Compliance & Security
HCE is deployed in regulated environments. Every control is designed to satisfy audit requirements, not retrofitted afterward.
Access control
- Role-based access control with granular per-action permissions
- Role inheritance — derive specialist roles (surgeon, cardiologist) from base roles (physician) without duplication
- Change tracking — every grant, revocation, and role change is audited
HCE does not permit shared user accounts. Every action is attributable to a specific, authenticated user.
Audit trail
Every data mutation in HCE is captured in an immutable audit log with:
- Who performed the action (user, role)
- When it happened
- From where (IP, user agent, workstation)
- What changed (before/after values, with sensitive fields redacted)
- How critical the change is (severity classification derived from the operation)
Audit records are retained for at least seven years (configurable per institution).
Sensitive fields (passwords, tokens, API keys) are automatically redacted. Clinical free text is preserved but truncated to prevent excessive log growth. The institution retains full ownership of its audit log.
Data ownership
- The institution is the sole data owner — SISMAUS does not retain or process patient data
- Each institution has its own deploy, its own database, and its own operational governance
- Backups are under institutional control
- The institution can export its complete data at any time
Regulatory alignment
HCE is designed to support:
| Framework / Requirement | How HCE addresses it |
|---|---|
| ISO 27001 | Access control, complete audit trail, change management, incident response aligned with the SISMAUS ISMS |
| HIPAA-equivalent protections | Encryption at rest and in transit, authorization enforcement, audit logging, data minimization |
| SIGSA reporting (Guatemala MSPAS) | Native report generation from operational data — SIGSA 3H, 7, 8 |
| GDPR-style data rights | Data residency within the institution, support for access and erasure requests |
| Local patient identity standards | National ID (DPI) support with composite identification for minors |
Encryption
- In transit — all traffic uses TLS 1.2 or higher
- At rest — database and file storage encrypted at rest by the hosting platform
- Sensitive credentials (such as AI provider keys) are encrypted at the application layer with institution-specific keys
AI privacy controls
See AI Clinical Support for detail. Summary:
- On-premise by default
- Institution-gated external providers
- Server-constructed prompts (no raw user input forwarded)
- Per-call audit
Business continuity
- Standalone operation — HCE operates fully when disconnected from the SISMAUS Control Plane (rural hospital scenario)
- Resilient caching — license and configuration cached with time-bounded fallback
- Graceful degradation — feature flags allow specific capabilities to fail open or closed as configured
Support and licensed documentation
Deep technical documentation — including architectural diagrams, integration internals, threat model, and deployment runbooks — is available to customers with an active support agreement. This level of detail is not published publicly to minimize attack surface for government healthcare deployments.
Contact your SISMAUS account manager or open a support ticket to request access.