> ## Documentation Index
> Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Trust & Compliance

> How Encore OS approaches HIPAA, SOC 2 Type II, and 42 CFR Part 2 — regulatory posture, module compliance trackers, ONC certification, and audit evidence.

Encore OS is built for regulated behavioral-health operations. Every module, integration, and audit trail is designed against three frameworks from day one:

<CardGroup cols={3}>
  <Card title="HIPAA Security Rule" icon="shield-halved">
    Administrative, physical, and technical safeguards for ePHI across every workflow.
  </Card>

  <Card title="SOC 2 Type II" icon="file-shield">
    Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy.
  </Card>

  <Card title="42 CFR Part 2" icon="user-shield">
    Heightened protections for substance use disorder records, with application-level consent and SUD tagging built in.
  </Card>
</CardGroup>

## Start here

<CardGroup cols={2}>
  <Card title="Regulatory compliance tracker" icon="list-check" href="/compliance/REGULATORY_COMPLIANCE_TRACKER">
    Platform-wide regulatory compliance status across all applicable frameworks.
  </Card>

  <Card title="PHI classification" icon="user-lock" href="/compliance/PHI_CLASSIFICATION">
    How protected health information is classified, tagged, and handled.
  </Card>

  <Card title="SUD data segmentation" icon="user-shield" href="/compliance/sud-data-segmentation">
    Part 2 consent gating and DS4P labeling for substance use disorder records.
  </Card>

  <Card title="Authoritative references" icon="book" href="/compliance/AUTHORITATIVE_REFERENCES">
    The external regulatory sources our compliance documentation is grounded in.
  </Card>
</CardGroup>

## Module compliance trackers

Per-module trackers map each domain's regulatory obligations to implementation status:

<CardGroup cols={2}>
  <Card title="Workforce & HR" icon="users" href="/compliance/HR_WORKFORCE_COMPLIANCE_TRACKING">
    FLSA, FMLA, ERISA, COBRA, ACA, I-9, OSHA, EEOC, and credentialing.
  </Card>

  <Card title="Finance & Revenue" icon="dollar-sign" href="/compliance/FA_FINANCIAL_COMPLIANCE_TRACKING">
    IRS, GAAP/FASB, grant/OMB requirements, and internal controls.
  </Card>

  <Card title="Recovery Housing" icon="house" href="/compliance/RH_RECOVERY_HOUSING_COMPLIANCE_TRACKING">
    DHS licensure, NARR standards, Fair Housing, fire safety, and zoning.
  </Card>

  <Card title="Governance & Risk" icon="scale-balanced" href="/compliance/GR_GOVERNANCE_COMPLIANCE_TRACKING">
    CARF, Joint Commission, HEDIS, NOMs, incident reporting, and nonprofit governance.
  </Card>

  <Card title="IT Security" icon="lock" href="/compliance/IT_SECURITY_COMPLIANCE_TRACKING">
    HIPAA Security Rule, HITECH, NIST CSF, CIS Controls, and breach notification.
  </Card>

  <Card title="Communications" icon="phone" href="/compliance/CE_COMMUNICATIONS_COMPLIANCE_TRACKING">
    CAN-SPAM, TCPA, call recording, and telemarketing rules.
  </Card>

  <Card title="Background checks & SMS" icon="magnifying-glass" href="/compliance/FCRA_TCPA_COMPLIANCE_TRACKING">
    FCRA background-check and TCPA messaging compliance.
  </Card>
</CardGroup>

## ONC certification

<CardGroup cols={3}>
  <Card title="Certification roadmap" icon="road" href="/compliance/ONC_CERTIFICATION_ROADMAP">
    The path to ONC Health IT certification.
  </Card>

  <Card title="Gap matrix" icon="table-cells" href="/compliance/ONC_CERTIFICATION_GAP_MATRIX">
    Current criteria gaps and their status.
  </Card>

  <Card title="Readiness plan" icon="clipboard-check" href="/compliance/ONC_REGULATORY_READINESS_IMPLEMENTATION_PLAN">
    Implementation plan for regulatory readiness.
  </Card>
</CardGroup>

## Audit evidence

Per-feature [compliance evidence packages](/compliance/evidence/index) tie specific implementations to specific regulatory requirements; they are used during audits and accreditation surveys.

<Note>
  For day-to-day governance operations — policy library, accreditation cycles, audits, risk register, and training — see the [Governance & Compliance module](/gr/overview).
</Note>
