Sturna enforces HIPAA Security Rule safeguards, FDA SaMD boundaries, and 21 CFR Part 11 WORM audit requirements at the infrastructure layer — not the policy layer. BAA executed before the first query. PHI tokenized before any agent receives your prompt.
OCR enforcement actions are up 340% since 2020. The average resolution agreement now carries $3.2M in penalties. Old BAA frameworks don't cover AI vendor inference — they were written before LLMs processed PHI at query time. Sturna closes that gap architecturally, not contractually.
Six required safeguard categories, each mapped to a named control, an architecture component, and an active audit trail. Not a checklist — a running system.
Documented security officer designation with named control owner. Workforce training records captured per HIPAA §164.308(a)(5). Annual risk analysis completed and version-controlled. Incident response plan tested against OCR breach notification timelines. Every administrative safeguard maps to a named owner — not a team, a person.
MARCH Gate 1 scans every inbound intent for 18 PHI pattern categories: name+DOB combinations, MRN, SSN, insurance ID, diagnosis codes (ICD-10), NPI numbers, geographic identifiers at sub-state granularity, and 10 additional Safe Harbor categories. PHI is tokenized before any agent receives the prompt. Tokens are reversible only within the session, per-tenant, with full audit trail on every reversal.
Business Associate Agreement executed before the first query — enforced as an architectural hard block, not a policy reminder. Subprocessor chain documented and updated on every provider change. AI inference vendors (all LLM providers in the pipeline) are covered under BAA. No PHI flows to any subprocessor without a signed agreement in the chain. The block is at the routing layer, not the terms of service layer.
60-day HHS OCR reporting timeline is tracked from automated incident detection, not from manual discovery. Breach notification workflow is documented and templated: affected-individual identification → HHS report generation → media notification trigger (if 500+ affected individuals in a single state). All detection and notification timestamps are written to the WORM audit log — immutable from the moment of detection.
Every audit entry is HMAC-SHA256 signed at write time. PL/pgSQL triggers block UPDATE and DELETE at the database layer — no application-side code path can mutate an existing entry. Every PHI access event, agent invocation, MARCH gate verdict, and transparency card issuance is recorded. The full audit log is exportable in OCR-auditable format on request, with cryptographic chain-of-custody intact.
Role-based access is enforced per the HIPAA minimum necessary standard — each role carries a defined PHI scope. The access audit log captures every PHI read with requestor identity, timestamp, access purpose, and data category accessed. Emergency access procedures are documented with break-glass audit trail: break-glass events trigger immediate supervisor notification and are written to the WORM log before access is granted.
The routing layer enforces FDA's Software as a Medical Device (SaMD) boundaries before any agent responds. Intents that cross the clinical decision support line are flagged, not softened.
Clinical decision support intents — diagnosis suggestion, treatment recommendation, drug dosing calculation — are detected at the intent routing layer using a dedicated SaMD classifier agent. Intents that cross the SaMD boundary receive a mandatory regulatory disclosure before any substantive response is generated. The disclosure is logged, timestamped, and appended to the session audit record. The classifier runs before any specialist agent sees the input, not after.
Intents that involve functionality within a cleared SaMD's 510(k) exemption scope are validated against that scope at the routing layer. Functionality that falls outside the cleared scope — even when the intent appears adjacent to cleared use — triggers a hard block. The response is not softened or hedged: the agent returns a scope violation notice with the applicable 510(k) predicate reference. There is no path to generating an out-of-scope clinical output through ambiguous framing.
Digital health tools deployed for EU-market organizations are assessed against EU MDR Article 22 standalone software classification criteria at onboarding. Tools that meet standalone software classification thresholds are flagged as candidate medical devices and trigger additional gate validation for every intent. Classification assessment is documented, version-controlled, and updated on material platform changes. MDCG 2019-11 qualification and classification guidance is the reference standard for the assessment.
Every PHI access, agent invocation, and gate verdict. HMAC-SHA256 signed at write time. Immutable at the database layer. Exportable for OCR audits on demand.
| Timestamp (UTC) | Event Type | Agent | Gate | PHI Detected | HMAC Status |
|---|---|---|---|---|---|
| 2026-05-15 04:07:12 | PHI_SCAN_TRIGGERED | medical-auditor-3 | MARCH-G1 | Yes (MRN+DOB) | ✓ VALID |
| 2026-05-15 04:07:12 | PHI_TOKENIZED | tokenizer-v2 | MARCH-G1 | — | ✓ VALID |
| 2026-05-15 04:07:13 | SAMD_BOUNDARY_CHECK | samd-classifier | MARCH-G2 | — | ✓ VALID |
| 2026-05-15 04:07:14 | RESPONSE_GROUNDED | medical-auditor-3 | MARCH-G3 | No | ✓ VALID |
| 2026-05-15 04:07:14 | TRANSPARENCY_CARD | audit-logger | POST-MARCH | — | ✓ VALID |
| 2026-05-15 04:07:14 | AUDIT_ENTRY_APPENDED | worm-logger | WORM | — | ✓ SIGNED |
Status indicators reflect current platform state. Amber indicates active preparation with a defined delivery milestone.
Administrative, physical, and technical safeguards implemented and mapped to named control owners. Annual risk analysis current.
Automated breach detection from WORM audit log anomalies. 60-day HHS OCR reporting timeline tracked from detection timestamp.
HMAC-SHA256 signed audit log. PL/pgSQL-level UPDATE/DELETE blocks. Electronic record integrity verifiable on export.
SaMD boundary classifier runs at the routing layer. Clinical decision support intents flagged before agent response. 510(k) scope verification active.
OCR audit package preparation: 30-day delivery SLA. Resolution agreement documentation template maintained and version-controlled.
High-risk AI classification under Annex III. Technical documentation, human oversight controls, and conformity assessment in progress ahead of Aug 2026 enforcement.
All compliance documentation is available to pilot participants and prospective covered entities. BAA execution is required before first query — not after onboarding.
Business Associate Agreement template covering AI inference, PHI tokenization, subprocessor chain, and breach notification obligations. Executed before first query.
Data Processing Agreement covering lawful bases for PHI processing, data minimization controls, retention schedules, and cross-border transfer safeguards.
30-day delivery SLA. Includes: full WORM audit log export, risk analysis documentation, workforce training records, and breach notification procedure evidence.
Full PHI lifecycle documentation: detection patterns, tokenization scheme, retention limits, access controls, destruction procedures, and audit trail format specification.