Is HIPAA compliance solely Caily's responsibility?

No. HIPAA compliance is a shared responsibility. Caily fulfills its obligations as a Business Associate under a BAA. Your community, as the covered entity, is responsible for how staff access and use the platform in accordance with your own HIPAA policies.