Compliance Overview¶
HEMMS is built around the compliance burdens that fall on a Thai hospital's Biomedical Engineering (BME) department and the Materials & Supplies office. Most features in the roots_hemms_* layer exist because a regulator, accreditor, or auditor asks for evidence — and that evidence is painful to produce by hand.
This page is the index. Each linked page goes into the clauses, the mapping to shipped HEMMS features, and the gaps that are documented as roadmap items rather than hidden.
Wording matters
Compliance language here is deliberately careful. HEMMS supports, provides evidence for, or aligns with a standard. HEMMS does not certify, guarantee, or make a hospital compliant — that is the hospital's responsibility, and depends on how the system is configured, used, and supervised.
Coverage at a glance¶
| Standard | Region | HEMMS coverage | Reference |
|---|---|---|---|
| HA Thailand (มาตรฐานระบบบริการสุขภาพ ด้านที่ 6 ข้อ 6.1.4) | Thailand | ✅ Annual PM report shipped (Q5) | HA Thailand |
| ปจป. annual stock-check | Thai gov / กระทรวงการคลัง | ✅ Asset Inspection module | Asset Inspection |
| JCI (Joint Commission International) | Global | ⚠️ Partial — equipment-management process aligned, JCI-specific report not shipped | JCI |
| PDPA (Thailand Personal Data Protection Act) | Thailand | ✅ Inherited from Odoo + minimal PII surface in HEMMS | PDPA |
| IAS 16 (Property, Plant & Equipment) | Global accounting | ⚠️ Asset register present; depreciation/CapEx on the roadmap | IAS 16 |
How HEMMS produces compliance evidence¶
Every compliance regime in the table above is satisfied by combining three HEMMS primitives:
- The equipment register (
maintenance.equipment+ Layer 3 fields likeroots_criticality_color,roots_ha_risk_tier_source,current_condition) — the master list of what the hospital owns. - The activity stream (PM events from
roots_hemms_pm, repairs fromroots_hemms_workflow, contract coverage fromroots_hemms_service_contracts) — the time-series of what happened to each asset. - The signed artifact (HA Annual PM Report PDF, ปจป. Asset Inspection PDF, contract sign-off chatter attachments) — the immutable, e-signed evidence the surveyor or auditor reads.
See Architecture for the three-layer model that makes this composition possible.
What HEMMS deliberately does not do¶
To keep the scope honest:
- Patient data. HEMMS is an equipment system, not a clinical system. No EHR/EMR integration. No PHI under HIPAA or PDPA-clinical scope.
- Financial postings. HEMMS captures purchase cost on equipment records but does not post depreciation journal entries. Hospitals that need IAS 16 / TFRS 16 postings should pair HEMMS with Odoo Accounting and the Thai localization (roadmap, see IAS 16).
- Regulatory submission. HEMMS produces the PDF artifacts that surveyors and auditors expect, but does not submit anything to MoPH, HA, or any regulator on the hospital's behalf.
Cross-cutting controls¶
A few HEMMS features show up under every compliance regime:
| Control | Where it lives | Compliance benefit |
|---|---|---|
| Stage transition audit log | hemms.stage.transition.log (Q1 roots_hemms_workflow) | Who-did-what-when for every state change on every request |
| SHA-256 e-signature chain | sign_oca + roots_hemms_signature (Q4) | Tamper-evident sign-off on ปจป., HA, and service-contract PDFs |
| Lock-on-submit snapshot | hemms.ha.report (Q5), hemms.asset.inspection (Layer 3) | Surveyor reprints stay byte-identical even years later |
| Bilingual labels (TH + EN) | Most Layer 3 models | Surveyors who request a Thai PDF and auditors who need English both served |
| Mass-import provenance | hemms.import.batch (Q6) | Migration evidence: "this row came from spreadsheet X on date Y by user Z" |
Where to go next¶
- HA Thailand → — the deep dive most Thai hospitals open first
- ปจป. Asset Inspection → — the year-end stock-check module
- JCI → — Joint Commission International alignment + known gaps
- PDPA → — personal data handling inside HEMMS
- IAS 16 → — accounting standard alignment + depreciation roadmap