AI and PHI: keeping models on the right side of HIPAA
Using AI on patient data isn’t a HIPAA violation. Using it without containment, auditability, and minimum-necessary limits is. Here’s the line.
AI is arriving in dental and healthcare operations fast — scheduling, coding, denial work, chart summaries. HIPAA never says the word “AI,” but every one of its rules applies to a model that touches PHI exactly as it would to any other software or vendor. The useful question isn’t “are we allowed to use AI on patient data” (you are, with the right controls) — it’s “is the AI contained.”
The three ways AI creates HIPAA risk
- The vendor isn’t under a BAA. An AI provider that processes your PHI is a business associate and needs a signed BAA. Consumer chatbots almost never qualify — pasting PHI into one is an impermissible disclosure.
- Your data trains someone else’s model. If PHI is used to train or improve a shared model, it has left your control in a way you can’t claw back. Ask explicitly, and get “no training on your data” in writing.
- The model acts on its own. An LLM that can decide or take actions on PHI — without corroboration, human review, or an audit trail — is an unaccountable actor. This is the AI-specific risk that’s easy to miss.
Minimum necessary applies to models, too
The Privacy Rule’s minimum-necessary standard (§164.502(b)) doesn’t exempt software. A model should see only the PHI a task actually requires — not the whole chart because it’s easier to pass everything. Scope the context the way you’d scope a staff member’s access.
Autonomy is the real risk — containment is the answer
A model that can silently promote its own guess to a decision, or fire off an action, is the thing that turns an AI tool into a compliance liability. The mitigation is architectural: keep the model as an untrusted, propose-only coprocessor. It reads and suggests; deterministic code corroborates every value against the source; a human authorizes before anything is finalized or sent. Done right, an autonomous mistake with PHI isn’t a policy you enforce — it’s a path that doesn’t exist.
Auditability: show what the model saw and did
You should be able to reconstruct, after the fact, what a model was shown, what it proposed, and what a human approved. If an AI feature can’t produce that trail, you can’t answer the questions an OCR audit or a patient complaint will ask. Tamper-evident logging (see audit trails & tamper-evidence) makes that trail evidence rather than assertion.
| Risk | Why it’s a HIPAA problem | Mitigation |
|---|---|---|
| No BAA with AI vendor | Impermissible disclosure to a business associate. | Signed BAA before any PHI; no consumer tools. |
| Training on your PHI | Loss of control over the data. | Contractual “no training,” isolated tenancy. |
| Over-broad context | Violates minimum necessary (§164.502(b)). | Scope inputs to the task. |
| Autonomous decisions/actions | Unaccountable actor on PHI. | Propose-only, corroborated, human-approved. |
| No audit trail | Fails audit controls (§164.312(b)). | Log what the model saw, proposed, and who approved. |
Frequently asked questions
Does HIPAA prohibit using AI on PHI?
No. It applies fully, but AI on PHI is allowed with a BAA, minimum-necessary inputs, auditability, and no autonomous action on PHI without human review.
Is pasting PHI into a general chatbot a violation?
Almost always — unless that tool is covered by a BAA. Most consumer assistants aren’t, and they may train on what you paste.
What’s the biggest AI-specific risk?
Autonomy without accountability. Containment — propose-only, corroborated, logged — removes it by construction.
Sources
- HHS, HIPAA Privacy Rule, minimum-necessary standard, 45 CFR §164.502(b).
- HHS, Business Associate Contracts, 45 CFR §164.502(e) and §164.308(b).
- HHS, HIPAA Security Rule technical safeguards, 45 CFR §164.312 (audit controls, integrity).
- NIST, SP 800-66 Rev. 2, Implementing the HIPAA Security Rule.
- ClaimZen, HIPAA compliance by design and system architecture.
General information, not legal or compliance advice. HIPAA obligations depend on your organization, your data, and your contracts — consult your privacy/security officer and counsel.
AI on PHI, contained by design.
ClaimZen’s model proposes; deterministic code corroborates; a human approves — and every step is signed and auditable.
Get early access