gramps/rustybeds
Public Access
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: add HIPAA-ready positioning for architecture and pitch

Browse Source 
- clarify BEDS is compliance-friendly architecture, not certification
- add healthcare/regulated deployment framing to visual brief
- document controls BEDS provides vs contract implementation responsibilities
- update wiki index description for regulated-deployment positioning
This commit is contained in:
Llama Chile Shop
2026-04-12 08:24:12 -07:00
parent 75163fb520
commit 118f265862
3 changed files with 61 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
wiki/11-beds-architecture-visual-brief.md
View File

@@ -111,6 +111,42 @@ This pattern supports both:
- Better compliance posture from centralized message handling
- Strong foundation for future AI-assisted data object generation
## HIPAA Contract Positioning
Use this framing in proposals and executive briefings:
- BEDS is not marketed as "HIPAA certified software"
- BEDS is an architecture baseline that makes HIPAA-ready implementations practical
- Compliance outcomes come from deployment controls, policy, and operations on top of BEDS
### Why BEDS Helps HIPAA Programs
- AMQP-first transport centralizes ingress, routing, and logging controls
- Template/class boundaries isolate domain data paths and reduce ad hoc access patterns
- Event lineage supports investigation and audit workflows with traceable parent/child chains
- Config-driven node roles support separation of duties and segmented runtime deployment
### What BEDS Provides vs What the Contract Team Must Provide
BEDS provides:
- Controlled transport path for data in transit
- Deterministic routing and broker-level operational guardrails
- Structured telemetry and lineage-ready diagnostics
- Layer boundaries that reduce accidental direct data access
Contract implementation must provide:
- Encryption at rest and key management practices
- TLS and identity policy enforcement in production
- Least-privilege access model and workforce controls
- Retention, backup, incident response, and evidence collection procedures
- BAA/legal governance and organizational compliance program artifacts
### One-Line Sales Statement
"BEDS gives healthcare and regulated teams a compliance-friendly architecture spine; HIPAA compliance is achieved by deploying that spine with required security and operational controls."
## Visual Blueprint (for Diagram or Image Generation)
Use this structure when creating architecture visuals: