Compliance

Meeting healthcare regulatory requirements

Status: pre-certification. This platform is built to align with healthcare compliance standards, but formal certifications are part of our roadmap and are not yet in place. The platform provides clinical decision support and is not a certified medical device.

HIPAA-aligned design

Architected against HIPAA Privacy and Security Rule controls: encryption in transit, audit logging, and least-privilege access. Production roadmap migrates PHI onto HIPAA-eligible AWS services (e.g. AWS HealthLake) under a signed Business Associate Addendum, following the AWS Well-Architected Healthcare Industry Lens.

SOC 2 — roadmap

Engineered toward SOC 2 Type II controls (security, availability, confidentiality). Independent audit and attestation are planned, not yet completed.

GDPR by design

Built on data-minimisation and pseudonymisation principles — the system works from de-identified case data and never requires direct patient identifiers. A full GDPR compliance programme (DPA, records of processing, DPIA) is on the roadmap for EU deployment.