Healthcare + life sciences — regulator-aligned by default.
GDPR Article 9 (special-category data) baseline with HIPAA-equivalent controls for cross-Atlantic programmes. NHS DSP Toolkit Standards Met submission, FDA 21 CFR Part 11 audit trail, EU MDR 2017/745 compatibility for medical-device adjacent flows. Customer-cloud (DM.02) for most engagements; DM.04 confidential compute for multi-party clinical research.
Health-data deployments fail more often on data-residency and regulator hand-off than on technology. FlyttGo ships per-region data residency at the audit-envelope level, GDPR Article 28 DPA pre-signed with Article 9 addendum, and a regulator-friendly export pack — so the integrator can focus on clinical workflow, not procurement plumbing.
6 frameworks pre-mapped to the platform.
- VT.HC.RG.01
GDPR Article 9 + Article 28
European UnionSpecial-category personal-data processing terms; pre-signed DPA with Article 9 addendum and EU SCCs (2021/914) for any restricted transfer.
- VT.HC.RG.02
HIPAA + HITECH
United StatesBusiness Associate Agreement (BAA) available; HIPAA Security Rule baseline mapped through audit envelope + Identra access controls.
- VT.HC.RG.03
NHS DSP Toolkit
United Kingdom · NHSStandards Met submission for the Civitas + EduPro surfaces deployed into NHS-adjacent programmes.
- VT.HC.RG.04
FDA 21 CFR Part 11
United States · FDAElectronic records + electronic signatures. Append-only audit_log + Identra qualified signatures land Part 11 compatibility for clinical trial workflow.
- VT.HC.RG.05
EU MDR 2017/745
European UnionMedical Device Regulation interoperability for device-adjacent flows. FlyttGo platform itself is not a medical device; integrators using it for software-as-medical-device need a separate notified-body assessment.
- VT.HC.RG.06
ISO 27799 (health informatics)
InternationalInformation security management for health informatics. Aligned via the platform-level ISO 27001 ISMS.
- Identra · Identity
Patient + clinician identity with eIDAS LoA-substantial; FIDO2 / WebAuthn for clinician auth on regulated workstations.
- Civitas · Government Services
Citizen-health-services applications with NHS DSP Toolkit-aligned deployment.
- EduPro · Education
Continuing medical education + clinical training cohort analytics with differential-privacy aggregation.
- Workverge · Workforce
Clinician shift coordination with EWTD + sector-specific labour-law constraints.
- Payvera · Payments
Regulated patient-pay flows; HIPAA-aware tokenisation for card-on-file workflows.
4 risks named, with mitigation.
- VT.HC.RK.01
Cross-border patient data
EU patients + US-resident infrastructure is a non-starter under GDPR. FlyttGo enforces region-pinned data residency at the audit envelope; cross-border transfers gated by DPA + SCCs.
- VT.HC.RK.02
Clinical research multi-party
Multi-hospital data unions need to compute without any party seeing the others. DM.04 confidential compute + optional homomorphic-encryption analytics enable this without changing the clinical workflow.
- VT.HC.RK.03
Regulator hand-off
Health regulator audit windows compress timelines. FlyttGo audit envelope exports a regulator-friendly archive (signed manifest + chain-of-custody) on demand; integrators add the clinical-evidence layer.
- VT.HC.RK.04
Software-as-medical-device boundary
FlyttGo is not a medical device. Integrators building SaMD on top need a separate notified-body assessment; FlyttGo provides the audit envelope and identity stack the SaMD assembly needs.
- NHS Shared Business Services framework
- EU Health Data Space (EHDS) compatible procurement
- CCS G-Cloud 14 Cloud Software lot
- Hospital Trust direct engagement with NHS DSP Toolkit Standards Met evidence
Open a programme on this vertical's terms.
Consultation routed to the desk handling healthcare + life sciences programmes. DM.02 substrate, L.05 tier and the regulatory framework matrix above presented at intake — scoping starts at SE.D2, not at framework discovery.