Your health model belongs to you.
Health Core is built on four commitments: that you own your data outright, that agents act only within permissions you grant, that every inference is inspectable and sourced, and that the boundary between longitudinal health infrastructure and a medical system is sharp and permanent.
- 01You own your dataPortable, exportable, and never locked to an app or platform.
- 02Consent is explicitAgents act only within the permissions you grant — and can revoke.
- 03Everything is inspectableEvery inference is sourced, confidence-rated, and explained.
- 04A sharp medical boundaryHealth Core organises your data; it does not diagnose or treat.
Your data is yours — not ours, not an app's, not a platform's.
Health Core is personal infrastructure, not a walled garden. Your Longitudinal Health Profile is portable and exportable by design, and you retain full rights to it regardless of how you use or stop using the product.
Portable by design
Your Longitudinal Health Profile is not coupled to any single application, device, or provider. It travels with you.
Exportable on demand
Request a full export of your profile at any time, in a structured, human-readable format. No waiting, no friction.
Not locked to any platform
Health Core does not hold your data hostage. You can move, mirror, or migrate your profile without negotiating with a gatekeeper.
Deletion is real
Deleting your profile means deletion. There are no hidden retention copies, no shadow models, no deferred purge windows.
Agents act only within what you approve.
Every capability an agent exercises is tied to a permission you explicitly granted. Higher autonomy requires explicit checkpoints — the system never escalates quietly or assumes permission from prior behaviour.
Scoped permissions
Every agent capability is attached to an explicit, narrowly-scoped permission. Agents cannot act beyond what you have approved.
Explicit checkpoints for autonomy
As agent autonomy increases — from explaining to acting — each new level requires a deliberate checkpoint. The system never escalates silently.
Revocable at any time
Any permission you grant can be narrowed, paused, or revoked without disrupting the rest of your profile or losing your history.
No inferred consent
Consent is never assumed from passive use. Ambiguous cases default to doing less and asking first, not to doing more and explaining later.
How it works in practice
Consent management in Health Core is concrete, not a setting buried in a menu. Here is the shape of a typical permission, from grant to revocation.
Illustrative — interface shown for explanation, not a production screenshot.
- 01
Grant a scoped permission
An agent requests a specific, narrow capability. You see exactly what it can read or do, and for how long, before anything happens.
- 02
Clear a checkpoint for autonomy
When an action raises the autonomy level — like preparing an export to share — the system pauses and asks before it proceeds.
- 03
Revoke whenever you choose
Every permission lives in one place. Narrow it, pause it, or revoke it at any time — without losing your history.
The system explains what it believes, and why.
Every observation in your profile carries a record of where it came from and how confident the system is. Inferences are labelled as inferences. The system is never deliberately opaque.
Every observation carries its source
Each entry in your profile records where it came from — which app, which agent, which integration — so you always know the chain of origin.
Confidence is explicit
The system records how confident it is in each inference. Low-confidence interpretations are labelled as such; they are never silently elevated to facts.
Agents explain their reasoning
When an agent surfaces a pattern or suggestion, it explains what data it drew on and why — not just what it concluded.
Never a black box
There is always a path to understand what the system believes about your health and why. A developer surface exposes schema behaviour, provenance, and agent outputs.
Ambiguity is surfaced, never buried.
Health is inherently uncertain. Health Core treats uncertainty as a first-class property, not a defect to hide.
When a pattern is plausible but not confirmed, the system says so. When a data point conflicts with prior observations, that tension is preserved rather than silently resolved. Confidence levels are recorded alongside every inference.
The system does not present low-confidence interpretations as established fact. It does not smooth over missing data by extrapolating silently. It does not manufacture coherence at the expense of accuracy.
Where the system is uncertain, it says it is uncertain. Where data is absent, it records absence. Where interpretations conflict, it surfaces the conflict so you — and any clinician you share your profile with — can see the full picture rather than a curated summary.
You govern meaningful parts of your own model.
Health Core is designed to make you more capable — not more dependent on the system. Every meaningful action on your profile is available to you, not just to the platform.
- Inspect
- Correct
- Approve
- Export
- Restrict
- Delete
Inspect — view the full contents of your profile at any time, including raw observations, agent inferences, and provenance records.
Correct — flag or override any entry you believe is inaccurate. Corrections are recorded in the provenance trail, not silently overwritten.
Approve — agent actions above a configurable autonomy threshold require explicit approval before they execute.
Export — download a complete, structured copy of your profile at any time, in a format designed for both human readability and interoperability.
Restrict — limit which agents, integrations, or external systems can read or write any part of your profile.
Delete — permanently remove any entry, set of entries, or your entire profile. Deletion is real and final.
Export & deletion in practice
Illustrative — interface shown for explanation, not a production screenshot.
The test every feature has to pass.
Trust is not a marketing layer — it is the filter we hold every product and engineering decision against. Before anything ships, it has to answer yes to these questions, drawn directly from our founding principles.
- 01
Does it strengthen the health profile you own?
- 02
Does it improve continuity across time?
- 03
Does it make agent reasoning more coherent and explainable?
- 04
Does it preserve your agency and consent?
- 05
Does it improve provenance, confidence, or auditability?
- 06
Does it keep the system modular and open?
- 07
Does it avoid locking you into a single app or interface?
- 08
Does it move Health Core toward shared infrastructure, not another silo?
Read more about the thinking behind this in our manifesto.
Built to align with the standards that protect health data.
Health data privacy is a regulatory obligation as much as an ethical one. Health Core is engineered to align with the frameworks that govern personal and patient data.
Designed to align with GDPR principles
Data minimisation, explicit lawful basis through consent, the right to access and erasure, and genuine data portability are built into the model — not bolted on afterwards.
Building toward HIPAA-aligned safeguards
As Health Core matures toward clinical-grade infrastructure, access controls, audit logging, and data handling are engineered toward HIPAA-aligned standards.
Security by default
Encryption in transit and at rest, least-privilege access, and an audit trail for every read and write of your profile.
Independent review
We intend to pursue third-party security review and certification before any general-availability release — and to publish the outcomes.
A note on status. Health Core is in private beta and under active development. The points above describe our design commitments and the standards we are working toward — not current certifications. For a detailed security overview, or to discuss compliance for your organisation, contact us at access@qedhealth.com.au.
Common questions about data, consent, and privacy.
Short answers to the questions we hear most about ownership, consent management, and patient data rights.
Who owns the health data in Health Core?
Can I delete or export my data?
Is Health Core a medical or diagnostic system?
How does consent work for agent actions?
Is Health Core HIPAA or GDPR compliant?
A sharp line between infrastructure and medicine.
Health Core organises and helps you understand your own health information. It is not a diagnostic or treatment system, and it is not designed or tested to serve as one.
Important notice
Health Core is not a diagnostic or treatment system and does not provide medical advice. It helps you organise and understand your own health information. Always consult a qualified clinician for medical decisions.
- Health Core does not diagnose or treat any condition.
- Patterns and interpretations surfaced by agents are organisational, not clinical.
- Nothing in Health Core substitutes for a consultation with a qualified clinician.
- In a medical emergency, contact emergency services immediately.
See also: how Health Core works and why we built it this way.
Own your health model from day one.
Health Core is in private beta. Early users help shape the ownership, consent, and inspectability model — and receive full access to every agency control from the start.
Request access