HoundShieldHoundShield
Products by industry

One firewall · Every compliance framework · One deployment

🔒
Technology
SOC 2 · AI Governance

Engineers pasting API keys and source into Copilot and ChatGPT.

❤
Healthcare
HIPAA · 45 CFR 164

Clinicians pasting patient records into AI for documentation.

⛨
Defense
CMMC L2 · NIST 800-171

DoD contractors leaking CUI into AI proposal tools.

💼
Legal & Finance
SOC 2 · PCI DSS

Lawyers and analysts sharing privileged data with AI.

🌐
Five Eyes / Global
DISP · ASD Essential 8

International suppliers navigating AUKUS and allied frameworks.

🏛
Government
FedRAMP · FISMA

Agencies adopting AI without a compliant data framework.

SOC 2 · HIPAA · CMMC L2 · 16 engines · <10msStart free — all frameworks →
How it worksPricingDocsBlog
14,363 interceptedSign inStart free

Healthcare · HIPAA · 45 CFR Part 164

Clinicians paste PHI into AI every day. Make it a non-event.

Documentation, billing and summarization tools are too useful to ban — but every patient record pasted into them is a HIPAA disclosure. HoundShield detects PHI on your hardware and blocks or quarantines it before it reaches any model, satisfying minimum-necessary and audit requirements.

Start freeSee pricing

What it is

A local proxy that scans every AI prompt for protected health information before it leaves your facility's network.

Who it's for

CISOs, compliance officers and privacy leads at hospitals, clinics, payers and digital-health companies.

How you use it

Route your documentation AI through HoundShield. PHI is held for human review or stripped — clinicians keep working.

What it detects for you

MRN / patient IDICD / diagnosis codesPatient names + DOBSSNInsurance / member IDsLab & imaging resultsPrescriptionsProvider NPI

How it works

  1. 01

    Route documentation AI through HoundShield

    One URL change for your scribe, coding or summarization tool.

  2. 02

    PHI is blocked or quarantined

    The exact identifier is flagged on-device; nothing reaches the model unreviewed.

  3. 03

    Audit-ready for OCR

    Tamper-evident logs map to 45 CFR 164 access & disclosure requirements.

How HoundShield supports HIPAA (45 CFR 164)

Control / requirementHow HoundShield maps to itStatus
164.312(a)(1) — Access controlPHI blocked before it can be disclosed to a modelEnforced
164.312(b) — Audit controlsTamper-evident log of every prompt decisionLogged
164.502(b) — Minimum necessaryPHI stripped or held for review before the model sees itEnforced
164.308(a)(6) — Incident responseReal-time alerts when PHI is caught in a promptAlerted

Common questions

Do you receive our PHI? Is a BAA needed?+

Detection runs on your hardware and we never receive PHI, so HoundShield isn't a typical cloud BAA exposure — and we still sign a BAA on paid plans.

Will it block clinicians from working?+

No. Clean prompts pass through; only PHI is held for review or stripped, so documentation keeps flowing.

Does it cover ambient scribe and coding tools?+

Yes. Any AI tool that speaks the OpenAI API can be routed through the gateway, including scribe, medical-coding and summarization assistants.

How is quarantined PHI stored?+

Quarantined content is encrypted at rest with AES-256 and only released after human review. Raw prompt content is never stored in plaintext.

HIPAA settlements have reached $16M

HHS OCR penalties run from tens of thousands into eight figures (Anthem settled for $16M). Let your team use AI without becoming the next enforcement headline.

Protect PHI
HoundShieldHoundShield

Local-only AI compliance firewall for CMMC Level 2, HIPAA, and SOC 2. Prompt content never leaves your network.

CMMC LVL 2HIPAASOC 2NIST 800-171

Product

  • Features
  • How it works
  • Pricing
  • Changelog
  • Roadmap

Compliance

  • CMMC Level 2
  • HIPAA
  • SOC 2
  • NIST 800-171
  • DFARS 7012

Resources

  • Documentation
  • Blog
  • Partners
  • Contact
  • About

© 2026 HoundShield. All rights reserved.

PrivacyTerms