All insights

Shipping HIPAA-compliant AI

How to build RAG assistants and AI features that handle PHI safely — grounding, zero data retention, access control, evaluation, and human review.

7 min read

AI is the fastest way to add value to a healthcare product right now — and the fastest way to create a compliance problem. The good news: shipping AI that respects HIPAA isn't about avoiding AI. It's about a handful of architectural decisions you make up front. Here's how we build AI features that handle protected health information (PHI) safely.

The three risks to design against

Most HIPAA-and-AI trouble comes down to three things:

  1. Where the data goes. If PHI lands in a third-party model that trains on it or retains it, you've created an unauthorized disclosure.
  2. Whether the answer is true. A confident, wrong answer about a patient isn't just unhelpful — in a clinical context it's dangerous.
  3. Who can see what. AI doesn't get to bypass the access controls and audit trail the rest of your system enforces.

Design for all three and "HIPAA-compliant AI" stops being a contradiction.

Ground answers in your data (RAG, not recall)

The single most important pattern is retrieval-augmented generation (RAG). Instead of asking a model to answer from its training, you retrieve the relevant passages from your documents and ask the model to answer only from those — with citations back to the source.

This does two things at once: it makes answers traceable (you can show exactly which policy or record an answer came from), and it keeps you from depending on a model's invented "knowledge." When the source doesn't contain the answer, a well-built assistant says so instead of guessing.

Keep PHI out of training and retention

When PHI must reach a model, the model provider has to be a willing, contractual partner:

  • Use providers that offer a Business Associate Agreement (BAA) and zero-data-retention (ZDR) routing, so prompts aren't stored or used for training.
  • Minimize and redact — send only the fields the task needs; strip identifiers that aren't required for the answer.
  • Prefer enterprise/API tiers with the right data terms over consumer endpoints, which often train on input by default.

If a provider can't sign a BAA, PHI doesn't go to it. Full stop.

Wrap it in the controls your system already has

AI features inherit the same obligations as the rest of a HIPAA system:

  • Access control — the assistant only retrieves what the signed-in user is already allowed to see. RAG retrieval must be scoped by permission, or you've built a very efficient leak.
  • Audit logging — log prompts, retrieved sources, and responses so access is traceable.
  • Encryption in transit and at rest for the vector store and document store, same as any other PHI.

Prove it works, then keep a human in the loop

Two final practices separate a demo from something you can put in front of clinicians:

  • Evaluation. Build an answer-quality harness with known questions and expected answers, and measure accuracy, citation correctness, and refusal behavior before and after every change. "It looked good in testing" is not a metric.
  • Human review for high stakes. For anything that drives a clinical or financial decision, the AI drafts and a person confirms. The assistant accelerates the expert; it doesn't replace them.

What this looks like in practice

This is exactly the architecture behind HIPAA Wizard, our compliance platform: a retrieval-augmented assistant grounded in your compliance documents, answering in plain language with sources, inside an access-controlled, audit-logged system. The AI is powerful precisely because it's bounded.

HIPAA-compliant AI isn't slower or weaker AI. It's AI that knows where its facts come from, where your data is allowed to go, and when to ask a human. Build those three in from the start and you get the upside without the exposure.

Adding AI to a product that touches PHI? Let's talk — we do this for a living.