Oction Labs - Healthcare AI deck

oction labs

Healthcare AI deck

Sovereign medical AI for compliance-constrained health systems

Brandon Gill, Co-Founder · Leonel Garcia, Partner / COO · June 2026

Healthcare AI HIPAA / PIPEDA compliant On-premise deployment Confidential

brandon@octionagency.com · leonel@octionagency.com octionagency.com

The problem

Health systems want AI. Compliance law prevents them from using it.

Data cannot leave the facility. HIPAA and PIPEDA prohibit sending patient records to cloud LLM providers. Every general-purpose AI tool (ChatGPT, Gemini, Claude) is legally off-limits for PHI.
Clinical staff are overloaded. Administrative burden consumes 30-40% of clinician time. AI could reclaim that time, but no compliant tool exists at the point of care.
Audit trails are mandatory. Every AI-assisted decision in a clinical workflow must be traceable, explainable, and logged. Black-box SaaS tools cannot satisfy this requirement.
Procurement is constrained. Health authorities require vendors with proof of data-residency, security certifications, and provincial compliance. Most AI startups have none of these.

The result: Canadian health systems are sitting on data that could transform care delivery, with no legal pathway to use it.

Clinician time lost to admin

30-40%

Per week. Recoverable with on-premise AI.

AI tools usable under HIPAA

0

General-purpose cloud LLMs cannot touch PHI.

Where we are now

Phase 0 is live. Healthcare is the next deployment.

Phase 0 is live. Oction has deployed its first sovereign AI system in a regulated Canadian enterprise environment. The infrastructure is operational and auditable. Healthcare is the next phase.

Phase 0 Complete

Sovereign compute pilot

12-agent mesh. 30k+ indexed chunks. NIST 800-53 compliant. Operating 24/7.

Phase 1 Next

Healthcare deployment

Clinical documentation assist, protocol retrieval, and administrative automation. HIPAA/PIPEDA built in.

Phase 2 Roadmap

Multi-site and licensing

Data assets, model weights, and site-license subscriptions from Phase 1 deployments.

What we deliver

Three use cases. All running on your infrastructure.

Use case 01

Clinical documentation assist

AI drafts visit notes, discharge summaries, and referral letters from structured inputs. Clinician reviews and signs. No PHI leaves the building. Reduce documentation time by up to 60%.

Use case 02

Protocol and formulary retrieval

Instant retrieval from indexed clinical guidelines, drug formularies, and internal protocols. Hybrid semantic and keyword search. Updated in real time from authoritative sources.

Use case 03

Administrative workflow automation

Scheduling analysis, wait-time monitoring, bed-capacity modelling, and reporting. AI agents surface insights to operations staff without requiring technical skills.

How it works

All three use cases run inside your environment, on your infrastructure or via our secure nodes. Zero data egress. Full audit trail. Compliance documentation provided.

Deployment model

Site license

Annual subscription per site. All three use cases included. Software deployment, managed by Oction. Scoped per engagement.

Why Oction

Four reasons no other vendor can match this

01 Architectural sovereignty

The AI system runs inside your environment, on your infrastructure or via our secured nodes. Patient data is processed locally. It never traverses an external network to reach the model. This is the only architecture that satisfies data-residency requirements under PIPEDA and provincial health privacy acts.

02 Compliance by design

NIST 800-53 security controls, HIPAA technical safeguards, and audit logging are not add-ons. They are built into the infrastructure. We provide compliance documentation that satisfies health authority procurement requirements.

03 Full audit trail

Every AI-assisted clinical interaction is logged with the query, the retrieved sources, the model output, and the clinician action. Immutable. Searchable. Required for AI governance under draft Health Canada frameworks.

04 Works without internet

Fully air-gappable deployment. Critical for remote and rural health centres, Indigenous health facilities, and locations with unreliable connectivity. No dependency on any external API or cloud service.

Market opportunity

Canadian healthcare AI market: $4.3B by 2030

Segment	Market size (2030)	Oction target	Notes
Clinical documentation AI	$890M	$180M (SAM)	Highest pain, fastest time-to-value
Hospital operations AI	$1.4B	$240M (SAM)	Bed management, scheduling, capacity
Protocol and formulary search	$340M	$80M (SAM)	High retrieval accuracy requirement
Compliant health data licensing	$1.7B	$120M (Year 4)	De-identified data from deployed systems

Entry point: clinical documentation. Expansion: operations. Moat: proprietary de-identified data assets from live deployments.

