Compliance
Meeting healthcare regulatory requirements
Status: pre-certification. This platform is built to align with healthcare compliance standards, but formal certifications are part of our roadmap and are not yet in place. The platform provides clinical decision support and is not a certified medical device.
HIPAA-aligned design
Architected against HIPAA Privacy and Security Rule controls: encryption in transit, audit logging, and least-privilege access. Production roadmap migrates PHI onto HIPAA-eligible AWS services (e.g. AWS HealthLake) under a signed Business Associate Addendum, following the AWS Well-Architected Healthcare Industry Lens.
SOC 2 — roadmap
Engineered toward SOC 2 Type II controls (security, availability, confidentiality). Independent audit and attestation are planned, not yet completed.
GDPR by design
Built on data-minimisation and pseudonymisation principles — the system works from de-identified case data and never requires direct patient identifiers. A full GDPR compliance programme (DPA, records of processing, DPIA) is on the roadmap for EU deployment.