Building AI into a healthcare product means navigating HIPAA from your first line of code. This guide covers what HIPAA actually requires of software, how to architect for compliance, and the common mistakes that expose startups to breach liability.
Healthcare is one of the most consequential domains in which AI can operate — and one of the most regulated. If your product touches Protected Health Information (PHI), the Health Insurance Portability and Accountability Act (HIPAA) applies to you, regardless of your company size, your funding stage, or whether you are technically a healthcare company. A SaaS tool used by a clinic, an AI diagnostic model deployed in a hospital, a patient-facing mobile app — all of them fall under HIPAA the moment they handle PHI.
Most healthcare startups understand that HIPAA compliance is required. Fewer understand what it actually demands of their software architecture, their data pipelines, their AI training workflows, and their vendor relationships. This guide gives you the practical picture — what the regulation requires, how to build for it, and what to avoid.
HIPAA is composed of several rules that apply differently depending on your role in the healthcare ecosystem. The two most relevant to software developers are the Privacy Rule and the Security Rule.
The HIPAA Privacy Rule governs how PHI may be used and disclosed. PHI is defined as individually identifiable health information — any information that relates to a person's physical or mental health, the provision of healthcare to that person, or payment for healthcare, when it can be used to identify the individual.
PHI includes more identifiers than most developers expect:
If your application logs contain IP addresses alongside health queries, those logs may contain PHI. If your AI model is trained on data that includes any of these identifiers, that training dataset is PHI. The scope is broader than most teams initially assume.
The HIPAA Security Rule applies specifically to electronic PHI (ePHI) and requires covered entities and business associates to implement safeguards across three categories: administrative, physical, and technical. For software developers, the technical safeguards are most directly relevant — but all three categories impose obligations on how you run your engineering organisation.
HIPAA distinguishes between two types of regulated organisations. Understanding which category your startup falls into determines your obligations.
Covered entities are healthcare providers that transmit health information electronically, health plans, and healthcare clearinghouses. If your startup is directly providing healthcare services — a telehealth platform that delivers care, for example — you may be a covered entity.
Most healthcare technology startups are business associates — companies that create, receive, maintain, or transmit PHI on behalf of a covered entity. If you build a clinical documentation tool used by a hospital, an AI diagnostic aid used by physicians, or a patient engagement platform used by a health system, you are a business associate.
Business associates have direct HIPAA obligations under the HITECH Act. You are not shielded by your client's compliance programme — you are independently liable for Security Rule violations, and the OCR can investigate and fine you directly.
A Business Associate Agreement (BAA) is a legally required contract between a covered entity and its business associates (and between business associates and their subcontractors) that establishes each party's obligations regarding PHI. You must have a signed BAA in place before you receive any PHI from a covered entity client.
Critically, this obligation flows upstream through your vendor chain. If you use AWS, Google Cloud, or Azure to host PHI, you need a BAA with them. If you use an AI API — OpenAI, Anthropic, Google — to process PHI, you need a BAA. If your BAA-covered API provider uses a subprocessor that handles PHI, that subprocessor needs a BAA too. Mapping your vendor chain and ensuring BAA coverage at every node is a non-negotiable compliance step before going live with any PHI.
The HIPAA Security Rule's technical safeguards translate into specific engineering decisions. These are not abstract policies — they are architecture choices that must be made before you write production code that touches ePHI.
HIPAA requires that ePHI be protected against unauthorised access. While the Security Rule technically classifies encryption as an "addressable" rather than "required" standard, this distinction is widely misunderstood. Addressable means you must implement it or document a specific, reasonable alternative — in practice, the OCR has consistently found that failing to encrypt ePHI at rest and in transit constitutes a Security Rule violation.
The Security Rule requires that access to ePHI be limited to authorised users and that each user's access be the minimum necessary to perform their function — the principle of least privilege. Technically, this means:
HIPAA requires audit controls — hardware, software, and procedural mechanisms that record and examine activity in systems that contain ePHI. Every access, modification, and deletion of PHI must be logged with sufficient detail to support forensic investigation.
