HIPAA Compliance in the Age of AI: What You Need to Know

Use business associate agreements (BAAs) with vendors that touch PHI. Clarify what data flows where and for what purpose.

Minimize data sent to models: de-identify when possible, and avoid copying PHI into unsecured channels.

Log access, enforce least privilege, and document your risk analysis—the same fundamentals apply whether the tool is AI or not.

Work with counsel on marketing claims; compliance posture depends on your implementation, not the word “AI” alone.