The platform

Managed infrastructure for moving PHI.

Connect a provider on one side and an authorized partner on the other. Aegis handles encryption, access control, metering, and audit — so neither side builds or maintains the hard parts.

Zero-exposure transfer

Studies move directly from source to destination over an encrypted, access-controlled path. Data is never parked in, or routed through, systems that don't need to see it.

Per-study metering

Every transfer is measured independently and billed per study delivered — verifiable by both parties and resistant to over- or under-reporting.

Tamper-evident audit

A cryptographically chained record of every authorization, access, and delivery. Pass an audit by exporting it — not by reconstructing it.

Compliance built in

Architected to run inside HIPAA and DoD IL4/IL5 boundaries, with customer-managed encryption keys and Business Associate Agreements in place.

Engineered for scale

Multi-gigabyte CT and MRI volumes are handled as single sealed studies, with integrity verified end to end on every transfer.

Drop-in integration

DICOM-native ingest and a simple API. Connect your PACS on one side, your analysis pipeline on the other — we handle everything between.

How it works

Three steps.

Connect, release, deliver. The security, metering, and audit run underneath.

  1. 01

    Ingest

    The PHI provider sends an imaging study to Aegis over an encrypted channel. It's secured at rest under keys the data owner controls.

  2. 02

    Secure relay

    Aegis authorizes a precise, time-bound, single-purpose handoff to the approved partner — and meters it independently as it happens.

  3. 03

    Deliver

    The authorized consumer receives the study, integrity-verified to the byte. Billing settles automatically; the audit trail is sealed.

Technical foundations

Standards-based engineering, not a black box.

The proprietary part is how we meter and verify a transfer without ever touching the payload. Everything around it is built on recognized standards — and you can run it yourself in the live demo.

Transport

TLS 1.2+ end to end. DICOM / DICOMweb ingest directly from your PACS.

Encryption at rest

AES-256 with customer-managed keys (BYOK) via cloud KMS / HSM.

Access

Short-lived, scoped, single-purpose signed URLs — least-privilege and time-boxed.

Integrity

SHA-256 checksum verified end to end on every study — sent equals received.

Audit

Append-only, hash-chained, exportable records — tamper-evident and WORM-capable.

Metering

Delivery measured independently of sender and receiver — never from self-reported volumes.

Infrastructure

U.S. sovereign cloud (Azure Government). FedRAMP-aligned, IL4 / IL5-ready.

Data disposal

Automatic, irreversible destruction on expiry or view limit — every disposal logged.

Run the live demo

See it move, end to end.

Walk through a release-to-destruction exchange, or talk to us about connecting your systems.

Request access

Available to U.S.-based organizations only.