Shield helps teams deploy AI safely, with clear controls, real-time protection, and AI-native discoverability.
Your clinicians paste patient data into LLMs every day. We make it safe.
Purfect Shield sits between your clinicians and every LLM they use — tokenizing PHI before it leaves your network, rehydrating responses transparently, and producing a hash-chained audit trail that satisfies HIPAA §164.312.
$10K/$25K/$45K, two PO line items, published and flat — no per-seat or per-token meter.
The three-stage pipeline that keeps PHI off the wire — from clinical prompt to model response and back.
PHI tokenized at the gateway · Model sees only placeholders · Responses rehydrated for clinicians
The Reality
Your clinicians are already using LLMs. The question is whether PHI is on the wire.
PHI in Clinical Queries
Clinicians paste patient names, DOBs, and MRNs into LLM prompts daily — often without realizing the data leaves the organization.
Clinical Data Leakage
Lab results, diagnosis codes, and treatment plans end up in model training corpora because there was no gateway in front of the prompt.
HIPAA Audit Gap
When auditors ask "show us every prompt that contained PHI this quarter," most organizations have no answer — and no tamper-evident trail.
Shadow IT LLM Usage
Clinicians use consumer LLM tools that your IT department never approved — because the approved tools don't exist yet.
The Fix
Purfect Shield: your data never leaves your network.
Deployed on your infrastructure. No cloud. No subscription. You own the source.
Tokenize PHI Before It Reaches the Model
Patient names, MRNs, SSNs, and clinical identifiers are swapped for stable placeholders at the gateway — the LLM provider never sees real data.
Rehydrate Responses Transparently
When the model responds, Shield restores original values. Your clinicians see real names in real responses — no workflow disruption.
Hash-Chained Audit Trail
Every transformation is logged as a hash-chained JSONL event. Modify or delete any record and the chain breaks — HIPAA §164.312 audit-and-integrity controls satisfied.
Opaque Mode for Maximum Sensitivity
For your most sensitive clinical data paths, Shield can operate in opaque mode — tokenize with no retained mapping, no rehydration possible.
🕶️
Opaque Mode — for your most sensitive clinical data paths
Some clinical workflows carry data so sensitive that even the local placeholder mapping is too much. Opaque mode tokenizes PHI with no retained mapping and no rehydration possible — the model works with fully sanitized input, and your audit trail still proves what was redacted and when.
Zero retained mappingFully sanitized model inputFull audit trail preservedPer-endpoint configurable
Every redaction becomes a hash-chained event in an append-only JSONL log. Modify or delete any record and the chain breaks detectably — auditor-ready, tamper-evident evidence.
HIPAA §164.312(b)
Audit Controls
Hash-chained events provide a complete, tamper-evident record of every PHI redaction — who triggered it, what category was matched, and when.
HIPAA §164.312(c)
Integrity Controls
The hash chain ensures that any modification to any event is cryptographically detectable — satisfying the integrity requirement without storing raw PHI values.
SOC 2 CC6.1
Logical & Physical Access
Maps directly to access-control requirements. Every transformation is attributable, timestamped, and cryptographically linked to its predecessor.
Deployment
On your infrastructure. In one day.
1
Gateway deployed
Go gateway on localhost:6767. Your clinicians' LLM tools route through Shield automatically via BASE_URL.
2
Healthcare filter pack activated
Patterns for PHI, MRNs, NPI numbers, ICD codes, and clinical identifiers — tuned to your data shapes.
3
Audit sidecar running
Hash-chained JSONL events ship to local sidecar. Dashboard on localhost:6768 shows real-time redaction stream.
4
Compliance team trained
90-minute session with your compliance officers — evidence export, retention runbook, auditor-ready documentation.
See it on your clinical workflows.
We'll deploy Shield in front of your clinical LLM tools, walk your team through the audit trail, and show you exactly how PHI is tokenized before it ever reaches a model. One day. Your infrastructure. You own the source.
Fixed-price engagement · Source code at handoff · No subscription
Intake Portal
Let's Build.
Submit your technical details and we will formulate a production scope, architectural dependencies, and exact model selection profiles.
48-Hour Response SLA
Every request is routed directly to a principal systems engineer.
Zero Cloud Risk
All contracts guarantee strict IP ownership and security boundary isolation.
FAQ
Healthcare LLM Security Questions
Is Purfect Shield HIPAA compliant?
Shield does not process, store, or transmit PHI — it tokenizes data before it leaves your network. The hash-chained audit trail satisfies HIPAA §164.312 audit-and-integrity controls. Shield runs entirely on your infrastructure under your existing HIPAA compliance framework.
How does Shield handle PHI in clinical prompts?
Patient names, MRNs, SSNs, DOBs, and clinical identifiers are detected and swapped for stable placeholders at the gateway. The LLM provider never sees real data. Responses are automatically rehydrated so clinicians see real values in real responses.
Does Shield require a Business Associate Agreement (BAA)?
No BAA is required — Purfect AI holds no keys, runs no servers, and processes no data. Shield compiles and runs entirely on your infrastructure. There is no Purfect Shield cloud, no telemetry, no data pipeline to cover under a BAA.
Can we deploy Shield in our existing hospital infrastructure?
Yes. Foundation deploys in one day on your existing infrastructure — on-prem servers, private cloud, or VPC. No new infrastructure required. Shield runs as a single Go binary on localhost:9090.
What happens to the audit log — who holds the keys?
The audit log writes to your storage with your encryption keys under your retention policy. Compliance tier ships with a local append-only JSONL sidecar. Enterprise tier federates to your S3 bucket. Purfect AI never holds your keys or your logs.
How long does healthcare deployment take?
Foundation tier deploys in one day including threat model workshop, gateway deployment, and plugin installation. Compliance tier deploys within one week. Full Enterprise deployment takes approximately three weeks.