BAA + TLS + (negotiate) zero data retention. Defensible, but no in-house guardrail on what PHI fields go out.
Strip PHI in our script, keep the decoder ring local, re-identify on return. Weeks, not months.
Skyflow / Protecto / John Snow Labs — battle-tested NER, audit logs, less DIY risk. License cost.
Consolidate everything into our Azure tenant. Hardware-locked enclave. Data never visible outside SGA.
Find the JSON serialization step in the OM Daily pipeline. That tells us exactly which fields the model sees today — and that drives where Step 1 needs to scrub.
Start with Step 1 (homegrown de-ID) while we evaluate Step 2 vendors. In parallel, move toward Step 3 by giving me an Azure sandbox so new databases stop landing in scattered environments.
Send sensitive fields (names, MRNs, DOBs) to Skyflow → get back deterministic tokens → ship tokenized payload to Claude → Skyflow re-identifies on the return. Their LLM Privacy Vault wraps Anthropic/OpenAI calls directly.
Capability fit is real — this is exactly the in/out pattern we want. But scale is wrong: priced for millions of records/day. Our 265 calls/day is a rounding error in their target market. Phase B PHI is still months away.
$120K–$200K/yr. Vendr transactions cluster near $195K. AWS Marketplace = “contact sales / custom annual.” No meaningful free tier — sandbox only via sales.
POC: 1–2 weeks (Python SDK + one vault + ~10 PHI schemas). Production: 4–8 weeks including Skyflow BAA execution, role/policy modeling, observability, DR config.
Separate BAA with Skyflow (3rd party in PHI chain). Python & Node SDKs — both fit our stack. Not Azure-native — calls go to their AWS-hosted vault. Schema lock-in: vault schemas defined upfront, migration required to change.
Cost/value mismatch at our volume is severe. Third BAA = third audit surface. Vendr sample size tiny. Microsoft Presidio (free OSS, Azure-native) covers 80% of the value for ~3 days of engineering.
NER scans text for PII/PHI → replaces values with deterministic, entropy-based tokens that preserve meaning (e.g. “George Williams” → “wRePE302Qx vUc7DruuWm”) → LLM processes → SDK unmasks on return. Two REST endpoints, simple Python wrap.
Strongest technical match for the pattern. Reversible deterministic tokens preserve narrative consistency per practice. But our payload is structured Power BI JSON aggregates — almost no free-text PHI. NER on numeric KPIs is wasted.
$3K–$120K/yr. Self-serve startup tier $250/mo. Enterprise list ~$10K/mo per SoftwareSuggest. Enterprise BAA + VPC deploy almost certainly $30K–$120K range. 14-day free trial available.
Fastest of the lot. POC: 1–3 days — REST + Python SDK (protecto-ai on PyPI). Production: 2–4 weeks incl. BAA, VPC deploy if needed, audit logging. Inovalon case study: <1 wk POC, <30 days prod.
Python SDK ready. BAA available (must execute). No Azure marketplace — SaaS or custom Azure VPC. Tokens only reversible inside their vault (outage = no re-ID). Anthropic Claude is a supported LLM.
Solves a problem we don’t have today (aggregated metrics ≠ unstructured PHI). Thin third-party validation — few independent reviews. Pricing opacity ($250 vs $10K spread = sales-led). Anthropic BAA already covers most exposure.
Python library of 2,500+ pre-trained clinical/medical NLP models built on Apache Spark. De-ID pipeline detects 23+ PHI entity types and either masks or substitutes realistic surrogates while preserving relational consistency. Hospital-grade: Providence de-identified 2B notes with 0% re-ID rate.
Overkill for the data shape. Their edge is unstructured clinical text (notes, discharges, pathology). SGA’s payload is structured JSON aggregates — no clinical notes. Dental NER doesn’t exist in their corpus (trained on MIMIC, i2b2). Spark JVM is mandatory — heavy dependency for 265 calls/day.
$50K–$120K/yr floating license. AWS Marketplace hourly ~$47/hr on m5.2xlarge ($34K/yr always-on). 24x7 support pushes to $150K–$250K. Per-server licensing — no volume discount for our scale.
POC: 2–3 weeks incl. JVM/Spark setup, model download (5–15GB), license activation, integration. Production: 6–10 weeks with re-ID mapping, audit logging, security review.
