Security
Security posture for non-PHI guideline retrieval.
GuidelinesIQ is intended for local guideline access, not PHI-bearing workflows. The posture is intentionally narrow: source-grounded retrieval, soft PHI guardrails, and clinician-responsibility messaging.
Executive summary
GuidelinesIQ is intended for non-PHI local guideline retrieval and source navigation.
Users are instructed not to enter PHI, and the product is positioned as informational access acceleration rather than clinical decision making.
Operational controls still assume accidental PHI could appear and therefore minimize raw query exposure in logs and error paths.
Operating posture
Intended use
- Non-PHI guideline retrieval and source navigation
- Informational access acceleration, not autonomous decision support
- Clinician remains the final decision-maker
Operational controls
- Soft PHI warnings in the UI
- No raw-query logging at INFO level
- Tenant-aware routing for authenticated workspaces
Deployment options
SaaS
Managed tenant roles, managed model providers, and exportable audit logs.
On-prem or VPC
Customer-managed keys, customer-selected providers or local models, and native audit integration.