Healthcare Provider Environment
Biolytics-Managed External Processing
GPU Cloud Provider IaaS Layer
Audit and Compliance Artifacts
Actors
Clinical Application Layer
Provider Controls
Private Network Enclave
Application Storage and Logging
EU Data Center / Region Lock
Hypervisor / Bare Metal
GPU Hardware
(H100 / H200 / B200 class)
Physical DC Security
(provider-controlled)
Application Audit Log
(metadata trail)
Infrastructure Access Log
(SSH, console, cloud trail)
Deployment Provenance
(image tag, model checksum)
Key Rotation Log
(who, when, approval)
Signed DPA / Processor Agreement
(audit rights, incident clauses)
Provider Evidence
(ISO 27001, SOC 2, regional scope)
Doctor / User
DPO / Auditor
EHR Application Server
Access Control
(service authorization)
mTLS Client Auth
+ API Credential
Security Group / Allowlist
(approved client endpoints only)
TLS 1.2+
termination
vLLM Inference Service
(non-root, read-only rootfs)
Operational Access Control
(least privilege, MFA, SSH keys)
Encrypted Volume
(customer-managed controls)
Model Weights
(checksum verified on load)
PHI-Safe Audit Log
(session IDs, timestamps, metadata only)
clinical request
authorize inference use
prepare authenticated call
allowlisted traffic
decrypted inference request
encrypted response
controlled operations access
ephemeral read / write
load model + verify checksum
metadata-only audit event
regional placement
executes workload
physical security coverage
authenticated request carrying clinical context
encrypted response returned to EHR
runs on provider infrastructure
writes operational metadata
records model checksum at deploy time
records key rotation events
provider access and facility trail
regional hosting evidence
certifications and audit reports
covered by processor agreement
review application audit trail
review provider evidence
review contractual basis
>
01
02
03
04
05
06
← Prev
Next →
● Focus