Your audit logs must capture: who accessed the data, what data was accessed, when, from where, and what action was taken. Logs must be tamper-evident, stored separately from the systems they monitor, retained for a minimum of six years, and reviewed regularly. Do not let PHI flow through logging systems that do not have BAA coverage — application logs that capture ePHI are themselves ePHI.
The Security Rule requires mechanisms to ensure that ePHI is not improperly altered or destroyed. For AI systems, this has specific implications: model outputs that modify or annotate clinical records must have integrity controls ensuring the provenance of each change is traceable and tamper-evident.
Standard HIPAA compliance guidance was written for conventional software systems. AI development introduces several scenarios that require careful analysis beyond standard checklists.
Using patient data to train, fine-tune, or evaluate AI models is one of the most legally complex areas of HIPAA compliance for healthcare AI startups. The core issue: using PHI for AI training is generally not among the permitted uses under the Privacy Rule unless you have specific patient authorisation or the data meets HIPAA's de-identification standard.
HIPAA provides two paths to de-identification:
Neither path is as simple as it sounds. Safe Harbor de-identification of unstructured clinical text — physician notes, radiology reports, discharge summaries — requires NLP-based de-identification pipelines that are significantly harder to validate than structured data de-identification. Expert determination requires documented methodology and a qualified reviewer. Both require ongoing validation as your dataset evolves.
If your AI model processes PHI at inference time — analysing a patient's record to generate a prediction, for example — the model pipeline is part of your PHI handling infrastructure and must be covered by your Security Rule safeguards. This includes:
The Privacy Rule's minimum necessary standard requires that PHI use be limited to the minimum amount necessary to accomplish the intended purpose. For AI systems, this means your model should only receive the PHI fields it actually needs to make its prediction — not the entire patient record. Designing data pipelines with this principle in mind reduces your risk surface and simplifies compliance documentation.
Technical controls alone do not constitute HIPAA compliance. The Security Rule's administrative safeguards impose documented programme requirements on your organisation that many startups underestimate.
HIPAA requires a thorough and accurate risk analysis — an assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of all ePHI you create, receive, maintain, or transmit. This must be documented, updated when your environment changes significantly, and used as the basis for your risk management programme.
Your risk analysis should cover every system that touches ePHI: your application servers, databases, data pipelines, AI training infrastructure, developer workstations with access to PHI, backup systems, and third-party integrations. For each identified risk, you must implement security measures sufficient to reduce the risk to a reasonable and appropriate level.
Every member of your team who has access to PHI — which includes engineers with database access, data scientists with access to training datasets, and customer success staff with access to client health data — must receive HIPAA training appropriate to their role. This training must be documented, must be repeated periodically, and must cover the specific PHI handling scenarios relevant to their work.
HIPAA's Breach Notification Rule requires that you notify affected individuals within 60 days of discovering a breach of unsecured PHI. Breaches involving more than 500 individuals in a state must be reported to the OCR and prominent media outlets in that state. All breaches must be reported to the OCR annually if not reported immediately.
Your incident response plan must exist and be tested before you go live with PHI. At minimum it must define: what constitutes a breach, how potential breaches are detected and escalated, who is responsible for investigation and notification, and how the forensic record is preserved. A breach discovered without an existing plan dramatically extends your response time and increases your regulatory exposure.
