Primacy of the patient's actual data
Screens and reports reflect the actual recorded state, not aggregated assumptions. Where an estimate is shown, it is flagged as such.
Methodology · OncoTime
How the product was designed and why it works the way it does.
Product decisions grounded in Brazilian healthcare legislation, recognized clinical standards, and explicit privacy principles. This page describes the process, the foundations, and what is still under adequacy — without claiming certifications we do not issue.
Process
How the product was designed.
OncoTime was born out of direct observation of oncology operations inside Brazilian hospitals — chemotherapy scheduling and patient navigation for active cases. Product development follows structured cycles:
- Operational discovery with clinical teams (oncology nursing, patient navigation, care operations management) — in the field, in the real workflow, without shortcutting the conversation.
- Modeling that respects the hospital's vocabulary — cycle, protocol, ward, chair/bed, capacity, add-on slot, care barrier, phase. We do not translate clinical terms into marketing jargon.
- Validation with the professionals who will use the product daily, before any feature with clinical or operational impact is released.
- Iterative implementation, with material changes going through regulatory impact review and prior communication to the customer whenever the user flow shifts.
We do not publish interview counts, adoption percentages, or impact metrics that we cannot back with an auditable source. When such numbers exist, they will be released with explicit source and time window.
Design principles
The six principles that guide every decision.
Append-only audit log
Status transitions, released exams, patient journey changes and protocol closures are recorded immutably. Corrections are recorded as new entries — never overwritten.
Granular profiles per module
Distinct permissions for Scheduling and Patient Navigation, with role-specific actions (nursing, navigation, management, quality) and report-level controls.
Anonymization on epidemiological export
RAS-DATASUS exports apply k-anonymity ≥ 5: cells with few patients are suppressed, preventing reidentification through cross-referencing (LGPD art. 13).
Operational vocabulary, not marketing
We speak the way the hospital speaks. Clinical and operational terms are preserved across the interface, reports, and contracts — reducing adoption friction.
Explicit legal compliance, feature by feature
Every relevant feature references the rule it addresses — Brazilian Federal Law 14.758/2023, Brazilian Federal Law 12.732/2012, LGPD, ANVISA Resolution RDC 220/2004 — so that hospital audit and quality teams know where to look.
Regulatory foundations
Compliance map — feature by rule.
Each row maps a regulatory requirement to how OncoTime addresses it and where in the product it materializes. We do not use the phrase "100% compliant with X" — we describe what we deliver.
| Rule / Requirement | How OncoTime addresses it | Where in the product |
|---|---|---|
|
Brazilian Federal Law 14.758, of 12/19/2023
National Cancer Prevention and Control Policy; Cancer Patient Navigation formalized (art. 5). |
Prioritized navigator worklist, validated phase-based patient journey, categorized recording of care barriers. | Patient Navigation module · Worklist and barriers |
|
Brazilian Federal Law 12.732, of 11/22/2012
60 days between diagnosis and treatment start (art. 2) — the 60-day rule from diagnosis to treatment start. |
Per-patient countdown, alerts in critical windows, recorded barrier when the deadline is missed. | Patient Navigation module · Legal deadline countdown |
|
Law 13.709/2018 (LGPD — Brazil's General Data Protection Law) — art. 7 and 11
Legal bases and processing of sensitive health data. |
Explicit legal bases per purpose, per-tenant segregation, append-only audit log of every access to sensitive data. | Persistence · audit · profiles |
|
LGPD — art. 18
Data subject rights. |
Documented channel for exercising rights, handled by the Data Protection Officer (DPO) under agreement with the controller institution. | Privacy policy · DPO channel |
|
LGPD — art. 13
Anonymization for research and statistics. |
Epidemiological export with k-anonymity ≥ 5; automatic suppression of cells with few patients. | RAS-DATASUS report |
|
ANVISA Resolution RDC 220/2004
Operation of Antineoplastic Therapy Services — Outpatient Chemotherapy Unit (UTAQ). |
Capacity validation by ward, chair/bed, shift, and protocol; rules for inter-cycle intervals. | Scheduling module · Capacity |
|
CFM Resolution 1,821/2007
Brazilian Federal Council of Medicine — technical standards for the use of computerized Electronic Health Records (EHR) systems. |
Immutable audit architecture, retention, distinct profiles, explicit recording of the user responsible for each transition. | Product audit layer |
Technical standards
Standards and references adopted or being adopted.
HL7 FHIR R4
International clinical interoperability model. Relevant resources: Patient, Encounter, MedicationRequest, ServiceRequest, Observation, Task. Incremental adoption based on each institution's integration scenario.
Oncology classifications
ICD-10 and ICD-O-3 — native in diagnosis, staging, and reporting. SNOMED CT and LOINC are being adopted gradually as integration demand grows.
TISS / TUSS (ANS — Brazil's supplementary health agency)
Supported within the implementation scope when there is data exchange with a private payer. Table version validated at integration time — we do not claim "homologated" without specific and current TISS homologation.
Reference clinical guidelines
INCA — Brazilian oncology manuals and guidelines. NCCN, ASCO, ESMO — international references used as a knowledge base when modeling protocols. Cited as clinical references, not as institutional endorsements of OncoTime.
Continuous adequacy
What is still in the adequacy roadmap.
Transparency about what exists today and what is on the roadmap. Digital health certifications require an audit performed by an accredited body — we report status, not a seal we have not been issued.
SBIS-CFM — Security Seal
NGS1 (hybrid EHR) and NGS2 (fully electronic, paperless EHR) issued by the Brazilian Society for Health Informatics in partnership with the Brazilian Federal Council of Medicine. The standard's criteria guide our audit, user identification, and digital signature architecture. The formal seal depends on an audit performed by an SBIS-accredited auditor — we do not claim possession before issuance.
ISO/IEC 27001 and 27701
27001 — Information Security Management System. 27701 — privacy extension (Privacy Information Management System). Architecture and internal controls are designed around the domains in these standards; formal audit by a certifying body is on the roadmap.
National Oncology Care Policy (PNAO)
We monitor updates from the Brazilian Ministry of Health regarding the oncology care network. When a regulation changes a relevant operational requirement, it enters our product impact review cycle.
ONA accreditation of the pilot hospital
Hospitals seeking or maintaining ONA accreditation require operational evidence (traceability, audit, PNSP indicators). OncoTime delivers that evidence by design. Adjustments specific to each accreditation level are part of the implementation.
Change governance
How a clinical feature reaches release.
Changes that affect clinical decisions, the patient flow, or the audit log follow a cycle distinct from the standard technical release cycle:
- Regulatory impact review — which rule the change touches, what changes in adherence, and what must be communicated.
- Validation with at least one professional from the affected role — head nurse, patient navigator, oncology pharmacist, care operations manager. We do not release a clinical feature without a voice from the operation.
- Decision documentation — the rationale is recorded in internal release notes, with reference to the rule and supporting evidence.
- Prior communication to the customer when the user flow changes. Silent updates are acceptable only for fixes with no visible effect.
Purely technical changes (performance, refactor, security without behavior change) follow the standard cycle and appear in the changelog rather than in targeted communication.
A technical conversation about architecture, compliance, or implementation.
For IT, information security, quality, or DPO teams that need depth before a demo. We schedule a session focused on your scenario.