Built to be evaluated safely — then taken to real data, carefully.
Every step below is tagged. The first three and the last are live today. The path to real data is a future, gated step with conditions — and we describe it that way.
One system, role-based
You log in once; your role decides which modules and actions you see. Permissions are checked on every route by the server, not just hidden in the UI.
Flag, recommend, decide
Be Healthcare Ready surfaces risk and next steps; a human approves or overrides with a recorded reason. Consequential actions write to an append-only audit trail that survives reset.
Synthetic-first, zero-PHI
Today everything runs on synthetic data with no protected health information, enforced by tests. This is deliberate — it lets you evaluate the whole system safely before any real data is involved.
How you know it works
One command runs the full automated suite across every module plus compile, policy, and contract gates; the last run was green. Status indicators are live health polls — if a service stops, its card goes red.
Handling real healthcare data is the hard part — and we treat it that way.
Real data only flows after a signed BAA and our governed boundary are in place. Until then, synthetic only. The safe pattern requires three things — all future and gated:
1 · Provider-minted token
A provider-minted, HMAC-keyed token means we receive a pseudonym plus public codes — never the raw record number. An MRN or account number is itself a HIPAA identifier.
2 · Signed BAA
A signed Business Associate Agreement must be in place before any real token crosses into the system.
3 · Governed boundary
Encryption-at-rest, TLS, and a multi-year immutable audit trail — with FHIR and healthcare datasets kept no-touch until the gate clears.