MedVault is the first HIPAA-compliant healthcare records platform built on fully homomorphic encryption. Store, query, and run population health analytics on encrypted PHI. Field-level encryption granularity. FHIR R4 native. BAA included at every tier.
Healthcare breaches exposed 133 million records in 2023 alone. Traditional encryption protects data at rest and in transit, but the moment you query, analyze, or process patient data, it must be decrypted — and that's when breaches happen.
Every database query decrypts PHI into memory. Every analytics pipeline processes plaintext. Every API response contains readable patient data. The decryption boundary is where breaches occur. MedVault eliminates it entirely.
OCR enforcement actions exceeded $4.3M per settlement in 2024. The breach notification rule alone costs $150–$400 per record. FHE ciphertext is not PHI under HIPAA Safe Harbor — there is nothing to notify about.
Population health analytics, risk stratification, and quality reporting all require running computations on patient data. Today, that means giving analysts plaintext access to millions of records. MedVault computes on ciphertext.
MedVault uses H33's BFV fully homomorphic encryption pipeline. Patient records are encrypted field-by-field at the point of care. Storage, queries, analytics, and consent enforcement all operate on encrypted ciphertext. Only the originating health system holds the decryption key.
SDKs for Python, Java, Node.js, Go, and .NET. SMART on FHIR OAuth 2.0 authentication. All responses include Dilithium post-quantum signatures and ZK-STARK computation proofs.
Encrypt FHIR R4 resources with field-level granularity. Supports Patient, Observation, Condition, MedicationRequest, and all standard resource types.
Store encrypted FHIR resources with automatic versioning, provenance tracking, and configurable retention policies.
Encrypt and store up to 10,000 FHIR resources in a single call. Ideal for bulk data migration and nightly EHR syncs.
The hot path. Execute FHIR search parameters against encrypted fields. Patient lookup, date range, coded value, and composite search supported.
Retrieve a complete patient summary (C-CDA equivalent) assembled entirely from encrypted records. Returns encrypted FHIR Bundle.
Run population-level queries on encrypted data. Cohort identification, prevalence rates, and risk stratification without decrypting individual records.
Calculate HEDIS, CMS, and custom quality measures on encrypted data. Returns encrypted aggregate results for CMS submission.
Identify high-risk patient cohorts using encrypted clinical data. HCC risk scoring on ciphertext for value-based care contracts.
Cryptographic consent management. Grant access to specific fields, resources, or date ranges. Consent is enforced at the encryption layer, not the application layer.
Revoke access cryptographically. Key material is destroyed for the revoked scope. The ciphertext becomes computationally inaccessible.
Retrieve the current consent graph for a patient. Shows all active grants, scopes, and expiration dates. Exportable for compliance audits.
Real-time assessment of breach exposure. FHE ciphertext qualifies for HIPAA Safe Harbor — encrypted data is not unsecured PHI under 45 CFR 164.402.
Chain-hashed, tamper-evident access log. Every query, every access, every consent change. Paginated, date-range filtered, exportable as signed PDF.
Independently verifiable proof that every computation was performed correctly on encrypted data. First-class compliance deliverable.
Destroy encryption key material for specific records. Returns ZK proof of erasure. The ciphertext becomes permanently unrecoverable.
Bidirectional sync with Epic via SMART on FHIR. Patient, encounter, and clinical data encrypted in transit from Epic's FHIR R4 endpoints.
Real-time service health, encryption throughput metrics, and storage utilization. Includes P50/P95/P99 latency breakdowns.
Every tier includes a signed Business Associate Agreement. MedVault pricing scales with your patient population and API usage, not per-seat licensing.
Every compliance requirement is a first-class API deliverable. The BAA is signed before any technical integration begins. Breach risk assessments are available via API in real time.
FHE ciphertext is not unsecured PHI under 45 CFR 164.402. A breach of MedVault infrastructure exposes only encrypted data that cannot be decrypted without the health system's private key. No breach notification required.
Signed Business Associate Agreement included at Starter, Growth, and Enterprise. No additional cost. No negotiation delay. BAA executed before technical onboarding begins.
HITRUST CSF r2 assessment in progress. Enterprise tier includes HITRUST inheritance support and shared responsibility documentation for your own assessment.
Audit observation period initiated at General Availability. Report available for vendor due diligence at all health system and payer institutions.
Substance use disorder records receive additional cryptographic isolation. Field-level encryption ensures Part 2 data cannot be accessed even by other authorized users of the same patient record.
FHE architecture satisfies the strictest state-level patient privacy requirements, including Washington, California, and New York health data statutes. Data residency controls available per state.
