Visca
Solutions/Industry

Healthcare

PHI can't be shipped to a model API. The scribe, the model, and the record all run in your tenancy — on a stack that maintains itself.

Charts, notes, images, and the rest of a patient's PHI are precisely the data a health system cannot route to hosted model, transcription, or voice APIs — every vendor in that chain needs a BAA, and every outbound call is egress that won't survive the security review. Keeping PHI in your tenancy means self-hosting, but a do-it-yourself stack of a model server, a transcription project, an identity layer, and an audit pipeline is a dozen seams and an ops burden no clinical IT team signed up for. Visca runs the whole stack — identity, credentials, runtime, and audit — inside your perimeter, with its own operators keeping it current. Proven on ourselves first: a clinical AI product built on this stack is approved and in pilot at Stanford.

Why the data can't leave

Hosted AI is out. A stitched stack is the only thing left — and it breaks here.

Service-account access to the whole panel

An agent integrated to the EHR through a service account can read every patient the clinician can. A leaked credential is a panel-wide PHI breach.

No machine-distinguishable AI authorship

The EMR audit shows a clinician edited a note. It does not show that an AI drafted the content underneath. For malpractice and bias review, that distinction is everything.

An ops burden no health system wants

Self-hosting the model server, the transcription pipeline, and the audit chain means someone patches them, rotates their credentials, and answers their incidents. Hospital IT is already stretched; a second infrastructure estate is a non-starter.

One stack, not a stitched one

How the stack answers the review, applied to healthcare.

Identity

AI authorship, distinct from the clinician's

The clinical AI acts under its own identity, separate from the clinician's. The trail says: AI drafted, clinician edited, clinician attested — verifiable and exportable to the EHR.

Credentials

Per-encounter PHI access

Read this patient, for this visit, for this duration, with this consent on file. No standing panel-wide access; nothing for a leaked token to read.

Runtime

Models inside your tenancy

The model, the prompts, and the outputs execute inside your perimeter. No outbound call to clear, no new BAA per vendor, no egress finding to remediate.

Audit

An encounter record a reviewer can trust

What the AI saw, what it drafted, what the clinician changed, what was attested — one chained, tamper-evident record. A single query, not weeks of forensics.

Operators

Maintenance without a second IT org

The stack's own operators deploy, upgrade, patch, rotate credentials, and answer incidents — inside the tenancy, under the same identity and audit, on the same record.

What you get

Outcomes.

Relevant frameworks

HIPAA (BAA)HITRUSTSOC 2 Type II21 CFR Part 11 (where applicable)

Visca Cloud has not yet completed formal certification against these frameworks; the stack is architected to meet them and audits are in progress. See the compliance roadmap.

In practice

An ambient clinical scribe

During a visit, the scribe requests a per-encounter credential: read this patient's chart, for this visit, for forty-five minutes. It drafts the note under its own identity; the clinician edits and attests under theirs; both land on one record. Months later, when the note is questioned, the authorship trail — and the patch history of the stack that produced it — is one query, not weeks of forensics.

Other industries

The Autonomy Stack for regulated industries

The stack that gets you approved — and then maintains itself.

Identity, credentials, runtime, and audit — shipped as part of your product, run inside your customer's walls, operated by agents under the same ledger as everything else. Nothing leaves the perimeter. Nothing is off the record.