component
S0215	Ground mileage (effective 7/1/25)	New mileage code

Origin/Destination Modifiers:

• D = Diagnostic/therapeutic facility
• E = Residential facility
• G = Hospital-based dialysis
• H = Hospital
• P = Physician office
• R = Residence

Two-character pairs indicate trip type: GH = Dialysis to Hospital, RP = Residence to Physician

Common Denial Codes: Understanding NEMT denial codes prevents repeated claim rejections.

Medical Necessity Documentation

Every trip requires medical necessity justification:

Physician Certification Statement (PCS):

• Physician signature and NPI
• Patient’s medical condition requiring transportation
• Mode of transport justified (wheelchair, stretcher)
• Frequency of trips (for recurring appointments)
• Validity period (30-365 days depending on state)

Documentation Standards:

• Origin and destination addresses
• Medical reason for transport
• Why public/private transportation isn’t appropriate
• Specific mobility requirements

Trip Log and Record Retention

Every trip requires complete documentation:

Trip Log Requirements:

• Date of service
• Patient name and Medicaid ID
• Pickup and drop-off addresses
• Pickup and drop-off times
• Mileage (odometer readings)
• Driver name, signature, and license number
• Vehicle ID (VIN or fleet number)
• Passenger signature
• GPS verification coordinates

Electronic Visit Verification (EVV): Mandatory GPS-validated timestamps and member signatures per 21st Century Cures Act

Retention Periods:

• Trip logs: 7-10 years minimum
• PCS forms: 7-10 years
• GPS data: 2-5 years
• Claims files: 10 years
• Medicare crossover: 10 years

Timely Filing Deadlines by State

State	Filing Deadline	Broker Deadline
California	12 months	90-120 days
Texas	95 days	90 days
New York	90 days	90 days
Florida	12 months	90-120 days
Pennsylvania	180 days	90 days
Ohio	12 months	90-120 days
Indiana	180 days	90 days

Miss the deadline, and claims are denied—period. No exceptions without documented good cause.

For state-by-state reimbursement information, see our Medicaid NEMT rates guide.

False Claims Act Compliance

The False Claims Act (31 U.S.C. § 3729) imposes severe penalties for billing fraud:

• Civil penalties: $14,308-$28,619 per false claim (2025-2026 inflation-adjusted)
• Treble damages: 3× the government’s loss
• Criminal penalties: Up to $250,000 and 10 years imprisonment for healthcare fraud (18 U.S.C. § 1347)
• Qui tam provisions: Whistleblowers receive 15-30% of recovered funds

Recent NEMT Settlements: Enforcement cases have resulted in settlements from $66,000 to over $600 million.

Common Billing Violations to Avoid

Violation	Description	Consequence
Phantom/Ghost Trips	Billing for trips that never occurred	FCA penalties, criminal charges
Upcoding	Billing T2005 (stretcher) when T2001 (sedan) was provided	FCA penalties, overpayment recovery
Duplicate Billing	Billing same trip to multiple payers or multiple times	Overpayment recovery, fraud investigation
Unbundling	Billing mileage and base separately when bundled code required	Claim denial, audit trigger
Missing PCS	Billing without valid Physician Certification Statement	Claim denial, recoupment
Kickbacks	Receiving payment for patient referrals	Anti-Kickback Statute penalties ($100,000+ per kickback)

---

State-Specific NEMT Compliance Requirements

Every state implements federal Medicaid mandates differently. Multi-state operators must track requirements across each jurisdiction.

California (CPUC, Medi-Cal, DHCS)

Regulatory Structure: CPUC (transportation), DHCS (Medi-Cal), BAR (vehicle inspection)

Key Requirements:

• CPUC TCP Permit mandatory for all for-hire transportation
• Medi-Cal enrollment through DHCS PAVE portal
• VSSI (Vehicle Safety Systems Inspection) through BAR-certified stations
• CHP BIT inspection for vehicles >10,001 lbs GVWR
• Geographic Managed Care (GMC) plans operate in 17 counties with varying requirements
• Treatment Authorization Request (TAR) required for trips >20 miles or requiring attendant
• CARB Zero-Emission Vehicle targets (50% by 2030)

Driver Requirements: Class B/C license, DOT medical card, DOJ/FBI LiveScan fingerprinting, PASS certification

