Clinical-Grade Infrastructure · v2.0

Medical Safety
Engineered
to Standard

SafeMedAI is a domain-driven healthcare compliance platform — combining blameless error reporting, AI-powered root cause analysis, anonymous patient feedback, and continuity of care into a single, audit-proof system built for O'zbekiston tibbiyoti.

WHO / JCI Aligned SHA-256 IP Anonymization Immutable Audit Trail Trilingual (UZ / RU / EN)
risk_engine.py — safemedai
# Multi-signal risk score formula
def compute_risk(dept_id):
return (
0.45 × report_score # error severity
+ 0.30 × feedback_score # patient signals
+ 0.25 × continuity_score # SLA compliance
)
Department Risk Scores LIVE
Cardiology
23
Emergency
67
Surgery
41
Oncology
18
3
Hot Spots
12
Active RCA
98.3%
SLA Rate
5
Core Modules
5
RBAC Roles
3
Languages
0%
Hard Deletes
4
AI Engines
11
Audit Actions
27+
API Endpoints
24h
Critical SLA

Core Architecture

Five Pillars of
Clinical Excellence

Every design decision traces back to a single constraint: medical systems demand correctness before convenience.

Pillar 01

Architecture Quality

Domain-Driven Design — each app is a bounded context. Business logic never bleeds into views. HTTP is just transport.

Pattern
Service Layer
Views delegate 100% to services
Status Flow
Strict State Machine
Invalid transitions → 422
Deletion
Soft Delete Only
Dual manager: objects / all_objects
Audit
Append-Only Trail
save() blocks existing records

Pillar 02

Security & Compliance

RBAC — 5-Role Hierarchy
system_admin ↓ family_doctor cascade
SHA-256 IP Anonymization
Raw IPs never persisted. Salt + hash.
JWT Token Rotation
Blacklisted on refresh. Zero replay risk.
Anti-Spam Engine
3/10min rate-limit + 5min dupe lock
MIME File Validation
UUID filenames. 10 MB cap. No traversal.

Pillar 03

Medical Domain Integration

BLAMELESS REPORTING
WHO/JCI aligned. Anonymous mode. No fear culture. 8 error types.
5 WHYS + FISHBONE
Sequential enforcement. 6 Ishikawa categories. Cycle-safe tree.
QR ANONYMOUS FEEDBACK
Per-room QR token. No login required. Anti-spam protected.
SLA ENFORCEMENT
Critical=24h · High=48h · Medium=72h · Low=120h

Pillar 04

AI & Analytics Engine

Four independent, pluggable engines — each with a stable typed interface. Swap keyword-based sentiment for an ML model tomorrow without touching a single consumer.

01
Sentiment Engine
Trilingual keyword scoring. 60% rating + 40% text weight. Returns label + confidence.
02
Pattern Engine
SQL aggregation finds error clusters (≥3 same type) and low-rating service patterns.
03
Risk Engine
Multi-signal 0-100 score: 45% reports + 30% feedback + 25% continuity per dept.
04
Correlation Engine
Finds feedback↔error co-occurrence. Log-scaled strength score reveals shared root causes.

Pillar 05

Scalability & Code Quality

API-first from day one. OpenAPI 3.0 auto-generated. Frontend, mobile app, or third-party system can connect without backend coordination.

Feature Flags for all channels
DRF + Swagger / OpenAPI 3.0
Composite DB indexing
Fully modular app boundaries
i18n ready — UZ, RU, EN
Consistent BaseModel pattern
REST API — /api/v1/
POST /auth/login/ JWT
GET /ai/risk-scores/ Admin
GET /rca/cases/<uuid>/full-analysis/ Commission
POST /feedback/submit/ Public
PATCH /rca/cases/<uuid>/status/ StateMachine
GET /audit/ SystemAdmin

