Vault Healthcare
Healthcare ML needs scale that no single institution can provide. The data exists, fragmented behind firewalls. Vault is the federated training infrastructure that lets it compound without ever leaving the source.
01 · The problem
The data that would train the model never moves. The data that does is the wrong data.
Frontier healthcare ML is trained on whatever public datasets researchers can find, which under-represent the clinical distributions that actually matter. The data that would close the gap sits in hundreds of health-system warehouses, with legal, technical, and ethical barriers to centralization that have not moved in twenty years.
02 · The thesis
Federated learning waited a decade for the trust primitive to catch up
Federated learning has been an academic concept for a decade. What changed: trusted execution environments are now mainstream cloud primitives, and differential privacy on outputs is operationally tractable for non-trivial models.
Vault is the infrastructure layer that connects health systems to a model-training network without ever moving PHI across the firewall. Health systems get usable AI without surrendering data ownership.
03 · The product
What it does
Trusted-execution training nodes
Models train inside Intel SGX / AMD SEV / AWS Nitro enclaves, with cryptographic attestation that the source data never leaves the institution.
Federated gradient aggregation
Statistical signal compounds across the network. The source data does not.
Differential privacy guarantees
Output noise calibrated to provable privacy budgets, signed and shareable with the data steward.
Network economics
Health systems earn from the network without selling data. The economics are aligned with their fiduciary duty to patients, not against it.
04 · Why now
The timing case
- 1
Trusted execution environments have crossed from research into production-ready cloud primitives. AWS Nitro, AMD SEV-SNP, and Azure confidential VMs all carry the attestation guarantees federated training requires.
- 2
Healthcare AI demand has outpaced the data-sharing infrastructure by an order of magnitude. The bottleneck has shifted from build-the-model to legally-train-it.
- 3
The 2024 ONC interoperability rules and the 2025 HHS Health Data Use rule put cryptographic patient-access logging on the regulatory roadmap. Vault's audit primitive is no longer optional plumbing.
05 · Why I see it
The view from inside the work
I shipped HIPAA-grade data infrastructure at national scale. Centralized PHI collapses under its own legal weight. The federated path is the only path that does not, and the legal lessons from twenty years of clearinghouse work transfer directly.
06 · Comparable references
What's already in the market, and where the gap is
An honest read on the adjacent landscape. Not every comparable is a competitor. Some are partners. Some are the market the venture displaces.
07 · Key risks
What could break the thesis
Operator-grade pre-mortem. Surfaced because the buyers and partners worth talking to will surface them anyway.
Health system legal teams are conditioned to say no to data partnerships.
Cryptographic attestation that PHI never leaves the firewall is qualitatively different from a contractual promise. The legal review path is shorter.
Trusted execution environments have known side-channel attack histories.
Defense in depth: enclave attestation plus differential privacy on outputs plus institution-side audit. No single primitive carries the full guarantee.
Network-effects business model takes time to bootstrap.
First customers get sole-institution training value with the upgrade path to network. The product is useful at N=1.
08 · Proof of motion
What I've already shipped on this thesis
The artifacts that turn this from an essay into something with traction. Published work, working-group seats, operator scars.
09 · Questions partners ask
The next three follow-ups
Pre-empted because the buyers and partners worth talking to will surface them anyway.
Owkin and Rhino Health have been at this for years. What's different?
Owkin and Rhino are tuned for pharma research collaborations and clinical trials. Vault targets production deployment across health systems, where the unit economics and legal frame are different. Pharma research is a CRO buyer. Production health-system AI is a CTO/CIO buyer. Different sale, different product, same primitive.
Trusted execution environments have side-channel attack history. Is this safe enough for PHI?
Defense in depth. Enclave attestation plus differential privacy on outputs plus institution-side audit. No single primitive carries the full guarantee, and we're explicit with health-system legal that it's a layered model. The legal review path is still meaningfully shorter than a centralized PHI sharing agreement, which has historically been the floor.
Why this person?
Centralized PHI partnerships die in legal review. I have run that review more times than I want to count. The federated path is the only path that does not collapse under its own legal weight. Building this is operationalizing twenty years of compliance lessons in a different architecture.
Status
Vault Healthcare is a published essay, not a stealth company. I am running Finexio. The thesis is here so the right operator or investor can find it and we can talk.
Of the eight ventures I've published, two are in discovery and I expect to operate one of them after Finexio. The rest, including this one, are pattern recognition I want in the open. If you read this and want to start it yourself, that is the outcome I'm hoping for.
Other concepts
Healthcare Adjudication
Apex Adjudication
AI claims-resolution engine for healthcare payers. Resolves manual denials at API speed.
Clearinghouse Automation
Clearing AI
Automated translation between legacy clearinghouse formats and modern APIs.
Healthcare Settlement
Ledger Health
Cryptographic settlement and audit trails for multi-party healthcare reimbursement.