Skip to main content
JamEMR

Trust Center

Compliance Roadmap

A staged, honest view of JamEMR's compliance program — pilot-phase controls in place now; formal policy pack, risk analysis, and penetration testing next; SOC 2 Type II and expanded certifications later.

How to read this page

JamEMR is in pilot. Rather than a wall of badges, we publish a staged roadmap: what is in place now, what comes next, and what comes later. We describe stages, not calendar dates — we would rather move a milestone than miss a promised date quietly. Anything listed under Next or Later is not done, and we will never present it as if it were.

Now — pilot-phase controls (in place today)

ControlStatus
Local clinical AI processing — PHI not sent to third-party consumer AI cloudsIn place
Role-based access control with least-privilege rolesIn place
Application-level audit logging (chart access, changes, ambient-note lifecycle)In place
Registered, revocable API tokens for service-to-service callsIn place
TLS in transit; disk-level encryption at rest (per deployment)In place
Versioned, reviewed database schema migrationsIn place
Approval-gated privileged operational changesIn place
Designated Privacy Officer and Security Officer rolesIn place
BAA executed before any PHI is handledIn place
Synthetic data only during pilots, until compliance prerequisites completeIn place

Next — formalization (in progress or planned before general availability)

MilestoneStatus
Formal HIPAA risk analysis refreshIn progress
Documented policy pack (security, privacy, incident response, access management)In progress
Documented, tested backup-restore runbooks with defined recovery objectivesIn development
Third-party penetration testingPlanned before general availability

Later — examinations and expansion

MilestoneStatus
SOC 2 Type II examinationPlanned — not started; JamEMR does not claim SOC 2 compliance
Formal, SLA-backed disaster-recovery commitmentsIn development — see Disaster Recovery
HL7 FHIR interoperabilityPlanned
Expanded certifications as customer requirements dictateUnder evaluation

Our commitments about this roadmap

  • We will not claim a certification, examination result, or test outcome before it exists.
  • When a milestone completes, this page and the relevant Trust Center pages move it from roadmap to “in place” — with substance, not just a status change.
  • If a milestone slips or is re-scoped, we update this page rather than let it go stale.

Questions about where a specific milestone stands: [email protected].

← Trust Center