Skip to content

Instantly share code, notes, and snippets.

@decagondev

decagondev/AUDIT.md

Created April 28, 2026 17:47
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save decagondev/fac311e4dc3429fae18e2d4744ebab78 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save decagondev/fac311e4dc3429fae18e2d4744ebab78 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
AUDIT.md

Draft: AUDIT.md One-Page Summary (Ready to Expand)

Key Audit Findings – Clinical Co-Pilot Foundation (≈480 words)

OpenEMR (fork https://github.com/MichaelHabermas/openemr) is a mature, modular LAMP-stack EHR with strong built-in authorization (ACL/gacl), REST + FHIR APIs, and official Docker support. Our Vultr + Docker Compose deployment faithfully reproduces the production pattern the maintainers ship.

Security & HIPAA: Strong ACL model enforces “physician sees own patients.” PHI is protected at the application layer. However, default install requires explicit hardening (HTTPS via container Let’s Encrypt, host firewall, DB encryption, immutable logs). Our VPS gives us complete control — critical for the PDF’s compliance requirements. No data is sent to LLMs yet; we will enforce BAA-equivalent boundaries.

Performance: Single-container PHP/Apache + MariaDB handles demo data instantly. Bottlenecks will appear only at scale (concurrent users + complex queries). Our git-pull workflow keeps latency negligible for the 90-second physician window.

Architecture: Clean separation (interface/, library/, apis/, custom/). Extension points are excellent: custom modules (via skeleton repo) + REST API allow us to embed the agent without forking core logic. Data lives in normalized MySQL tables (patients, encounters, prescriptions, labs). Direct DB access is possible but we will prefer API calls to respect auth.

Data Quality: Demo data is realistic but incomplete/inconsistent in places (missing notes, varying formats). This is exactly the failure mode the PDF warns about — our verification layer must handle it explicitly.

Compliance & Regulatory: OpenEMR supports audit logging and ONC certification. We must add agent-specific logging (what was queried, by whom, what was returned). Sending PHI to any LLM requires the assumed BAA; our plan keeps all patient context inside the trusted boundary.

Biggest Insight: Skipping the audit would have led us to bolt an external chatbot on top, ignoring OpenEMR’s auth and data model. The audit forces us to integrate cleanly via modules + API, which is the only defensible path for a production clinical tool.

Full audit sections will expand each bullet with concrete findings from the running instance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment