autrace
All posts
ComplianceHIPAAHealthcare

HIPAA-Safe LLM Architecture: PHI Redaction, BAAs, and Audit Controls

AE
Autrace Engineering
·July 7, 2026·9 min read

Healthcare AI is only useful if patient data stays protected. You cannot paste PHI into a third-party model without a Business Associate Agreement and hope for the best — that is a HIPAA problem before it is a security one. Here is a practical architecture that lets clinical and back-office AI work without exposing protected health information.

The three HIPAA requirements that shape the architecture

  1. Business Associate Agreements (BAAs) — any service that processes PHI on your behalf must be under a BAA.
  2. Audit controls — you must be able to show who accessed what, and when.
  3. Minimum necessary — only the PHI actually needed should ever be used.

Redact the 18 identifiers before the model

The HIPAA Privacy Rule defines 18 PHI identifiers — names, geographic subdivisions, dates, phone and fax numbers, email, SSN, medical record numbers, account numbers, biometric identifiers, full-face photos, and more. A safe pipeline detects and removes them in-path, before the prompt leaves your boundary:

  1. Detect — regex for structured identifiers (SSN, MRN, phone) plus NLP for free-form names and addresses.
  2. Tokenize / redact — replace each with a placeholder the model can reason around.
  3. Forward the clean prompt to the model.
  4. Re-hydrate real values into the response on the way back.
  5. Seal an audit record — metadata and a redaction summary, never the PHI values.

Why "de-identified" is not automatically safe

Redaction reduces risk but is not a guarantee: model outputs can sometimes enable re-identification, and audit logging often has gaps on error and async paths. Treat redaction as one control in a defense-in-depth design, not the whole design.

Where a gateway fits

A gateway is a natural place to enforce all three requirements at once: in-path PHI redaction (minimum necessary), a hash-chained audit trail (audit controls), and — with Enterprise — a BAA plus self-managed / air-gapped deployment so PHI never leaves your VPC. See Autrace for healthcare.

Compliance note: a HIPAA BAA is available on Enterprise plans. These technical controls support your HIPAA program; they are not a substitute for it.

References
  • HHS HIPAA Privacy Rule — the 18 PHI identifiers: hhs.gov/hipaa/for-professionals/privacy
  • OWASP LLM06 — Sensitive Information Disclosure.
← Back to blogContact Us →