§71119 · Effective Jan 1, 2027

Compliance infrastructure
for the new Medicaid.

Built for H.R. 1, Section 71119, the federal community engagement requirement that takes effect January 1, 2027. Civitas Compliance verifies, records, and reports the participation hours that Medicaid beneficiaries are now required to document to maintain their coverage.

Four architectural commitments shape the platform: litigation-grade, purpose-built, beneficiary-first, and statute-aligned. Each is written into the database schema and the route layer, not the policy manual.

Schedule a briefing Read the approach →
Volume
Vol. I · MMXXVI
Status
Available · open for state engagement
Cadence
80 hours · per beneficiary · per month
Domain
Medicaid community engagement

Litigation-grade

Append-only ledgers, deterministic replay, fail-closed audit. The architectural choice is the litigation-defense choice.

Purpose-built

Designed from first principles for H.R. 1 §71119. Not a retrofit. Not a sidecar to a legacy system.

Beneficiary-first

CivicPath is the only polished beneficiary mobile application in the category. The wedge.

Statute-aligned

All 9 federal exemption categories. 30-day cure-period procedure. Audit-ready records by default.

01 · Beneficiary surface

Where the beneficiary meets the requirement.

The component of Civitas Compliance that beneficiaries actually touch is CivicPath. It is a state-branded mobile application that puts beneficiaries in direct control of their participation tracking.

Every other stakeholder in the ecosystem (state agencies, health plans, employers, community partners) generates outcomes through the beneficiary. A platform that solves for the beneficiary first solves for everyone else by extension.

CivicPath launches on iOS and Android. Every interaction is a write to the underlying Civitas Compliance platform: the system of record that states, health plans, employers, and auditors all rely on.

Read the full CivicPath capabilities at /civicpath. Read the champion's framing at /champions.

  • i.
    Geofenced check-in GPS-verified mobile check-in. Every hour timestamped, geolocated, and written to an append-only ledger that cannot be altered.
  • ii.
    15-language depth Onboarding, dashboards, exemption forms, and in-app guidance ship in 15 languages from day one.
  • iii.
    Offline mode Hours captured offline sync to the ledger when connectivity returns. Designed for rural, transit, and low-signal contexts.
  • iv.
    Community partner matching In-app discovery of approved faith-based and community-based organizations. Hours matched to verified partners.
  • v.
    Accessibility-first WCAG 2.1 AA across every screen. Screen-reader fluent. Designed for the audience the legacy systems forgot.

02 · Multi-stakeholder workflow

One hour, four surfaces, one record.

Patricia volunteers at a community organization in New Orleans. Here is how a single hour of approved community engagement moves through Civitas Compliance, from the moment she checks in to the moment a state auditor produces the record three years later in court.

  1. 01 Patricia (beneficiary)

    She checks in via CivicPath.

    GPS confirms her location at the community organization. The hour is timestamped and written to the participation ledger. The dashboard updates in real time.

    CivicPath mobile
  2. 02 Community partner (attestation)

    The organization attests to her hours.

    The volunteer coordinator confirms attendance through the partner attestation portal. The verification flows directly into Patricia’s compliance record.

    Civitas attestation portal
  3. 03 Her health plan (oversight)

    The health plan sees the participation rate update.

    The plan’s real-time dashboard reflects compliance across the member population. Tenant-isolated. Per-member-per-month billing reflects performance metrics.

    Civitas health plan console
  4. 04 The state (audit)

    The audit trail holds up in court.

    Append-only ledger. Deterministic replayability. Every hour, every verification, and every decision is defensible under challenge for the legal life of the record.

    Civitas state console

Read the full workflow on /approach →

03 · For each stakeholder

A platform is only as useful as it is to the people who use it.

i.

State Medicaid agencies

Litigation-grade audit posture. 30-day cure period management. Complete CMS / HHS reporting. The deterministic compliance engine.

For procurement
ii.

Managed Care Organizations

Tenant-isolated dashboards. Per-member-per-month billing with performance metrics. Real-time participation rates across member populations.

For health plans
iii.

Employers and partners

Employer attestation. Provider exemption verification. The faith-based and community-based organization matching marketplace.

For partner organizations
iv.

Beneficiaries

The CivicPath mobile application. GPS-verified check-in. Multi-language. The promise: do the work, log the hours, keep your coverage.

For the people who must comply
04 · Why purpose-built matters

Five architectural guarantees, enforced in code.

Civitas Compliance was not adapted from an electronic health record, a benefits platform, or a case management tool. It was purpose-built. The five guarantees below are written into the database schema and the route layer, not the policy manual.

  1. 01
    Nothing is ever deleted.

    Append-only decision ledgers. No compliance record can be altered after the fact. The platform’s litigation shield, written into the database, not the manual.

  2. 02
    Every decision is reproducible.

    Deterministic replayability. The same inputs against the same rule version produce the same outcome. Auditors can replay any historical determination years later.

  3. 03
    The platform fails safe.

    Fail-closed audit. If authentication fails, access is blocked. If an audit log write fails, the operation rolls back. Nothing proceeds silently. Nothing is ever lost.

  4. 04
    Viewing and changing are separate.

    View / mutation separation. A beneficiary’s compliance record cannot be altered as a side effect of someone viewing it. Silent state changes are architecturally impossible.

  5. 05
    Only defined actions exist.

    Closed-set actions. No ad-hoc values. No undefined states. No ambiguity. The platform operates on the actions and statuses the statute permits. What can happen is what the statute documents.

05 · Positioning

What Civitas Compliance is. What it is not.

The architectural choice is the litigation-defense choice. Both halves matter.

What Civitas IS

Purpose-built compliance verification, designed as a sidecar.

Civitas is purpose-built compliance verification SaaS. It was designed from first principles for H.R. 1 §71119 and is intended to operate alongside existing state Medicaid Management Information Systems. It is a sidecar, not a replacement.

The wedge is the beneficiary-first surface: CivicPath the consumer mobile, Civitas Compliance the system of record that states, health plans, employers, and auditors all rely on.

What Civitas IS NOT

Not an eligibility system. Not generic case management. Not a retrofit.

Civitas does not make eligibility determinations. It does not approve or deny coverage. It does not replace LaMEDS, Maximus, Conduent, Gainwell, or any other state eligibility platform. The state agency and its contracted health plans continue to make every coverage decision they make today.

It is not a generic case management tool, and it is not a retrofit of a legacy referral platform. Open-source sidecars and extended social-care platforms are emerging in the H.R. 1 space. They are different bets, with whatever audit posture their underlying legacy system provides.

  • H.R. 1 §71119 Federal mandate
  • HIPAA Technical safeguards
  • NIST IAL2 Identity assurance level
  • AES-256-GCM At-rest encryption
  • WebAuthn FIDO2 Passkey authentication
  • AWS BAA via AWS Artifact
  • WCAG 2.1 AA Accessibility standard

06 · Talk to us

Ready to see Civitas Compliance?

Schedule a briefing