Compliance

Home Care Agency Compliance Checklist

Most small home care agencies are compliant — not because they have a system, but because they haven't been audited yet and they keep track of things in ways that would unnerve a state surveyor. This guide covers what surveyors actually look for, how to build a compliance calendar that doesn't rely on anyone's memory, and why agencies at 30 patients typically lose around $600 per month to compliance gaps they don't know they have.

Book a Demo Caregiver Credential Tracking
The Short Answer

Compliance Is Not a One-Time Project — It Is a Weekly Operational Rhythm

Home care agency compliance is not a filing system you build once and then refer to during inspections. It is a set of recurring obligations — credential renewals, care plan reviews, supervisory visits, incident reports, staff training hours, policy updates — that have specific deadlines, specific documentation requirements, and specific consequences when they slip. Most of those consequences are not immediate. A caregiver whose CPR certification expired last month is still showing up to shifts, still providing good care, still getting paid. The exposure accumulates silently until a state surveyor or an MCO auditor finds it.

The agencies that sail through inspections are not doing anything heroic. They are running compliance as an operational function — a calendar-based system that generates alerts before deadlines, not after them. A folder on a desktop labeled "IMPORTANT DO NOT DELETE" is not a compliance system. It is compliance intention. The difference between the two is what a surveyor sees when they walk in.

This guide covers the categories of compliance your agency is responsible for, what surveyors look at in each, and how to build the minimum viable system that keeps you out of corrective action territory — and out of the $600 per month in compliance-related losses most 30-patient agencies don't realize they are incurring.

Survey Readiness

What State Surveyors and MCO Auditors Actually Review

State surveyors and MCO auditors are not looking for you to fail. They are reviewing a defined set of documents and records against a defined set of standards. The checklist below reflects the categories that generate the most findings at small home care agencies — not because those agencies are doing something wrong, but because those are the categories that are hardest to maintain consistently without a system.

01

Caregiver Personnel Files

What is required. Every caregiver must have a complete personnel file containing: proof of required certification (CNA, HHA, or applicable state credential); a current, clear background check from your state's nurse aide or caregiver registry and from a national criminal background check service; a current TB test or chest X-ray (typically required annually); CPR and first aid certification (typically valid for two years); completed orientation documentation; required training hours with dates and competency verifications; a signed job description; an annual performance evaluation (required in most states); and emergency contact information.

What surveyors look for. The surveyor will typically pull a random sample of five to ten personnel files and check each item above. A single expired CPR certification is a deficiency. Three expired CPR certifications in a file sample of five is a pattern — and a pattern elevates the inspection. The most common personnel file deficiency at small agencies is not missing documentation at intake; it is documentation that was current at hire and has since expired without anyone noticing.

What the calendar requires. Every credential in every personnel file needs an expiration date entered in a tracking system with an alert set 45–60 days before expiration. CPR renews every two years. TB tests renew annually. State certifications renew on a state-set schedule. With 15 caregivers, you have roughly 45–60 individual expiration dates to track. A spreadsheet can manage this, but it requires someone to check it at least weekly and act on what it shows. For a complete guide to building this system, see How to Track Caregiver Credentials.

02

Client Records and Care Plans

What is required. Every active client must have a complete record containing: an initial comprehensive assessment or intake evaluation; a current care plan that reflects the client's actual condition, care needs, and service schedule; authorization documents for the current service period; supervisory visit records at the required frequency (most states require a supervisory visit every 60 to 90 days, and some require more frequent visits for certain client populations); incident reports for any reportable events; and physician or nurse practitioner orders for any skilled elements of the care plan.

What surveyors look for. The care plan review date is the most scrutinized element. A care plan that has not been reviewed since intake — even if the client's condition hasn't changed significantly — is a deficiency if the review interval has passed. Surveyors also look at whether the care plan reflects what is actually being delivered: a care plan that describes 20 hours per week when EVV records show 14 is a discrepancy that requires explanation. Incident reports are another common finding — events that should have been reported within 24 to 48 hours but were reported late, or not reported at all.