Spark runtime mandatory (even single-node). Adds JVM to deployment, ~2GB container size. License JSON file. Python only for orchestration. Azure-compatible (Marketplace + Databricks). 8 cores / 64GB recommended.
Hospital-system tooling, not dental DSO. Six-figure spend with no published pricing = vendor lock-in. Spark dependency balloons a Python script into a JVM service. Healthcare-NER advantage is wasted on aggregated metric JSON. Microsoft Presidio (free, Azure-native, ships MedicalNER 2025) + dental regex = 90%+ value for $0.
Privacy Hub: HIPAA Expert Determination — statisticians certify a dataset is de-identified for re-release. Connect: tokenization software for cross-dataset patient linkage. Built for static dataset preparation, not real-time API scrubbing.
Wrong use case. Datavant solves “share a dataset with a research partner provably de-identified.” SGA needs “scrub a JSON blob in flight before Anthropic.” Connect tokenizes patient identifiers for linkage — doesn’t redact free-text PHI in arbitrary payloads. Different problem class entirely.
$130K–$350K/yr. AWS Marketplace lists Connect at $300K/yr (12-mo commit). Vendr median: $130K. Privacy Hub Expert Determination: $50K–$150K per engagement. No SMB tier exists.
6–9 months total. Enterprise sales cycle: 3–6 months. POC: 4–8 weeks after contracting. Production integration: 8–16 weeks. Far slower than every other option in this deck.
AWS-only deployment — Datavant Connect ships as Docker on ECS/EKS, reads/writes S3, integrates with AWS Clean Rooms. No documented Azure support — major architectural mismatch for SGA. Requires PII fields present to tokenize.
Product-problem mismatch is the deal-killer. 6-figure minimum commit for what Presidio + AWS Comprehend Medical solves natively. Azure incompatible. 3–6 month enterprise sales cycle. Zero dental/DSO references — we’d be a net-new vertical for them.
PII/PHI detect-and-mask service deployed as a lightweight agent inside the customer’s VPC. Scans text (LLM prompts, RAG context, tabular data) with NER models, replaces sensitive entities with synthetic surrogates or tokens before the prompt leaves the environment, re-identifies on return. Marketed as “AI Safe Room.”
Azure NOT supported — AWS (EKS) and GCP (GKE) only. Fatal for SGA’s stack. Claude support unconfirmed (docs return 404). Re-identification flow documentation is thin. Built for petabyte data-lake scale — massive overkill for 265 calls/day.
$60K–$250K/yr enterprise. Pricing page literally “under construction.” Sales-led only. Reference customers are Fortune 500 with petabyte data lakes; SGA is several orders of magnitude smaller than ICP.
If Azure were supported: POC 2–4 weeks, production 6–10 weeks. Real answer: cannot deploy on Azure today. Would require AWS migration or cross-cloud network path.
Kubernetes cluster (EKS or GKE only). Custom Python wrapper around Anthropic SDK to call Screen API for redact/rehydrate. BAA not publicly advertised — must negotiate. Docs gate (404s on Screen overview pages) signals product immaturity.
Series A, ~40 employees (Feb 2026). Screen still “early access preview.” Zero healthcare-specific case studies. No G2/independent reviews. Pricing page under construction. Roadmap pivoting (Screen + Chronicle both early access).
Identity-aware access gateway in front of databases (Postgres, MySQL, Mongo, MSSQL), SSH/RDP/K8s, and MCP servers. Parses wire protocols, masks PII in responses, blocks dangerous commands, records sessions. AI/LLM masking is a marketing extension of the same gateway, mostly targeted at MCP clients — not server-side Python scripts calling Anthropic.
Wrong dataflow direction. OM Daily Agent = outbound HTTPS to api.anthropic.com from Python. hoop.dev intercepts database wire protocols + MCP traffic, NOT arbitrary outbound REST. Their docs show no first-class “Anthropic API proxy” path. Forcing it would require an undocumented custom HTTP plugin.
$5K–$15K/yr cloud (per-identity, ~$30–$60/identity/month). $0 self-host MIT core — but loses commercial AI masking, web UI, IdP sync, and support. Cheapest option in this deck if you only need basic access control.
