Does Cachee meet HIPAA requirements for cached ePHI?

Yes. Cachee satisfies HIPAA 45 CFR 164.312 requirements: access controls via Owner/Regulator/Auditor key types (164.312(a)), audit logging via hash-chained tamper-evident audit trail (164.312(b)), integrity controls via three PQ signatures (164.312(c)), and transmission security via in-process architecture with zero network exposure (164.312(e)).

How does post-quantum cryptography affect healthcare systems?

Post-quantum keys are 10-100x larger than classical keys. ML-DSA-65 signatures are 3,309 bytes vs 64 bytes for Ed25519. Healthcare systems that cache session tokens, certificates, or signed data will see Redis latency scale linearly with these larger payloads. Cachee reads at 31 nanoseconds regardless of payload size — constant latency at any PQ key size.

Can Cachee replay healthcare audit trails?

Yes. Every state change is recorded in a hash-chained audit log. The AUDITLOG command reconstructs the full lifecycle of any cached value from genesis to current state. AUDITVERIFY validates the entire chain integrity in one command. This satisfies HIPAA's 6-year record retention requirement with tamper-evident, independently verifiable proof.

Healthcare & Life Sciences

Verifiable Encrypted Healthcare Infrastructure

Healthcare systems verify identity, authorization, and clinical data by exposing Protected Health Information. Post-quantum cryptographic caching changes that. Proof-based trust replaces exposure-based trust.

31ns

Cache read latency

3 PQ

Signature families

HIPAA

45 CFR 164.312

24KB

Self-verifying bundle

What Breaks

Healthcare Verification Requires Exposure

Every clinical system today verifies by exposing. To check a patient's allergy before prescribing, the system fetches the full allergy list — exposing every allergy to the cache layer, the network, and every intermediate service. To verify insurance eligibility, the system pulls the patient's full coverage record. To check drug interactions, the system reads the complete medication list.

This model worked when cache infrastructure was trusted internal plumbing. But two shifts make it unsustainable:

Post-Quantum Key Sizes

NIST PQ migration (CNSA 2.0, deadline 2030) replaces 64-byte Ed25519 signatures with 3,309-byte ML-DSA-65 signatures. Cached session tokens, certificates, and signed clinical data grow 50x. Redis latency scales linearly with payload — at 3,309 bytes, each read costs 440us instead of 310us. At 100K clinical lookups per second, that's 44 CPU-seconds of blocking per wall-clock second.

AI Clinical Inference

Clinical AI systems — radiology assist, sepsis prediction, drug interaction engines — cache inference results for performance. But cached AI outputs are ePHI under HIPAA. A cached radiology classification is a medical record. A cached sepsis risk score is a clinical judgment. These need audit trails, provenance, and tamper-evidence. Redis provides none.

What Leaks

Current Infrastructure Exposes What It Should Protect

Redis stores every cached value in plaintext memory. No encryption at rest. No per-key access controls. No audit trail of who read what. No integrity verification. If an attacker accesses Redis memory — through a compromised sidecar, a shared VPC, or a memory dump — every cached patient record, session token, and clinical result is exposed in cleartext.

ElastiCache adds EBS encryption (disk-level), but memory is still plaintext. The "encryption at rest" marketing claim doesn't protect in-memory data. And neither Redis nor ElastiCache can answer the question every HIPAA auditor asks: "Can you prove this cached value hasn't been modified since it was stored?"

The HIPAA Audit Gap

HIPAA 45 CFR 164.312(b) requires "audit controls" — mechanisms to record and examine access to ePHI. Your database has audit logging. Your application has access logs. But your cache? Redis has zero audit capability. Every cached ePHI read is unlogged, untracked, and unverifiable. That's a finding waiting to happen.

What Changes

Proof-Based Trust Replaces Exposure-Based Trust

Cachee changes the verification model. Instead of exposing PHI to verify it, Cachee stores signed, fingerprinted computation results that can be verified without reading the underlying data.

Every Value Is Signed

Three independent post-quantum signature families (ML-DSA-65, FALCON-512, SLH-DSA) sign every cached entry. Modification is detectable. Authenticity is provable. No trust assumption required.

Every Computation Is Fingerprinted

SHA3-256(input_hash || computation_hash || parameter_hash || version || hardware_class) — the fingerprint binds every result to its exact inputs. Change the patient record, the model version, or the parameters, and the fingerprint invalidates. Stale clinical data cannot be served.

Every Access Is Hash-Chained

Tamper-evident audit log. Every read, write, and state transition is recorded with the hash of the previous entry. Delete an entry? Detectable. Modify an entry? Detectable. Reorder entries? Detectable. HIPAA 164.312(b) satisfied by architecture, not by add-on logging.

