Which HIPAA Security Rule technical safeguards apply to AI systems?

All four categories of technical safeguards apply to AI systems handling ePHI: (1) access controls — unique service account IDs, automatic logoff for AI sessions, encryption at rest; (2) audit controls — required logs of all ePHI access by AI models including which patient, model version, output, and timestamp; (3) integrity controls — integrity policies for AI output pipelines and optional authentication mechanisms (hashing/signing) for AI-generated clinical outputs; (4) transmission security — TLS 1.2+ for all ePHI in transit, including EHR-to-model data feeds, inference result pipelines, and LLM API calls.

What exactly must an AI inference audit log contain to satisfy § 164.312(b)?

HIPAA § 164.312(b) requires you to record and examine activity in systems containing ePHI. For AI inference, a compliant audit log should record: which patient record(s) were accessed (patient identifier), the model version and build that produced the inference, the inference output (prediction, score, recommendation), the requesting system or user, the timestamp of the inference, and any subsequent human override or rejection of the AI recommendation. Logs must be retained for 6 years, be queryable by patient ID and time range, and be tamper-evident.

Do we need a Business Associate Agreement with our LLM API provider?

Yes, if ePHI is transmitted to the LLM API. If your clinical AI sends patient notes, diagnoses, dates of service, names, or any HIPAA identifier in LLM prompts, the LLM provider receives ePHI and must be a business associate with a BAA. OpenAI, Anthropic, Google, and most major LLM providers offer HIPAA BAAs for enterprise healthcare customers — verify BAA availability and execute before going live with ePHI in prompts. Sending ePHI to an LLM API without a BAA is a HIPAA Security Rule violation.

Is AI training data subject to HIPAA Security Rule?

Yes. ePHI maintained in any electronic form — including AI training datasets, validation sets, and test sets — is subject to the Security Rule. Cloud ML infrastructure (cloud GPUs, managed notebooks, MLflow, vector databases) that processes training data containing ePHI must be covered by BAAs and must implement Security Rule safeguards: access controls, audit controls, integrity controls, and transmission security. De-identification under the HIPAA safe harbor (18 identifiers removed) removes training data from ePHI status, but re-identification through AI inference analysis reactivates Security Rule obligations.

What is the difference between required and addressable specifications under HIPAA?

Required specifications (unique user ID, emergency access procedure, audit controls, integrity policy, transmission security integrity controls) must be implemented with no flexibility. Addressable specifications (automatic logoff, encryption/decryption, integrity mechanism) must be implemented OR documented with a risk analysis explaining why an alternative equivalent measure is more appropriate. 'Addressable' does not mean optional — it means the implementation form is flexible, not the compliance goal. The proposed 2024 Security Rule update would convert encryption from addressable to required for both data at rest and in transit.

What OCR penalties apply to HIPAA Security Rule violations?

OCR civil monetary penalties (2024 tiers): $137/violation (no knowledge), $1,379/violation (reasonable cause), $13,785/violation (willful neglect corrected), $68,928/violation (willful neglect not corrected). Annual caps per violation category: up to $2,067,813. Largest healthcare AI-related settlement: $4.75M (Advocate Aurora Health, 2023) for use of Meta Pixel without a BAA on patient portals. Resolution agreements also include corrective action plans (CAPs) with 2-3 years of monitored HIPAA compliance.

What does the proposed 2024 HIPAA Security Rule update require for AI systems?

The December 2024 proposed update includes: (1) technology asset inventory requirement — documented inventory of all systems accessing ePHI, explicitly including AI models and ML pipelines; (2) encryption converted from addressable to required for data at rest and in transit; (3) annual penetration testing and vulnerability scanning of all ePHI-containing systems, including AI infrastructure; (4) documentation requirements for all Security Rule implementation decisions. The final rule is expected in 2025-2026. AI teams should begin asset inventory and encryption implementation now — these reflect current OCR enforcement priorities.

How does Tenet AI help satisfy HIPAA audit control requirements for clinical AI?

Tenet generates an immutable, tamper-evident audit log for every AI inference that accesses ePHI: patient identifier, model version, inference output, requesting system, and timestamp. Logs are append-only and cryptographically verifiable. Tenet's per-patient query capability allows compliance officers to produce a complete activity report for any patient within OCR investigation timelines. Tenet also records human overrides when clinicians modify or reject AI recommendations — creating a full chain of custody for AI-assisted clinical decisions that satisfies § 164.312(b) audit control requirements.

