Skip to content
zMed

Security & Compliance

Built for regulated healthcare. By design, not by patch.

Hospitals run on trust. zMed's security posture is a property of the platform — the same controls in every deployment, every unit, every country.

By Design

HIPAA GDPR HL7 FHIR ABDM

Certification Pathway

HITRUST SOC 2 Type II FedRAMP

Audit Workflows Supported

JCI NABH TJC ACHC

"By Design" denotes platform architecture; "Certification Pathway" denotes programmes in progress; "Audit Workflows Supported" denotes accreditation regimes the platform produces evidence for. Use of any mark denotes platform support, not certification, unless separately stated.

Where your data lives

One picture: what stays inside, and the only way anything leaves.

YOUR HOSPITAL BOUNDARY PHI lives here — on-premises or sovereign in-country cloud, your choice Bedside devices monitors · ventilators · pumps no patient identity on devices Clinical teams role-scoped access every action audit-logged unit · role · shift scoping One clinical record encrypted at rest encrypted in transit single end-to-end audit log: who · what · when · prior value scores & alerts computed here, inside the boundary Your HIS LIS · RIS standard interfaces, inside the boundary REDACTION GATE PHI de-identified before anything leaves Cloud AI (optional) de-identified requests only never used to train models THE ONLY OUTBOUND PATH fully on-premises AI removes even this

In plain words: bedside devices, the clinical record, your hospital systems and your clinical teams all operate inside the hospital boundary — on-premises or in sovereign in-country cloud, your choice. The only path that crosses the boundary is the optional cloud-AI call, and every such request passes a redaction gate that de-identifies protected health information first. Patient data is never used to train shared or third-party models. Choose fully on-premises AI and even that path disappears.

Controls

What your IT and compliance teams will ask. Answered.

Role-based access, everywhere

Every screen, every action and every report is scoped by role, unit and shift. A nurse, an intensivist and a billing clerk see different systems on the same record.

One audit log, end to end

Every chart action, every AI suggestion, every override, every configuration change — captured with clinician identity, timestamp and prior value. The audit log is the inspector's primary artefact.

Encryption in transit and at rest

All traffic is encrypted in transit; clinical data is encrypted at rest. Access to production data is logged and reviewed.

PHI never leaves your boundary

AI models can run fully on-premises. When a cloud model is used, protected health information is redacted and de-identified by automated detection tooling before any request leaves your environment — and your patient data is never used to train shared or third-party models.

Data residency, your choice

On-premises, sovereign in-country cloud, or hybrid — Indian patient data can stay in India, US data in the US. The choice is the hospital's, and every option is supported as standard.

Advisory-only intelligence

The platform makes no diagnosis, prescribes no medication, orders no procedure and discharges no patient. Every output is a recommendation a clinician reviews — the chain of clinical responsibility is preserved at every step.

Deployment topologies — on-premises, sovereign cloud, hybrid and the edge appliance — are covered in detail here →

Audit readiness

The inspector reads from the system, not from someone's email.

Accreditation audits, statutory inspections and payer reviews all draw from the same canonical record — every figure in every report traceable back to the chart entry that produced it, every register serially numbered and tamper-evident.

Operations

Availability and the parties involved.

Availability & continuity

Service levels are committed contractually per deployment. The architecture is built for the outage you will eventually have: in hybrid deployments the bedside chart keeps running against a per-unit edge appliance for 24+ hours offline, then syncs and reconciles automatically — audit log intact. Planned maintenance is scheduled with the hospital, never sprung on a shift.

Sub-processors

Fully on-premises deployments involve no sub-processors for clinical data. Where a deployment opts into cloud services (hosting, transactional email, optional de-identified AI calls), the current sub-processor list — with role, region and data category for each — is provided during evaluation and maintained as part of your agreement, with notice before any change.

Put your security questions to us