Use Case

IEC 62304 + HIPAA Compliance for Medical Device Software

Enforce FDA, EU MDR, and HIPAA regulatory standards automatically on AI-generated code.

The Challenge

Medical device software must comply with IEC 62304, which requires traceability from requirements to code, input validation, error handling, and extensive documentation. Historically, IEC 62304 tooling targeted C/C++ and legacy embedded stacks. Modern medical devices increasingly use Python, JavaScript, and cloud-connected architectures where no governance tooling existed — until now.

When devices handle patient data, HIPAA adds requirements for PHI protection, encryption, and audit trails. When AI agents generate code, compliance verification becomes a bottleneck.

How sentrik Helps

Automated Traceability

Every source file is checked for requirement traceability headers. Findings link to Azure DevOps or GitHub work items. Reconciliation auto-creates items for untracked code.

IEC 62304 + HIPAA Rule Packs

31 IEC 62304 rules covering code enforcement (unsafe casts, input validation, error handling) and documentation obligations across the software lifecycle clauses. 25 HIPAA rules for PHI handling, encryption, access controls, and audit trails.

Audit Evidence Generation

HTML and SARIF reports serve as audit artifacts. Documentation obligations appear in reports for auditor review. Audit log tracks every scan, gate, and reconcile action.

CI/CD Gate

Block non-compliant PRs in GitHub Actions or Azure Pipelines. PR decoration posts findings as inline comments. Status checks report pass/fail.

Auditor Portal & SBOM Generation

Time-boxed access portals for FDA/notified body reviewers. Auto-generate SBOMs tied to each scan. Export evidence to GRC platforms for streamlined audit preparation.

Confidence-Ranked Findings

Heuristic + LLM-powered confidence scoring ranks findings by accuracy. Auditors see high-confidence issues first. Reduces false positive review time.

C/C++ Semantic Analysis

Deep analysis via clang-tidy and cppcheck for MISRA C, CERT C, and C++ Core Guidelines compliance. Goes beyond regex to real AST-level checking.

Quick Start

pip install sentrik
sentrik add-pack hipaa                # Add HIPAA for PHI protection rules
sentrik scan                          # Auto-detects medical device from README
sentrik gate                          # Enforce the gate

Full Walkthrough View Pricing