SGA Dental Partners · Briefing for Ron

What Data Goes Where
When We Run Claude.

A high-level walkthrough of how the OM Daily brief moves data today, and four ways to make that flow safer — from a do-it-ourselves decoder ring to a hardware-locked Azure enclave.
01 / 07
Prepared byScott Guest
AudienceRon · CIO
DateMay 2026
Read time~6 minutes
Diagram 1 · Where we are today

Today: Power BI → Script → Claude

02 / 07
INSIDE SGA Power BI Semantic Model (production data) SOURCE Our Script Layer Pulls query results Builds the JSON payload NO TOKENS USED HERE query OUTSIDE SGA Claude API Anthropic hosted model processes the JSON payload JSON over HTTPS (this is what the model sees) response text Database query runs directly — no AI involved Python / Node serializes the results into JSON JSON is the entire input the model gets
SGA · DATA SECURITYDiagram 1 of 4
The Controls Inventory

What's Already Locked Down — and What's Next

03 / 07
IN PLACE TODAY

Baseline — what we already have

BAA with Anthropic
Business Associate Agreement on file. Contractual HIPAA boundary already established with the model provider.
Zero Data Retention (ZDR)
Anthropic deletes the JSON payload the moment the response is returned. No logs, no storage, nothing sitting on their servers.
Encryption in transit to Anthropic
Every call moves over TLS 1.2+. The payload is unreadable on the wire between our environment and the API.
Data at rest in Azure (where it lives there)
Azure SQL, Cosmos, and Data Lake Storage encrypt by default. Anything we've already moved into the tenant is already encrypted on disk.
!
Scattered databases outside the tenant
Local SQLite / DuckDB files spun up by agents today live wherever the agent ran. Not centrally governed, not consistently encrypted, not audited.
!
No PHI scrubbing before send
The JSON payload to Claude carries whatever fields the query returned. We rely entirely on contract + ZDR — not on technical de-ID.
FUTURE STATE

What we add — layered, not all-or-nothing

+
De-identification layer (homegrown or commercial)
Strip PHI before it leaves SGA. Decoder ring stays local. Even if everything else failed, the payload would contain only opaque tokens.
+
Consolidate all data into Azure tenant
Stop creating databases outside our walls. Every agent-spawned SQL / vector store / cache lives in the Azure sandbox under one governance model.
+
Encryption at rest, everywhere
Once everything lives in Azure, the at-rest control is universal — no more files on local disks that escape the policy.
+
Auditable AI gateway (optional)
Every Claude call routed through a logged proxy so we can prove what left and what came back — useful for compliance reviews.
+
Confidential computing enclave (heavyweight)
Data stays encrypted even during processing. Removes our dependence on Anthropic's retention promises — the data simply never leaves.
+
Documented audit trail per request
Who triggered it, what fields went out, what came back, when. Phase B-ready before PHI ever crosses the line.
ANTHROPIC SIDEBAA · ZDR · TLS in transit
SGA SIDEAzure encryption at rest · tenant consolidation
STILL TO ADDDe-ID layer · confidential compute
SGA · DATA SECURITYControls inventory
Diagram 2 · Option A — Build it ourselves

Manual De-Identification — The Decoder Ring

04 / 07
INSIDE SGA Power BI real data 1. Strip Names, MRNs, DOBs replaced w/ tokens Patient_47A8 2. Decoder Ring Lookup table stays local only 47A8 → Jane Smith 4. Re-identify Reverse-map tokens to real values Patient_47A8 → Jane OM Brief to the right manager with full context OUTSIDE SGA Claude API sees ONLY tokens never real PHI step 3 — AI processing tokenized JSON tokenized response
SGA · DATA SECURITYDiagram 2 of 4
Diagram 3 · Option B — Buy a guardrail

Drop-in Commercial Gateway

05 / 07
INSIDE SGA Power BI real data Our Script builds JSON Privacy Gateway (off-the-shelf product) Detects PHI in payload Tokenizes · logs · audits Re-IDs on return OUTSIDE SGA Claude API sees tokens only tokenized All de-identification, mapping, and audit happens in the gateway — we don't write the regex, we configure the policy.
SGA · DATA SECURITYDiagram 3 of 4
Diagram 4 · Option C — Lockbox in our cloud

Azure Confidential Computing — The Hardware Lockbox

06 / 07
INSIDE SGA AZURE TENANT Power BI semantic model Azure SQL encrypted at rest Agent Sandbox all jobs run here CONFIDENTIAL ENCLAVE Hardware-Locked Memory Data decrypted ONLY inside a sealed CPU region • Host OS cannot see it • Hypervisor cannot see it • Even Azure admins cannot AMD SEV-SNP · Intel TDX OUTSIDE OPTIONAL Claude API called from inside the enclave only or self-hosted model tokenized only Even if Azure itself were breached, the attacker reads only encrypted memory.
SGA · DATA SECURITYDiagram 4 of 4
Summary · The Ladder

Four Steps. We Don't Have to Pick All of Them.

07 / 07
STEP 0 · TODAY

Current state

BAA + TLS + (negotiate) zero data retention. Defensible, but no in-house guardrail on what PHI fields go out.

EFFORT
STEP 1 · QUICK WIN

De-ID layer (homegrown)

Strip PHI in our script, keep the decoder ring local, re-identify on return. Weeks, not months.

EFFORT
STEP 2 · HARDENED

Commercial gateway

Skyflow / Protecto / John Snow Labs — battle-tested NER, audit logs, less DIY risk. License cost.

EFFORT
STEP 3 · SOVEREIGN

Azure confidential compute

Consolidate everything into our Azure tenant. Hardware-locked enclave. Data never visible outside SGA.

EFFORT

First thing I'll verify when I'm back at the codebase

Find the JSON serialization step in the OM Daily pipeline. That tells us exactly which fields the model sees today — and that drives where Step 1 needs to scrub.

My recommendation

Start with Step 1 (homegrown de-ID) while we evaluate Step 2 vendors. In parallel, move toward Step 3 by giving me an Azure sandbox so new databases stop landing in scattered environments.

SGA · DATA SECURITYSummary
Use ↑ / ↓ or scroll · Press P to print to PDF