IEC 62304 + HIPAA Compliance for Medical Device Software
Enforce FDA, EU MDR, and HIPAA regulatory standards automatically on AI-generated code.
The Challenge
Medical device software must comply with IEC 62304, which requires traceability from requirements to code, input validation, error handling, and extensive documentation. When devices handle patient data, HIPAA adds requirements for PHI protection, encryption, and audit trails. When AI agents generate code, compliance verification becomes a bottleneck.
How sentrik Helps
Automated Traceability
Every source file is checked for requirement traceability headers. Findings link to Azure DevOps or GitHub work items. Reconciliation auto-creates items for untracked code.
IEC 62304 + HIPAA Rule Packs
14 IEC 62304 rules covering code enforcement (unsafe casts, input validation, error handling) and documentation obligations (clauses 5.1 through 5.8). 15 HIPAA rules for PHI handling, encryption, access controls, and audit trails.
Audit Evidence Generation
HTML and SARIF reports serve as audit artifacts. Documentation obligations appear in reports for auditor review. Audit log tracks every scan, gate, and reconcile action.
CI/CD Gate
Block non-compliant PRs in GitHub Actions or Azure Pipelines. PR decoration posts findings as inline comments. Status checks report pass/fail.
Quick Start
npm install -g sentrik
sentrik add-pack hipaa # Add HIPAA for PHI protection rules
sentrik scan # Auto-detects medical device from README
sentrik gate # Enforce the gate