Skip to main content
Encore OS is built for regulated behavioral-health operations. Every module, integration, and audit trail is designed against three frameworks from day one:

HIPAA Security Rule

Administrative, physical, and technical safeguards for ePHI across every workflow.

SOC 2 Type II

Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy.

42 CFR Part 2

Heightened protections for substance use disorder records, with application-level consent and SUD tagging built in.

Start here

Regulatory compliance tracker

Platform-wide regulatory compliance status across all applicable frameworks.

PHI classification

How protected health information is classified, tagged, and handled.

SUD data segmentation

Part 2 consent gating and DS4P labeling for substance use disorder records.

Authoritative references

The external regulatory sources our compliance documentation is grounded in.

Module compliance trackers

Per-module trackers map each domain’s regulatory obligations to implementation status:

Workforce & HR

FLSA, FMLA, ERISA, COBRA, ACA, I-9, OSHA, EEOC, and credentialing.

Finance & Revenue

IRS, GAAP/FASB, grant/OMB requirements, and internal controls.

Recovery Housing

DHS licensure, NARR standards, Fair Housing, fire safety, and zoning.

Governance & Risk

CARF, Joint Commission, HEDIS, NOMs, incident reporting, and nonprofit governance.

IT Security

HIPAA Security Rule, HITECH, NIST CSF, CIS Controls, and breach notification.

Communications

CAN-SPAM, TCPA, call recording, and telemarketing rules.

Background checks & SMS

FCRA background-check and TCPA messaging compliance.

ONC certification

Certification roadmap

The path to ONC Health IT certification.

Gap matrix

Current criteria gaps and their status.

Readiness plan

Implementation plan for regulatory readiness.

Audit evidence

Per-feature compliance evidence packages tie specific implementations to specific regulatory requirements; they are used during audits and accreditation surveys.
For day-to-day governance operations — policy library, accreditation cycles, audits, risk register, and training — see the Governance & Compliance module.