GUARDIAN HEALTH BY HEARTH & ALLOY
The AI Control Plane for Healthcare
Patent-pending Three-Gate architecture ensures AI systems only receive data your organization has classified, policy-checked, and authorized. Start with a free readiness assessment for your team.
Executive Summary
Healthcare organizations want AI. Consumer AI can't see PHI safely.
Guardian Health is a production-ready AI Control Plane.
Three sequential, irreversible controls (Data Reality; Purpose & Authority; Risk-Based Routing) ensure that AI models, tools, and external providers receive only data your organization has classified, authorized, and (when required) transformed. Every decision is captured in an immutable audit trail with 7-year retention.
Architecture
The Three-Gate Pipeline
Sequential. Irreversible. Auditable. Every AI request passes through all three gates before any model sees any data.
What is this data, really?
Multi-signal detection identifies sensitive content before it leaves your environment: HIPAA identifiers, healthcare-specific codes, and domain-extensible markers for other regulated industries.
- • File screening across common document and image formats
- • Tuned for healthcare vocabulary to reduce false positives
- • Layered detection with graceful fallback
Is this user allowed to do this?
Policy evaluates user role, task context, and data classification together. Sensitive values are transformed while meaning is preserved, and an independent verification layer confirms the request is safe before anything is routed.
- • Downstream tools can be invoked without exposing raw values
- • Test policies safely before production rollout
- • Each decision is captured for audit replay
Where is it safe to send?
A composite risk score determines which approved model or provider a request is eligible for, or blocks the request entirely. Organization-scoped allowlists, health-aware routing, and concurrency controls run underneath.
- • Works with major commercial and on-prem model providers
- • Per-tenant controls on throughput and capability
- • Full lineage from request to response
Platform
What's Shipped
PHI AI Readiness Assessment
Free three-module diagnostic, about 30 minutes per employee. Measures four readiness categories: PHI Identification, Safe AI Usage, Policy Awareness, and Incident Response.
- • Baseline-lock scoring (no retake inflation)
- • Anonymized org scorecard at 5+ completions
- • Regulatory language, not product jargon
Employee AI Training Module
Complete training pathway. 5 industry templates, 26 modules, interactive sandbox, versioned content.
- • Open Badges 3.0 digital certificates
- • SCORM / xAPI export to your LMS
- • Compliance evidence packages
Compliance Scorecard
The default landing page for CISOs and compliance leads. Answers “am I compliant?” and “what needs attention?” in ten seconds.
- • Health score & risk events
- • Scheduled PDF reports with email delivery
- • Executive summary with period statistics
AI Chat & Task Library
Freeform chat plus 20+ pre-configured task templates for healthcare workflows.
- • Real-time PHI preview as user types
- • Model selector with org allowlists
- • Run history, lineage, and re-run
API Gateway / Proxy
A drop-in compliance layer for existing applications. Point your app at Guardian and get full three-gate enforcement before requests reach any model provider.
- • Organization-scoped API keys
- • Works with major model providers
- • Provider credentials kept in your secret store
Browser Extension
Side-panel chat, floating action button on text selection, right-click context menus. Encrypted sessions, 15-minute inactivity timeout.
- • No PHI stored on-device
- • OAuth: Google, Microsoft, Passkey
- • CSP-compliant markdown rendering
Workflow Gallery & Builder
Five pre-built healthcare workflows (PDF extract, clinical note, prior auth, patient comms, claim review). Visual builder with 11 node types.
- • Parallel branches, human review, apply corrections
- • Webhook triggers with API key auth
- • Variable mapping across steps
Configuration Assistant
An AI admin that runs through the same control plane it administers. 25+ tools across read, write, bulk, import/export, and reset operations.
- • Policy simulation and anomaly detection
- • Context-aware help (knows your current page)
- • Weekly digest with compliance insights
Admin Experience Modes
Managed, Standard, Advanced, Assessment tiers. Admins see only the surface area they need, from one-page scorecard to full policy engine.
- • Industry selection during onboarding
- • Navigation filtering per mode
- • Backend access control middleware
How It Works
Assessment first. Platform second.
Measure the team
Admin signs up, invites the team, and employees complete the free readiness assessment (three modules, about 30 minutes per employee). Individual scores stay private; an anonymized organizational scorecard unlocks at five completions.
Close the gaps
Training modules are available covering each readiness category. Employees complete the content relevant to their gaps; baseline scores stay locked and improvement is tracked separately so the numbers your CISO sees remain honest.
Turn on the platform
When you're ready, turn on enforcement where your team actually works: the AI Chat & Task Library, the browser extension, or your existing applications via the API gateway. Same three gates, same audit trail, now enforcing on real requests instead of assessment scenarios.
AI Safety Controls
Safety Controls Built for Healthcare Workflows
Governed AI chat for PHI
Give clinicians and staff an AI assistant that can see PHI safely, with all interactions logged and governed.
- Inline PHI detection before model
- Policy-based redaction and warnings
- Full transcript logging for audit
File & document pipeline
Scan PDFs, DOCX, and XLSX files for PHI before they ever reach your AI models.
- Streaming file segmentation
- Pre-ingestion PHI scanning
- Configurable retention windows
RBAC & approvals
Ensure only the right roles can access PHI-aware workflows, with clear separation of duties.
- Least-privilege access
- Role templates for compliance
- Approval flows for high-risk tasks
Model controls & observability
Route traffic to approved models, track usage, and tie anomalies back to policy actions.
- Model allowlists per workspace
- Usage dashboards & alerts
- Signals for quality & drift
Enterprise
Enterprise-Ready by Design
Guardian Health meets healthcare systems where they are. SaaS for teams that want subscribe-first onboarding; customer-hosted deployment for enterprises that need to run inside their own cloud tenant. Same platform either way.
- Multi-tenant organizations with full role-based access control
- Enterprise identity & MFA (SAML / SCIM on paid tiers)
- Customer-managed encryption keys supported
- Deploy in our environment or yours
- 7-year immutable audit retention with SIEM-ready export formats
- White-label theming for healthcare, government, legal, and finance
- WCAG 2.1 AA accessibility verified
Safe AI infrastructure: data detection, policy enforcement, and auditability layered around your existing systems.
Who It's For
Built for Teams Responsible for Safe AI Adoption
Compliance & security teams
Get visibility into AI usage with the enforceable policies and audit trails you need for HIPAA and internal risk frameworks.
IT & platform teams
Integrate Guardian Health into your existing identity, logging, and infrastructure without adding fragile one-off tooling.
Clinical & operations leaders
Give frontline teams AI that actually understands the rules, so they can work faster without compromising patient privacy.
Get Started
Start with the team.
Take the free PHI AI Readiness Assessment. If the organizational scorecard tells you the platform is worth a conversation, we'll be here.
Free Readiness Assessment
Three modules, about 30 minutes per employee. Anonymized org scorecard unlocks at 5 completions. Baseline-locked scoring so your numbers remain honest.
Start AssessmentRequest a Demo
Walk through the Three-Gate pipeline against your real scenarios. See assessment, training, scorecard, and enforcement end-to-end.
Email the Founder →