Data Processing and Clinical Governance
Regenemm Healthcare's public posture for governed data processing, Hub-and-Spoke clinical control, patient-controlled sharing, AI workflows, and breach response.
Data Processing and Clinical Governance
Regenemm Healthcare is designed for clinical workflows where data handling must be governed, attributable, consent-aware, and reviewable.
Regenemm Voice acts as the Hub and clinical control plane. Spokes provide bounded workflow surfaces. The Edge Connector securely ingests approved external data flows. Regenemm Link supports patient-controlled records and sharing. Regenemm Connect supports standards-based interoperability. The Knowledge Base supports evidence retrieval. Agentic assistants operate only inside declared workflow, role, consent, tool, audit, and review boundaries.
This page describes Regenemm's intended public posture for data processing and clinical governance. It is not a signed data processing agreement or legal addendum. Contract artefacts require legal review before use.
Processing Principles
Regenemm is designed around the following principles:
- clinical data is processed for declared healthcare, administrative, interoperability, patient-authorised, or governance purposes;
- durable clinical state returns to the Regenemm Voice Hub;
- Spokes do not operate as independent permanent clinical truth stores;
- patient-controlled records in Regenemm Link are governed by consent and sharing controls;
- MHR-linked workflows require stricter residency, access, and audit controls;
- agentic assistants are bounded workflow participants, not autonomous clinicians;
- material clinical outputs require appropriate human review before clinical reliance or external release;
- provenance and audit records should be retained for material data access, workflow actions, agent activity, review decisions, and release events.
Data Categories
Depending on the deployment and modules in use, Regenemm may process:
| Data category | Examples |
|---|---|
| Clinical source data | consultations, referrals, reports, correspondence, pathology, radiology |
| Patient-controlled records | Regenemm Link records, patient uploads, sharing grants, carer access |
| Interoperability data | SMART on FHIR, EMR, MHR-related, HL7, HealthLink, PMS-related data |
| Workflow data | tasks, care-team graph events, escalation records, release gates |
| Agentic workflow data | agent prompts, inputs, outputs, tool calls, policy checks, run traces |
| Audit and provenance data | access records, source attribution, review events, release decisions |
| Credentials and integration secrets | API credentials, tokens, webhook secrets, system integration credentials |
| Knowledge retrieval data | indexed literature references, retrieval metadata, evidence summaries |
Intended Processing Controls
Clinical data processing should declare purpose, system boundary, data class, role access, retention expectation, audit requirement, and release pathway.
Processing controls are intended to support:
- authorised collection and use;
- role-based access;
- minimum-necessary data handling;
- auditability;
- provenance;
- release review where clinically material;
- data residency and provider review;
- retention, export, and deletion governance.
Patient Data and AI
Regenemm's intended operating model is that identifiable patient records are not used to train foundation models by default.
Where AI assists with documentation, triage, retrieval, summarisation, billing support, medicolegal preparation, or workflow coordination, it must operate inside declared governance boundaries. These boundaries include role, purpose, consent, permitted tools, permitted data classes, audit, escalation, and human review.
Hub-and-Spoke Processing Model
Regenemm Voice acts as the Hub and clinical control plane.
Spokes are designed to contextualise bounded workflows and return governed state to the Hub where persistence is required.
No Spoke should operate as an ungoverned system of record.
The design rule is:
Spokes contextualise.
The Hub governs and persists.
Clinical Workflow Outputs
Clinically material outputs should preserve review state, release state, source information, and provenance where supported by the implementation.
AI-assisted outputs should remain distinguishable from reviewed and released clinical outputs.
Patient-facing, clinician-facing, interoperability, billing, and medicolegal release pathways should be governed by purpose, authority, review, and auditability.
Knowledge Retrieval
The Knowledge Base may support evidence-grounded retrieval, but it should not override patient-specific clinical truth governed by the Hub.
Evidence retrieval should support care workflows while preserving patient-specific context, source awareness, and human review where clinically material.
Edge Ingestion
The Edge Connector supports secure ingestion from approved sources and should feed governed ingestion events back into Hub governance.
Edge ingestion should preserve source, data class, pathway, timestamp, and Hub return path where supported.
The Edge Connector is designed to operate close to local clinical systems and approved data sources. It may receive or observe authorised flows such as HL7, HealthLink, pathology, radiology, PMS signals, or local server exports.
The Edge Connector should not become an ungoverned long-term clinical record store.
Patient-Controlled Sharing and Interoperability
Regenemm Link supports patient-controlled sharing and record continuity. Sharing workflows should preserve purpose, recipient, scope, release state, and revocation state where supported.
Regenemm Connect supports interoperability workflows. External exchange should preserve source, destination, mapping, authority, and auditability where supported.
Regenemm Link is designed as the patient-controlled continuity surface. Patients should be able to organise, update where supported, and share health information according to consent, role, and purpose.
Regenemm Connect is intended to support SMART on FHIR, EMR integration, MHR pathways, and controlled mapping between external systems and Regenemm domain objects. Interoperability is treated as a governed boundary, not a free data pipe.
Sub-processors and Service Providers
Regenemm should maintain a current register of service providers that may process platform data.
For each provider, the register should identify:
- service purpose;
- data classes processed;
- region;
- retention profile;
- encryption profile;
- clinical data exposure;
- contractual safeguards;
- breach notification pathway;
- approved environments.
No provider should be approved for clinical data handling unless it has been assessed against Regenemm's privacy, security, data residency, and healthcare governance requirements.
Data Residency
For Australian healthcare workflows, Regenemm is designed with an Australia-first residency posture for patient clinical data, MHR-linked data, Link vault data, clinical audit logs, agentic run traces containing patient data, credentials, and clinical documents.
Any overseas processing path should require explicit review, documented approval, technical controls, and auditability.
Breach Response
Regenemm should maintain incident-response and breach-assessment processes that support:
- containment;
- investigation;
- harm assessment;
- customer notification;
- regulator notification where required;
- patient notification where required;
- remediation;
- post-incident review.
Data Access and Deletion
Regenemm should support lawful and operationally safe processes for access, correction, export, retention review, and deletion requests.
Clinical record retention, medicolegal obligations, audit requirements, MHR-related obligations, and healthcare regulations may limit when data can be deleted or altered.
Contact
For privacy, data governance, or security enquiries: