🏥 SYNTREX AI Security for Healthcare and Protected Health Information (PHI)

Target audience: Hospitals, telemedicine providers, digital-health platforms, medical-software vendors.

Integrating Large Language Models into healthcare (analyzing medical records, producing preliminary diagnoses, patient-facing chatbots) runs into the strictest constraints around handling personal medical data (PHI — Protected Health Information). SYNTREX makes safe AI adoption possible.

🛑 Key risks and SYNTREX solutions

1. Leakage of medical confidentiality (PHI Data Exfiltration)

Risk: While chatting with one patient, the model may "recall" (through hallucination or a direct attack) data from another patient's medical record. SYNTREX defense:

Engines: pii, hybrid_pii, exfiltration.
Any national insurance number, health-insurance policy ID, full name, or diagnosis is masked before the response reaches the patient. A physician (carrying Role: doctor) still sees the decrypted data thanks to built-in RBAC.

2. Life-threatening hallucinations (Hallucination Control)

Risk: An LLM delivers an incorrect diagnosis or drug dosage with very high confidence (sycophancy / hallucinations). SYNTREX defense:

Engines: output_scanner, false_completion.
output_scanner inspects the model's response specifically (not the request), while false_completion catches fabricated "confirmations" and falsely confident conclusions. Through the Shield policy, SYNTREX intercepts prescriptions and medical conclusions: if the model attempts to state a final diagnosis without an explicit disclaimer, or to prescribe a strictly prescription-only drug, SYNTREX blocks the response or forces it to append the mandatory line: "This information is not a medical diagnosis. Please consult your physician."

3. RAG-corpus poisoning by an attacker (RAG Poisoning)

Risk: A hacker uploads a malicious file into the lab-results intake system that "trains" the model to recommend buying a particular company's supplements. SYNTREX defense:

Engines: rag_corpus_guard, injection.
Every inbound document (PDF, Word) is pre-filtered by SYNTREX before it enters the vector database: rag_corpus_guard controls source provenance and grounding, while injection catches instructions embedded in the document. Suspicious vectors are rejected.

🛠️ Recommended configuration for healthcare

Enable the healthcare-specific engines in syntrex.yaml:

YAML

engines:
  pii:
    action: block  # Strictly block any patient PII output into a shared chat
  exfiltration:
    action: block  # Block PHI leakage in the model's response
    confidence_threshold: 0.95
  jailbreak:
    action: block
    confidence_threshold: 0.85
  output_scanner:
    action: modify  # Inspect the model's response + insert a disclaimer
    disclaimer: "NOTICE: This is an AI-generated response. Please consult a physician."

🚨 Specific to HIPAA / 152-FZ

The SYNTREX instance itself (gomcp + sentinel-core) is designed as a stateless proxy (apart from the Decision Logger):

The platform does not log full model responses (text payloads), retaining only metadata (severity, confidence) for the dashboard.
Zero-Knowledge Proof deployment is supported — the ability to verify the safety of a response without decrypting the request itself.

📜 Telemedicine use cases

Intake bot: the agent collects a patient's complaints. SYNTREX monitors the conversation so a patient cannot "jokingly" (social engineering) trick the bot into issuing a prescription.
Physician assistant: the agent summarizes a patient's chart. SYNTREX ensures the RAG agent does not pull data from the chart of a patient in the next bed (cross-tenant isolation).

❓ FAQ

How does SYNTREX prevent one patient's PHI from leaking to another patient?

The pii, hybrid_pii, and exfiltration engines mask protected health information — insurance numbers, policy IDs, names, and diagnoses — before any response reaches the patient. Built-in RBAC means a verified physician (Role: doctor) still sees the decrypted record, while everyone else does not.

Can SYNTREX stop a medical AI from giving a dangerous hallucinated diagnosis or dosage?

Yes. The output_scanner engine inspects the model's response and false_completion catches fabricated, overconfident conclusions. If the model tries to state a final diagnosis without a disclaimer or prescribe a prescription-only drug, SYNTREX blocks the answer or forces it to append a mandatory "consult your physician" disclaimer.

Is SYNTREX HIPAA- and 152-FZ-compliant?

SYNTREX (gomcp + sentinel-core) runs as a stateless proxy that does not log full model text payloads — only metadata such as severity and confidence. It also supports Zero-Knowledge Proof verification, helping providers meet HIPAA and 152-FZ (Russia's personal-data protection law).

How does SYNTREX protect a healthcare RAG knowledge base from poisoning?

Every inbound document (PDF, Word) is pre-filtered before it reaches the vector database. The rag_corpus_guard engine validates source provenance and grounding, and the injection engine catches instructions embedded in the file, so poisoned documents and suspicious vectors are rejected before indexing.

Can doctors still see full patient records while patients see masked data?

Yes. Built-in RBAC drives the difference: a user carrying Role: doctor sees the decrypted record, while the same PHI fields stay masked for patients in a shared chat.