Skip to main content

Patient-owned sovereign health records (FHIR/CCDA) as a Kestrel Sovereign feature package

Project description

kestrel-feature-healthcare

Patient-owned sovereign health records (FHIR/CCDA) for Kestrel Sovereign.

An agent holds the owner's clinical records as part of its sovereign memory. This is a reusable framework capability — a sibling package alongside kestrel-feature-visual / -reflection / -observability — not a host-product feature. Any healthcare host on Kestrel consumes it.

Status

Multi-phase epic tracked in KestrelSovereignAI/kestrel-sovereign:

  • Phase A — implemented — typed FHIR R4B resource store, owner-DID-scoped, PHI encrypted at rest, audited reads
  • Phase B — implemented — CCDA document storage + header extraction (lxml), owner-DID-scoped, encrypted at rest, sharing one append-only PHI access log with Phase A
  • Phase C — implemented — pure-Python CCDA → FHIR R4B mapper (no third-party converter): Patient + Allergies / Medications / Problems / Results / Vital Signs / Immunizations / Procedures. Normalized resources land in the Phase A FHIR store, owner-scoped and audited, exactly like any other write.
  • Phase D — owner-controlled access/consent surface + export hooks

Phases C/D depend on the sovereign-import receiver and the data_access_grant consent-verification primitives shipping in kestrel-sovereign first.

Phase A — PHI handling (required)

Health records are PHI. The store is fail-closed: resource bodies are encrypted at rest with AES-256-GCM under a per-owner key HKDF-derived from the host master key, and no operation will store or return PHI in the clear. The host master key must be configured (KESTREL_DATA_KEY); without it the FHIR tools fail with a clear error rather than degrading to plaintext. Every owner read/write/query is recorded in an append-only access log. Only the resource body is encrypted — resource_type and fhir_id remain queryable metadata.

Installation

uv pip install kestrel-feature-healthcare

The package registers HealthcareFeature through the kestrel_sovereign.features entry point group.

Development

uv sync --extra test
uv run --extra test pytest

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

kestrel_feature_healthcare-0.7.1.tar.gz (46.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

kestrel_feature_healthcare-0.7.1-py3-none-any.whl (54.2 kB view details)

Uploaded Python 3

File details

Details for the file kestrel_feature_healthcare-0.7.1.tar.gz.

File metadata

File hashes

Hashes for kestrel_feature_healthcare-0.7.1.tar.gz
Algorithm Hash digest
SHA256 174088719e28425563924dd8e97272b119358d3be7e0570676b88cc4cc7c0195
MD5 6d2e73b2109ef7b24f62f70b83b48ce7
BLAKE2b-256 5abea40010cd6702d31bef0fcdbfbc54d6ed47a04affa24e045ae1c8acaa0b20

See more details on using hashes here.

Provenance

The following attestation bundles were made for kestrel_feature_healthcare-0.7.1.tar.gz:

Publisher: publish.yml on KestrelSovereignAI/kestrel-feature-healthcare

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file kestrel_feature_healthcare-0.7.1-py3-none-any.whl.

File metadata

File hashes

Hashes for kestrel_feature_healthcare-0.7.1-py3-none-any.whl
Algorithm Hash digest
SHA256 5ca113d583eb6d2d0080e2e8fd115a3d96dcb1caa7d4bcff1759b2a4715addb2
MD5 c33fac4e8900202c9518915b3a08db24
BLAKE2b-256 cbaf02d94aeeb27a68d83ae77a49ca9d5308c348a16e9e12e61845ef156b2240

See more details on using hashes here.

Provenance

The following attestation bundles were made for kestrel_feature_healthcare-0.7.1-py3-none-any.whl:

Publisher: publish.yml on KestrelSovereignAI/kestrel-feature-healthcare

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page