Skip to content

Compliance Overview

HEMMS is built around the compliance burdens that fall on a Thai hospital's Biomedical Engineering (BME) department and the Materials & Supplies office. Most features in the roots_hemms_* layer exist because a regulator, accreditor, or auditor asks for evidence — and that evidence is painful to produce by hand.

This page is the index. Each linked page goes into the clauses, the mapping to shipped HEMMS features, and the gaps that are documented as roadmap items rather than hidden.

Wording matters

Compliance language here is deliberately careful. HEMMS supports, provides evidence for, or aligns with a standard. HEMMS does not certify, guarantee, or make a hospital compliant — that is the hospital's responsibility, and depends on how the system is configured, used, and supervised.

Coverage at a glance

Standard Region HEMMS coverage Reference
HA Thailand (มาตรฐานระบบบริการสุขภาพ ด้านที่ 6 ข้อ 6.1.4) Thailand ✅ Annual PM report shipped (Q5) HA Thailand
ปจป. annual stock-check Thai gov / กระทรวงการคลัง ✅ Asset Inspection module Asset Inspection
JCI (Joint Commission International) Global ⚠️ Partial — equipment-management process aligned, JCI-specific report not shipped JCI
PDPA (Thailand Personal Data Protection Act) Thailand ✅ Inherited from Odoo + minimal PII surface in HEMMS PDPA
IAS 16 (Property, Plant & Equipment) Global accounting ⚠️ Asset register present; depreciation/CapEx on the roadmap IAS 16

How HEMMS produces compliance evidence

Every compliance regime in the table above is satisfied by combining three HEMMS primitives:

  1. The equipment register (maintenance.equipment + Layer 3 fields like roots_criticality_color, roots_ha_risk_tier_source, current_condition) — the master list of what the hospital owns.
  2. The activity stream (PM events from roots_hemms_pm, repairs from roots_hemms_workflow, contract coverage from roots_hemms_service_contracts) — the time-series of what happened to each asset.
  3. The signed artifact (HA Annual PM Report PDF, ปจป. Asset Inspection PDF, contract sign-off chatter attachments) — the immutable, e-signed evidence the surveyor or auditor reads.

See Architecture for the three-layer model that makes this composition possible.

What HEMMS deliberately does not do

To keep the scope honest:

  • Patient data. HEMMS is an equipment system, not a clinical system. No EHR/EMR integration. No PHI under HIPAA or PDPA-clinical scope.
  • Financial postings. HEMMS captures purchase cost on equipment records but does not post depreciation journal entries. Hospitals that need IAS 16 / TFRS 16 postings should pair HEMMS with Odoo Accounting and the Thai localization (roadmap, see IAS 16).
  • Regulatory submission. HEMMS produces the PDF artifacts that surveyors and auditors expect, but does not submit anything to MoPH, HA, or any regulator on the hospital's behalf.

Cross-cutting controls

A few HEMMS features show up under every compliance regime:

Control Where it lives Compliance benefit
Stage transition audit log hemms.stage.transition.log (Q1 roots_hemms_workflow) Who-did-what-when for every state change on every request
SHA-256 e-signature chain sign_oca + roots_hemms_signature (Q4) Tamper-evident sign-off on ปจป., HA, and service-contract PDFs
Lock-on-submit snapshot hemms.ha.report (Q5), hemms.asset.inspection (Layer 3) Surveyor reprints stay byte-identical even years later
Bilingual labels (TH + EN) Most Layer 3 models Surveyors who request a Thai PDF and auditors who need English both served
Mass-import provenance hemms.import.batch (Q6) Migration evidence: "this row came from spreadsheet X on date Y by user Z"

Where to go next