Skip to content

Compliance Posture

OpenMed provides evidence for local validation: audit reports, leakage metrics, residual-risk scores, reproducible benchmark runs, and policy-profile outputs. OpenMed does not self-certify compliance. Users validate against their own data, jurisdiction, deployment controls, and counsel.

No de-identification tool can guarantee compliance or zero residual risk. Validate locally before any production or clinical use.

If you find a case where identifiers leak — a redaction bypass — treat it as a security issue and report it privately through the Security & Disclosure policy, never as a public issue, and without including real patient data.

Framework Split

Framework What OpenMed supplies What the user still owns
HIPAA Safe Harbor (policy="hipaa_safe_harbor") Profile mapping CANONICAL_LABELS to the 18 identifier classes, many-to-one; per-class leakage metrics; audit trail. Confirming all 18 classes for their data; the "no actual knowledge" judgment.
HIPAA Expert Determination (policy="hipaa_expert_review_assist") Reproducible leakage/residual-risk and adversarial re-id results as documentation. Engaging a qualified expert; the determination.
GDPR pseudonymization (policy="gdpr_pseudonymization") Reversible replace with separable key mapping; deterministic surrogates; transform audit. Key custody, re-id governance, lawful basis, DPIA.
EU AI Act high-risk Logging through audit reports, documentation through cards, human oversight through review bundles, robustness through harness and golden suites, and cybersecurity through signing, local-only execution, and no raw logging. Conformity assessment, registration, and deployment obligations.
  • Audit reports provide deterministic span provenance, residual-risk snapshots, manifest hashes, and optional signatures for de-identification runs.
  • Leakage metrics are emitted in BenchmarkReport output for reproducible benchmark runs.
  • Residual re-identification risk reports leakage and auxiliary linkage risk for text or table records.
  • Policy profiles capture the canonical policy literals and default action posture used by the runtime.

Policy Literals

Use these exact literals in docs, examples, and deployment configuration:

Literal Posture Default action bias Arbitration mode
hipaa_safe_harbor Redact all 18 HIPAA identifiers, no exceptions. remove/mask High-recall union; safety sweep mandatory; residual-risk ~0.
hipaa_expert_review_assist Flag + surrogate, leave clinical content; produce expert-review audit. replace surrogates Balanced, with reviewer escalation on low confidence.
gdpr_pseudonymization Reversible pseudonyms, mapping retained under key. replace + reversible_id Balanced; keep_mapping=True; HMAC reversible IDs.