PHIVault
The safe the PHI actually lives in
A dedicated, encrypted store for protected health information. Field-level encryption, strict access scopes, full audit logging, and a clean API so other services can read and write without rolling their own crypto.
- Field -level encryption
- Every Access logged, full context
- 1 Place PHI lives
PHIVault is where every piece of protected health information lives. Data is encrypted at the field level; keys are managed separately; access is granted by scopes tied to roles and purposes; every access is audited.
Other services in the clinic stack never store PHI locally — they ask PHIVault. This keeps the attack surface small, makes compliance reviews tractable, and means "where is this patient's data?" has exactly one answer.
Everything PHIVault handles for you
-
Field-level encryption
Encryption granular enough to protect sensitive fields independently.
-
Scope-based access
Access granted by role and explicit purpose, not by "team membership".
-
Full audit trail
Every read and write is logged with actor, reason, and timestamp.
-
Clean API
Other services call PHIVault — they never replicate PHI in their own stores.
How PHIVault plugs into the clinic stack
PHIVault is the canonical PHI store for the whole stack. Every PHI-touching service reads and writes through it instead of holding data locally.
- IntakeOCR stores extracted PHI fields and original images under encryption.
- SymptomRouter reads and writes the triage decision trail against the patient record.
- SecureInbox stores message content so the inbox itself never holds plain PHI.
- SuperAdmin owns the key material and access scope configuration.
Wire PHIVault into your product today
Book a consultation with our founders and we'll walk you through the whole microservice stack — not just this one — live on your domain.