Built for regulated healthcare.
Independent validation should never introduce new risk. RocSite is engineered so that scrutinizing clinical AI never exposes patient data, weakens model integrity, or breaks your chain of evidence.
Architecture that minimizes your exposure.
Offline by design. ICH Triage runs on your own infrastructure. No PHI is transmitted outside your environment — which matters not only to large health systems but to the VA, defense medicine, and rural facilities where data simply cannot leave the building.
Encryption everywhere. AES-256 at rest and in transit.
Cryptographically signed evidence. Every validation emits an Ed25519-signed receipt — input hash, scoring-instrument version, model output, deterministic output, divergence, and timestamp. The chain is auditable end to end and independently verifiable, so a finding holds up to a clinician, a regulator, or opposing counsel who was not part of building the model.
Immutable audit trail. Evidence lineage you can hand to any of them — not a screenshot, a signed record.
Compliance posture.
HIPAA-aligned by design. Because PHI never leaves your environment, RocSite minimizes your exposure surface from the first day of a pilot. Business Associate Agreements are available where a deployment handles PHI.
SOC 2 Type II. In progress.
HITRUST. On the roadmap.
Independent, falsifiable methodology. RocSite’s validation discipline is pre-registered, locked before data access, and published regardless of result — demonstrated in a 286,510-patient study whose null result we published anyway. Read the study. That is the same discipline applied to every comparison the platform produces.
How your data is handled.
Your data stays in your environment. Validation runs where your data already lives — clinical data is never copied to RocSite to produce a result.
Versioning & lineage. Model version, scoring-instrument version, and inputs are recorded for every result, so any finding can be reproduced and re-checked.
Breach notification. A defined notification window is written into every agreement.
For security & procurement teams.
Reviewing RocSite as a vendor? We’ll provide our security documentation, architecture diagrams, the validation protocol, and a Business Associate Agreement on request. Schedule a conversation.