Sterling Solutions LLC
success.build/riskhome care agencies › NY LHCSAs and state-DOH-licensed home care
Sovereignty Maturity Assessment for NY LHCSAs

The vendor was chosen
by the state.
The terms were not.

And nobody told you the difference.

Licensed Home Care Services Agencies (LHCSAs) in New York operate inside a regulatory frame the agency did not draft and did not get to negotiate. The 21st Century Cures Act mandated Electronic Visit Verification for Medicaid-funded personal care and home health services. The federal mandate came down. NY DOH ran a procurement. HHAeXchange became the de facto EVV solution for most LHCSAs. The agency that wanted to keep operating in NY Medicaid lined up to sign whatever contract HHAeXchange wrote, because the alternative was not operating in NY Medicaid. The contract terms reflect that leverage gradient. The fees reflect it. The data-portability posture reflects it. Most LHCSA owners signed years ago and have not re-read the terms since.

HHAeXchange is now the central operational database for visit verification, scheduling, time capture, claims integration to Medicaid MLTC plans, and, since roughly 2024, an expanding set of AI features that touch caregiver scheduling, fraud-pattern detection, and documentation. The data the agency needs to operate, to prove compliance to NY DOH inspectors, to defend itself in a DOL wage-and-hour case, and to settle disputes with Medicaid MLTC payers sits inside HHAeXchange. The agency that can produce a clean, independent shadow-record of the same data is in a very different defensive posture than the agency that depends entirely on what HHAeXchange chooses to surface.

Then layer the Medicaid MLTC payer relationships on top. Each MLTC plan (VNS Choice, Centers Plan, Aetna Better Health, Empire BlueCross BlueShield HealthPlus, Fidelis Care, MetroPlus, Healthfirst, Senior Whole Health, and the rest) has its own contract terms, its own audit posture, its own claims-disputes process, and its own relationship with HHAeXchange and other downstream vendors. The agency is operating in a many-to-many vendor-and-payer network. The data trail crosses every node. The audit trail has to be reconstructable across every node. Most LHCSAs cannot do this on demand without significant manual reconstruction.

Add NY DOH oversight on the licensing and inspection side. Add DOL wage-and-hour exposure through the 2013 Home Care Rule and the Andryeyeva and Moreno line of cases shaping 13-hour live-in settlements. Add the New York Labor Law Article 19 layer. Add the OCR HIPAA layer because most LHCSAs handle PHI even though they are not always treated as HIPAA covered entities by their vendors. Add the OIG enforcement layer that increasingly looks at Medicaid home care alongside Medicare.

This page exists to give you a written, sourced evaluation of where your LHCSA's sovereignty posture stands today. Free. Hybrid cycle by default given the layered nature of LHCSA exposure (single vendor lock-in + multi-payer relationships + multi-regulator overlay). Built around HHAeXchange, your MLTC payer mix, your DOH inspection history, and your DOL exposure pattern.

Skip ahead, book the call now → What's in the assessment ↓

What the assessment actually delivers.

A written sovereignty-posture document organized the way a thoughtful NY DOH inspector, a Medicaid MLTC audit reviewer, or a DOL investigator would organize a review. Three to six pages on the short cycle; six to twelve pages on the long cycle. Named observations sourced to your LHCSA's actual HHAeXchange configuration, MLTC payer mix, and operational reality, with a remediation order written for the LHCSA owner's actual environment: the owner or COO who reads vendor amendments between MLTC capitation cycles, the scheduling coordinator who manages the HHAeXchange interface, and the payroll lead who reconciles 13-hour live-in time across multiple systems.

Lens 1: NY DOH conformance, HIPAA conformance, and the audit-readiness posture across HHAeXchange + adjacent vendors.

What can your LHCSA produce on demand to show that your HHAeXchange configuration, your other vendor tooling, your MLTC plan submissions, and your caregiver records meet NY DOH licensing requirements and HIPAA obligations? Where would a DOH inspection find a gap? Where would an OCR HIPAA investigation find that your BAA coverage doesn't match what the vendor stack actually does with PHI? This lens reads your agency's environment the way a thoughtful compliance officer with inspection authority would, naming gaps with specificity.

Lens 2: Vendor sovereignty across the LHCSA stack, with HHAeXchange as the central concentration risk.

