The SECUVA Platform

The privacy layer
between your data
and every AI service.

SECUVA runs on-prem inside your network, anonymises clinical data before it moves, and gives you a complete governance and audit trail - all without raw PHI ever crossing your firewall.

Zero
Raw PHI in transit
100%
AU data residency
mTLS
Agent–plane channel
SECUVA agent · running · Metro Health Network
uptime 14d 6h
Active pipelines
PACS → AI vendorrunning
Genomics → research partnerrunning
EMR → clinical AI vendorrunning
Pathology → research PACSidle
Recent audit log
Study de-identifiedai-vendor-01
VCF k-anon enforcedresearch-partner-02
HL7 msg de-idclinical-ai-demo
Policy violationblocked
studies processed today · 0 raw PHI in transit · 1 policy blockcontrol plane: healthy
Week one in production

A radiology network. Hundreds of studies per day. Blocked from their AI vendor for four months.

PHI was embedded in pixel overlays on fluoroscopy studies and in private creator tags invisible to standard export settings. Legal could not approve the transfer. SECUVA unblocked it in a day.

Day 1
SECUVA Agent deployed on-prem
3.5-hour engagement. Connected to PACS. Zero disruption to clinical operations.
Day 2
First anonymised batch to AI vendor
Pixel overlay redaction active. Structured report de-identification running. Legal signed off same afternoon.
Day 7
1,960 studies processed
3,847 PHI elements removed. 0 raw PHI in transit. Audit log exported for governance review.
Architecture

On-prem agent. AU control plane. Zero PHI in transit.

A split architecture where patient data and governance infrastructure never share a network path.

Your hospital network
PACS / DICOM
Orthanc, Sectra, DCM4CHEE
EMR / HL7
Epic, Cerner, Best Practice
FHIR API
R4 resources, AU Base profile
Research DB
REDCap, S3, custom connectors
Raw PHI lives here
raw data
SECUVA Agent · on-prem
PixelIQDICOM de-identification
SlideIQWSI + label redaction
GenomeIQVCF k-anonymity
CardioIQECG header scrub
ClinicalIQHL7 / FHIR / NLP
SignalIQDevice data strip
Policy enforced · raw PHI never serialised to external call
governed
output
SECUVA control plane · AU region
Policy engine
Audit log
Routing
No patient data · mTLS channel to agent
↓ approved recipients only
AI vendor
de-identified data only
Research collab
HREC-approved cohort
Internal model
within network perimeter

On-prem agent

Processes and anonymises data entirely inside your firewall. The agent sees raw PHI - nothing external does.

AU sovereign control plane

Policy, routing and audit managed on Australian sovereign cloud infrastructure. Patient data never flows to the control plane.

Zero-trust boundary

mTLS between agent and plane. RBAC per pipeline. Secrets management isolated from config. No lateral movement paths.

How it works

Four steps. Zero raw PHI in transit.

Step 01

Connect

Drop a SECUVA agent inside your network. It speaks DICOM, HL7 v2, FHIR R4 and reads directly from PACS, EMRs, research warehouses and data lakes with minimal network configuration.

Supports Mirth Connect, Rhapsody, Orthanc, DCM4CHEE, Epic FHIR APIs and custom HTTP/S3 sources.

Step 02

Anonymise

PHI is identified and removed on-prem - before anything leaves your network. Header fields, burnt-in pixel text, free-text clinical notes and structured identifiers are all in scope.

DICOM PS3.15 E.1/E.2 profiles, intelligent text de-identification, configurable retain/remove/pseudonymise per attribute.

Step 03

Govern

Policy rules decide what leaves your perimeter, where it goes, and which approved AI service or researcher is allowed to receive it. Every routing decision is enforced - not just logged.

Attribute-level access control, data-use agreements enforced at runtime, destination allowlisting, expiry policies.

Step 04

Audit

Every transformation, every routing decision and every recipient access is cryptographically signed, timestamped and stored in an immutable log - exportable for OAIC, TGA and HREC review.

Tamper-evident audit chain, automated compliance reports, HREC submission exports, real-time alerting on policy violations.

Capabilities

Everything you need to govern clinical data at scale.

On-prem anonymisation engine

De-identification runs entirely inside your firewall. SECUVA agents process DICOM, HL7/FHIR and free-text data in-place - raw PHI is never serialised to an external network call, never written to shared storage, never visible to a cloud endpoint.

