FAQ - Frequently Asked Questions
General Questions
What is Oneliac?
Oneliac is a privacy-preserving healthcare AI platform that enables insurance eligibility verification, prescription validation, and federated learning for diagnosis improvement—all while keeping patient data encrypted and protected through zero-knowledge proofs and blockchain verification.
Why should I use Oneliac?
- Privacy: Patient data never exposed; only cryptographic proofs shared
- HIPAA Compliance: End-to-end encryption maintains data privacy
- Efficiency: Automate eligibility checks and prescription validation
- Collaboration: Participate in AI training without sharing raw data
- Security: Blockchain provides immutable audit trail
Is Oneliac open source?
Yes. Oneliac is licensed under Apache 2.0. Source code is available at https://github.com/orgs/Oneliac
How much does Oneliac cost?
Pricing is available at https://www.oneliac.xyz
Free tier includes:
- 100 API requests/month
- Development environment access
- Community support
Paid tiers available for production use.
Technical Questions
What encryption does Oneliac use?
Oneliac uses:
- Fernet (symmetric encryption) for patient data
- SHA256 (hashing) for data integrity
- Groth16 (zero-knowledge proofs) for privacy-preserving verification
Is my data stored?
No. Patient data is:
- Encrypted on your system
- Transmitted encrypted
- Processed encrypted (Oneliac never decrypts)
- Stored encrypted on IPFS (if using optional storage)
Oneliac never has access to decryption keys.
What blockchain does Oneliac use?
Oneliac uses Solana for:
- Proof verification
- Transaction recording
- Oracle queries
- Immutable audit trail
You can use Devnet (testing), Testnet (staging), or Mainnet-beta (production).
How long do eligibility checks take?
Typical response times:
- Fast path (cached): 100-200ms
- With ZK proof: 400-600ms
- With blockchain: 600-1000ms
Slower requests are rare (less than 1% of requests exceed 5 seconds).
Can I integrate with my EHR?
Yes. Oneliac provides:
- REST API with comprehensive documentation
- Pydantic models for type safety
- CORS support for web applications
- Async/await for non-blocking integration
See Integration Guide for examples.
What data do you need from me?
For eligibility checks:
- Encrypted medical history
- Patient ID (de-identified)
- Procedure code
For prescriptions:
- Encrypted medical history
- Patient ID
- Drug code
For federated learning:
- Encrypted patient batches
- Training round number
Raw patient data is never needed; you encrypt it first.
Security Questions
How is my data protected in transit?
All API calls should use HTTPS/TLS encryption:
https://api.oneliac.io (production)
https://localhost:8000 (self-hosted)
What if someone intercepts my API key?
Your API key grants access to your account. To minimize risk:
- Rotate keys quarterly
- Use IP whitelisting
- Monitor API usage
- Revoke compromised keys immediately
How do zero-knowledge proofs protect my privacy?
ZK proofs allow verification of a statement without revealing the underlying data:
- Eligibility proven without exposing medical history
- Prescription validated without exposing allergies
- All without Oneliac seeing patient information
Is differential privacy enough?
Differential privacy + encryption + ZK proofs together provide:
- Formal privacy guarantees (ε/δ-differential privacy)
- Cryptographic security
- Zero-knowledge verification
- Multi-layered protection
No single mechanism is perfect; Oneliac uses defense in depth.
What about HIPAA compliance?
Oneliac is designed to be HIPAA-compliant:
- Encryption at rest and in transit
- Access controls and authentication
- Audit logging of all operations
- Data minimization (only encrypted data shared)
- Business Associate Agreements available
Sign BAA for production deployment.
Federated Learning Questions
How do you prevent data leakage in federated learning?
Multiple mechanisms:
- Encryption: All gradients encrypted before transmission
- Differential Privacy: Gaussian noise added to gradients
- Secure Aggregation: Encrypted averaging prevents individual exposure
- No Raw Data: Only mathematical derivatives shared
Can you recover patient data from gradients?
