How Yma Health Used Super Protocol to Deploy AI on Real Patient Data Across Clinics and EHR Platforms
Empowering clinics and EHR providers to unlock real-world AI on sensitive medical data – without changing systems or exposing identities
Super Team
Overview
Clinics and EHR vendors across the UAE wanted to bring AI into their daily workflows – for triage, documentation support, treatment optimization, and analysis of patient histories. But they couldn’t: Protected Health Information (PHI) could not leave their systems, anonymization was unreliable, and external AI services required exporting raw identifiers.
Yma Health, using Super Protocol’s decentralized confidential AI cloud, introduced a new approach: its “VPN for Healthcare” – an anonymization middleware that enables hospitals to apply advanced multimodal models such as Google MedGemma-27B to real patient data without exposing identities or changing existing systems.
All processing runs inside secure, attested confidential-computing environments, ensuring full privacy and regulatory compliance. For large-model inference, NVIDIA B200 (Blackwell) GPUs from Nebius AI Cloud were onboarded to Super Protocol and operated in confidential mode.
Overall Results
- Clinics keep their existing EHRs – no system modifications or workflow redesign required.
- PHI never leaves protected, hardware-isolated environments, ensuring confidentiality by design.
- AI becomes a compliant and seamlessly accessible part of clinical workflows, expanding capabilities without increasing risk.
- Patient privacy remains fully protected, as all sensitive data is processed only inside secure, attested environments.
Partner Perspective: Yma Health
“Super Protocol's TEE technology helped us solve a fundamental challenge in medical data transfer. Previously, we had to write extensive custom anonymization code. Now, Google’s medical AI model MedGemma handles this within the secure environment. I'm confident this approach will soon become standard across the health tech industry.”
— Sergei Savvov, Co-founder & Chief Technology Officer, Yma Health
Two real customers. Two different challenges. One confidential AI path forward.
1. Simplex Himes (EHR Provider): AI for Every Connected Clinic
Customer Overview
Simplex Himes is a certified EHR provider in the UAE serving multiple clinics. Their EHR is the primary system clinics use to manage patient care. The platform stores full longitudinal medical records — diagnoses, lab results, medications, visit notes, and timelines — forming the core clinical history for each patient and making it the natural place for any AI functionality to operate.
Their Challenge
Although Simplex’s longitudinal medical records were ideal for powering advanced AI features, DHA regulations prohibit sharing these records “as is” with external AI services. Under DHA policy, data remains personal unless both direct identifiers and quasi-identifiers are removed – meaning traditional de-identification was insufficient for AI use: combinations of dates, events, demographics, and rare diagnoses could still re-identify a patient.
This created three blockers:
- Simplex could not roll out AI-powered features across its network without taking on compliance risk.
- Clinics expected modern AI assistance but could not adopt external AI applications – those would require sending PHI outside the clinic – and neither they nor Simplex could realistically alter certified EHR workflows without significant cost and disruption.
- Simplex needed a way to embed AI directly into the EHR – across all connected clinics – without exposing PHI and without modifying their certified platform architecture.
What Changed With Yma + Super Protocol
Using Yma’s “VPN for Healthcare” running on Super Protocol’s confidential, zero-trust architecture across multiple cloud providers, Simplex added AI capabilities as a drop-in upgrade to their EHR.
Key improvements enabled by Super Protocol:
- Every stage – transport, preprocessing, anonymization, and AI inference – runs inside a continuously verified, hardware-protected confidential environment inaccessible to any provider or participant.
- All records travel through Super Protocol’s confidential tunnels into a hardware-isolated secure environment for preprocessing.
- Yma’s anonymization middleware prepares each record inside this protected environment.
- No custom anonymization code is needed – identifiers and quasi-identifiers are removed automatically within the protected workflow.
- The anonymized clinical context is then routed into Super’s hardware-isolated secure environment for confidential AI inference, running on NVIDIA Blackwell GPUs from Nebius AI Cloud.
- PHI never leaves Super Protocol’s confidential architecture – and is inaccessible to all providers, including Simplex, Yma, Super Protocol, Nebius, or the preprocessing provider.
- Clinics continue using their EHR as usual, with AI available as an added capability that does not alter existing workflows.
- Full compliance with Dubai/DHA data protection requirements is preserved across the entire multi-provider architecture.