What the calendar requires. Each client record needs a care plan review date and a supervisory visit due date tracked in a system that generates alerts. At 30 clients with 60-day supervisory visit intervals, you have five to six supervisory visits due per month. If no one owns a calendar that shows which are coming up, some will be missed. At six missed supervisory visits in a survey period, the surveyor does not see six individual oversights — they see a systemic failure in the supervisory visit process.

03

EVV Compliance Data

What is required. Every personal care visit must have compliant EVV data — all six required data elements captured, and any exceptions resolved and documented according to state protocols. Surveyors and MCO auditors may request EVV records for a sample of visits and review the exception resolution log to confirm that exceptions are being addressed in a timely and compliant manner.

What surveyors look for. A high exception rate — more than 5 to 10 percent of visits flagged as exceptions in any period — signals a systemic problem with EVV procedures. Exceptions that are resolved days or weeks after they were generated (rather than within 24 to 48 hours) signal that no one is monitoring the exception queue. Both patterns are cited as deficiencies. For context: an exception that sits unresolved for 60 days is not just a compliance finding — it is a billing failure, because the claim for that visit cannot be submitted until the exception is resolved, and the timely filing window may have closed by then.

What the calendar requires. EVV exception review needs to happen daily or, at minimum, before every billing run. The exception queue should never be more than 48 hours old. For a complete guide to EVV compliance management, see What Is EVV?

04

Policies and Procedures

What is required. Every licensed home care agency must maintain a written policies-and-procedures manual covering, at minimum: personnel policies (hiring criteria, background check procedures, credentialing requirements, disciplinary process), care delivery policies (service scope, infection control, documentation standards, medication management if applicable), emergency procedures, client rights and grievance procedures, incident reporting procedures, and quality assurance processes. The manual must be reviewed and updated at a defined interval — typically annually — and the review must be documented.

What surveyors look for. Surveyors check three things: that the manual exists and is current (last reviewed within the required interval), that the policies reflect how the agency actually operates (not a template that was filed at licensure and never touched since), and that staff are aware of and following the policies. If a surveyor asks a caregiver how they handle a medication question and the answer doesn't match the written policy, that is a deficiency — even if the caregiver's actual practice is perfectly reasonable.

What the calendar requires. Schedule an annual policies-and-procedures review on a fixed date. Block two hours. Update sections that have changed — EVV procedures, credential requirements, state regulatory changes — and document the review with a signature and date. This is not complex work. It is simply work that needs to happen on a schedule, and that most agency owners do not have on their calendar until after the first citation that references an outdated policy.

05

Staff Training and Competency

What is required. In addition to initial orientation, most states require annual in-service training for all caregivers — a minimum number of hours covering topics specified by state regulation, which typically includes infection control, client rights, abuse and neglect prevention, safety procedures, and any service-specific topics. All training must be documented with the date, content, instructor, and caregiver signature. Some states also require competency evaluations at hire and annually thereafter.

What surveyors look for. Training logs are requested for all caregivers in the personnel file sample. A caregiver who is missing annual in-service hours — even by two hours — is a deficiency. A caregiver whose training documentation exists but does not show the required topics is a deficiency. Surveyors also look at whether required competency evaluations were conducted and documented. This is one of the most reliably cited categories at small agencies because the training often happens informally — in a group meeting, during a shift overlap — and the documentation is incomplete or not filed correctly.

What the calendar requires. Annual in-service training for each caregiver should be scheduled as a calendar event, not an intention. Track completion by caregiver and topic, not just by date. A group training session needs individual sign-in sheets retained in each caregiver's file, not just a general log that a surveyor will not find helpful when they pull individual files.

