This organization publishes open-source infrastructure, standards, and tooling for secure, privacy-preserving behavioral healthcare systems.

Behavioral healthcare systems handle some of the most sensitive categories of regulated data, including therapy notes, substance use records, and crisis-related information. The projects in this organization focus on defining practical, engineering-first primitives that help organizations build compliant, auditable, and clinically effective systems without requiring large compliance or governance teams.

While designed with behavioral healthcare as the primary use case, these standards and tooling are applicable to healthcare platforms more broadly.

Projects in this organization focus on:

• Standardized audit event schemas for regulated healthcare systems
• PHI-safe, compliance-aligned audit logging primitives
• Clinical safety signal detection for unstructured text
• Reference architectures for secure data storage, retention, and access review
• Engineering mappings to common healthcare compliance control objectives

The goal is not to provide legal compliance guarantees, but to publish reusable engineering foundations that make secure, compliant, and clinically informed system design the default rather than an afterthought.

This organization focuses on primitives, standards, and reference implementations, not end-user applications. Projects should be reusable across organizations and deployment environments.

Stable, versioned schemas are treated as public contracts. Implementations must conform to published schemas rather than inventing ad-hoc structures.

Systems handling regulated healthcare data must minimize exposure by default. Audit artifacts must never require logging raw PHI to be useful. Clinical text processing must be stateless and ephemeral.

Projects provide engineering mappings to common compliance objectives (e.g., auditability, traceability, retention), but do not claim legal compliance or provide legal advice.

Reference implementations should support modern cloud architectures while avoiding hard dependencies on proprietary platforms wherever possible.

Design decisions favor simplicity, clarity, and operational usability over theoretical completeness.

All projects are developed with the goal of reducing barriers for small and mid-sized healthcare organizations to adopt secure, compliant system designs.

• bh-audit-schema Canonical audit event schema for behavioral healthcare systems, with HIPAA/SOC 2/42 CFR Part 2 compliance mappings.

• bh-audit-logger Cloud and framework-agnostic Python library for emitting privacy-preserving audit events conforming to the bh-audit-schema standard. Zero runtime dependencies.

• bh-fastapi-audit FastAPI middleware that automatically emits audit events for every HTTP request with HIPAA-safe defaults.

• bh-audit-logger-examples Examples and integration tests for bh-audit-logger covering every public API surface. Framework-agnostic.

• bh-fastapi-examples Minimal applications demonstrating bh-fastapi-audit with production-hardened, HIPAA-safe defaults.

• bh-sentinel Multi-layer NLP pipeline for clinical safety signal detection in behavioral health text. Detects self-harm/suicidal ideation, harm to others, medication non-adherence, substance use, clinical deterioration, and protective factors. Designed for HIPAA-safe, stateless deployment with clinician-in-the-loop review. FDA CDS-aligned.

• bh-data-lake-reference Reference architectures for storing, retaining, and querying healthcare audit events.

Projects are actively developed and used in real-world behavioral healthcare systems. All repositories are open-source and welcome engineering-focused contributions.