Evidence-Based Engineering
Quantified proof that HDIM is production-grade healthcare software. Every claim backed by tests, metrics, and compliance artifacts.
Phase 6 modernized the test infrastructure with event-driven synchronization and multi-core parallelization. Phase 7 added parallel CI workflows with intelligent change detection.
| Mode | Duration | Scope | Use When |
|---|---|---|---|
testUnit | 30-45s | Unit tests only | Active development |
testFast | 1.5-2 min | Unit + fast integration | Before commit |
testIntegration | 1.5-2 min | Integration tests | API/service changes |
testSlow | 3-5 min | Heavyweight validation | Rare scenarios |
testAll | 10-15 min | All 613+ tests | Before merge (required) |
testParallel | 5-8 min | All tests, max cores | Powerful machines |
Every compliance control is mapped to specific ADRs, code implementations, and test suites. No claims without proof.
| HIPAA Section | Control | Implementation | ADR |
|---|---|---|---|
| §164.312(a)(1) | Access Control | Multi-tenant isolation, RBAC, @PreAuthorize | ADR-009 |
| §164.312(a)(2)(iii) | Automatic Logoff | 15-min session timeout with audit logging | ADR-010 |
| §164.312(a)(2)(iv) | Encryption | AES-256-GCM for secrets, TLS in transit | ADR-0001 |
| §164.312(b) | Audit Controls | 100% HTTP audit interceptor, event sourcing | ADR-001 |
| §164.312(d) | Authentication | Gateway trust, JWT, trusted headers | ADR-007 |
| §164.312(e)(1) | Transmission Security | TLS everywhere, no plaintext PHI | ADR-007 |
| §164.530(j) | Retention | PHI cache TTL ≤ 5 min, no-store headers | ADR-010 |
Use this validation view as the starting point, then review the live operating story in a walkthrough.
Buyers who want to go deeper can pair this dashboard with the evidence room and live demo. That keeps architecture, validation, and operating experience in one review flow.