Substance-use records carry federal protections that general-purpose software was never built for. SoberLab enforces 42 CFR Part 2 in the data model — consent-gated, role-segmented, fully audited.
Every disclosure traces to a signed, current consent — with a defined scope, purpose, and expiry.
Housing sees housing. Clinical sees clinical. Roles draw the lines automatically, not by honor system.
Who saw what, when, and under which consent — answerable in seconds, exportable on demand.
Scope, purpose, and recipient captured at intake.
Disclosures allowed strictly within its scope.
Staff warned before it lapses — renew or let close.
Every disclosure it authorized closes automatically.
Every access and every disclosure is logged with the user, the time, the scope, and the consent it relied on. Nothing is off the record — including attempts that were blocked.
It's the federal rule protecting substance-use treatment records, stricter than HIPAA on disclosure. SoberLab enforces it structurally, so compliance isn't left to staff memory.
Each organization's data is isolated at the platform level. Users authenticate with SSO and MFA, and no role can cross an organization boundary.
Yes. The access log is queryable and exportable — filter by resident, user, or date range to answer a disclosure question or hand over a review packet.
Fully. The agent inherits the user's role and the resident's consents, and it cannot make a disclosure the person couldn't make themselves. Blocked attempts are logged.
We'll walk your compliance lead through consent enforcement and the audit trail — the parts a survey actually tests.