Insurance: $1M-$1.5M CSL auto liability

Filing Deadline: 12 months from date of service

Texas (TMHP, TxDMV, HHSC)

Regulatory Structure: HHSC (Medicaid), TMHP (enrollment/billing), TxDMV (vehicle registration)

Key Requirements:

• TMHP provider enrollment for MTP (Medical Transportation Program) billing
• TxDMV livery plate registration mandatory for all for-hire vehicles
• 20-trip minimum monthly activity to maintain active provider status
• GPS tracking coordinates uploaded to TMHP portal
• Electronic POD documentation required
• Prior authorization via Form F00045 (limited) and F00045A (recurring)
• STAR/STAR+PLUS MCO credentialing for managed care trips

Driver Requirements: Class C or Class B license (>15 passengers), DOT physical, FBI/DPS fingerprinting

Insurance: $500K-$1.5M CSL depending on vehicle type

Filing Deadline: 95 days from date of service

New York (eMedNY, DOH, HRA)

Regulatory Structure: NYSDOH (Medicaid), eMedNY (enrollment/billing), MAS (statewide broker), NYC HRA/TLC (NYC region)

Key Requirements:

• MAS Letter of Support required before eMedNY enrollment
• NYC TLC Ambulette License for NYC operations (includes 32-hour driver training)
• Article 19-A compliance for all ambulette drivers (biennial road tests, medical exams)
• Daily electronic trip manifests uploaded to MAS
• GPS attestation for pickup/destination coordinates
• Semi-annual vehicle inspections (TLC B-26 + NYS DOT)
• Minimum trip requirements (NYC: 50 trips/month)
• Strict fraud prevention due to historical issues—daily GPS reconciliation vs. claims

Driver Requirements: TLC A-19 license card (NYC), DMV for-hire endorsement (upstate), Article 19-A certification

Insurance: $1M-$1.5M CSL auto liability

Filing Deadline: 90 days from date of service

Florida, Pennsylvania, Ohio, Indiana

Florida (AHCA):

• COPEC (Certificate of Public Convenience) from local authority
• AHCA Provider Portal enrollment
• Level 2 FBI fingerprinting
• MTM and ModivCare broker coordination
• County/municipal permits often required

Pennsylvania (DHS):

• MATP (Medical Assistance Transportation Program) through 66 county systems
• County MATP approval and vendor number
• Act 33/34 child abuse clearances
• Semi-annual inspections for older vehicles
• PROMISe portal for billing

Ohio (PUCO, ODM):

• PUCO TCP permit for ambulette operations
• ODM provider enrollment through PNM module
• Verida broker credentialing (statewide)
• OSHP vehicle inspection
• EVV GPS compliance mandatory
• 10-panel drug screening

Indiana (FSSA):

• IHCP portal enrollment
• MTM broker credentialing (statewide)
• 20-trip minimum monthly mandate
• ePA real-time authorization
• Vehicle labeling (NPI/company name) required
• 5-panel drug screening

State Compliance Comparison Matrix

Requirement	California	Texas	New York	Florida	Pennsylvania	Ohio	Indiana
State Permit	CPUC TCP	TxDMV Livery	TLC Ambulette (NYC)	COPEC	MATP Vendor #	PUCO TCP	None
Enrollment Portal	DHCS PAVE	TMHP	eMedNY	AHCA	PROMISe	ODM PNM	IHCP
Vehicle Inspection	VSSI/CHP	DPS Annual	TLC B-26 + DOT	State Annual	Semi-annual (age)	OSHP	State Annual
Broker System	ModivCare/MTM	MCO-based	MAS	MTM/ModivCare	MATP County	Verida	MTM
Filing Deadline	12 months	95 days	90 days	12 months	180 days	12 months	180 days
Trip Minimum	None	20/month	50/month (NYC)	None	Varies	None	20/month
Drug Test Panel	5-panel	DOT 5-panel	10-panel	10-panel	5-panel	10-panel	5-panel

---

Broker Credentialing and Compliance

Most NEMT trips flow through transportation brokers who manage networks for Medicaid programs. Broker credentialing requirements often exceed state and federal minimums.

