Security and Clinical Governance
Regenemm Healthcare's security and clinical governance posture across Hub-and-Spoke architecture, agentic workflows, data residency, provider review, and responsible disclosure.
Security and Clinical Governance
Trust is the foundation of clinical software.
Regenemm Healthcare is designed for real healthcare workflows where privacy, security, consent, provenance, auditability, and human review are core architectural requirements.
Regenemm Voice acts as the Hub and clinical control plane. Spokes provide bounded workflow surfaces. The Edge Connector securely ingests approved clinical and administrative data flows. Regenemm Link supports patient-controlled records and sharing. Regenemm Connect supports standards-based interoperability. The Knowledge Base supports evidence retrieval. Agentic assistants operate only inside declared workflow, role, data, consent, audit, and review boundaries.
Healthcare data is not treated as ordinary SaaS data.
Related public governance pages include the Privacy Policy, Data Processing and Clinical Governance page, Data Residency page, and Responsible Disclosure page.
Core Security Principles
Regenemm is designed around the following principles:
- Clinical data minimisation: clinical data is collected and processed only for declared healthcare, administrative, interoperability, support, security, or patient-authorised purposes.
- Hub-governed permanence: durable clinical state, audit records, provenance, documents, and release artefacts return to Regenemm Voice.
- No independent Spoke clinical truth: Spokes provide workflow-specific surfaces but must not become ungoverned permanent clinical record stores.
- Patient control through Link: Regenemm Link is designed for patient-controlled records, sharing, consent, and carer or clinician access.
- Secure ingestion through Edge Connector: approved HL7, HealthLink, pathology, radiology, PMS, and local server signals feed into the Hub through governed ingestion pathways.
- Standards-based interoperability through Connect: Regenemm Connect supports SMART on FHIR, EMR, and MHR pathways where configured and authorised.
- Least-privilege access: users, services, agents, and machines should access only what their role, purpose, and workflow require.
- Encryption posture: data is protected in transit and at rest using appropriate encryption controls.
- Credential isolation: secrets, tokens, API keys, and integration credentials are separated from ordinary application data and access-controlled.
- Audit and provenance: material reads, writes, releases, agent actions, human reviews, policy decisions, and ingestion events should be attributable and reviewable.
- No patient data in telemetry by default: telemetry and analytics should not contain identifiable patient information or clinical payloads unless explicitly approved for a controlled operational purpose.
- Human review for material clinical outputs: AI-generated or agent-assisted outputs require appropriate clinical review before material reliance, patient-facing release, or external disclosure.
- No identifiable patient-data training by default: identifiable patient records are not used to train foundation models by default.
- Security review and testing: Regenemm maintains security review, dependency review, vulnerability-management, and penetration-testing readiness activities.
- Incident response: suspected security or privacy incidents are assessed, contained, investigated, and escalated through defined response processes.
Clinical Data and AI
Regenemm is designed so that identifiable patient records, clinical documents, agent-run traces, patient-controlled records, and MHR-linked information are governed assets.
Regenemm's intended operating posture is:
- patient records are not used to train foundation models by default;
- patient data is processed only for declared clinical, administrative, interoperability, or patient-authorised purposes;
- agentic assistants operate inside defined workflow, role, consent, tool, data, release, and audit boundaries;
- clinically material outputs require appropriate human review before clinical reliance or external release;
- material data movement should be attributable, reviewable, and auditable.
Where AI systems assist with documentation, triage, summarisation, retrieval, or workflow support, they do so inside Regenemm's governance model. AI assistance does not replace clinical responsibility.
Hub-and-Spoke Security Model
Regenemm is built around a Hub-and-Spoke architecture.
Regenemm Voice is the Hub. It governs:
- clinical state;
- identity;
- access;
- consent;
- audit;
- provenance;
- workflow orchestration;
- data permanence;
- release controls;
- agentic task governance.
Spokes provide bounded workflow surfaces, including:
- Hospital Hub;
- Home Hub;
- Regenemm Link;
- Billing;
- Triage;
- Medicolegal workflows;
- Knowledge Base;
- Regenemm Connect;
- Edge Connector.
The security rule is:
Spokes contextualise.
The Hub governs and persists.
Durable clinical records, audit events, release artefacts, and material workflow state return to the Hub through governed APIs.
