# IamBilly Backend: Technical Context & Specifications

## Security & Encryption
- **At Rest:** All PHI and Audio files must be encrypted with **AES-256 GCM**.
- **In Transit:** All API communication and file uploads must use **TLS 1.3**.
- **Audit Logs:** Immutable audit trail records for 7 years (per HIPAA).

## Connectivity & Retries
- **EMR Integration:** 3 retry attempts for connectivity (exponential backoff: 1s, 4s, 16s).
- **Athena/EMR Export:** 3 retry attempts for data push if the downstream API is unavailable.
- **Caching:** 
  - Patient data cached for 24 hours to mitigate EMR downtime.
  - Clinical documents cached for 30 days for cross-session reference.

## Identity Management
- 15-minute global session idle timeout.
- Mandatory Multi-Factor Authentication (MFA) for Administrative and Supervisor roles.