PHI never reaches the model.
Or the log.
PHI-redaction guardrails strip identifiers inline before a prompt is forwarded, a zero-content data policy keeps logs PHI-free, and a HIPAA BAA is available on Enterprise.
HIPAA-eligible workloads · BAA on Enterprise · redaction on every plan
- Every requestPHI redactionIdentifiers stripped inline
- Zero-contentData policyLogs can store no PHI at all
- AvailableHIPAA BAAOn Enterprise, on request
- InlineGuardrail checksIn-process, not a network round-trip
Strip PHI in the request path. Keep it out of the log.
A single guardrail is a single point of failure. Nemo Router pairs inline PHI redaction — powered by Microsoft Presidio, which strips common HIPAA identifiers inline (names, dates, contact details, SSNs, and record/account numbers) — with a logging policy that can store no request content at all. Even an un-redacted edge case never becomes a stored record.
- Guardrail layer: identifiers redacted before the prompt is forwarded
- Logging layer: zero-content policy stores no request or response body
- Metadata-only keeps cost + token counts for billing and analytics
- Policy is org-wide and enforced on every request — no per-call opt-out
Step 01 — inbound
Prompt contains identifiers
A clinician note or patient message arrives at the gateway
Step 02 — guardrail
PHI redacted inline
Presidio strips identifiers before the request is forwarded
Step 03 — storage
PHI in logs: none
Zero-content policy — only cost + token metadata is kept
Failover that keeps clinicians online
Fallback chains retry on a backup model when a provider degrades — 99.9% uptime SLA on every tier.
Append-only audit trail
Every key, guardrail, and policy change recorded with actor, timestamp, and diff for your compliance file.
Budgets per team and key
Claims, triage, and product workloads each run on budgeted keys — a tripped hard cap returns a clean 402.
HIPAA is a shared responsibility — here is our half.
- Nemo Router provides the technical safeguards — PHI redaction, zero-content logging, AES-256 encryption, RLS tenant isolation, an append-only audit trail — and a BAA on Enterprise.
- Your organization remains responsible for how PHI is used in your application and for your own HIPAA program. A BAA defines that boundary.
- SOC 2 Type II is in progress (target Q3 2026); the infrastructure substrate (Cloud Run, Supabase) is already SOC 2 Type II certified. We will not say “certified” until our own report is signed.
Need the BAA before a privacy review? sales@nemorouter.ai will issue one and have security walk your team through the safeguards.
Healthcare questions, answered
Will you sign a HIPAA Business Associate Agreement?
Yes — a BAA is available for healthcare customers processing PHI, issued through the Enterprise team. Request one at /contact?topic=baa or by emailing sales@nemorouter.ai. PHI-redaction guardrails are included on every plan at no extra cost regardless of whether a BAA is in place.
How do you keep PHI out of request logs?
Two layers. First, PHI-redaction guardrails strip identifiers inline before the request is forwarded. Second, the organization data policy can be set to zero-content or metadata-only, so request and response bodies are never written to a log at all — you keep cost and token telemetry without storing any protected health information.
Is Nemo Router HIPAA compliant?
Nemo Router supports HIPAA-eligible workloads and will sign a BAA on Enterprise. HIPAA compliance is a shared responsibility: Nemo Router provides the technical safeguards (PHI redaction, zero-content logging, encryption, access control, audit logging) and the BAA, while your organization remains responsible for how PHI is used within your application. We will walk your privacy team through the controls before you go live.
Can health data stay in a specific region?
United States is the default footprint. EU residency is generally available on Enterprise, with the UK, Canada, Australia, Singapore, and India available on request. Customer data is replicated within a single region and is never moved without an explicit migration request.
Start with the BAA and the safeguards walkthrough.
We will issue a Business Associate Agreement and walk your privacy and security teams through PHI redaction, the data policy, and residency before a single request is sent.
HIPAA BAA available on Enterprise · PHI redaction on every plan · SOC 2 Type II audit in progress (target Q3 2026)