Last updated: April 2026
HomeHealthSync is built from the ground up to support HIPAA compliance for home health therapy agencies managing PT, OT, and ST contractors. Here's how we protect your data and your patients.
HomeHealthSync operates as a Business Associate under HIPAA. We maintain a signed Business Associate Agreement with Google Firebase, our cloud infrastructure provider, ensuring that all data storage and processing meets HIPAA requirements.
All data stored on our platform is encrypted at rest using AES-256 encryption via Google Firebase. All data in transit is encrypted using TLS 1.2 or higher. This applies to all patient records, visit logs, billing data, and contractor information.
When invoices are emailed through HomeHealthSync, no Protected Health Information (PHI) is transmitted. Invoice emails contain only billing amounts, visit counts, and non-identifying data. Patient names and clinical details are never included in outbound emails.
HomeHealthSync uses role-based access control (RBAC). Agency administrators control what each user can see and do within the platform. Therapists only access their own patients and visits. All access is authenticated via secure login.
The platform maintains an audit log of key actions taken within each tenant account, allowing administrators to monitor access and changes to sensitive data.
HomeHealthSync is designed around the HIPAA minimum necessary standard — users only see the data they need to perform their role. Therapists cannot access other therapists' patient data or billing information.
While HomeHealthSync provides a HIPAA-compliant infrastructure, your agency is responsible for using the platform in a compliant manner — including managing user access, maintaining strong passwords, and ensuring staff are trained on HIPAA requirements.
For compliance-related questions or to request our BAA documentation, contact us at support@homehealthsync.com.