Compliance Overview

Compliance Overview

Artifact dossier

Compliance Overview

v1.0.0

Copy permalinkPermalink copied

Artifact details

Permalink/clients/gerimedica/a/gerimedica-compliance-overview

Current snapshot/clients/gerimedica/a/gerimedica-compliance-overview/v/1.0.0

Artifact keygerimedica-compliance-overview

Version1.0.0

Published2026-03-24

Version history1 snapshot

• 1.0.02026-03-24

Provider-agnostic trust-boundary, data-handling, and isolation overview for Gerimedica.

Trust boundary

The Gerimedica deployment is designed around a simple boundary:

• the portal is a shared control plane
• each Gerimedica project gets a dedicated C2F project runtime
• the connector and the Gerimedica-managed agent are separate callers
• durable answers and UUID-to-patient mapping remain on the Gerimedica side

Data handling

Clinical text is processed transiently inside the dedicated project runtime.

What remains client-owned:

• patient identifiers
• UUID-to-patient mapping
• durable answer storage
• per-zorginstelling access control and RBAC

What remains C2F-owned inside the dedicated runtime:

• workbench state
• versioned index state
• project-scoped manifests and metadata
• search state derived from the active published version

Route surface

Connector routes:

• POST /v1/batches
• GET /v1/batches/{batch_id}

Gerimedica-managed agent routes:

• GET /v1/agent/tools
• POST /v1/agent/answers
• GET /v1/agent/index/search

Diagram

See the provider-agnostic trust-boundary view:

• Compliance Architecture

Deployment variants

The compliance model stays the same across provider choices. The provider-specific runtime layouts are documented separately:

• Scaleway Project Runtime
• Nebius Project Runtime
• Deployment Model Notes