Platform Overview
LAMISPlus is a multi-tenant healthcare platform. A single deployment of the system can serve hundreds of independent health facilities, each with its own staff, its own patients, and its own configuration. From a health authority's perspective, this means one platform manages the entire network. From each facility's perspective, they have their own private, isolated system.
The platform is built around three commitments: every facility's data stays completely separate, every feature can be turned on or off without disrupting the system, and every action is traceable to the person who performed it.

Multi-tenant architecture
In a multi-tenant deployment, one LAMISPlus installation serves many organisations and facilities simultaneously. Each organisation is called a tenant. A tenant might be a national health programme managing 50 facilities, or a hospital network managing 10 hospitals. Within each tenant, individual facilities operate independently.
Each facility in the network is fully isolated from the others. Staff at Facility 1 cannot see data from Facility 2 or any other facility. Administrators at the tenant level can view aggregate data across all their facilities but cannot modify records at the facility level.
Supporting multiple facilities
Running one system across many hospitals is harder than it sounds. Without the right design, a configuration mistake can expose one hospital's records to another. LAMISPlus prevents this by isolating each facility's data at the platform level, not through policy, but through how the system is built.
Every record in the system belongs to exactly one facility. The platform enforces this boundary on every read and every write. A staff member logged into Facility A physically cannot access Facility B's records, regardless of their role or permissions.
Adding a new facility is fast, no new servers, no new databases, no reconfiguration of existing facilities. The platform handles it automatically.
Clinical modules, turn on what you need
Every clinical capability in LAMISPlus is a separate module. When a facility is set up, the administrator enables the modules that facility needs. A rural primary care clinic might only need triage and pharmacy. A national HIV programme centre needs the full public health module. A general hospital needs everything.
Modules can be added to a running system without downtime. When a module is enabled, its menu appears in the interface for that facility's staff. When it is disabled, it disappears. The underlying data is never deleted.
How access control works
Every staff member in LAMISPlus has a role, doctor, nurse, lab scientist, pharmacist, records officer, administrator. Each role carries a specific set of permissions: what they can view, what they can create, and what they can modify.
A lab scientist can enter test results but cannot write prescriptions. A nurse can capture vitals but cannot modify a doctor's consultation notes. The interface itself reflects these boundaries, staff members never see buttons or menus for actions they are not authorised to perform.
Permissions are set by each facility's administrator. They can create custom roles to match the exact staffing structure of their facility.
Audit trail
Every write operation in the system, every patient record created, every clinical note saved, every drug dispensed, is logged with the staff member's identity, the timestamp, and what was changed. This log cannot be altered or deleted. It is available to facility administrators for compliance, investigation, and quality assurance purposes.
Security
Staff must log in with their credentials before accessing anything in the system. Sessions expire automatically after a period of inactivity, so walking away from a workstation does not leave patient data open. Facility data isolation is handled at the platform level rather than through policy or administrator configuration. All traffic between the browser and the server is encrypted. Staff see and interact with only what their assigned role permits.
System reliability
LAMISPlus is designed to continue operating even when individual components encounter problems. Clinical modules are isolated from each other, a problem in the billing module does not affect the OPD or the lab. The system monitors the health of each module continuously and alerts administrators when intervention is needed.
For technical architecture details, see Data & Security Architecture and Interface Architecture.