[01_FOCUS: CORE_PILLARS]
Trigonal
TRIGONAL TECHNOLOGY
Trigonal Technology
SYSTEM STATUS: SECURE
Last Updated: January 14, 2026

Data Sovereignty & Privacy Protocol

Architecting the structures that protect global health data.

Core Principle

Trigonal Technology operates on a sovereignty-first architecture. We build the infrastructure-you own the data. Clinical patient information never passes through Trigonal servers, ensuring complete data sovereignty for health institutions across Nepal, India, Middle East, and Africa.

Data Sovereignty

01 • OWNERSHIP & CONTROL

The Sovereignty-First Model

Trigonal never owns your clinical data. We architect, deploy, and maintain the digital health infrastructure, but all patient records, clinical events, and diagnostic data remain under the exclusive ownership and control of the deploying health institution.

Technical Implementation: All NidanEHR, OpenMRS, Bahmni, and DHIS2 deployments are installed on-premise or within client-controlled cloud infrastructure. Trigonal engineers access systems only via temporary, audited VPN tunnels for maintenance-never for data extraction.

What We Collect

  • System Diagnostics: Server performance metrics, error logs (anonymized), uptime statistics
  • Usage Analytics: Feature adoption rates (aggregated, not patient-level)
  • Contact Information: Hospital admin emails, support ticket communications

What We Never Collect

  • Patient names, identifiers, or demographic data
  • Clinical diagnoses, prescriptions, or lab results
  • Financial billing records or insurance claims
  • Any FHIR resources containing Protected Health Information (PHI)

Security Engineering

02 • ENCRYPTION & ACCESS

Cryptographic Standards

At Rest

AES-256-CBC Encryption

Database-level encryption for all PHI

In Transit

TLS 1.3 Transport Security

All API endpoints enforce HTTPS

Role-Based Access Control (RBAC)

Compliance Framework

03 • STANDARDS & CERTIFICATIONS

Regulatory Compliance Stack

HL7 FHIR

HL7 FHIR R4

Interoperability Standard

HIPAA Compliant

US Health Data Privacy

Nepal MoHP

Directive 2081

Geographic Compliance

  • Nepal: Ministry of Health & Population (MoHP) Directive 2081 for EHR interoperability
  • India: Digital Information Security in Healthcare Act (DISHA) compliance
  • Nigeria: National Health Act 2014 data protection standards
  • USA: HIPAA Security Rule (for US-based deployments)
  • EU: GDPR compliance for European health institutions

User Rights

04 • ACCESS & CONTROL

Your Data Rights

Right to Access

Request a copy of all diagnostic logs and system metadata we hold about your institution.

Right to Rectification

Correct any inaccurate contact information or organizational details.

Right to Erasure

Request deletion of non-essential logs after contract termination (excludes legally required audit trails).

Right to Data Portability

Export system configurations and integration schemas in FHIR-compliant formats.

Contact for Rights Requests:
Email: privacy@trigonal.io
Response Time: Within 30 days of verified request

AI Transparency

05 • INTELLIGENCE LAYER DISCLOSURE

The Digital Brain: AI/Predictive Analytics

Our AI Intelligence Layer (Layer 04 in the Vertical Nervous System) processes clinical data to generate predictive insights, radiology diagnostics, and outbreak alerts. Here's how we ensure transparency:

1On-Premise AI Processing

All AI models (TensorFlow-based CNN for radiology, NLP for claim coding) run exclusively on your infrastructure. No clinical data is transmitted to external AI services or Trigonal cloud servers.

2Model Training & Data Usage

Pre-trained models are deployed with your system. If custom training is requested, it occurs only on your anonymized datasetsunder explicit contractual agreement. Trigonal never uses your data to improve models for other clients.

3Human-in-the-Loop Requirement

AI predictions (e.g., fracture detection at 94% accuracy) are presented as decision support tools, not autonomous diagnostic systems. A licensed clinician must review and approve all AI-generated insights before clinical action.

4Audit Trail for AI Decisions

Every AI prediction is logged with: input parameters, model version, confidence score, and clinician override status. This ensures full accountability and regulatory compliance.

Key Guarantee: Your institution can disable the AI Intelligence Layer at any time without affecting core EHR functionality. Data sovereignty always supersedes algorithmic enhancement.

Need a Data Governance Audit?

Organizations requiring detailed compliance mapping, FHIR security architecture reviews, or custom data governance frameworks can schedule a consultation with our senior engineering team.

Consult an Architect

Trigonal Technology Pvt. Ltd. • Est. 2019 • Kathmandu, Nepal

Protocol Version 1.0.4 • Last Updated: January 14, 2026 • Effective: January 1, 2025

Questions? Email privacy@trigonal.io

Architecture Concierge

Ask our AI about FHIR integration, Nepal MoHP Directive 2081 compliance, or system architecture.

"How does NidanEHR ensure HL7 FHIR compliance?"

RAG-based AI integration coming in Phase 2

Ask our Architecture Concierge about FHIR integration or Directive 2081.