Edge Connector Security
The Edge Connector is designed to operate close to approved clinical systems and local data sources.
It may receive or observe authorised flows such as:
- HL7;
- HealthLink-related messages;
- pathology reports;
- radiology reports;
- practice management system signals;
- approved local server folders;
- approved clinical-system exports.
The Edge Connector feeds governed ingestion events into Regenemm Voice. It should not become an ungoverned long-term clinical record store.
Edge Connector controls may include:
- secure network connectivity;
- source-system attribution;
- message fingerprinting;
- ingestion audit records;
- replay controls;
- failure queue visibility;
- local retention limits;
- Hub-first routing;
- Tailscale-wrapped connectivity where configured.
Link, Connect, and Knowledge Base
Regenemm Link supports patient-controlled sharing and record continuity. Sharing should preserve purpose, recipient, scope, release state, and revocation state where supported.
Regenemm Connect supports standards-based interoperability pathways. External exchange should preserve source, destination, mapping, authority, and auditability where supported.
The Regenemm Knowledge Base supports evidence retrieval and clinical reference workflows. Knowledge retrieval does not override patient-specific clinical truth. Patient-specific clinical state remains governed by Regenemm Voice and reviewed through the appropriate clinical workflow.
Authentication and Access
Regenemm access should be identity-bound and role-aware.
Depending on deployment, supported identity patterns may include:
- organisation-managed sign-in;
- clinician identity controls;
- patient account access;
- service account access for integrations;
- agent identity for agentic workflow workers;
- machine identity for Edge Connector and infrastructure services.
Agentic assistants are treated as bounded system participants. They require declared roles, tool permissions, data grants, and audit logging. They must not bypass Hub policy, consent, or human review requirements.
Agentic Workflow Security
Regenemm agentic assistants are treated as bounded workflow participants.
They are not autonomous clinicians.
Agentic assistants may support tasks such as:
- documentation drafting;
- summarisation;
- evidence retrieval;
- missing-item detection;
- escalation preparation;
- billing support;
- medicolegal chronology preparation;
- patient education draft preparation.
Each agentic workflow should be governed by a Care Graph Contract defining:
- workflow purpose;
- human participants;
- agent roles;
- permitted tools;
- permitted data classes;
- forbidden actions;
- escalation rules;
- human review requirements;
- audit events;
- release gates;
- network boundaries.
Agentic assistants should operate only within declared workflow, role, data, tool, consent, audit, release, network, and human-review boundaries.
Agentic assistants must not:
- bypass Hub governance;
- silently mutate clinical truth;
- make final clinical decisions;
- release patient-facing material without an authorised release gate;
- access clinical servers directly outside declared policy;
- use identifiable patient data for model training by default.
Audit, Provenance, and Release Gates
Material reads, writes, releases, reviews, policy decisions, ingestion events, and agent actions are designed to generate audit events where supported by the implementation.
Release gates are intended to prevent unreviewed or unauthorised patient-facing, clinician-facing, external, medicolegal, billing, interoperability, or Hub-persistent release.
Data Residency and Hosting Posture
Regenemm is made in Australia and is designed with Australian healthcare requirements in mind.
For Australian healthcare workflows, Regenemm's intended posture is Australia-first hosting and processing for:
- patient clinical information;
- Regenemm Link patient vault data;
- MHR-linked data;
- clinical documents;
- audit and provenance records;
- agentic run traces containing patient information;
- credentials and integration secrets.
Any overseas processing path should be assessed, documented, contractually controlled, technically governed, and disclosed where appropriate.
MHR-linked workflows may require stricter residency, access, and audit controls.
AI Data Use
Regenemm's AI systems are designed to support clinicians, patients, and care teams inside governed workflows.
Identifiable patient records are not used to train foundation models by default.
Where AI or agentic assistants process clinical information, that processing must be tied to an authorised workflow purpose, role, data grant, tool grant, consent or access basis, audit event, and review pathway.
Provider Review
Infrastructure, AI, analytics, observability, support, and integration providers should be reviewed before use in sensitive workflows.
Provider review should consider data classes, regions, retention, telemetry, training posture, contractual protections, security controls, privacy posture, and incident response.
