ACAI maps every API request to HIPAA §164.312 technical safeguards. PHI is detected and redacted before it reaches the model, every access is logged, and you get auditor-ready evidence covering access control, audit trails, integrity, and transmission security.
Built for healthcare companies, covered entities, and business associates.
Every API request generates evidence mapped to these controls automatically.
Bearer token authentication on every request. Per-key data classification floors. Tier-gated model access.
Tamper-proof dual-sink logging (PostgreSQL + immutable Blob). Correlation IDs. Configurable retention up to unlimited.
14+ regex patterns + Azure AI NER scan every request for PHI before it reaches the model. Three modes: detect, redact-from-logs, redact-all.
API keys scoped per user. SHA-256 hashed storage. Entra ID SSO for dashboard access.
TLS 1.2+ enforced on all endpoints. No plaintext API keys in transit. Azure Key Vault for secrets.
ACAI signs a BAA with you. Azure's BAA covers infrastructure. One link in the chain you don't have to build.
Block passthrough backends for PHI workloads. Force PHI-only backends. Data classification enforcement per key.
One-click HIPAA evidence report mapping your API usage to §164.312 controls. Hand it to your auditor.
One API key. One BAA. HIPAA evidence your auditor will accept.