ModivCare Requirements

Enrollment Process: 60-90 days typical

• Application through ModivCare Provider Portal
• Document submission deadline: 30 days from application
• Site inspection or audit
• Test trips before live activation
• Contract execution

Documentation Requirements:

• Federal IDs: NPI, SAM.gov UEI, LEIE clearance, CAQH ProView
• Insurance: ACORD 25/126 with $1-1.5M CSL, GL, WC, SAM coverage; ModivCare as additional insured
• Driver files: License, MVR (3-year clean), PASS certification, 10-panel drug screen, CPR/First Aid
• Vehicle records: Registration, inspection certificate, lift certification, maintenance logs, GPS proof

Performance Metrics:

• On-Time Performance (OTP): ±15 minutes from scheduled time
• Complaint rate: <2% monthly
• Clean claims: 95%+
• Cancellation/no-show: <5%

Technology Requirements:

• WellRyde mobile app (or approved alternative)
• Real-time GPS tracking (1-minute intervals)
• Electronic POD with passenger signature

MTM Requirements

Enrollment Process: 30-60 days typical

• Application through MTM Provider Portal
• Document submission deadline: 7-14 days from request
• Quarterly desk audits post-activation
• Annual renewal with updated documentation

Documentation Requirements:

• Same federal ID requirements as ModivCare
• Insurance: Similar coverage levels, MTM as certificate holder and additional insured
• Driver/vehicle files: Similar standards

Performance Metrics:

• OTP: ±10 minutes
• Complaint rate: <1.5% monthly
• Clean claims: 97%+
• Quarterly scorecards with KPI tracking

Technology Requirements:

• MTM Link mobile application
• API integration for dispatch software
• Real-time trip tracking and reporting

Veyo Requirements

Enrollment Process: 14-30 days (fastest among major brokers)

• Application through Veyo Provider Portal
• “Virtual Fleet” model accommodates rideshare-style drivers
• App-only dispatch through Veyo Driver App

Key Differentiators:

• Fastest onboarding in the industry
• Technology-focused with advanced app features
• Strictest performance standards

Requirements:

• Driver: 21+, 3-year clean record, PASS certification, CPR/First Aid
• Vehicle: ≤10 years old, GPS-enabled telematics, annual 19-point inspection
• Insurance: $1M CSL minimum, SAM coverage

Performance Metrics:

• OTP: 98% on-time (strictest threshold)
• Driver rating: 4.7+ stars required
• Real-time deactivation for performance drops

Access2Care Requirements

Enrollment Process: 45-60 days

• Hospital-first brokerage model
• Full Risk Contracts with MCOs
• A2C Connect portal and mobile app

Key Differentiators:

• Hospital contract integration
• Mystery rider audits
• Right of Access compliance rules

Requirements:

• Driver: Same core standards
• Vehicle: GPS-enabled, “Access2Care Authorized Provider” decals
• 10-panel drug screening
• Quality Management Plan documentation
• HL7/FHIR integration for hospital data

Broker Credentialing Comparison

Requirement	ModivCare	MTM	Veyo	Access2Care
Enrollment Time	60-90 days	30-60 days	14-30 days	45-60 days
Doc Deadline	30 days	7-14 days	Varies	30 days
OTP Threshold	±15 min	±10 min	98% on-time	±10 min
Drug Test	10-panel	10-panel	State-based	10-panel
Mobile App	WellRyde	MTM Link	Veyo Driver	A2C Connect
Audit Frequency	Quarterly	Quarterly	Continuous	Mystery rider
Termination Notice	30 days	30 days	Immediate	60 days

Compliance Reciprocity: Brokers share termination data. A termination from one broker often triggers review or termination from others. The “Bad Actor” database effectively blacklists providers with serious compliance failures.

---

NEMT Audit Preparation and Compliance Monitoring

Audits happen. RAC audits, OIG investigations, state Medicaid reviews, broker compliance audits—they’re part of operating in healthcare transportation. The question isn’t whether you’ll face an audit, but whether you’ll survive it.

Types of NEMT Audits

RAC (Recovery Audit Contractor) Audits: Focus on overpayments and billing errors. Desk audits request documentation for sampled claims; discrepancies trigger extrapolation to entire claim populations.

OIG (Office of Inspector General) Audits: Target fraud, waste, and abuse. Often initiated by whistleblower complaints, billing anomalies, or data mining flags. Can escalate to criminal investigation.

State Medicaid Program Integrity Audits: Conducted by state Program Integrity Units (PIUs). Focus on documentation, medical necessity, and provider eligibility.

Broker Compliance Audits: Quarterly or continuous monitoring of performance metrics, credential currency, and contract compliance. Failures trigger suspension or termination.

