VA NEMT Compliance Checklist: HIPAA, Medicaid, and Veteran-Specific Requirements

If your NEMT company serves veterans in Nashville, TN — or anywhere in Tennessee — running a compliant operation is not optional. It is the difference between a thriving business and a federally excluded provider.

VA NEMT compliance software requirements are governed by three overlapping regulatory frameworks: HIPAA, Medicaid (TennCare in Tennessee), and veteran-specific VA standards under the Beneficiary Travel Program. Each layer carries its own documentation requirements, penalties for violations, and data-handling obligations. Get one wrong, and you risk fines up to $1.5 million per year, contract termination, and permanent exclusion from federal healthcare programs.

This checklist breaks down every requirement your NEMT operation must meet — organized by framework — along with real enforcement examples, Tennessee-specific rules, and how the right veteran transportation platform helps you stay audit-ready year-round.

Why Veteran NEMT Compliance Is a Three-Layer Problem

Most NEMT providers understand Medicaid compliance. Fewer fully grasp that serving veterans through the VA introduces a second and third regulatory layer on top of everything TennCare already requires.

Here is what you are actually dealing with:

1. HIPAA Privacy & Security Rules — federal mandates on how you collect, store, transmit, and dispose of patient health information
2. Medicaid (TennCare) Requirements — Tennessee's state-specific standards for provider enrollment, billing, vehicle specs, and trip documentation
3. VA/VHA-Specific Requirements — rules governing the Beneficiary Travel (BT) Program, Veterans Transportation Service (VTS), and special mode transportation authorizations under 38 U.S.C. § 111 and 38 CFR Part 70
   

Key Stat

More than 9 million veterans are enrolled in VA healthcare nationally, and over 6 million access VA health services through VHA medical facilities. Transportation is consistently identified as one of the top barriers to care — making compliant NEMT providers an essential link in veteran healthcare delivery.

Part 1: HIPAA Compliance Checklist for NEMT Providers

NEMT providers are classified as Business Associates under HIPAA. That classification makes you directly liable for the privacy and security of every piece of Protected Health Information (PHI) that passes through your operation — from trip scheduling to billing to driver communications.

PHI in NEMT includes more data than most providers realize:

• Patient names, addresses, phone numbers, and Medicaid IDs
• Trip dates, times, durations, and pickup/drop-off locations (which can reveal medical destinations such as dialysis centers, oncology clinics, and mental health facilities)
• Medical conditions and diagnoses tied to transport necessity
• Billing records and insurance information

Administrative Safeguards

1. Maintain a written HIPAA policy manual covering PHI access, data storage, retention periods, and data-sharing procedures
2. Assign a designated HIPAA Privacy Officer and HIPAA Security Officer
3. Conduct an annual HIPAA risk assessment and document findings
4. Restrict PHI access by role: drivers see trip addresses only; dispatchers and billing staff have differentiated access levels
5. Maintain a signed Business Associate Agreement (BAA) with every third-party vendor handling PHI (software platforms, billing services, communication tools)
6. Train all staff on HIPAA rules annually, with role-specific scenarios and simulation exercises
7. Retain HIPAA documentation for a minimum of 6 years (federal requirement)

Technical Safeguards

1. Encrypt all PHI at rest and in transit using AES-256 encryption standards
2. Implement two-step authentication for all dispatch and billing systems
3. Maintain automated audit trails logging all system access and data changes
4. Enable remote-wipe capability on all driver and dispatcher mobile devices
5. Use HIPAA-compliant messaging platforms for all driver-dispatch communications — standard SMS is not compliant
6. Enforce automatic screen locks and password policies on all devices
7. Conduct quarterly internal compliance audits and annual third-party security assessments

Physical Safeguards

1. Secure all paper trip logs, consent forms, and patient records in locked storage
2. Shred paper PHI when no longer needed — document disposal method and date
3. Restrict fax machine access to authorized staff; secure received faxes containing PHI immediately
4. Establish a written breach response plan with defined notification timelines (60-day reporting window to HHS OCR after discovery of a breach)

