Governance infrastructure

Patient identity
never leaves.

The centralised data privacy & governance platform for Australian healthcare. Anonymise, govern and audit every modality before it reaches an AI service.

DICOM PS3.15HL7 / FHIROAIC AlignedAU Data Residency

Secuva · live de-identification pipeline

Illustrative · de-identified preview

PixelIQ · DICOM CT study

Patient name████████████stripped

Patient identifier█████████████stripped

ModalityCTretained

Study descriptionChest w/ contrastretained

ClinicalIQ · clinical message

Identifierpseudonymised

Encounterlocation & physician redacted

Observationclinical value preserved

GenomeIQ · VCF file · de-identifiedde-identified

Sample identifier → pseudonymised

Individual metadata → redacted

Variant record header → policy-checked

Variant record → de-identified

3 modalities processed · 0 raw PHI in transit · audit log written

Built around the standards Australian healthcare actually uses

DICOM PS3.15-alignedHL7 FHIR R4OAIC De-identification GuidancePrivacy Act 1988 (Cth)My Health Records Act 2012ISO 27001:2022 alignmentHREC submission readyEssential Eight (ACSC)AU sovereign cloud infrastructureDICOM PS3.15-alignedHL7 FHIR R4OAIC De-identification GuidancePrivacy Act 1988 (Cth)My Health Records Act 2012ISO 27001:2022 alignmentHREC submission readyEssential Eight (ACSC)AU sovereign cloud infrastructure

100%

Australian data residency

Sovereign AU infrastructure

Comprehensive

DICOM PS3.15 attribute coverage

Anonymised by default

Zero

Raw PHI in transit

Removed on-prem

Inline

Low-latency pipeline

Runs at the edge

The problem

Healthcare AI is moving fast.
Patient identity is moving with it.

SECUVA^™ lets healthcare teams accelerate AI without sacrificing compliance - by removing patient identity from every clinical surface before it leaves your network.

Identity leaks at the edges

Header fields, burnt-in pixel overlays, free-text clinical notes - every modality hides identity in surfaces standard pipelines miss.

Manual de-id doesn't scale

One-off scripts and PACS export settings don't survive multi-modal AI workflows or a regulator's audit.

Proof is missing

Boards, HRECs and regulators want defensible evidence. Most teams can't produce it from email chains and spreadsheets.

Healthcare Organisation network · on-prem

PACS / DICOM

EMR / FHIR

Research DB

↓ raw clinical data ↓

SECUVA Layer

anonymise · validate · route · govern

PixelIQSlideIQGenomeIQCardioIQClinicalIQSignalIQ

governed output only · patient identity never leaves your firewall

SECUVA control plane · AU sovereign cloud

Policy engine

Audit trail

Routing rules

↓ approved recipients only ↓

AI vendor

de-id data only

Researcher

HREC approved

Internal model

within perimeter

The platform

One privacy layer between
your data and every AI service.

SECUVA runs entirely within your environment, under your control, paired with an Australian cloud-hosted control plane. PHI is removed where it lives. Only governed, auditable outputs ever cross your firewall.

Raw PHI never crosses your firewall

Australian data residency, sovereign control plane

Connects to PACS, EMR, FHIR, research systems and AI vendors

Every action recorded in a tamper-evident ledger - independently verifiable

How it works

Four steps. Zero raw PHI in transit.

Connect

SECUVA agent registers as a DICOM node, HL7 listener, and FHIR proxy inside your network - minimal network configuration required.

Anonymise

PHI removed from headers, pixel overlays, free-text fields and structured reports using modality-specific PS3.15-aligned profiles.

Govern

Policy engine determines what leaves your perimeter, where it goes, and which AI service is permitted to receive it.

Audit

Every transformation recorded in a tamper-evident ledger. Exportable for OAIC, TGA, HREC, and internal governance review.

The product suite

One platform. Six privacy engines.

Start with the modality you need. Add the rest as your AI footprint grows - same agent, same audit trail.

