You decide who sees what
Granular role-based access control built for how home care agencies actually work. Assign a role and the right permissions apply instantly — then fine-tune any of them. Schedulers run scheduling without seeing billing. Billers run claims without touching care plans. Caregivers see their own clients and nothing else. The owner keeps the money private and keeps the whole thing auditable.
What it is: granular role-based access control (RBAC) — a permission system that decides exactly what each person on your team can see and do.
What's included: smart role defaults out of the box, agency-level fine-tuning of any role, least-privilege "keep the money private" controls, a full audit trail, and pairing with white-label branding. On every plan.
Why it matters: staff should run scheduling and care without seeing billing, payroll, or revenue. Least privilege is the right default for HIPAA, for trust, and for protecting your numbers.
The role lineup
BridgeCare OS ships with roles grouped the way a home care agency is actually organized. Assign one and the permissions follow.
Care Delivery
Caregiver / Aide
Their own assigned clients, their own schedule, and the care plan and documentation for the visits they perform. No billing, no payroll, no other caregivers' clients.
Nurse (RN / LPN)
Clinical access to care plans, assessments, and visit documentation for the clients they oversee — plus supervisory visibility into the aides they direct.
Therapist
Care plans, goals, and visit notes for their therapy caseload. Clinical scope, scoped to their own clients.
Operations
Scheduler / Coordinator
Full scheduling, caregiver matching, and visit operations across the agency — with no view into billing, payroll, or revenue by default.
Care Manager / Supervisor
Operations plus full clinical and care-plan oversight for their team, and visibility into HR & compliance status for the staff they manage.
Agency Administrator
Broad operational, clinical, HR, compliance, and finance access to run the agency day to day — without the owner-only ability to rewrite the role matrix itself.
Finance & Admin
Biller / Coder
Full finance and claims access — invoices, Medicaid EDI, reconciliation — plus the compliance signals that gate a clean claim. No care-plan editing.
HR / Recruiter
Full HR & compliance access — applicant tracking, credentials, background checks, onboarding. No finance, no clinical care plans.
Compliance / QA
Full HR & compliance plus read access to clinical documentation for audit and quality review. No finance, no role-matrix control.
Owner & Portal
Owner / System Admin
Everything. Full access across operations, clinical, HR & compliance, finance, and admin — and the only role that can edit the role matrix and see all revenue.
Family / Client
The family portal only — their loved one's care plan, visit timeline, messages, and invoices. No access to agency operations of any kind.
The access matrix
A quick read on what each role can reach across the five capability groups. Every agency can change any of these — this is the smart default.
| Role | Operations | Clinical / Care Plans | HR & Compliance | Finance | Admin |
|---|---|---|---|---|---|
| Owner / System Admin | ● | ● | ● | ● | ● |
| Agency Administrator | ● | ● | ● | ● | ◐ |
| Scheduler / Coordinator | ● | ◐ | ○ | ○ | ○ |
| Care Manager / Supervisor | ● | ● | ◐ | ○ | ○ |
| Biller / Coder | ◐ | ○ | ◐ | ● | ○ |
| HR / Recruiter | ◐ | ○ | ● | ○ | ○ |
| Compliance / QA | ◐ | ◐ | ● | ○ | ○ |
| Caregiver / Aide | ◐ | ◐ | ○ | ○ | ○ |
| Family / Client | ○ | ○ | ○ | ○ | ○ |
Caregiver operations and clinical access is scoped to their own assigned clients. Family/Client access is the family portal only. The Agency Administrator does everything except edit the role matrix — that stays with the owner.
Why agencies run it this way
Smart defaults out of the box
You shouldn't have to design a permission scheme to hire your first scheduler. Assign a role and you're done — every BridgeCare OS role ships with a sensible default permission set built from how home care agencies actually divide work. New staff member, pick a role, they have exactly the right access on day one.
Fine-tune any role, any agency
Defaults are a starting point, not a cage. Each agency can adjust any role's permissions across all five capability groups. Want your Care Manager to see billing? Want your Biller locked out of care plans entirely? Want a custom variant for a multi-location lead? Change it. The permission model bends to your org chart.
Keep the money private
This is the one most agencies care about most. Your staff can run scheduling, coordinate care, and document visits without ever seeing what a client is billed, what a caregiver is paid, or what the agency earns. Billing, payroll, and revenue stay visible only to the roles that need them — Biller, Administrator, Owner. Everyone else does their job without the numbers in front of them.
Pairs with white-label
Roles & permissions is the "control" half of the story; white-label branding is the "brand" half. Together they let you run a platform that looks like you built it and behaves exactly how you want it — your name on the door, your rules about who sees what inside.
HIPAA-minded least privilege
Least privilege — every user gets exactly the access their job requires and nothing more — is a core HIPAA safeguard, not a nice-to-have. BridgeCare OS is built around it, alongside field-level AES-256 encryption and multi-factor login. See the full security model.
Full audit trail
Every permission change and every sensitive data access is recorded in an immutable audit trail — who changed what role, when, and what they could see. That's what turns "we have roles" into "we can prove who had access to what," which is the part auditors and payers actually ask about.
Frequently asked questions
Can I hide financials from my schedulers?
Yes — this is exactly what role-based access is for. The Scheduler/Coordinator role ships with no access to billing, payroll, or revenue by default. They run scheduling and the operational side of care without ever seeing what a client is billed, what a caregiver is paid, or what the agency makes. Keep the money private from anyone who doesn't need it.
Can I customize what each role can do?
Yes. Every role ships with a smart default so you can assign a role and be done — but each agency can fine-tune any role's permissions across operations, clinical/care plans, HR & compliance, finance, and admin. If your Care Manager should see billing, or your Biller shouldn't touch care plans, you change it. The owner controls the role matrix and every change is logged.
Do caregivers see other clients?
No. By default a Caregiver/Aide only sees their own assigned clients, their own schedule, and the documentation for the visits they perform. No other caregivers' clients, no billing, no payroll, no HR or admin data. Least privilege by design — a caregiver sees exactly what they need and nothing more.
What roles come built in?
Care Delivery (Caregiver/Aide, Nurse RN/LPN, Therapist), Operations (Scheduler/Coordinator, Care Manager/Supervisor, Agency Administrator), Finance & Admin (Biller/Coder, HR/Recruiter, Compliance/QA), plus Owner/System Admin and the Family/Client portal role. Assign one and the right permissions apply automatically.
Is role-based access HIPAA-compliant?
Role-based access control is a core HIPAA safeguard, and BridgeCare OS is built around least privilege. Permission changes and data access are recorded in an immutable audit trail, supporting the access-control and audit-control requirements of the HIPAA Security Rule. It pairs with field-level AES-256 encryption and multi-factor login. See the security model.
Related features
White-label branding · Security · Family portal · Caregiver mobile app · See every screen in the product tour