shipping production AI · since 2026 NAICS 541330 / 541511 / 541512 / 541519  ·  CMMC-aware
Refinery Report / Healthcare / post · diness
HealthcareHIPAAAI GovernancePrivacy

HIPAA AI Governance Readiness: The Program Behind the Boundary Decision

A practical readiness checklist for healthcare organizations building an AI governance program under HIPAA: use-case inventory, BAA mapping, minimum-necessary scoping, Security Rule safeguards, and the evidence a review will ask for.

D
By the DSE practice team
Operator-led practice · how we research & review
July 5, 2026
9 min · 2,061 words

By the DSE practice team · published July 5, 2026 · reviewed July 5, 2026

A HIPAA-ready AI governance program has five parts: a use-case inventory that names every AI system touching protected health information (PHI), a business associate agreement on file for each AI vendor in that inventory, a minimum-necessary scope defined per use case, HIPAA Security Rule technical safeguards mapped explicitly to how the AI system is built, and an evidence pack that can answer who saw what PHI through the system and when. Readiness is the presence of all five, not just the absence of an incident so far.

This guide picks up after the vendor-path versus private-boundary decision has been made for a given use case. Whichever way that decision goes, HIPAA readiness still has to be built. A private deployment with no BAA discipline is not more compliant than a vendor deployment with a signed one. The infrastructure choice and the governance program are separate questions, and most healthcare AI gaps live in the second one.

Why “HIPAA compliant AI” is not a real category

Vendors sell “HIPAA-compliant AI” the way they sell “enterprise-grade security,” as an adjective rather than a fact. HIPAA does not certify AI products. It imposes obligations on covered entities and business associates around how PHI is used, disclosed, and protected, regardless of which product touches it. A model can be technically sound and still sit inside an ungoverned workflow, and a governed workflow can run on an unremarkable model. The compliance question is never “is the AI HIPAA compliant.” It is “does our organization have the BAA, the scope, the safeguards, and the evidence for this specific use case.”

That reframe is the whole point of a readiness program: it moves the work from vendor marketing claims to an internal checklist the organization owns and can defend.

Part 1: the use-case inventory

Every AI governance program starts here, and most healthcare organizations discover their real exposure the moment they try to build one. AI shows up in ambient documentation tools, coding and billing assistants, patient-facing chat, prior-authorization support, care-management triage, and increasingly inside the EHR itself as vendor-added features nobody explicitly procured.

A usable inventory records, per system: what PHI it touches, which department or workflow uses it, whether a human reviews the output before it affects a patient or a claim, and who the accountable owner is. If a system cannot be described in those terms, it is not inventoried, it is just present.

The inventory is also where shadow AI shows up. EHR-embedded features that activated on a vendor update, a department’s own subscription to a consumer AI tool, or a pilot that never got formal sign-off are all common findings once an organization looks systematically. Surfacing them is the point. An inventory that finds nothing new is usually a sign the search was not thorough, not that the organization is clean.

Part 2: the BAA map

Every AI vendor that creates, receives, maintains, or transmits PHI on the organization’s behalf needs a business associate agreement in force before that use case goes live. This sounds obvious and is still one of the most common gaps a readiness review finds, for two structural reasons.

First, AI vendors are often added the way SaaS tools are added: a department signs up, a free trial turns into standard use, and procurement or privacy never reviews it because no one flagged it as a PHI-touching system. Second, some AI features arrive bundled inside a platform the organization already has a BAA with, and the assumption is that the parent BAA covers the new feature. It may not, especially if the feature routes data to a different subprocessor or model provider than the base agreement contemplated.

A readiness-grade BAA map lists every vendor in the use-case inventory, whether a BAA is on file, whether that BAA’s scope actually covers the AI feature in question (not just the base product), and what subprocessors the vendor discloses for the AI-specific data path. Gaps here are the fastest thing to fix and the most common thing skipped.

Part 3: minimum-necessary scoping

HIPAA’s minimum-necessary standard applies to AI the same way it applies to any other use of PHI: the system should have access to no more PHI than the use case requires. In practice this means defining, per use case, what fields or record sections the AI can read, whether it needs full chart access or a bounded subset, and whether outputs are scoped to the requesting user’s role.

A common failure mode is granting an AI assistant broad chart access because it was easier to configure than scoping it to the workflow, then discovering during a review that the system technically could surface PHI far outside what any single use case needed. Minimum-necessary scoping is a design decision made before deployment, not a policy statement filed afterward.

