Rapha Protocol Enterprise Imaging

Fail-closed PACS integration for compute-to-data clinical AI.

This page documents the current v2 enterprise imaging path. Production integration requires real hospital DICOMweb and orchestrator endpoints, scoped study queries, hospital-held PHI HMAC keys, OPA policy approval, SGX/DCAP + TPM attestation, and a configured enterprise-node trainer command. Demo-only clients are isolated from the production clients.

01

DICOMweb QIDO-RS

Scoped metadata queries run inside the hospital network. Broad PACS scans are rejected.

02

PHI-Minimized Metadata

Patient IDs, StudyInstanceUID, and accession identifiers are keyed-hashed with a hospital-held HMAC key. Free text is suppressed by default.

03

Secure Compute

The enterprise node starts training only after escrow, OPA, dataset manifest, and attestation gates pass.

04

Edge Core OS

Rust WAN gate cuts Port B during training; Go OPA guard rejects unsafe model containers; SGX launcher emits quote material.

05

Receipt

Outputs are hashes, bounded artifacts, metrics, and proof metadata. Raw DICOM pixels and PHI do not leave the institution.

06

Settlement

RaphaClearingVault releases USDC after trusted-attestor proof acceptance: 70% hospital, 20% node owner, 5% onboarder, 5% Rapha Protocol.

Required production configuration

RAPHA_ENABLE_HOSPITAL_DATA_INTEGRATION=true
RAPHA_DICOMWEB_BASE_URL=https://hospital-pacs.example/dicomweb
RAPHA_DICOMWEB_STUDY_QUERY_JSON={"Modality":"MR","BodyPartExamined":"BRAIN"}
RAPHA_ORCHESTRATOR_API_BASE=https://hospital-orchestrator.example/api
RAPHA_ORCHESTRATOR_CALLBACK_URL=https://edge-node.example/orchestrator/callback
RAPHA_PHI_HMAC_KEY_BASE64=<32-byte base64 hospital-held key>
RAPHA_TRAINER_COMMAND=/opt/rapha/trainers/run_imaging_job.sh
RAPHA_DATASET_MANIFEST_PATH=/etc/rapha/datasets/oncology_mri_manifest.json
RAPHA_OPA_POLICY_PATH=/etc/rapha/policies/hospital_policy.rego
RAPHA_TEE_ATTESTATION_REQUIRED=true

Production boundary