TrazaDocs · Compliance

Every document alive, tied to the case, with expiration in plain sight.

TrazaDocs keeps a visual record of which documents the case requires, which are present, which are missing, which have expired. Consent forms, authorizations, value notes, regulatory documentation — GDPR, LFPDPPP, Habeas Data, HIPAA-equivalent, Verifactu in Spain. One screen. Zero loose PDFs.

12+
Document types
5
Regulations supported
AUDIT
Full traceability
TRAZADOCS · CASE #1847
LFPDPPP · MX
Clinical
Patient
Financial
Regulatory
📋
Informed consent
Signed Apr 15
✓ OK
🧾
Privacy notice
Signed Apr 15
✓ OK
Prosthetic authorization
Required
MISSING
📸
Photo consent release
Signed Apr 15
✓ OK
General medical history
Expires Apr 20
EXPIRED
📝
Treatment plan
Signed Apr 16
✓ OK
Four categories

Every document has a home. Every home has a purpose.

Not a digital junk drawer — four categories ordered by function. You know where to look, the patient knows what to sign, the lab knows what to expect.

📋
Clinical
Medical history, informed treatment consent, therapeutic plan, surgical authorizations.
👤
Patient
Privacy notice, photo release, official ID, legal guardian authorization when applicable.
💰
Financial
Invoice/CFDI, signed quote, prosthetic value note, payment receipts. In Spain: Verifactu integrated.
Regulatory
CE marking of implanted material (MDR), lot and manufacturer, UDI traceability when applicable, GDPR consent log.
Regulations supported

One architecture. Five regulatory regimes.

TrazaDocs ships pre-configured with the document requirements of the main regulatory frameworks. The surgeon doesn't have to remember what's missing in each jurisdiction — the system knows.

🇲🇽
Mexico — LFPDPPP
Federal Law on Protection of Personal Data Held by Private Parties. Mandatory privacy notice, express consent for sensitive data, ARCO rights, limited international transfers.
CFDI · SAT · timbrado
🇪🇸
Spain — GDPR + Verifactu
General Data Protection Regulation (EU 2016/679) + Verifactu (Royal Decree 1007/2023). Record of processing activities, DPO for larger clinics, electronic consent signature, verifiable invoicing.
AEAT · AEPD · GDPR
🇨🇴
Colombia — Habeas Data
Law 1581 of 2012 + implementing decrees. Prior express authorization, database registered with SIC for clinics above a certain size, controlled international transfer.
SIC · DIAN · Habeas Data
🇦🇷
Argentina — PDP
Law 25,326 on Personal Data Protection. Registration in the National Registry of Databases, documented informed consent, equivalent ARCO rights.
AAIP · AFIP · Law 25,326
🇺🇸
US — HIPAA-equivalent
Health Insurance Portability and Accountability Act. PHI documentation with Business Associate Agreements, BAA consent with third parties, minimum 6-year retention.
HHS · HIPAA · BAA
🌎
Other Spanish-speaking countries
Chile, Peru, Brazil (LGPD), Ecuador, Uruguay. Modular architecture that adapts document requirements by selected jurisdiction, with automatic mapping.
LGPD · LPDP · regional compliance
Questions

What the surgeon and the accountant will ask together.

Is this a replacement for the invoicing system?
No. TrazaDocs manages documents; it doesn't issue CFDI/invoices. It integrates with your issuer (certified PAC in Mexico, accounting system in other countries, Verifactu in Spain). It receives the tax documents and ties them to the case.
Are documents digitally signed?
Yes. Simple electronic signature included; advanced electronic signature via integration with a certified provider (optional). Hashes are stored in the audit trail for later verification.
Where are the documents stored?
Cloudflare R2 with per-region residency (EU for European clients, US for American clients, MX for Spanish-speaking-country clients when locality is required). AES-256 encryption at rest + TLS 1.3 in transit.
How long are they retained?
By default, per applicable regulation: HIPAA 6 years, GDPR depends on purpose, LFPDPPP indefinite while the therapeutic relationship is active. Configurable by document type.
Can the patient exercise ARCO/GDPR rights?
Yes. Included self-service portal where the patient can request Access, Rectification, Cancellation or Objection (ARCO) or their GDPR equivalents. Requests are logged with a response deadline.

The living document is the only document that counts.

TrazaDocs is included in every TrazaLab plan. Configured for your clinic's jurisdiction from the first case.