Trust Center

    Federal Data Governance & Security

    Engineered for zero data exfiltration and strict adherence to CMS ARS 5.1 controls. Infrastructure posture — not certification claims.

    Architecture

    PHI de-identification before inference — enforced by pipeline topology.

    All 18 HIPAA identifiers are stripped on-boundary before clinical text is passed to any language model. This is not a configuration setting or a policy control — it is the only path through the processing pipeline.

    LLM inference endpoints receive only scrubbed clinical text. There are no outbound API calls to external AI providers. Source citations in the output reference document coordinates, not re-identified content.

    Enforced by topology, not configuration.

    PHI de-identification is the only available path through the pipeline — it cannot be bypassed by misconfiguration.

    De-identification Pipeline — Universal Guarantee

    01

    Document Receipt

    PHI Present

    Raw clinical document received via FHIR API or secure upload.

    02

    On-Boundary De-identification

    PHI Stripped

    All 18 HIPAA identifiers stripped. Audit hash logged. PHI boundary enforced.

    03

    LLM Inference

    Scrubbed Text Only

    De-identified text only — processed via authorized AWS Bedrock endpoints.

    04

    Structured Evidence Output

    No PHI in Output

    Source-cited findings returned. Citations reference document coordinates.

    External AI providers, unscreened patient identifiers — excluded by pipeline design.

    Compliance

    Infrastructure posture — not certification claims

    HIPAA

    • Automated PHI de-identification before inference
    • All 18 HIPAA identifiers stripped on-boundary
    • Business Associate Agreement (BAA) available
    • Minimum Necessary standard enforced at pipeline level

    FedRAMP

    • Architected for FedRAMP Moderate environments
    • AWS GovCloud compatible deployment
    • CMS ARS 5.1 control alignment
    • FISMA-aligned risk management documentation

    Zero Trust

    • Supports EO 14028 Zero Trust Architecture principles
    • FIPS 140-2 encryption via AWS KMS
    • Stateless processing — no persistent session state
    • Least-privilege IAM role architecture throughout

    Accessibility

    • Section 508 compliant interface design
    • WCAG 2.1 AA conformance
    • Keyboard-navigable reviewer workflows
    • Screen reader compatible output formats

    Data Pipeline Transparency

    LLM endpoints only ever process scrubbed clinical text

    01

    Document Receipt

    PHI Present

    Raw clinical document received via FHIR API or secure upload.

    02

    On-Boundary De-identification

    PHI Boundary

    All 18 HIPAA identifiers stripped. Audit hash generated and logged. PHI never transmitted beyond this point.

    03

    LLM Inference via AWS Bedrock

    Scrubbed Text Only

    De-identified clinical text processed by internally authorized AWS Bedrock endpoints. No PHI in the inference payload.

    04

    Structured Evidence Output

    No PHI in Output

    Source-cited findings returned to the reviewer. Citations reference document coordinates — not re-identified content.

    Enforced by topology, not configuration. PHI de-identification occurs at Step 02 — before any inference. This cannot be bypassed by misconfiguration.

    What the LLM receives

    De-identified clinical narrative
    Scrubbed lab values and dates
    Anonymized diagnosis codes
    Redacted provider and facility names
    Structured document coordinates (for citation)

    What the LLM never receives

    Patient name or date of birth
    MRN, SSN, or insurance identifiers
    Geographic data below state level
    Provider NPI or facility identifiers
    Any of the 18 HIPAA Safe Harbor identifiers

    Request the security architecture package

    System Security Plan outline, deployment architecture diagram, AWS GovCloud reference design, and BAA available under NDA. Pre-engagement technical review calls with your ISSO or security team available on request.