Three Gates

Your workforce is already using AI. Three Gates is the layer where your AI policy actually runs.

Three Gates is the runtime control plane for AI in healthcare organizations. Define what your AI is allowed to do, which systems it can access, which data it can see, what requires human approval, and Three Gates enforces those rules on every request, with an audit trail that proves it.

For security and compliance leaders

See the architecture in action

For security and compliance leaders asking: how does this actually enforce policy at runtime?

Watch the control plane enforce policy on a real clinical request, then step through it yourself.

For organizational diagnosis

Diagnose your organization's posture

For leaders asking: where is our workforce already exposed?

A scenario-based readiness assessment that maps your current AI exposure against the controls auditors, carriers, and your board are asking about. Setup takes five minutes; your team's responses come in over time.

For specific scenarios

Talk through your scenario

For teams asking: would this work for our clinical, operational, or vendor workflow?

Book a session to see Three Gates run against your specific clinical or operational AI use case.

The problem is already here

81% of U.S. physicians now use AI in their practice.

AMA Physician Survey on Augmented Intelligence, 2026. More than double the 38% adoption rate reported in 2023.

Shadow AI isn't a future problem. It's happening now. Common physician use cases include clinical documentation, chart summarization, and assistive diagnosis. Workflows that by definition involve patient data. Staff are using ChatGPT, Copilot, and other consumer AI tools because nobody gave them a governed alternative.

And the gap between what staff are doing and what the organization's AI policy actually enforces keeps widening. Three Gates is built to close that gap at runtime, not in a document.

What governed AI actually looks like

A clinician asks an agent to prepare a patient for discharge. The control plane detects sensitive identifiers, tokenizes them before any AI sees the raw values, gates tools that fall outside the configured scope, and routes the approved actions through human review where required. Every step is in the audit trail. Here's a 90-second walkthrough.

Demo Theater

Clinical discharge request

Live policy path
1
Sensitive identifiers detected
2
Raw values tokenized before AI
3
Out-of-scope tools blocked
4
Human review required where configured
5
Every decision written to the audit trail
Request approved
Review required
Tool blocked

What enforcement actually means

Three Gates is one runtime that enforces policy across every AI surface your organization uses. Each capability below is a category of policy that runs on every request, not a feature your team has to remember to apply.

What you can see

PHI Detection

A multi-layer cascade scans text and images for detected PHI, PII, and clinical identifiers in real time.

Read more

What's allowed

Authorization

Org-aware access controls and purpose-of-use binding determine which users, intents, and tools are allowed on each request.

Read more

Where it runs

Secure AI Chat

A governed chat surface applies detection, tokenization, policy checks, and BAA-covered routing before AI invocation.

Read more

What's recorded

Audit Logging

A structured audit trail records policy decisions, routing, review steps, and risk events for incident reconstruction.

Read more

How it stays current

Compliance Automation

Scheduled reports, policy versioning, risk event detection, and executive summaries help teams keep controls reviewable.

Read more

Choose the entry point that fits the question in front of you.

Use the control plane walkthrough for architecture review, the assessment for organizational posture, or a founder session for a specific clinical or operational scenario.