Part 4: Security Rule safeguards mapped to the AI system

The HIPAA Security Rule’s administrative, physical, and technical safeguards apply to AI systems handling PHI exactly as they apply to any other system. The technical safeguards worth naming explicitly for an AI use case:

Safeguard What it looks like for an AI system
Access control Role-based access to the AI system itself, not just the underlying EHR or data store
Audit controls Logs of prompts, outputs, and data accessed through the AI, attributable to a user and timestamp
Integrity controls Assurance that PHI passed to or returned by the AI has not been altered or corrupted in transit
Transmission security Encryption in transit for any PHI sent to an AI endpoint, including third-party model APIs

The audit-controls row is where healthcare AI governance most often falls short. An AI feature can be technically encrypted and access-controlled and still fail a review if nobody can reconstruct which PHI a specific user’s AI session touched on a specific date.

Part 5: the evidence pack

Readiness is not a policy binder. It is the ability to produce, on request, the artifacts a compliance review, an OCR inquiry, or a breach investigation would ask for: the use-case inventory entry for the system in question, the BAA covering it, the minimum-necessary scope definition, the access and audit logs for the relevant period, and the risk assessment that justified the configuration in the first place.

Organizations that treat these five artifacts as a standing deliverable, not a one-time project, are the ones that can answer a review question in hours instead of weeks.

A short self-check

A healthcare AI use case is not yet readiness-complete if any of these is true:

Any “yes” is a governance gap worth closing before the next review cycle, independent of whether the underlying AI is vendor-hosted or privately deployed.

What this guide is / What it is not

What it is: a practical readiness checklist for building a HIPAA-aligned AI governance program: use-case inventory, BAA mapping, minimum-necessary scoping, Security Rule safeguards, and evidence assembly. What it is not: legal advice, a certification, or a guarantee of any HIPAA audit, OCR investigation, or breach-notification outcome. DSE helps healthcare organizations build and evidence this program. We do not certify HIPAA compliance and do not guarantee any regulatory or examination result.

FAQ

Does a vendor’s HIPAA-compliant AI claim mean our organization is covered?

No. HIPAA imposes obligations on covered entities and business associates, not certifications on products. A vendor’s marketing claim does not substitute for a signed business associate agreement scoped to the specific AI feature, a defined minimum-necessary scope, and the organization’s own evidence that PHI is being handled appropriately for that use case.

Does an existing BAA with a platform vendor automatically cover a new AI feature they add?

Not necessarily. A new AI feature may route PHI to a different subprocessor or model provider than the base agreement contemplated. Readiness requires confirming the BAA’s scope explicitly covers the AI-specific data path, not assuming the parent agreement is broad enough.

What is the most common HIPAA AI governance gap organizations find during a readiness review?

Missing or improperly scoped business associate agreements, undefined minimum-necessary scope for what PHI the AI can access, and an inability to produce attributable audit logs showing which user’s AI session touched which PHI on a given date. These are governance gaps, not model or infrastructure problems.

Is a privately hosted AI system automatically more HIPAA-compliant than a vendor-hosted one?

No. The hosting decision and the governance program are separate questions. A private deployment without BAA discipline, minimum-necessary scoping, and attributable audit logs is not more compliant than a well-governed vendor deployment. Readiness comes from the five-part program, not from where the system runs.

How often should a healthcare organization update its AI use-case inventory?

The inventory should be reviewed whenever a new AI system is introduced and on a standing cadence, commonly quarterly, since AI features are frequently added inside existing platforms (such as EHR vendor updates) without a formal procurement event that would otherwise trigger a review.


DSE’s healthcare AI governance path helps providers, payers, and digital-health teams build the readiness program behind their AI use: use-case inventory, BAA mapping, minimum-necessary scoping, Security Rule safeguards, and evidence assembly. Read when healthcare AI needs a private boundary versus a governed vendor path for the infrastructure decision that pairs with this readiness work. Scope the engagement →

Key facts

Read next · AI Security & Governance

P
Founder · Principal Engineer
Data & AI engineer · 10+ yrs hands-on

Writes most of the long-form here. Lives in the codebase. Active on GitHub and LinkedIn.

§ Next step

Not sure which of these is you?

Tell us what's broken in a paragraph and a principal reads it directly — or walk the ladder from a low-commitment first engagement up to retained work.

One long-form a week. No marketing.

Subscribe to the Refinery Report. Practitioner deep-dives on AI engineering, security, and the realities of running production systems. Unsubscribe in one click.

~12 issues / quarter