Vault Healthcare
Healthcare ML needs scale that no single institution can provide. The data exists, fragmented behind firewalls. Vault is the federated training infrastructure that lets it compound without ever leaving the source.
01 · The problem
The data that would train the model never moves. The data that does is the wrong data.
Frontier healthcare ML is trained on whatever public datasets researchers can find, which under-represent the clinical distributions that actually matter. The data that would close the gap sits in hundreds of health-system warehouses, with legal, technical, and ethical barriers to centralization that have not moved in twenty years.
02 · The thesis
Federated learning waited a decade for the trust primitive to catch up
Federated learning has been an academic concept for a decade. What changed: trusted execution environments are now mainstream cloud primitives, and differential privacy on outputs is operationally tractable for non-trivial models.
Vault is the infrastructure layer that connects health systems to a model-training network without ever moving PHI across the firewall. Health systems get usable AI without surrendering data ownership.
03 · The product
What it does
Trusted-execution training nodes
Models train inside Intel SGX / AMD SEV / AWS Nitro enclaves, with cryptographic attestation that the source data never leaves the institution.
Federated gradient aggregation
Statistical signal compounds across the network. The source data does not.
Differential privacy guarantees
Output noise calibrated to provable privacy budgets, signed and shareable with the data steward.
Network economics
Health systems earn from the network without selling data. The economics are aligned with their fiduciary duty to patients, not against it.
04 · Why now
The timing case
- 1
Trusted execution environments have crossed from research into production-ready cloud primitives. AWS Nitro, AMD SEV-SNP, and Azure confidential VMs all carry the attestation guarantees federated training requires.
- 2
Healthcare AI demand has outpaced the data-sharing infrastructure by an order of magnitude. The bottleneck has shifted from build-the-model to legally-train-it.
- 3
The 2024 ONC interoperability rules and the 2025 HHS Health Data Use rule put cryptographic patient-access logging on the regulatory roadmap. Vault's audit primitive is no longer optional plumbing.
- 4
External validation arrived. The June 2024 HBR Analytic Services / Salesforce paper has every expert converging on a unified data store as the prerequisite for AI value. Then Tom Kiesau of Chartis in the same paper warns that vendor-managed unified data stores create lock-in where 'the practical cost of ever moving off becomes enormous.' Those two statements pull in opposite directions. The federated model is the only resolution. Vault unifies the compute without moving the data.
05 · Why I see it
The view from inside the work
I shipped HIPAA-grade data infrastructure at national scale. Centralized PHI collapses under its own legal weight. The federated path is the only path that does not, and the legal lessons from twenty years of clearinghouse work transfer directly.
06 · Comparable references
What's already in the market, and where the gap is
An honest read on the adjacent landscape. Not every comparable is a competitor. Some are partners. Some are the market the venture displaces.
07 · Key risks
What could break the thesis
Operator-grade pre-mortem. Surfaced because the buyers and partners worth talking to will surface them anyway.
Health system legal teams are conditioned to say no to data partnerships.
Cryptographic attestation that PHI never leaves the firewall is qualitatively different from a contractual promise. The legal review path is shorter.
Trusted execution environments have known side-channel attack histories.
Defense in depth: enclave attestation plus differential privacy on outputs plus institution-side audit. No single primitive carries the full guarantee.
Network-effects business model takes time to bootstrap.
First customers get sole-institution training value with the upgrade path to network. The product is useful at N=1.
Federated architectures can become the worst lock-in (proprietary weights and orchestration even when the data is portable).
Termination clause on day one of contract. Customer walks away with model weights trained on their data, the orchestration adapter to their enclave provider, and the canonical schema. No proprietary algorithm lock-in. The vendor-lock objection from the HBR/Salesforce paper is the buyer's first question and the contract answers it in writing.
08 · Proof of motion
What I've already shipped on this thesis
The artifacts that turn this from an essay into something with traction. Published work, working-group seats, operator scars.
09 · Questions partners ask
The next three follow-ups
Pre-empted because the buyers and partners worth talking to will surface them anyway.
Owkin and Rhino Health have been at this for years. What's different?
Owkin and Rhino are tuned for pharma research collaborations and clinical trials. Vault targets production deployment across health systems, where the unit economics and legal frame are different. Pharma research is a CRO buyer. Production health-system AI is a CTO/CIO buyer. Different sale, different product, same primitive.
Trusted execution environments have side-channel attack history. Is this safe enough for PHI?
Defense in depth. Enclave attestation plus differential privacy on outputs plus institution-side audit. No single primitive carries the full guarantee, and we're explicit with health-system legal that it's a layered model. The legal review path is still meaningfully shorter than a centralized PHI sharing agreement, which has historically been the floor.
Why this person?
Centralized PHI partnerships die in legal review. I have run that review more times than I want to count. The federated path is the only path that does not collapse under its own legal weight. Building this is operationalizing twenty years of compliance lessons in a different architecture.
What is the killer application that pulls a health system into Vault on day one?
Prior authorization and denial adjudication. Both run on PHI, both have provider-specific patterns that single-institution models cannot learn alone, and both have CFO-visible ROI inside twelve months. The federated training story sells the long arc. The day-one purchase is a prior-auth model that performs measurably better because it learned across institutions without their data ever leaving. The buyer is the CIO who already said no to Truveta on data-exit terms.
Isn't Vault a privacy platform health systems are not asking for yet?
Reposition the buyer. Vault is the substrate that lets the IDN say yes to the AI vendors its legal team currently says no to. Three named AI vendors run their models inside Vault enclaves with the customer keeping full data custody. Vault becomes a procurement accelerator for the rest of the AI portfolio, not a standalone product. The CISO converts from gatekeeper to champion.
Status
Vault Healthcare is a published essay, not a stealth company. I am running Finexio. The thesis is here so the right operator or investor can find it and we can talk.
Of the eight ventures I've published, two are in discovery and I expect to operate one of them after Finexio. The rest, including this one, are pattern recognition I want in the open. If you read this and want to start it yourself, that is the outcome I'm hoping for.
Other concepts
Healthcare Adjudication
Apex Adjudication
AI claims-resolution engine for healthcare payers. Resolves manual denials at API speed.
Clearinghouse Automation
Clearing AI
Automated translation between legacy clearinghouse formats and modern APIs.
Healthcare Settlement
Ledger Health
Cryptographic settlement and audit trails for multi-party healthcare reimbursement.