Hospital Network Builds Secure RAG Pipeline for Clinical Decision Support
How a provincial hospital network deployed a RAG-based clinical-decision-support tool with PHIPA compliance, embedding-store access controls aligned to source documents, and adversarial testing against indirect prompt injection.
Provincial hospital network
Challenge
The network wanted to deploy a clinical-decision-support tool grounded in the network's clinical documentation library via RAG. Standard RAG pipelines have permissions issues: vector retrieval typically bypasses source-document access control. PHIPA compliance plus regulator scrutiny made this unacceptable.
What CWS did
CWS designed the access-control layer between the vector store and the LLM. Retrieval requests were authenticated and scoped to the requesting user's permissions, mirroring source-document ACLs. CWS ran adversarial testing against indirect prompt injection from chunks. Audit logging captured every retrieval with the requesting user, returned chunks, and final response.
Outcome
Tool deployed across the network with PHIPA evidence accepted by privacy officer. Clinical staff use the tool with appropriate scope. Audit trail satisfies privacy commissioner expectations.
Calibrate your starting position.
Every CWS case study starts with the AI Posture Check. Run it now in 10 minutes.
Take the AI Posture CheckReady to talk about your AI security program?
Schedule a Discovery Call with a CWS engineer.
Schedule a Discovery Call