Every Result Is Replayable

AUDITLOG reconstructs any cached value's full lifecycle from creation to current state. "What was in cache at 2:00 PM last Tuesday?" is one command. Temporal versioning meets HIPAA's 6-year retention requirement with cryptographic proof, not just database backups.

PHI integrity is no longer a policy. It's a mathematical property of the storage layer.

Verify This

Clinical Cache Verification — Live

cachee-healthcare-demo

[1/5] Caching clinical decision: drug interaction check Patient: MRN-4829173 | Drug: Warfarin + Aspirin Result: INTERACTION_DETECTED (severity: high) [2/5] Creating computation fingerprint... Engine : clinical-cds/3.2.1 Input : SHA3(patient_meds || drug_db_v42 || interaction_rules_v7) Hardware : Deterministic [3/5] Signing with 3 post-quantum families... ML-DSA-65 : 3,309 byte signature FALCON-512 : 656 byte signature SLH-DSA : 17,088 byte signature [4/5] Verifying (no Cachee. no H33. no network.)... ML-DSA-65 : PASS FALCON-512 : PASS SLH-DSA : PASS RESULT: VALID Signed. Fingerprinted. Independently verifiable. This is not cached data. This is proven clinical work. [5/5] Audit trail: AUDITLOG MRN-4829173-warfarin-interaction → Created 2026-05-23T08:15:00Z (CDS engine v3.2.1) → Verified 2026-05-23T08:15:01Z (3/3 signatures PASS) → Read 2026-05-23T08:22:14Z (Dr. Chen, Cardiology) → Read 2026-05-23T09:01:33Z (PharmD review) Chain: INTACT (4 entries, head=a7f3c91b...)

Run it yourself: brew install cachee && cachee-gold-demo

What Becomes Possible

Healthcare After Verifiable Infrastructure

Compliance Without Disclosure

Prove a drug interaction check was performed without exposing the patient's medication list. The computation fingerprint proves the check happened. The signature proves the result is authentic. The underlying PHI stays encrypted.

AI Inference Audit Trails

Every cached AI clinical output carries provenance: which model, which version, which training data, which input produced this result. When the EU AI Act or FDA requires traceability for clinical AI decisions, the audit trail is already built into the cache layer.

Post-Quantum Readiness

CNSA 2.0 mandates PQ migration by 2030 for federal systems. Healthcare systems touching Medicare, VA, or federal programs will need PQ-signed credentials. Cachee is already PQ-native — no migration required. Every entry signed by FIPS 204 (ML-DSA-65) and FIPS 205 (SLH-DSA) today.

Replayable Medical Records

Reconstruct the exact state of any cached clinical data at any point in time. When a malpractice case asks "what did the system show the physician at 2:14 PM?", the answer is one command: AUDITLOG. Tamper-evident. Independently verifiable. Admissible.

HIPAA Technical Safeguard Mapping

HIPAA Requirement	CFR Reference	Cachee Implementation
Access controls	164.312(a)	Owner/Regulator/Auditor key types + AUTH enforcement
Audit controls	164.312(b)	Hash-chained audit log, Merkle anchoring, AUDITVERIFY
Integrity controls	164.312(c)	3 PQ signatures per entry, computation fingerprint
Person authentication	164.312(d)	SHA3-256 key validation, per-key permissions
Transmission security	164.312(e)	In-process (zero network exposure for reads)

Frequently Asked Questions

How does Cachee protect PHI in cache?

Every cached value is signed by three independent post-quantum signature families. The computation fingerprint binds each result to its exact inputs. PHI integrity is cryptographically guaranteed. In-process deployment means PHI never leaves your VPC boundary.

Does Cachee meet HIPAA requirements?

Yes. Cachee satisfies all five HIPAA Technical Safeguard requirements under 45 CFR 164.312: access controls, audit controls, integrity controls, person authentication, and transmission security. See the mapping table above.

Can I replay cached clinical data at a specific point in time?

Yes. The AUDITLOG command reconstructs the full lifecycle of any cached value. Temporal versioning supports point-in-time queries. This satisfies HIPAA's 6-year record retention with cryptographic proof of integrity.

What happens when a PQ algorithm is deprecated?

Cachee uses three independent PQ families. If one is deprecated, entries transition to "Deprecated" state but remain valid under the 2-of-3 rule. The weakened family is replaced at next key rotation. Zero downtime, zero compliance gap.

Related Infrastructure

One architecture. Many manifestations.

Verifiable Healthcare Infrastructure

Deploy Cachee in your VPC. PHI never leaves your boundary.
Every value signed. Every access audited. Every result replayable.

Get Started Free Compliance & Audit →