Protecting PHI End-to-End
Werker Health applies two layers of protected health information (PHI) redaction so sensitive data never leaves your control—and never returns unguarded. Every stage is powered by Werker Health Agents, primarily werker-scrub-agent for automated de-identification and werker-compliance-agent for continuous policy verification. Both agents run on Werker’s proprietary pre-trained SOTA models and never learn from your PHI.
- Outbound scrubbing: Requests are sanitized inside your Werker deployment before reaching third-party models.
- Inbound scrubbing: Model responses pass through the same policy engine to ensure no sensitive data leaks back into client-facing applications or observability tools.
Outbound Flow
- Policy detection: Incoming payloads (text, audio transcripts, images, attachments) are scanned with deterministic rules and ML-based detectors for PHI entities (names, MRNs, addresses, medications, etc.).
- Redaction & tokenization: Identified entities are either masked (
) or replaced with reversible vault tokens that preserve downstream context. - Immutable logging: We append the redaction summary—including entity type counts, policy versions, and hashing attestations—to an audit log entry tied to the request.
- Transmission: The scrubbed payload is forwarded to the selected model provider via Werker’s SOC 2 and HIPAA-hardened proxy.
Inbound Flow
- Response inspection: Streaming and non-streaming responses are evaluated for PHI using the same policy engine.
- Rehydration or masking: If downstream consumers are entitled (e.g., clinician-facing tools), vault tokens are rehydrated. Otherwise, PHI remains masked, and alerts are generated for unexpected disclosures.
- Tamper-evident logging: We capture full response diffs, policy decision traces, and rehydration actions in immutable logs.
- Delivery: Only compliant, policy-approved content is returned to the caller or client application.
Example: Request + Response PHI Scrubbing
python
from openai import OpenAI
client = OpenAI(
base_url="https://api.werker.health/v1",
api_key="WERKER_HEALTH_API_KEY",
)
response = client.responses.create(
model="gpt-5",
input=[
{"role": "system", "content": "You redact PHI before reasoning."},
{
"role": "user",
"content": "Patient Jane Doe (MRN 554433) reports chest tightness after jogging."
},
],
metadata={"phi_policy_version": "2025-05-01"},
)
print(response.output_text)ts
import OpenAI from "openai";
const client = new OpenAI({
baseURL: "https://api.werker.health/v1",
apiKey: "WERKER_HEALTH_API_KEY",
});
const response = await client.responses.create({
model: "gpt-5",
input: [
{ role: "system", content: "You redact PHI before reasoning." },
{
role: "user",
content: "Patient Jane Doe (MRN 554433) reports chest tightness after jogging."
},
],
metadata: { phi_policy_version: "2025-05-01" },
});
console.log(response.output_text);Operational Guarantees
- Break-glass governance: Administrators can grant time-bound access to original payloads with automated approval workflows and complete change history.
- Versioned policies: You can pin transformation rules to a policy version, ensuring predictable audit behavior across environments.
- Real-time monitoring: Compliance dashboards expose redaction rates, token usage, and anomaly alerts for every service or team.
- Zero retention: Neither Werner nor upstream model providers store original PHI. Vault tokens reference data that never leaves your encrypted environment.
Integration Tips
- Provide consistent context around structured fields (e.g.,
"patient": {"name": "...", "dob": "..."}) so the policy engine can redact deterministically. - Log your own application-level identifiers (
visit_id,claim_id) via themetadataproperty on Werker API calls for cross-system traceability. - Use Werker’s SDK middleware to automatically apply scrubbing to internal tool callbacks and agent function outputs.
- Configure environment-specific alert thresholds to catch unexpected PHI leakage during development before it reaches production.