"Embedix passed our security review in one pass. That's never happened with a RAG tool before."
Meridian Health runs 12 hospitals across New England and treats over 400,000 patients a year. Their clinical teams wanted AI to help with research and documentation, but every previous RAG pilot had been killed by the security team. Then they tried Embedix.
Before Embedix, Meridian's AI team had run three separate RAG pilots. Each one passed initial testing and failed security review. The reasons were always the same: no way to prove which patient record was used in a given answer, no mechanism to revoke access when staff changed roles, and audit logs that didn't meet HIPAA requirements.
Every pilot that died cost the team three to six months. After the third failure, leadership was close to shelving the entire program.
"Our CISO would ask one question: 'Show me the audit trail for a single retrieval.' No tool we tried could answer it cleanly."
The biggest surprise was how quickly permissions synced from Epic and SharePoint. Meridian has thousands of staff across clinical and administrative roles, and access changes constantly. Previous tools required weekly batch jobs that always left a 24-48 hour window where stale permissions could leak data.
Embedix syncs via webhooks. When a resident finishes a rotation, their access to the relevant patient cohort updates within minutes.
The real test was the HIPAA audit export. Meridian's compliance team needed to run test queries, see exactly which documents were retrieved, with what confidence scores, and be able to export everything for external auditors. Embedix had this built in as a first-class feature, not bolted on.
The security review took two weeks. The previous tools had taken six months and still failed.
"We didn't have to retrofit compliance. It was already there."