HealthTech — HIPAA-Compliant Clinical API
Electronic health records API compliant with HIPAA and EU AI Act as a high-risk system.
Electronic health records (EHR) API that must comply with HIPAA. Requirements from medical staff (clinical PDFs), legal (HIPAA doc), integrators (partial OpenAPI), and UX (Figma wireframes). The EU AI Act also applies if marketed in the EU as a high-risk system.
Clinical and legal requirements
Processes clinical, legal requirements, partial OpenAPI, and Figma wireframes.
intake init "EHR API Platform" \
--source docs/hipaa-compliance-requirements.pdf \
--source docs/clinical-workflows.pdf \
--source api/openapi-partial.yaml \
--source designs/patient-flow.png \
--mode enterpriseImplementation with HIPAA guardrails
Implements FHIR resources with strict guardrails for health data.
architect pipeline pipelines/fhir-resource.yaml \
--var resource="Patient" \
--var spec_dir="specs/ehr-api/"PHI and medical security
Verifies connection strings, crypto algorithms, PHI logging, and endpoint authentication.
vigil scan src/ --format sarif --output vigil-ehr.sarifCompliance for AI-powered medical software
FRIA for high-risk medical system, Annex IV, OWASP Agentic evaluation for patient data access.
licit init && licit trace
licit fria
licit annex-iv
licit connect vigil --sarif vigil-ehr.sarif
licit report --format markdown
licit verify --min-score 80 --framework eu-ai-actMedical software is a high-risk system under the EU AI Act. licit generates the FRIA documenting the impact on the right to health. Provenance tracking identifies which PHI-handling endpoints were AI-generated, critical for HIPAA audits.