What does HHAeXchange actually claim in the current Terms of Service and BAA? When was the BAA last amended? What AI features have been activated on the agency's account since you signed? Can you export every visit record, every time entry, every caregiver assignment, and every MLTC claim cleanly without HHAeXchange's active cooperation? What does your downstream-of-HHAeXchange stack look like (scheduling overlay, payroll, CRM/marketing, AI overlays) and how is the data flowing between them? What is your contingency posture if HHAeXchange has a material outage, an acquisition that changes terms, or a price increase at renewal? The assessment names the concentration risk and the remediation paths sized to LHCSA reality.

The deliverable is yours. Keep it, share it with your DOH compliance counsel ahead of an inspection, use it in a renewal negotiation with HHAeXchange or an MLTC plan, or work the remediation in-house.

The threat surface, named for LHCSAs.

Four exposures sized specifically for NY LHCSAs and state- DOH-licensed equivalents elsewhere. None of these are hypothetical. All of them are showing up in current NY DOH inspection findings, OCR HIPAA resolution agreements, Medicaid MLTC audit activity, DOL wage-and-hour settlements, and the NY home care trade press.

Threat 1: HHAeXchange is single-vendor concentration risk that the regulator created and the agency cannot meaningfully escape.

21st Century Cures Act EVV requirements led NY DOH to a procurement that effectively concentrated NY LHCSAs onto HHAeXchange. The leverage gradient was set at that moment. Contract terms reflect it. Pricing reflects it. Data- portability posture reflects it. Most LHCSA owners signed years ago and have not re-read since. AI features activated since 2024 (caregiver scheduling intelligence, visit-pattern fraud detection, documentation summarization) have expanded the surface of what HHAeXchange does with PHI under the existing BAA. The agency's BAA-monitoring obligation under HIPAA does not lift just because the regulator chose the vendor. This is the credit-union-equivalent threat for LHCSAs: one dominant vendor everyone feels but has no alternative to.

Sources: 21st Century Cures Act EVV provisions (42 USC 1396b); CMS EVV implementation guidance; NY DOH EVV implementation and HHAeXchange selection record; HHAeXchange published terms of service (verify current language at assessment time); 45 CFR 164 (HIPAA Privacy and Security Rules); HHS OCR Resolution Agreements 2022-2025 on BAA- monitoring inadequacy; Sterling's anti-lock-in doctrine (REFERENCE_anti-lock-in-doctrine.md).

Threat 2: Medicaid MLTC payer relationships are a many-to-many vendor and audit-trail surface most LHCSAs cannot reconstruct on demand.

Each Medicaid Managed Long-Term Care plan (VNS Choice, Centers Plan, Aetna Better Health, Empire BCBS HealthPlus, Fidelis Care, MetroPlus, Healthfirst, Senior Whole Health, and the rest) has its own contract terms, its own audit posture, its own claims-disputes process, and its own expectations of how your data integrates with theirs. The LHCSA is operating in a many-to-many vendor-and-payer network. When an MLTC plan disputes a claim, downcodes a service, or initiates a recovery audit, the agency has to reconstruct what happened across HHAeXchange + scheduling + payroll + clinical documentation. Most LHCSAs cannot do this on demand without significant manual reconstruction. The agency that can is operating in a different posture than the agency that cannot.

Sources: NY DOH Medicaid Managed Long-Term Care program guidance; MLTC plan contract templates (varies by plan); 42 USC 1396u-4 (Medicaid managed care); state Medicaid Fraud Control Unit annual reports on MLTC; trade press coverage of MLTC payer-provider disputes 2023-2025.

Threat 3: NY 13-hour live-in case law and DOL Home Care Rule exposure compound through your vendor data trail.

Andryeyeva v. New York Health Care Inc. and Moreno v. Future Care Health Services shaped a class-action settlement pattern in NY 13-hour live-in arrangements that has cost the industry tens of millions. The 2013 DOL Home Care Rule extended FLSA minimum-wage and overtime protection to most home care workers federally. New York Labor Law Article 19 adds the state layer. Your time- tracking (HHAeXchange + alternates), your scheduling vendor, your payroll vendor, and your EVV all carry slices of the data trail DOL or plaintiff's counsel will subpoena. If your data tells a clean cross-vendor-reconciled story you can produce on demand, the case is manageable. If it doesn't, the settlement is whatever plaintiff's counsel thinks they can extract.

