I've been considering this for a moment and I think that a secure enclave could actually work as an architecture for this. But, as long as someone reverse engineers things like efused keys and doesn't do a press release about obtaining these, I'm not sure how you can be 100% sure with a platform like SGX. It doesn't work well in extreme adversarial settings. 

Instead of “trust me bro we will delete your sensitive data”, I would like to see a method that makes it cryptographically impossible for my data to be leaked. Maybe using a secure enclave?

teemupleb

The "AI Action Plan" mentioned [^1]

> Launch several domain-specific efforts (e.g., **in healthcare**, energy, and agriculture), led
by NIST at DOC, to convene a broad range of public, private, and academic stakeholders
to accelerate the development and adoption of national standards for AI systems and to
measure how much AI increases productivity at realistic tasks in those domains.

[^1]: https://www.whitehouse.gov/wp-content/uploads/2025/07/Americas-AI-Action-Plan.pdf page 5

Didn't Trump just announce something about opening up the medical industry to AI. I imagine it includes changes to HIPA.

kepford

optimism

ISO 27k1 is a process standard (like 9001 and countless others) and not an information security standard per-se. It says something about the security organization and its processes, but very much about the security of your data.

Article on Doctors Using AI in Practice

Data safety is a massive concern. 

ISO 27k1 is a process standard (like 9001 and countless others) and not an information security standard per-se. It says something about the security organization and its processes, but very much about the security of your data.