Skip to content

Non-Functional Requirements

Document Purpose: This document defines the non-functional requirements (NFRs) for the Entheory.AI platform, covering performance, security, scalability, reliability, and compliance requirements.

Executive Summary

These NFRs establish the quality attributes that the Entheory.AI platform must meet to ensure reliable, secure, and performant operation in hospital environments. All requirements are derived from clinical workflow needs and regulatory compliance.

Related Documentation: - Security & Privacy – Security implementation details - DevOps & SRE – SLIs/SLOs and monitoring - High-Level Architecture – System design

1. Performance Requirements

1.1 Response Time

Operation Target Max Acceptable Measurement
Patient List Load < 500ms < 2s Time to first meaningful paint
Patient Detail View < 1s < 3s Full page load with labs + imaging
Lab Trend Chart < 300ms < 1s Chart render after patient load
Search Results < 500ms < 1s First results displayed
Timeline Scroll < 100ms < 200ms Per scroll interaction
Document Preview < 2s < 5s PDF render in viewer

1.2 Processing Time

Process Target Max Acceptable Notes
HL7 Message Ingestion < 2s < 10s From receipt to bundle update
OCR Processing < 30s/page < 60s/page Tesseract engine
ASR Processing < 0.5x real-time < 1x real-time 10-min audio in 5 min
SOAP Note Generation < 20s < 60s After ASR completion
FHIR Export < 3s < 10s Patient bundle to FHIR

1.3 Throughput

Metric Target Peak Capacity
API Requests 1,000/min 5,000/min
HL7 Messages 500/hour 2,000/hour
OCR Jobs 50/hour 200/hour
Concurrent Users 100 500

Related Use Cases: API-001, OPS-001

2. Reliability Requirements

2.1 Availability

Tier Component SLO Allowed Downtime/Month
Tier 1 Patient API, Auth 99.9% 43 min
Tier 2 OCR/ASR Processing 99.5% 3.6 hours
Tier 3 Analytics, Reporting 99% 7.3 hours

2.2 Durability

Data Type Durability Target Implementation
Patient Bundles 99.999999999% (11 nines) S3 with cross-region replication
Audit Logs 99.999999999% WORM storage, immutable
Processed Documents 99.99% S3 with versioning
Transient Jobs 99% Redis persistence, queue durability

2.3 Recovery

Metric Target Description
RPO (Recovery Point Objective) 5 min Maximum data loss tolerable
RTO (Recovery Time Objective) 1 hour Time to restore service
MTTR (Mean Time to Recover) < 30 min Average incident resolution
MTBF (Mean Time Between Failures) > 30 days System reliability

Related Use Cases: OPS-006

3. Scalability Requirements

3.1 Capacity Targets

Resource MVP Growth (Year 2) Enterprise
Patients 5,000 25,000 100,000+
Documents 50,000 250,000 1,000,000+
Concurrent Users 50 200 1,000+
Storage 100 GB 1 TB 10 TB+

3.2 Horizontal Scaling

Component Scaling Strategy Auto-Scale Trigger
API Servers Add pods/containers CPU > 70%, requests > 80% capacity
OCR Workers Add workers Queue depth > 100, wait time > 5 min
ASR Workers Add GPU nodes Queue depth > 50, wait time > 10 min
Database Read replicas Read latency > 100ms

3.3 Data Growth

Data Type Growth Rate Retention Archive Strategy
Patient Bundles 100 new/month 10 years Cold storage after 1 year
Documents 1,000/month Per policy Archive after 3 years
Audit Logs 1 GB/month 7 years WORM storage
Metrics 10 GB/month 90 days hot Aggregate, downsample

4. Security Requirements

4.1 Authentication

Requirement Target Implementation
Password Complexity 12+ chars, mixed Policy enforcement
MFA for Admins 100% TOTP mandatory
Session Timeout 8 hours inactive Auto-logout
Failed Login Lockout 5 attempts 30-min lockout