MAC (Medicare Administrative Contractor) Audits: For providers billing Medicare (crossover or direct). Similar to RAC audits in scope.

Internal Compliance Monitoring Systems

Proactive monitoring prevents audit failures:

Daily Monitoring:

• GPS verification of all trips vs. scheduled pickups
• Driver credential status checks before dispatch
• Vehicle inspection completion verification

Weekly Reviews:

• Audit log review for unusual PHI access
• Claims denial reports and correction tracking
• Driver file expiration alerts

Monthly Activities:

• OIG/LEIE exclusion screening for all employees
• 5-claim deep review for documentation completeness
• Insurance certificate verification
• Broker portal credential synchronization

Quarterly Reviews:

• 2% trip sample review per broker requirements
• 10-driver file audit (stratified by risk)
• Vehicle maintenance compliance review
• Training completion verification

Annual Activities:

• Full mock audit (RAC/OIG procedures)
• HIPAA risk analysis
• Policy and procedure manual review
• Complete credential refresh

Quarterly 2% Trip Review Requirements

Many brokers and state programs require quarterly 2% trip reviews (form DMA-5078 in some states):

Sample Selection:

• Random selection from total trip population
• Stratified to include all transport types (sedan, wheelchair, stretcher)
• Include high-value and high-frequency trips

Review Elements:

• Authority: Valid prior authorization or standing order
• Mode: Transport type matches patient need and billing code
• Distance: Mileage matches GPS data within tolerance
• Verification: GPS coordinates match pickup/drop-off locations
• Signature: Patient signature on trip log

Document findings, corrective actions, and pattern analysis. Retain review documentation for 7-10 years.

Documentation Retention Requirements

Document Type	Retention Period
Trip logs	10 years
Billing/claims files	7 years
Driver files	5 years post-employment
Vehicle records	Vehicle life + 3 years
Insurance COIs	Policy life + 3 years
HIPAA documentation	6 years
Training records	6 years
BAA agreements	6 years post-termination

Audit-Ready File Organization

Organize documentation for 24-48 hour retrieval:

Digital Structure:

/Year/Month/
  /Trips/
    /[Date]_[TripID]_[PatientID]/
      - Trip log (PDF)
      - GPS data (export)
      - PCS (PDF)
      - POD signature (image)
  /Drivers/
    /[DriverID]_[LastName]/
      - License
      - Background check
      - MVRs
      - Drug tests
      - Certifications
  /Vehicles/
    /[VIN]_[FleetNumber]/
      - Registration
      - Inspections
      - Maintenance logs
      - Insurance

Use Bates-stamped PDFs for audit submissions. Maintain both digital and physical backup systems.

Corrective Action Plan Development

When audits identify deficiencies:

1. Root Cause Analysis: Identify why the failure occurred (training gap, system error, process failure)
2. Immediate Correction: Fix the specific identified issues
3. Preventive Measures: Implement process changes to prevent recurrence
4. Timeline: Specific dates for each corrective action
5. Responsible Parties: Named individuals accountable for each action
6. Validation: Re-audit or testing to verify correction effectiveness
7. Documentation: Written CAP with evidence of completion

Complete Audit Preparation Checklist

Category	Items	Status Check
Trip Records	Logs, GPS data, PCS, POD signatures	10-year retention, 24-hour access
Driver Files	Licenses, background, MVR, drug tests, training	Current for all active drivers
Vehicle Records	Registration, inspection, maintenance, insurance	Current for all active vehicles
Billing Files	Claims, EOBs, denials, appeals	7-year retention
Insurance	COIs, endorsements, policy documents	Current, properly filed
Training	HIPAA, PASS, CPR, all certifications	Completion logs current
Policies	P&P manual, HIPAA policies, incident procedures	Annual review documented
Exclusion Screening	Monthly OIG/LEIE/SAM search logs	Complete for all employees
Internal Audits	2% trip reviews, mock audits, file reviews	Documented with findings

---

NEMT Compliance Violations and Penalties

Understanding penalty exposure helps you prioritize compliance investments. A single violation can exceed your annual revenue.

