Healthcare Intake
How a clinic uses an AI medical assistant to process patient intake forms without exposing PHI to the language model
How a clinic uses an AI medical assistant to process patient intake forms without exposing PHI to the language model.
The Situation
A multi-location primary care clinic processes 200 patient intake forms per day. Each form contains the patient's full name, date of birth, Social Security number, insurance ID, and free-text health complaints. The clinic wants an AI assistant to generate structured intake summaries for physicians, flagging potential conditions and suggesting preliminary questions.
HIPAA is non-negotiable. Patient health information (PHI) cannot reach any third-party model provider. The IT team evaluates several approaches: on-premise models (too expensive to maintain), manual redaction (too slow), and regex stripping (destroys clinical context). None are viable.
The Solution
OGuardAI is deployed as a sidecar container alongside the clinic's EHR integration service. The intake form text passes through OGuardAI before reaching the AI model. PHI is tokenized with semantic metadata so the model can reason about patient context without seeing real identifiers.
Step-by-Step: A Patient Intake
Maria Garcia, DOB 1985-03-22, submits an intake form at the clinic front desk.
Step 1: Intake Form Arrives
The EHR system receives the digitized form:
Patient: Maria Garcia
DOB: 03/22/1985
SSN: 478-22-6391
Insurance: BlueCross ID BC-9920184
Phone: (312) 555-0147
Chief Complaint: I have been experiencing severe headaches for the past
3 weeks, especially behind my left eye. Over-the-counter ibuprofen is not
helping. I also noticed some blurred vision in my left eye yesterday.
My mother had glaucoma.Step 2: OGuardAI Transforms the Form
curl -X POST http://localhost:3000/v1/transform \
-H "Content-Type: application/json" \
-d '{
"input": "Patient: Maria Garcia\nDOB: 03/22/1985\nSSN: 478-22-6391\nInsurance: BlueCross ID BC-9920184\nPhone: (312) 555-0147\n\nChief Complaint: I have been experiencing severe headaches for the past 3 weeks, especially behind my left eye. Over-the-counter ibuprofen is not helping. I also noticed some blurred vision in my left eye yesterday. My mother had glaucoma.",
"policy": "healthcare"
}'OGuardAI detects five entities:
| Original Value | Entity Type | Token | Metadata |
|---|---|---|---|
| Maria Garcia | person | {{person:p_001}} | gender: female, language: en |
| 03/22/1985 | date_of_birth | {{date_of_birth:d_001}} | age_range: 40-45 |
| 478-22-6391 | ssn | {{ssn:s_001}} | -- |
| BC-9920184 | insurance_id* | {{insurance_id:i_001}} | provider: BlueCross |
| (312) 555-0147 | phone | {{phone:ph_001}} | -- |
Entity types marked with * are custom types defined via policy rules, not built-in. See the Extending Entities guide.
The safe text sent to the AI model:
Patient: `{{person:p_001}}`
DOB: `{{date_of_birth:d_001}}`
SSN: `{{ssn:s_001}}`
Insurance: BlueCross ID `{{insurance_id:i_001}}`
Phone: `{{phone:ph_001}}`
Chief Complaint: I have been experiencing severe headaches for the past
3 weeks, especially behind my left eye. Over-the-counter ibuprofen is not
helping. I also noticed some blurred vision in my left eye yesterday.
My mother had glaucoma.Clinical symptoms and family history pass through untouched -- they are medically relevant, not identifiers.
Step 3: AI Generates a Summary
The AI model receives the tokenized text with entity context (age range 40-45, female) and generates:
INTAKE SUMMARY for `{{person:p_001}}`
Demographics: Female patient, age range 40-45
Insurance: BlueCross (`{{insurance_id:i_001}}`)
Presenting Complaints:
- Severe headaches x 3 weeks, retro-orbital (left)
- Refractory to OTC ibuprofen
- New-onset blurred vision (left eye, 1 day)
Relevant History:
- Family history of glaucoma (mother)
Differential Considerations:
- Acute angle-closure glaucoma (family hx + visual symptoms)
- Migraine with aura
- Cluster headache
- Elevated ICP
Suggested Actions:
- Intraocular pressure measurement
- Visual acuity and field testing
- Fundoscopic exam
- Consider urgent ophthalmology referral given family historyThe model never saw Maria Garcia's name, SSN, or phone number.
Step 4: Restore for Different Channels
Doctor's review -- full restore mode:
curl -X POST http://localhost:3000/v1/rehydrate \
-H "Content-Type: application/json" \
-d '{
"output": "<AI summary with tokens>",
"session_state": "<encrypted-blob>",
"output_channel": "physician_review"
}'The physician sees the complete summary with "Maria Garcia," full DOB, and insurance ID restored.
Patient portal -- masked restore mode:
curl -X POST http://localhost:3000/v1/rehydrate \
-H "Content-Type: application/json" \
-d '{
"output": "<AI summary with tokens>",
"session_state": "<encrypted-blob>",
"output_channel": "patient_portal"
}'The patient sees their name restored but SSN shows as ***-**-6391 and insurance ID is partially masked.
Policy Configuration
name: healthcare
version: "1.0"
rules:
- entity_type: "person"
action: "tokenize"
restore_mode: "full"
- entity_type: "date_of_birth"
action: "tokenize"
metadata: [age_range]
restore_mode: "full"
- entity_type: "ssn"
action: "tokenize"
restore_mode: "masked"
- entity_type: "insurance_id"
action: "tokenize"
restore_mode: "full"
- entity_type: "phone"
action: "tokenize"
restore_mode: "masked"
channel_rules:
physician_review:
person: { restore_mode: full }
date_of_birth: { restore_mode: full }
ssn: { restore_mode: full }
insurance_id: { restore_mode: full }
phone: { restore_mode: full }
patient_portal:
person: { restore_mode: full }
date_of_birth: { restore_mode: masked }
ssn: { restore_mode: masked }
insurance_id: { restore_mode: masked }
phone: { restore_mode: masked }
audit_log:
person: { restore_mode: none }
date_of_birth: { restore_mode: none }
ssn: { restore_mode: none }
insurance_id: { restore_mode: none }
phone: { restore_mode: none }What OGuardAI Made Possible
HIPAA compliance without sacrificing AI quality. PHI never reaches the model provider. Clinical symptoms and family history -- the medically relevant parts -- pass through unchanged so the AI can reason effectively.
Channel-specific restoration. The same AI output serves three audiences: physicians see everything, patients see masked identifiers, and audit logs contain no real values.
Zero workflow disruption. The EHR integration calls OGuardAI as a middleware step. Front desk staff and physicians interact with their existing tools unchanged.
Audit-ready. Every transform and rehydrate operation is logged with entity types and policy applied, never with raw PHI. The compliance officer can demonstrate the data flow to HHS auditors.