When “Need to Know” Really Means Something
An unconscious patient is rushed into the ER.
The staff searches their wallet and finds a card — with a QR code.
They scan it.
Instantly, the attending physician sees exactly what they need:
• Known allergies
• Current medications
• Critical history (like a heart condition)
They don’t see psych notes.
They don’t see outdated or misdiagnosed conditions.
They don’t wade through years of irrelevant history.
They see what matters — and only what matters — in that moment.
Introducing Secure-Net
Secure-Net is proposed as a privacy-first access model for health records.
It doesn’t replace your existing EMR system. It doesn’t force providers to change platforms.
Instead, it adds a layer of intelligence and control over what gets shared, when, and with whom.
Instead of “all or nothing,” Secure-Net makes access contextual:
• Who is requesting the information?
• What do they need to know?
• When is the access valid?
It’s a precision approach to data visibility — designed for real-world care.
Powered by Sub-Lex V.2
At the core of Secure-Net is a protocol called Sub-Lex short for Substitution Lexicon. Unlike traditional encryption, Sub-Lex doesn’t lock data behind a wall of unreadable ciphertext. Instead, it encodes access through position, interpretation, and contextual keys.
Sub-Lex works by assigning positional meaning to characters or tokens within a message. That meaning is only unlocked through the use of a “result table” — a structured key that determines what parts of the data are visible, how they’re interpreted, and to what level of depth.
In effect, a single medical record can support multiple valid interpretations, all from the same underlying data. The access key doesn’t change the content — it changes how it’s resolved.
For example:
• A paramedic may only see medications and known allergies.
• A general practitioner sees diagnostic history, labs, and prescriptions.
• A mental health professional sees psychiatric evaluations and treatment notes.
• Billing departments may only see insurance details and procedural codes.
Behind the scenes, these interpretations are defined by result tables — role-specific or purpose-specific maps stored securely with an external identity provider, similar to how platforms like Auth0 manage authentication tokens. Each table determines which data vectors are resolvable and which remain hidden.
The tables themselves are meaningless without the correct seed and interpretation rules. Even if someone intercepted a reference to a result table, they would still need the correct combination of seed and drift algorithm to generate a meaningful view.
This architecture allows for access control that is:
• Granular — controlling down to the token or phrase
• Decentralized — tables are stored externally, not embedded in the record
• Time-bound — result tables can expire or degrade over time
• Private-by-default — what isn’t authorized simply doesn’t resolve
Sub-Lex doesn’t alter the patient record. It doesn’t redact, encrypt, or duplicate. It simply adds a flexible interpretive layer — a semantic permission system that adapts to each role, request, or context. That’s what makes it ideal for use in healthcare, where privacy isn’t just about protection — it’s about relevance.
How It Works (Simplified)
1. Your records remain in your existing EMR system.
2. Secure-Net sits on top, using Sub-Lex to define how those records are interpreted.
3. You carry a QR code — on a phone, bracelet, or printed card. This code contains:
• A temporary access seed
• An expiration timestamp
• A reference to your permission profile
4. When scanned, that seed is used to generate a temporary result table — which determines which parts of the record can be seen.
The process is deterministic. No data is decrypted. No full record is sent. What appears is simply the filtered result of a known positional mapping — calculated on demand.
When the access window expires, nothing more is visible.
A Real Example
You visit a new clinic. The staff scans your Secure-Net QR code.
They instantly see:
• Your primary condition
• Past procedures
• Medication history
They do not see:
• Older conflicting diagnoses
• Mental health evaluations
• Irrelevant data from unrelated visits
The system didn’t redact anything. It simply didn’t resolve meaning from those parts of the record — because your result table didn’t authorize it.
Sub-Lex makes this possible.
Secure-Net makes it practical.
Why It Matters
Most hospital systems today expose everything.
Every user with access can see every detail — unless special effort is made to redact or restrict.
That creates risk, confusion, and even medical errors.
Secure-Net doesn’t try to fix the whole system. It doesn’t need to.
It just gives providers and patients a smarter, cleaner way to interpret what’s already there.
It gives control back to the people who need it most — and removes the burden of interpretation from the people who don’t.
Built for the Real World
Secure-Net is designed to work with today’s infrastructure.
It’s HIPAA-friendly, lightweight, and cloud-ready.
Key features:
• Works with existing EMR platforms (Epic, Cerner, etc.)
• Does not alter or store medical records
• Supports time-limited, revocable QR access
• Requires no patient login or app installation
• Interpretation lives in the table, not the record
Privacy with Purpose
You don’t need to hide your entire history.
You just need to control how it’s interpreted — and by whom.
Secure-Net, powered by Sub-Lex, gives you exactly that.
One message. Many layers. Only the right one is revealed.
Want to learn more About Sub-lex and medical record privacy
