Healthcare AI is only useful if patient data stays protected. You cannot paste PHI into a third-party model without a Business Associate Agreement and hope for the best — that is a HIPAA problem before it is a security one. Here is a practical architecture that lets clinical and back-office AI work without exposing protected health information.
The three HIPAA requirements that shape the architecture
- Business Associate Agreements (BAAs) — any service that processes PHI on your behalf must be under a BAA.
- Audit controls — you must be able to show who accessed what, and when.
- Minimum necessary — only the PHI actually needed should ever be used.
Redact the 18 identifiers before the model
The HIPAA Privacy Rule defines 18 PHI identifiers — names, geographic subdivisions, dates, phone and fax numbers, email, SSN, medical record numbers, account numbers, biometric identifiers, full-face photos, and more. A safe pipeline detects and removes them in-path, before the prompt leaves your boundary:
- Detect — regex for structured identifiers (SSN, MRN, phone) plus NLP for free-form names and addresses.
- Tokenize / redact — replace each with a placeholder the model can reason around.
- Forward the clean prompt to the model.
- Re-hydrate real values into the response on the way back.
- Seal an audit record — metadata and a redaction summary, never the PHI values.
Why "de-identified" is not automatically safe
Redaction reduces risk but is not a guarantee: model outputs can sometimes enable re-identification, and audit logging often has gaps on error and async paths. Treat redaction as one control in a defense-in-depth design, not the whole design.
Where a gateway fits
A gateway is a natural place to enforce all three requirements at once: in-path PHI redaction (minimum necessary), a hash-chained audit trail (audit controls), and — with Enterprise — a BAA plus self-managed / air-gapped deployment so PHI never leaves your VPC. See Autrace for healthcare.
Compliance note: a HIPAA BAA is available on Enterprise plans. These technical controls support your HIPAA program; they are not a substitute for it.
- HHS HIPAA Privacy Rule — the 18 PHI identifiers: hhs.gov/hipaa/for-professionals/privacy
- OWASP LLM06 — Sensitive Information Disclosure.