Theoretically, with:
- Access to the original model
- Sufficient gradients
- Reverse-engineering model inversion attacks
Differential privacy prevents this by adding noise that makes recovery impossible.
How many hospitals can participate?
No hard limit. Typical configurations:
- Small pilot: 3-5 hospitals
- Regional network: 10-50 hospitals
- National network: 100+ hospitals
Larger networks increase communication overhead but improve model quality.
How often can we do training rounds?
Depends on:
- Privacy budget (recommend monthly if using ε=1.0)
- Data availability at each hospital
- Model retraining needs
Typical schedule: Weekly or monthly rounds.
What's the privacy budget?
Privacy budget (ε) represents total acceptable privacy loss.
- Higher ε = more privacy loss, better model
- Lower ε = more privacy, worse model
Recommend starting with ε=1.0 for monthly training rounds.
Integration Questions
How do I integrate with my hospital system?
- Install Oneliac (self-hosted or cloud)
- Encrypt patient data in your system
- Call REST API endpoints
- Process returned eligibility/validation results
- Update your workflows
See Integration Guide for code examples.
Do you have SDKs?
Official SDKs available for:
- Python (full-featured)
- JavaScript/TypeScript (coming soon)
REST API works with any programming language.
What's your API rate limit?
Standard rate limits:
- Free tier: 100 req/min
- Pro tier: 1000 req/min
- Enterprise: Custom
All limits reset hourly.
Can I self-host Oneliac?
Yes. Oneliac can be deployed:
- Locally (Docker or bare metal)
- On AWS, GCP, Azure
- On-premises
- Hybrid (some components self-hosted)
See Deployment Guide.
Cost Questions
What are the blockchain transaction costs?
Solana transaction costs:
- Proof verification: ~$0.0015
- IPFS registration: ~$0.0008
- Account creation: ~$0.26
These are one-time or amortized costs.
Do you charge per API call?
Pricing model:
- Free tier: 100 calls/month
- Pay-as-you-go: $0.01-0.05 per call
- Subscription: Unlimited calls (flat monthly fee)
See pricing page for details.
What about self-hosted costs?
Self-hosted costs:
- Software: Free (Apache 2.0)
- Infrastructure: Your cloud provider costs (~$100-500/month)
- Support: Optional professional support
Troubleshooting
API returns "Data hash mismatch" error
Problem: Hash doesn't match patient data
Solution:
import hashlib
data = json.dumps(patient_dict).encode()
correct_hash = hashlib.sha256(data).hexdigest()
Ensure you're hashing the original patient data, not encrypted data.
Eligibility check returns "Not eligible" unexpectedly
Problem: Patient marked as ineligible
Causes:
- Procedure code not in coverage database
- Patient data hash mismatch
- Encryption key issue
Solution:
- Verify procedure code is valid
- Regenerate data hash
- Check encryption is consistent
"Prescription interaction detected" but no interaction expected
Problem: System detects interaction patient didn't expect
Solution:
- Review patient's current medications in encrypted data
- Check drug interaction rules database
- Contact Oneliac support if rule seems incorrect
Federated learning round times out
Problem: FL submission takes >5 seconds
Causes:
- Large patient batch (>10000 patients)
- Network latency
- Server overload
Solution:
- Reduce batch size (use 1000-5000 patients)
- Retry during off-peak hours
- Check network connectivity
Support & Contact
Where can I get help?
- Documentation: This guide
- GitHub Issues: https://github.com/orgs/Oneliac/issues
- Telegram: https://t.me/oneliac_bot
- GitHub Organization: https://github.com/orgs/Oneliac
How do I report a security issue?
For security vulnerabilities, email security@oneliac.io (not public issues).
Do you have SLAs?
For production deployments:
- Free tier: Best effort
- Pro tier: 99.5% uptime SLA
- Enterprise: Custom SLAs available