How to read this page
JamEMR is in pilot. Rather than a wall of badges, we publish a staged roadmap: what is in
place now, what comes next, and what comes later. We describe stages, not calendar dates —
we would rather move a milestone than miss a promised date quietly. Anything listed under
Next or Later is not done, and we will never present it as if it were.
Now — pilot-phase controls (in place today)
| Control | Status |
|---|
| Local clinical AI processing — PHI not sent to third-party consumer AI clouds | In place |
| Role-based access control with least-privilege roles | In place |
| Application-level audit logging (chart access, changes, ambient-note lifecycle) | In place |
| Registered, revocable API tokens for service-to-service calls | In place |
| TLS in transit; disk-level encryption at rest (per deployment) | In place |
| Versioned, reviewed database schema migrations | In place |
| Approval-gated privileged operational changes | In place |
| Designated Privacy Officer and Security Officer roles | In place |
| BAA executed before any PHI is handled | In place |
| Synthetic data only during pilots, until compliance prerequisites complete | In place |
| Milestone | Status |
|---|
| Formal HIPAA risk analysis refresh | In progress |
| Documented policy pack (security, privacy, incident response, access management) | In progress |
| Documented, tested backup-restore runbooks with defined recovery objectives | In development |
| Third-party penetration testing | Planned before general availability |
Later — examinations and expansion
| Milestone | Status |
|---|
| SOC 2 Type II examination | Planned — not started; JamEMR does not claim SOC 2 compliance |
| Formal, SLA-backed disaster-recovery commitments | In development — see Disaster Recovery |
| HL7 FHIR interoperability | Planned |
| Expanded certifications as customer requirements dictate | Under evaluation |
Our commitments about this roadmap
- We will not claim a certification, examination result, or test outcome before it exists.
- When a milestone completes, this page and the relevant Trust Center pages move it from
roadmap to “in place” — with substance, not just a status change.
- If a milestone slips or is re-scoped, we update this page rather than let it go stale.
Questions about where a specific milestone stands:
[email protected].