MedRecords AI installs on your firm's hardware. Run inference fully locally via Ollama, or through your firm's own AWS Bedrock account under your firm's BAA — you choose per case. Productivity AI does not operate a cloud endpoint that receives your PHI.
Most cloud platforms route your clients' medical data through their multi-tenant servers and third-party AI providers. MedRecords AI runs on your firm's hardware and routes inference either to a local LLM or directly to your firm's own AWS Bedrock account — never through a Productivity AI server.
See exactly how MedRecords AI's on-premise architecture protects your firm.
| Aspect | Cloud AI Platforms | MedRecords AI |
|---|---|---|
| Where data is processed | Third-party cloud servers | Your computer |
| Who can access your data | Cloud provider, subprocessors | Only your firm |
| Data in transit | Uploaded to vendor cloud | Ollama: stays on your machine. BYO-AWS Bedrock: TLS-encrypted to your own AWS account |
| Air-gapped option | ✗ No | Yes (Ollama local AI) |
| BAA required | Vendor BAA required (often unavailable) | Ollama: no BAA required. BYO-AWS Bedrock: your own AWS BAA (no vendor BAA with Productivity AI) |
| Audit trail | Vendor-controlled | You control the logs |
| Breach risk | Shared infrastructure | Isolated to your machine |
| Data retention | Vendor decides | You decide |
| If vendor goes bankrupt | Lose access to everything | Software keeps running |
Choose the AI backend that matches your firm's security requirements.
Fast inference through your firm's own AWS Bedrock account. The AWS SDK negotiates TLS to AWS endpoints (modern AWS endpoints negotiate TLS 1.3 by default). Under the AWS BAA between your firm and AWS, Bedrock does not retain inference data or use it to train models. Productivity AI is not in the data path.
Best for speedInstall open-source AI models on your own hardware. Inference runs entirely on the workstation — no inference data leaves the machine. License activation and (optional) telemetry / update checks still require a brief internet connection unless explicitly disabled in Settings.
Best for securityUse cloud AI for routine cases, local AI for sensitive cases. Switch per-case based on your firm's risk tolerance.
Best of bothOn-premise AI is not a feature. It's a requirement for firms handling the most sensitive records. Unlike EvenUp and DigitalOwl, no vendor security risk.
Stop paying $500/case to cloud vendors. Own your AI tool outright for a one-time fee. Process unlimited cases on your own machine — no per-case fees, no subscriptions, no vendor lock-in.
Handle veterans' medical records under your agency's own AI deployment choice: Local-Only (Ollama) for fully air-gapped processing where no data leaves government-approved infrastructure, or BYO-AWS GovCloud / Bedrock under the agency's own BAA. No data flows to any Productivity AI server.
The most sensitive PHI in litigation — patient records showing medical errors, mental health notes, substance abuse treatment. Keep it on your machine, under your control.
Deploy MedRecords AI on your internal network. Multiple attorneys and paralegals access through their browser, but data stays within your firewall. No VPN to a third party required.
Every layer of MedRecords AI is designed with security as the default, not an add-on.
Vault files are encrypted using Fernet authenticated encryption (AES-128-CBC for confidentiality plus HMAC-SHA256 for integrity verification). Encryption keys are stored in the operating system's credential store (Windows Credential Manager / macOS Keychain) and never co-located with the encrypted data.
When the firm routes inference through its own AWS Bedrock account, the AWS SDK negotiates TLS (modern AWS endpoints negotiate TLS 1.3 by default). Under the AWS Business Associate Agreement, Bedrock does not retain inference data or use it to train models. AWS Bedrock is HIPAA-eligible.
Audit entries are signed with HMAC-SHA256. SQLite triggers reject any DELETE or UPDATE on the audit-log table, so once an entry is written it cannot be modified or removed from inside the application. Audit logs are retained for six years by default.
Session-based authentication with bcrypt-hashed passwords (no plaintext stored), rate limiting, double-submit-cookie CSRF protection, and optional TOTP two-factor. The application binds to 127.0.0.1 by default; LAN exposure is opt-in and surfaces a persistent UI warning when enabled.
License activates with a one-time online check. After activation, a lightweight monthly check-in ensures license validity with a 60-day grace period for offline operation.
Anonymous aggregate usage metrics (version, uptime) are reported daily for product improvement. No case data, no file names, no PHI is ever transmitted. Telemetry can be disabled in Settings.
The application and your records install on your own machine even during the free demo. 14 days, full features, no credit card.