Harmony Care Connect
HIPAA-ready by design

The practice platform for Harmony Care Connect.

Harmony brings scheduling, clinical documentation, data collection, billing, and the family portal into one calm, secure workspace — built for our BCBAs, RBTs, admins, and families.

The first account created becomes the clinic administrator. Invite your team from there.

Today · Caseload12 clients
M. Álvarez
Tacts — animals
92%
J. Patel
Manding for break
68%
R. Chen
Independent play
41%
S. Okoye
Toilet training
77%

One platform. Every part of care.

Scheduling, clinical documentation, data collection, billing, and the family portal — all in one coherent workflow.

Client & caregiver records

Learner demographics, diagnosis, insurance, guardians, and consents — with role-based access.

Treatment plans & goals

Author plans, define mastery criteria, track goal status through baseline → mastery → maintenance.

Session notes & co-sign

SOAP-style notes with RBT submit → BCBA co-sign, locked once signed, PDF export ready.

Scheduling (Phase 2)

Recurring appointments, conflict detection, check-in/out with timestamped location.

Data collection (Phase 3)

DTT, task analysis, ABC, duration — tap-to-collect with automatic graphing and phase lines.

Encrypted documents

Assessments, IEPs, consents in a private storage bucket — access strictly by client assignment.

Built for every seat in the clinic.

BCBA

Author treatment plans, review data, co-sign notes, run caseload reviews.

RBT

See today's sessions, collect data in-session, submit notes for co-sign.

Admin

Intake, scheduling, authorizations, billing, and full audit visibility.

Parent

Follow progress, review notes, sign consents, message the care team.

Compliance foundations

HIPAA-ready patterns baked in.

Harmony Care Connect is engineered from day one for handling protected health information — strict access control, encrypted storage, and a tamper-evident audit trail.

  • Row-level security on every PHI table
  • Role-based access: admin, BCBA, RBT, parent
  • Encrypted private document storage
  • Immutable audit log of PHI access & changes
  • Leaked-password (HIBP) protection enabled
  • No PHI in URLs, logs, or error reports
  • Session auto-expiry & re-authentication
  • Signed BAA required with hosting before go-live