Security & Compliance
Built for regulated healthcare. By design, not by patch.
Hospitals run on trust. zMed's security posture is a property of the platform — the same controls in every deployment, every unit, every country.
By Design
Certification Pathway
Audit Workflows Supported
"By Design" denotes platform architecture; "Certification Pathway" denotes programmes in progress; "Audit Workflows Supported" denotes accreditation regimes the platform produces evidence for. Use of any mark denotes platform support, not certification, unless separately stated.
Where your data lives
One picture: what stays inside, and the only way anything leaves.
In plain words: bedside devices, the clinical record, your hospital systems and your clinical teams all operate inside the hospital boundary — on-premises or in sovereign in-country cloud, your choice. The only path that crosses the boundary is the optional cloud-AI call, and every such request passes a redaction gate that de-identifies protected health information first. Patient data is never used to train shared or third-party models. Choose fully on-premises AI and even that path disappears.
Controls
What your IT and compliance teams will ask. Answered.
Role-based access, everywhere
Every screen, every action and every report is scoped by role, unit and shift. A nurse, an intensivist and a billing clerk see different systems on the same record.
One audit log, end to end
Every chart action, every AI suggestion, every override, every configuration change — captured with clinician identity, timestamp and prior value. The audit log is the inspector's primary artefact.
Encryption in transit and at rest
All traffic is encrypted in transit; clinical data is encrypted at rest. Access to production data is logged and reviewed.
PHI never leaves your boundary
AI models can run fully on-premises. When a cloud model is used, protected health information is redacted and de-identified by automated detection tooling before any request leaves your environment — and your patient data is never used to train shared or third-party models.
Data residency, your choice
On-premises, sovereign in-country cloud, or hybrid — Indian patient data can stay in India, US data in the US. The choice is the hospital's, and every option is supported as standard.
Advisory-only intelligence
The platform makes no diagnosis, prescribes no medication, orders no procedure and discharges no patient. Every output is a recommendation a clinician reviews — the chain of clinical responsibility is preserved at every step.
Deployment topologies — on-premises, sovereign cloud, hybrid and the edge appliance — are covered in detail here →
Audit readiness
The inspector reads from the system, not from someone's email.
Accreditation audits, statutory inspections and payer reviews all draw from the same canonical record — every figure in every report traceable back to the chart entry that produced it, every register serially numbered and tamper-evident.
Operations
Availability and the parties involved.
Availability & continuity
Service levels are committed contractually per deployment. The architecture is built for the outage you will eventually have: in hybrid deployments the bedside chart keeps running against a per-unit edge appliance for 24+ hours offline, then syncs and reconciles automatically — audit log intact. Planned maintenance is scheduled with the hospital, never sprung on a shift.
Sub-processors
Fully on-premises deployments involve no sub-processors for clinical data. Where a deployment opts into cloud services (hosting, transactional email, optional de-identified AI calls), the current sub-processor list — with role, region and data category for each — is provided during evaluation and maintained as part of your agreement, with notice before any change.