Building the Medicaid Compliance, Billing, and Agency Operations Platform That Consolidates 17 Fragmented Tools Into One SaaS for a US Disability and Home Health Franchise

A US Medicaid-funded care franchise needed one platform to replace 17 fragmented tools across disability, home health, and behavioral health agencies. Ideas2IT built a 22-module multi-tenant SaaS platform with HIPAA compliance, automated Medicaid billing, and franchise-scale architecture built in from the ground up.

Client

Major US Health Provider

Industry

Healthcare

Service

Artificial Intelligence

App Development

Location

Idaho, USA

Stack

AWS · Java/Spring Boot · React · PostgreSQL

01 Challenge

The client managed care delivery, DSP scheduling, Medicaid billing, and compliance documentation across 17 fragmented tools. Billing was manual and error-prone, the Daily Service Log was produced after the fact with no verified audit trail, and the franchise had no infrastructure to onboard new agencies at scale without replicating the same disconnected setup.

02 Solution

Ideas2IT built a tenant-aware PostgreSQL core with RLS and KMS encryption as the compliance spine, then layered 22 modules across three phases. The operational engine converts care delivery into immutable service evidence: GPS-gated clock-in triggers a structured shift chain, and clock-out auto-generates the Daily Service Log, feeding three-way Schedule-Timecard-DSL validation before billing export.

03 Outcome

22 modules replacing 17 fragmented tools, with HIPAA compliance, RBAC, audit trails, and tenant isolation embedded from the ground up across a franchise-scale multi-tenant SaaS platform.

Phase 01

Establishing the compliance and agency foundation every module runs on

Foundation and compliance architecture: tenant-aware platform core, HIPAA controls, and agency configuration layer

The first architectural decision set the constraint for everything that followed: tenant data had to be isolated at the schema level and encrypted at rest before any module could run on top.

Ideas2IT built PostgreSQL with tenant-aware schemas, RLS policies, and KMS encryption as the data layer, deployed on AWS EKS behind CloudFront and WAF, with Amazon Cognito handling MFA and role federation. On that foundation, the agency configuration layer established the compliance operating model: HIPAA controls, RBAC role gates, state document matrices, and audit trails baked in from the start.

Participant profiles, clinical plans, employee onboarding, and service authorization tracking completed the first usable agency instance.

This phase produced

  • Tenant-aware PostgreSQL schema with RLS and KMS encryption
  • Primary operational data store with row-level tenant isolation AWS EKS deployment with CloudFront, WAF, and Cognito
  • Multi-tenant agency setup with positions, shift templates, and GPS rules Participant management module
  • Clinical profiles, diagnoses, guardians, BSPs, and client group assignment Employee management module
  • Onboarding, credentialing, availability, and client group assignment Service authorization tracking

Phase 02

Converting care delivery into verified, billing-ready service evidence

Daily operations engine: GPS-gated shift execution, auto-generated Daily Service Logs, and immutable care records

The operational design decision in this phase was architectural, not workflow: the Daily Service Log had to be a consequence of shift execution, not a separate documentation task.

Ideas2IT built the shift execution engine as a continuous chain from schedule through clock-out. GPS validation gates clock-in and enforces compliance before a shift starts. Tasks, routines, ADL/IADL charting, MAR entries, behavior tracking, and incident flags run as structured in-shift events.

Clock-out is coverage-gated with OT detection and payroll period validation. At clock-out, the platform auto-generates the DSL from all recorded shift events, producing an immutable per-client record. Scheduling runs with ratio enforcement and coverage rules. The communication layer routes shift alerts, escalations, and notifications via SQS, SNS, and Twilio throughout.

This phase produced:

  • GPS-validated clock-in with compliance gate
  • Location-enforced shift start with pre-shift compliance check Scheduling and workforce management module
  • Structured in-shift event capture with attestations Medication administration record and behavior tracking module
  • Critical, injury, and medication-error workflows with follow-up routing Auto-generated Daily Service Log
  • Immutable per-client DSL produced at clock-out from in-shift events Communication and notifications layer
  •  SMS, email, push alerts, and shift escalations via SQS, SNS, and Twilio

Phase 03

Connecting operations to Medicaid revenue, payroll, and franchise-wide visibility

Revenue and franchise scale: Medicaid billing automation, payroll sync, and multi-agency oversight layer

The third phase connected the operational record chain to revenue and governance. Authorization and billing readiness ran utilization tracking and pre-bill validation before exporting EDI 837 claims to Medicaid.

Payroll operations pulled from the immutable timecard and DSL records, producing approved-hour exports to Paylocity and ADP with cost-center allocation. The QA and audit readiness layer ran DSL gap detection and overlap checks across all agency records, generating survey-ready defensibility scores.

The franchise oversight layer provided platform-wide visibility across all tenant agencies. Reporting and analytics surfaced real-time operational dashboards. The integration layer connected Therap, QuickBooks, and calendar systems via API connectors and EventBridge.

This phase produced:

  • Authorization, utilization tracking, and pre-bill validation engine
  • Auth tracking, unit consumption checks, and pre-billing validation before EDI export EDI 837 claims export and Medicaid billing integration
  • Claims routing to Medicaid and state clearinghouse systems Payroll operations module
  • Platform-wide multi-agency visibility across clients, staff, compliance, and finances Reporting, analytics, and real-time dashboards
  • Operational and analytical views for agency and franchise leadership External integrations
  • Quality review, anomaly detection, and predictive workflows (advanced phase)

The Outcome

A 22-module Medicaid operations platform built to replace 17 fragmented tools and automate billing across a US care franchise.

Category Metric Description
Platform scope 22 modules built Across agency setup, care delivery, billing readiness, payroll, reporting, and integrations.
Tool consolidation 17 fragmented tools replaced Single platform replacing disconnected agency operations stack.
Billing automation Three-way validation model Schedule, Timecard, and Daily Service Log cross-validated before billing export.
Documentation Automated DSL generation Daily Service Log produced at clock-out from in-shift events, immutable record.
Compliance HIPAA standard Tenant isolation, RBAC, KMS encryption, and audit trails across all platform layers.
Data architecture Multi-tenant RLS model PostgreSQL with row-level security and tenant-aware schema throughout.
Integrations 5+ external systems Medicaid/State CH, Paylocity/ADP, Twilio, Therap, and QuickBooks.
Timeline 9 months delivery Discovery through production readiness across three phases.

The platform was built around one constraint: every operational event had to become verifiable service evidence automatically, without adding burden to the DSP. Tenant isolation at the schema level, GPS-gated shift execution, and the auto-generated DSL as an immutable clock-out record were not features added to an existing workflow. They were the architectural spine that billing, payroll, audit, and franchise oversight were built on top of.