Sources: 29 CFR 552 (DOL Home Care Rule); Andryeyeva v. New York Health Care Inc., 33 NY3d 152 (2019); Moreno v. Future Care Health Services, 173 AD3d 700 (2019); New York Labor Law Article 19; FLSA (29 USC 201 et seq.); NYSDOL wage-and-hour enforcement actions 2022-2025.

Threat 4: NY DOH licensing and inspection regime + OCR HIPAA enforcement compound on the same vendor stack.

NY DOH licenses LHCSAs and inspects them periodically (every three to five years for general licensing, sooner when complaint-triggered). Inspection findings can result in conditions on licensure, fines, or revocation in serious cases. OCR HIPAA enforcement operates separately and can independently target an LHCSA for BAA-monitoring inadequacy, improper PHI disclosure to vendors, or breach-notification failures. Both enforcement streams read the same vendor stack. The agency that has documented its HHAeXchange BAA- and-AI-activation history, its MLTC data-flow posture, and its caregiver-data handling can answer either regulator cleanly. The agency that hasn't has to scramble in two directions at once if both arrive in the same quarter.

Sources: 10 NYCRR Part 765 (NY DOH LHCSA licensing regulations); NY DOH inspection protocols and published enforcement actions; 45 CFR 164 (HIPAA Privacy and Security Rules); HHS OCR Resolution Agreements 2022-2025 on BAA-monitoring inadequacy; NY DOH Medicaid program integrity enforcement.

The hybrid cycle, sized to the LHCSA.

LHCSAs default to the hybrid cycle. Short cycle works for focused questions (HHAeXchange BAA review, MLTC dispute reconstruction, specific upcoming DOH inspection). Long cycle works for agencies preparing for sale or succession, agencies in active DOL litigation, or agencies with multiple service lines (LHCSA + Medicare-certified + private-duty).

  • Short cycle (about two hours of your time, roughly one week elapsed). Thirty-minute discovery call. Homework on your side: HHAeXchange configuration summary, MLTC payer list, the specific question you want answered. One sixty-minute evaluation session. A three-to-six page written posture document delivered within five business days.
  • Long cycle (about ten business days, multi-vendor- reconciliation deliverable). Forty-five-minute discovery call. One week of homework on our side: we pull current HHAeXchange public terms, current MLTC plan contract templates for your payer mix, current NY DOH inspection protocol updates, and current OCR enforcement posture. One ninety-minute evaluation session with the owner, the compliance officer, the scheduling coordinator, and the payroll lead. A six-to-twelve page written posture document within five business days.

The choice is made on the discovery call. Either option is free.

Who this is for.

The fit is clearest for NY LHCSAs in the $2M to $30M annual revenue band with 50 to 500 caregivers, running on HHAeXchange and operating across 2-8 MLTC plan relationships. The pattern generalizes to state-DOH-licensed home care agencies in other states with similar vendor concentration and Medicaid managed care exposure.

  • Independent NY LHCSAs (50-200 caregivers) with a single owner or partnership, running on HHAeXchange and 2-5 MLTC payer relationships.
  • Multi-borough or multi-county NY LHCSAs (200-500 caregivers) with operations across NYC, Westchester, Long Island, or Hudson Valley with broader MLTC payer mix.
  • LHCSAs with adjacent licensure (LHCSA + CDPAP fiscal intermediary; LHCSA + Medicare-certified HHA; LHCSA + private-duty) running on multiple vendor platforms across service lines.
  • LHCSAs preparing for a known upcoming NY DOH inspection, complaint-triggered re-inspection, or scheduled licensing renewal.
  • LHCSAs in active dispute with one or more MLTC plans over claim denials, downcoding, or recovery audits.
  • LHCSAs in active DOL or plaintiff-side wage-and-hour litigation, particularly around 13-hour live-in arrangements.
  • LHCSAs preparing for a sale, succession, or strategic acquisition where vendor-stack reconciliation and audit-trail completeness shape the multiple.
  • State-DOH-licensed home care agencies outside NY with similar Medicaid managed care + state-mandated EVV vendor concentration.
Adjacent LHCSA-and-home-care structures we also work with
  • NY LHCSAs newly licensed (within the last 18 months) where the founder hasn't yet been through a full audit cycle and wants to set up the sovereignty posture from clean ground.
  • LHCSAs operating in multiple states with EVV vendor variation across states (HHAeXchange in NY, Sandata or other in other states).
  • LHCSAs with significant private-pay overlay bridging the LHCSA work and private-duty operations (also fit the private-duty assessment).
  • LHCSAs in or considering CDPAP fiscal intermediary work in the post-PPL-transition landscape (also fit the CDPAP FI assessment).
  • NY hospice and palliative home care with state DOH overlap (possible future type-page).
  • Single-aide or single-nurse owner-operator agencies under $2M revenue for whom the home care hub assessment may be sized correctly.

