Does Records store patient data or PHI?

No. Records stores only resource IDs, validation run metadata, signal outputs (PASS/WARN/FAIL), configuration fingerprints, and timestamps. Clinical payloads, patient data, PHI/PII, and source FHIR resources are never stored.

Can Records be deployed on-premises?

Yes. Records supports both SaaS (EU-hosted) and on-premises deployment. On-prem installations are air-gap capable and require no external connectivity.

Does Records make governance or compliance decisions?

No. Records produces evidence signals — PASS, WARN, or FAIL. Governance stakeholders make all decisions about acceptance, approval, and enforcement.

Built for trust. Designed for oversight.

How Records handles your data, protects your infrastructure, and safeguards your operations.

Architectural guarantees

Non-negotiable boundaries baked into the architecture.

Read-only

GET and HEAD requests only. Records never writes, modifies, or deletes data on your FHIR server or any external system.

No clinical payload storage

Records stores resource IDs, validation outcomes, and run metadata — never clinical content, patient data, or resource payloads.

Adjacent, not embedded

Deploys alongside your infrastructure as a sidecar. No replacement, no migration — adds capability without disrupting what you already run.

Evidence, not authority

Outputs PASS/WARN/FAIL signals. Your governance team decides whether to ship, investigate, or block. Records never enforces policy.

Non-blocking

Validation happens asynchronously. Zero latency impact on your FHIR server. If Records is unavailable, your systems continue exactly as before.

Vendor-neutral

Works with HAPI, Firely, Blaze, Spark, Medplum, SMART Health IT — any FHIR R4/R5 server. No platform lock-in.

Data handling

What Records reads, what it stores, and where the boundary is.

What Records reads

Records connects to your FHIR server through standard REST APIs. It issues GET and HEAD requests only. It never writes, modifies, or deletes.

What it stores — and what it doesn't

Stored

• Resource IDs
• Validation run metadata
• Signal outputs (PASS / WARN / FAIL)
• Configuration fingerprints
• Timestamps

Never stored

• Clinical payloads
• Patient data
• PHI / PII
• Authentication tokens
• Source FHIR resources

Deployment & access

Your infrastructure, your rules.

Deployment options

SaaS — Hosted by MedVertical

EU-hosted infrastructure
Data processed in-region
Managed updates
Standard HTTPS

Docker / Container

Full-stack or API-only image
Docker Compose included
Air-gap capable
Any container orchestrator

On-Premises

Your network, your control
Air-gap capable
Offline-capable validation
No external connectivity required

Authentication & secrets

Records authenticates to your FHIR server using the credentials you provide.

OAuth2 Client Credentials

Bearer Token

Basic Auth

Open (no auth)

On-Premises

Credentials never leave your network
Environment variables or local config
You control key management

SaaS

EU-based infrastructure
Encrypted at rest
Never logged or exposed in output

Transparency

Retention, logging, support, and compliance — documented openly.

Data retention & lifecycle

Validation metadataRetained for the duration of your subscription. Exportable on request.

Configuration snapshotsRetained per run for reproducibility. Deletable on request.

Clinical payloadsNever stored. There is nothing to retain or delete.

Account deletionOn request, all data can be exported and permanently deleted.

Logging & auditability

All validation runs are logged with:

Timestamp

Unique run ID

Configuration fingerprint

Signal output (PASS/WARN/FAIL)

Resource count and duration

Server endpoint (anonymized in logs)

Logs are available for export. No clinical content is ever included in log output.

Support & incident posture

Key principle

Records operates adjacent to your infrastructure. If Records is unavailable, your FHIR server and all downstream systems continue exactly as before. Records has no write access, no pipeline dependency, and no blocking integration point.

Email supportResponse within 2 business days

Direct founder accessAvailable for early-access evaluators

Downtime impactZero — Records is adjacent, not blocking

Compliance positioning

Records is not a certified medical device. It does not make clinical decisions. It produces evidence signals that your governance stakeholders use to make decisions.

Records is designed to support — not replace — your existing compliance workflows including: audit preparation, vendor acceptance, release gating, and regulatory evidence production.

Transparency notice

MedVertical does not claim ISO 27001, SOC 2, or HIPAA certification. This page documents how the system is architected. Certifications, if pursued, will be listed here when achieved.

Questions about data handling?

We'll walk through the architecture on a call.

Explore Records