Dimension scores are derived from public data and fields; weighted into the composite. Reference only.
Subsalt is a health data privacy and compliance platform built for medical research and data teams. Its core goal is to shorten clinical data access from “months of approvals” into a faster exploration and analysis workflow. It is not a traditional perimeter firewall or endpoint security product; rather, it serves as security and compliance infrastructure for healthcare data: synthetic data enables early-stage exploration, Secure Runtime runs analyses on real patient data, and outputs are validated for de-identification before release.
In terms of protection scope, Subsalt focuses on health data de-identification, synthetic data generation, output auditing, and compliance evidence. The platform can generate row-level, multivariate synthetic data with 95%+ fidelity based on an organization’s own EHR, claims, or registry data. It supports natural-language queries as well as standard Postgres/SQL. For use cases requiring publications, regulatory submissions, or production decisions, it processes real data through a secure runtime and provides HIPAA de-identification attestation, auditable data lineage, and compliance artifacts for each output.
On deployment, the website explicitly states that it can be deployed in the customer’s cloud or in Subsalt cloud, and emphasizes that “data does not need to move.” This is valuable for healthcare organizations seeking to reduce data exfiltration risk. On compliance, Subsalt discloses HIPAA compliant, HIPAA Security Compliance, SOC2 Type 2, and methodology assessed by Datavant. Management and alerting information is relatively limited: currently, only auditing, data lineage, and output validation are visible, with no detailed disclosure around fine-grained permissions, real-time alerts, or security operations integrations.
Pricing is not public. The website mainly directs users to schedule a Proof of Value, positioning validated real-world use cases as the sales entry point. Subsalt is suitable for academic medical centers, public universities, real-world data providers, hospital research teams, and organizations that need to share data with external collaborators or pharmaceutical partners. It is also attractive for AI healthcare data scenarios, especially for teams that need to train or validate with synthetic data first, then use real data to generate publishable results.
The main advantage is its clear positioning: it directly addresses pain points such as healthcare data governance backlogs and the long timelines associated with IRB, BAA, and data use agreement processes. The combination of synthetic data and secure runtime is also closer to real research workflows than a simple de-identification tool. The downsides are that Secure Runtime is marked as early access, so maturity needs to be confirmed; pricing, SLA, permission controls, API capabilities, and alerting features are not sufficiently disclosed; and the compliance narrative mainly centers on U.S. HIPAA, with no visible explanation regarding China’s Personal Information Protection Law, Data Security Law, MLPS, or cross-border transfer of medical data. Access from China cannot be determined from the available content and is assessed as unknown. Procurement may also require international contracting and payment processes. Domestic alternatives may include vendors focused on healthcare data masking, privacy-preserving computation, and data security governance, while international comparisons include Datavant, MDClone, Gretel, Tonic.ai, and Mostly AI.
⚠ This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on getsubsalt.com official site.
getsubsalt.com is an United States Legal & Tax provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach getsubsalt.com directly.