Skip to content

Compliance Matrix

ApplicationProductionGitHub
Prod: 68a9c5b (Jul 14, 2026)

Public, browsable compliance & regulation matrix at compliance.datasafe.dev. Shows, for each regulatory requirement, how Health Data Safe is compliant — and what an implementer building on HDS must still do themselves.

Every requirement row answers three questions:

┌─ Pryv platform layer ──── inherited from pryv/compliance-matrix (open-pryv.io)
├─ HDS layer ────────────── what HDS-as-operator + the HDS app stack adds
└─ Implementer layer ────── what's still on the plate of whoever builds on HDS,
tagged by persona + which agreement(s) to sign

Coverage taxonomy per layer: implemented · configurable · facilitated · documented · out-of-scope.

  • HIPAA — Security (§164.308/310/312/314/316), Privacy (Subpart E), Breach
  • GDPR — full article coverage
  • Swiss nLPD
  • SOC 2 (drafted, parked pending Pryv’s upstream publication)

Plus downloadable agreement templates (BAA, subcontractor/subprocessor, DPA).

The data-subject access / portability rows (GDPR Art. 15/20, HIPAA §164.524, Swiss nLPD Art. 25/28) cite the Download My Data tool as the HDS-layer self-service path — a concrete example of an HDS-layer claim backed by a live, public implementation.

Static, dependency-free site (vanilla JS client-side filtering) generated by npm run site from the same YAML the validator reads. All rows are currently draft pending counsel review. Deployed to gh-pages via scripts/deploy.sh (manual, per HDS deploy policy).

Production (content draft). Site live 2026-06-17.