MedVault uses fully homomorphic encryption (FHE) to encrypt patient records at the field level before any AI model or analytics query touches them. The AI processes encrypted ciphertext and returns encrypted results. At no point does the model, the infrastructure, or H33 have access to plaintext PHI. This satisfies the HIPAA Security Rule's technical safeguard requirements. Every query is logged with a ZK-STARK proof and Dilithium post-quantum signature for the HIPAA accounting of disclosures requirement.
If MedVault's infrastructure is breached, attackers obtain only BFV ciphertext that is mathematically indistinguishable from random noise without the healthcare organization's private key. Under the HIPAA Breach Notification Rule, encrypted data that meets NIST guidance is excluded from breach notification requirements. MedVault provides a formal breach risk assessment letter confirming that a server compromise does not constitute a reportable breach under 45 CFR 164.402. This is a first-class compliance deliverable included at every tier.
MedVault implements FHIR R4 search parameters that operate on encrypted fields using homomorphic comparison operations. You can query patient records by encrypted date ranges, encrypted identifiers, and encrypted clinical codes without the server ever decrypting the records. The search runs entirely on ciphertext, and results are returned as encrypted FHIR bundles that only the requesting healthcare organization can decrypt with their private key. Search queries return results in under 200ms at P99.
Yes. MedVault's population health analytics API runs aggregate statistical queries on encrypted patient records using FHE. Researchers can compute encrypted cohort counts, encrypted mean values, and encrypted distribution statistics without ever accessing individual patient records in plaintext. This enables IRB-approved research workflows where the data never leaves its encrypted state. Results are encrypted aggregates accompanied by ZK-STARK proofs of correct computation, providing verifiable evidence that the analytics were performed accurately.
Field-level PHI encryption means each sensitive field in a patient record — name, SSN, diagnosis codes, lab results, medications — is individually encrypted with BFV homomorphic encryption. Unlike whole-record encryption, field-level encryption allows selective computation on specific fields without decrypting the entire record. This minimizes the exposure surface, enables fine-grained access controls per field, and supports the HIPAA minimum necessary standard by ensuring each query only touches the encrypted fields it needs to process.
MedVault implements cryptographic erasure: the BFV encryption key material for a specific patient record is destroyed, rendering the stored ciphertext permanently undecryptable. A ZK-STARK proof of erasure is generated and signed with a Dilithium post-quantum signature, creating a tamper-evident deletion certificate. This certificate serves as the regulatory fulfillment record for HIPAA and state privacy law erasure requests. The entire deletion process completes within 24 hours with a signed confirmation delivered via API.
MedVault is FHIR R4 native and integrates with Epic through the SMART on FHIR protocol. Patient records are encrypted at the field level as they flow from Epic into MedVault via standard FHIR APIs. The integration uses OAuth 2.0 authorization compatible with Epic's MyChart and EHR launch contexts. MedVault also supports bulk FHIR export for initial data migration from Epic. SDKs are available for Python, Node.js, Java, and .NET to accelerate the integration timeline for your engineering team.
The HIPAA Breach Notification Rule requires a four-factor risk assessment after any security incident to determine if patient notification is required. MedVault provides a pre-computed breach risk assessment letter confirming that because all PHI is stored as BFV ciphertext with encryption keys held exclusively by the healthcare organization, a server compromise does not expose PHI and does not trigger notification requirements under 45 CFR 164.402. This letter is a regulatory compliance deliverable that your HIPAA Privacy Officer can file immediately.
MedVault delivers sub-100ms write latency and sub-50ms read latency for individual encrypted FHIR record operations. Bulk operations process up to 10,000 encrypted records per API call. The underlying FHE engine processes data at 38.5 microseconds per operation. Encrypted FHIR search queries return results in under 200ms at P99 latency. All performance targets are SLA-backed with 99.99% uptime guarantees and 11 nines of data durability. These numbers are production-verified, not theoretical benchmarks.
A Business Associate Agreement (BAA) is a HIPAA-required contract between a covered entity and any vendor that creates, receives, maintains, or transmits PHI on their behalf. H33 executes a BAA at all MedVault tiers, including the entry-level Clinic tier. The BAA covers FHE-encrypted PHI storage, encrypted analytics processing, and cryptographic deletion services. Because MedVault never accesses plaintext PHI, the BAA scope is narrower and the risk profile is significantly lower than traditional cloud healthcare platforms.
Schedule a 30-minute technical deep dive. We'll walk through the encrypted FHIR pipeline, demonstrate a live population health query on ciphertext, and answer your compliance team's questions.