AI and PHI: keeping models on the right side of HIPAA

Using AI on patient data isn’t a HIPAA violation. Using it without containment, auditability, and minimum-necessary limits is. Here’s the line.

By ClaimZen · Updated July 2026 · ~7 min read

AI is arriving in dental and healthcare operations fast — scheduling, coding, denial work, chart summaries. HIPAA never says the word “AI,” but every one of its rules applies to a model that touches PHI exactly as it would to any other software or vendor. The useful question isn’t “are we allowed to use AI on patient data” (you are, with the right controls) — it’s “is the AI contained.”

The three ways AI creates HIPAA risk

Minimum necessary applies to models, too

The Privacy Rule’s minimum-necessary standard (§164.502(b)) doesn’t exempt software. A model should see only the PHI a task actually requires — not the whole chart because it’s easier to pass everything. Scope the context the way you’d scope a staff member’s access.

Autonomy is the real risk — containment is the answer

A model that can silently promote its own guess to a decision, or fire off an action, is the thing that turns an AI tool into a compliance liability. The mitigation is architectural: keep the model as an untrusted, propose-only coprocessor. It reads and suggests; deterministic code corroborates every value against the source; a human authorizes before anything is finalized or sent. Done right, an autonomous mistake with PHI isn’t a policy you enforce — it’s a path that doesn’t exist.

Auditability: show what the model saw and did

You should be able to reconstruct, after the fact, what a model was shown, what it proposed, and what a human approved. If an AI feature can’t produce that trail, you can’t answer the questions an OCR audit or a patient complaint will ask. Tamper-evident logging (see audit trails & tamper-evidence) makes that trail evidence rather than assertion.

RiskWhy it’s a HIPAA problemMitigation
No BAA with AI vendorImpermissible disclosure to a business associate.Signed BAA before any PHI; no consumer tools.
Training on your PHILoss of control over the data.Contractual “no training,” isolated tenancy.
Over-broad contextViolates minimum necessary (§164.502(b)).Scope inputs to the task.
Autonomous decisions/actionsUnaccountable actor on PHI.Propose-only, corroborated, human-approved.
No audit trailFails audit controls (§164.312(b)).Log what the model saw, proposed, and who approved.
ClaimZen treats its AI as an untrusted coprocessor: it proposes, a deterministic gate corroborates every value against the source, and a human authorizes — through a two-phase gate that refuses anything but the exact approved bytes. The model never manufactures a fact or executes an action. See HIPAA compliance by design.

Frequently asked questions

Does HIPAA prohibit using AI on PHI?

No. It applies fully, but AI on PHI is allowed with a BAA, minimum-necessary inputs, auditability, and no autonomous action on PHI without human review.

Is pasting PHI into a general chatbot a violation?

Almost always — unless that tool is covered by a BAA. Most consumer assistants aren’t, and they may train on what you paste.

What’s the biggest AI-specific risk?

Autonomy without accountability. Containment — propose-only, corroborated, logged — removes it by construction.

Sources

  1. HHS, HIPAA Privacy Rule, minimum-necessary standard, 45 CFR §164.502(b).
  2. HHS, Business Associate Contracts, 45 CFR §164.502(e) and §164.308(b).
  3. HHS, HIPAA Security Rule technical safeguards, 45 CFR §164.312 (audit controls, integrity).
  4. NIST, SP 800-66 Rev. 2, Implementing the HIPAA Security Rule.
  5. ClaimZen, HIPAA compliance by design and system architecture.

General information, not legal or compliance advice. HIPAA obligations depend on your organization, your data, and your contracts — consult your privacy/security officer and counsel.

AI on PHI, contained by design.

ClaimZen’s model proposes; deterministic code corroborates; a human approves — and every step is signed and auditable.

Get early access