HIPAA Compliance for AI Systems
AI systems that process patient data are covered by HIPAA. LLM prompts containing ePHI, RAG vector stores with patient records, AI agent memory — all subject to HIPAA Technical Safeguards. Here's the technical implementation map.
HIPAA Technical Safeguards for AI
Unique user IDs, automatic logoff, encryption/decryption
Per-agent unique identity (mTLS cert). Automatic session termination on inactivity. No shared AI agent credentials. Capability tokens scoped to minimum ePHI access.
Hardware, software, and procedural mechanisms to record and examine ePHI access
Moltbot logs every AI agent interaction with ePHI: timestamp, user_id, agent_id, data accessed (hashed), action taken. Tamper-evident hash chain. Minimum 6-year retention.
Protect ePHI from improper alteration or destruction
Hash verification on retrieved ePHI before AI processing. Audit log of all AI-generated modifications to records. Prevent AI agents from deleting ePHI without human approval.
Verify user identity before access to ePHI
MFA required for users accessing AI systems that process ePHI. AI agents authenticate via signed capability tokens — not username/password.
Encryption in transit for ePHI
TLS 1.3 for all API calls. No ePHI in URL parameters (use POST body). mTLS for agent-to-agent communication. Never send ePHI to external LLM APIs — use self-hosted models only.
Top PHI Risks in AI Systems
Patient data sent to external LLM API (OpenAI, Anthropic) = HIPAA violation. PHI leaves covered entity without BAA or to non-HIPAA-compliant service.
Mitigation: Self-hosted LLM only (Ollama, LocalAI). OR: PHI redaction before sending to external API + BAA with provider. Never assume cloud LLM is HIPAA-compliant without explicit BAA.
Patient data stored as embeddings in vector database. Embeddings can be partially inverted. Cross-patient retrieval possible without namespace isolation.
Mitigation: Encrypt embeddings at rest (AES-256). Per-patient namespace isolation in vector DB. PII detection on every retrieval before returning to LLM context.
Long-term agent memory stores patient interaction history. No expiry → indefinite PHI retention. No erasure mechanism → Right of Access/Amendment violations.
Mitigation: Per-patient memory namespace. Configurable retention (match minimum necessary standard). Right-of-access API to export patient's AI interaction data. Erasure API for record amendment.
HIPAA requires audit trail for all ePHI access. AI-generated or AI-assisted clinical documentation must be attributed and audited.
Mitigation: Log every AI generation event: clinician_id, patient_id, model_version, prompt_hash, output_hash, timestamp. Immutable audit record. Clinical staff must review and attest AI-generated notes.
Prompt injection or compromised AI agent accesses PHI of patients it shouldn't reach. May trigger HIPAA Breach Notification Rule (§164.402).
Mitigation: Scope enforcement: AI agent can only access ePHI of currently active patient context. Anomalous cross-patient access triggers immediate alert + incident response.
Frequently Asked Questions
Can I use ChatGPT or Claude for HIPAA-covered AI applications?
Only with a signed Business Associate Agreement (BAA) from OpenAI or Anthropic, AND only if the use case stays within the BAA terms. As of 2026: OpenAI offers a HIPAA BAA for ChatGPT Enterprise and Azure OpenAI. Anthropic offers a BAA for Claude for Enterprise. Important: a BAA does not make the service automatically HIPAA-compliant — you still own the compliance obligations. Recommended alternative: self-hosted LLM (Ollama + Llama 3.1 or Mistral) — no BAA required, full data residency, zero external data egress.
What qualifies as ePHI in AI systems?
ePHI (electronic Protected Health Information) is any individually identifiable health information stored or transmitted electronically. For AI systems: patient name in a prompt = ePHI. Diagnosis code + date of service = ePHI. MRN (Medical Record Number) = ePHI. Embedding generated from patient notes = ePHI (can be inverted). AI-generated clinical note mentioning patient = ePHI. The 18 HIPAA identifiers include name, dates, location below state level, phone, email, SSN, MRN, account numbers, biometrics. If in doubt: treat it as ePHI.
What are the audit log requirements for AI systems under HIPAA?
HIPAA §164.312(b) requires 'hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI.' For AI: every prompt containing ePHI must generate an audit log entry (timestamp, user, patient, action). Every AI-generated output touching ePHI must be logged. Log retention: minimum 6 years. Logs must be reviewable by authorized personnel. Moltbot generates HIPAA-structured audit logs for all AI interactions automatically.
What happens if an AI incident exposes ePHI?
HIPAA Breach Notification Rule (§164.402): if unsecured ePHI is accessed by unauthorized persons, the covered entity must: 1) Notify affected individuals within 60 days of discovery. 2) Notify HHS. 3) If >500 individuals affected: notify HHS immediately AND notify prominent media. For AI incidents: a prompt injection attack that causes an AI agent to access ePHI of unauthorized patients = reportable breach. Moltbot's AI incident response playbook includes HIPAA breach notification steps.