Hearth & Alloy
GUARDIAN HEALTH BY HEARTH & ALLOY

Safe AI Workbench for Healthcare

An enterprise-grade AI workbench with automatic PHI detection, policy enforcement, and full audit trails—so your teams can use AI productively without compromising privacy or compliance.

Become a Design Partner Request a Demo →

Executive Summary

Use AI Safely—Without Risking PHI or Compliance

Generic AI tools can leak PHI, violate policy, and lack audit trails.

Guardian Health is an enterprise Safe AI Workbench that lets healthcare organizations and other regulated industries use AI productively—while preventing PHI exposure and enforcing organizational policy with full auditability.

Why It's Needed

The Problem with Consumer AI Tools

⚠️

No PHI Detection

Consumer AI tools can't detect or block sensitive health information before processing.

🚫

No Policy Enforcement

They don't provide organizational controls over what data can be processed or how.

📋

No Audit Trails

Missing the comprehensive logging that compliance teams require for HIPAA/SOC 2.

How It Works

Four-Step Safety Process

🔍

1. Input Gated

PHI detection runs on all user input using Microsoft Presidio (NLP+regex) with custom healthcare recognizers (MRN, NPI, DEA). ~45ms average detection latency.

⚖️

2. Policies Applied

If/then rules evaluate detected entities and decide: Allow, Warn, Block, or Redact. Most-restrictive policy wins. Org-level and user-level policies supported.

3. AI Runs Safely

Request executes with protected data. Models route automatically (GPT-4o, o1-mini, o1-preview) based on task type. Org-level model overrides supported.

📝

4. Everything Logged

Complete audit trail with searchable, exportable logs. 7-year retention. SIEM-ready exports in CEF, HEC, ECS, and Syslog formats.

What's Included

Enterprise Safe AI Platform

✅ Automatic PHI Detection

Blocks or redacts sensitive information before AI processing. Detects names, MRN, SSN, contact info, addresses, DOB/DOS, payment data, NPI/DEA, and more. <2% false positive rate.

✅ Policy Enforcement

If/then rules applied to every interaction. Configure allow/warn/block/redact behaviors with entity targeting, confidence thresholds, and sandbox testing before deployment.

✅ Complete Audit Trail

All inputs/outputs, users, actions, risk scores, and policy decisions logged. Search, filter, export to CSV/JSON. Immutable storage with 7-year default retention.

✅ Task-Based Interface

20+ pre-configured AI tasks for common workflows: summarize documents, extract key points, draft emails, analyze data, compliance checks, and more—no prompt engineering needed.

✅ Enterprise Security

Azure-hosted with VNet integration, TLS 1.3, AES-256 at rest, encryption via Key Vault. Private networking, DDoS protection, and data residency options.

✅ File Processing Pipeline

Upload PDF, DOCX, XLSX files. Automatic text extraction, PHI detection, and user warnings. Encrypted Azure Blob storage with auto-delete after 24 hours (configurable).

Core Capabilities

Built for Compliance, Designed for Productivity

🔍 PHI Detection & Redaction

  • Microsoft Presidio – NLP + regex-based detection with custom healthcare recognizers
  • Healthcare Entities – MRN, NPI, DEA, SSN, names, DOB/DOS, addresses, payment data
  • Multiple Modes – Detect only, detect+redact with placeholders, confidence scoring
  • Fast & Accurate – ~45ms average latency, <2% false positive rate

⚖️ Policy Enforcement Engine

  • Rule-Based If/Then Logic – Configure allow, warn, block, or redact behaviors
  • Entity Targeting – Policies apply to specific PHI types with confidence thresholds
  • Policy Sandbox – Test rules on sample data with visual diffs and decision trees
  • Most-Restrictive Wins – Org-level and user-level policy hierarchy

🎯 AI Task Library (20+)

  • Document Processing – Summarize, extract key points, translate policy
  • Writing & Communication – Draft emails, improve writing, change tone, generate reports
  • Data & Analysis – Analyze data, chart recommendations, SQL/Excel helpers
  • Compliance & Legal – Compliance checks, risk assessments, contract review, policy generator
  • Smart Model Routing – Auto-selects GPT-4o, o1-mini, or o1-preview based on task

