← index / platform

Platform — Admin · Consent · Models · Status

The governance spine. What separates Averra from any other health product: every action is logged, every model has a card, every consent is revocable, every outage is public.

averra.health / admin / access
SSO · SRE group · 2 approvers present
Platform
Governance
Identity & access
Consent ledger
Model registry
Audit log
Data-subject requests
Reliability
Status · incidents
API portal
Integrations
Compliance
PDPL register
DHA / MOHAP mapping
Identity & access · 428 users
SoD matrix · quarterly recert · last completed 31 Mar · 94% compliance
AllClinician 184Admin 22Ops 31Recert-due 26
UserRoleScopeLast reviewSoD conflicts
Dr. F. Al HashimiClinician · GPPanel 412 · no admin28 Mar · selfok
M. KuriakoseSRE · prodBreak-glass 2-of-214 Apr · mgrok
S. FarahaniDPOAudit read-all · no write02 Apr · boardok
A. BoutrosFinance · ARClaims read · no patient03 Jan · duerecert
R. DasData scientistk≥20 only · no raw12 Feb⚠ also claims-editconflict
Separation of duties · R. Das
Assigned both "data-science · k≥20" + "claims · edit". Violates SoD rule 7 (no cross-PHI write).
Risk · high
Auto-action · freeze edit role · notify manager
Owner · S. Farahani (DPO) · decision due 22 Apr
Freeze · require ackException · 30d
Break-glass · this week
3 events · all 2-of-2 · all logged
● 16 Apr 02:14 · SRE+DPO · SIEM anomaly
● 18 Apr 09:02 · SRE+mgr · failed rollback
● 19 Apr 14:41 · SRE+DPO · patient data export request
↳ no solo prod access · ever
averra.health / admin / consent
Platform
Governance
Identity & access
Consent ledger
Model registry
Audit log
Data-subject requests
Consent ledger · immutable record
Every grant · every revocation · every data touch. Member-visible (their own view). Regulator-exportable on demand.
Active consents
1,284,112
Revocations · last 30d
847
normal baseline · 600–900
Member-initiated exports
62
PDPL art. 15 · avg 22h SLA
Time (UTC)MemberScopePartyBasisActionTxn
20 Apr 08:14:22AAM-48291Tier-1 · labs+medsDr. F. Al Hashimiconsultgranteda47f…
20 Apr 08:02:11OAS-10044Tier-0 · vitalsFamily (spouse)care proxygrantedbc82…
19 Apr 21:47:03RBH-22110Referral packetDr. A. Iskandarreferralgranted9e31…
19 Apr 19:22:40PRM-77831Research · cohort 2031Internal · RWEopt-in · 2024revoked1f40…
19 Apr 18:09:55FAZ-65502Pharmacy · AsterPharmacydispensinggranted3a1b…
19 Apr 17:55:02JKR-30081Full export · selfMemberPDPL art. 15exported7c9d…
Revocation propagation
When a member revokes, we propagate within SLA to every downstream holder. Each echoes an ack hash back.
PRM-77831 · research cohort revoke · 19 Apr 19:22
ETL pipeline · ack 19:22:04
Analytics warehouse · ack 19:22:11
ML feature store · ack 19:22:38
Downstream pharma partner · ack 20:14:02
All within 24h · SLA green
What the member sees
The same ledger, filtered to their own. Every row is plain language: "14 Apr — Dr. Fatima read your labs during your consult." One tap to revoke anything still revocable.
averra.health / admin / models
Platform
Governance
Identity & access
Consent ledger
Model registry
Model registry · 23 production models
Every model used in patient care has a card, a version, a bias audit, an owner, and a kill-switch.
ModelUseVerOwnerLast auditDriftBiasKill
triage-v3Symptom → urgency3.2.1Clinical AI12 Apr0.03pass
readmit-30dHospital readmission2.1.0Ops02 Apr0.11review
cie-guideline-concordClinical integrity4.0.2Clinical AI18 Apr0.04pass
noshow-riskAppointment no-show1.5.0Ops22 Mar0.06nationality skew
twin-metric-synthTwin visualization0.9.3Member10 Apr0.02pass
readmit-30d · v2.0retired2.0.4archived
Model card · triage-v3
Purpose · classify member-described symptoms into 5 urgency tiers
Training · 428k anonymised UAE consultations, 2021-2025
Performance · sens 0.94 · spec 0.88 · AUC 0.93
Failure modes · under-triages cardiac in <35F; mitigated by red-flag rulebook
Bias audit · 18 Apr · equal AUC across gender, 4 nationalities, Arabic/English
Human oversight · all Tier 4-5 routed to clinician within 4h
Kill-switch · single-actor, logged, defaults to rulebook-only triage
readmit-30d · drift alert
Drift 0.11 · threshold 0.08. Cause hypothesized: post-winter respiratory admission shift. Owner paged 16 Apr.
◉ shadow · v2.2-rc1 running in parallel
◉ 14d decision window · then promote or rollback
◉ clinicians unaffected — using prior stable
View shadow metrics
status.averra.health
● all systems operational
Status · public
Published uptime · 30 day rolling · named authors on every RCA
99.97% · 30dlast incident · 02 Apr
Member apps
iOS · Android · 100%
Web · 100%
Ask / triage · 100%
Clinician
Workspace · 100%
e-Prescribe · degraded · 97.2%
SOAP / CIE · 100%
External integrations
NABIDH (Dubai) · 100%
Malaffi (Abu Dhabi) · 100%
eClaimLink · 99.9%
UAE Pass · deg · OTP delay
Incident · INC-2042 · 16 Apr
Severity SEV-1 · data exfil anomaly · contained in 14 min
Impact 42 records touched · no confirmed loss · 240k rows quarantined
Author S. Farahani (DPO), M. Kuriakose (SRE lead) — RCA posted 19 Apr
What we're changing 1) service account egress defaults to deny; 2) anomaly threshold on volume lowered 60%; 3) 2-of-2 break-glass mandatory for any export > 10k rows.
Commitment public 90-day verification, independent audit Q3 2026.
↳ Platform isn't a feature list — it's the receipts. Every choice above is publicly visible or member-visible by default; private by exception only.
← doctor v2 index ecosystem →