45 CFR Part 160 + 164

AI safety + compliance for healthcare

The eval + guardrail + red-team + audit platform purpose-built for AI workloads that touch PHI. Eliminate hallucinations on clinical decision support, redact PHI before it reaches third-party LLMs, generate the audit trail your auditors and payers expect.

0
Scorers
0
LLM providers
0
Red-team plugins
0.00ms
Firewall p95

What ships today

Honest posture, not roadmap promises

Every checked item is in production today. In-progress items are flagged explicitly — no overclaiming, no vapor.

HIPAA-aligned technical safeguards (§164.312)
HIPAA-aligned administrative safeguards (§164.308)
AI-specific HIPAA controls (5 categories mapped)
Breach Notification Rule flow (§164.400-414)
Privacy Rule controls (§164.500-534)
BAA available on request (Business Associate)
Third-party HIPAA attestation by accredited firm

Built for buyer reality

Healthcare AI use cases we ship for

Chart summarization + clinical handoff

AI summarizes a patient chart for a covering clinician at shift change. PHI must stay inside the workload; summaries must not hallucinate a diagnosis or medication that isn't in the record.

EvalGuard features

  • PHI firewall: redacts SSN / MRN / DOB / patient name from logs by default
  • Hallucination scorer: faithfulness check against the source chart
  • Output guardrail: block mode rejects responses introducing un-cited claims
  • Audit log: every summary logged with clinician + patient resource_id for §164.312(b)

Patient-facing triage chatbot

Public-internet chatbot collects symptoms + routes patients to the right service. Cannot output medication dosing, cannot impersonate a clinician, cannot leak prior patients' PHI.

EvalGuard features

  • Prompt-injection defense: 249 attack plugins catch jailbreak attempts trying to extract prior sessions
  • Output toxicity + medical-advice scorers flag responses crossing into clinical advice
  • Per-route rate limits prevent enumeration attacks against the symptom-collection endpoint
  • Consent gates at /api/v1/privacy/consent — refuses LLM call when subject withdraws

Prior-authorization automation

AI drafts prior-auth letters from claims + chart data, then a human reviews + signs. PHI flows through multiple LLM calls; cost + audit trail per claim must be perfect for payer disputes.

EvalGuard features

  • Gateway cost ledger: per-claim USD attribution + per-tenant daily budget cap
  • Tamper-evident audit log (integrity_hash + advisory-lock concurrency) for payer dispute defense
  • BYOK provider keys: routes through Vault-stored credentials, never logged
  • Multi-model routing with quality-cost strategy — cheapest model meeting accuracy threshold

Voice telemedicine guardrails

Live voice consult between clinician + patient is transcribed + summarized in real-time. Need voice-clone detection, barge-in latency under 250ms, deepfake guard on patient identity verification.

EvalGuard features

  • Realtime voice control plane (shipped PR #401) — WebRTC + VAD + diarization
  • Voice-clone + deepfake guardrail (Phase 0 scorers + Phase 1 live hooks)
  • Per-frame guardrail scan via gateway 1-ζ realtime WebSocket proxy
  • Sub-250ms barge-in budget enforceable via streamScanMode:per-chunk

Wire it in 60 seconds

Wrap your OpenAI client. Get PHI guardrails for free.

PHI firewall rules + clinical-faithfulness scorers + BAA-protected audit retention are configured once in the EvalGuard control plane. Your code only wraps the client.

typescript
import OpenAI from "openai";
import { wrapOpenAI, EvalGuardViolationError } from "evalguardai-openai";

const openai = wrapOpenAI(new OpenAI(), {
  apiKey: process.env.EVALGUARD_API_KEY!,
  projectId: "phi-chart-summary",
  metadata: { vertical: "healthcare", hipaa: true },
  blockOnViolation: true,                  // refuse PHI-leaking prompts
  evalOnResponse: { failOnScore: 0.7 },    // clinical-faithfulness gate
  onViolation: (r) => alertSecOps(r.violations),
});

try {
  await openai.chat.completions.create({
    model: "gpt-4o",
    messages: [{ role: "user", content: chartSummaryPrompt }],
  });
} catch (err) {
  if (err instanceof EvalGuardViolationError) {
    // Block landed in BAA-protected audit trail. Replay via audit ID.
  }
}
Firewall PHI patterns + scorer thresholds + retention live in the EvalGuard control plane — set once per project, no SDK calls needed.
Same integration for Anthropic, Gemini, and 91+ providers — swap wrapOpenAI for wrapAnthropic.

Stack

Six surfaces, one platform

Eval, firewall, red-team, audit, BYOK, dashboard — every surface ships out of the box. No bolt-on vendors, no procurement cycle per capability.

PHI firewall

Pre-LLM regex + LLM-based detection across 18+ PII types including MRN, DOB, insurance ID.

Hallucination scorers

Faithfulness, answer-relevance, citation-coverage scorers for clinical decision support.

Red-team (249 plugins)

Healthcare-specific pack: PHI extraction, dosage-jailbreak, impersonate-clinician scenarios.

Audit log + breach flow

Tamper-evident audit log + §164.400-414-compatible breach notification triage.

Voice telemedicine

Realtime voice plane: VAD, diarization, voice-clone + deepfake guards, sub-250ms barge-in.

Compliance dashboard

Per-tenant HIPAA control coverage with auto-generated evidence bundles for your auditor.

Ready to ship clinical AI you can defend?

Free trial includes the full HIPAA control mapping, PHI firewall, and audit log. BAA on request before any PHI hits the platform.

Start free trialTalk to founders

Apache-2.0 source · SOC 2 Type II in progress · full trust center