HIPAA

US law governing the privacy and security of protected health information - mandatory for anyone handling US healthcare data, with real penalties for breaches.

The Health Insurance Portability and Accountability Act (HIPAA) sets US requirements for safeguarding protected health information (PHI). Its Privacy and Security Rules govern how PHI may be used and disclosed and require administrative, physical, and technical safeguards. It binds healthcare providers, insurers, and their business associates, and violations carry significant financial and reputational cost.

Using AI on healthcare data puts HIPAA squarely in the request path: a prompt or retrieval can carry PHI to a model, and a response can expose it. Meeting the technical safeguards in practice means detecting PHI at the boundary and redacting or blocking it per policy, keeping a tamper-evident record of every decision, and running inside a perimeter where the data never leaves the covered environment.

All terms

Govern AI like infrastructure.

Talk to our team about deploying DataStrict across your enterprise stack.