HIPAA Violation Penalty Tiers

Tier	Knowledge Level	Per Violation	Annual Cap
Tier 1	Unknowing	$145 – $73,011	$73,011
Tier 2	Reasonable Cause	$1,461 – $73,011	$73,011
Tier 3	Willful Neglect (Corrected)	$14,602 – $73,011	$73,011
Tier 4	Willful Neglect (Not Corrected)	$73,011+	$2,190,294

Criminal Penalties:

• Negligent disclosure: $50,000 + 1 year imprisonment
• Obtaining PHI under false pretenses: $100,000 + 5 years
• Intent to sell or use for harm: $250,000 + 10 years

State Attorney General Enforcement: $25,000+ per violation in many states, in addition to federal penalties.

Recent Settlements: OCR settlements in healthcare transportation have ranged from $5,000 for small breaches to $5.55 million for systemic failures.

False Claims Act Penalties

Component	Amount (2025-2026)
Per false claim	$14,308 – $28,619
Treble damages	3× government loss
Qui tam share (gov intervenes)	15-25% to whistleblower
Qui tam share (gov declines)	25-30% to whistleblower

Example Calculation: 100 false claims averaging $200 each = $20,000 base × 3 (treble) + 100 × $20,000 (penalties) = $60,000 + $2,000,000 = $2,060,000 minimum exposure

Criminal Healthcare Fraud (18 U.S.C. § 1347): Up to $250,000 and 10 years imprisonment

Anti-Kickback Violations: $100,000+ per kickback plus 3× damages

FMCSA Safety Violation Fines

Violation Category	Fine Range
General violations	$1,472 – $29,221
Hours-of-service	$2,475 – $40,420
Driver qualification	$3,861 – $12,135
Vehicle maintenance	$4,404 – $21,550
Drug/alcohol testing	$7,543 – $38,612
Recordkeeping	$1,472 – $14,236
Out-of-service violation	$29,221 per day
CDL disqualification	$6,974 – $38,612

State-Level Penalties

State	Agency	Penalty Range
California	CPUC	$1,000 – $20,000 per citation
Texas	TxDMV/DPS	$500 – $10,000 + plate revocation
New York	DOT/TLC	$500 – $5,000 per violation
Florida	AHCA	$2,000 per violation

Broker Contract Termination Consequences

Broker termination triggers immediate operational crisis:

• Trip suspension: Immediate upon notice
• Revenue loss: 40-80% within 30 days
• Network exclusion: Other brokers may follow
• Insurance impact: Non-renewal risk increases
• Clawback: Payment recovery for trips during non-compliant period

Medicaid Exclusion Process

Exclusion from federal healthcare programs under 42 CFR Part 1001:

Mandatory Exclusion Triggers:

• Healthcare fraud conviction
• Patient abuse/neglect conviction
• Felony healthcare-related conviction
• Felony controlled substance conviction

Permissive Exclusion Triggers:

• License revocation
• Excluded ownership/control
• Failure to repay overpayments
• Kickback violations

Duration: Minimum 5 years; permanent for repeat offenses

Impact: 100% loss of Medicaid revenue; bars employment by any Medicaid provider

Penalty Comparison by Violation Type

Violation	Typical Penalty	Max Exposure	Business Impact
HIPAA Tier 1	$1,000 – $50,000	$73,011/year	Low-moderate
HIPAA Tier 4	$73,011+	$2.19M+/year	Severe
False claim (each)	$14,308 – $28,619	+ treble damages	Severe
FMCSA safety	$1,472 – $40,420	$29,221/day OOS	Moderate-severe
Broker termination	N/A (contractual)	80% revenue loss	Critical
Medicaid exclusion	100% Medicaid loss	5+ years	Terminal

---

NEMT Compliance Technology and Automation

Manual compliance tracking fails at scale. A 10-vehicle fleet generates hundreds of credential expirations, inspections, and documentation requirements annually. Modern NEMT software automates these processes—and prevents non-compliant trips from ever dispatching.

Compliance Management Software Features

Essential Features for 2026:

Feature	Function	Value
Credential Tracking	Unified driver profiles with all certifications	Single source of truth
Expiration Alerts	Multi-channel notifications (60/30/7 days)	Prevents lapses
Hard-Lock Dispatch	Blocks non-compliant drivers from trips	Eliminates risk
OIG Screening	Automated monthly exclusion checks	Federal compliance
Vehicle Maintenance	Scheduled service with alerts	Prevents inspection failures
GPS Audit Trail	Trip verification with coordinates	Audit documentation
COI Management	Insurance tracking with alerts	Prevents de-fleeting
Broker Integration	API sync with ModivCare, MTM, Veyo	Reduces manual entry
Audit Reports	One-click manifests and trip files	Audit readiness
HIPAA Security	AES-256 encryption, access controls	Data protection

ROI Analysis:

Metric	Manual	Automated
Error Rate	~20%	<1%
Admin Cost/Claim	$12-19	$3-5
Claim Denial Rate	15-25%	<3%
Audit Prep Time	40+ hours	<1 hour
Penalty Risk	High	Low

For a complete software evaluation, see our best NEMT software comparison.

