MedLog PG is not a generic logbook adapted for India. It was designed ground-up against NMC PGMEB 2023 regulations — with NAAC and data-security compliance built in from day one.
Postgraduate Medical Education Board Regulations 2023
The NMC PGMEB 2023 mandates a competency-based medical education framework for all postgraduate medical programmes. MedLog PG is the only platform where every regulation is pre-configured — no spreadsheet setup, no custom configuration required before going live.
Every NMC-recognised postgraduate specialisation is in the database. When you onboard a new batch, the correct competency set appears automatically without any manual data entry.
Competencies are mapped to three NMC domains. Students see progress per domain. Faculty and admin can filter compliance by domain to identify specific gaps quickly.
Formal guide sign-off is recorded with the attainment level (basic / proficient / expert), remarks, and a timestamp. The record is immutable once approved — creating a robust evidence trail for inspection.
NMC mandates multi-source feedback. MedLog captures structured feedback from faculty, peers, and patients (5-point scale across 7 professionalism domains) and aggregates it into the student's portfolio.
National Assessment and Accreditation Council — Criteria III & IV
NAAC accreditation for medical colleges requires structured evidence of teaching activity, student progression, and research output. MedLog PG maintains all this data as a by-product of normal daily use — and bundles it into a criterion-wise NAAC pack on demand.
Pre-2023 logbook and clinical case log requirements
Diagnosis (free text + ICD-10), procedure type, patient category (OPD/IPD/Emergency/ICU), and student role (attending / performing / assisting) — all captured per entry.
Student role per case is recorded so competency claims are differentiated by level of involvement, as required by legacy MCI logbook formats.
Faculty reviews and verifies each log entry with feedback and a rating. Returned entries must be resubmitted. The verification chain is auditable.
Each case log is linked to one or more NMC competencies. Legacy formats required procedure-to-competency mapping — MedLog enforces this at submission time.
Medico-legal evidence integrity and access control
Access tokens expire in 15 minutes; refresh tokens in 7 days. Short-lived access tokens limit exposure if a session is compromised.
All passwords are hashed with bcrypt at 12 rounds — significantly stronger than the default 10 rounds used by most web frameworks.
Every significant action — log create/edit/delete, verification, signoff, attendance mark, login — is recorded with timestamp, user, and affected entity. Cannot be edited or deleted.
All POST forms include CSRF tokens via Flask-WTF. Cross-site request forgery attacks are blocked at the framework level across every route.
All API endpoints are rate-limited to prevent brute-force attacks on login, OTP, and sensitive data endpoints.
Records are never permanently deleted — they are marked inactive with a deleted-at timestamp. Data can be recovered if needed, and the audit trail is never broken.
Four roles — Student, Faculty, Admin, Superadmin — with separate permission sets. No role can access another role's portal routes, enforced at every endpoint.
Institution signup requires email verification via a time-limited signed token before the institution is activated. Prevents fake registrations.
Each institution's data is isolated by institution_id at the query level on every route. No institution can see another institution's records.
Every compliance framework above is active on your account from the moment you complete onboarding. No configuration, no consultants, no implementation fees.