DICOM PS3.15 E.1 / E.2 profiles
HL7 v2 segment-level PHI scrub
FHIR R4 resource de-identification
Intelligent clinical note de-identification
WSI label image redaction
Genomic k-anonymity enforcement

Australian data residency

Control plane on Australian sovereign cloud. Your data plane stays on your own infrastructure. No patient data ever touches a server outside Australia.

Pipeline orchestration

Build policy-driven pipelines connecting PACS, EMRs, research stores and AI vendors. Each pipeline has its own profile, routing rules and audit context.

Immutable governance log

Every transformation cryptographically signed and chained. Logs exportable in standard formats for OAIC submissions, ethics committees, and governance boards.

Zero-trust security

Mutual TLS between agent and control plane, RBAC with per-pipeline roles, secrets management isolated - no credentials in config files, no lateral movement paths.

Data modalities

One platform. Every clinical data type.

Same agent, same audit trail, same governance model - regardless of modality.

Modality
PHI surfaces handled
Engine
Medical Imaging
CT · MRI · X-ray · US · NM · PT
DICOM headers, burnt-in pixel text, structured reports
PixelIQ
Digital Pathology
TIFF · SVS · NDPI · SCN · MRXS
TIFF metadata, macro label image, LIMS barcode
SlideIQ
Genomics
VCF · BAM · CRAM · FASTQ
Header fields, sample IDs, variant re-id, pedigree
GenomeIQ
Cardiology
SCP-ECG · DICOM Waveform · GE Muse XML
Report headers, device fields, HL7 wrappers
CardioIQ
Clinical Records
HL7 v2 · FHIR R4 · CDA · clinical notes
Structured segments, free-text NLP, FHIR resources
ClinicalIQ
Physiological Signals
EDF · WFDB · HL7 ORU · device streams
Device metadata, session headers, alarm logs
SignalIQ
Compliance coverage

Built for the Australian
regulatory environment.

SECUVA is designed from the ground up around Australian healthcare law and regulatory expectations - not retrofitted from a US or EU baseline.

The Privacy Act, OAIC guidance, TGA SaMD framework, and standards like DICOM PS3.15 and HL7 FHIR are not checklist items - they are the engineering brief every product decision is measured against.

Privacy Act 1988 (Cth)
Secondary use controls, de-identification for data security
APPs 6 & 11
OAIC Guidance
Compliant de-identification method - not just header removal
De-id health info
TGA SaMD Framework
Data quality controls for AI inputs and model training
AI/ML medical devices
DICOM PS3.15
113+ attributes, configurable per-tag profile, UID handling
E.1 / E.2 profiles
HL7 FHIR R4
Resource-level PHI removal and pseudonymisation
De-id spec
My Health Records Act
Secondary use consent tracking and audit
MHR obligations
ISO 27001
Information security management alignment
Annex A controls
HREC / Ethics Committees
Signed log exports in ethics submission format
Audit exports
Integrations

Fits into the stack you already run.

No rip-and-replace. No middleware rewrites. SECUVA connects via standard protocols.

PACS & Imaging
  • Orthanc
  • DCM4CHEE
  • Sectra IDS7
  • Intelerad
  • Nuance PowerScribe
  • Fujifilm Synapse
EMR & Clinical
  • Epic (FHIR R4)
  • Cerner / Oracle Health
  • MedTech Evolution
  • Genie
  • Best Practice
  • HL7 v2 brokers
Research & Data
  • REDCap
  • AWS S3 / HealthLake
  • Azure Health Data
  • Google Cloud Healthcare API
  • XNAT
  • Custom connectors
AI & Analytics
  • Annalise.ai
  • Harrison.ai
  • Aidoc
  • Nuance DAX
  • Custom model APIs
  • Your internal models

Don't see your system? Talk to us - we support custom connectors →

secuva-agent · connect · your-hospital-network

See it running in your environment.

Show us your PACS, EMR and AI vendor setup. We will walk through exactly where SECUVA fits, what the agent deployment looks like, and what changes from day one.

$secuva agent --connect hospital-pacs-01
✓ DICOM node registered (DEID-AGENT)
✓ Control plane handshake (mTLS)
✓ Policy profile loaded: policy-standard-1
✓ Pipeline: PACS → AI vendor (active)
$secuva pipeline status
Studies today: —
PHI removed: 100%
Audit entries: —
Policy blocks: 1
Raw PHI egress: 0 bytes
All good. Patient identity never left.
$