BenchmarksStack Ranking
H33-VaultH33-ShareH33-ShieldH33-HealthH33-KeyH33-128H33-CKKSH33-256H33-FHE-IQFHE OverviewH33-CompileZK LookupsBiometricsH33-3-KeyH33-MPCZK-TrustlessZK-PhishZK-VerifyPQC ArchitecturePQ VideoStorage EncryptionAI DetectionEncrypted Search
APIsPricingDocsWhite PaperTokenBlogAboutSecurity Demo
Log InGet API Key

HIPAA compliance you can prove mathematically, not just promise.

Every healthcare org signs a BAA and hopes for the best. H33-Health replaces hope with cryptographic proof — Kyber-encrypted PHI storage, zero-knowledge eligibility verification, and Dilithium-signed audit trails that are tamper-proof even against quantum computers.

Start Protecting PHI

EHR integrations check compliance boxes. Access controls log who opened a record. Encryption at rest protects a disk, not a query. None of it gives you a mathematical guarantee that PHI was never exposed — not to your staff, not to your vendors, not to an attacker who already has your database.

Not another EHR integration. Mathematical HIPAA compliance.

Here’s what happens when you store, verify, and compute on PHI with H33-Health.

Step 01 — Kyber-1024 Encrypted PHI Storage
Field-Level Post-Quantum Encryption
Patient records encrypted at the field level. SSN, allergies, labs — each field individually encrypted with Kyber-1024 key encapsulation. Even a full database breach reveals nothing. No plaintext PHI ever touches your servers, logs, or any intermediate cache. HIPAA §164.312(a)(2)(iv) encryption requirements satisfied by NIST post-quantum standards, not legacy AES that quantum computers will break.
Patient records encrypted at the field level. SSN, allergies, labs — each field individually encrypted with Kyber-1024 key encapsulation. Even a full database breach reveals nothing. No plaintext PHI ever touches your servers, logs, or any intermediate cache. HIPAA §164.312(a)(2)(iv) encryption requirements satisfied by NIST post-quantum standards, not legacy AES that quantum computers will break.
Step 02 — Zero-Knowledge Eligibility Verification
Prove Without Transmitting PHI
Prove a patient is insured, has a valid Rx, or meets clinical trial criteria without transmitting the underlying PHI. The verifier learns only true or false — nothing else. Insurance eligibility, prescription legitimacy, age thresholds, diagnostic criteria — all verified with zero-knowledge proofs. The data stays encrypted, the answer is mathematically guaranteed.
Prove a patient is insured, has a valid Rx, or meets clinical trial criteria without transmitting the underlying PHI. The verifier learns only true or false — nothing else. Insurance eligibility, prescription legitimacy, age thresholds, diagnostic criteria — all verified with zero-knowledge proofs. The data stays encrypted, the answer is mathematically guaranteed.
Step 03 — FHE Computation on Encrypted Records
Analytics Without Decryption
Run aggregate queries across encrypted patient data. Clinical trial matching, population health analytics, outcome tracking — all without decrypting a single record. Fully homomorphic encryption lets you compute on ciphertext and get the correct plaintext result. Researchers never see individual PHI. IRB-compliant by design, not by policy.
Run aggregate queries across encrypted patient data. Clinical trial matching, population health analytics, outcome tracking — all without decrypting a single record. Fully homomorphic encryption lets you compute on ciphertext and get the correct plaintext result. Researchers never see individual PHI. IRB-compliant by design, not by policy.
Step 04 — Dilithium-Signed Audit Trails
Tamper-Proof Compliance Proof
Every PHI access, verification, and computation produces a post-quantum tamper-proof audit entry signed with Dilithium-3 (FIPS 204). HIPAA §164.312(b) compliance is not a checkbox — it’s a mathematical guarantee. Auditors verify signatures, not trust. Generate compliance reports on demand with cryptographic proof of every access, every query, every result.
Every PHI access, verification, and computation produces a post-quantum tamper-proof audit entry signed with Dilithium-3 (FIPS 204). HIPAA §164.312(b) compliance is not a checkbox — it’s a mathematical guarantee. Auditors verify signatures, not trust. Generate compliance reports on demand with cryptographic proof of every access, every query, every result.
< 3 ms
full encrypt + verify + audit per PHI operation

Kyber-1024 field encryption + ZK eligibility proof + Dilithium audit signature — in a single API call under 3 milliseconds.

