Ambient clinical scribes

Every encounter, provable.

Ambient documentation moves protected health information through models at conversation speed. Buyers no longer ask whether you have PHI controls. They ask for proof the controls ran, on every encounter.

Book the Sprint Verify a receipt

The gap

Security review now asks for runtime proof.

A health system evaluating an ambient scribe used to accept an architecture diagram and a SOC 2 report. The questionnaire has changed. Reviewers now ask what happens to PHI at the model egress boundary, on every encounter, in production, and they ask for evidence rather than assertion.

Self-reported logs do not survive that review. They are written by the system under examination, they can be amended after the fact, and a reviewer has no independent way to check them.

Proving that PHI controls executed at the egress boundary, at the moment a draft note left the model, is a gap Glacis closes. The product was shaped by deployment experience in this category, including production work with a leading ambient clinical scribe, where the egress boundary is crossed on every encounter and every crossing needs evidence.

Regulatory surface

The questions reach further than HIPAA.

Ambient documentation sits where privacy law, contract scope, and procurement diligence overlap. A record of what executed answers each of them better than a description of what should have.

HIPAA minimum necessary

The minimum-necessary standard expects an AI tool to touch only the PHI required for its purpose. A receipt that records the egress check executing on each draft note turns that expectation into evidence.

BAA scope

Business associate agreements define what a scribe vendor may do with PHI, including audio retention and model-training questions. Runtime receipts show what actually happened, not only what the contract permits.

Recording consent

CIPA and other all-party-consent regimes treat the clinical conversation as a confidential communication, with statutory damages that can reach $5,000 per violation. Recent litigation over undisclosed recording has put consent documentation under direct scrutiny.

Buyer security questionnaires

Health-system questionnaires now carry AI-specific sections on egress, logging, and control execution. A receipt the reviewer can verify independently answers those rows with cryptography instead of prose.

EU AI Act Article 12

Where a scribe is classified as high‑risk under the EU AI Act, Article 12 record-keeping applies: logs generated automatically across the system’s lifetime. Hash-chained receipts give that obligation a runtime artifact rather than a policy answer.

One artifact for all of it

The same signed receipt answers the privacy officer, the security reviewer, and the EU reviewer, because each of them can check it without trusting the vendor who produced it.

From encounter to evidence

One workflow, witnessed end to end.

01

Encounter audio

The visit is captured and transcribed inside the operator’s environment. Nothing about this step changes.

02

Draft note at the model boundary

The model produces a draft clinical note. This is the moment PHI could leave, and the moment security review asks about.

03

PHI egress check executes locally

The Glacis arbiter evaluates the draft against policy at the boundary, inside the operator’s infrastructure. The note and the audio stay where they are.

04

Receipt signed

What executed becomes an Ed25519-signed record: operator-signed and countersigned by an independent Glacis witness.

05

Hash-chained into an evidence pack

Each receipt commits to the one before it. Receipts assemble into the pack a health system’s reviewer verifies at /verify.

The canonical receipt for that workflow, reduced to its key fields: subject.workflow is the scribe draft-note step, and controls.phi_egress_check recorded a pass. The verifier below loads the full receipt and runs every check.

Canonical receipt · OVERT 1.1
Receipt
glc_receipt_019765f0…a8f135
Format
OVERT 1.1.0 · receipt v2.0
Workflow
ambient-scribe-draft-note
Signed
2026-06-11T09:14:02.317Z
PHI egress check
pass
Guardrail action
allow · 14 rules evaluated · 0 triggered
Input hash
31ee69bf…ae248981
Output hash
157cf56f…beb3a161
Operator signature
Ed25519 · 10caced1…f4f3150b
Witness countersignature
Ed25519 · 999464e4…98354901
Chain
position 1 · previous genesis

Demonstration workflow data. The cryptography is real: every signature and hash verifies in your browser.

Run the checks below

Verify it yourself

Run the checks in your browser.

The verifier below fetches the full canonical receipt and checks both Ed25519 signatures and the hash commitments with WebCrypto, locally, on this page.

The Sprint

What 30 days delivers.

The Agent Runtime Security & Evidence Sprint takes one named scribe workflow from instrumented to provable in 30 days.

One named workflow

We instrument a single encounter workflow end to end: the one your buyers ask about first.

A live arbiter at egress

Runtime controls execute at the model egress boundary in your infrastructure, evaluating every draft note before it leaves.

Signed receipts

Every consequential decision produces a hash-chained Ed25519 receipt, operator-signed and independently witnessed.

A verifiable evidence pack

The deliverable: a pack the health system’s reviewer checks themselves at /verify, without taking anyone’s word for it.

Bring the workflow your buyers ask about.

In 30 days it runs behind a live arbiter at the egress boundary and ships with an evidence pack the next security review can verify.

Book the Sprint