RelyCare is an AI-powered platform built specifically for speech-language pathology clinics. It automatically generates clinical SOAP notes from session audio recordings and manages parent communication via a 24/7 WhatsApp assistant.

How does RelyCare generate SOAP notes?

During a therapy session, the therapist records audio using the RelyCare app. When the session ends, RelyCare automatically transcribes the audio, extracts clinical data including trial counts, cue hierarchy, and accuracy percentages, and generates a complete SOAP note within 30 seconds. The therapist reviews and approves the note before it is saved to the patient record.

Is RelyCare compliant with South African data protection law?

Yes. RelyCare is fully POPIA compliant. All clinical data is encrypted at rest using AES-256 encryption. Session audio is deleted after transcription. Each clinic's data is completely isolated using row-level security. RelyCare operates under a signed Data Processing Agreement with all infrastructure providers.

How does the WhatsApp parent assistant work?

RelyCare connects to your clinic's WhatsApp Business number. When a parent messages the clinic, the AI assistant responds automatically using the child's actual session data. Parents can ask about homework, session progress, and appointments at any time of day. Anything the assistant cannot handle is escalated to the therapist.

What languages does RelyCare support?

RelyCare supports English, Afrikaans, Arabic, and Hindi for parent communications and session summaries. Clinical SOAP notes are always generated in professional English as required by South African healthcare standards.

How much does RelyCare cost?

RelyCare offers two plans. The Solo plan is $49 per month for individual speech therapists. The Clinic plan is $149 per month for multi-therapist practices. Both plans include a 14-day free trial with no credit card required.

How is RelyCare different from Heidi Health?

Heidi Health is a general medical scribe built for doctors. RelyCare is built exclusively for speech-language pathologists. RelyCare understands SLP-specific clinical concepts like cue hierarchies, trial counting, and phonological error patterns. RelyCare also includes a WhatsApp parent communication assistant and monthly parent progress reports — features Heidi does not offer.

Can I use RelyCare for group therapy sessions?

Yes. RelyCare supports group sessions with individual SOAP notes generated per patient from a single session recording. Each child in the group receives their own clinical documentation, parent summary, and homework assignment.

Speech Therapy Documentation Requirements in South Africa: What Every SLP Needs to Know

Running a speech therapy practice in South Africa means operating under two compliance frameworks simultaneously. The HPCSA sets the clinical standard for how you document patient care. POPIA sets the legal standard for how you store, protect, and handle the personal information inside those records.

Most SLPs know both exist. Far fewer have a clear picture of exactly what each one requires — and where the gaps in their current systems are.

This is not a textbook summary. It's a practical guide to what actually affects how your clinic operates.

What the HPCSA requires

The HPCSA's position on clinical records is set out in Booklet 9 of the Guidelines for Good Practice in the Healthcare Professions. The standard it establishes is straightforward: a colleague who has never met your patient should be able to pick up your file and continue their care without asking a single clarifying question.

That sounds simple. In practice it means every record must contain:

Full demographic details — name, date of birth, contact information, medical aid details if applicable

Referral source and reason for referral

Comprehensive case history

Assessment findings with standardised test scores where applicable

Your clinical impressions and differential considerations

A documented treatment plan with measurable goals

Progress notes in SOAP format for every session

Copies of any correspondence — reports sent to schools, referral letters, medical aid motivation letters

Consent documentation

Not most of those things. All of them, for every patient, every session.

The standard does not make allowances for a heavy caseload, a difficult patient, or a day where the admin piled up. It also does not make allowances for inconsistency between therapists in the same practice. If one of your therapists writes thorough notes and another writes three-line summaries, the HPCSA's standard applies to both files equally.

The records retention rules most clinics get wrong

The six-year rule is widely known. You must retain clinical records for a minimum of six years from the date the record became inactive — meaning from the date of the patient's last visit.

The pediatric rule is less consistently applied, and it carries more risk.

For any patient who was a minor at the time of treatment, records must be retained until that patient's 21st birthday. Not six years from their last session. Until they turn 21.

The Pediatric Reality

"This means if you treated a two-year-old and they completed therapy at age four, you are legally required to hold that record for another 17 years. If you treated a seven-year-old for two years and they turned nine when they discharged, you need to keep that file until 2037."

For a pediatric SLP practice, this is not a minor administrative detail. It means you are managing records with retention periods of up to 19 years on some files. A physical filing system or an unstructured cloud folder starts to look very different when you think about it in those terms. The practical question this raises is not just where you store records — it is whether the system you are currently using will still exist, be accessible, and be organised enough to retrieve a specific file in 2037 if you need to.

