AI and HIPAA: What Healthcare Organizations Must Do Now

AI is transforming healthcare operations. Ambient clinical documentation tools transcribe patient encounters in real time. Large language models summarize medical records. AI assistants help with prior authorization, coding, and billing. Chatbots handle patient intake and triage. Each of these applications processes Protected Health Information, and each must comply with HIPAA's Privacy Rule, Security Rule, and Breach Notification Rule.

This guide details exactly what HIPAA requires when healthcare organizations use AI tools, with specific attention to Business Associate Agreements, the minimum necessary standard, Security Rule requirements for AI systems, breach notification obligations, and a comprehensive compliance checklist.

What It Requires

Business Associate Agreements for AI Vendors

Under the HIPAA Privacy Rule (45 CFR 164.502(e) and 164.504(e)), a covered entity must have a Business Associate Agreement with any entity that creates, receives, maintains, or transmits PHI on its behalf. When an AI vendor processes PHI, whether through cloud-based AI services, on-premise AI deployments that phone home to the vendor, or AI APIs that receive PHI in prompts or queries, that vendor is a business associate and a BAA is required.

The BAA must specify the permitted uses and disclosures of PHI by the AI vendor, require the vendor to implement appropriate safeguards to prevent unauthorized uses or disclosures, require the vendor to report any security incidents or breaches, require the vendor to ensure that any subcontractors who access PHI also agree to the same restrictions (this is critical because AI vendors often use cloud providers like AWS, Azure, or GCP as sub-processors), require the vendor to make PHI available to satisfy individuals' rights under the Privacy Rule, require the vendor to return or destroy PHI at the end of the relationship, and require the vendor to make its internal practices and records available to HHS for compliance audits.

Many popular consumer AI tools, including free versions of ChatGPT, Gemini, and Claude, do not offer BAAs. Using these tools with PHI is a HIPAA violation regardless of whether any actual breach occurs. Healthcare organizations must either use enterprise versions that include BAAs or prohibit these tools for any PHI-related use.

Minimum Necessary Standard

The HIPAA Privacy Rule's minimum necessary standard (45 CFR 164.502(b)) requires that covered entities make reasonable efforts to limit PHI disclosures to the minimum necessary to accomplish the intended purpose. This standard applies directly to how healthcare organizations use AI tools.

When a clinician uses an AI tool to summarize a patient encounter, only the relevant portions of the medical record should be submitted, not the entire record. When an administrative staff member uses AI to generate a prior authorization letter, only the clinical information necessary for the authorization should be included in the AI prompt. When a billing department uses AI for coding assistance, the AI should receive only the diagnosis and procedure information needed, not complete patient demographics and history.

Implementing the minimum necessary standard for AI requires technical controls, not just policy. Organizations need mechanisms to strip unnecessary PHI from AI inputs, restrict which data fields can be sent to AI systems, and audit AI usage patterns to identify instances where more PHI than necessary is being transmitted.

Security Rule Requirements for AI

The HIPAA Security Rule (45 CFR Part 164, Subpart C) requires covered entities and business associates to implement administrative, physical, and technical safeguards to protect electronic PHI. AI systems that process ePHI must be included in these safeguards.

Administrative safeguards: AI systems must be included in the organization's security risk analysis (45 CFR 164.308(a)(1)). This means identifying threats and vulnerabilities specific to AI processing of ePHI, including data leakage through AI model memorization, prompt injection attacks that could extract PHI, unauthorized access to AI system logs containing PHI, and vendor security posture risks. Workforce members using AI tools with PHI must receive security awareness training specific to AI risks (45 CFR 164.308(a)(5)).

Technical safeguards: AI systems must implement access controls (45 CFR 164.312(a)) ensuring that only authorized users can submit PHI to AI tools and access AI outputs containing PHI. Audit controls (45 CFR 164.312(b)) must record who used AI tools with PHI, what data was submitted, and what outputs were generated. Transmission security (45 CFR 164.312(e)) requires encryption of PHI in transit to and from AI services. Integrity controls (45 CFR 164.312(c)) must protect PHI from improper alteration, which is particularly relevant given that AI tools can generate inaccurate information about patients.

Breach Notification for AI-Related Incidents

The HIPAA Breach Notification Rule (45 CFR Part 164, Subpart D) requires covered entities to notify affected individuals, HHS, and in some cases the media, when unsecured PHI is breached. AI-related breach scenarios include employees submitting PHI to AI tools without BAAs (the PHI is disclosed to an unauthorized party), AI vendor security incidents that expose submitted PHI, AI tools that memorize and subsequently reproduce PHI from training data, and AI system misconfigurations that make PHI-containing outputs accessible to unauthorized users.

For breaches affecting 500 or more individuals, covered entities must notify HHS and prominent media outlets within 60 days of discovery. For breaches affecting fewer than 500 individuals, notification to HHS must occur no later than 60 days after the end of the calendar year in which the breach was discovered. Individual notifications must be sent without unreasonable delay and no later than 60 days after discovery. Business associate BAAs must require the AI vendor to notify the covered entity of breaches without unreasonable delay and no later than 60 days after discovery.

Key Dates

Penalties

HIPAA penalties follow a four-tier structure based on the level of culpability. AI-related violations can fall into any tier depending on whether the organization knew or should have known about the violation.

Tier 1: Did Not Know. The covered entity did not know and, by exercising reasonable diligence, would not have known of the violation. Penalties range from $100 to $50,000 per violation. For AI, this might apply to an organization that genuinely did not know an employee was using an AI tool with PHI, provided the organization had reasonable policies and monitoring in place.

