18 lines
828 B
Markdown
18 lines
828 B
Markdown
# IamBilly Backend: Technical Context & Specifications
|
|
|
|
## Security & Encryption
|
|
- **At Rest:** All PHI and Audio files must be encrypted with **AES-256 GCM**.
|
|
- **In Transit:** All API communication and file uploads must use **TLS 1.3**.
|
|
- **Audit Logs:** Immutable audit trail records for 7 years (per HIPAA).
|
|
|
|
## Connectivity & Retries
|
|
- **EMR Integration:** 3 retry attempts for connectivity (exponential backoff: 1s, 4s, 16s).
|
|
- **Athena/EMR Export:** 3 retry attempts for data push if the downstream API is unavailable.
|
|
- **Caching:**
|
|
- Patient data cached for 24 hours to mitigate EMR downtime.
|
|
- Clinical documents cached for 30 days for cross-session reference.
|
|
|
|
## Identity Management
|
|
- 15-minute global session idle timeout.
|
|
- Mandatory Multi-Factor Authentication (MFA) for Administrative and Supervisor roles.
|