TransTrack is designed and built to meet the requirements of major healthcare regulatory bodies. This document outlines the compliance features implemented in the application.
-
Data Encryption
- All patient data is stored in an encrypted SQLite database
- AES-256 encryption for data at rest
- Encryption keys are stored separately from data
- No unencrypted PHI (Protected Health Information) written to disk
-
Access Controls
- Role-based access control (RBAC) with admin, user, and viewer roles
- Secure authentication with bcrypt password hashing (12 rounds)
- Session-based authentication with automatic timeout
- Unique user identification for all system access
-
Audit Controls
- Complete audit trail for all data access and modifications
- Audit logs are immutable (cannot be modified or deleted)
- Audit entries include: user, action, timestamp, affected records
- Logs retained for minimum 6 years per HIPAA requirements
-
Transmission Security
- No data transmitted over network in offline mode
- All operations performed locally on encrypted database
- CSP (Content Security Policy) headers prevent external data transmission
-
User Management
- Only administrators can create/modify user accounts
- Password requirements enforced
- Account lockout after failed attempts
- Regular access review capabilities
-
Backup and Recovery
- Built-in database backup functionality
- Encrypted backup files
- Point-in-time recovery support
-
System Validation
- Documented software development lifecycle
- Validation testing procedures
- Change control documentation
-
Record Integrity
- Immutable audit trails
- Timestamp verification for all records
- Record versioning and history
-
Access Controls
- User authentication required for all operations
- Role-based permissions
- Session management
-
Audit Trail
- Computer-generated audit trail
- Independently recorded date/time stamps
- Operator identification
- Previously recorded data preserved
-
Electronic Signatures
- Unique to individual users
- Cannot be reused or reassigned
- Linked to electronic records
-
System Documentation
- Source code documentation
- System architecture documentation
- User documentation
-
Operational Controls
- System procedures documentation
- Training records
- Maintenance logs
-
Donor Identification
- Unique donor identification numbers
- Complete donor demographic tracking
- Donor consent documentation support
-
Donor Screening
- Medical history tracking
- Laboratory result storage
- Risk assessment documentation
-
Traceability
- Complete chain of custody
- Donor to recipient tracking
- Outcome tracking capabilities
-
Waitlist Management
- Priority scoring algorithms
- Status tracking
- Outcome documentation
-
Matching Documentation
- Compatibility assessments
- Match decision documentation
- Allocation tracking
-
Medical Urgency Scoring
- MELD score integration for liver
- LAS score integration for lung
- Customizable weighting algorithms
-
Time on Waitlist
- Accurate date tracking
- Time-based priority adjustments
-
Compatibility Factors
- Blood type matching
- HLA typing support
- Size matching
- Decision Documentation
- All allocation decisions logged
- Priority score breakdowns available
- Match rationale documented
TransTrack includes a Readiness Barriers feature designed for operational workflow visibility only. This feature is:
- NON-CLINICAL: Does not contain diagnoses, medical opinions, or clinical assessments
- NON-ALLOCATIVE: Does not affect organ allocation decisions
- Operational Only: Supports care team coordination and workflow management
IMPORTANT: This feature does NOT perform allocation decisions, listing authority functions, or replace UNOS/OPTN systems.
The following non-clinical barrier types are tracked:
| Barrier Type | Description | Example Use |
|---|---|---|
| Pending Testing | Testing appointments need scheduling | "Lab work scheduled for next week" |
| Insurance Clearance | Insurance authorization status | "Pre-auth in progress" |
| Transportation Plan | Post-surgery transportation logistics | "Transportation arranged" |
| Caregiver Support | Support partner availability | "Caregiver confirmed" |
| Housing/Distance | Housing or distance-related logistics | "Temporary housing secured" |
| Psychosocial Follow-up | Scheduling flag only (no clinical detail) | "Follow-up scheduled" |
| Financial Clearance | Financial assistance or payment plans | "Payment plan established" |
| Other Non-Clinical | Other administrative barriers | Custom operational notes |
-
Data Minimization
- Notes field limited to 255 characters
- No free-text clinical narratives allowed
- Structured dropdown selections only
- No diagnoses or medical opinions stored
-
Audit Trail
- All barrier changes logged with user attribution
- Create, update, resolve, and delete actions tracked
- Immutable audit history for regulatory review
- Timestamp and user identification on all actions
-
Role-Based Access
- Owning role assignment for accountability
- Access justification may be required for sensitive operations
- Audit logs track all barrier access
-
Non-Clinical Designation
- Clear UI labeling as "Non-Clinical"
- Disclaimer displayed on all barrier views
- Barrier data separated from clinical records
- No integration with allocation algorithms
| Field | Description |
|---|---|
| action | create, update, resolve, delete |
| entity_type | ReadinessBarrier |
| entity_id | Barrier UUID |
| patient_name | Associated patient |
| details | JSON with barrier_type, status, changes |
| user_email | User who performed action |
| created_date | Timestamp |
- HIPAA: Audit trail meets minimum necessary standard
- FDA 21 CFR Part 11: Immutable records with electronic signatures
- UNOS/OPTN: Explicitly non-allocative (does not affect organ allocation)
TransTrack includes an aHHQ Tracking feature designed for operational documentation tracking only. This feature answers:
- Is the aHHQ present?
