Healthcare · PHIPA · HIPAA · BAA on request

Private AI, built to survive an audit.

ArcaKey is a privately-keyed, quantum-encrypted reasoning environment for practitioners, clinics, and hospital departments whose clinical notes, case files, and correspondence cannot live on a commercial AI vendor’s server.

Request accessRead the architecture paper
The problem

What your AI is saying to OpenAI’s servers.

The commercial models your staff already use retain prompts for training, expose them to vendor employees under subpoena, and aggregate metadata across tenants. For a family practice that is awkward. For a hospital department that is a reportable breach waiting to happen.

Training on PHI
Free tiers, and many paid tiers, retain prompts for model improvement. PHI is not exempt unless a BAA says so.
Vendor-held keys
Encryption at rest where the vendor holds the key is not encryption against the vendor. It is encryption against the janitor.
Shared infrastructure
One noisy-neighbour compromise, one misconfigured side channel, one rogue sysadmin — every tenant is exposed at once.
Discoverability
Prompts, completions, and metadata sit in vendor logs long after your session ends. Subpoenas reach those logs.
The architecture

What a healthcare deployment actually provides.

Nothing below is aspirational. Every line is an architectural mechanism, not a marketing promise — and every claim is tied to the artifact that backs it on the security page.

  • TEE-isolated inference
    NVIDIA H100 in Confidential Computing mode; memory encrypted on-die. Attestation verified before every session; the platform operator is cryptographically excluded from the plaintext path.
  • Zero retention, on demand
    Ghost Mode is a per-session toggle. Conversations held only in TEE memory, purged on session close. No shadow logs, no “for quality purposes.”
  • User-held keys (Executive+)
    Patient history, clinical notes, and dictation are wrapped by a key derived from the practitioner’s passphrase or FIDO2 token. Lose the key, lose the data — stated plainly in the retainer.
  • Signed, exportable audit log
    Ed25519-chained entries for every operation. Metadata only — never content. Exportable and verifiable offline by your compliance officer or their auditor.
  • BAA workflow
    HIPAA Business Associate Agreement template is in outside-counsel review; available to Teams Executive and Enterprise applicants on completion. Healthcare deployments run from the northamerica-northeast1 (Montréal) region for PHIPA alignment; capacity subject to confirmation.
  • Zero training, by construction
    Your prompts and completions are not training data. Not opted-out by a toggle — mathematically excluded because we do not hold the plaintext.
Knowledge Pack

Healthcare Knowledge Pack, included.

Every healthcare deployment carries a curated reference layer. It lives inside the TEE alongside your session — not in a third-party retrieval service, and not on a shared vector database.

DSM-5-TR reference
Diagnostic criteria, code crosswalks, clinical descriptors — searchable inside the vault.
HIPAA & PHIPA guidance
Minimum-necessary determinations, access-log templates, breach-notification workflows.
PubMed feeds
Curated, signed, opt-in freshness for the specialties you select at onboarding.
Clinical-notes templates
SOAP, HPI, DAP, and structured psychotherapy frameworks, formatted for downstream EHR paste-in.
CMS & billing rules
HCPCS, CPT, ICD-10-CM references with retention-aware citations.
Formulary & interactions
Drug interaction matrices with pregnancy category and renal-dosing flags.

Pack contents are versioned and signed. Updates roll only after a human-in-the-loop review — not on a silent vendor schedule.

Verification

Download the evidence. Do not take our word.

Every TEE-routed session emits a signed attestation artifact you can download and verify offline. The sample below is freshly signed on request — it is a real artifact, not a static image.

Download signed sampleClaims & artifact indexsecurity.txt

For the patient notes that cannot live on anyone else’s server.

Practitioners apply for Executive; clinics and hospital departments apply for Teams Executive or Enterprise. Every path begins with a private conversation.

Request accessSee tiers