4.2 Encryption

Requirement Target Standard
In Transit TLS 1.3 All connections
At Rest AES-256 All PHI
Key Rotation Annual Automated
Backup Encryption AES-256 Hospital BYOK option

4.3 Access Control

Requirement Target Measurement
RBAC Enforcement 100% All endpoints protected
Least Privilege Default Minimum required permissions
Audit Coverage 100% All PHI access logged
Anomaly Detection Real-time < 30s detection latency

Related Documentation: Security & Privacy, SEC Use Cases

5. Compliance Requirements

5.1 Regulatory Compliance

Regulation Requirement Status
DPDP Act 2023 Consent management, data rights ✅ Compliant
ABDM Guidelines ABHA integration, FHIR support ✅ Compliant
NABH Standards Audit trails, record completeness ✅ Compliant
IT Act 2000 (Sec 43A) Security practices ✅ Compliant

5.2 Data Residency

Requirement Target Implementation
Data Location India only AWS Mumbai (ap-south-1) or hospital DC
Cross-Border Not permitted No replication outside India
Third-Party Access Controlled Subprocessor agreements required

5.3 Audit Requirements

Requirement Target Retention
Access Logs 100% coverage 7 years
Change Logs All modifications 7 years
Export on Demand < 24 hours For regulatory requests
Tamper Evidence Cryptographic hash All audit entries

6. Usability Requirements

6.1 Accessibility

Requirement Target Standard
WCAG Compliance Level AA WCAG 2.1
Keyboard Navigation Full All interactive elements
Screen Reader Supported ARIA labels
Color Contrast 4.5:1 minimum Text on background

6.2 Localization

Requirement MVP Future
UI Language English Hindi, Tamil (Q2 2025)
Date Format DD-MM-YYYY Configurable
Number Format Indian (1,00,000) Standard
Timezone IST Configurable

6.3 Browser Support

Browser Version Support Level
Chrome Last 2 versions Full
Firefox Last 2 versions Full
Safari Last 2 versions Full
Edge Last 2 versions Full
Mobile Safari/Chrome Current Full

7. Maintainability Requirements

7.1 Code Quality

Metric Target Tool
Test Coverage > 80% Jest, pytest
Code Duplication < 3% SonarQube
Technical Debt Ratio < 5% SonarQube
Documentation Coverage > 90% JSDoc, docstrings

7.2 Deployment

Requirement Target Implementation
Deployment Frequency Weekly CI/CD pipeline
Rollback Time < 5 min Blue-green deployment
Zero-Downtime Deploys Yes Rolling updates
Feature Flags Supported LaunchDarkly/custom

7.3 Monitoring

Requirement Target Tools
Metrics Collection 100% services Prometheus
Log Aggregation Centralized Loki/ELK
Alerting Auto-configured AlertManager
Tracing Distributed Jaeger/OpenTelemetry

Related Documentation: DevOps & SRE

8. Interoperability Requirements

8.1 Standards Compliance

Standard Version Use Case
FHIR R4 Data export, ABDM integration
HL7 v2.5 Lab/ADT message ingestion
DICOM 3.0 Imaging integration
ICD-10 2024 Diagnosis coding
SNOMED CT 2024 Clinical terminology
RxNorm Current Medication mapping

8.2 Integration Requirements

Integration Protocol Latency
Hospital EMR HL7 MLLP, FHIR REST < 5s
LIS HL7 ORU < 2s
PACS DICOM, REST < 10s
ABDM FHIR R4 < 5s

Related Documentation: APIs & Interoperability, Pipelines & Ingestion

9. NFR Verification Matrix

Category How Verified Frequency
Performance Load testing (k6) Every release
Reliability Chaos engineering, DR drills Quarterly
Scalability Stress testing Annually
Security Pen testing, audits Annually
Compliance Internal audit Quarterly
Usability User testing Per major release

Document Owner: Product + Engineering
Last Updated: 2024-12-09
Next Review: Quarterly (aligned with releases)