Root Cause Analysis

Clinically Rigorous
Workflow Enforcement

01
OPEN
Error report submitted. RCA case created from report. Commission assigned. Investigation period begins.
02
IN_ANALYSIS
5 Whys entered sequentially (no skipping). Fishbone nodes constructed. Corrective and preventive actions assigned with due dates.
03
UNDER_REVIEW
Hospital admin reviews full analysis. Can reject back to IN_ANALYSIS if findings are incomplete. Every transition is audit-logged.
04
APPROVED → CLOSED
Final approval with timestamp and approver ID. Case sealed. Corrective actions tracked to completion. Full export available.
Fishbone (Ishikawa) — 6 Cause Categories
Root Cause Identified
HUMAN
Staff training gap in medication verification protocol
PROCESS
Handover checklist skipped during night transitions
EQUIPMENT
Scanner firmware outdated — false confirmations logged
MANAGEMENT
SOP revision cycle exceeded 18-month policy threshold
ENVIRONMENT
ICU lighting insufficient for label verification at night
MATERIAL
Supplier packaging — 3 near-identical vials in same tray

Anonymous Patient Feedback

8-Step Submission Pipeline
Privacy by Default

🔐
IP HASH
SHA-256 anonymized
RATE LIMIT
3 / 10min / IP
🔢
NORMALIZE
Comment hashed
🔍
DUPLICATE
5min block window
💾
SAVE
Feedback persisted
🧠
SENTIMENT
AI engine tags
🚨
ALERT
Rating ≤2 fires
📝
AUDIT
Immutable write

Trilingual Sentiment Engine

Keyword scoring across three languages. Rating carries 60% weight; text carries 40%. Returns a typed result with a confidence score.

UZ ajoyib · yaxshi · yomon · dahshatli
RU отлично · хорошо · плохо · ужасно
EN excellent · good · bad · terrible
POSITIVE
0.92
"Shifokor juda yaxshi va e'tiborli edi. Navbat ham tez o'tdi."
92% confidence
NEGATIVE
0.87
"Очень долгое ожидание. Персонал был груб и невнимателен."
87% conf · alert triggered

Continuity of Care

Bridges the discharge-to-home gap. Auto-assigns the least-loaded family doctor by region. Tracks vital signs per visit. No patient falls through the system.

CRITICAL
24h SLA
HIGH
48h SLA
MEDIUM
72h SLA
LOW
120h SLA
Vital signs tracked: BP · Heart Rate · Blood Sugar · Temperature · SpO2

Smart Notification System

DB-backed, Redis-free. 7 typed alert categories with delivery tracking, retry logic, and per-message error capture.

REPORT_ALERT
Critical-risk error in Surgery dept.
now
RCA_STATUS
Case #A-2847 → UNDER_REVIEW
2m
SLA_REMINDER
Patient Abdullayev: 24h remaining
14m
SLA_ESCALATION
Overdue task escalated to admin
1h
IN-APP
LIVE
EMAIL
SOON
SMS
SOON
TG
SOON
PUSH
SOON

Compliance Core

Immutable
Audit Trail

11 action types. Field-level JSON diff on every mutation. IP context on every write. No one — including system admins — can delete an audit record. save() raises an error on existing records. Append-only by design.

createupdate deletelogin logoutlogin_failed exportstatus_change permission_changefile_upload file_access
AuditLog — append-only · save() blocks updates
timestamp 2026-07-08T09:14:33+05:00
action STATUS_CHANGE
resource RCACase / a1b2c3d4-…
user hospital_admin (uuid)
changes {"status":{"old":"IN_ANALYSIS","new":"UNDER_REVIEW"}}
ip_address a1b2c3d4e5f6g7h8 // SHA-256 hash, raw IP never stored
request PATCH /api/v1/rca/cases/<uuid>/status/
✕ UPDATE — blocked. Records are append-only by architectural design.

Ready to Deploy

Clinical Safety
Starts Here

Domain-driven. Audit-proof. WHO/JCI aligned. Built for Uzbekistan's healthcare system — deployable anywhere PostgreSQL runs.

Django 5.2 DRF 3.15 PostgreSQL JWT + Blacklist OpenAPI 3.0 Python 3.10+ Docker Gunicorn