06

Administrative and Licensure Records

What is required. Your agency must maintain current copies of: the state home care agency license and any required renewals; liability insurance and workers' compensation insurance certificates with current effective dates; any required surety bonds; all active MCO contracts with current effective dates; proof of any required quality assurance activities; and documentation of any complaints received and how they were resolved. Some states also require maintaining a log of all incidents that occurred and how they were reported and addressed.

What surveyors look for. An expired insurance certificate is an immediate and serious deficiency — it means your agency was operating without required coverage. An expired license renewal is a critical finding that can result in a stop-work order until the renewal is completed. These are the highest-severity single-document deficiencies and the easiest to prevent: they have known expiration dates, and the renewals can be tracked on a calendar years in advance.

What the calendar requires. License renewal dates, insurance certificate expiration dates, and MCO contract renewal dates should all be entered in a tracking system with 90-day advance alerts. These are not frequent — an insurance certificate typically renews annually, a state license every two to three years — but the consequences of missing them are severe enough that tracking them deserves the same systematic attention as caregiver credential expiration.

The Revenue Picture

~$600 Per Month in Compliance-Related Revenue Loss at a 30-Patient Agency

The $600 per month figure captures three compliance-driven revenue losses that operate quietly in the background at most small agencies. They are not dramatic — they do not feel like a compliance failure from the inside. They feel like normal operational friction.

Credential-lapse recoupment risk: ~$200/month. When an MCO audit reveals that services were delivered by a caregiver with a lapsed credential — an expired CNA certificate, an overdue TB test, an expired background check recheck — the MCO can request recoupment of payments made for those visits. The caregiver may have provided excellent care. The services may have been clinically appropriate. The credential lapse is still grounds for recoupment under the provider agreement. At an average Medicaid rate of $20/hour and two lapsed-credential shifts per month, the exposure is $200–$300 before the recoupment request even arrives.

Documentation gap denials on retrospective audit: ~$250/month. MCOs conduct retrospective audits — often 6 to 12 months after claims are paid — in which they request documentation for a sample of visits and compare it against the claim. A care plan that was not reviewed on schedule, a supervisory visit that was conducted but not documented adequately, a nurse assessment that predates the visit by more than the allowed interval — any of these can result in post-payment recoupment. At 30 patients, even a 2–3% recoupment rate on claims in an audit period generates meaningful losses.

Reactive compliance work: ~$150/month equivalent. This one is harder to see because it shows up as time rather than money. Every hour the agency owner or office person spends responding to an audit request, pulling files, writing a corrective action plan response, or reconstructing documentation is an hour not spent on billing, scheduling, intake, or clinical oversight. At $25/hour of equivalent back-office value, six hours per month of reactive compliance work is $150 of capacity consumed by fires that a calendar-based system would have prevented.

Add those three together and the monthly total is comfortably at $600 — without a state citation, without a license action, without a fine. Those outcomes are the tail risk. The $600 is the baseline.

Building the System

The Minimum Viable Compliance Calendar for a 30-Patient Agency

A compliance calendar does not need to be sophisticated. It needs to be complete, current, and in front of someone who acts on it. The following is the minimum structure that keeps a 30-patient agency in continuous survey readiness without requiring heroic effort.

Compliance Category
Frequency
Alert Lead Time
Owner
Caregiver CPR / first aid certification
Every 2 years per caregiver
45 days before expiration
Office / back-office
Caregiver TB test or chest X-ray
Annually per caregiver
45 days before expiration
Office / back-office
CNA / HHA license renewal
Per state schedule (2–3 years typical)
60 days before expiration
Office / back-office
Background check re-verification
Per state / MCO requirement (annual in many)
45 days before due
Office / back-office
Annual in-service training completion
Annually per caregiver (hire anniversary or calendar year)
60 days before deadline
Owner / clinical lead
Client care plan review
Every 60–90 days per client (state-dependent)
14 days before due
Clinical lead / owner
Supervisory visit
Every 60–90 days per client (state-dependent)
14 days before due
Clinical lead / owner
Client authorization renewal
Every 90–180 days per client (MCO-dependent)
30–45 days before expiration
Office / billing
Policies and procedures review
Annually
30 days before annual date
Owner
Liability / workers' comp insurance renewal
Annually
90 days before expiration
Owner
State license renewal
Per state schedule (2–3 years typical)
90 days before expiration
Owner
MCO contract renewal / re-credentialing
Per MCO schedule (typically annual to every 2 years)
60 days before due
Owner / office