Software Platform Comparison

Platform	Credential Management	OIG Screening	GPS Verification	Broker Integration	Pricing
TobiCloud	★★★★★	Automated	★★★★★	MTM/ModivCare/Veyo	$$$
RouteGenie	★★★★☆	Manual	★★★★☆	MTM/ModivCare	$$
Bambi	★★★★☆	Automated	★★★★★	All major	$$
MediRoutes	★★★★☆	Manual	★★★★☆	MTM/ModivCare	$$
NEMT Cloud Dispatch	★★★☆☆	Manual	★★★★☆	Limited	$
TripMaster	★★★★☆	Automated	★★★★☆	MTM/ModivCare	$$$
Momentm	★★★★★	Automated	★★★★★	All major	$$$$

Selection Guidance:

• Small providers (1-5 vehicles): Budget-friendly with core compliance features
• Medium providers (6-25 vehicles): Full compliance suite with broker integration
• Enterprise (26+ vehicles): Custom implementation with multi-state support

For custom NEMT website and software development, consult specialists who understand compliance requirements.

---

Building a Compliance Culture

Compliance isn’t a department—it’s a culture. The providers who survive audits and thrive long-term embed compliance into every operational decision.

Compliance Officer Role and Responsibilities

Every NEMT operation needs a designated Compliance Officer:

Core Responsibilities:

• Develop and maintain compliance policies and procedures
• Conduct internal audits and risk assessments
• Manage regulatory filings and revalidations
• Coordinate external audit responses
• Oversee staff training programs
• Monitor regulatory changes and update protocols
• Investigate compliance incidents
• Report to ownership/board on compliance status

Qualifications:

• Healthcare compliance experience (NEMT preferred)
• Understanding of Medicaid billing regulations
• HIPAA privacy and security knowledge
• DOT/FMCSA safety regulation familiarity
• Strong documentation and communication skills

Reporting Structure: Direct access to CEO/owner; authority to halt non-compliant operations

Staff Training Program Design

Training Framework:

Role	Topics	Frequency
Drivers	PASS, CPR, HIPAA, defensive driving, wheelchair securement	Initial + annual refresher
Dispatchers	HIPAA, PHI handling, minimum necessary, secure communication	Initial + annual refresher
Billing Staff	HCPCS coding, FCA compliance, documentation standards	Initial + annual + as needed
All Staff	FWA prevention, incident reporting, ethics	Annual

Training Documentation:

• Attendance records with signatures
• Assessment scores (minimum passing threshold)
• Completion certificates
• Remediation records for failures

Policy and Procedure Manual Development

Required Manual Sections:

1. Company Overview: Mission, compliance commitment, organizational structure
2. Regulatory Framework: Federal, state, broker requirements summary
3. Driver Compliance: Hiring, credentialing, ongoing verification procedures
4. Vehicle Compliance: Inspection, maintenance, documentation standards
5. HIPAA Program: Privacy, security, breach response procedures
6. Billing Compliance: Coding, documentation, medical necessity, FCA prevention
7. Insurance Management: Coverage requirements, COI procedures
8. Audit Procedures: Internal monitoring, external audit response
9. Incident Response: Accident, complaint, breach handling
10. Corrective Action: CAP procedures, discipline matrix
11. Ethics and Conduct: Code of conduct, whistleblower protection
12. Training Requirements: Program descriptions, schedules, documentation

Review and update annually; document all revisions.

