Can AI Legally Handle Protected Health Information?

Why this question matters for healthcare SMBs

Healthcare practices, billing companies, and any business that touches patient data are asking this because AI tools are genuinely useful for scheduling, documentation, prior authorization, and patient communication. The risk of getting it wrong isn't theoretical. A single PHI disclosure to a non-compliant vendor is a reportable breach under 45 CFR §164.410, and the Office for Civil Rights has issued multi-million dollar fines for exactly this kind of vendor oversight failure.

The confusion is understandable. Vendors market their tools as 'HIPAA-ready' without explaining what that actually requires. The word means nothing without a BAA in place and auditable controls to back it up.

What HIPAA actually requires before AI touches PHI

Three conditions must all be true at the same time. First, the AI vendor must be a covered Business Associate, meaning they receive, store, or process PHI on your behalf. Second, you and that vendor must have a signed BAA before any PHI flows to their systems. The BAA defines what data they can use, how they protect it, what happens in a breach, and how data gets destroyed. No BAA, no legal basis.

Third, the infrastructure itself must comply. That means encryption at rest and in transit, audit logging, access controls, and a documented incident response plan. This is where most commercial AI APIs fail quietly. OpenAI's standard API, for example, trains on inputs by default and doesn't offer a BAA for most tiers. Using it with PHI, even accidentally, puts you in violation regardless of your internal policies.

Private LLM deployments solve this cleanly. When the model runs inside your own cloud environment or on-premises infrastructure, PHI never leaves your boundary. There's no third-party data retention to negotiate away. The BAA question becomes simpler because you're controlling the compute, not outsourcing it to a shared API endpoint.

When the answer gets more complicated

Some vendors do offer HIPAA-eligible tiers with BAAs. Microsoft Azure OpenAI Service offers a BAA under its enterprise agreements. Google Cloud's Vertex AI and AWS Bedrock do as well. If you're using those services, not the consumer products, and you've executed the BAA, you may be in a compliant posture. But 'HIPAA-eligible' is not the same as HIPAA-compliant. The platform's eligibility only covers the infrastructure layer. Your application logic, your access controls, your staff training, and your data handling practices are still your responsibility.

The answer also changes based on what the AI is actually doing with the data. An AI that reads a scheduling record to confirm an appointment time is a different risk profile than one that generates clinical summaries or processes billing codes. Both can be done compliantly, but the safeguards and the BAA terms need to match the actual data flows.