HIPAA Security Rule Technical Safeguards for AI Systems: Access Controls, Audit Logs, Encryption, and BAAs

HIPAA Security Rule (45 CFR Part 164.312) establishes four categories of technical safeguards for electronic PHI: access controls, audit controls, integrity controls, and transmission security. AI/ML systems handling ePHI — clinical decision support, diagnostic AI, EHR analytics, LLM-based clinical tools — are subject to all four categories. The audit controls specification (§ 164.312(b)) is a required specification with no flexibility: AI inference logs that record ePHI access are the primary technical implementation. Business Associate Agreements are required for all AI vendors receiving ePHI. The proposed 2024 Security Rule update would add AI system asset inventory requirements, mandatory encryption (removing the addressable designation), and annual penetration testing of AI infrastructure.

What ePHI Means for AI Systems Under HIPAA

ePHI for AI includes: clinical notes and medical records used as model inputs; model inference outputs linked to specific patients (risk scores, diagnosis predictions, recommendations); training datasets containing identified patient data; vector embeddings and representations of patient records (functionally re-identifiable); AI audit logs containing patient identifiers; and model evaluation datasets from patient populations. De-identified data under the HIPAA safe harbor (18 identifiers removed) is exempt — but data that is re-identified through AI inference or re-identification attack regains ePHI status. LLM prompts containing patient identifying information (name, DOB, MRN, diagnosis) transmitted to external APIs are ePHI in transmission and require the same security controls as any other ePHI transmission.

Access Controls (§ 164.312(a)) for AI Service Accounts and Model APIs

Access controls require technical policies that allow only authorized persons or software programs to access ePHI. For AI: unique user identification (§ 164.312(a)(2)(i)) requires that AI model service accounts have unique IAM identities — shared service account credentials are non-compliant. Emergency access procedures must be documented for AI-assisted clinical workflows. Automatic logoff is addressable — AI API sessions and agent sessions holding ePHI in memory must implement session timeouts. Encryption is addressable — ePHI at rest in model registries, training datasets, and inference stores must be encrypted (AES-256). The 2024 proposed rule would make encryption required for both data at rest and in transit.

Audit Controls (§ 164.312(b)) — Required Specification for AI Inference Logs

Audit controls is a required specification with no flexibility: covered entities must implement hardware, software, and procedural mechanisms to record and examine activity in ePHI-containing systems. For AI: every model inference call that reads ePHI must be logged (which patient, which model version, what output, what time). AI systems that write outputs to patient records must log write operations. Logs must be queryable — compliance officers must be able to pull all AI accesses for a specific patient or model version. Logs must be tamper-evident — append-only storage with cryptographic verification prevents modification. Retention: 6 years minimum. OCR cited lack of audit controls in its $2.4M OHSU resolution agreement (2016) — directly applicable to modern AI clinical systems.

Transmission Security (§ 164.312(e)) — AI APIs and LLM Vendor BAAs

Transmission security requires technical security measures for ePHI transmitted over electronic networks. For AI: EHR-to-model data feeds require TLS 1.2+ with mutual TLS authentication; inference result pipelines to the EHR require TLS 1.2+ plus integrity verification (HMAC or digital signature on the inference payload); cloud AI training data transfers require encrypted transfer (private network link or encrypted SFTP) with access logging. The LLM API problem: if your clinical AI sends patient data to an external LLM API (OpenAI, Anthropic, Google), that LLM provider must be a business associate with a BAA in place before receiving any ePHI. Sending patient notes, diagnoses, or other HIPAA identifiers to an LLM API without a BAA is a transmission security violation — and potentially a Privacy Rule violation.

Business Associate Agreements for AI Vendors and 2024 Security Rule Updates

Any AI vendor that creates, receives, maintains, or transmits ePHI on behalf of a covered entity is a business associate and must sign a BAA. BAAs with AI vendors must address: use limitation (vendor cannot use ePHI for other customers' model training), safeguard obligations (vendor must implement HIPAA Security Rule), subcontractor flow-down (sub-processors must also sign BAAs), breach notification (60-day notification requirement), and return/destruction on termination (including training data). The proposed 2024 Security Rule update adds: mandatory technology asset inventory (including all AI systems accessing ePHI), annual penetration testing of AI infrastructure, documentation requirements for all Security Rule implementations, and encryption as a required specification. AI teams should treat these as the emerging compliance baseline.