Compliance-aware platforms for regulated domains — designed against PDPA, HIPAA, and Singapore healthcare practice from the first commit.
What we deliver
PDPA and HIPAA-aligned data flow design with encryption, audit logging, and consent workflows.
PostgreSQL row-level security (RLS) with tenant- and role-propagated policies — isolation enforced at the database, not just the application.
Field-level PII encryption via envelope encryption with AWS KMS — clinical names, NRICs, and diagnoses encrypted at rest with per-field keys, not just disk-level TDE.
Immutable audit-log infrastructure tracking every access, modification, and export of sensitive data — append-only / WORM storage, 6+ year retention.
Singapore-Gov integrations: Singpass / Corppass SSO, FormSG webhooks with HMAC-SHA256 verification, and IM8-aligned data-handling baselines.
Async clinical workflows on BullMQ / Redis — long-running tasks (HL7 ingest, eligibility computation, evidence packs) with idempotency and dead-letter handling.
LLM-assisted clinical features done safely — RAG grounded on clinical sources, abstain-on-uncertainty thresholds, and a clinician-in-the-loop review pattern for any patient-facing output.
Consent management and user data-request handling (access, correction, deletion) baked in.
Role-based access control (RBAC) and multi-tenant isolation at the schema level.
Security review and threat modelling with regulator-friendly documentation.
Controlled case-study references that maintain client confidentiality.
When this fits
You're handling personal health data in Singapore or Southeast Asia and need PDPA compliance from day one.
Your SaaS is entering regulated markets and procurement teams ask for audit-ready architecture.
You need structured data governance and retention policies, not an afterthought.
Proven in practice
Reference builds from our own work that exercise this capability end to end.
Healthcare — hospital medical affairs
Clinical Education Operations Platform
The problem
Multi-institution clinical education ran on spreadsheets and email — manual tutor matching, untracked teaching hours, and sensitive trainee documents processed by hand. None of it was auditable, and student data crossed institutional boundaries it shouldn’t.
What we built
A unified platform for a hospital group’s clinical-education operations — managing students, tutors, and teaching-hour billing across multiple institutions, with AI-assisted document processing and matchmaking.
▸Three-tier LLM orchestration (Claude Haiku / Sonnet / Opus) routed per task class, with per-request and per-institution daily cost ceilings enforced in Redis.
▸Six-stage document pipeline that tokenises Singapore NRICs before any AI call, then routes by confidence — auto-commit above 0.90, human review between 0.70 and 0.90, blocked below.
▸AI-assisted matchmaking and a clinical-curriculum RAG that retrieves then LLM-re-ranks learning objectives, with every model output schema-validated.
▸Per-institution row-level security enforced in Postgres via a per-request session GUC, isolating tenants at the database layer.
▸PII-masked, append-only audit logging — every payload redacted and tenant-scoped before it is written.