Skip to content

Platform Overview

What it is

The clinical-data-model platform is Skin Analytics' clinical data backbone — the shared infrastructure that all of our dermatology AI products run on. It stores patient records, cases, and clinical images in a secure, auditable way, coordinates AI analysis, supports licensed clinician review, and delivers results to the right people at the right time.

The platform is built as a set of small, focused services rather than a single system. Each service owns one piece of the clinical workflow. They communicate over a shared event bus, so they can evolve independently and a failure in one does not bring down the others.

The platform is designed to be multi-tenant from the start. Each customer organisation has fully isolated data. New customers can be onboarded without code changes, and new dermatology products can be added without schema changes. This was a deliberate architectural investment made early so we don't pay it later.

Who it's for

The platform serves Skin Analytics' customers: clinics, hospitals, and telemedicine providers running dermatology workflows. Customers configure their own clinical flows — AI-only review, human-only review, or AI followed by clinician sign-off — and the platform handles the rest. It is designed to back multiple products on the same infrastructure without rework as new offerings are added.

Where we are today

The v1 platform is fully shipped. Eight services and four shared packages are in production.

  • Clinical case storage with encryption at rest and per-patient audit
  • AI-driven review via DERM 5.0.0 (Skin Analytics' core dermatology AI)
  • Configurable per-customer workflows (AI review, human review, or both in sequence)
  • Human reviewer queue with claim lifecycle and structured decision capture
  • Patient consent registry (GDPR and good clinical practice)
  • OAuth2 service authentication with JWT and multi-tenant access control
  • User, role, and organisation management
  • Email and Slack notifications
  • Crypto-shredding for GDPR Article 17 erasure (right to be forgotten)
  • Structured audit trail across all services, designed for medical-device-grade inspection

What sets us apart

The platform was built to medical-device standards from day one, not retrofitted later.

  • Audit trail you can trust. Every action on every patient record is logged with actor, timestamp, and context. The audit log is append-only at the application layer; no admin endpoint can edit or delete it.
  • AI and human review on the same case, configurable per customer. A workflow can be AI-only, human-only, or AI first with clinician sign-off. The orchestrator drives this without code changes; it is a configuration decision, not a deployment decision.
  • Multi-tenant isolation from day one. Customer data is isolated at the database level, not just the application level. A misconfigured query cannot leak one customer's data to another.
  • GDPR Article 17 handled cleanly. Patient data is encrypted with a per-patient key. Deleting the key makes all of that patient's data cryptographically inaccessible without touching other patients' records. No manual data-scrubbing, no risk of incomplete deletion.