Skip to main content
Menu
How It WorksFor ProvidersFor CaregiversFor FamiliesResourcesPricing
Sign In
Get Started Free
HIPAA BAA Compliant

Compliance & Safety

ShiftCura is built for healthcare. Every caregiver is credential-verified and background-screened. Every payment is escrowed. Every shift is tracked.

HIPAA BAA Compliant

Signed Business Associate Agreement with AWS. All data encrypted at rest (AES-256) and in transit (TLS 1.2+).

Level 2 Background Screening

Every caregiver undergoes FDLE + FBI fingerprint-based screening through Florida's Care Provider Background Screening Clearinghouse.

Credential Verification

Licenses, certifications, and CPR/BLS verified before caregivers can accept shifts. Automated expiry tracking with renewal alerts.

Payment Escrow

Funds held securely until shift completion is confirmed. Providers and caregivers are both protected.

Credential Requirements by Role

Florida-compliant requirements enforced for every caregiver on the platform.

RoleLicense / CertificationLevel 2 BGBLS/CPR
Registered Nurse (RN)Florida RN License
Licensed Practical Nurse (LPN)Florida LPN License
Certified Nursing Assistant (CNA)CNA Certification
Home Health Aide (HHA)HHA Certificate
Occupational Therapist (OT)Florida OT License
Physical Therapist (PT)Florida PT License
Medical AssistantCMA/RMA Certification
Direct Support Professional (DSP)Zero Tolerance + Core Competency + HIPAA
Direct Care Worker (DCW)Zero Tolerance + Core Competency + HIPAA
Companion

* BLS/CPR is a ShiftCura platform requirement for clinical roles. Florida does not mandate CPR certification for RN/LPN licensure, but most healthcare employers require it. HHA certificates are employer-maintained per AHCA — Florida does not issue a state HHA license.

Platform Safety Systems

Automated enforcement and monitoring keep shifts staffed and caregivers accountable.

3-Strike No-Show Policy

Automated no-show detection with graduated enforcement. 90-day strike decay rewards consistent reliability.

Shift Confirmation Cascade

Automated reminders at 36, 24, 12, 8, and 4 hours before shift. Unconfirmed shifts auto-reopen for replacement.

Geofenced Clock-In

Location-verified check-in within 0.5 miles of shift location. On-site and off-site status tracked.

OIG Exclusion Screening

Monthly automated screening against the federal Office of Inspector General exclusion list. NPI matches trigger immediate suspension.

Review Gate

Poor worker-provider matches are automatically flagged. Negative history requires provider approval before shift acceptance.

Session Security

Automatic logout after 1 hour of inactivity. JWT sessions with secure, httpOnly cookies. Role-based access control on every action.

Infrastructure

Enterprise-grade hosting with HIPAA-eligible services.

Database

AWS RDS PostgreSQL

BAA Signed

File Storage

AWS S3

BAA Signed

Payments

Stripe

PCI DSS

Monitoring

Sentry

SOC 2

Payment Escrow Flow

1
Shift PostedUnpaid
2
Caregiver AcceptsFunds Held
3
Shift Completed & ConfirmedFunds Released to Caregiver
4
Shift CancelledFunds Refunded to Provider
5
Shift DisputedFunds Held Pending Admin Resolution

Regulatory References

HIPAA Privacy Rule — 45 CFR Part 164HIPAA Security Rule — 45 CFR Part 164FL Level 2 Background Screening — §435.04 F.S.AHCA Home Health Licensing — §400.462 F.S.OIG Exclusion — Sections 1128 & 1156, SSA

Questions? Contact compliance@shiftcura.com