Skip to main content
Healthcare / Multi-Site Operations

SecureAI Platform — Secure On-Prem GenAI Platform

~9,000 employees, ~400 clinics/hospitals

Thousands of hours saved

The Challenge

  • Need for AI capabilities that don't expose sensitive operational data to external cloud LLMs
  • Disconnected knowledge bases across departments with no unified search or retrieval system
  • Strict compliance requirements preventing adoption of cloud-based AI solutions like ChatGPT or Copilot
  • Multiple departments (IT, Clinics, Marketing) requesting AI tools with no shared platform strategy

The Approach

Our Approach

The engagement started with a rigorous assessment of the organization's data sensitivity requirements, existing infrastructure, and departmental AI use cases. The core constraint was non-negotiable: zero data could leave the organization. This ruled out every major cloud AI platform and required a fully on-premises architecture from the ground up.

Phase 1: Infrastructure & Architecture Design

We designed a modular platform architecture with clear separation of concerns: a Next.js/React frontend for the user interface, a Python API layer for orchestration and business logic, an on-premises LLM for inference, and a Supabase vector store for retrieval-augmented generation. The SharePoint ingestion pipeline was built to automatically index organizational documents — policies, procedures, clinical protocols — into the vector store without manual intervention.

Azure AD SSO integration was implemented from the first sprint, ensuring that every user interaction was authenticated and that role-based access controls (RBAC) and row-level security (RLS) governed which knowledge bases each department could access.

Phase 2: Department-by-Department Rollout

Rather than a big-bang launch, we rolled out department by department:

  • IT Operations first — the most technically receptive team, providing early feedback on retrieval accuracy and response quality
  • Clinics/Practices second — the highest-volume use case, requiring domain-specific RAG tuning for healthcare terminology
  • Marketing third — demonstrating cross-department extensibility with brand guidelines and campaign knowledge bases

Each rollout phase included a feedback loop where retrieval accuracy was measured, embedding models were fine-tuned, and edge cases were resolved before proceeding to the next department.

Phase 3: Multi-Agent Workflows & Optimization

With the core platform stable, we introduced multi-agent workflows — specialized AI agents that could chain together document retrieval, summarization, and action recommendations. This enabled more complex use cases like policy comparison, incident triage assistance, and onboarding knowledge packages.

The platform now serves three departments with HR expansion planned, processes thousands of queries weekly, and has maintained its core promise: zero sensitive data has ever left the organization.

System Architecture

Technology Stack

Next.jsReactPython APIOn-Prem LLMSupabase Vector StoreSharePoint IngestionAzure AD SSORBAC/RLS

Key Outcomes

<0

Months to Production

Enterprise AI capability deployed from initial assessment to full production in under 6 months

0

Data Leaves the Org

100% on-premises deployment ensures zero sensitive data exposure to external cloud services

Thousands

Hours Saved Annually

Time savings from automated knowledge retrieval across clinical and administrative teams

0+

Departments Served

IT, Clinics/Practices, and Marketing live with HR expansion planned

What Made It Different

  • On-premises constraint met without compromising user experience — staff interact with a modern chat UI indistinguishable from cloud tools
  • Modular multi-agent architecture extensible to new departments without re-architecture or redeployment
  • Role-based domain governance ensuring each department only accesses knowledge bases relevant to their function
  • SharePoint ingestion pipeline that automatically indexes new documents without manual intervention

Lessons & Transferable Patterns

  • On-prem LLM deployment requires early infrastructure alignment with IT — GPU provisioning timelines can bottleneck the project
  • Domain-specific RAG tuning for healthcare terminology significantly outperforms generic embedding models
  • Phased department-by-department rollout builds internal champions and surfaces edge cases before enterprise-wide launch
  • Integrating Azure AD SSO from day one eliminates adoption friction and enforces access controls automatically

Related Services

Enterprise AI & GenAI Platforms

End-to-end AI platform architecture and deployment

Learn more

On-Prem RAG Systems

Secure retrieval-augmented generation for sensitive data

Learn more

Facing a similar challenge?

Start with a discovery call to discuss your challenges and explore how we can help transform your operations.

Book a Discovery Call