Tier 2: Reasonable Cause. The violation was due to reasonable cause and not willful neglect. Penalties range from $1,000 to $50,000 per violation. This tier commonly applies to organizations that knew AI tools were being used with PHI but had not yet implemented compliant safeguards, where the delay was attributable to reasonable factors rather than indifference.

Tier 3: Willful Neglect, Corrected. The violation was due to willful neglect but was corrected within 30 days of discovery. Penalties range from $10,000 to $50,000 per violation. This applies when an organization was aware that its AI usage violated HIPAA but took corrective action promptly upon recognizing the specific violation.

Tier 4: Willful Neglect, Not Corrected. The violation was due to willful neglect and was not corrected within 30 days. Minimum penalty is $50,000 per violation. This tier applies when an organization knowingly ignored HIPAA requirements for AI tools and failed to take corrective action. Using consumer AI tools with PHI despite knowing that no BAA exists, and continuing to do so after being informed of the violation, would likely fall into this tier.

Calendar year cap: The maximum penalty for all violations of an identical provision in a calendar year is $1.9 million (adjusted for inflation). However, OCR can impose separate penalties for violations of different provisions, so an organization that violates BAA requirements, minimum necessary standards, and security safeguards simultaneously faces separate penalty calculations for each provision.

Criminal penalties: Knowingly obtaining or disclosing PHI in violation of HIPAA can result in criminal penalties including fines up to $250,000 and imprisonment up to 10 years. While criminal prosecution for AI-related HIPAA violations is uncommon, it remains a possibility when PHI is disclosed through AI tools with knowledge that it constitutes a violation.

How PolicyGuard Helps

HIPAA compliance for AI requires continuous visibility into which AI tools process PHI, active enforcement of BAA requirements and minimum necessary controls, and audit-ready documentation for OCR investigations. PolicyGuard provides all three layers in a platform built specifically for healthcare AI governance.

PolicyGuard's AI discovery identifies every AI tool used across the organization, including shadow AI tools adopted without IT approval, and flags which ones process PHI. The BAA management module tracks BAA status for each AI vendor, alerting compliance teams when tools without BAAs are used with PHI and providing workflow to remediate immediately. Technical controls enforce the minimum necessary standard by configuring data classification rules that prevent employees from submitting restricted PHI categories to AI systems not authorized for that data level. The audit logging system captures complete records of AI-PHI interactions, generating the documentation OCR expects during compliance reviews and breach investigations. For organizations navigating both HIPAA and other AI regulations, PolicyGuard integrates compliance management across multiple frameworks. See our healthcare AI governance guide for the complete governance framework, our healthcare AI policy guide for policy templates, and our 2026 regulatory compliance overview for how HIPAA requirements fit alongside other AI regulations affecting healthcare organizations.

FAQ

Can we use ChatGPT or other consumer AI tools with patient data?

No. Consumer versions of AI tools like ChatGPT (free or Plus), Google Gemini, and similar services do not offer BAAs. Under HIPAA, any AI tool that processes PHI must be covered by a BAA. Submitting PHI to a consumer AI tool is an unauthorized disclosure that violates the Privacy Rule and may constitute a reportable breach. Enterprise versions of some AI tools, such as ChatGPT Enterprise and Azure OpenAI Service, do offer BAAs, but the BAA terms must be reviewed to ensure they meet all HIPAA requirements before use with PHI.

What if an employee accidentally enters PHI into an AI tool without a BAA?

This is a potential HIPAA breach that must be assessed under the Breach Notification Rule. The organization must conduct a risk assessment analyzing the nature and extent of PHI involved, the unauthorized person who received the PHI (the AI vendor), whether the PHI was actually acquired or viewed, and the extent to which the risk has been mitigated. If the risk assessment cannot demonstrate a low probability that PHI was compromised, the incident must be treated as a breach with individual notification, HHS notification, and potentially media notification depending on the number of individuals affected. Organizations should have incident response procedures specifically addressing this scenario.

Does the minimum necessary standard apply to AI-assisted clinical documentation?

Yes. When a clinician uses an AI tool to transcribe or document a patient encounter, the minimum necessary standard requires that only the PHI needed for the documentation purpose be processed by the AI. In practice, ambient clinical documentation tools that record entire encounters may capture more information than is strictly necessary for the note being generated. Organizations should evaluate whether AI documentation tools can be configured to limit data collection to relevant portions of the encounter and should document their minimum necessary analysis for each AI documentation use case.

Are AI-generated clinical notes considered part of the medical record?

Yes. If an AI-generated note is incorporated into the patient's medical record, it becomes part of the designated record set under HIPAA and is subject to all Privacy Rule requirements including individual access rights, amendment rights, and accounting of disclosures. Clinicians must review AI-generated notes for accuracy before incorporation, because patients have the right to request amendments to inaccurate records, and the organization is responsible for the accuracy of information in the designated record set regardless of whether it was generated by a human or AI.

How does HIPAA interact with the EU AI Act for healthcare organizations?

Healthcare organizations serving EU patients may be subject to both HIPAA and the EU AI Act, plus GDPR. AI systems used in clinical decision-making could be classified as high-risk under the EU AI Act, triggering additional requirements for risk management, data governance, and conformity assessments on top of HIPAA obligations. The key difference is that HIPAA focuses on PHI protection while the EU AI Act focuses on AI system safety and reliability. Compliance with one does not satisfy the other. Organizations subject to both must build a compliance program that addresses the overlapping and distinct requirements of each framework. PolicyGuard manages cross-framework compliance to prevent gaps.