OrthoPath

Assistive Clinical Decision Support
Assistive-only CDS: OrthoPath provides clinical decision support only. Clinicians retain full responsibility for all clinical decisions. This tool does not autonomously diagnose, prescribe, or order. Do not enter patient identifiers or any Protected Health Information (PHI) into this MVP.

Privacy

Last updated: 2026-02-24

Assistive-Only Disclaimer

OrthoPath is an assistive clinical decision support tool only. All clinical data handling must be reviewed by your institution's data governance and privacy office before deployment.

Do not enter patient identifiers or any Protected Health Information (PHI) into this tool.

Data Handling Policy (MVP)

What This MVP Does Not Collect

  • This MVP does not collect, store, or transmit patient identifiers.
  • This MVP does not integrate with electronic health records (EHRs) or any external patient data systems.
  • This MVP does not use patient data for model training or analytics.

What This MVP May Store

  • Run audit records: When a database is configured, the system stores the inputs submitted, the rule output, and the matched rule identifiers for each CDS evaluation. These are stored as audit records for traceability.
  • Tenant identifier: A non-patient institutional identifier (`X-Tenant-ID`) used for multi-tenancy isolation.

Input Data Warning

The input forms accept structured clinical variables (e.g., injury location, fracture classification). These fields are designed to avoid free-text patient data. However:

  • Users must not enter patient names, dates of birth, medical record numbers, or any other identifying information into any input field.
  • The system does not validate or enforce this restriction technically — it is a user responsibility.

Institutional Deployment Requirements

Before deploying OrthoPath in a clinical environment, the deploying institution must:

  • Review this tool's data handling with their Privacy Officer and Data Governance team.
  • Ensure the tool is not used with identifiable patient data unless a formal Privacy Impact Assessment has been completed.
  • Configure `DATABASE_URL` only with a database under institutional data governance controls.

Limitations

  • This tool is an MVP and does not implement encryption-at-rest, advanced access controls, or audit log retention policies beyond what the deploying institution configures.
  • No third-party data processors are involved in the core CDS logic.