
De-identify once.
Research forever.
On-prem, clinical-aware PHI removal — then structured extraction, ICD-10 coding, cohort building and real-world evidence. Your records become research-ready data, and the patient never leaves the hospital.
Identified · raw chart
Rahul Mehta · 54M · MRN 442819
Aadhaar 4321 8765 9012
+91 98200 12345 · Mumbai
14 Apr 2026 · NSTEMI
Source · clinical note
Rahul Mehta, 54M · MRN 442819 · Aadhaar 4321 8765 9012. Admitted 14 Apr 2026 with NSTEMI, hemodynamic instability. Ph +91 98200 12345, 12 Marine Drive, Mumbai.
Your most valuable asset is the data you can't use.
Years of records, locked
Decades of clinical history sitting in files — too sensitive to ever touch.
Pharma & CRO can't access it
Real-world evidence buyers want data the hospital legally can't hand over raw.
Manual redaction is impossible
Black-marker de-identification on 10,000 charts is a non-starter.
Cloud anonymisers send PHI out
Most tools ship identified data off-prem before masking — a compliance dead-end.
No re-identification control
Once data leaves, the hospital loses the key — and the liability stays.
Research value left on the table
Cohorts, RWE, trial feasibility, brand-share — all unrealised revenue.
The data is already in your building. What's missing is a way to make it safe to use — without it ever leaving.
De-identify on-prem. Keep the key. Unlock the research.
The identifiers leave. The medicine stays.
Most anonymisers are blunt regex that mask anything that looks like a name — including your diagnoses. Ours is clinical-aware, audited twice, and keeps the re-identification key in a vault you control.
Detect
Every identifier found — names, MRN/UHID, Aadhaar, phone, email, address, dates. On-prem, before anything leaves the building.
Clinical-aware NER
Won't mask “Hemodynamic Instability” as a name. Medical entities are understood and preserved — only true PHI is removed.
Pseudonymise
Consistent pseudonyms across documents (same patient → same ID). Date-shifting preserves clinical intervals; ages band at 90+, addresses generalise to city.
Second-pass audit
An AI auditor re-reads the masked text only, hunting residual identifiers. Nothing is signed off until it reads clean.
Vault the key
The re-identification key is sealed in a separate PHI vault that stays hospital-controlled. De-identified output flows out; the key never does.
Identified data never leaves the building.
Only de-identified, research-ready output does.
Safe-harbour de-identification, done properly.
On-prem PHI removal
Names, MRN/UHID, Aadhaar, phone, email, address and dates — removed inside your data centre.
Clinical-aware NER
Won't mask “Hemodynamic Instability” and other clinical terms as names. Medicine stays; identity goes.
AI second-pass audit
A residual-identifier sweep that runs over the masked text only — defence in depth.
Consistent pseudonyms
Same patient resolves to the same ID across every document, every admission.
Interval-preserving date-shift
Dates shift, but clinical intervals and length-of-stay are mathematically preserved.
Age banding & generalisation
Ages band (90+) and addresses generalise to city level — safe-harbour by design.
Separate PHI vault
The re-identification key stays hospital-controlled, isolated from the research dataset.
Side-by-side viewer
Original vs de-identified, with every removed entity highlighted for verification.
Even the handwritten, scanned page — read, coded, structured.
Page 1 / 1
Dx: NSTEMI
Rx: Jardiance 10mg
Rx: Vozet 5mg
Proc: PTCA + DES
Extracted
Diagnosis
Medication
Medication
Procedure
Auto de-identify pipeline
Upload PDF / TXT → de-identified output, end to end.
Handwritten & scanned vision
AI reads scanned and handwritten documents, page-by-page, one at a time.
Line-by-line transcript
Extracted text sits beside the original page for stakeholder verification.
Structured extraction
Diagnoses, medications, labs, procedures and outcomes — pulled into fields.
ICD-10 on every diagnosis
Each diagnosis is coded, with badges, filters and charts downstream.
Brand → molecule resolution
Xyzal/Vozet → levocetirizine, Jardiance → empagliflozin, and thousands more.
Ask in plain language. Get cited answers.
▍
AI Research Briefing
Findings discovered for you — proactively surfaced, severity-tagged and citation-bound, before anyone runs a query.
Patient journey timeline
Longitudinal, across admissions — even after pseudonymisation.
Hybrid search
Semantic + full-text, so meaning and exact terms both land.
A deterministic Signal Board — every alert explainable.
Drug-interaction surveillance
Warfarin + NSAID co-prescription bleeding signals, surfaced across the cohort.
Pharmacovigilance Signal Board
Rule-based: drug–drug interactions, antimicrobial resistance, materiovigilance, electrolyte signals.
Comparative effectiveness
SGLT2i vs non-SGLT2i HF readmission · DOAC vs warfarin bleeding · GLP-1 HbA1c & weight change.
Brand-share intelligence
Share within molecule — the real prescribing picture, de-identified.
Antibiotic stewardship
Empirical vs culture-sensitivity mismatch, flagged for the AMS committee.
Readmission risk profiling
Markers at discharge that predict who comes back — before they do.
From a question to a research-ready cohort — in seconds.
Eligible patients
0
Admissions by ICD-10
Cohort Builder
Filter by ICD-10 / molecule / site / age / gender — with live patient counts as you go.
Trial feasibility screen
Eligible patients per site, computed straight from inclusion criteria.
Analytics
Diagnoses by ICD-10, brand share, admissions trend, length-of-stay by department.
India network map
Live sites plus the onboarding pipeline, on one map.
Network value projector
ROI sliders that model the value of the network as it grows.
Research-ready export
CSV / JSON — whole cohort or query-cited records, ready for analysis.
Data Sharing Certificate
A signed PDF: what was removed, the method used, and the audit reference.
The key never leaves.
Neither does the risk.
- On-prem by default — de-identification runs inside your data centre, PHI never leaves
- DPDP Act 2023 aligned — data minimisation and purpose-limitation built in
- Re-identification key sealed in a separate, hospital-controlled vault
- AI second-pass audit over masked text for residual identifiers
- Indian data residency — every document and dataset stays on Indian infrastructure
- Role-based access — only authorised research and governance roles
- Every release ships with a signed Data Sharing Certificate (method + audit ref)
- No model training on your data without explicit, revocable consent
Questions governance teams actually ask.
Don't see your question? Bring it to the demo — we'll de-identify a sample of your own records, live and on-prem.
Your data stays.·The identity goes.
Unlock decades of records.
Without the patient ever leaving.
Book a 20-minute demo. We'll de-identify a sample of your own records — on-prem, for free — and show you the research-ready cohort that comes out the other side.