Why us.

Sterling Solutions is a Westchester-based small firm operating in the same Hudson Valley communities most NY LHCSAs serve. We do not run on venture capital. We do not have a sales team pretending to be your friend. We have published values (success.build/ethos) and a written anti-lock-in doctrine, and the architecture of our own platform proves it.

We are not an EVV vendor. We are not HHAeXchange. We are not pitching a migration off HHAeXchange (the regulator chose it; migrating is not realistic for most LHCSAs). The assessment is not a stalking horse for a vendor switch. If the conclusion is "your HHAeXchange BAA is defensible with three documentation gaps closed and a renewal-timing negotiation strategy," that is the conclusion. We have no commission structure with any vendor.

The aide is in the bathroom. The nurse is at the bedside. The personal assistant is at the kitchen table. The caregiver-family-patient triad is built on trust at the most intimate distance the healthcare system reaches. The vendor stack a LHCSA operates should reflect that intimacy and the leverage gradient should be balanced against the reality that the LHCSA owner did not choose the central vendor and cannot meaningfully exit it. Sterling takes this seriously because we operate in the same Westchester / Hudson Valley communities and we know the regulators and the named MLTC plans by reputation, not by abstraction.

What this page is not.

This is not a pitch for a six-figure modernization engagement. The assessment is the deliverable.

This is not a NY DOH compliance audit and not a Medicaid program integrity audit. Those exist, they cost five figures, and we are not certified to do them. We identify gaps and route to certified compliance counsel if you need that level of work.

This is not a HHAeXchange migration proposal. We are realistic about the structural concentration. The assessment is about working better inside the constraint, not pretending you can escape it.

This is not legal advice. Sterling Solutions is a technology firm, not a law firm. LHCSA operators typically need BOTH a healthcare attorney (HIPAA, NY DOH, MLTC plan disputes) AND employment counsel (FLSA, NY Labor Law, 13-hour live-in, wage-and-hour litigation) for legal- consequence decisions. We are happy to coordinate.

Tire-kickers, briefly.

The evaluation is honest work. We do the homework on our end. We come to the evaluation session prepared. We ask the same of you: bring the owner or compliance officer who actually makes the vendor and payer decisions, and bring a real intent to read what we deliver. Curiosity is fine. Performative curiosity is not what this offer is for.

One discovery call.

Forty-five minutes for the long cycle, thirty for the short. HHAeXchange's terms, the MLTC payer mix your agency is exposed to, the DOL wage-and-hour litigation surface, and the NY DOH inspection timing your agency is on are going to be the subject of the next renewal, the next dispute, the next inspection, or the next case whether or not you have a written posture document on the shelf. The asymmetry between "having a written assessment ready before the question comes" and "scrambling once it does" is large, and it is not in your favor by default.

Book the discovery call →

Heads-up on the booking page: the booking widget currently shows 30-minute slots. For the short cycle, thirty minutes is the right length. For the long cycle, once you pick a time we will extend it to forty-five minutes on our end, provided the fifteen minutes before or after your selected slot are open on our calendar. If the adjustment does not work for you, email [email protected] and we will find a slot that fits.

success.build/risk/home-care/lhcsa · [email protected] · scope-selectable on the discovery call

Sterling Solutions LLC
Purpose-built technology for community organizations. Platforms, AI, and development services designed for nonprofits, fraternal organizations, and professional associations.