POC: 2–4 weeks — and only if abusing the OSS HTTP/gRPC plugin to wrap outbound LLM calls (unsupported pattern). Production: 6–10 weeks including Azure deploy (Docker/K8s), Entra wiring, custom masking rules, audit logging, BAA negotiation.
Azure VM or AKS for self-host. Gateway in Go, control plane in Clojure. OIDC/SAML IdP (Entra OK). Custom Go plugin work to handle Anthropic HTTPS as a “connection” — not documented. No Python SDK that wraps the LLM call natively.
AI masking story is aspirational, not mature. G2 minimal review volume. No healthcare/HIPAA customers cited. Featured case studies are SRE/database access, not PHI-to-LLM. Stateful proxy + Azure infra dependency for 265 calls/day = massive infra tax for tiny workload.
Data Security Manager: FIPS 140-2 Level 3 key/HSM manager. Confidential Computing Manager: orchestration + remote attestation for apps inside hardware enclaves (Intel SGX/TDX, AMD SEV-SNP, NVIDIA H100 confidential GPU). Armet AI: turnkey GenAI stack (vector DB + inference + DLP + guardrails) where every stage runs inside a TEE.
FATAL BLOCKER: cannot put Claude inside a Fortanix enclave. Claude weights are not licensed for self-hosting. Anthropic’s own Confidential Inference via Trusted VMs (Nov 2024) is research-stage, not a product. Fortanix presumes you own the model (Llama, Mistral). Once a request leaves your enclave to hit api.anthropic.com, the TEE guarantee is broken.
$200K–$600K/yr all-in. DSM: $30K–$80K entry, $100K–$250K+ HA production. CCM: $50K–$150K add-on. Armet AI: $250K–$500K+. Plus Azure CVM compute ($0.50–$2/hr per node). No public price list.
POC: 6–10 weeks (Azure CVM provisioning, attestation wiring, one workload). Production: 6–9 months with a dedicated security engineer + Fortanix professional services engagement. Not weeks.
Azure CVM quota (DCasv5/ECasv5 SEV-SNP or DCesv5 TDX). Azure Attestation Service. BAA with Microsoft (have) + Fortanix (separate). Self-hostable model (Llama 3, Mistral, Phi) — not Claude. Python/Go/Java SDKs. Fortanix REST APIs + CCM node agents.
Claude unsupported — period. Massive overkill for Phase A non-PHI data. Operational drag: attestation failures, CVM patching, H100 GPU availability constrained. Better Phase A alt: Azure OpenAI + BAA + private endpoint + CMK covers 95% of the threat model at 1% of the cost.
| Product | Category | Verdict | Score | Cost / yr | Time to Prod | Killer Issue |
|---|---|---|---|---|---|---|
Skyflow LLM Privacy Vault |
Tokenization vault | Partial | 4 | $120K–$200K | 4–8 weeks | Enterprise pricing for an enterprise problem we don’t have yet. AWS-hosted, not Azure-native. |
Protecto.ai REST tokenization API |
API tokenization | Partial | 5 | $3K–$120K | 2–4 weeks | Best technical pattern match. Solves a Phase B problem we don’t have today. |
John Snow Labs Healthcare NLP |
NLP library | Poor | 3 | $50K–$120K | 6–10 weeks | Hospital-system tooling. No dental NER. Spark JVM dependency. |
Datavant Privacy Hub + Connect |
Data linkage | Poor | 2 | $130K–$350K | 6–9 months | Wrong problem class (cross-dataset linkage). AWS-only. No Azure support. |
Granica Screen / AI Safe Room |
LLM masking proxy | Poor | 3 | $60K–$250K | 6–10 weeks | Azure NOT supported. Series A, early access, zero healthcare references. |
hoop.dev Access gateway |
DB / MCP gateway | Poor | 3 | $5K–$15K | 6–10 weeks | Wrong dataflow direction. Built for human→DB, not script→LLM. |
Fortanix Confidential compute |
Hardware enclaves | Poor | 3 | $200K–$600K | 6–9 months | Cannot put Claude inside any enclave. Anthropic doesn’t license self-hosting. |
Homegrown (Presidio) Microsoft OSS + dental regex |
In-process Python lib | Strong | 8 | $0 license | 1–2 weeks | None — right-sized for Phase A. Buy commercial only when Phase B PHI volume justifies it. |