👥 Admin Console & RBAC

  • Policy Management – Create, test, and deploy rules with sandbox mode
  • Audit Viewer – Search/filter inputs, outputs, model, policy decisions; export CSV/JSON
  • User Management – Admin, Member, Readonly roles with granular permissions
  • Usage Dashboard – Track usage, costs, risk scores, and policy impact
  • SSO & MFA – Entra ID/Okta integration (planned); multi-factor authentication

📋 Comprehensive Audit Trail

  • Everything Logged – Every request, policy decision, auth event, admin action, file upload
  • 7-Year Retention – Immutable storage aligned to HIPAA requirements
  • SIEM Integration – Export to Splunk, Sentinel, QRadar, Elastic in CEF, HEC, ECS, Syslog
  • Compliance Reports – Pre-built compliance scorecard and executive dashboards

📁 File Processing Pipeline

  • Multiple Formats – PDF (pdf-parse), DOCX (mammoth), XLSX (SheetJS); OCR planned
  • Secure Storage – Encrypted in Azure Blob with SHA-256 hashing
  • PHI Warnings – Automatic detection and user notification before processing
  • Auto-Delete – Files removed after 24 hours (configurable); planned virus scanning

Who It's For

Built for Healthcare Organizations

🏥 Healthcare Orgs

Use AI tools productively without compromising patient privacy or regulatory requirements. Enable teams while maintaining compliance.

🔐 IT/Compliance

Centralized policy controls, RBAC, usage analytics, and SIEM exports. Prove compliance with complete audit trails.

👤 End Users

Task-based UI with no prompt engineering needed. Upload files, get instant PHI warnings, see streaming results.

Architecture

Enterprise-Grade Stack

☁️ Cloud Platform

Microsoft Azure

App Service, Azure SQL (TDE), Key Vault, Blob Storage (geo-redundant), App Insights, Log Analytics.

🔧 Backend

Node.js 18 LTS

Express 4.x + TypeScript 5.x. Azure AI Foundry integration. Logging via App Insights.

🎨 Frontend

Next.js 16 + React 19

Tailwind CSS + shadcn/ui components. NextAuth for authentication. Axios for API calls.

🔐 Security & Network

Multi-Layer Protection

VNet integration, Front Door (CDN+WAF), NSGs, DDoS protection. TLS 1.3 in transit, AES-256 at rest. CMKs via Key Vault. API keys + JWT (RS384). Optional IP allow-listing.

📊 Compliance

Healthcare-Ready Standards

HIPAA Technical Safeguards implemented. SOC 2 Type II in progress. HITRUST CSF planned. GDPR data handling. 7-year audit retention.

Policy Decision Flow

User Input → PHI Detection (Presidio + Regex)
           ↓
   Policy Evaluation (If/Then Rules)
           ↓
   Decision: Allow | Warn | Block | Redact
           ↓
   AI Processing (GPT-4o / o1-mini / o1-preview)
           ↓
   Complete Audit Log (User, Input, Output, Policy, Risk Score)

Security & Hosting

Enterprise Security Standards

🔒 Data Protection

  • Encryption in Transit – TLS 1.3 with modern cipher suites
  • Encryption at Rest – AES-256 with customer-managed keys (CMK)
  • Key Management – Azure Key Vault with private endpoints
  • Data Residency – Choose your Azure region for data storage

🌐 Network Security

  • VNet Integration – Private networking for all Azure services
  • Front Door + WAF – CDN with web application firewall
  • DDoS Protection – Azure DDoS Protection Standard
  • IP Allow-Listing – Optional IP-based access control

🔑 Authentication & Access

  • JWT Tokens – RS384 signing, 1-hour expiry, refresh rotation
  • Multi-Factor Auth – MFA support for all user accounts
  • SSO Integration – Entra ID/Okta (planned)
  • Role-Based Access – Granular permissions per role