PHI protection pipeline — every operation, every proof, every audit entry.

ENCRYPT  Kyber-1024 field-level PHI encryption
VERIFY  ZK eligibility proof (true/false only)
COMPUTE  FHE query on encrypted records
AUDIT  Dilithium-signed tamper-proof log entry
Total: —
PHI Protection Pipeline

Every healthcare workflow touches PHI. None of them need to expose it.

Insurance Eligibility
Hospital proves patient has active coverage without sending SSN or policy details to the insurer. Zero-knowledge proof of eligibility — the insurer learns only true or false.
has_active_coverage(patient_id, procedure_code) → true/false
Prescription Verification
Pharmacy verifies Rx validity and prescriber credentials without accessing full medical history. Zero-knowledge proof of prescription legitimacy — no PHI transmitted.
verify_rx(rx_id, prescriber_npi) → valid/invalid
Clinical Trial Matching
Run FHE queries across thousands of encrypted patient records to find eligible candidates. Researchers never see individual PHI. IRB-compliant by design, not by policy.
fhe_match(criteria, encrypted_cohort) → [eligible_ids]
Lab Result Sharing
Encrypted results in Vault, ZK proof of “value within normal range” for insurance or employer wellness programs — without revealing the actual numbers.
in_normal_range(lab_result, reference) → true/false

The more you protect, the less each operation costs.

Health-0
3 units per operation
Kyber-encrypted PHI storage. Field-level encryption. Full audit log.
<25K units$0.18
25K–250K$0.12
250K–2.5M$0.075
2.5M–25M$0.036
25M+$0.018
Get Started
Health-1
8 units per operation
+ ZK eligibility verification. Prove coverage/Rx/criteria without transmitting PHI.
<25K units$0.48
25K–250K$0.32
250K–2.5M$0.20
2.5M–25M$0.096
25M+$0.048
Get Started
Health-2
15 units per operation
+ FHE computation on encrypted records. Aggregate analytics without decryption.
<25K units$0.90
25K–250K$0.60
250K–2.5M$0.375
2.5M–25M$0.18
25M+$0.09
Get Started
Health-3
25 units per operation
+ Dilithium-signed HIPAA compliance reports. BAA management. Consent-gated access with threshold (k-of-n).
<25K units$1.50
25K–250K$1.00
250K–2.5M$0.625
2.5M–25M$0.30
25M+$0.15
Get Started

Volume Unit Pricing

Monthly Volume $/Unit Health-0 (3u) Health-1 (8u) Health-2 (15u) Health-3 (25u)
<25K units $0.060 $0.18 $0.48 $0.90 $1.50
25K–250K $0.040 $0.12 $0.32 $0.60 $1.00
250K–2.5M $0.025 $0.075 $0.20 $0.375 $0.625
2.5M–25M $0.012 $0.036 $0.096 $0.18 $0.30
25M+ $0.006 $0.018 $0.048 $0.09 $0.15

How H33-Health compares

H33-Health Epic MyChart Cerner AWS HealthLake Azure Health Data
Post-quantum PHI encryption Kyber-1024 (NIST)
Field-level encryption Per-field Kyber KEM At rest only At rest only
Zero-knowledge verification ZK proofs (true/false)
FHE computation BFV on encrypted records
PQ-signed audit trail Dilithium-3 (FIPS 204) Access logs Access logs CloudTrail Activity logs
Compliance guarantee Mathematical proof Policy-based Policy-based Policy-based Policy-based

All units fungible — same balance as H33-Auth, H33-Vault, H33-Share, and H33-Shield.

HIPAA Technical Safeguards — Mapped to H33-Health

Every HIPAA §164.312 technical safeguard requirement mapped to a specific H33-Health cryptographic feature. Not policy-based — mathematically provable.

