1. 🎯 Sprint Summary
| Sprint | 5.3 (MyKad NRIC + KKM eHIS Bridge) |
| Duration | 16 Aug - 5 Sep 2027 (3 weeks) |
| Goal | MyKad smart-card identity (JPN) · KKM eHIS read (history fetch) + write (encounter post-back) · cross-system continuity · government partnership groundwork · 30%+ MediEco patients consent to link |
| Capacity | 5 FTE (2 BE + 1 FE + 0.5 prompt + 1 DevOps + 0.5 Compliance) + 0.5 Founder + 0.5 Doc Zam |
| Velocity target | 85 SP |
| Demo date | 5 Sep 2027 |
2. 🔄 Integration Flow
Patient ──MyKad──► JPN reader ──► Identity verified
│
▼
┌──────────────────────┐
│ Patient consents to │
│ link KKM eHIS │
└──────┬───────────────┘
│ Yes
▼
KKM eHIS ◄───── Fetch patient history ─── MediEco
│ │
├── Allergies (FHIR AllergyIntolerance) ►│
├── Medications (FHIR MedicationStatement)│
├── Conditions (FHIR Condition) ►│
├── Encounters (FHIR Encounter) ►│
└── Immunisations (FHIR Immunisation) ►│
│
▼
MediEco encounter happens
│
▼
KKM eHIS ◄───── Post encounter back ────── MediEco
├── New encounter
├── New allergy (if any)
└── New ADR (if any)
Audit log: every read + write logged · M9 verifies hash chain
3. 🚦 Pre-Sprint Gate Checklist
- Sprint 5.2 demoed and signed off
- JPN MyKad reader SDK procured · 5 readers per pilot tenant
- KKM eHIS partnership agreement signed (sandbox + production access)
- eHIS API specs reviewed · FHIR R4-aligned read + write
- PDPA cross-system data sharing legal opinion obtained
- Patient consent flow drafted (BM/EN/CN/TA · matches 5.2)
- Government data residency requirements confirmed (must stay on Malaysian soil)
- Audit log extension for cross-system events ready
4. 🧩 Sprint Scope
- MyKad Reader Integration: JPN PKCS#11 SDK · USB reader · biometric verify · NRIC + name + DOB · session token
- Identity Bridge: Map MyKad NRIC → MediEco patient record · auto-create or merge with existing
- KKM eHIS Read API: Fetch FHIR bundle (Patient · Encounter · MedicationStatement · AllergyIntolerance · Condition · Immunisation) per consented patient
- Pre-Consult Briefing Extension (M2): If linked, briefing surfaces "KKM eHIS history" section · last 5 encounters · all allergies · all active meds
- KKM eHIS Write API: Post encounter back · new allergies · ADRs · immunisations · only on patient consent
- Conflict Resolution: Merge MediEco vs eHIS data · timestamp-aware · doctor reviews disagreements
- Patient Consent UI: Granular per-resource consent (read/write each type) · revocable · per-tenant scope
- Cross-System Audit: Every read + write logged · NRIC + tenant + resource type + timestamp
- Tenant Admin: eHIS link enable/disable per tenant · activity dashboard · error rate monitoring
5. 📅 Day-by-Day Plan (15 days)
D1Mon 16 Aug · Schema + JPN SDK Setup
DB migrations · MyKad SDK install · USB reader test bench · pilot tenant 1 hardware shipped.
DB migrations · MyKad SDK install · USB reader test bench · pilot tenant 1 hardware shipped.
D2Tue 17 Aug · MyKad Reader Integration
PKCS#11 binding · NRIC read · biometric (thumbprint) verify · session token issued.
PKCS#11 binding · NRIC read · biometric (thumbprint) verify · session token issued.
D3Wed 18 Aug · Identity Bridge
MyKad NRIC → patient record matching · auto-create or merge · audit log.
MyKad NRIC → patient record matching · auto-create or merge · audit log.
D4Thu 19 Aug · Patient Consent UI
Multi-language consent flow (BM/EN/CN/TA) · per-resource toggles · revocable.
Multi-language consent flow (BM/EN/CN/TA) · per-resource toggles · revocable.
D5Fri 20 Aug · Mid-Demo + KKM Sandbox
MyKad reader live demo · KKM sandbox API first ping · auth flow established.
MyKad reader live demo · KKM sandbox API first ping · auth flow established.
D6Mon 23 Aug · KKM eHIS Read API
Fetch FHIR bundle per consented patient · cache strategy · error handling.
Fetch FHIR bundle per consented patient · cache strategy · error handling.
D7Tue 24 Aug · Pre-Consult Briefing Extension
M2 briefing surfaces "KKM eHIS history" section · last 5 encounters · all allergies + active meds.
M2 briefing surfaces "KKM eHIS history" section · last 5 encounters · all allergies + active meds.
D8Wed 25 Aug · KKM eHIS Write API (Encounters)
Post-encounter write-back · only on consent · ack tracking · retry on failure.
Post-encounter write-back · only on consent · ack tracking · retry on failure.
D9Thu 26 Aug · Write API (Allergies + ADRs)
New allergy from M5 · new ADR from M6 · pushed to eHIS · audit logged.
New allergy from M5 · new ADR from M6 · pushed to eHIS · audit logged.
D10Fri 27 Aug · Mid-Demo + Conflict Resolution
Conflict detection · doctor reviews disagreements · merge UI mockup.
Conflict detection · doctor reviews disagreements · merge UI mockup.
D11Mon 30 Aug · Conflict Resolution UI
Doctor reviews · accept eHIS · accept MediEco · merge · audit log per decision.
Doctor reviews · accept eHIS · accept MediEco · merge · audit log per decision.
