Use case · Healthcare assistant

Patient context across visits, with the audit trail

Pre-existing conditions, medication mentions, follow-up notes. EU-hosted. Every read and write logged with a lawful-basis tag.

The pain

Patient mentions chest pain. Next visit, the AI does not know.

A clinic in Berlin runs an AI triage assistant. During an April appointment, the patient mentions intermittent chest pain. The note ends up in a free-text field in the patient record system. The AI assistant moves on to the next visit.

Three months later, the same patient returns for a routine follow-up. The assistant has no recall of the chest-pain mention. The doctor has to scroll the record manually, hope it surfaces, and pretend the assistant has helped. The assistant is a transcription tool, not memory.

Building real memory for a clinic is not just a technical problem. The data is the most sensitive an assistant can touch. Every read needs a documented lawful basis. The audit log needs to be tamper evident. The infrastructure has to stand up to your regulator's review. CLOUD Act exposure rules out US-hosted vendors before the conversation starts.

The shape of the fix

EU-hosted memory, lawful-basis tags, audit log for every operation

At the clinic

Triage AI handles the visit

  • Reads patient context, drafts notes
  • Optionally syncs a summary to the EHR

Korely memory — EU cloud

Memory stays in the EU

  • Postgres + pgvector, encrypted at rest and in transit
  • Every fact carries a lawful_basis tag
  • No CLOUD Act exposure

Audit log

Every read and write is recorded

  • Timestamp, user_id, lawful basis, patient_id
  • Exportable for inspection
  • Tamper-evident, retention configurable

Memory never leaves the EU. The audit log is your record of every processing operation in the AI tier.

How Korely fits

EU-hosted by default, audit log built in

Korely is a cloud memory API for AI agents. Your patient memory lives in our EU cloud — Postgres and pgvector hosted in the EU, under EU data-protection law (GDPR). No CLOUD Act exposure. You reach it over the REST API or the korely-memory Python and Node SDKs.

EU-hosted is the default. For regulated teams that require on-prem or air-gapped deployment, that is an enterprise engagement — we scope it case by case. Talk to us at [email protected].

You can attach a lawful-basis tag to every memory via the metadata field — vital-interest, contract, consent, legal-obligation, public-task, legitimate-interest. Storing the basis alongside the memory keeps your audit record complete and subject access requests tractable.

Show me the code

EU-hosted memory, lawful-basis tags, one-call erase

clinic_assistant.py python 
import os
from korely_memory import Korely

# EU-hosted memory API — data stays in the EU
korely = Korely(api_key=os.environ["KORELY_API_KEY"])

# One memory scope per patient (hash the patient ID first)
patient_id = hash_patient("PAT-2026-04812")

korely.add(
    "Patient mentioned intermittent chest pain during visit on "
    "2026-04-12. Pre-existing: hypertension. Medication: lisinopril 10mg.",
    user_id=patient_id,
    metadata={
        "clinic": "charlottenburg",
        "lawful_basis": "vital-interest",
    },
)

# Three months later, follow-up visit
context = korely.search(
    "clinically significant mentions",
    user_id=patient_id,
)

# Every search/add is in the audit log:
#   timestamp, user_id, lawful_basis, op_type

# Subject access request — erase everything about a patient in one call
korely.delete_all(user_id=patient_id)

Frequently asked

Healthcare deployment, common questions

Why is patient memory for AI healthcare assistants harder than other verticals? +

Healthcare data is the most sensitive data an assistant can touch. Every read and every write needs a recorded lawful basis, an audit log, and a defined retention policy. On top of that, EU-based clinics typically cannot accept CLOUD Act exposure, which rules out most US-hosted vendors. Korely is hosted in the EU — Postgres and pgvector in the EU, under EU data-protection law (GDPR).

Where is the data physically stored? +

Memory lives in our EU cloud: Postgres and pgvector hosted in the EU, under EU data-protection law (GDPR). For regulated teams that require on-prem or air-gapped deployment, that is an enterprise engagement — talk to us at [email protected].

Is there an audit log? +

Yes. Every add and every search records timestamp, user_id, and the patient identifier in a tamper-evident log. The log is exportable for inspection.

How does lawful-basis tagging work? +

Pass the lawful basis in the metadata field when you call add() — for example, metadata={"lawful_basis": "vital-interest"}. The value travels with the memory and appears in exports, keeping your audit record complete.

Build patient memory on EU-hosted infrastructure

EU residency, audit logs, lawful-basis tags, and one-call erase — out of the box. Need on-prem or air-gapped deployment, a signed DPA, or a retention agreement? That is an enterprise engagement — write to [email protected] and we'll scope it.

Get an API key Talk to us about on-prem

Looking for a different shape? See the other five use cases →