Hestur AIHestur
    All Articles
    Industry Insights

    Implementing HIPAA-Compliant AI in Healthcare

    Navigate healthcare regulations while deploying AI: what HIPAA actually requires for AI systems, which platforms have Business Associate Agreements, and how to architect compliant voice and data pipelines.

    4 min read

    HIPAA compliance for AI in healthcare is an architectural constraint, not a marketing label. It determines which vendors you can use, how PHI moves between systems, what your contracts must say, and how you respond when something goes wrong. Done poorly, it creates regulatory and contractual liability. Done well, it unlocks AI use cases across the healthcare value chain.

    Below is a concise, implementation-focused summary of the key points from the guide.

    1. What HIPAA Actually Requires for AI

    PHI scope

    • PHI = any patient-identifiable information tied to health, treatment, or payment.
    • Includes: names, dates of service, addresses/geodata, phone/email, MRNs, claim IDs, audio recordings, transcripts, and clinical notes.
    • If your AI system processes, stores, or transmits PHI, HIPAA applies.

    Business Associate Agreements (BAAs)

    • Any vendor handling PHI on behalf of a covered entity is a Business Associate.
    • Every AI vendor, cloud provider, and subprocessor that touches PHI must sign a BAA.
    • If a vendor will not sign a BAA, they cannot receive PHI. There is no workaround.

    Security Rule – technical safeguards most relevant to AI

    • Access controls (role-based, least privilege, user-level scoping).
    • Audit logging of PHI access and AI calls.
    • Encryption in transit (TLS) and at rest.
    • Breach detection and notification procedures.

    2. BAA Landscape for AI Providers

    OpenAI

    • BAA available for: ChatGPT Enterprise and enterprise-tier API usage.
    • Not covered: consumer ChatGPT (free, Plus, Teams without BAA) → no PHI.
    • Under a BAA: PHI can flow through the API; enterprise terms typically include zero data retention / no training on your data.

    Anthropic (Claude)

    • BAA programme for Claude API (enterprise-focused).
    • Requires engagement with enterprise sales.
    • Strong option for structured clinical tasks due to instruction following and reduced hallucinations.

    Azure OpenAI Service

    • GPT-4 and other OpenAI models hosted on Azure.
    • Azure is HIPAA-eligible under Microsoft’s standard BAA; Azure OpenAI is a covered service.
    • Often preferred for organisations already standardized on Microsoft.

    AWS Bedrock

    • Provides access to multiple models (e.g., Claude, Titan, Mistral) via AWS.
    • Bedrock is a HIPAA-eligible service under AWS’s Business Associate Addendum.
    • Strong fit for AWS-native organisations.

    Self-hosted open-source models

    • Run Llama, Mistral, Phi, etc. on your own HIPAA-compliant infra.
    • No third-party BAA needed for inference; you own infra and data controls.
    • Tradeoffs: operational complexity, infra cost, and typically lower capability vs. frontier models.

    3. HIPAA-Compliant AI Architecture Patterns

    Pattern 1: PHI-Free Inference

    • De-identify or strip PHI before sending data to the LLM.
    • Run inference on de-identified content.
    • Re-enrich outputs with PHI locally from the EHR or internal systems.
    • If de-identification is robust enough, the LLM vendor may not need a BAA.
    • Example: clinical documentation assistant that removes names/DOBs before LLM, then merges identifiers back from the EHR.

    Pattern 2: BAA-Covered Inference with Controlled Data Flow

    • PHI is sent to the LLM under a signed BAA.
    • Requirements:
      • Audit logging on every call.
      • Contractual zero data retention / no training on your PHI.
      • Strict access controls (who can invoke the AI, from where, and for which patients).
    • Used when de-identification would materially reduce clinical utility.

    Pattern 3: On-Prem or Private Cloud LLM

    • Model runs entirely within the healthcare organisation’s infra (data center or private cloud).
    • PHI never leaves your environment.
    • Highest assurance; highest operational cost.
    • Often required for highly sensitive domains (mental health, substance use, genetics).

    4. Data Minimisation & Access Controls

    HIPAA’s minimum necessary standard must be enforced in AI design:

    • Scoped queries: AI agents should only query the specific records/fields needed for the task, not SELECT * across the EHR.
    • User-scoped permissions: AI acts on behalf of the authenticated user and inherits their permissions; avoid a single superuser/system account.
    • Audit logging: Log who did what, when, and for which patient:
      • Data access events.
      • AI calls involving PHI.
      • Downstream actions triggered by AI outputs.
    • Retention limits:
      • Define retention periods for logs containing PHI.
      • Implement automatic deletion per organisational policy.

    5. Voice AI in Healthcare

    Audio and transcripts with patient identifiers are PHI.

    Platforms

    • Retell AI
      • Offers a BAA and architecture designed for PHI in voice workflows.
      • Suitable for AI reception, scheduling, follow-up calls.
      • Often preferred over Vapi for healthcare because Vapi does not currently offer a BAA.
    • Telephony & recording (e.g., Twilio)
      • Twilio has HIPAA-eligible services, including call recording storage, under its BAA.
      • You must explicitly configure HIPAA-eligible features; they are not default.
    • Transcription services
      • Deepgram: BAA available for enterprise.
      • Google Cloud Speech-to-Text: covered under Google Cloud’s BAA.
      • AssemblyAI: no standard BAA at present → not suitable for PHI.
    Hestur AI

    Let's build your AI solution.

    Ex-FAANG engineers building production AI for your industry. Voice AI, RAG, automation. Ready in 2–4 weeks.

    All Articles4 min read