$5 free credits when you sign up
Healthcare

LLM features for care delivery — without PHI ever leaving your control

Health systems, payers, and health-tech teams need AI that respects protected health information at every step. NemoRouter redacts PHI before a prompt is forwarded, keeps it out of logs entirely, and signs a BAA on Enterprise.

Request a BAASee the safeguards
healthcare · phi · safeguards

PHI safeguards on every request

PHI redactionin-process
Request-body loggingzero-content
HIPAA BAAon Enterprise
EncryptionAES-256 at rest
Data residencyUS · EU · on request
Audit trailappend-only
HIPAA-eligibleBAA availableno BYOK
PHI redaction
Every request

Identifiers stripped in-process

Data policy
Zero-content

Logs can store no PHI at all

HIPAA BAA
Available

On Enterprise, on request

Guardrail overhead
<2ms

In-process, not over network

Safeguards

The safeguards a privacy officer reviews first

PHI redaction, log control, the BAA, and resilience. The first two ship to every NemoRouter customer at no extra cost; the BAA is available on Enterprise.

PHI redaction before the prompt leaves your network

Names, dates, contact details, identifiers, and other 18-category HIPAA identifiers are detected and redacted in-process — powered by Microsoft Presidio — before a request reaches a model provider.

  • Detects and redacts email, phone, identifiers, and PII categories
  • Runs on every request — included on every plan, never gated
  • Scoped org > team > key for clinic-, service-, and app-level policy
  • Sub-2ms overhead because it runs in-process, not over the network

A data policy that keeps PHI out of logs

Choose a zero-content or metadata-only logging policy so request and response bodies are never stored. You keep cost and token telemetry; you keep no protected health information.

  • Zero-content policy: nothing from the request body is stored
  • Metadata-only: cost and token counts logged, content discarded
  • PII-redacted option logs content with identifiers stripped
  • Policy is set per organization and enforced on every request

A HIPAA BAA for protected workloads

NemoRouter supports HIPAA-eligible workloads. A Business Associate Agreement is available for healthcare customers processing PHI — issued through the Enterprise team.

  • BAA available on Enterprise — request one through sales
  • PHI-redaction guardrails included at no extra cost
  • Underlying infrastructure (Cloud Run, Supabase) is SOC 2 Type II certified
  • Append-only audit trail records every administrative action

Failover that keeps care-delivery tools online

One OpenAI-compatible endpoint routes across the catalog and retries on a backup model when a provider degrades — so a provider incident does not interrupt a clinician mid-shift.

  • Fallback chains retry automatically on error or timeout
  • Routing strategies: usage, latency, cost, least-busy
  • 99.9% uptime SLA on every tier
  • Every routing decision captured in observability
Defense in depth

Two layers between a prompt and a PHI exposure

A single guardrail is a single point of failure. NemoRouter pairs in-process PHI redaction with a logging policy that can store no request content at all — so even an un-redacted edge case never becomes a stored record.

Redact, then don't store

Strip PHI in the request path, keep it out of the log

Layer one: PHI-redaction guardrails detect and redact identifiers in-process before the request is forwarded to a model. Layer two: a zero-content or metadata-only data policy means request and response bodies are never written to a log. You retain cost and token telemetry without retaining PHI.

  • Guardrail layer: identifiers redacted before the prompt is forwarded
  • Logging layer: zero-content policy stores no request or response body
  • Metadata-only keeps cost + token counts for billing and analytics
  • PII-redacted logging is the middle ground when you need content
  • Policy is org-wide and enforced on every request — no per-call opt-out
healthcare · data-policy

Request path with PHI controls

Inbound promptcontains identifiers
GuardrailPHI redacted
Forwarded to modelredacted only
Stored in logsmetadata only
PHI in storagenone
redactforwardno-store
Use cases

Where healthcare teams put NemoRouter to work

Four common workloads — each one redacted, budgeted, and logged without PHI.

Clinical documentation assistants

Draft and summarize notes with PHI redaction in front of the model, so identifiers never reach a provider and never land in a log.

Patient-facing support bots

Triage and answer routine questions behind guardrails that catch prompt injection and strip any PHI a patient pastes in.

Payer & claims processing

Classify and extract claim data on budgeted keys, with a zero-content data policy keeping member information out of storage.

Health-tech product features

Build LLM features into your own app on one managed gateway — no provider keys, a BAA on Enterprise, predictable cost.

Compliance — honest status

HIPAA is a shared responsibility — here is our half

We are precise about what NemoRouter provides and what stays with your organization. No overstatement.

  • NemoRouter provides the technical safeguards — PHI redaction, zero-content logging, AES-256 encryption, RLS tenant isolation, an append-only audit trail — and a BAA on Enterprise.
  • Your organization remains responsible for how PHI is used in your application and for your own HIPAA program. A BAA defines that boundary.
  • SOC 2 Type II is in progress (target Q3 2026); the infrastructure substrate (Cloud Run, Supabase) is already SOC 2 Type II certified. We will not say “certified” until our own report is signed.
Need the BAA before a privacy review? sales@nemorouter.ai will issue one and have security walk your team through the safeguards.

Healthcare questions, answered

Will you sign a HIPAA Business Associate Agreement?+

Yes — a BAA is available for healthcare customers processing PHI, issued through the Enterprise team. Request one at /contact?topic=baa or by emailing sales@nemorouter.ai. PHI-redaction guardrails are included on every plan at no extra cost regardless of whether a BAA is in place.

How do you keep PHI out of request logs?+

Two layers. First, PHI-redaction guardrails strip identifiers in-process before the request is forwarded. Second, the organization data policy can be set to zero-content or metadata-only, so request and response bodies are never written to a log at all — you keep cost and token telemetry without storing any protected health information.

Is NemoRouter HIPAA compliant?+

NemoRouter supports HIPAA-eligible workloads and will sign a BAA on Enterprise. HIPAA compliance is a shared responsibility: NemoRouter provides the technical safeguards (PHI redaction, zero-content logging, encryption, access control, audit logging) and the BAA, while your organization remains responsible for how PHI is used within your application. We will walk your privacy team through the controls before you go live.

Can health data stay in a specific region?+

United States is the default footprint. EU residency is generally available on Enterprise, with the UK, Canada, Australia, Singapore, and India available on request. Customer data is replicated within a single region and is never moved without an explicit migration request.

Healthcare

Start with the BAA and the safeguards walkthrough

We will issue a Business Associate Agreement and walk your privacy and security teams through PHI redaction, the data policy, and residency before a single request is sent.

Request a BAABrowse all solutions

HIPAA BAA available on Enterprise · PHI redaction on every plan · SOC 2 Type II audit in progress (target Q3 2026)