A HIPAA-compliant codebase that an auditor will accept on the first pass

HIPAA software readiness usually means months of consultant time, a $200K engagement, and a stack of documents that don't reference your actual code. Archiet generates the codebase and the HIPAA artifact pack from one blueprint — control matrix mapped to your architecture elements, BAA tracking listing every PHI-handling vendor, breach notification runbook scoped to §164.404–§164.410, and a `phi_access_policy.sql` migration that installs row-level PHI access logging at the database. The audit log itself is tamper-evident, append-only enforced via Postgres trigger, with a SHA-256 hash chain per workspace. The generated bundle is the evidence pack. Your compliance lead reviews instead of writes.

What lands in your output bundle

When the genome carries hipaa: true (or any phi: true field on a module), Archiet emits the HIPAA overlay artifact pack alongside the application code:

compliance/hipaa/
├── control_matrix.md              # 45 CFR §164.308/.310/.312 mapped to your architecture
├── baa_tracking.md                # every PHI-handling vendor with BAA status
├── breach_notification_runbook.md # §164.404–§164.410 incident timeline
└── phi_access_policy.sql          # row-level PHI access logging migration

app/security/
├── audit_writer.{stack-ext}       # append-only event emitter with hash chain
├── audit_reader.{stack-ext}       # replay API with attribution + chain verification
├── audit_pii_redactor.{stack-ext} # read-time redaction for non-admin readers
└── audit_siem_exporter.{stack-ext}# Splunk HEC / Datadog Logs / CloudWatch sink

alembic/versions/
└── NNNN_audit_events.py           # audit_events table + Postgres trigger blocking UPDATE/DELETE

The audit infrastructure ships across 12 stacks (Flask, FastAPI, Django, NestJS, Laravel, Rails, Go, Java, .NET, Salesforce Apex, SAP CAP, Dynamics 365). Each emits the writer / reader / redactor / SIEM exporter in the language native to your stack — not a Python sidecar.

What's already wired

Append-only enforced at the database. Generated migrations install a Postgres trigger that raises on UPDATE or DELETE of audit_events. Tampering is impossible at the application layer because the database itself rejects mutation. Auditors verify by attempting the mutation and showing the rejection.
SHA-256 hash chain per workspace. Every event is hashed with the previous event's hash. The reader verifies the chain on load and surfaces tamper_detected: true if any link breaks. Per-workspace sequence numbers keep tenants isolated.
PHI access logging at row level. The phi_access_policy.sql migration emits a Postgres function + trigger that writes to audit_events whenever any role accesses a row containing PHI. The PHI fields themselves are identified by the phi: true metadata in your blueprint.
PII redaction at read time. Fields flagged pii: true in the event payload are redacted to ***REDACTED*** for non-admin readers. Admins see the full payload, and the read itself is audited.
Replay API. POST /api/audit/replay reconstructs entity state at any past timestamp by replaying the event stream. Forensic investigation without restoring backups — useful for OCR breach inquiries and patient-access requests.
SIEM export. Periodic batch export to Splunk HEC, Datadog Logs, or CloudWatch Logs with idempotent per-(workspace, sink) cursor — restart safely after any failure with no duplicates.
Per-tenant scope on every query. workspace_id is on every event row, and every read query is scoped to it. The architecture forbids cross-tenant audit reads even for admins.

What HIPAA documents you don't have to write

DPIA — docs/compliance/dpia.md populated from your blueprint, with PHI fields enumerated and lawful-basis pre-classified.
Security risk assessment skeleton — docs/compliance/hipaa/control_matrix.md lists every safeguard from §164.308/.310/.312 mapped to the specific architecture elements that satisfy it.
Vendor BAA tracking — compliance/hipaa/baa_tracking.md lists every integration whose data_handled is phi, with BAA status placeholders for the legal team to fill in.
Breach notification runbook — compliance/hipaa/breach_notification_runbook.md covers the §164.404–§164.410 timeline (60-day notification, 500-affected threshold, OCR submission).

Stacks supported

Flask · FastAPI · Django · NestJS · Laravel · Rails · Go · Java (Spring) · .NET · Salesforce Apex · SAP CAP · Dynamics 365.

The HIPAA overlay artifacts (markdown + SQL) ship the same regardless of stack. The audit infrastructure code is generated in your stack's native language so there's no Python-sidecar contamination.

