FCR handles protected health information for vulnerable children and families. We treat that responsibility as the foundation of the product, not an afterthought.
HIPAA compliance is not a single feature — it's a combination of technical safeguards, access controls, and operational practices. FCR is built with these requirements as design constraints from the ground up, and we enter into a Business Associate Agreement with every agency, as required when a vendor handles PHI on a covered entity's behalf.
Access to client data within an agency is governed by role. Caseworkers, supervisors, and practice managers each see what their role requires. Sensitive billing identifiers are restricted, and clinical documents follow defined approval and immutability rules once finalized — so the record reflects what actually happened and when.
Your agency's data is yours. FCR never transmits documentation or billing to DCS on your behalf — you generate, review, and submit KidTraks files yourself. We act as the system of record and the tooling around your work, not an intermediary that moves your data without your action.
FCR is designed around Indiana DCS requirements, including the confidentiality obligations that apply to child-welfare records under Indiana law. Our handling of consent, release, and record retention is built to support those obligations rather than work against them.
Working with an IT or compliance reviewer? We're glad to provide our security documentation and walk through specifics. Reach out at info@myfcr.org.