What POPIA actually requires of your practice

POPIA classifies health information as a special category of personal data. This is the highest tier of protection the Act provides. It means that as a practice owner, every piece of patient data your clinic handles — clinical notes, session audio, WhatsApp messages, assessment reports — is subject to the Act's most stringent requirements.

As the practice owner, you are the responsible party. That term has a specific legal meaning under POPIA: you determine the purpose and means of processing personal information. The obligations attach to you, not to the software you use or the staff member who handles admin.

Consent

Explicit, informed consent must be obtained from the legal guardian before you begin processing a child's personal information. This consent needs to cover what data you collect, how you store it, who has access to it, and what you use it for. A verbal agreement at intake does not meet this standard. A general clinic registration form with a single checkbox probably does not either. The consent record itself must be retained as part of the clinical file.

Security

You must take reasonable measures to prevent unauthorised access to personal information. POPIA does not specify a particular technical standard, but AES-256 encryption for data at rest and TLS encryption for data in transit are the current benchmarks for what regulators and courts consider reasonable in a healthcare context.

Access controls matter too. Not everyone in your practice needs access to every patient's file. Your billing admin does not need to read clinical notes. Your reception staff does not need access to session transcripts.

Breach notification

If a data breach occurs and it poses a risk to your patients, you are required to notify both the Information Regulator and the affected patients as soon as reasonably possible. There is no fixed 72-hour window the way GDPR specifies, but the Information Regulator has indicated it expects prompt notification. Having an incident response plan before something happens is not overcautious — it is part of reasonable security practice.

The WhatsApp problem

This is the area where most South African SLP practices currently have the most exposure — often without realising it.

WhatsApp is deeply embedded in how South African healthcare communicates. Parents expect to reach their child's therapist on WhatsApp. Therapists send session updates, homework reminders, and appointment confirmations there. It is fast, familiar, and convenient.

The problem is not the platform. The problem is how most practices use it.

Unmanaged Exposure

"A personal WhatsApp account used to communicate clinical information has no organizational access controls, no audit trail, no formal consent framework, and no data retention or deletion mechanism. When a therapist leaves, those conversations go with them."

Under POPIA, this is not a technical violation that regulators are likely to go after immediately. But it is genuine exposure. If a complaint is made, if a record is subpoenaed, or if a breach occurs, the question of whether you took reasonable measures to protect patient information will be answered in part by looking at how you used WhatsApp. The compliant path is not to stop using WhatsApp — it is to use it through a verified WhatsApp Business channel with documented consent, organisational access controls, and a clear data handling policy that covers what is communicated through it and how long those records are kept.

Where practices actually fall short

Based on what SLP clinic owners consistently describe, the documentation failures tend to cluster in predictable places:

Note quality is inconsistent

The principal therapist writes detailed SOAP notes. Junior staff write abbreviated summaries. Locums have no consistent standard at all. The HPCSA holds the practice owner accountable for the standard of records kept under their name.

Consent documentation is incomplete

Families sign intake forms, but they do not specifically address digital record storage, AI-assisted tools, or third-party communication. As more practices adopt technology, the consent framework needs to keep up.

Retention is not actively managed

Records pile up without a system for tracking dormancy or relevant retention expiration. Pediatric files stay in the same stack as adult files with no distinction made for the different retention obligation.

Session audio accumulates indefinitely

If you use any recording or transcription tool, the audio files from sessions are health data under POPIA. Storing them indefinitely without a deletion policy is a compliance gap.

Documentation shouldn't be your clinic's bottleneck.

Try RelyCare free for 14 days. No credit card required. Automate your SOAP notes and give your team hours back every week.

What a compliant system actually looks like

You do not need a compliance officer or a legal team to run a POPIA and HPCSA compliant practice. You need four things working together:

1. Defined Documentation Standard

A SOAP structure every therapist follows consistently, with a defined review process that catches shortcuts before they become habits.

2. Secure Storage & Access

Cloud-based systems using AES-256 and role-based access. Physical filing in an office does not meet the standard without meaningful physical controls.

3. Specific Consent Framework

Documentation that specifically references AI-assisted tools and digital communication platforms if you use them in your actual workflows.

4. Active Retention Policy

Distinguishes between adult and pediatric records and has a defined deletion process for data reaching the end of its retention period.

The bottom line

HPCSA compliance and POPIA compliance are not separate problems. They are the same problem approached from two directions. The HPCSA tells you what clinical information you need to capture and how long you need to keep it. POPIA tells you how to protect it while you hold it and what obligations you have when you process it.

A practice that is strong on clinical documentation but weak on data security is half-compliant. A practice that has good technical security but inconsistent note quality is also half-compliant.

"Getting both right is an infrastructure decision as much as a clinical one. The practices that handle it well are the ones that have built systems — not relied on individual therapists to make good decisions under pressure."