Your AI feature works in demo. Then your compliance team sees it.
You cannot send PHI to a cloud LLM without a BAA. Your auditor wants tamper-proof logs of every prompt and response. Some data has to stay inside your VPC, full stop. We have shipped AI inside HIPAA workloads. We will not ask you to compromise on the compliance side.
- BAA
- Day-zero
- VPC-only
- On-prem option
- × 3
- SOC 2 audits
- Signed
BAA
Day-zero · Bedrock + on-prem
- Default
HIPAA
PHI redaction · audit log
- Live
SOC 2 Type II
Vendor of record × 3
- Aligned
HITRUST CSF
Aligned controls
- Available
VPC-only
On-prem inference option
- Default
Hash-chained log
Tamper-proof, exportable
PHI flow · how patient data moves through our build
Four steps. PHI never leaves your environment.
Ingress
Patient request lands in your VPC. PHI redaction runs immediately. Original payload encrypted and archived for audit.
On-prem inference
Llama 3 or Mistral runs inside your AWS VPC. No external model provider sees patient data, ever.
Hash-chained audit
Prompt, response, and clinician escalation logged. Each entry hashed against the previous. Tamper-proof export.
Clinician handoff
AI escalates to a clinician with context. Patient-facing surface is structured. Drift monitoring runs nightly on this path.
Three lanes · clinical, documentation, operations
AI inside healthcare workloads. Compliance is the spec.
Patient triage & portal
First-line intake with on-prem inference. Escalation paths to clinicians built in. PHI never crosses an external API. Tested against your real intent set, drift monitored nightly.
- Llama 3 / Mistral on your VPC
- BAA + audit log per response
- After-hours portal answers
- Drift caught before patients see it
Lab + imaging summaries
Reading lab reports, imaging notes, discharge summaries faster. Audit trail for every summary. Consistent format your clinicians can trust.
- Source citations always
- Clinician-grade review queue
- PHI redaction at ingress
- Format agreed with your team
Insurance pre-auth & billing
Document-driven pre-auth with AI extraction, human review, end-to-end audit log. Clean handoff to your billing system.
- Document AI extraction
- Human-in-the-loop checkpoints
- Billing system integration
- Audit-ready evidence pack
Audit-ready evidence pack · default
Eight artifacts that hand cleanly to your QSA.
We have walked into the audit room three times. Documentation is handed over without follow-ups. That bar is the one we hold ourselves to. Below is what is in the pack on day one of every engagement.
- BAA template, signed before kickoff
- PHI redaction at ingress · documented mappings
- Hash-chained audit log · per prompt + response
- On-prem inference deployment scripts in your repo
- Drift monitoring runbook · 30-day window
- Eval harness reproducible from a single command
- Model card per production model · auditor-ready
- QSA handover pack · PCI / HIPAA / SOC 2 mapped
Six-week build · 90-day drift watch
From PHI scoping to audit handover.
Week 1
Compliance scoping
Map PHI flow, auditor expectations, boundary between cloud and on-prem. Compliance becomes the spec.
Week 2
Architecture + BAA
BAA signed. Bedrock plus on-prem inference architected. Audit logging strategy locked in.
Week 3–4
Build with gates
Code in your repo via PR. Every PR runs through compliance checks before merge.
Week 5
Eval + drift
Eval harness against your real intent set. Drift monitoring live. Adversarial prompts in CI.
Week 6
Deploy + audit log
Production deploy inside your VPC. Audit logs streaming. Documentation pack handed to QSA.
Day 90
Drift watch
Drift monitoring stays on. Slack open. Quarterly model card refresh if your auditor asks.
Telehealth platform · triage agent
Production launch through legal review without a single follow-up.
- BAA
- Signed before kickoff
- Inference
- On-prem Llama 3
- PHI exposure
- Zero external API
- Audit log
- Hash-chained, exportable
- Eval target
- 92% locked in SOW
- Drift incidents
- 1 · caught pre-customer
They needed a triage agent their compliance team would actually approve. Two prior vendors had walked in with cloud-LLM demos and walked out without a BAA. The Head of Engineering was sceptical of every claim by the time we got the call.
We landed on day two with the BAA template, the audit-log architecture, and the on-prem deployment plan ready to walk through line by line. Compliance pre-approved the architecture before week one closed. Bedrock plus self-hosted Llama 3 on their VPC, hash-chained audit logging, PHI redaction at ingress.
By week six the triage agent was running entirely inside their AWS environment. Production launch went through legal review without a single follow-up. The compliance lead told us this had never happened before. The drift monitor caught one regression in month two — before a single patient saw it.
Compliance and deployment
Honest answers to compliance questions.
Build the AI feature your compliance team will approve
Thirty minutes on PHI flow. We map the path through legal.
No deck. We walk through your PHI flow, your auditor expectations, and what shipping looks like inside your compliance boundary.
- BAA-ready architecture
- On-prem inference experience
- SOC 2 vendor-of-record × 3
- HITRUST CSF aligned