Healthtech

    Control AI in clinical decisioning, intake, and patient-facing workflows — with hard limits, policy, and HIPAA-aware tamper-evident audit on every decision, before it executes.

    A patient-support workflow drafts a message that touches a medical record number. A clinical documentation workflow reaches for a provider that isn't covered by a BAA. An operations workflow floods the provider during peak documentation hours, crowding out a real-time decision-support service. No one caught it until incident review.

    Keel evaluates a permit before each provider call, using the rules your team defines, and writes a tamper-evident record of every decision.

    Where Systems Break Down

    • A triage chatbot drafts a reply that includes an MRN; the routed provider has no BAA on file and no one catches it until incident review
    • A model upgrade ships to clinical documentation and spend on one service line jumps 6× in a day
    • An ops reporting job saturates provider quota during morning rounds; real-time decision support degrades for clinicians
    • An OCR inquiry asks who authorized a specific PHI-adjacent request — and the answer is "we have logs"
    • Finance asks for per-service-line AI spend — engineering reconciles from EHR logs and vendor portals for two weeks

    What Stops Before the Provider Call

    Every request is evaluated at the permit seam. Unsafe, unbudgeted, or unauthorized requests don't reach the model.

    • Policy gates — provider, model, and workflow choices are checked against authored rules before dispatch; mismatches never reach the model
    • Budget enforcement — per-tenant, per-service-line, and per-workflow budgets evaluated before the provider bill accrues
    • Throttle as a first-class outcome — HTTP 429 with Retry-After for lower-priority flows during peak windows
    • External attestation gate — challenge sensitive clinical or patient-facing workflows until an approved reviewer, an internal approval service, or an existing customer-operated upstream control attests that execution may proceed

    Example Rules You Can Enforce

    Plain English, backed by the policy engine today.

    • "Patient communications only on zero-retention providers, under a BAA your team maintains." Deny when the workflow is patient communications and either the provider's data retention is not zero or the BAA compliance flag your team maintains on the provider is not set.
    • "Clinical decision support uses validated models only." Deny when the workflow category is clinical decision support and the selected model is not in the validated allowlist.
    • "Any request touching patient data is blocked if it would leave the approved jurisdiction." Deny when the workflow handles patient data and the provider's region is outside the jurisdictions your compliance team has approved — regardless of fallback routing.
    • "High-sensitivity patient documentation requires external attestation before execution." A challenge decision holds the request until an approved reviewer, or an upstream control your team already operates — a de-identification service, a DLP pipeline, or a human approval workflow — attests the workflow may proceed.

    Where the Firewall Strengthens the Baseline

    The prompt firewall runs a platform-wide baseline every project inherits. Your team can add healthcare-specific detectors on top — never weaken below the floor. Detectors are evaluated before provider dispatch; blocking matches precompute a deny outcome and are recorded in the decision details. This layer screens request content; the decision still happens at the permit.

    • HIPAA Safe Harbor identifier patterns — MRN, DOB in combination with name, SSN, insurance and member IDs, biometric identifiers
    • ICD-10, CPT, and SNOMED code sensitivity
    • Genetic and biometric identifiers — GINA-protected terminology
    • Pediatric and behavioral-health elevated-sensitivity lexicons

    What the Decision Record Proves Later

    This is what your auditor will ask for. Every evaluated request produces a permit — the decision artifact that survives the conversation.

    • Permit — the unit of governance; decision, reason, rule basis, provider, model, budget state
    • Stable reason code — machine-readable codes that mean the same thing across every audit, replay, and SDK
    • Tamper-evident per-project chain — every governance event participates in a chain that makes modifications detectable on later review
    • Cryptographically signed export — Ed25519 signed, verifiable via included CLI, for HIPAA audit, OCR inquiry, or vendor security review
    • Externally anchored checkpoint — signed chain snapshots published to storage outside the runtime, on a regular cadence
    • RFC 3161 timestamp receipt — external timestamp witness evidence from an authority Keel does not control

    Cost Now, Compliance Later

    Cost. Provider charges don't show up on the finance dashboard until the bill arrives. Keel blocks unbudgeted and out-of-policy execution at the permit seam — before the provider call, not during month-end reconciliation. When estimated cost diverges from actual cost, the usage ledger supports correction, not just reporting.

    Compliance. HIPAA audit, OCR inquiry, and vendor security review all ask the same question — who made this request, under what rule, using which provider and model, and why was it allowed? The permit answers it. The signed export produces it. The externally anchored checkpoints and independent timestamps let an auditor verify the record against a party Keel does not control.

    If a request shouldn't have run, it shouldn't reach the provider.

    Next