@iota-big3/sdk-regulated
v1.0.0
Published
Regulated Industries SDK for Healthcare, Finance, and Government
Maintainers
allan1361Readme
IOTA Big3 SDK - Regulated Industries
Production-ready compliance solutions for Healthcare, Finance, and Government sectors.
Overview
The Regulated Industries SDK provides comprehensive compliance frameworks and tools for heavily regulated industries:
- Healthcare: HIPAA compliance, PHI protection, EHR integrations
- Finance: PCI-DSS compliance, payment card security, fraud detection
- Government: FedRAMP compliance, classified data handling (coming soon)
Installation
npm install @iota-big3/sdk-regulatedQuick Start
import { getRegulatedIndustriesSDK } from "@iota-big3/sdk-regulated";
const sdk = getRegulatedIndustriesSDK();
// Initialize Healthcare compliance
const hipaaManager = sdk.initializeHealthcare();
// Initialize Finance compliance (PCI Level 1)
const pciManager = sdk.initializeFinance(PCIComplianceLevel.LEVEL_1);
// Validate all compliance
const results = await sdk.validateAllCompliance();Healthcare (HIPAA Compliance)
Features
- HIPAA control implementation and validation
- PHI data classification and encryption
- Business Associate Agreement (BAA) management
- Audit trail with 6-year retention
- Breach detection and notification
Usage
import { HIPAAComplianceManager, PHIData } from "@iota-big3/sdk-regulated";
const hipaaManager = new HIPAAComplianceManager();
// Add BAA agreement
await hipaaManager.addBAAgreement({
id: "baa-123",
coveredEntityName: "Hospital ABC",
businessAssociateName: "Tech Partner XYZ",
effectiveDate: new Date(),
expirationDate: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000),
scope: ["data-processing", "storage"],
signedBy: {
coveredEntity: "John Doe",
businessAssociate: "Jane Smith",
},
});
// Access PHI with audit trail
const phiData = await hipaaManager.accessPHI(
"user123",
"patient456",
"treatment",
{
patientId: "patient456",
name: "John Patient",
diagnosis: ["hypertension"],
medications: ["lisinopril"],
}
);
// Encrypt PHI data
const encrypted = await hipaaManager.encryptPHI(phiData);
// Generate HIPAA compliance report
const report = await hipaaManager.generateHIPAAReport();Finance (PCI-DSS Compliance)
Features
- PCI-DSS Level 1-4 compliance support
- Credit card tokenization and detokenization
- Network segmentation validation
- Quarterly security assessments
- Fraud detection and prevention
Usage
import {
PCIDSSComplianceManager,
PCIComplianceLevel,
PaymentCardData,
} from "@iota-big3/sdk-regulated";
const pciManager = new PCIDSSComplianceManager(PCIComplianceLevel.LEVEL_1);
// Tokenize credit card
const cardData: PaymentCardData = {
cardholderName: "John Doe",
primaryAccountNumber: "4111111111111111",
expirationDate: "1225",
cvv: "123",
};
const tokenizedCard = await pciManager.tokenizeCard(cardData);
console.log(tokenizedCard.token); // tok_abc123...
// Detokenize for processing
const originalCard = await pciManager.detokenizeCard(
tokenizedCard.token,
"processor-service",
"transaction-processing"
);
// Perform quarterly assessment
const assessment = await pciManager.performQuarterlyAssessment();
// Generate PCI compliance report
const report = await pciManager.generatePCIReport();Compliance Validation
Unified Compliance Checking
const sdk = getRegulatedIndustriesSDK();
// Initialize all needed compliance managers
sdk.initializeHealthcare();
sdk.initializeFinance(PCIComplianceLevel.LEVEL_2);
// Validate all at once
const complianceStatus = await sdk.validateAllCompliance();
if (!complianceStatus.healthcare.compliant) {
console.log("HIPAA violations:", complianceStatus.healthcare.violations);
}
if (!complianceStatus.finance.compliant) {
console.log("PCI-DSS violations:", complianceStatus.finance.violations);
}
// Generate comprehensive report
const report = await sdk.generateComplianceReport();Audit Trail
All sensitive operations are automatically audited:
// Access audit entries
const auditEntries = hipaaManager.getAuditEntries({
userId: "user123",
startDate: new Date(Date.now() - 7 * 24 * 60 * 60 * 1000), // Last 7 days
classification: DataClassification.PHI,
});
// Subscribe to audit events
hipaaManager.on("audit", (entry) => {
console.log("Audit event:", entry);
});
// Detect anomalies
hipaaManager.on("anomaly-detected", (anomaly) => {
console.log("Security anomaly:", anomaly);
});Data Classification
The SDK automatically classifies data based on content:
const classification = manager.classifyData({
ssn: "123-45-6789",
diagnosis: "diabetes",
creditCard: "4111111111111111",
});
// Returns: DataClassification.PHI (highest classification wins)Classifications:
PHI- Protected Health InformationPII- Personally Identifiable InformationPCI- Payment Card InformationCLASSIFIED- Government classified dataCONFIDENTIAL- Business confidentialINTERNAL- Internal use onlyPUBLIC- Public information
Encryption
All sensitive data is encrypted using industry standards:
- Healthcare: AES-256-GCM for PHI
- Finance: AES-256-GCM with HSM key management
- Government: FIPS 140-2 validated encryption
// Encrypt with automatic classification
const encrypted = await manager.encryptData(
sensitiveData,
DataClassification.PHI
);
// Decrypt with classification verification
const decrypted = await manager.decryptData(encrypted, DataClassification.PHI);Performance Requirements
The SDK is designed to meet stringent performance requirements:
Healthcare
- API Response: <200ms for clinical data
- Bulk Operations: 100K records/minute
- Real-time Monitoring: <50ms alerts
- Availability: 99.99% uptime
Finance
- Trading Latency: <1ms order execution
- Throughput: 1M transactions/second
- Batch Processing: 10M records/hour
- Data Accuracy: 100% reconciliation
Security
- End-to-end encryption for all sensitive data
- Role-based access control (RBAC)
- Multi-factor authentication support
- Continuous security monitoring
- Automated vulnerability scanning
- Penetration testing support
Development
# Install dependencies
npm install
# Run tests
npm test
# Build
npm run build
# Lint
npm run lintLicense
Proprietary - IOTA Big3 Corporation
Support
For support, please contact: [email protected]