Cloud BAA vs Compute-to-Data for Clinical AI
The cloud BAA model: data moves, liability follows.
Cloud providers (AWS, GCP, Azure) offer HIPAA-eligible services with Business Associate Agreements. This means you can legally store and process PHI in the cloud. It does not mean the cloud is the right place for clinical AI training data.
"A BAA with AWS shifts liability from AWS to your organisation for how you handle PHI on their infrastructure. It does not reduce your attack surface. Every service you enable, every IAM role you configure, every S3 bucket you create, every data transfer you initiate — that's your liability. We calculated the PHI exposure surface for a typical cloud-based AI training pipeline: data ingress from hospital, storage in S3, preprocessing in EC2, training in SageMaker, model storage, data retention. That's 6+ services, each with its own security configuration, each a potential breach vector. Compare that to a single edge appliance inside the hospital firewall with a hardware-enforced TEE and kernel air-gap. The attack surface difference is not marginal — it's categorical."
Detailed comparison
Cloud BAA (AWS/GCP/Azure)
- Data must leave the hospital
- BAA shifts liability, not risk
- 6+ services = 6+ attack surfaces
- Cloud provider has access to infrastructure
- Data at rest: encrypted (you hold keys)
- Data in use: NOT encrypted (cloud can inspect)
- Network during training: internet-connected
- Attestation: cloud-managed, not independent
Compute-to-Data (Rapha)
- Data stays in hospital
- No PHI custody transfer
- Single TEE = single attack surface
- No cloud provider access (hospital owns hardware)
- Data at rest: encrypted (hospital-held keys)
- Data in use: SGX/TDX encrypted memory
- Network during training: kernel air-gap severs WAN
- Attestation: independent DCAP verification
Cost comparison for a typical AI training workload
Cloud: pay for compute (GPU instances), storage (PHI at rest), data transfer (egress to/from cloud), and BAA overhead. Ongoing costs scale with data volume. Rapha: pay per training job. USDC escrow settles only on verified training completion. No data storage cost. No data transfer cost. No ongoing cloud infrastructure cost.