+1 (201) 771-1665 Sales Support 24/7 Engagements active in 5 regions
Field Notes

RAG for Regulated Industries -- Reference Architecture | Cobham Consulting Group

Retrieval-augmented generation in regulated industries is not primarily a technology problem. It is a data governance, access control, and audit trail problem that happens to use a language model. The architecture must answer compliance questions before it answers user questions.

The compliance questions first

Before designing a RAG system for a regulated environment, answer four questions: What data can be indexed, and who approved that list? Who is allowed to query which documents, and how is that enforced at retrieval time, not just at the application layer? Is every query and its retrieved sources logged with enough detail to satisfy an audit? And where does inference happen -- on your infrastructure or through a third-party API?

Reference architecture

The pattern that satisfies the most regulated environments: a self-hosted vector store (Qdrant or pgvector on your infrastructure), a local embedding model (not an API), document-level access control enforced via metadata filters in the retrieval query, and an audit log capturing query text, retrieved document IDs, and inference output -- written to an append-only store that your compliance team can review.

Inference should stay local for environments where the document content is the regulated asset. A self-hosted Ollama or vLLM instance running a quantized open-weight model keeps the entire pipeline on your infrastructure. For environments where data classification allows external inference, query routing (small model for simple queries, large model for complex) reduces API exposure and cost.

What to test before go-live

Access control at retrieval time, not just the application layer. A query made by a user without access to a document should never return that document in the retrieved context, even if the application layer has additional guards. Test this with a document set that has mixed access levels before any user sees the system.

Common questions

Frequently asked.

How do we enforce document-level access control in a RAG system?
Store access metadata with each document chunk in the vector store. At query time, filter the retrieval by the requesting user's access permissions before returning results. Application-layer guards are insufficient -- the filter must be in the retrieval query.
What should the audit log contain for a regulated RAG deployment?
Minimum: query text, retrieved document IDs with page references, inference model used, model output, user identifier, and timestamp. For healthcare: the document IDs should map to patient record identifiers to satisfy audit requirements.
Can open-weight models meet HIPAA requirements for inference?
HIPAA does not prohibit AI inference, but it requires a Business Associate Agreement with any vendor processing PHI. A self-hosted open-weight model processes data on your infrastructure with no BAA required. That is a meaningful compliance simplification.
All field notes
Questions on this?

Talk to a principal.

If this essay described a problem you are working on, schedule a 30-minute call. We map your specific situation and tell you what we would do first.

Schedule a call
Direct to a principal · Response under four hours