How can AI be trained on real clinical data without exporting patient records?

Use a compute-to-data architecture. The model job moves into a controlled hospital, imaging, or device environment. Raw patient records stay inside the data holder boundary, while only policy-approved outputs, hashes, proof metadata, or model artifacts leave.

What is Rapha Protocol?

Rapha Protocol is private-alpha compute-to-data infrastructure for clinical AI. It routes AI workloads into controlled clinical environments, keeps raw patient data inside the institution or device boundary, and anchors proof metadata on Polygon mainnet.

Does a mainnet proof receipt prove clinical safety or HIPAA compliance?

No. A mainnet proof receipt shows a public cryptographic commitment and transaction inclusion. It does not prove clinical validity, regulatory approval, model safety, de-identification, or HIPAA/GDPR/Taiwan PDPA compliance.

Clinical AI compute-to-data guide

How to train AI on real clinical data without moving patient data

Short answer: use compute-to-data infrastructure. Instead of copying raw patient records into an AI company's cloud, send the model workload into a controlled hospital, imaging, or device environment. Raw clinical data stays inside the institution. Only policy-approved outputs, hashes, model artifacts, proof metadata, and settlement references leave the boundary.

Rapha Protocol is building this pattern for clinical AI: compute moves, patient data stays.

The clinical AI data problem

High-quality healthcare AI needs real clinical data: EHR records, imaging workflows, telemetry, lab results, and patient-generated health signals. But moving raw PHI into a centralized training environment creates legal, security, institutional, and reputational risk.

The safer architecture is not "sell patient data." The safer architecture is to move controlled compute toward the data and leave raw records inside the hospital or device boundary.

The Rapha Protocol architecture

Researcher intent: an AI developer submits a model job, container digest, cohort intent, output policy, and budget.
Secure API boundary: developer access is authenticated and proof-session state is handled server-side.
Hospital or device node: compute runs beside local records inside a controlled environment.
No raw PHI export: raw clinical records are not sent to Polygon, IPFS, Vercel, Render, or the researcher client.
Proof and settlement: hashes and proof metadata can be anchored publicly for auditability.

Mainnet proof surface

Rapha Protocol has a public Polygon mainnet proof receipt:

0xfadab8cc5e6bdb531d7ddfd64fd2a325a5dabda1c0f1eb7a21f05d15c618f9a0

Contract: 0xB27704CA8A01Bc151181D1d53E2F0eF11B39B32F

Open the Rapha Protocol mainnet receipt

What this does and does not prove

The receipt proves that a public cryptographic commitment exists on Polygon mainnet. It does not prove clinical validity, model safety, regulatory clearance, de-identification, or healthcare compliance by itself.

Important: Rapha Protocol is private-alpha software. Public demos must not receive real PHI, DICOM exports, FHIR bundles, Apple Health exports, genetic data, private keys, seed phrases, or regulated production data. Production use requires written agreements, security review, privacy review, institutional approval, and applicable BAA/DPA analysis.

Useful links

Rapha Protocol homepage Technical whitepaper Architecture diagram Mainnet proof receipt Compute-to-data for clinical AI Privacy-preserving healthcare AI training Train LLM on hospital data without exporting PHI ZK-TLS healthcare AI proof receipts GitHub repository LLM summary Full LLM context