Penalty Reference

HIPAA violations carry civil penalties ranging from $145 to $73,011 per violation depending on culpability level, with annual caps up to $2.19 million per violation category. Criminal penalties for willful neglect can reach $250,000 and 10 years imprisonment. (Source: 45 CFR § 160.404, adjusted for 2025-2026 inflation)

Part 2: Medicaid (TennCare) Compliance Checklist for Nashville NEMT Providers

Tennessee's Medicaid program, TennCare, serves more than 1.4 million Tennesseans across four managed care plans: BlueCare, TennCare Select, UnitedHealthcare, and Wellpoint. NEMT services for TennCare members are brokered through two primary broker networks — Verida (for BlueCare and TennCare Select members) and Tennessee Carriers (for UnitedHealthcare and Wellpoint members).

If you plan to operate as an NEMT provider in Nashville under TennCare, your compliance checklist must cover enrollment requirements with both broker networks, vehicle and driver standards, billing codes, and new rules effective July 1, 2025.

Provider Enrollment & Contracting

1. Register as a TennCare provider and obtain a valid NPI (National Provider Identifier)
2. Complete the Verida Request for Qualifications Form and submit driver and vehicle documentation
3. Complete Tennessee Carriers' Prospective NEMT Transporter Information Form (submit to NEMTOnboarding@tenncarriers.com)
4. Pass broker vetting process — selection is not guaranteed; Tennessee Carriers selects based on network need, capabilities, and location
5. Maintain enrollment in the OIG LEIE (List of Excluded Individuals/Entities) — verify all staff and drivers are not excluded from federal programs

Trip Documentation & Scheduling Rules

1. Schedule all trips at least two business days in advance of the member's appointment (TennCare policy — as of November 2025 guidance)
2. Effective July 1, 2025: Members may only be picked up at the home address on file with TennCare — one exception per year is permitted
3. For urgent trips where adequate notice is not given, verify medical urgency with the provider before scheduling
4. For discharging facilities: have transportation arranged within the 3-hour urban / 4-hour non-urban broker response window
5. Collect and verify member's full name, phone number, address, date of birth, county of residence, and Medicaid ID number before each trip
6. Retain all trip records and billing files for 7-10 years to satisfy Medicaid audit lookback periods

Billing Compliance — Key 2025 Updates

1. Effective July 1, 2025: Use HCPCS code S0215 for billing ambulatory/mobility vehicle mileage — this is now mandatory
2. Implement GPS-validated timestamps and member signatures per 21st Century Cures Act Electronic Visit Verification (EVV) requirements
3. Submit claims within required timelines — claims outside the window are denied with no exceptions absent documented good cause
4. Conduct internal billing audits to prevent False Claims Act exposure: civil penalties range from $14,308 to $28,619 per false claim, plus treble damages (2025-2026 inflation-adjusted rates under 31 U.S.C. § 3729)

Vehicle & Driver Standards

1. Maintain commercial auto liability insurance — personal auto policies do not satisfy broker or state requirements
2. Carry minimum $750,000 liability coverage for interstate CMVs per 49 CFR § 387.9 (budget $4,000–$19,000 per vehicle annually)
3. Ensure all vehicles meet ADA standards: wheelchair accessibility, securement systems, door dimensions, and safety equipment
4. Conduct background checks on all drivers: criminal history (7-year lookback), sex offender registry, abuse/neglect registry, OIG/LEIE exclusion, state-specific registries
5. Maintain driver certifications: PASS (Passenger Assistance, Safety and Sensitivity), CPR/AED, First Aid, HIPAA training, defensive driving
6. Schedule and document regular vehicle maintenance; maintain current maintenance logs

Part 3: VA/Veteran-Specific Compliance Checklist

Serving veterans through the VA's Beneficiary Travel (BT) Program or Veterans Transportation Service (VTS) introduces requirements that go beyond standard Medicaid compliance. These rules are governed by 38 U.S.C. § 111, 38 CFR Part 70, and VHA Directive 1601B. Understanding them is essential before approaching the Nashville VA Tennessee Valley Healthcare System or its Murfreesboro campus.