Continuous Improvement Processes

PDCA Cycle Implementation:

1. Plan: Identify compliance gaps through audits, incidents, regulatory changes
2. Do: Implement corrective actions and process improvements
3. Check: Monitor KPIs, conduct follow-up audits, track outcomes
4. Act: Standardize effective changes; address remaining gaps

Key Performance Indicators:

KPI	Target	Monitoring
Driver file completeness	100%	Weekly
GPS verification rate	99%+	Daily
Claim denial rate	<3%	Monthly
Training completion	100%	Quarterly
Internal audit pass rate	95%+	Quarterly
Credential expiration alerts	0 lapses	Continuous

Continuous Monitoring Dashboard:

• Real-time credential status (green/yellow/red)
• Upcoming expirations
• Audit findings and CAP status
• KPI trends
• Regulatory update alerts

---

Complete NEMT Compliance Checklist (Master)

Use this checklist for comprehensive compliance verification:

Federal Compliance

• NPI registered with correct taxonomy code
• SAM.gov registration current with UEI
• Monthly OIG/LEIE exclusion screening documented
• HIPAA policies and procedures implemented
• Business Associate Agreements with all PHI vendors
• Annual HIPAA risk analysis completed
• ADA accessibility standards met for all WAVs
• Drug and alcohol testing program compliant (if applicable)

State Compliance

• State Medicaid enrollment active
• State permits/licenses current (CPUC, TxDMV, TLC, etc.)
• State vehicle inspection current
• State-specific driver requirements met
• State-specific insurance minimums met
• Revalidation deadlines tracked

Driver Compliance

• All licenses current and appropriate for vehicle class
• Background checks complete (pre-hire + annual)
• MVRs reviewed (pre-hire + quarterly minimum)
• Drug tests negative (pre-hire + random)
• PASS certification current
• CPR/First Aid current
• HIPAA training complete (annual)
• DOT medical cards current (if applicable)
• Exclusion screening monthly

Vehicle Compliance

• Registration current
• Insurance current with proper coverage
• State inspection current
• ADA equipment certified (WAVs)
• Pre-trip inspections documented daily
• Preventive maintenance on schedule
• Safety equipment present and functional
• GPS/telematics functional

Insurance Compliance

• Commercial auto liability meets requirements
• General liability current
• Workers’ compensation current
• Brokers named as additional insured
• COIs uploaded to all broker portals
• Renewal dates tracked (60/30/7 day alerts)

Billing Compliance

• Provider enrollment active all jurisdictions
• HCPCS coding procedures documented
• Medical necessity documentation standards met
• Trip logs complete for all trips
• Timely filing deadlines tracked
• Claims submitted within deadlines
• FCA compliance training complete

Broker Compliance

• Credentialing complete all contracted brokers
• Documentation current in broker portals
• Performance metrics meeting SLAs
• Technology requirements met (apps, GPS)
• Audit responses submitted timely

Audit Readiness

• Documentation organized for 24-hour access
• Retention periods met for all records
• Internal audits conducted per schedule
• CAPs completed for identified deficiencies
• Mock audits conducted annually

Frequently Asked Questions

What is the cost of NEMT non-compliance?

NEMT non-compliance costs can reach millions of dollars. HIPAA breaches trigger settlements up to $5.55 million. False Claims Act cases result in $14,308-$28,619 per false claim plus treble damages. FMCSA safety violations accumulate at $1,584 per day. Beyond fines, broker termination causes 40-80% revenue loss, and Medicaid exclusion eliminates 100% of program revenue for minimum 5 years.

What documents do NEMT providers need for Medicaid billing?

NEMT Medicaid billing requires trip logs with pickup/drop-off times and locations, GPS verification data, Physician Certification Statements (PCS), passenger signatures, driver identification, and vehicle documentation. Claims must include correct HCPCS codes (T2001-T2005, A codes) with appropriate origin/destination modifiers.

How do NEMT providers pass broker credentialing?

Passing broker credentialing requires complete documentation including NPI, SAM.gov registration, LEIE clearance, ACORD 25/126 insurance certificates naming brokers as additional insured, driver files with licenses, MVRs, background checks, drug tests, and certifications, plus vehicle records with inspections and GPS capability. Meet submission deadlines and performance SLAs.

What is the NEMT driver qualification process?

NEMT driver qualification requires valid driver’s license (CDL for larger vehicles), criminal background check (7-year lookback), MVR review (3-7 years), drug screening (5-10 panel), OIG exclusion clearance, PASS certification, CPR/First Aid certification, HIPAA training, and DOT medical card where applicable. Monthly exclusion screening and annual recredentialing maintain qualification.

What vehicle inspections do NEMT providers need?

