SynoraCare

Back To Console

HIPAA Compliance Program

This page describes how SynoraCare is designed to support HIPAA-aligned operations for disability care providers and DSP teams. This content is informational and does not constitute legal advice.

On This Page
Disclaimer Definitions Shared Responsibility Safeguards Business Associate Agreements Customer Responsibilities Incident Response

Disclaimer

SynoraCare provides tooling intended to help organizations operationalize care plans and reduce avoidable workflow mistakes. HIPAA compliance is a shared responsibility between SynoraCare and each customer organization. Customers are responsible for independently evaluating legal and regulatory obligations.

Definitions

Protected Health Information (PHI) means individually identifiable health information handled by covered entities and business associates. In SynoraCare, PHI can include client care instructions, medication schedules, behavior plans, and related support documentation.

Shared Responsibility Model

SynoraCare is responsible for building and operating secure application controls. Customer organizations are responsible for user governance, workforce training, role assignment, document quality, and lawful use of the platform.

The platform is designed so users can only access data based on assigned roles and client-level permissions.

Administrative, Technical, And Physical Safeguards

Administrative: Role-based access controls, account lifecycle management, and mandatory escalation guidance where sources are missing.

Technical: Authenticated API access, audit logging for uploads/questions/escalations, citation-grounded answer behavior, and tenant data boundaries.

Physical: Infrastructure-level controls are inherited from cloud and hosting providers selected by the customer deployment.

Business Associate Agreement (BAA)

SynoraCare can be operated under a BAA where required. The BAA should define permitted uses/disclosures, breach notification obligations, subcontractor requirements, and PHI handling expectations.

Customer Responsibilities

Organizations must: maintain least-privilege access, verify care-plan accuracy, train DSP users, review audit logs, and implement incident escalation protocols.

SynoraCare is an assistive workflow tool and does not replace clinical judgment or supervisory oversight.

Security Incident And Breach Response

SynoraCare supports event tracing through audit logs. Customers should maintain internal breach response procedures, designate points of contact, and retain records required by applicable law and contract.