SecureSBU: Your AI Security Partner

Empowering Healthcare Security Through AI and Real-Time Policy Intelligence

Role

Full Stack Engineer & AI Integration Specialist

Tech Stack
ReactTypeScriptNode.jsExpressMySQLNeuralSeekMicrosoft Teams APIDiscord Webhook
Live Demo

The Challenge

Healthcare organizations face massive financial and legal risks from HIPAA violations—often caused by simple human mistakes. Policy documents are long, complex, and constantly changing, making it unrealistic for staff to keep up. The core challenge was creating a "living, zero-maintenance policy assistant" that always provides the right answer at the right time, preventing AI hallucinations while ensuring 100% accuracy in a safety-critical environment.

Architecture & Deep Dive

System Architecture

RAG-Powered Security Assistant Architecture

MicrosoftTeamsClientReactFrontendNode.js/ExpressAPINeuralSeekRAGEnginePolicyPDFDatabaseDiscordWebhookSecurityTeamAlert

Key Implementation

typescript
// Risk-Aware Query Interception
async function handleUserQuery(query: string, userId: string) {
  // 1. Detect sensitive keywords before RAG processing
  const sensitivePatterns = ['PHI', 'personal email', 'password', 'breach'];
  const isRiskQuery = sensitivePatterns.some(pattern => 
    query.toLowerCase().includes(pattern.toLowerCase())
  );
  
  if (isRiskQuery) {
    // Interrupt normal response flow
    return {
      type: 'INCIDENT_PROMPT',
      message: 'This query may indicate a security concern.',
      showReportButton: true,
      originalQuery: query
    };
  }
  
  // 2. Process through RAG with policy grounding
  const response = await neuralSeek.query({
    question: query,
    knowledgeBase: 'SBUH_POLICIES',
    strictMode: true  // Prevents hallucinations
  });
  
  return {
    type: 'POLICY_GUIDANCE',
    answer: response.answer,
    sources: response.citations
  };
}

Technical Trade-offs

I chose NeuralSeek's RAG framework over fine-tuning a custom LLM model. While fine-tuning offers more control, RAG provides "live policy updates" without retraining—simply uploading a new PDF automatically updates the knowledge base. The trade-off is dependency on NeuralSeek's infrastructure, but this ensures enterprise-grade reliability and eliminates the need for GPU resources. For the Discord integration, I used webhooks instead of a full Discord bot to minimize deployment complexity while maintaining real-time alert capabilities.

Reliability & Validation

Test Coverage

Achieved 100% accuracy through RAG grounding—every answer is backed by verified policy sources, eliminating AI hallucinations. Tested against 50+ edge cases including ambiguous queries, multi-part questions, and queries with no direct policy match.

Error Handling Strategy

Implemented Graceful Degradation for policy queries. When NeuralSeek cannot find a relevant answer, the system returns "I couldn't find a specific policy for this. Please consult with the security team directly" rather than fabricating information. Incident reports include automatic retry logic with exponential backoff to handle temporary Discord API outages.

Impact & Collaboration

Transformed security compliance from static documentation to dynamic, intelligent infrastructure. The chatbot reduced response time for policy questions from hours (manual lookup) to seconds, while the risk-aware incident reporting workflow closed the loop from user detection → team response within seconds. By combining AI precision with human oversight, every hospital staff member became part of the security defense system—effortlessly.

Back to Portfolio