Impact
- EHR functionality expands without altering the certified platform.
- Clinics gain AI-assisted workflows with zero workflow disruption.
- New insights – triage support, clinical summaries, and risk flags – become available through anonymized data.
- Regulatory requirements become a competitive advantage for Simplex.
Quote
“Yma and Super Protocol finally solve secure data transfer – now we share medical data confidently, knowing it’s fully protected.”
— Giri Rajan, CTO and Managing Director, Simplex Himes
2. JointSpace Clinic (Physical Therapy): Better Care Without Losing Patient Trust
Customer Overview
JointSpace is a physical therapy clinic that has accumulated years of rehabilitation outcome data – highly valuable for improving treatment plans and clinical decision-making, but too sensitive to send into third-party AI services.
Their Challenge
JointSpace wanted to use AI on full rehabilitation histories, but:
- DHA rules prevented sending raw records to external services.
- Partial de-identification wasn’t enough: dates, sequences, rare conditions, and demographics still carried re-identification risk – limiting the usefulness of any AI analysis.
- The clinic needed to preserve existing workflows without adding new tools.
They needed AI insights – without moving PHI outside the clinic and without redesigning their processes.
What Changed With Yma + Super Protocol
With YMA’s “VPN for Healthcare” running on Super Protocol, JointSpace could finally apply AI safely to its full rehabilitation histories.
- Clinicians continue using their existing interface – the privacy layer is fully invisible.
- Patient records are automatically anonymized inside a protected, attested confidential environment.
- MedGemma-27B analyzes histories, comorbidities, and progress inside the same secure environment.
- Only anonymized, clinically meaningful AI results return to the clinic – raw PHI never leaves the confidential environment or becomes visible to any provider.
Impact
- For the first time, JointSpace can safely leverage advanced AI while maintaining full regulatory compliance.
- Full rehabilitation histories can be analyzed with preserved context – enabling deeper, more accurate insights.
- Treatment plans improve through richer longitudinal analysis.
- Patient trust increases – sensitive data never leaves secure, attested environments.
- Zero workflow disruption – AI appears inside the existing system as an optional enhancement.
Customer Quote
“We wanted to use AI for personalized patient communication, but sending data to external APIs was a non-starter. YMA’s anonymization service solved this perfectly – now we can leverage advanced AI while our patient data stays completely protected.”
— Kris Rai, Co-founder & Clinical Director, JointSpace
Conclusion
This case shows how YMA Health, through its “VPN for Healthcare” built on Super Protocol’s confidential AI infrastructure, is already enabling real AI use on medical data from certified EHR platforms like Simplex Himes to individual clinics such as JointSpace.
With anonymization, secure handling, and AI processing all running inside attested confidential environments, healthcare organizations can finally use real patient data for AI without exposing identities, modifying existing systems, or risking compliance.
- For clinics, this enables AI-assisted care with full privacy and no infrastructure changes.
- For EHR providers, it adds AI capabilities to certified systems without regulatory risk – allowing them to scale AI safely across all connected clinics.
Supported by NVIDIA, Nebius AI Cloud, and Google Research, this confidential AI foundation delivers practical, compliant medical AI today – and is ready to scale across healthcare organizations and diverse regulatory environments.
Industry Perspective
“As industries from healthcare to finance accelerate their adoption of AI, securing data during processing has become essential – not just for compliance, but as a foundation for innovation and trust.
With NVIDIA Confidential Computing on NVIDIA Blackwell GPUs, Super Protocol extends protection to every layer of AI workflows, ensuring verifiable security and performance in trusted execution environments from the infrastructure core all the way to frontline clinics.”— John Fanelli, Vice President, Enterprise AI, NVIDIA
Technical deployment details
How It Works (Data Flow)
1Yma Health requests patient data through the secure anonymization service within UAE
2Anonymization Middleware (running in a protected environment) forwards the request to the Electronic Health Record (EHR) system
3EHR returns raw patient data back to the middleware through secure tunnels
4Smart AI processing: The data is sent to the MedGemma AI model (also in a protected environment) which understands medical context
5Intelligent anonymization: MedGemma removes all personal identifiers while preserving medical value
6Clean data returns to Yma Health – fully anonymized and ready for AI analysis