HIPAA Section Requirement H33-Health Feature Tier
§164.312(a)(2)(iv) Encryption & decryption Kyber-1024 field-level encryption Health-0+
§164.312(b) Audit controls Dilithium-signed tamper-proof logs Health-0+
§164.312(c)(1) Integrity controls Post-quantum signatures on all records Health-1+
§164.312(d) Person / entity authentication ZK eligibility verification Health-1+
§164.312(e)(1) Transmission security Kyber-1024 key encapsulation in transit Health-0+
§164.314(a) Business associate contracts Automated BAA management Health-3
§164.530(j) Record retention (6 years) Encrypted immutable audit archive Health-2+

Compliance is not a checkbox — every requirement above is enforced by post-quantum cryptographic primitives, not access control policies.

Frequently Asked Questions

How does H33-Health satisfy HIPAA encryption requirements?
H33-Health uses BFV fully homomorphic encryption (FHE) to process Protected Health Information (PHI) without ever decrypting it. Data remains encrypted during computation. This exceeds HIPAA's encryption-at-rest and encryption-in-transit requirements by adding encryption-in-use.
What is zero-knowledge eligibility verification?
A health plan can verify a patient's eligibility without seeing the patient's actual medical records. The computation runs on encrypted data using FHE, and the result (eligible/not eligible) is returned without exposing any PHI fields.
Can H33-Health work with existing EHR systems?
Yes. H33-Health provides a REST API that accepts standard HL7 FHIR resources. Your EHR system encrypts PHI client-side before sending. The API processes encrypted payloads and returns encrypted results that only the authorized recipient can decrypt.
How does FHE computation work on PHI?
Protected Health Information is encrypted with BFV (lattice-based FHE). The H33 server performs computations — eligibility checks, risk scoring, claims adjudication — directly on the ciphertext. The server never sees plaintext PHI at any point.
What is the latency for an encrypted eligibility check?
A single FHE eligibility verification completes in approximately 1-2 milliseconds using BFV batching. The Dilithium attestation adds ~191 microseconds. Total end-to-end: typically under 5 milliseconds.
How does the Dilithium audit trail work?
Every computation on encrypted PHI produces a Dilithium (ML-DSA) signed attestation recording the operation type, timestamp, data fields accessed (by encrypted reference, not plaintext), and result hash. This creates a HIPAA-compliant, tamper-proof audit trail that survives quantum attacks.
Can patients verify their own data was handled correctly?
Yes. Each computation produces a Dilithium-signed receipt that patients can independently verify. The receipt proves what computation was performed, when, and that the result matches the input, without revealing the actual data.
How does H33-Health handle cross-state insurance queries?
FHE enables cross-jurisdiction queries without violating state-specific privacy laws. Since data never leaves encrypted form, no plaintext PHI crosses state boundaries. The computation runs on ciphertext, and only the authorized insurer can decrypt the result.
Is H33-Health compatible with HL7 FHIR?
Yes. H33-Health accepts FHIR R4 resources (Patient, Coverage, Claim, ExplanationOfBenefit) wrapped in an encrypted envelope. The API maps FHIR resource fields to FHE computation slots. Response payloads follow FHIR OperationOutcome format.
What PHI fields are encrypted at rest?
All 18 HIPAA identifiers are encrypted with BFV FHE: name, address, dates, SSN, medical record numbers, health plan IDs, account numbers, certificate numbers, device IDs, URLs, IPs, biometric identifiers, photos, and any other unique identifying characteristic.
TECHNICAL DEEP DIVES

Go Deeper

🏥 HIPAA 2026
Post-Quantum HIPAA: The 2026 Mandate
HIPAA now mandates AES-256 encryption. But AES alone won't survive quantum. Here's the full-stack solution.
Read Full Article →
🧬 FHE
Homomorphic Encryption for Healthcare
Compute on encrypted patient records, run analytics on ciphertext, match PHI without decryption.
Read Full Article →
💊 AI + PRIVACY
Is ChatGPT HIPAA Compliant?
Spoiler: No. But you can use AI on healthcare data safely with FHE. Here's how H33-Health makes it possible.
Read Full Article →

Start Protecting PHI

Start Protecting PHI Talk to Sales

Free tier includes 1,000 units. No credit card required.