At 30 clients and 15–20 caregivers, this calendar generates roughly 15–25 compliance action items per month. That is manageable. What makes it manageable is that each item appears on the calendar 30 to 90 days before it is due — not on the day it expires. The work of building the calendar is a one-time project of a few hours. The ongoing work of acting on it is 30 to 60 minutes per week. The cost of not having it is the $600 per month baseline — plus the tail risk of a citation, a recoupment demand, or a corrective action plan that consumes far more time than the calendar would have required.

Self-Audit

Survey Readiness Questions to Ask Before the Surveyor Does

Walk through these questions for your agency right now. For any question where the answer is "I think so" or "I would have to check," that is a gap to address before a surveyor asks it in writing and requires a corrective action plan as the response.

Caregiver Files

Do you know, right now, without checking a file, whether every active caregiver has a current CPR certification? A current TB test? Do you know the expiration date of your most-soon-to-expire credential across all caregivers? If the answer is no, you do not have a credential tracking system — you have a filing system.

Care Plans

When was the last time each client's care plan was formally reviewed and updated? Can you produce the documentation of that review on request? If any client's care plan has not been reviewed within your state's required interval, that client's file is a deficiency today — not on inspection day.

Supervisory Visits

Are all your required supervisory visits current? Do you have written records — not just memory — of when each one was conducted, by whom, and what was observed? A supervisory visit that happened but wasn't documented is, legally and regulatorily, a supervisory visit that didn't happen.

EVV Exceptions

How many unresolved EVV exceptions are currently in your EVV system? How old is the oldest one? If any exception is older than 48 hours, it should have been resolved and it represents a claim that cannot yet be billed. If any exception is older than two weeks, it is likely approaching the timely filing window for the associated claim.

Policies and Procedures

When was your policies-and-procedures manual last reviewed and updated? Is the review documented with a date and signature? Does the current manual reflect your EVV procedures as they operate today — or does it describe how EVV worked two systems ago?

Insurance and Licensure

What is the expiration date of your current liability insurance certificate? Your workers' compensation policy? Your state home care license? If you had to answer those questions right now, in front of a surveyor, could you? Do you have those dates written down somewhere other than your insurance binder?

About CareBravo

Compliance That Runs Without You Holding It Together

The compliance calendar described above is not complicated to build. It is complicated to maintain consistently when you are also the scheduler, the clinical lead, the billing reviewer, and the owner. That's the gap most small agencies live in — the system exists in concept, but nobody's checking it every week because nobody has capacity for both the system and everything else.

CareBravo delivers compliance management as an operational function. Credential expiration dates are tracked and alerts are generated before they become deficiencies. Care plan review schedules are managed against the calendar. Supervisory visit due dates are surfaced before they are missed. EVV exceptions are cleared on a daily cycle. The compliance obligations that would otherwise require an owner's attention to track are tracked automatically — and the output is a dashboard showing what's current, what's coming up, and what needs action today.

That's what compliance looks like when it's part of a connected operational system rather than a separate task someone adds to an already full plate. 100+ agencies. 73% average revenue growth. No added back-office hires.