Beneficiary Travel (BT) Program — Eligibility Rules You Must Understand

Veterans are eligible for the Beneficiary Travel Program — and therefore for NEMT reimbursement — under the following conditions (38 CFR § 70.10):

• Veterans traveling for treatment of a service-connected disability, regardless of disability rating percentage
• Veterans with a service-connected disability rated at 30% or more, traveling for any VA-approved examination, treatment, or care
• Veterans whose income does not exceed the maximum annual rate of VA pension, traveling for any VA-approved care
• Primary and secondary family caregivers meeting the requirements of 38 CFR § 71.25

Key administrative rule: Veterans must apply for BT within 30 calendar days of travel completion. If travel includes special mode transportation, VA must have approved it prior to travel — or the travel must have been a medical emergency.

Important 2024 update: Reimbursements paid directly to Veterans must now be made via Electronic Funds Transfer (EFT) per Treasury Fiscal Service 31 CFR Part 208. Providers should factor this into their billing workflow.

Special Mode Transportation — Documentation Requirements

1. Obtain prior authorization from VHA before providing special mode transportation — claims without preauthorization are denied unless the trip was a medical emergency
2. Maintain a VA clinician's written certification of medical necessity for wheelchair-accessible transport or other special modes
3. Understand that a medical necessity determination by a VA clinician at one VA facility is valid across all VA facilities unless the veteran's condition changes
4. Submit Special Mode of Transportation vendor invoices on schedule — the Nashville TVHS conducts periodic reviews verifying that beneficiaries listed on vendor invoices have valid BT eligibility (per VHA Directive 1601B)
5. For veteran transfers: document whether transfer meets VA authority criteria — VA can only transfer terminally ill veterans in inpatient care to facilities in other areas at VA expense

Partnership & Documentation Standards for VA Contracting

1. Build a formal relationship with the Nashville VA Tennessee Valley Healthcare System (1310 24th Avenue South, Nashville, TN 37212; 615-327-4751)
2. Coordinate with Disabled American Veterans (DAV) and county Veterans Affairs directors — Nashville TVHS works directly with these organizations to coordinate veteran transportation
3. Understand the VHA-Uber Health Connect / Veterans Transportation Program Beneficiary Travel Rideshare Service — expanded May 1, 2024 to more VA facilities nationwide; your services complement, not compete with, this rideshare option
4. Maintain documentation records covering: veteran eligibility verification, authorization numbers, trip manifests, GPS data, and billing submissions
5. Retain GPS data for 2-5 years per state and broker requirements; retain trip logs 7-10 years for Medicaid audit lookback compliance
6. Ensure all VA partnership contracts include clear BAA language covering PHI handling obligations under both HIPAA and VHA Handbook 1605.05

Real-World Consequences: What Happens When You Miss a Compliance Item

These are not hypothetical risks. Enforcement in the NEMT industry has accelerated significantly.

Metro Medical Transport, a mid-sized NEMT provider operating across three states, faced a 23% claim denial rate, two state audit findings, and lost a major MCO contract in early 2024 due to documentation deficiencies. The company's monthly revenue loss exceeded $150,000. Root causes: manual documentation, incomplete trip records, delayed claim submissions, and inconsistent billing codes — all correctable with proper NEMT compliance software.

On the enforcement side, NEMT settlements have ranged from $66,000 to over $600 million, with False Claims Act qui tam provisions allowing whistleblowers to receive 15–30% of recovered funds. Staff and drivers who identify billing irregularities have legal protections and financial incentives to report them.

In Tennessee specifically, Tennessee Carriers and Verida both screen applicants carefully and reserve the right to deny or terminate provider contracts for compliance failures. A single audit finding can end a Nashville provider's TennCare contract — and with it, the majority of their trip volume.

Frequently Asked Questions

FAQ 1: What is the difference between VA NEMT compliance and standard Medicaid NEMT compliance?

Standard Medicaid (TennCare) compliance governs billing codes, trip documentation, vehicle standards, and broker contract requirements. VA-specific compliance adds a layer of federal rules under 38 U.S.C. § 111 and 38 CFR Part 70, including pre-authorization requirements for special mode transportation, veteran-specific eligibility verification, VHA Directive 1601B documentation standards, and EFT-only reimbursement mandates. Providers serving veterans in Nashville must satisfy both regulatory frameworks simultaneously — TennCare rules do not substitute for VA rules, and vice versa.

