TRUST & GOVERNANCE
Trust Framework
Built on transparency, safety-first policies, and rigorous governance.
🛡️
TRUST
HIPAA
DPDP
GDPR
SOC2
AUDIT
LOG
01/04MODULE: CORE POLICY
Abstain-When-Uncertain Policy
HARD RULE
If confidence < threshold → ABSTAIN
- →No reassurance when uncertain
- →No optimization when data is insufficient
- →No forced pathway when confidence is low
- →Always recommend clinician evaluation when abstaining
WHEN WE ABSTAIN
Low signal quality
Conflicting signals
Missing critical data
Unreliable measurements
Insufficient time-series window
02/04MODULE: GOVERNANCE
Governance Framework
📊
Versioned Models
All ML models are versioned, logged, and auditable
📝
Audit Logs
Every decision is logged with full traceability
📈
Performance Monitoring
Continuous monitoring for model drift and performance
03/04MODULE: AUDIT LOGS
Audit Log System
LOG STRUCTURE
| Field | Description | Retention |
|---|---|---|
| Timestamp | Exact time of decision | 7 years |
| Service ID | Which wing processed the request | 7 years |
| Input Hash | Anonymized input fingerprint | 7 years |
| Output | Risk band, confidence, next step | 7 years |
| Model Version | Exact model version used | 7 years |
| Abstain Reason | If abstained, why | 7 years |
| Clinician Override | If overridden, by whom and when | 7 years |
04/04MODULE: PRIVACY & SECURITY
Privacy & Security Posture
COMPLIANCE
HIPAAReady
DPDP (India)Aligned
GDPR (EU)Compliant
SOC2Roadmap
SECURITY MEASURES
- ✓End-to-end encryption for data in transit
- ✓Encryption at rest for stored data
- ✓Data minimization principles
- ✓Regular security audits
- ✓Access controls and authentication
- ✓Incident response procedures
DATA ETHICS PRINCIPLES
- • Collect only what is required
- • Process only for stated purpose
- • Retain only as long as needed
- • Delete on request
- • Never monetize patient data
- • No diagnosis language to patients
- • No fear-based outputs
- • Clear next-step framing