.svg)
Artificial intelligence is poised to revolutionize healthcare, from designing life-saving drugs to delivering personalized patient care. But there's a billion-dollar question holding progress back: How to safely train or fine-tune using protected health information without risking a violation of HIPAA.
The Core Problems: "Data in Use" Vulnerability and Shared Tenancy
Today’s cloud security practices often focus on encrypting data at rest (when stored) or in transit (while moving). But there’s a hidden vulnerability: at some point, that data must be decrypted to be processed—and that's where risk creeps in whether it’s from hackers, misconfigurations, or even malicious insiders.
Once decrypted, sensitive data sits in system memory, where it can be accessed by the operating system, hypervisor, or malicious insiders. For companies working in healthcare, this is a serious exposure.
This challenge is compounded by the architecture of many clouds. Data is often processed in a multi-tenant environment. Multi-tenant environments are subject to further potential security challenges.
The Corvex Solution: Single-Tenant, HIPAA-Compliant VPCs Wrapped in Confidential Compute
At Corvex, we built our AI cloud to solve this exact problem. It starts with the basics: HIPAA and SOC 2-compliant Virtual Private Clouds. But the real game-changer is how we solve the 'data in use' problem with confidential computing.
Confidential Computing uses a hardware-based Trusted Execution Environment, or TEE. Think of it as a secure, isolated black box built directly into the processor. Your encrypted data and your AI model go into this black box, the GPU does its work inside, and only the results come out. The raw data is never exposed in memory—not to an attacker, not to the operating system, and not even to us as the cloud provider. That is particularly important for data subject to HIPAA because it provides technical safeguards for some of the most critical parts of the Security Rule.
First, it addresses access control. The rule under section 164.312 requires you to limit access to electronic PHI. The TEE is the ultimate access control—it ensures that only the authorized AI process can ever see the decrypted data.
Second, it ensures data integrity. The same rule requires you to protect PHI from improper alteration. Because the data is processed inside a sealed, tamper-proof environment, its integrity is guaranteed during computation.
And finally, it powerfully supports the minimum necessary rule. You are only exposing the results of the computation, not the underlying patient data itself, perfectly aligning with the principle of using only the minimum data required to do the job.
Real-World Impact: How Confidential Computing Enables Compliant AI Research
Let’s look at some real-world use cases for how confidential computing could be applied in the medical and pharmaceutical industries.
- An early-stage AI company can train a generative AI model on real genomic data with full confidentiality.
- Two research hospitals can collaborate to train a single diagnostic model without ever sharing their private datasets, knowing they have the technical safeguards to meet HIPAA.
- Health systems and payors can run fraud detection on millions of claims or build predictive models on live EMR data with the documented, auditable proof that 'data in use' is protected.
Security is essential, but in today’s technology landscape it can’t come at the cost of performance. That’s why Corvex runs on the latest, most powerful NIVIDA B200 and H200 GPUs to accelerate AI workloads. This summer (3Q 2025) we’re taking that performance a leap further with the launch of Corvex Ignite, a new software accelerator that dramatically speeds up AI models and significantly lowers the total cost of ownership for AI compute.
Fast, performative confidential computing can empower leaders in biopharma, health systems, insurance and EMR to use AI to its full potential by removing the risk of unsecured data.
Read more about confidential computing on our website, or reach out to chat with one of our experts.
.png)
.svg){kind=icon}
.png)