- Is it complete?
- Is it current?
- Is it approaching expiration?
- Is follow-up required?
This feature is:
- NON-CLINICAL: Does not store medical narratives, diagnoses, or clinical interpretations
- NON-ALLOCATIVE: Does not affect organ allocation decisions
- Documentation-Focused: Tracks questionnaire status as a time-bound evaluation artifact
- Operational Only: Supports documentation compliance and workflow management
IMPORTANT: This feature does NOT store actual health history content. It only tracks the status of the questionnaire documentation.
| Status | Description |
|---|---|
| Complete | aHHQ is fully completed and current |
| Incomplete | aHHQ has missing sections or information |
| Pending Update | aHHQ requires review and update |
| Expired | aHHQ has exceeded its validity period |
| Issue Type | Description |
|---|---|
| Missing Sections | One or more required sections are incomplete |
| Outdated Information | Information needs to be reviewed and updated |
| Follow-up Required | Additional documentation or follow-up is needed |
| Documentation Pending | Supporting documentation has been requested |
| Signature Required | Patient or provider signature is needed |
| Verification Needed | Information requires verification |
-
Data Minimization
- Notes field limited to 255 characters
- No clinical narratives allowed
- Only tracks status, not content
- No medical opinions or interpretations stored
-
Expiration Tracking
- Configurable validity period (default 365 days)
- Warning at 30 days before expiration
- Automatic expired status detection
- Contributes to operational risk indicators
-
Audit Trail
- All aHHQ status changes logged with user attribution
- Create, update, complete, and delete actions tracked
- Immutable audit history for regulatory review
- Timestamp and user identification on all actions
-
Role-Based Access
- Owning role assignment for accountability
- Access justification may be required
- Audit logs track all aHHQ access
-
Non-Clinical Designation
- Clear UI labeling as "Non-Clinical" / "Operational Documentation"
- Disclaimer displayed on all aHHQ views
- aHHQ tracking separated from clinical records
- No integration with allocation algorithms
| Field | Description |
|---|---|
| action | create, update, complete, follow_up_required, delete |
| entity_type | AdultHealthHistoryQuestionnaire |
| entity_id | aHHQ UUID |
| patient_id | Associated patient ID |
| details | JSON with status, changes, expiration_date |
| user_email | User who performed action |
| created_date | Timestamp |
- HIPAA: Minimum necessary standard (no clinical content stored)
- FDA 21 CFR Part 11: Immutable records with electronic signatures
- UNOS/OPTN: Explicitly non-allocative (does not affect organ allocation)
- Documentation Compliance: Supports evaluation artifact tracking
┌─────────────────────────────────────────────┐
│ TransTrack Application │
├─────────────────────────────────────────────┤
│ ┌─────────────────────────────────────┐ │
│ │ Electron Main Process │ │
│ │ ┌─────────────────────────────┐ │ │
│ │ │ SQLite Database (Local) │ │ │
│ │ │ - AES-256 Encryption │ │ │
│ │ │ - WAL Mode │ │ │
│ │ │ - Foreign Key Integrity │ │ │
│ │ └─────────────────────────────┘ │ │
│ └─────────────────────────────────────┘ │
│ ↑ │
│ IPC (Secure) │
│ ↓ │
│ ┌─────────────────────────────────────┐ │
│ │ Electron Renderer Process │ │
│ │ (React Application - Sandboxed) │ │
│ └─────────────────────────────────────┘ │
└─────────────────────────────────────────────┘
| Field | Description |
|---|---|
| id | Unique identifier |
| action | Type of action (create, read, update, delete, login, export) |
| entity_type | Type of record affected |
| entity_id | ID of record affected |
| patient_name | Patient identifier (for PHI access tracking) |
| details | Description of action |
| user_email | User who performed action |
| user_role | Role of user |
| created_date | Timestamp of action |
| Role | Patients | Donors | Matches | Reports | Settings | Audit Logs |
|---|---|---|---|---|---|---|
| Admin | Full | Full | Full | Full | Full | Read |
| User | Full | Full | Full | Read | None | None |
| Viewer | Read | Read | Read | Read | None | None |
- System validation completed
- User access procedures documented
- Backup procedures documented
- Training materials prepared
- Security assessment completed
- Regular access reviews (quarterly)
- Audit log reviews (monthly)
- Backup verification (weekly)
- Security updates applied (as released)
- User training current (annual)
For compliance questions or to report issues:
FDA Medical Device Reporting: 1-800-FDA-1088 HHS OCR (HIPAA): https://www.hhs.gov/hipaa/ AATB: https://www.aatb.org/
| Version | Date | Changes |
|---|---|---|
| 1.0.0 | 2026-01-23 | Initial release |
This document is part of the TransTrack regulatory compliance package. For full validation documentation, contact TransTrack Medical Software.