D12Tue 31 Aug · Tenant Admin Panel
Per-tenant eHIS enable · activity dashboard · error rate · consent stats.
Per-tenant eHIS enable · activity dashboard · error rate · consent stats.
D13Wed 1 Sep · Cross-System Audit
Every read+write log · NRIC+tenant+resource+timestamp · M9 hash chain extension.
Every read+write log · NRIC+tenant+resource+timestamp · M9 hash chain extension.
D14Thu 2 Sep · Hardening + Production Test (Doc Zam)
Doc Zam tenant flips on · 3 real patients link MyKad · history pulled · encounter pushed back · monitor 24h.
Doc Zam tenant flips on · 3 real patients link MyKad · history pulled · encounter pushed back · monitor 24h.
D15Fri 3 Sep · Demo Prep + Polish
Demo deck · 30%-target pathway · government partnership narrative.
Demo deck · 30%-target pathway · government partnership narrative.
+Mon 5 Sep · Sprint Demo + Retro
9am demo · 11am retro · 2pm 5.4 (DICOM) prep.
9am demo · 11am retro · 2pm 5.4 (DICOM) prep.
6. 📦 Deliverables
| FR | Item | SP |
|---|---|---|
| FR-5.3.1 | MyKad PKCS#11 reader integration | 8 |
| FR-5.3.2 | NRIC + biometric verify · session token | 5 |
| FR-5.3.3 | Identity bridge · auto-create/merge | 5 |
| FR-5.3.4 | Patient consent UI (4 languages) | 5 |
| FR-5.3.5 | KKM eHIS read API · FHIR bundle | 8 |
| FR-5.3.6 | Pre-consult briefing eHIS section (M2) | 5 |
| FR-5.3.7 | KKM eHIS write API (encounters) | 8 |
| FR-5.3.8 | Write API (allergies + ADRs) | 5 |
| FR-5.3.9 | Conflict resolution UI | 8 |
| FR-5.3.10 | Tenant admin eHIS panel | 5 |
| FR-5.3.11 | Cross-system audit + M9 extension | 5 |
| FR-5.3.12 | Production rollout · 3 patients linked | 5 |
| FR-5.3.13 | Compliance pack update (eHIS · PDPA) | 5 |
| FR-5.3.14 | Pen-test light · cross-system surface | 3 |
| TOTAL | 85 SP |
7. 👥 Team Capacity
| Role | Allocation | Focus |
|---|---|---|
| Eng Lead / BE | 1.0 FTE | KKM eHIS API · auth · audit |
| BE Dev 3 (KKM specialist) | 1.0 FTE | FHIR bundle handling · conflict logic · write-back |
| FE Dev | 1.0 FTE | Consent UI · conflict resolution · tenant admin |
| Prompt Eng | 0.5 FTE | Briefing prompt extension · history summarisation |
| DevOps | 1.0 FTE | Reader hardware · KKM API ops · data residency |
| Compliance Lead | 0.5 FTE | eHIS PDPA · cross-system audit · doc pack update |
| Founder | 0.5 FTE | JPN + KKM partnership · government relationships |
| Doc Zam | 0.5 FTE | Conflict resolution UX · clinical sign-off |
| QA | 0.5 FTE | End-to-end MyKad → eHIS → MediEco · audit verification |
8. 🔔 Sprint Ceremonies
- Mon 16 Aug 9am — Sprint Planning (90 min)
- Daily 9am — Standup (15 min)
- Fri 20 Aug + Fri 27 Aug 4pm — Mid-sprint demos (45 min each)
- Wed 1 Sep 4pm — Compliance + audit review (60 min)
- Mon 5 Sep 9am — Sprint Demo (60 min)
- Mon 5 Sep 11am — Sprint Retro (60 min)
9. 🩺 Sign-off Items
- MyKad reader integration legally compliant (JPN approval)
- KKM eHIS API integration sandbox-passed + production-tested
- Patient consent flow legally + clinically defensible · 4 languages
- Conflict resolution UX clinically appropriate
- Cross-system audit log complete · every read + write captured
- PDPA + government data residency verified
- Compliance pack updated · external consultant review
- 3 real patients linked successfully on production
- Final demo (5 Sep) — written sign-off
10. 🎬 Demo Agenda — 5 Sep 9am (60 min)
| Time | Segment |
|---|---|
| 0-5 | Recap · government partnership narrative · 30%-target |
| 5-15 | Live MyKad insert + biometric · identity verified · merge with existing patient |
| 15-25 | Patient consent · 4 languages · per-resource toggle |
| 25-35 | KKM eHIS history pulled · briefing surfaces · doctor sees |
| 35-45 | Conflict resolution · MediEco vs eHIS allergy mismatch · doctor reconciles |
| 45-55 | Encounter complete · post-back to KKM eHIS · ack received · audit logged |
| 55-60 | Doc Zam + Compliance Lead sign-off · 5.4 prep |
11. 🛡️ Contingency
| Risk | Trigger | Response |
|---|---|---|
| JPN SDK approval delay | SDK access slow | Manual MyKad reading via SC reader open SDK · escalate to JPN partnership |
| KKM API instability | Sandbox unstable | Cache last-known-good · queue writes · retry · alert ops |
| FHIR bundle malformed | Schema drift | Validator pre-pull · fallback to raw JSON · escalate to KKM ops |
| Conflict resolution complex | Edge cases not modeled | Doctor manual override always available · iterate post-launch |
| Adoption slow (< 10%) | Patients reluctant | Patient education · "save your record" benefit · per-tenant flag |
| Government partnership stalls | Approval delay | Ship sandbox-only first · production access incremental · MOU progressively |