FAQ 2: Are NEMT providers in Tennessee required to comply with HIPAA?

Yes. NEMT providers handling patient trip data, Medicaid IDs, medical conditions, pickup/drop-off locations, and billing records are classified as Business Associates under HIPAA. This classification makes full HIPAA compliance — including administrative, physical, and technical safeguards, annual risk assessments, staff training, and signed Business Associate Agreements with all vendors — legally required. Non-compliance penalties range from $145 to $73,011 per violation, with annual caps up to $2.19 million per violation category.

FAQ 3: What changed for TennCare NEMT providers on July 1, 2025?

Two significant policy changes took effect on July 1, 2025 for TennCare NEMT providers. First, the billing code for ambulatory/mobility vehicle mileage changed to HCPCS S0215 — providers still using prior codes will have claims denied. Second, members may now only be picked up at the home address on file with TennCare, with one exception allowed per year. Providers who schedule pickups at alternate addresses without confirming the exception has been used risk compliance violations and non-payment.

FAQ 4: Do I need prior VA authorization before transporting a veteran using special mode transportation?

Yes. Under 38 CFR § 70.20 and VHA Directive 1601B, VHA must authorize special mode transportation prior to the trip unless the situation was a medical emergency. Without pre-authorization, reimbursement claims will be denied. The veteran must also have a written medical necessity certification from a VA clinician, and the provider must maintain that documentation along with the authorization number. The Nashville VA Tennessee Valley Healthcare System processes these authorizations — providers should establish a direct relationship with the BT office at 1310 24th Avenue South, Nashville, TN (615-327-4751).

FAQ 5: How Can an NEMT Platform Help You Meet VA, HIPAA, and TennCare Compliance Requirements?

Managing VA NEMT compliance manually — across three regulatory frameworks simultaneously — is how providers end up with 23% claim denial rates and lost contracts. A purpose-built NEMT platform addresses every layer:

• HIPAA Compliance: End-to-end AES-256 encryption for all trip data, automated audit trails, role-based access controls (drivers see addresses only; billing staff see billing data only), and HIPAA-compliant secure messaging between dispatch and drivers
• TennCare Billing Accuracy: Built-in HCPCS code S0215 enforcement for ambulatory mileage billing, GPS-validated timestamps for EVV compliance, automated claim submission within required windows, and address verification against TennCare home-address-on-file rules
• VA Documentation: Pre-authorization tracking for special mode transportation, veteran eligibility verification workflows, VHA-standard trip manifests and vendor invoice generation, and record retention built into the platform architecture
• Driver & Vehicle Compliance: Automated alerts for expiring certifications (CPR, PASS, driver licenses), background check status tracking, and maintenance schedule reminders
• Audit Readiness: On-demand compliance reports, real-time dashboard visibility into open documentation gaps, and quarterly internal audit support

The right veteran NEMT software does not just help you stay compliant — it helps you win and retain contracts with TennCare brokers, the Nashville TVHS, and MCOs by demonstrating audit-ready operations from day one.

Ready to Build an Audit-Proof NEMT Operation in Nashville?

Whether you are launching a new NEMT business in Nashville, TN or scaling an existing operation to serve more veterans and TennCare members, compliance cannot be an afterthought. The regulatory landscape — HIPAA, TennCare, and VA-specific requirements — demands a system built to handle all three layers simultaneously.

Our NEMT platform is designed specifically for providers serving veterans and Medicaid members. From HIPAA-compliant data handling and EVV-ready GPS tracking to VA pre-authorization workflows and TennCare billing code enforcement, we give you the tools to operate with confidence — not guesswork.

Book a free demo today and see how our veteran transportation platform can help your Nashville NEMT business stay compliant.

Disclaimer

The rates, figures, and statistics in this article are sourced from publicly available industry data, national broker rate schedules, and general market research. They reflect national averages and broad benchmarks as of 2024-2025. Actual rates in your area may differ depending on your state, broker network, payer contracts, and local market conditions. Before setting your charge and pay structure, verify current rates directly with your state’s Medicaid broker, local MCOs, and any private insurance partners you plan to work with. This article is intended for general informational purposes only and does not constitute financial, legal, or business advice.