Your cloud infrastructure choices directly determine the feasibility of your HIPAA compliance posture. The major cloud providers offer HIPAA-eligible services, but the definition of "HIPAA-eligible" is narrower than most teams assume — only specific services within each platform are covered under their BAA, and using a non-covered service to process ePHI voids the BAA coverage for that data.
| Provider | BAA Available | Key HIPAA-Eligible Services |
|---|---|---|
| AWS | Yes | EC2, RDS, S3, Lambda, SageMaker, CloudWatch Logs |
| Google Cloud | Yes | Cloud Run, Cloud SQL, GCS, BigQuery, Vertex AI |
| Azure | Yes | App Service, Azure SQL, Blob Storage, Azure OpenAI |
Before deploying any component of your PHI pipeline, verify that the specific service is listed in your provider's current BAA coverage documentation. This list changes — new services are added and conditions change — so review it at each significant infrastructure change.
The most frequent technical compliance failure: routing PHI through a service that does not have BAA coverage. Common examples include sending PHI-containing data to a third-party analytics platform, logging PHI to a logging service without a BAA, storing PHI attachments in a general-purpose file storage tool, or using an AI API to process PHI before confirming BAA availability.
Removing obvious identifiers from structured data is straightforward. Removing identifiers from unstructured clinical text — where a physician might write "the 67-year-old male patient from Springfield who works as a teacher" — requires validated NLP pipelines. Many teams underestimate this complexity and ship de-identification solutions that do not meet the Safe Harbor standard.
Developer and staging environments should never contain real PHI unless they are covered by the same safeguards as production. Synthetic data generation for testing is a discipline worth investing in early. A breach in a development environment that contains real patient data carries the same notification obligations as a production breach.
Launching a PHI-handling product without a completed, documented risk analysis is a Security Rule violation regardless of whether a breach occurs. The OCR has imposed significant fines on organisations — including small healthcare startups — for lack of documented risk analysis even in the absence of any actual breach.
HIPAA applies based on the data you handle, not solely where your company is incorporated. If you handle the PHI of US patients covered by a HIPAA-covered entity — even if your servers are in Canada or the EU — your US-based covered entity clients will require you to sign a BAA and comply with HIPAA as a business associate. Non-compliance puts your clients at risk and makes you commercially non-viable in the US healthcare market.
Only if you have a BAA in place with the provider and you are using an offering explicitly covered under that BAA. OpenAI offers a HIPAA BAA for enterprise API customers under specific contractual arrangements. Anthropic's commercial API terms must be reviewed for current BAA availability. Consumer-facing products like ChatGPT.com are not covered under any BAA and must never be used to process PHI.
There is no official HIPAA certification issued by the US government. There is no body that can certify your product as "HIPAA compliant" in a legally binding sense. Third-party audits, HITRUST certifications, and SOC 2 Type II reports with healthcare-specific controls are the closest meaningful proxies — they demonstrate that your controls have been independently assessed. These audits are valuable for enterprise sales but do not substitute for your own compliance programme.
HIPAA requires covered entities to retain documentation of their policies and procedures for six years from the date of creation or the date it was last in effect, whichever is later. For business associates, the same six-year standard applies to HIPAA-related documentation. PHI retention requirements are generally governed by state law, which often requires longer periods for medical records — commonly seven to ten years, and longer for records involving minors.
HIPAA penalties are tiered by culpability. Violations where the organisation did not know and could not have known range from $100 to $50,000 per violation. Violations due to reasonable cause range similarly. Violations due to wilful neglect that are corrected within the required time period can reach $10,000 to $50,000 per violation. Wilful neglect violations that are not corrected carry penalties of $50,000 per violation with an annual cap of $1.9 million per violation category. Criminal penalties — including imprisonment — apply to knowing violations.
Last updated: August 2025
Get expert guidance on implementing AI solutions that actually work. Our team will help you design, build, and deploy custom automation tailored to your business needs.
Learn how to build AI agents that can actually take actions, not just answer questions. Includes real architecture patterns, code examples, and lessons from building 30+ production AI agents.
Discover how AI automation is transforming law offices—from document review and legal research to client intake, billing, and compliance—so legal teams can focus on what matters most.
Discover how AI automation development is transforming businesses—improving efficiency, reducing costs, and driving growth across manufacturing, healthcare, finance, and retail.