EVV compliance function → Nurse documentation function → Caregiver credential tracking →
Questions

Common Questions About Home Care Agency Compliance

State surveyors conducting home care agency inspections typically review six categories: caregiver personnel files (credentials, background checks, training documentation), client records (care plans, supervisory visit records, authorization documents, incident reports), EVV compliance data (visit records and exception resolution logs), policies and procedures (currency, completeness, and whether staff are following them), staff training records (annual in-service completion by caregiver), and administrative records (insurance certificates, license currency, MCO contract status). The most common deficiencies at small agencies are expired caregiver credentials, outdated or unreviewed care plans, insufficient supervisory visit documentation, and policies-and-procedures manuals that have not been reviewed on the required schedule. A pattern of the same deficiency across multiple records — three expired CPR certifications in a file sample of six — elevates the inspection and expands its scope.

Inspection frequency varies by state. Most states conduct an initial licensure inspection before issuing a new agency's license and follow-up inspections on a recurring schedule — typically every one to three years for agencies in good standing. Agencies with prior deficiencies are often inspected more frequently, sometimes annually or every six months, until deficiencies are resolved and verified. States also conduct unannounced complaint-driven inspections when a client, family member, employee, or another party files a complaint. MCOs conduct their own audits separately from state surveys, typically annually or on a rotating schedule. Both state surveys and MCO audits can result in citations, corrective action plans, and recoupment of previously paid claims.

A compliance calendar is a structured tracking system that captures every recurring compliance obligation — credential renewal dates by caregiver, care plan review dates by client, supervisory visit due dates, training deadlines, license renewal dates, insurance certificate expirations — and generates alerts before each deadline, not after. To build one: list every compliance obligation your state regulations and MCO contracts require, identify the required frequency and the lead time needed to complete each item, and enter every active record as a tracked item with an alert set 30–60 days before the deadline. A spreadsheet works at 10–15 clients. At 30 clients with 15–20 caregivers, the volume makes manual tracking unreliable and a dedicated compliance tracking system or calendar significantly reduces the risk of items falling through.

The most common compliance deficiencies found during state surveys and MCO audits at small home care agencies fall into five categories: expired caregiver credentials (CPR, TB tests, CNA or HHA licenses) that were not renewed on time; outdated or unreviewed client care plans that have not been updated at the required interval; missing or insufficient supervisory visit documentation; missing or late incident reports; and policies-and-procedures manuals that are outdated, not being followed, or not being reviewed on schedule. These are not typically cases of an agency doing something wrong — they are cases of an agency doing something right but not documenting it, or of a tracking system that was working at 10 clients and stopped working at 25.

Compliance-related revenue loss at a 30-patient agency typically runs around $600 per month as a baseline — from credential-lapse recoupment risk, documentation gap denials on retrospective audit, and the time cost of reactive compliance work. That is the routine monthly drain, without a state citation or a serious audit finding. A single state citation with a corrective action plan adds non-recurring but significant cost — corrective action plans require documented responses, additional training, and follow-up verification visits. Citation categories with civil monetary penalties can add $1,000 to $10,000 per deficiency. A recoupment demand for visits delivered by a caregiver with a lapsed credential can be much larger, depending on the volume and period of the audit. The cost of proactive compliance management — building and maintaining the calendar — is consistently less than the cost of the events it prevents.

The most effective survey preparation is running your agency in a state of continuous readiness rather than scrambling before an announced inspection. Continuous readiness means all caregiver personnel files are complete and credentials are current; all client records have current care plans and supervisory visit records; your EVV exception queue is cleared; your policies-and-procedures manual is current and reflects actual practice; all required training is documented; and your insurance, license, and MCO credentials are all current. If you would not be comfortable with a surveyor walking in unannounced today, identify the specific gaps now. The most common finding at agencies receiving corrective action plans is not that they were doing something wrong — it is that they were doing something right but not documenting it consistently.

See What Compliance Management Looks Like When It Runs on a System, Not on Memory

CareBravo tracks credential expirations, care plan review dates, supervisory visit schedules, and authorization renewals as connected operational functions — so the alerts come before the deficiencies, not after. A demo shows you what that looks like for an agency your size.

Book a Demo
How to track caregiver credentials → What is EVV → Nurse documentation function → Results across 100+ agencies →