AI in clinical workflows, with an audit trail.
Health systems, payers, and clinical research teams use Prova as the control plane for AI in clinical summaries, prior-authorization, and regulatory work. Tamper-evident receipts, PHI / PII detection at the gateway, HIPAA-aligned audit trail.
The problem with unverified AI reasoning
AI in clinical workflows with no audit trail
Summarization and prior-auth models touch protected health information dozens of times a day. Without a signed receipt per decision, an OCR audit or breach review has nothing to go on.
PHI leakage into downstream agents
Agent A summarizes a chart; Agent B drops the summary into a vendor model call. The PII / PHI detector catches the leak at the gateway and signs the attempt. Raise the policy to block to stop the call before the downstream model sees it.
Prior-auth at scale, with appeals risk
Payers process thousands of AI-assisted determinations a day. A signed receipt per decision is the only evidence that will survive an appeal or a state attorney general inquiry.
How Prova solves it
Signed receipt per clinical AI decision
Every AI call lands in the Audit Vault as an Ed25519-signed receipt. Attach it to the chart, the appeal packet, or the regulator submission. Independently verifiable without trusting Prova.
PHI / PII screening at the gateway
Gateway mode runs the PII and PHI policies before the model call. They detect and record by default; raise pii_in_prompt or phi_in_prompt to block and the gateway stops the call before the prompt leaves. Every attempt is captured either way.
Self-hosted for PHI workloads
Deploy on your own infrastructure with no outbound calls. Receipt signing key stays in your environment. BAAs available for managed deployments.
Boundary manifest per clinical agent run
Declare the data scopes a clinical-decision agent may touch (patient_id, encounter_id) and the tools it may call. The boundary_violation policy signs an audit trail of any breach. The medical_decision_no_hitl policy enforces human review where Article 14 oversight requires it.
Bring clinical AI under one control plane.
Self-hosted deployment available. BAAs for managed tiers.