PatientVault

When I got rejected from NYU I was sad, when they leaked my SSN I was a but pissed. So now Im picky with my PPI. And what more secure then never touching the internet

Comment

Inspiration

I applied to NYU with aspirations of going there. They rejected me, then they leaked my and many others social security numbers. Now I trust no institution or individual to protect my data. The only way to insure my data stays safe is if it never touches the internet. But my doctor needs to ask me questions about my health and I need to be able to reply and receive documents from him. This is my solution.

What it does

PatientVault is a secure, patient-controlled system for sharing personal health information with providers. It has two parts:

Provider web frontend — Providers log in, manage linked patients, send encrypted messages, questionnaires, and documents (PDFs, images, Word files, etc.), and view an activity log of what they sent. Everything is encrypted in the browser before it reaches Supabase.

Patient USB app — A portable Ubuntu app that runs from a USB drive. The patient’s keypair, vault, and app live on the drive; unplugging it removes patient data from the host machine. The app decrypts provider payloads locally, stores them in a personal vault, and offers a conversational AI agent (voice in, voice out) that can walk through questionnaires, summarize records, and answer questions — all offline after initial sync.

Patients set guardrails (natural-language rules plus tagged private entries) so that when a provider uses the USB during a visit, the AI only shares what the patient allows. Both sides can record meetings; transcripts are stored locally in the vault.

How we built it

Provider frontend: Svelte 5, Tailwind 4, neobrutalism UI, Supabase (Auth, Postgres, Storage, RLS) USB app: Tauri (Rust backend + Svelte frontend), designed to run portably from the USB without a system install On-device AI: Qwen2.5 7B (Q4) via llama.cpp for conversational tool use; whisper.cpp for multilingual speech-to-text (streaming for chat, batch for meetings); Piper for text-to-speech in English, Spanish, and Mandarin Cryptography: Hybrid X25519 + ML-KEM-768 with AES-256-GCM — post-quantum key exchange plus classical X25519, matching current best practice (Signal, Apple, Google). Patient identity is a keypair on the USB; usb_id is derived from the public key Pairing: Provider generates a 6-digit code; patient enters it on the USB app to link their identity to that provider. Multi-provider support from day one Encryption is the access control: Supabase stores opaque blobs, pseudonymous usb_id hashes, and timestamps — not message content, filenames, or provider identity in plaintext.

Challenges we ran into

Portable USB deployment — Co-locating the binary, models (~4.5GB LLM + voice assets), keys, and vault on a drive that runs on arbitrary Ubuntu machines without a special hardened OS CPU-only AI pipeline — Running a 7B model, streaming STT, and realtime TTS on mid-range hardware (~3–6 tokens/sec for the LLM) Guardrails that actually work — Combining hard data-layer exclusions (private entries never enter the LLM context) with softer system-prompt instructions for nuanced topics Streaming speech quality — Whisper streaming gives live transcripts but shifting partial results; batch mode is better for meeting recordings

Accomplishments that we're proud of

End-to-end encryption where the server is blind to content — only encrypted blobs and hashes cross the wire A portable USB model where data physically travels with the patient and leaves the host when the drive is unplugged A multilingual conversational agent (English, Spanish, Mandarin) that can fetch vault data via tools, walk through questionnaires turn-by-turn, and respect patient guardrails during provider sessions

What we learned

I learned about post quantum cryptography, how to boot securely from a usb and how to run a local model on only the cpu

What's next for PatientVault

USB loss and recovery — Key backup, re-registration flows, and revocation of old usb_id links when a patient gets a new drive or regenerates keys Provider authenticity — ML-DSA (FIPS 204) signatures so patients can verify payloads came from a registered provider Polish and scale — Finalize Spanish locale variant, improve streaming STT stability, and harden the portable asset pipeline for easier setup on new drives

Built With

  • hybrid-post-quantum-encryption-(x25519
  • ml-kem-768
  • piper-tts
  • rust
  • supabase
  • svelte-5
  • tailwind-css-4
  • tauri-2
  • whisper.cpp
Share this project:

Updates