kolm
BAA-aligned · PHI stays inside the customer-hosted bridge · auditor-ready

Healthcare reference architecture.

The deployment diagram a privacy officer needs. PHI stays inside the customer environment, the compile bridge runs locally, the .kolm artifact ships out without payloads. Same diagram Schedule 1 of the BAA references.

01Trust boundary

What crosses the line, what doesn't.

+======================================================================+ | CUSTOMER VPC (us-east-1 · CMK = kms://customer-managed) | | | | +-----------------+ +----------------------+ +-----------+ | | | Seed store | ---> | kolm compile bridge | ---> | .kolm | | | | (PHI, EHR) | | (LoRA train + eval) | | artifact | | | +-----------------+ +----------------------+ +-----------+ | | ^ | | | | | | redactor pre-pass | | | | v v | | +-----------------+ +----------------------+ +-----------+ | | | Audit log | <--- | PHI redactor | | Inference | | | | (HMAC chain) | | (18 identifiers) | | (offline) | | | +-----------------+ +----------------------+ +-----------+ | | ^ | | +==========|===================================================|=========+ | | | receipts only (no payload, no PHI) | runs on v | provider +======================================================================+ | KOLM.AI (us-east-1) | | | | +-----------+ +----------------+ +---------------------------+ | | | Receipt | | Compliance pkg | | Public registry | | | | chain | | export | | (artifact metadata only) | | | +-----------+ +----------------+ +---------------------------+ | | | +=======================================================================+ Legend: ---> data flow <--- audit echo ==== trust boundary
Crosses the boundary

Signed receipts only.

Artifact SHA, K-score, run timestamps, ring HMACs. No prompts, no outputs, no PHI ever. see a receipt

Stays inside

PHI, EHR, seed JSONL.

Encrypted at rest with customer KMS key. Bridge process reads, redacts, distills — never phones home with bytes.

Ships out (optional)

The .kolm itself.

The artifact carries LoRA weights + recipes + evals + manifest. No PHI inside. Customer chooses to push to hub or keep private.

02Bill of materials
ComponentWhere it runsOwns PHI?Notes
Compile bridge (Docker / Helm)Customer VPCYes — never leavesOne-click deploy from enterprise console
PHI redactor (18 identifiers)Customer VPCPre-pass on every compileStable placeholders [PATIENT], [DATE-1], [MRN-1]
LoRA train + evalCustomer VPCUses redacted seedsK-score gate ≥ 0.95 enforced in PHI mode
Customer KMS keyCustomer VPCEncrypts seeds + receiptsAWS KMS · Azure Key Vault · HashiCorp Vault
HMAC receipt chainCustomer VPCPayload-free4 rings: compile, eval, run, audit — spec
Audit log queryCustomer VPC (read) + kolm.ai (write-only)Pointer + hash only30-day retention or customer-controlled
.kolm runtimeAny device the customer authorizesReceives no PHI from kolm.aimacOS / Linux / Windows / iOS / Android
03Day-zero deploy

The first compile inside a regulated environment.

  1. Sign the BAA (10 minutes)E-sign at /upgrade?plan=enterprise. PHI Schedule auto-populated with the company name. Countersigned at click.
  2. Deploy the bridge (20 minutes)Enterprise console renders Docker Compose + Helm chart + Terraform. Paste into the customer's IaC repo. Bridge phones home once with a heartbeat — not PHI.
  3. Wire the KMS key (5 minutes)IAM role JSON generated in the console. Customer creates the role, pastes the ARN. Receipts henceforth sign with the customer-managed key.
  4. Run the redactor cookbook (12 minutes)Pull cookbook/soap-redactor, point it at 50 anonymised SOAP notes, compile. K=0.97 in our internal seed; the customer's seeds may differ.
  5. Export the compliance packageOne click in /enterprise/console → receipts + audit log + control mapping + BAA + subprocessors in a single JSON the privacy officer can hand to an auditor.

Total: under 60 minutes from BAA-signed to first signed compile, on a fresh AWS account, on a Friday afternoon.

04Failure modes the auditor will ask about
What if…What happens
Bridge tries to phone home with PHIEgress harness drops the packet, ring-3 records bytes-out > 0, run refuses to sign.
Customer KMS key is revokedSigning fails closed. No artifact written. No run executes against the artifact — gate check requires fresh ring signature.
Redactor misses an identifierVerifier placeholder_consistency fails. K-score below 0.95 in PHI mode. Gate refuses, artifact not produced.
Someone swaps the artifactManifest SHA in the receipt no longer matches the artifact bytes. kolm inspect exits 5 CHECKSUM_FAIL.
Auditor asks for run historyCompliance package export at /v1/account/compliance-package returns 90 days of receipts + chain + control mapping. Same bytes you can re-verify locally.
05Paperwork the privacy officer wants
BAA + PHI Schedule

/baa

10-row Schedule 1: Purpose, Permitted Uses, Safeguards, Breach Notification 10 business days, Subprocessors flow-down, Return/Destruction 30 days, Audit Rights, HIPAA Security Rule Mapping, Survival.

HIPAA Security Rule

/security#hipaa-mapping

22-row table: each CFR citation (§164.308–§164.316) mapped to the kolm control that satisfies it. Required vs Addressable flagged.

Subprocessors

/subprocessors

7-row table with PHI-status pills. 30-day notice for change. subprocessors@kolm.ai for objections.