TOTP Tokens for Electronic Visit Verification (EVV): How They Work

Protectimus offers an Electronic Visit Verification (EVV) system that uses Time-Based One-Time Password (TOTP) generation algorithm for calculating the exact time of visits. The solution uses hardware TOTP tokens as EVV devices, providing a cost-effective and privacy-friendly alternative to traditional EVV methods like GPS tracking or video cameras.

In this article we’ll examine:

  • what is Electronic Visit Verification;
  • what EVV services are offered by the best-known players in the EVV market;
  • how Protectimus TOTP tokens work for EVV systems;
  • what are the advantages of using the Protectimus EVV solution;
  • what companies already use TOTP tokens for Electronic Visit Verification
  • how to integrate Protectimus EVV devices into your EVV system and use them most optimally.

What Is Electronic Visit Verification (EVV)

Electronic Visit Verification (EVV) is a system that verifies the exact time, place, and duration of visits made by home care workers to patients. The purpose of EVV is to ensure that the services provided to patients are authorized and that patients are getting the right care at the right time. With the EVV system, it is easier to track, manage and verify the visits made by care workers, making it an essential part of home care services.

What is Electronic Visit Verification

What Are the Most Common EVV Methods

Here are several methods of implementing an EVV system, including:

  • Mobile App-based EVV: This method involves using a mobile app that the provider can use to check-in and check-out at a client’s location. The app usually requires the provider to enter a unique code or use GPS to verify their location.
  • Web-based EVV: This method involves using a web-based portal for providers to log their arrival and departure times. The portal can be accessed from any device with internet access and requires a username and password for authentication.
  • Telephonic EVV: This method involves using a telephone system to verify the provider’s arrival and departure times. The provider dials a number and answers a series of questions to confirm their arrival and departure.
  • Biometric EVV: This method uses biometric identification technologies, such as fingerprints or facial recognition, to verify the identity of the caregiver and confirm their arrival and departure times.
  • Hardware token-based EVV: This method involves using a small device, known as an hardware TOTP token, that the provider or patient carries with them. The key-fob OTP token can be used to check-in and check-out at the client’s location and is usually connected to a system that verifies the provider’s arrival and departure times.

Each method of EVV has its advantages and disadvantages, and the best solution will depend on the needs and preferences of the patient and caregiver.

| Read also: TOTP Algorithm Explained

What Are the Best Known EVV Systems

There are several well-known players in the EVV market, offering various services and solutions. Some of the well-known players in the market are Vesta, HHAeXchange, Sandata EVV, Tellus EVV, and many others. These companies provide different EVV systems and services, but most of them rely on GPS tracking, video cameras, or other invasive methods to verify the visits, which can often lead to privacy concerns for the patients.

  • Vesta: Is a leading provider of EVV software and services. It offers a comprehensive solution for home care providers, including an easy-to-use EVV system and a secure portal for accessing and managing patient information. The EVV methods offered by Vesta include telephonic EVV, web-based EVV, and mobile EVV.
  • HHAeXchange: Is another prominent player in the EVV market. HHAeXchange offers a range of Electronic Visit Verification (EVV) methods to meet the specific needs of their clients. Some of the common EVV methods offered by HHAeXchange include mobile EVV, web-based EVV, and IVR (Interactive Voice Response) EVV.
  • Sandata EVV: Is a widely used solution in the home care industry. It offers a flexible and secure platform for electronic visit verification, as well as a range of tools for managing and tracking care services: a telephonic EVV system, a mobile app for caregivers, and a self-service web portal for agencies. 
  • Tellus EVV: Is a cutting-edge solution for the home care industry, offering real-time tracking of care services with the help of a mobile app.

These are just some of the well-known players in the EVV market. Each offers unique services and solutions designed to meet the needs of the home care industry and to ensure compliance with federal requirements for electronic visit verification.

What Are the Best Known EVV Systems for Home Care

How Protectimus Solution for Electronic Visit Verification Works

The Protectimus EVV solution is a privacy-focused and cost-effective method for EVV that uses Time-Based One-Time Password (TOTP) technology to generate temporary codes based on the actual time. 

The TOTP hardware token generates the one-time passcodes, which can be used to determine the exact time and duration of the visits. The TOTP hardware tokens are small, easy to use, and do not require any installation, internet connection, or electricity to work. This makes them a perfect EVV device, as they are less intrusive, secure, and more cost-effective than other EVV solutions in the market.

