Does HIPAA breach notification apply when an AI system makes a wrong decision?

HIPAA breach notification applies when there is an impermissible use or disclosure of protected health information. If an AI system accesses or outputs PHI in an unauthorized way — cross-patient data leakage in RAG, training data memorization producing verbatim PHI, transmission to external APIs without a BAA — that triggers the 60-day breach notification obligation. An AI system making an incorrect clinical recommendation without PHI exposure is not a HIPAA breach but may trigger FDA SaMD obligations.

Can we use our existing IT incident response plan for AI incidents?

An existing IT IRP covers availability failures, data breaches, and unauthorized access — all of which still apply. But it does not cover AI-specific failure modes: model drift causing systematic incorrect outputs, reasoning path deviations producing biased decisions, tool calls exceeding authorized scope, or multi-agent cascades where one agent's error propagates downstream. You need an AI-specific addendum that defines these categories, assigns classification owners, and maps each category to regulatory notification obligations.

What is the difference between an AI anomaly and an AI incident?

An anomaly is a detected deviation from expected behavior — output confidence below threshold, response latency spiking, topic drift in model outputs. An incident is an anomaly that meets the threshold for formal response: investigation, escalation, and potentially regulatory notification. Your IRP must define when an anomaly becomes an incident, who makes that determination, and what clock starts at classification. For EU AI Act, the clock starts when the provider becomes aware of the serious incident — which is typically the incident classification event.

What audit trail evidence do regulators expect during an AI incident investigation?

Regulators expect reconstruction of what the AI system decided, why, what data it had access to at decision time, and whether human review occurred. This requires: immutable decision logs with full input/output capture, tool call and retrieval step records, model version and configuration at time of decision, human override records, and timestamp chains that survive post-incident. Without this, you cannot demonstrate root cause, cannot prove harm scope, and cannot satisfy Art.73 or HIPAA investigation requirements.

How does Colorado SB 205 affect AI incident response?

Colorado SB 205 requires deployers to notify consumers when a consequential AI decision is adverse and to provide a human review process. An AI incident causing drift-driven incorrect adverse decisions at scale — such as incorrect loan denials — requires individual consumer notifications for each affected consumer plus documentation of the investigation. Unlike EU AI Act's MSA notification, SB 205's obligation is consumer-facing, potentially requiring thousands of individual notifications from a single drift incident.

What is the fastest way to build an AI incident response plan that satisfies all three frameworks?

Start with a single incident taxonomy mapping AI failure modes to regulatory categories. Document detection sources, classification owners, notification timelines per regulation, evidence preservation requirements, and post-incident review procedures. Tenet AI's decision ledger provides the audit trail layer that satisfies the evidence requirements automatically — making incident investigation and regulatory documentation possible without manual log archaeology.

AI Incident Response Plan: What Regulators Require (EU AI Act, HIPAA, SOC 2)

Q: What is a reportable serious incident under EU AI Act Article 73?

Under Article 73, providers of high-risk AI systems must report serious incidents to market surveillance authorities. A serious incident includes any malfunction or misuse leading to death, serious bodily harm, significant property damage, or serious disruption of critical infrastructure. For death and irreversible harm, the deadline is 15 days. For other serious incidents, reporting must occur without undue delay. An AI agent making an incorrect loan denial or clinical decision that harms a patient may qualify as a serious incident even without a data breach.

Q: What does SOC 2 CC7.2 require for AI systems?

SOC 2 CC7.2 requires entities to evaluate security events to distinguish incidents from non-incidents, document the analysis, and initiate response procedures. For AI systems, this means defining behavioral anomalies as security events, logging all AI decisions with replay fidelity, and maintaining documented runbooks for AI-specific incident categories. SOC 2 auditors verify that anomaly detection is operational and that event classification decisions are documented — including for anomalies that were evaluated and classified as non-incidents.

EU AI Act Article 73 requires serious incident notification within 15 days for incidents involving death or irreversible harm. HIPAA breach notification is 60 days from discovery. SOC 2 CC7.2 requires documented event classification and response procedures. A standard IT incident response plan does not satisfy any of these — each requires AI-specific definitions, evidence standards, and notification targets. This guide provides a five-phase AI IRP template with the specific requirements for each framework.

Why AI Incidents Require a Separate IRP

Standard IT incident response covers availability failures, data breaches, and unauthorized access. AI-specific incidents include behavioral drift causing systematic incorrect decisions, PHI exposure through model outputs or RAG retrieval, unauthorized tool scope expansion, and multi-agent cascades. None of these are captured by infrastructure alerting, and none map cleanly to IT breach definitions. An AI-specific IRP addendum must define incident categories, detection sources, classification procedures, and the regulatory notification obligation triggered by each category.

EU AI Act Article 73: Serious Incident Reporting

Article 73 requires providers of high-risk AI systems to report serious incidents to national market surveillance authorities. A serious incident is any malfunction or misuse that causes or could cause death, serious bodily injury, significant property damage, or serious disruption of critical infrastructure. For death and irreversible harm, the reporting deadline is 15 days from awareness. For other serious incidents, reporting must occur without undue delay. Intermediate reports are required every 30 days during ongoing investigation. Providers must be able to produce incident documentation with root cause analysis and corrective measures — which requires sufficient decision audit trails to reconstruct what the AI system did during the incident window.

HIPAA Breach Notification for AI Systems

HIPAA Breach Notification Rule (45 CFR §§164.400-414) requires notification within 60 days of discovering a breach of unsecured PHI. AI-specific PHI breach scenarios include cross-patient data leakage via RAG retrieval, training data memorization producing verbatim PHI, unauthorized transmission of PHI to external APIs by AI agents, and insecure AI decision logs containing PHI without proper access controls. The 60-day clock starts at discovery. Entities with more than 500 affected individuals must also notify prominent media in the state.

SOC 2 CC7.2: Anomaly Detection and Response

SOC 2 Trust Service Criteria CC7.2 requires entities to evaluate security events to determine whether they qualify as incidents and to document that determination. For AI systems, this requires defining behavioral anomalies as security events — output distribution shifts, unexpected tool calls, unauthorized data access — logging all AI decisions with replay fidelity, and maintaining documented runbooks for AI-specific incident categories. SOC 2 auditors will request evidence that anomaly detection is operational (dashboards with thresholds) and that event classification decisions are documented (not just the incidents, but the non-incidents too).

Five-Phase AI Incident Response Template

Phase 1: Detect — define behavioral baselines, configure anomaly alerts, route AI alerts to on-call rotation, maintain immutable decision logs. Phase 2: Classify — apply incident taxonomy within 4 hours, determine which regulatory frameworks apply, document classification reasoning, start notification clock. Phase 3: Contain — freeze model version, preserve audit trail snapshot before any remediation, assess decision scope during affected period. Phase 4: Notify — file Art.73 report to MSA, HIPAA breach notification to HHS, CO SB 205 consumer notifications, customer notifications per SOC 2 CC7.2 obligations. Phase 5: Recover — remediate root cause, review all affected decisions, conduct post-incident review within 30 days, update behavioral baselines.

Evidence Requirements for AI Incident Investigation

Every AI incident framework requires that you can reconstruct what the AI system decided and why. For Art.73: description of the incident, potential cause, and corrective measures — all requiring decision-level logs. For HIPAA: scope of affected individuals requires identifying every decision that accessed PHI during the incident window. For SOC 2: classification documentation requires showing what anomaly was detected and why it was or was not elevated to incident status. These evidence requirements cannot be satisfied by standard application logs — they require immutable, tamper-evident, decision-level audit trails captured at the time of each decision.