Provider registers should identify service purpose, data categories processed, hosting region, retention posture, clinical data exposure where applicable, contractual safeguards, data processing terms, breach notification pathway, and approved environments.
Assurance Roadmap
Regenemm is building toward formal external assurance.
The current security and governance roadmap includes alignment work across:
- ISO/IEC 27001 information security management;
- ISO/IEC 42001 AI management systems;
- SOC 2 readiness;
- HIPAA-aligned controls and Business Associate Agreement support for eligible US healthcare deployments;
- GDPR-aligned data handling where relevant;
- Australian privacy and health information obligations;
- security review, vulnerability management, and incident response.
Formal independent assessments, attestations, and audit reports will be published or made available to eligible customers as they are completed.
Regenemm does not claim formal external assurance status until the relevant assessment is complete.
For security review or audit documentation requests, contact security@regenemm.com.
Payments, Billing, and Analytics
Where payment systems are used, payment-card processing should be handled by specialist payment providers. Regenemm should not store full payment-card numbers inside the clinical platform.
Billing workflows inside Regenemm remain separate from payment-card processing. Billing documentation, claim evidence, clinical support material, and audit records remain governed healthcare data.
Regenemm should minimise website and product analytics collection. Analytics should be configured to avoid collecting clinical content, patient records, consultation text, uploaded documents, identifiable clinical context, or agentic run payloads.
Security Review and Responsible Disclosure
Suspected security incidents or data breaches should be triaged, contained, investigated, documented, and escalated according to severity and regulatory impact.
Responsible disclosure pathways should support good-faith reporting while protecting patients, clinical records, live care workflows, and production systems.
Security vulnerabilities should be reported privately so they can be investigated and remediated safely.
Reports should include:
- affected system or URL;
- description of the issue;
- reproduction steps;
- potential impact;
- contact details for follow-up.
Security reports can be sent to security@regenemm.com.
Frequently Asked Questions
Where Is Patient Data Stored?
For Australian healthcare workflows, Regenemm is designed with an Australia-first hosting and processing posture for patient clinical information, patient vault data, clinical documents, audit records, credentials, and agentic run traces containing patient information.
Specific hosting and residency details may vary by deployment and customer configuration.
Who Can Access Clinical Data?
Access is designed to be role-based, purpose-bound, and least-privilege. Clinicians, staff, patients, services, and agents should only access information needed for their declared workflow role.
How Does Regenemm Handle AI Model Training?
Identifiable patient records are not used to train foundation models by default.
AI assistance is designed to operate inside governed workflows with audit, review, and release controls.
What Happens If There Is a Security Incident?
Regenemm maintains incident-response processes for suspected security or privacy incidents. These include triage, containment, investigation, severity assessment, customer notification assessment, regulator notification assessment where required, remediation, and post-incident review.
Can I Export My Data?
Regenemm is designed to support lawful and operationally safe access, export, correction, and retention-review processes. Some requests may need to be handled through the relevant healthcare provider, organisation, or clinical record holder.
How Does Regenemm Handle Deletion?
Deletion may be limited where information must be retained for clinical, legal, medicolegal, audit, security, or regulatory reasons. Regenemm is designed to support deletion or retention-review requests where lawful and operationally appropriate.
What Formal Assurance Does Regenemm Have?
Regenemm is building toward formal external assurance, including ISO/IEC 27001 alignment, ISO/IEC 42001 alignment, SOC 2 readiness, and healthcare-specific security and privacy controls.
Regenemm does not claim formal external assurance status until the relevant assessment is complete.
Does Regenemm Support Business Associate Agreements?
For eligible US healthcare deployments, Regenemm can support Business Associate Agreement discussions where the deployment involves HIPAA-regulated protected health information and the legal relationship requires it.
Does Regenemm Put Patient Information in Telemetry?
Regenemm's intended telemetry posture is to avoid identifiable patient information and clinical payloads in telemetry and analytics by default.
How Is the Edge Connector Secured?
The Edge Connector is designed as a secure ingestion layer that feeds approved data flows into Regenemm Voice. It should use secure connectivity, source attribution, ingestion audit, retention limits, and Hub-first routing.
How Are Agentic Assistants Governed?
Agentic assistants operate inside declared Care Graph Contracts. These define the workflow, permitted data access, permitted tools, human review requirements, release gates, escalation rules, and audit events.