PixelIQ^™

DICOM anonymisation that runs inside your network. Removes PHI from headers, burnt-in pixel overlays, and structured reports before any image leaves your PACS. PS3.15 aligned. Inline low-latency pipeline.

Explore PixelIQ

SlideIQ^™

Whole-slide image de-identification for digital pathology - imaging metadata, label images, and LIMS barcodes.

Explore SlideIQ

GenomeIQ^™

Population-level controls and variant suppression for VCF, BAM, and FASTQ shared with researchers and AI partners.

Explore GenomeIQ

CardioIQ^™

ECG, echo, and cath lab study de-identification across standard ECG exports, vendor reports, and clinical message wrappers.

Explore CardioIQ

ClinicalIQ^™

HL7/FHIR and free-text EMR de-identification - structured segments and clinical notes.

Explore ClinicalIQ

SignalIQ^™

Physiological signal and ICU monitor de-identification - device headers, session metadata, alarm logs.

Explore SignalIQ

The difference

The day you switch SECUVA^™ on.

Scenario

Without SECUVA

With SECUVA

Scenario

AI vendor requests DICOM data

Without SECUVA

✗Manual export, zip, email - with full patient headers attached

With SECUVA

Automated pipeline: de-identified within your environment, then securely routed through approved pathways.

AI vendor requests DICOM data

✗Manual export, zip, email - with full patient headers attached

Automated pipeline: de-identified within your environment, then securely routed through approved pathways.

Scenario

Researcher needs a study cohort

Without SECUVA

✗IT project, 3–6 months, manual spreadsheet de-id, no audit trail

With SECUVA

Automated cohort build, HREC-exportable audit trail, days not months

Researcher needs a study cohort

✗IT project, 3–6 months, manual spreadsheet de-id, no audit trail

Automated cohort build, HREC-exportable audit trail, days not months

Scenario

OAIC asks what left your network

Without SECUVA

✗"We believe it was de-identified" - no records to show

With SECUVA

Cryptographic log: what, when, who, which profile - exportable in minutes

OAIC asks what left your network

✗"We believe it was de-identified" - no records to show

Cryptographic log: what, when, who, which profile - exportable in minutes

Scenario

New AI vendor onboarding

Without SECUVA

✗Legal review cycle, custom de-id pipeline per vendor, inconsistent output

With SECUVA

Vendor added to allowlist, same pipeline, same audit standard

New AI vendor onboarding

✗Legal review cycle, custom de-id pipeline per vendor, inconsistent output

Vendor added to allowlist, same pipeline, same audit standard

Scenario

Multi-site clinical trial

Without SECUVA

✗Each site uses different scripts, inconsistent PHI removal, no central log

With SECUVA

Same profile deployed everywhere, consistent pseudonymous IDs, central audit

Multi-site clinical trial

✗Each site uses different scripts, inconsistent PHI removal, no central log

Same profile deployed everywhere, consistent pseudonymous IDs, central audit

Built for

Whoever owns patient data in your organisation.

Hospitals & Health Networks

Enterprise privacy governance across PACS, EMR and research - one platform, one audit trail, one defensible answer for your board.

Hospital solutions

Research Institutions

Build ethics-compliant cohorts and share datasets with collaborators - without manual de-identification, without months of IT.

Research solutions

Healthcare AI Vendors

Privacy-aligned data pipelines so your model never touches raw PHI - and your hospital customer never has to worry about the transfer.

AI vendor solutions

Radiology

AI radiology vendor blocked by legal? PixelIQ anonymises DICOM before it leaves your PACS.

See Radiology solutions

Pathology

Digital pathology partner wants your WSI files? The embedded label image still carries patient names.

See Pathology solutions

Cardiology

Cardiology AI ready to onboard? ECG headers carry patient identifiers in every file.

See Cardiology solutions

Genomics

Sharing VCF with research collaborators? Sample IDs alone are not enough.

See Genomics solutions