Hospital CIO Guide to Clinical AI Infrastructure
Your researchers want AI. Your DPO says no to data export. Both are right.
As a hospital CIO, you face an impossible equation: AI companies and your own research teams need real clinical data to train models. Your DPO, Caldicott Guardian, and general counsel correctly block data export. The solution is not to pick a side — it's to change the architecture.
"When our radiology department wanted to partner with an AI company for chest X-ray classification, our first instinct was to negotiate a data sharing agreement. Six months of legal review later, the DUA was rejected by our Caldicott Guardian. The compute-to-data model from Rapha changed the conversation: the AI model comes to our trust, trains inside our firewall, and only trained weights leave. Our DPO reviewed it, our IT security team assessed the SGX/TDX enclave and air-gap isolation, and we moved forward. The key lesson: governance teams are not anti-AI. They are anti-data-export. Solve the export problem and the conversation changes completely."
What to evaluate when assessing compute-to-data infrastructure
- Hardware attestation: Does the platform provide independently verifiable SGX/TDX or TPM attestation? Software-only isolation is not sufficient for PHI.
- Network isolation: Does the platform physically sever external network connectivity during training? If the edge appliance can reach the internet during training, data can theoretically leak.
- Policy enforcement: Can you configure dataset-specific, output-specific, and workload-specific policies before any model code executes? Open Policy Agent (OPA) with Rego policies is the standard.
- Output validation: Does the platform validate that only approved file types leave the training environment? Raw data files (.csv, .dcm, .jsonl, .ndjson) must be blocked at the filesystem level.
- Audit trail: Does every training job produce a cryptographic proof receipt? You need auditable evidence of what was trained, when, and on what data.
Rapha Protocol deployment checklist for hospital IT
- Rack space, power, and dual network connectivity (LAN for PACS + WAN for proof submission)
- PACS/EHR integration endpoints (DICOMweb, FHIR R4, or SQL views)
- OPA policy configuration (dataset allowlists, output constraints, network policy, consent requirements)
- SGX/DCAP + TPM attestation verification configuration (MRENCLAVE, MRSIGNER, Intel root CA)
- Institutional governance sign-off (Caldicott Guardian, DPO, IT Security)
Rapha Protocol is private-alpha. Production hospital deployment requires institutional approval, security review, and applicable data processing agreements. The technical architecture supports compliance — it does not replace institutional governance.