NEMT vehicles require daily pre-trip inspections documented on DVIRs, state safety inspections (annual or semi-annual), DOT annual inspections for CMVs, and ADA accessibility equipment certifications for wheelchair vans. Inspections cover brakes, tires, lights, lifts, securement equipment, and safety items. Failed inspections ground vehicles until repairs and re-inspection are completed.

How does HIPAA apply to NEMT providers?

NEMT providers are Business Associates under HIPAA because they handle Protected Health Information including patient names, addresses, medical conditions, Medicaid IDs, and appointment details. Providers must implement Privacy Rule safeguards, Security Rule technical controls (encryption, access management, audit logging), staff training, and breach notification procedures. Business Associate Agreements are required with all PHI-handling vendors.

What are the NEMT state compliance requirements for California?

California NEMT compliance requires CPUC TCP Permit (mandatory for all for-hire transport), DHCS Medi-Cal enrollment through PAVE portal, VSSI vehicle inspection through BAR-certified stations, CHP BIT inspection for vehicles over 10,001 lbs, driver fingerprinting through DOJ/FBI LiveScan, and PASS certification. GMC managed care plans have county-specific credentialing requirements.

What triggers an NEMT audit?

NEMT audits are triggered by billing anomalies (upcoding patterns, mileage outliers), high denial reversal rates, rapid volume growth (>50% year-over-year), whistleblower complaints, beneficiary complaints, data mining flags, duplicate claims, GPS gaps, expired credentials, and low broker performance scores. Random selection also occurs for routine program integrity reviews.

How should NEMT providers prepare for audits?

NEMT audit preparation requires organized documentation with 24-48 hour retrieval capability, 7-10 year record retention, quarterly 2% trip sample reviews, internal mock audits, current credential files for all drivers and vehicles, GPS data backup, and Corrective Action Plan templates. Designate an audit response team and practice document production procedures.

What is the difference between DOT and non-DOT drug testing for NEMT?

DOT drug testing under 49 CFR Parts 40 and 382 applies to drivers operating Commercial Motor Vehicles (10,001+ lbs GVWR or 16+ passengers) in interstate commerce. It uses the DOT 5-panel test with specific collection and MRO procedures. Non-DOT testing applies to drivers below these thresholds but may still be required by states, brokers, or company policy—often using expanded panels and different procedures.

What are common NEMT billing mistakes to avoid?

Common NEMT billing mistakes include phantom/ghost trip billing, upcoding (billing stretcher when sedan provided), duplicate billing, unbundling services, missing or expired Physician Certification Statements, incorrect modifier usage, filing after deadlines, and insufficient medical necessity documentation. These errors trigger claim denials, audits, recoupment, and potential False Claims Act liability.

How do NEMT providers maintain broker contracts?

Maintaining broker contracts requires meeting performance SLAs (95-98% on-time), keeping credentials current in broker portals, responding to document requests within deadlines (7-30 days), achieving clean claims rates (95-97%), maintaining complaint rates below thresholds (<1-2%), using required technology (GPS, mobile apps), and passing quarterly audits. Compliance reciprocity means failures with one broker affect relationships with others.

---

Conclusion: Compliance as Competitive Advantage

Compliance isn’t a cost center. It’s your competitive advantage.

Compliant NEMT providers earn preferred broker status, securing better trip volumes and faster payments. They maintain stable insurance at competitive rates while non-compliant competitors face non-renewal and surplus market pricing. They survive audits that bankrupt unprepared operators.

The math is straightforward. Investing 3% of revenue in compliance infrastructure yields 12-18% EBITDA margins and 140% valuation growth over five years. Cutting compliance corners triggers $2+ million penalty exposure, 40-80% revenue loss from broker termination, and potential business-ending Medicaid exclusion.

The providers who thrive in 2026 and beyond will be those who:

• Build compliance into operations from day one, not as an afterthought
• Invest in technology that prevents non-compliant trips from ever dispatching
• Train staff continuously, not just at hire
• Monitor credentials proactively, not reactively after lapses
• Document everything as if an auditor is watching—because eventually, one will be

Start with the Master Compliance Checklist in this guide. Identify your gaps. Build your improvement timeline. Execute systematically.

For providers needing professional NEMT billing support or healthcare technology solutions, partnering with specialists who understand compliance requirements accelerates your path to operational excellence.

Your compliance program protects your patients, your drivers, your contracts, and your business. That’s not overhead—that’s survival.