kolm
sign in Get API key →
cookbook · vertical · hipaa-summarizer
Recipe · vertical

Clinical notes, summarized — without the PHI ever leaving.

A local .kolm file that summarizes a clinical note into (chief_complaint, history, assessment, plan). PHI (HIPAA's 18 identifiers) is redacted before training and the verifier rejects any output that contains an HIPAA identifier or hallucinates a finding not supported by the input. Compiled in your VPC; the artifact runs on the EHR host.

base modelqwen2.5-7b-instruct
gold notes600 (420 train / 180 eval)
k-score floor0.88
artifact size2.6 GB
compile time~62 min (in your VPC)
spec sourceredactor + grounded

What this recipe does

Most "AI summary" of clinical notes is impossible at most hospitals because the data can't leave the network. This recipe compiles inside your VPC: the gold corpus is never seen by us, the base weights are pulled from a signed mirror, the artifact is delivered to the EHR host. PHI handling is enforced both at training (regex+NER redactor strips the 18 identifiers from gold pairs) and at run time (output is blocked if a regex match fires on any HIPAA pattern).

The "grounded" verifier rejects any clinical claim that doesn't trace to text in the input. The model can summarize, condense, and structure — it cannot invent.

The spec

{
  "output_kind": "json",
  "schema": {
    "required": ["chief_complaint", "history", "assessment", "plan"],
    "properties": {
      "chief_complaint": { "type": "string", "maxLength": 200 },
      "history": { "type": "string", "maxLength": 800 },
      "assessment": { "type": "string", "maxLength": 600 },
      "plan": { "type": "array", "items": {"type":"string"}, "maxItems": 8 }
    }
  },
  "verifier": {
    "redact_before_train": true,
    "redact_pattern_file": "hipaa-18.regex",
    "output_must_not_contain_phi": true,
    "clinical_claim_must_be_grounded": true
  }
}

Compile (inside the customer VPC)

kolm compile "clinical-note summarizer with PHI redaction and grounded claims" \
  --base qwen2.5-7b-instruct \
  --pairs ./gold-notes/*.jsonl \
  --redactor ./hipaa-18.regex \
  --verifier no-phi-in-output,clinical-claim-grounded \
  --offline-base-mirror ./base-models/ \
  --k-floor 0.88 \
  --output hipaa-summarizer.kolm

ok wrote hipaa-summarizer.kolm
   k_score=0.91  signature=hmac-sha256
   no PHI detected in 180/180 held-out summaries

K-score gate

K-score 0.91 held-out 180 notes · PHI redaction 100% (4 levels: regex, NER, span-suppress, output-block) · grounded-claim 100% · clinician-rated faithful 89%

Clinician rating: a sample of 60 held-out notes were re-read by an attending and the summary was scored "faithful" / "minor edits" / "wrong." 89% faithful, 11% minor edits, 0% wrong (none claimed a finding not in the note).

Run-time profile

Hospital server
2.4s
RTX 5090
510ms
Mac mini
2.8s
CPU x86
3.6s

Deploy

# EHR background job — summarize new notes for the chart-prep pane:
on_note_signed = (note) => {
  const sum = kolm.run('hipaa-summarizer.kolm', note.text);
  ehr.attach(note.id, 'ai-summary', sum);
  audit.log({ artifact: 'hipaa-summarizer.kolm', note_id: note.id, k_score: sum.receipt.k_score });
};

Audit log includes the artifact's signed receipt — every summary is traceable to the exact compiled model that produced it.

Related recipes

Finance disclosure
SEC filing → redacted public draft.
Legal clause extract
Contract → labeled clause set.
Sensor classifier
Edge sensor stream → labeled events.