Legal & Compliance
ABHA / ABDM Integration
Teravu integrates with the Ayushman Bharat Digital Mission (ABDM) as a Health Information User (HIU). This page explains what that means, what data flows, and how consent is managed.
What is ABHA?
The Ayushman Bharat Health Account (ABHA) is a 14-digit unique health identifier issued by the National Health Authority (NHA) under the Ayushman Bharat Digital Mission. It allows citizens to link health records from multiple hospitals and labs under a single digital identity.
Teravu uses ABHA as the canonical health identity in the Health pillar. You link your ABHA once; records flow in automatically from linked Health Information Providers (HIPs) with your explicit consent.
Teravu as a Health Information User (HIU)
Teravu operates as an ABDM-registered Health Information User (HIU). As an HIU, we:
- Request health data only after obtaining your explicit consent through the ABDM consent gateway.
- Receive data only in the time window you authorise (e.g., "last 2 years of records").
- Store received records in encrypted form (AES-256-GCM) inside the Health pillar.
- Never re-share health records with any third party.
- Never use health records to train AI models without explicit consent.
Consent-artifact lifecycle
Every ABDM health data request generates a consent artifact — a cryptographically signed document that records:
- Your ABHA ID and Teravu's HIU ID
- The Health Information Providers (HIPs) from which data was requested
- FHIR resource types authorised (e.g., DiagnosticReport, Observation)
- Date range of records authorised
- Purpose of access (defaulting to "Personal Health Record Management")
- Consent expiry date
Consent tokens auto-expire every 6 months by default. We surface a renewal prompt 30 days before expiry. You can revoke consent at any time via /dashboard/health/records or through the ABDM Health Locker app.
FHIR profiles consumed
We consume the following ABDM FHIR R4 profiles:
| FHIR resource | What it contains |
|---|---|
| DiagnosticReport | Lab results, imaging reports, pathology |
| Observation | Vitals, blood glucose, SpO2, clinical findings |
| Immunization | Vaccination records per NIS schedule |
| MedicationRequest | Prescriptions and dosage instructions |
| Condition | Diagnoses, chronic conditions, allergies |
| AllergyIntolerance | Documented allergies and intolerances |
| Procedure | Surgical procedures, clinical interventions |
Data handling and storage
- FHIR payloads are stored in encrypted PostgreSQL columns (AES-256-GCM). Encryption keys are stored separately.
- ABHA OAuth tokens (access + refresh) are AES-256-GCM encrypted at rest.
- Health records are scoped to the Health pillar only — they do not flow to other pillars without explicit cross-pillar consent.
- The Legacy pillar can include an ABHA record archive in the handover packet — this requires separate consent.
- Health records are never used for advertising, profiling, or training AI models.
What Teravu is not
- Not a clinical establishment under the Clinical Establishments Act.
- Not a Health Information Provider (HIP) — we do not create or certify health records.
- Not a diagnostic or prescribing service — we log and contextualise, we do not diagnose or prescribe.
- Not a telemedicine platform.
Compliance references
Framework: Ayushman Bharat Digital Mission (ABDM) — National Health Authority, MoHFW, Government of India
Health Data Management Policy: NHA HDMP 2020 (as updated)
FHIR version: HL7 FHIR R4 (ABDM Implementation Guide)
Applicable law: DPDPA 2023 (sensitive personal data provisions apply to all health data)