Trust Lens

Compliance checks across industries remain manual, repetitive, and time-consuming. The average healthcare data breach costs $7.42M (HIPAA Journal, 2025), HIPAA violations carry fines of $100–$50,000 per violation, and 359M+ patient records have been exposed since 2009. Meanwhile, 60–70% of regulated project timelines are consumed by manual validation. Most compliance tools manage policies — they don't validate the actual assets those policies are meant to protect.

• $7.42M average cost of a healthcare data breach (HIPAA Journal, 2025)
• $100–$50,000 per HIPAA violation (HHS.gov)
• 359M+ patient records exposed since 2009
• 60–70% of regulated project timelines lost to manual validation (Gartner, 2024)

Compliance tools focus on managing policies, audits, and certifications — but rarely connect those frameworks back to the actual assets they're meant to protect. A week of manual review by 2–3 expert reviewers per cycle was the norm. The challenge: automate validation of live data assets against dense regulatory frameworks like HIPAA — and make the output clear, explainable, and fully auditable without requiring AI expertise from the user.

The concept came from direct team experience with a real client — a product video generation tool where brand and legal guardrails required a week of manual interpretation for 2–3 people per validation cycle. Healthcare was chosen as the first use case for maximum credibility: HIPAA has rigid, well-documented requirements, the cost of PHI/PII breaches is quantifiable, and the validation criteria are unambiguous. A real problem gave the team clarity, conviction, and a compelling story throughout the build.

The hackathon pitch was structured across six chapters: Origin, Problem, Solution, Build, Impact, and Future. The narrative was designed to make the audience feel the problem before presenting the fix — starting from the real client experience and moving through a credible technical solution to a scalable product vision. The presentation structure was itself a design deliverable: every slide was written to serve a judge who needed to understand the problem, believe the solution, and remember TrustLens after the room moved on.

TrustLens runs on three layers: a React frontend (Dashboard, Validate, Guardrails), a Python FastAPI backend, and a Processor Module running AskBodhi API v2 and OpenAI GPT-4o — backed by MongoDB for audit logs and Milvus for vector storage of the compliance knowledge base. Compliance PDFs are ingested via AskBodhi Ingest API, tokenized, chunked, and embedded into Milvus. Each CSV row is validated independently: AskBodhi Search API builds a dynamic prompt per row, runs a vector + GPT-4o check, and returns structured JSON with Row #, Rule Violated, Risk Score, Flagged Columns, and Compliance Reference.

• Frontend: React (Dashboard, Validate, Guardrails)
• Backend: Python FastAPI + AskBodhi API v2 + OpenAI GPT-4o
• Storage: MongoDB (audit logs) + Milvus (vector compliance knowledge base)

The TrustLens dashboard surfaces compliance status immediately: Total Projects, Compliant, Flagged, Pending — with a Validation History table showing Asset Name, Compliance Document, Type, Status, Last Checked, Next Check, and Actions. Compliance officers need Compliant or Flagged, not confidence intervals. The default view is decision-ready. Drill-down to row-level violations is available when needed. Every validation is timestamped, logged, and exportable as a formal compliance report.

The validation flow is three steps: Create a project, upload the data asset (CSV, Excel, or Word), and select the compliance guardrails (HIPAA policy PDF or custom compliance document). The automated pipeline processes the asset in minutes — AskBodhi + GPT-4o validates each row or record against the ingested compliance knowledge base and returns structured results. No manual interpretation. No expert reviewers required per cycle.

Flagged assets surface a View Violations breakdown: each row is listed with the specific rule violated, the compliance reference (which HIPAA clause), the risk severity score, and the exact flagged columns. The output is structured JSON rendered as a human-readable table — designed so a compliance officer can immediately understand what failed, why, and at what priority. The audit trail logs every check with timestamps for full traceability.

TrustLens was successfully built and demoed within the 1-week Learnifinity AI Hackathon 2025 timeline — demonstrating end-to-end automated HIPAA compliance validation. Healthcare CSV data was uploaded, validated against an ingested HIPAA policy knowledge base, and returned structured violation reports with risk scores in minutes. Compliance review that previously consumed a week of expert time now completes in minutes, with full auditability and zero manual interpretation.

The future roadmap extends TrustLens beyond healthcare — applying the same RAG validation engine to GDPR, SOC 2, financial regulations, and custom brand guardrails. Real problems make better hackathon projects: starting from a genuine client pain point gave the team clarity, conviction, and a compelling story. In regulated industries, the ability to explain and evidence every decision is as valuable as the decision itself.

• Expand beyond HIPAA — GDPR, SOC 2, financial regulations, custom brand guardrails
• Compliance officers need Compliant or Flagged — not confidence intervals or AI reasoning
• The audit trail is not a feature — it is the product in regulated contexts
• RAG handles regulatory language nuance in a way keyword search fundamentally cannot