Pricing

HIPAA artifact pack + audit infrastructure ship on the Professional plan ($599/mo, $419/mo annual). Multi-region IaC (for HIPAA architectures that need cross-region failover under §164.308(a)(7)) ships on Team ($1,499/mo). Strict-mode HIPAA / FedRAMP / SOC 2 Type II compliance flags ship on Enterprise.

See the audit infrastructure feature page for the technical detail of the audit log generator.
See the healthcare industry page for the full healthcare-vertical positioning.
See the compliance frameworks page for what every overlay (HIPAA, PCI-DSS, SOC 2, GDPR) ships in your bundle.

A HIPAA-compliant codebase that an auditor will accept on the first pass

What lands in your output bundle

When the genome carries hipaa: true (or any phi: true field on a module), Archiet emits the HIPAA overlay artifact pack alongside the application code:

compliance/hipaa/ ├── control_matrix.md # 45 CFR §164.308/.310/.312 mapped to your architecture ├── baa_tracking.md # every PHI-handling vendor with BAA status ├── breach_notification_runbook.md # §164.404–§164.410 incident timeline └── phi_access_policy.sql # row-level PHI access logging migration app/security/ ├── audit_writer.{stack-ext} # append-only event emitter with hash chain ├── audit_reader.{stack-ext} # replay API with attribution + chain verification ├── audit_pii_redactor.{stack-ext} # read-time redaction for non-admin readers └── audit_siem_exporter.{stack-ext}# Splunk HEC / Datadog Logs / CloudWatch sink alembic/versions/ └── NNNN_audit_events.py # audit_events table + Postgres trigger blocking UPDATE/DELETE

What's already wired

Append-only enforced at the database. Generated migrations install a Postgres trigger that raises on UPDATE or DELETE of audit_events. Tampering is impossible at the application layer because the database itself rejects mutation. Auditors verify by attempting the mutation and showing the rejection.

SHA-256 hash chain per workspace. Every event is hashed with the previous event's hash. The reader verifies the chain on load and surfaces tamper_detected: true if any link breaks. Per-workspace sequence numbers keep tenants isolated.

PHI access logging at row level. The phi_access_policy.sql migration emits a Postgres function + trigger that writes to audit_events whenever any role accesses a row containing PHI. The PHI fields themselves are identified by the phi: true metadata in your blueprint.

PII redaction at read time. Fields flagged pii: true in the event payload are redacted to ***REDACTED*** for non-admin readers. Admins see the full payload, and the read itself is audited.

Replay API. POST /api/audit/replay reconstructs entity state at any past timestamp by replaying the event stream. Forensic investigation without restoring backups — useful for OCR breach inquiries and patient-access requests.

SIEM export. Periodic batch export to Splunk HEC, Datadog Logs, or CloudWatch Logs with idempotent per-(workspace, sink) cursor — restart safely after any failure with no duplicates.

Per-tenant scope on every query. workspace_id is on every event row, and every read query is scoped to it. The architecture forbids cross-tenant audit reads even for admins.

What HIPAA documents you don't have to write

DPIA — docs/compliance/dpia.md populated from your blueprint, with PHI fields enumerated and lawful-basis pre-classified.

Security risk assessment skeleton — docs/compliance/hipaa/control_matrix.md lists every safeguard from §164.308/.310/.312 mapped to the specific architecture elements that satisfy it.

Vendor BAA tracking — compliance/hipaa/baa_tracking.md lists every integration whose data_handled is phi, with BAA status placeholders for the legal team to fill in.

Breach notification runbook — compliance/hipaa/breach_notification_runbook.md covers the §164.404–§164.410 timeline (60-day notification, 500-affected threshold, OCR submission).

Stacks supported

Flask · FastAPI · Django · NestJS · Laravel · Rails · Go · Java (Spring) · .NET · Salesforce Apex · SAP CAP · Dynamics 365.

The HIPAA overlay artifacts (markdown + SQL) ship the same regardless of stack. The audit infrastructure code is generated in your stack's native language so there's no Python-sidecar contamination.

Pricing

A HIPAA-compliant codebase that an auditor will accept on the first pass

What lands in your output bundle

What's already wired

What HIPAA documents you don't have to write

Stacks supported

Pricing

Related

Generate the codebase.

A HIPAA-compliant codebase that an auditor will accept on the first pass

What lands in your output bundle

What's already wired

What HIPAA documents you don't have to write

Stacks supported

Pricing

Related

Generate the codebase.