Premora for Healthcare
Health systems handle protected health information (PHI) under the HIPAA Security and Privacy Rules, which push strongly toward on-prem deployment and strict data handling. Premora’s posture fits: PHI-adjacent operational knowledge stays inside the perimeter, external model calls can be disabled entirely, and every access is permissioned and audited.
:::warning This is product guidance, not legal advice Premora can be configured to support the HIPAA control expectations below, but a HIPAA deployment requires dedicated review — a Business Associate Agreement (BAA) analysis and a PHI data-flow mapping with your privacy officer. Premora provides the controls; your organization owns the compliance determination. Premora does not yet hold formal certifications. :::
Regulations that apply
| Regulation | What it expects | How Premora supports it |
|---|---|---|
| HIPAA Security Rule | Administrative, physical, and technical safeguards for electronic PHI: access control, audit controls, integrity, transmission security. | On-prem / air-gapped deployment so PHI never leaves the perimeter; ACL projection and least privilege; encryption in transit and at rest; audit trails across admin actions, queries, and policy overrides. |
| HIPAA Privacy Rule | Minimum-necessary use and disclosure of PHI; accounting of disclosures. | ACL-aware retrieval that only ever returns what a user is entitled to see; data-classification labels and redaction before any external model call; audit trails sufficient for accounting-of-disclosures-style review. |
| HITECH / Breach Notification | Breach detection, response, and notification. | Attributable access (every prompt, query, and output traces to a user), immutable raw sources and lineage for investigation, and degraded-mode resilience. |
| State privacy (CCPA/CPRA and comparable) | Consumer privacy rights where data falls outside HIPAA. | On-prem single-tenant; retention tags, legal-hold, and deletion workflows; lineage to locate a given data element. |
| AI governance | Transparency and control over model use on sensitive data. | External providers can be disabled entirely; model allowlists / route policy; private on-prem inference; redaction before external calls. |
How regulation maps to Premora controls
- Perimeter & residency — on-prem or air-gapped deployment keeps PHI inside your environment; the core read path has no external SaaS dependency.
- Minimum necessary — ACL projection enforces that users and agents only see what they are entitled to upstream; retrieval fails closed.
- PHI handling on AI paths — data-classification labels plus redaction before any external model call, or external models disabled entirely in favor of private inference.
- Audit & evidence — attributable access and audit trails support breach investigation and accounting of disclosures.
Recommended configuration
- Deploy on-prem or air-gapped, and complete a BAA analysis and PHI data-flow mapping with your privacy officer before connecting any PHI-bearing source.
- Disable external model providers and run private inference, or enforce redaction before any external call.
- Apply data-classification labels to PHI-bearing sources and verify ACL behavior after the first sync.
- Enforce SSO + least privilege with audited break-glass.
- Scope connectors to the minimum necessary systems and folders.