PHI Never Leaves
Your Network.
VoxelMD de-identifies imaging data on your own infrastructure, processes it in a BAA-covered HIPAA cloud, and has results waiting before the radiologist opens the study. An architecture designed to pass your security review - not to survive it.
How a Study Moves Through the Platform
Five steps, one trust boundary, no waiting radiologist.
- 1
Your PACS forwards the study
A standard auto-forward rule your PACS administrator has configured a hundred times before. The same integration pattern used by leading FDA-cleared radiology AI platforms.
- 2
De-identification happens on your hardware
Patient identifiers are stripped and replaced per the DICOM PS3.15 confidentiality standard - including pixel-level scrubbing of burned-in text on ultrasound and dose screens. The study receives a random identifier.
- 3
Only de-identified data crosses out
One outbound TLS connection, authenticated with your site's private credentials. The map linking studies back to patients stays encrypted on your network - VoxelMD is architecturally incapable of re-identifying your data.
- 4
AI processes the study before it's opened
Report drafting, prior comparison, and structured scoring run in our BAA-covered HIPAA cloud while the study is still sitting on the worklist.
- 5
Results are waiting at study-open
Your edge node pulls completed results back - no inbound firewall ports, ever. When the radiologist opens the study, the draft appears instantly. One click pushes it to PowerScribe or Rad AI.
Three Things That Never Leave Your Site
This is the claim your CISO will test. It holds because of architecture, not paperwork.
Protected Health Information
Names, MRNs, dates, accession numbers, and burned-in pixel text are removed on your infrastructure before anything is transmitted.
The Identity Crosswalk
The encrypted table linking studies to patients lives only on your network. A breach of our cloud would yield anonymous images with random IDs - and no way to map them to any person.
The Ability to Re-Identify
Because the crosswalk never leaves your site, re-identification is physically impossible from our side. That is a structural guarantee, not a policy promise.
Built for the Security Review
Every claim below is architectural and auditable. Bring your IT team, your compliance officer, and your hardest questionnaire.
Outbound-Only Connectivity
Your firewall change is a single outbound HTTPS rule. Results are pulled by your edge node, never pushed in. No VPN, no inbound ports, no attack surface added to your network.
Standards-Based De-Identification
DICOM PS3.15 Annex E confidentiality profiles - the same standard used by NIH's Cancer Imaging Archive - implementing HIPAA Safe Harbor, with documented QA sampling during onboarding.
Defense-in-Depth Cloud
Even though only de-identified data reaches our side, we run it to PHI standards anyway: Google Cloud under a signed BAA, customer-managed encryption keys, per-site tenant isolation, automatic deletion after processing.
Full Audit Trail
Every study, request, and result is logged to immutable, retention-locked storage. Your compliance team gets an answer, not a shrug, when they ask what happened and when.
BAA Offered by Default
We sign a Business Associate Agreement with your group even though the architecture means de-identified data only - belt and suspenders, and one less negotiation.
SOC 2 Readiness Program
Continuous-compliance tooling, third-party penetration testing before go-live, and an active SOC 2 roadmap. Security questionnaires answered with evidence.
The Radiologist Never Waits for AI
Most AI tools make an API call when the study is opened - and make the radiologist watch a spinner during the busiest part of their day. VoxelMD inverts the timeline: processing happens while the study is still on the worklist.
By the time the radiologist opens the exam, the draft report, prior comparison, and structured scores are already sitting in the local result cache. The overlay appears instantly, and one click pushes it into PowerScribe or Rad AI. No spinner. No workflow change. No excuse not to use it.
Typical AI tool
Study opens → API call → radiologist waits
VoxelMD platform
Study arrives → processed on worklist → result instant at open
Deployment Your IT Team Will Recognize
This is the same edge-node pattern established by leading imaging-AI vendors. Your PACS administrator has done each of these steps before.
One VM on your infrastructure
The edge gateway runs as containers on a modest virtual machine you control - on-premises or in your own cloud tenancy.
One firewall rule
A single outbound HTTPS egress to a named endpoint. Nothing inbound to review, nothing exposed.
One routing rule in PACS
Your PACS admin adds an auto-forward destination - the same procedure used for any DICOM node. We validate together, then go live.
Put It in Front of Your Security Team
We'll walk your IT and compliance stakeholders through the architecture, the de-identification standard, and the audit trail - question by question.