The Challenges

Healthcare systems faced fragmented clinical data, strict compliance requirements, and high cognitive load on clinicians, limiting the safe adoption of AI copilots.

1. Patient Data Fragmentation
   Clinical data (EHR, notes, labs, discharge summaries) was spread across multiple systems, making real-time access difficult.

2. Strict Compliance & Privacy (HIPAA)
   Ensuring that clinicians only access authorized patient records was critical to avoid regulatory violations.

3. Unstructured Clinical Documentation
   Large volumes of free-text notes, PDFs, and reports lacked structure, making retrieval inefficient.

4. Risk of Data Leakage in AI Systems
   Traditional RAG approaches risked exposing unauthorized patient data during retrieval or generation.

The Strategy

Designed a secure, multi-layered GenAI copilot using ReBAC-based authorization with SpiceDB, enforcing patient-level access before retrieval, ensuring zero data leakage.

1. ReBAC-Based Authorization (SpiceDB)
   Modeled relationships:

   • clinician → patient

   • nurse → ward → patient

   • specialist → referred patient
     → Generated allowed_patient_ids → allowed_document_ids

2. Pre-Filter Secure RAG Pipeline

   • SpiceDB returns authorized document IDs

   • Vector DB performs similarity search only on permitted records

   • Ensures LLM never sees unauthorized PHI

3. Hybrid Multi-Cloud Architecture

   • LLM + Guardrails (Vertex AI) → clinical reasoning

   • Data + Vector Layer (OpenSearch) → scalable retrieval

   • Streaming + Processing → real-time ingestion

4. Clinical Guardrails & Auditability

   • Input/output PHI filters

   • Clinical safety checks (hallucination control)

   • Full audit logs: clinician, patient, accessed records

The Results

The platform delivered secure, compliant, and scalable clinical AI assistance, improving care delivery while maintaining strict patient data isolation.

1. Zero Unauthorized Data Exposure
   Pre-filter ReBAC ensured 100% patient-level isolation, meeting HIPAA and internal compliance standards.

2. 45% Faster Clinical Decision Support
   Clinicians retrieved relevant patient insights instantly via conversational queries.

3. 60% Reduction in Documentation Time
   AI-assisted summarization and note generation reduced administrative burden.

4. High Adoption & Trust

   • 50%+ clinician adoption within 90 days

   • Increased trust due to explainable, auditable AI responses