HIPAA
Also known as: Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act (HIPAA) governs how Protected Health Information (PHI) is stored, transmitted, and accessed in the United States. The Privacy Rule defines what counts as PHI; the Security Rule mandates administrative, physical, and technical safeguards. TantraDev's HealthTech work treats HIPAA as architecture input from sprint one — encryption posture, audit logging, BAA scope, and minimum-necessary access all shape the design.
In production at TantraDev.
Concepts that travel with this one.
Architecture rarely lives in isolation — these are the terms that come up in the same conversation.
FHIR
Fast Healthcare Interoperability Resources (FHIR, pronounced 'fire') is HL7's standard for exchanging healthcare data over RESTful APIs. Each resource — Patient, Observation, Encounter, MedicationRequest — has a canonical schema and a stable URL pattern. FHIR is the interop layer for EHR integration; TantraDev defaults to FHIR R4 for new HealthTech builds and Bridge / proxy adapters where the legacy EHR speaks HL7 v2.
HealthTech
HealthTech is the engineering of clinical, administrative, and patient-facing healthcare software under HIPAA, FHIR, and (in India) DPDP constraints. Architectural pressure points are PHI handling, role-based access at the row level, immutable audit logs that survive a forensic review, and interop with legacy EHRs that often speak HL7 v2 over MLLP. The work is rarely greenfield — it is usually a careful integration around a payer or provider that cannot tolerate downtime.
GDPR
The General Data Protection Regulation (GDPR) is the European Union's data-protection law. The architectural levers it imposes are consent capture, data minimisation, the right to erasure, breach notification within 72 hours, and Data Protection Impact Assessments for high-risk processing. For TantraDev's clients serving EU users, GDPR shapes data residency, processor-controller contracts (DPAs), and the audit-logging granularity around personal data.
Building a system where HIPAA is the load-bearing decision?
30 minutes on the phone, one page in your inbox — what to build, what to skip, what it will cost. You keep the audit even if we are not the right fit.