When should we engage Basal for health it governance?

Engage Basal when the deliverable needs principal-level architecture ownership end-to-end, rather than being split between a junior team and an oversight lead.

How long does a typical engagement run?

Fixed-scope architecture work is typically 4–8 weeks. Retainer engagements on a programme of work run 3–12 months.

Does Basal work inside our security and data environment?

Yes. Basal operates inside the client's own tenancy, VPN, or bastion wherever possible. Any out-of-environment analysis uses de-identified or synthetic data documented in the SRA.

Which jurisdictions does this service cover?

Australia, New Zealand, and the United States. Jurisdictional specifics (base profiles, assurance regimes, consent models) are addressed explicitly in each engagement.

What deliverables does Basal produce?

Named architectural artefacts — solution architecture documents, interface specifications, governance packs, implementation guides — written to survive the engagement and be owned by the in-house team afterwards.

Services

Health IT governance — PIA, SRA, ATO

Privacy Impact Assessments, Security Risk Assessments, and Authority to Operate packages written to pass procurement and assurance review. NZISM, IRAP, HIPAA Security Rule, and jurisdictional privacy alignment.

Health IT governance Australia · New Zealand · United States

When to engage Basal for this

Engage Basal when the work needs principal-level ownership end-to-end — architecture, delivery, and the governance artefacts that make it approvable — rather than being split between a junior team and an oversight lead. Typical triggers: a transition with a hard cutover date, an integration estate where vendor lock-in is blocking strategy, or a programme where procurement needs a named senior architect to de-risk the scope.

How Basal delivers

All engagements are delivered directly by Flynn McLean, Principal of Basal. There is no junior team and no hand-off. Basal operates inside the client's own cloud tenancy, VPN, or bastion wherever possible. Deliverables are written to be owned and extended by the in-house team after the engagement ends.

What we produce

Solution Architecture Documents — target-state, transition-state, and current-state decomposition where relevant.
Interface specifications — HL7 v2, FHIR, CDA, or message-bus contracts, written to the level a vendor can implement against.
Governance artefacts — Privacy Impact Assessment, Security Risk Assessment, Authority to Operate packages, written to pass procurement and assurance review.
Implementation guide fragments — profiles, bindings, and examples at the granularity the delivery team needs.

Jurisdictional coverage

Basal works across Australia, New Zealand, and the United States. Engagements call out jurisdiction-specific elements explicitly: AU Core, My Health Record, and ADHA assurance processes in Australia; NZ Base, Hira, HISO, and NZISM in New Zealand; US Core, TEFCA, USCDI, ONC HTI-1, and HIPAA Security Rule in the United States.

Questions procurement teams ask

When should we engage Basal for health it governance?
Engage Basal when the deliverable needs principal-level architecture ownership end-to-end, rather than being split between a junior team and an oversight lead.
How long does a typical engagement run?
Fixed-scope architecture work is typically 4–8 weeks. Retainer engagements on a programme of work run 3–12 months.
Does Basal work inside our security and data environment?
Yes. Basal operates inside the client's own tenancy, VPN, or bastion wherever possible. Any out-of-environment analysis uses de-identified or synthetic data documented in the SRA.
Which jurisdictions does this service cover?
Australia, New Zealand, and the United States. Jurisdictional specifics (base profiles, assurance regimes, consent models) are addressed explicitly in each engagement.
What deliverables does Basal produce?
Named architectural artefacts — solution architecture documents, interface specifications, governance packs, implementation guides — written to survive the engagement and be owned by the in-house team afterwards.

Related services

Last updated: 18 April 2026

Get in touch All services