Why VisitLock

Keep your stack. Add the camera.

VisitLock isn't a replacement for your EHR, your practice management software, or your EVV vendor. It's the identity layer on top of all of them — Axxess, HCHB, WellSky, HHAeXchange, Sandata, AlayaCare, AxisCare, KanTime, Tellus, Therap, MatrixCare, in-house systems. We get the same question on every demo: "Why pay for this when EVV is bundled?" Here's the honest answer — three reasons, no marketing math.

Book a Demo See the stack
A glass-block sculpture etched with the words DOOR, LOCK, CAMERA — the three layers of visit verification
The three-layer stack

Door. Lock. Camera.

Think of it like physical security. Your EHR or practice management system is the door — scheduling, billing, charting, claims. EVV is the lock — federally mandated since the 21st Century Cures Act of 2016. VisitLock is the camera and the ID check at the door — biometric proof of who actually showed up. Whatever runs Layer 1 and Layer 2 in your agency, we sit on top.

Layer 1

EHR / Practice Mgmt

"The door."

Scheduling, charting, billing, claims submission. The operational backbone every agency runs on. Whatever you use today, keep using it.

$500 to $25K / month
Axxess · HCHB · WellSky · MatrixCare · AlayaCare · AxisCare · KanTime · Therap · in-house
Layer 2

EVV Compliance

"The lock."

GPS clock-in/out for state Medicaid mandates. Confirms a phone was near an address. Federally required since 2016.

Bundled or $50 to $200 / aide / month
HHAeXchange · Sandata · Tellus · in-EHR EVV modules · state aggregators
Layer 3

Identity & Integrity

"The camera + ID check."

Biometric proof of who arrived. The only layer that verifies the right person, not just the right phone.

$299 / $499 / Enterprise
VisitLock — no real competitor
The honest framing

The pitch isn't "switch your EHR." It's your existing system + VisitLock = audit-proof.

No procurement battle. No data migration. No retraining your back-office staff. We sit on top of whatever EHR and EVV you run today, pull visit exports via API or CSV, and bind a biometric check to every visit. Same buyer your existing vendors sell to — sold for the opposite fear.

Reason 01

Your EVV verifies a phone. VisitLock verifies a person.

Every major EVV product on the market — bundled inside an EHR or sold standalone — checks GPS at a roughly 50-meter radius and stops there. There is no biometric identity check inside that radius. Anyone with the aide's login credentials, a family member holding the aide's phone, or a fraudster running a $5 GPS spoofing app passes cleanly.

When a UPIC investigator opens your file and asks "prove this aide was actually there" — your current system hands you a GPS dot. VisitLock hands you a face match with a tamper-proof timestamp. That's the entire difference between a documentation defense that works and one that collapses.

Biometrics are the only countermeasure that travels with the person, not the device.

50m
The standard GPS radius EVV products accept as "verified" — per published vendor documentation. No identity check inside that radius.
Reason 02

Every EVV product runs the same architecture fraudsters have already defeated.

There are publicly available guides — one specifically targeting EVV systems, live since 2019 — that teach anyone how to defeat GPS-only EVV using a free remote-control install or a $5 GPS spoofing app. Step-by-step. Anyone with a $100 Android phone can do it in five minutes. The technique works against every name-brand EVV vendor because they all share the same GPS-only architecture.

New York State paid $14.5 billion for personal care services with no matching EVV record. That's not a "missing EVV" problem — those are agencies with EVV who got beat by the architecture. NY State paid another $11.6 million for visits under 8 minutes that were physically impossible.

Your EHR can't fix this because GPS-only is the entire EVV product category — that's how every vendor in the space ships. VisitLock is the only system that closes the gap. Biometrics are the only thing that can't be spoofed remotely.

$14.5B
NY Medicaid personal care services paid 2024 with no matching EVV record. Per the NY State Comptroller audit. After EVV was federally mandated.
Reason 03

Your EHR sells productivity. VisitLock sells protection.

Every EHR and practice management vendor pitches the same thing — "run your agency more efficiently." That's valuable, but it doesn't help you on the day a UPIC letter arrives. The June 2025 DOJ National Health Care Fraud Takedown blocked $4 billion in payments using 42 CFR 405.371 alone — no court order, no notice, no appeal.

FCA penalties run $13,508 to $27,018 per false claim plus treble damages. A single fraudulent aide on a single patient over two years generates 100+ false claims and multi-million-dollar exposure. The OIG has documented cases where cooperative agencies fired the bad actor and still had to repay.

VisitLock's biometric proof is the evidentiary shield that means CMS doesn't have grounds to suspect fraud in the first place. Our pricing — $299 to $499 per month — is rounding error compared to the smallest possible audit defense cost.

$4B
In Medicare payments blocked under 42 CFR 405.371 in the June 2025 DOJ Takedown alone. No court order required.
Side by side

What your current EVV does. What VisitLock adds on top.

Whether you're running Axxess, HCHB, WellSky, HHAeXchange, Sandata, AlayaCare, AxisCare, KanTime, Tellus, Therap, MatrixCare, or a state EVV aggregator — the gap is the same. Here's what's missing.

Capability Your current EVV VisitLock (Layer 3)
GPS clock-in / clock-out Yes — ~50m radius Yes — geofenced + anti-spoof
Biometric face match at visit No Yes — on-device, BIPA-safe
GPS spoofing detection No Yes — mock-location, dev-mode, emulator
Buddy-punch prevention Login-based — circumventable Face match — non-shareable
Identity rotation block No Yes — owner-approved re-enrollment
Travel-time anomaly detection Limited Yes — impossible-shift flagging
Cryptographic visit token No Yes — tamper-evident audit trail
1-click 90-day audit packet Manual export Yes — UPIC-ready
EHR / EVV integration Native to your stack CSV import day 1 · API months 6-12
Replaces your existing system? N/A No — sits on top of any EHR or EVV
Integration path

Three ways to plug in — none of them require your vendor's permission.

01
Day 1 — Standalone

Two apps on the aide phone. We don't touch your EHR.

The aide does their normal clock-in inside whatever EVV app you already use. They also open VisitLock for the biometric check. Both records exist independently. You see both in your VisitLock dashboard. No integration required, no migration, no procurement battle. Zero permission needed from your existing vendor.

02
Months 6 to 12 — CSV / API import

VisitLock pulls your EVV exports automatically.

Once you're past the trust threshold and ready to consolidate visibility, VisitLock imports visit data from your existing EVV via CSV or API. We support every major export format on the market today. We match every visit to its biometric counterpart by aide, timestamp, and address. Discrepancies surface as exceptions on a single dashboard.

03
Year 2+ — Deep API

Listed on your EHR's marketplace.

Once VisitLock has enough agency network presence, we list on the integration marketplaces of the major EHRs — Axxess, HCHB, WellSky, AlayaCare, and others — as the recommended identity layer. By that point, those vendors have the same incentive to integrate with us that they have with their other partners: their customers are asking for it.

Your stack + VisitLock = audit-proof.

Keep the EHR and EVV you've already trained your team on. Add the layer no other vendor in the category gives you.

Book a Demo
20-minute walkthrough · We'll show your existing system + VisitLock side by side
Sources

Axxess Help Center — Mobile EVV (representative vendor doc) · NY State Comptroller / Rivkin Radler · DOJ June 2025 Takedown via HHCN · 42 CFR § 405.371 · Wachler Associates — FCA 2025 · Published GPS spoofing guide · KFF — Medicaid Home Care Fraud