Performance metrics

Validated vs. target across key clinical indicators

      Status
      Metric
      Value
    

validatedDocumentation time reduction (pilot)58%

validatedProtocol retrieval accuracy (top-3 result)94.2%

validatedQuery response latency (on-premise)< 1.8s

validatedNIST 800-53 controls implemented100%

targetClinician adoption rate at 90 days (target)75%+

targetAdverse event detection sensitivity (target)88%+

targetDeployment lead time from contract to live (target)< 6 weeks

Compliance architecture

How sovereign AI works inside a health system

1

Deploy inside the environment

Oction deploys on the health authority's own infrastructure or via secured Oction nodes routed through Cloudflare Access. No data leaves the facility network. No cloud dependency for inference.

2

Local knowledge indexing

Clinical guidelines, formularies, and internal protocols indexed on-site into a vector store that never replicates externally.

3

Inference with full audit log

Every query, retrieved context, model output, and clinician action is logged locally. Immutable. Exported to your existing audit systems.

Zero egress guarantee

Patient identifiers, clinical notes, and diagnostic data never leave the facility network. Oction can provide contractual zero-egress guarantees backed by network architecture, not just policy.

Certifications and frameworks

NIST 800-53 (implemented)
HIPAA technical safeguards
PIPEDA data handling
Draft Health Canada AI guidance

Competitive landscape

No compliant on-premise AI exists for Canadian health systems

Competitor	Their model	Why they fail compliance
Epic / Microsoft Copilot	Cloud-hosted, US data centre	PHI leaves facility to Azure. PIPEDA breach without consent orders.
Nuance / Dragon Medical	Cloud transcription + Azure	Audio and transcripts processed externally. No audit trail for AI decisions.
Google Health / DeepMind	Cloud AI, research partnerships	Cannot sign Canadian data-residency agreements for clinical use.
Boutique health AI startups	Cloud SaaS, series A funded	No compliance documentation, no in-environment architecture, no procurement pathway.
Oction Labs	Runs inside your environment, zero egress	Full audit trail. NIST 800-53. PIPEDA. De-identified data licensing layer.

The Oction row is the only one that passes a provincial health authority procurement checklist. That is the entire competitive advantage.

Revenue model

Site license subscriptions with a data asset layer

Primary revenue

Site license

Annual subscription per health authority site. All three use cases included. Software deployment, managed by Oction. Pricing is scoped per engagement.

Secondary revenue (Year 3+)

De-identified data licensing

Anonymized, de-identified datasets from live deployments licensed to pharmaceutical companies, research institutions, and health data networks. Permissioned and compliant.

Tertiary revenue (Year 3+)

Model weight licensing

Health-domain fine-tuned models trained on proprietary data. Licensed to health systems that want to self-host without Oction managed services.

3

Revenue streams

85%+

Gross margin at scale

Custom

Pricing per engagement

Team

Clinical, technical, and operational coverage

Brandon Gill

Co-Founder, CEO

Sales, partnerships, and capital strategy. Healthcare procurement relationships and government alignment.

MJ Dewji

Co-Founder

Strategic oversight, capital deployment, and long-term positioning.

Leonel Garcia

Partner, COO

Runs all operations. Healthcare delivery lead. Clinical workflow validation and health authority relationship development.

Shamir Cheema

Partner, CRO

Revenue strategy, pipeline development, and commercial growth across regulated sectors.

AI staff supporting healthcare deployments (active 24/7)

Lucius - Operations intelligence and knowledge indexing Atlas - Security, NIST controls, and audit logging Avery - Clinical literature research Finn - Procurement and outreach

Why this matters

Canadian patients deserve AI-assisted care that does not require their data to leave the country.

Clinicians deserve tools that comply with the law, not workarounds they are not supposed to use.

Health systems deserve a sovereign AI partner, not a liability.

Oction is the only team building the full stack to make this happen. The secure deployment architecture, the de-identification pipeline, the compliance framework, and the data licensing model - operating now.

oction labs

Secure AI inside the health system. De-identified data out. A new revenue model for regulated care.

Brandon Gill · brandon@octionagency.com

MJ Dewji · mj@octionagency.com

Leonel Garcia · leonel@octionagency.com

Healthcare AI HIPAA / PIPEDA compliant On-premise deployment octionagency.com

Appendix

Technology stack (sovereign deployment)

Layer	Component	Role in healthcare deployment
Inference	Client infrastructure or Oction secure nodes	All model inference stays inside facility network - no external API calls
Memory	Qdrant vector store + Redis cache	Knowledge retrieval and session memory. No cloud sync.
Agent mesh	LangGraph + LangChain + Memory API v3	12-agent autonomous system. Each agent has scoped access.
LLM routing	LiteLLM proxy (local port 4000)	Normalises model APIs. Forces local routing. No external calls.
Security	NIST 800-53 controls + audit log	Immutable event log. Exported to existing SIEM or EHR audit.
Indexing	RAG / CAG / KAG triple-layer retrieval	Clinical guidelines, formularies, and protocols. Hybrid search.

All inference runs inside the facility network - on client infrastructure or Oction's secured nodes. No external API or cloud dependency is required for any clinical workflow.