Security & HIPAA at Vali

Vali is HIPAA-compliant, signs a Business Associate Agreement (BAA) with every home care agency customer, and protects protected health information (PHI) with encryption, role-based access controls, and audit logging.

HIPAA compliance and BAAs

Vali operates as a HIPAA business associate to the home care agencies we serve. We sign a BAA with every customer as part of standard onboarding — no extra cost and no negotiation required for the standard terms. The BAA covers permitted uses of PHI for scheduling and caregiver coordination, safeguards, breach notification obligations and timelines, subprocessor flow-down requirements, and data return or destruction at contract end.

Read more on our BAA page.

Security controls

• Encryption in transit and at rest

• Role-based access controls and least-privilege permissions

• Audit logging of access to PHI

• Built-in human oversight — ambiguous cases escalate to people who understand home care operations

How Vali handles data

Vali uses PHI only to deliver scheduling and caregiver coordination for your agency — filling open shifts, running caregiver outreach by text and voice, and providing after-hours coverage on WellSky or CareSmartz360. Data is returned or destroyed at contract end under the BAA.

SOC 2 status

Vali does not claim SOC 2 certification today. We are HIPAA-compliant, sign BAAs, and document our controls on this page and in security questionnaires. Ask during diligence for the current SOC 2 roadmap and any interim audit artifacts.

Subprocessors

Vali uses a small set of vetted infrastructure subprocessors, each bound by flow-down obligations under our BAA. A current subprocessor list is available on request during diligence.

Security questionnaires and contact

We complete security questionnaires as part of diligence. Request our security documentation during your demo, or contact us.

Book a demo