📋 Compliance & Audit

  • HIPAA Safeguards – Technical, administrative, and physical controls
  • SOC 2 Type II – In progress (security, availability, confidentiality)
  • Immutable Logs – 7-year retention in tamper-proof storage
  • SIEM Export – Real-time feeds to security operations centers

Development Roadmap

Current Status & What's Next

✅ Now Available

  • Policy Sandbox – Test rules on sample data with visual diffs and decision trees
  • Admin Console – Policy management, user management, usage dashboard
  • Audit Viewer – Search/filter/export complete interaction logs
  • Task Library – 20+ pre-configured AI tasks for common workflows
  • File Pipeline – Upload and process PDF, DOCX, XLSX with PHI detection

🚧 Next Quarter

  • Policy Versioning – Track changes, rollback, scheduled reviews
  • Policy Templates – Pre-built rules for common compliance scenarios
  • Compliance Scorecard – Visual compliance metrics and executive dashboard
  • Anomaly Detection – ML-based unusual activity alerts
  • SSO Integration – Entra ID and Okta single sign-on
  • SIEM Connectors – Splunk, Sentinel, QRadar, Elastic exports

🔮 Planned Features

  • Clinical Tasks – Documentation, medical coding, prior auth letters, patient education
  • Advanced Analytics – Usage trends, risk factors, policy impact analysis
  • Slack/Teams Alerts – Real-time notifications for policy violations
  • Webhook API – Programmatic access for custom integrations
  • Multi-Region – Deploy across multiple Azure regions for redundancy

🌟 Future Vision

  • Fine-Tuned Models – Custom healthcare AI models for your organization
  • RAG + Knowledge Base – Connect your internal docs for context-aware AI
  • Task Chaining – Multi-step workflows with automated handoffs
  • REST API + SDKs – Full programmatic access with client libraries
  • White-Label – Deploy under your brand with custom domain

Why Guardian Health

Purpose-Built for Healthcare AI Safety

vs Consumer AI

ChatGPT, Claude, Gemini

❌ No PHI blocking

❌ No policy enforcement

❌ No audit trails

✅ Guardian Health: Healthcare-native PHI controls + full auditability

vs Enterprise AI

Azure OpenAI, Bedrock

⚠️ Great infra, but generic

⚠️ You build PHI detection

⚠️ You build compliance reporting

✅ Guardian Health: Pre-built PHI detection, task library, compliance scorecard

vs AI Scribes

Abridge, Nabla, Suki

⚠️ Narrow ambient docs use-case

⚠️ Single workflow

⚠️ Limited task coverage

✅ Guardian Health: Broader coverage across clinical, admin, and ops

Key Differentiators

Healthcare-Native PHI Detection Policy Sandbox Mode Task-Based UX Compliance Scorecard SIEM-Ready Integrations

Why It Matters

The Safe Path to AI Adoption

AI demand is surging—but compliance gaps are blocking adoption.

Guardian Health converts AI risk into governed productivity. Your organization can adopt AI quickly with built-in safety controls, governed workflows, and provable compliance—enabling teams to work faster while maintaining the trust and security that healthcare demands.

🚀 Faster Adoption

Deploy AI tools organization-wide with confidence. No custom PHI detection infrastructure needed.

🛡️ Built-in Safety

Automatic PHI blocking and policy enforcement means less risk and faster compliance audits.

✅ Prove Compliance

Complete audit trails and compliance scorecards ready for HIPAA/SOC 2 reviews.

Get Started

Ready to Use AI Safely?

🤝 Design Partnership Program

Help shape Guardian Health's roadmap and get preferred pricing. As a design partner, you'll work directly with our team to build the platform around your organization's real-world needs.

  • Direct collaboration with the founding team
  • Influence product features and roadmap priorities
  • Hands-on implementation support and training
  • Preferred pricing and early access to new features
Become a Design Partner

📧 Request a Demo

See Guardian Health in action. We'll show you how automatic PHI detection, policy enforcement, and audit trails work together to enable safe AI adoption.

Talk to Sales: hello@hearthandalloy.com

Security/Compliance Questions?

We're happy to map our controls to your policies and discuss how Guardian Health fits your compliance framework.

Request a Demo →