How Protectimus EVV Solution Works Step by Step

  1. The patient is given the TOTP hardware token, which generates one-time passcodes based on the actual time.
  2. The home care worker writes down the one-time codes from the TOTP token at the beginning and end of their visits.
  3. The EVV provider transfers the one-time codes to the Protectimus EVV system via API.
  4. Protectimus returns the exact time when every OTP code was generated. This time is used to verify the visits and ensure that the services provided are authorized and compliant with regulations.

What Are the Advantages of Using the Protectimus EVV Solution

There are several benefits to using the Protectimus EVV solution for your electronic visit verification needs:

  • Privacy: The use of TOTP tokens ensures that the privacy of patients is protected, as the EVV device does not require the use of cameras or GPS trackers.
  • Convenient: The hardware TOTP tokens are small and easy to use, making them convenient for both the homecare worker and the patient.
  • Cost-effective: Compared to other electronic visit verification methods like GPS tracking or video cameras, the use of TOTP hardware tokens is much more cost-effective.
  • Easy integration: Protectimus EVV solution can be easily integrated into your existing electronic visit verification system.
  • Accurate: The use of the TOTP algorithm ensures that the time of visits is accurately recorded, giving you peace of mind and ensuring compliance with regulations.

Hardware TOTP token for Electronic Visit Verification EVV Protectimus Two

Why We Recommend Using 8 Digit TOTP Tokens for EVV

Please, note! When you use TOTP tokens for Electronic Visit Verification the problem with the coinciding of one-time passwords may occur.

The problem with the EVV system lies in the use of 6-digit TOTP tokens. Over a long period, the numeric values of these one-time passwords will inevitably repeat. This can result in two one-time passwords generated at different times coinciding with each other, which can complicate the recognition of the exact time of OTP generation.

To reduce this problem, it is recommended to use 8-digit TOTP tokens with 60-second time steps for the Electronic Visit Verification. This increases the number of possible combinations and reduces the likelihood of two one-time passwords coinciding. This helps to ensure the accuracy and reliability of the EVV system and makes it easier to recognize the exact time of OTP generation and consequently visit.

Which Companies Are Already Using the Protectimus EVV Solution

Protectimus EVV solution is used by several companies that offer integrated enterprise-level software for home care and healthcare services. 

Companies including CareVoyant, Therap Services, Public Partnerships, CellTrak, DDReports, and other are already utilizing the Protectimus EVV solution to ensure compliance and improve the efficiency of their electronic visit verification processes. 

These companies offer cloud-based software and documentation solutions for home care agencies, developmental disabilities services, self-directed home care programs, and community-based care documentation. 

With Protectimus EVV solution, these companies can effectively track the arrivals and departures of their field staff and ensure compliance with the federal mandate for electronic visit verification (EVV). The implementation of Protectimus EVV solution helps to streamline their operations, improve accuracy, and enhance the overall quality of their services.

| Read also: Protectimus Customer Stories: 2FA for DXC Technology

How to Integrate Protectimus EVV With Your Electronic Visit Verification System

A step-by-step guide to integrating the Protectimus EVV solution with your Electronic Visit Verification System is available here:

You will need to follow these steps:

  1. Register with Protectimus Cloud Service or install the On-Premise Platform.
  2. Add tokens by logging into your account and going to the Tokens page. Select the Protectimus Two token and upload the file that will be sent to you after ordering the TOTP tokens.
  3. Use the Protectimus API to integrate it with your EVV system. The API follows REST principles and data is transmitted in either XML or JSON format. The Protectimus EVV API Method can be used to get the time when the one-time password was generated. Also a Postman Collection is available upon request from the support team.

Select the Protectimus Two token and upload the file that will be sent to you after ordering the TOTP tokens

Final Word

Protectimus EVV solution is a reliable and convenient way to meet the requirements of Electronic Visit Verification for homecare services. By using TOTP hardware tokens, the privacy of patients is protected and the process of recording visits is accurate and cost-effective. Integrating the Protectimus EVV solution into your existing system is straightforward and can help you provide your customers with a wider choice of electronic visit verification methods.

If you have any questions, please contact the Protectimus customer support service for assistance.

What Else to Read

Freepik images were used: 1, 2

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Author: Anna

If you have any questions about two-factor authentication and Protectimus products, ask Anna, and you will get an expert answer. She knows everything about one-time passwords, OTP tokens, 2FA applications, OATH algorithms, how two-factor authentication works, and what it protects against. Anna will explain the difference between TOTP, HOTP, and OCRA, help you choose a token for Azure MFA, and tell you how to set up two-factor authentication for Windows or Active Directory. Over the years with Protectimus, Anna has become an expert in cybersecurity and knows all about the Protectimus 2FA solution, so she will advise on any issue. Please, ask your questions in the comments.

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from Protectimus blog.

You have successfully subscribed!

Share This