Using AI tools in healthcare requires more than choosing the right vendor. HIPAA compliance is an organizational posture — a set of administrative, physical, and technical safeguards applied together. A Business Associate Agreement from your AI vendor is necessary but not sufficient. This guide provides a practical, step-by-step checklist for healthcare organizations deploying AI tools in 2026, organized by HIPAA's three safeguard categories, with specific implementation notes for the AI context.

Why AI tools require specific HIPAA attention

The HIPAA Security Rule was written for structured databases and file systems. Generative AI tools introduce new compliance challenges the rule did not anticipate:

Unstructured data transmission. PHI reaches AI tools not as structured database records but as fragments embedded in free-text prompts — a nurse typing a patient summary, a coder describing a clinical scenario, a physician asking about drug interactions with patient-specific details included.
Novelty of the data path. Traditional HIPAA controls (access logs, audit trails, data at rest encryption) apply to systems the organization controls. AI tool prompts are processed on vendor infrastructure that the organization does not control.
Shadow usage. Employees use AI tools outside of sanctioned workflows, often without realizing that free-tier consumer accounts have no confidentiality protections. This is the shadow AI problem — and it is more acute in healthcare because of the severity of HIPAA penalties.
Output handling. AI outputs containing PHI (summaries, generated documentation, analysis) must be handled under the same safeguards as other PHI. If a clinician saves an AI-generated patient summary to a personal device, the summary carries all the HIPAA obligations of the source data.

Section 1: Administrative safeguards

1.1 Designate a HIPAA AI use owner

Assign a specific individual (typically the Privacy Officer or a designated AI governance lead) responsibility for the organization's AI-related HIPAA compliance. This person should:

Maintain the inventory of AI tools used with PHI.
Review and approve new AI tools before deployment.
Oversee training and acceptable use policy compliance.
Coordinate incident response for AI-related PHI disclosures.

1.2 Conduct a risk analysis for each AI tool

The HIPAA Security Rule (45 CFR § 164.308(a)(1)) requires covered entities to conduct an accurate and thorough assessment of potential risks to PHI. For each AI tool used with PHI:

Identify the PHI types that may reach the tool (diagnoses, medications, patient demographics, clinical notes, billing data).
Assess the probability and magnitude of potential disclosures.
Evaluate the vendor's security controls (from their SOC 2 report, HIPAA BAA, and security documentation).
Document the residual risk and management's acceptance.

1.3 Execute a Business Associate Agreement before use

A BAA is a written contract meeting the requirements of 45 CFR § 164.308(b) and 164.504(e). Before any PHI reaches an AI tool:

Confirm the vendor offers a BAA. (Consumer tiers of ChatGPT, Claude, Gemini, and Perplexity do not. Enterprise tiers do — see the comparison in Is ChatGPT HIPAA Compliant?)
Obtain and execute the BAA — a verbal or email confirmation is not sufficient.
Confirm the BAA covers the specific service being used (the BAA for ChatGPT Enterprise does not cover ChatGPT Free accounts).
Review the BAA for the four required elements: (1) use and disclosure limitations for PHI, (2) appropriate safeguards, (3) reporting obligations for unauthorized disclosures, (4) return or destruction of PHI at termination.

1.4 Update the workforce training program

HIPAA requires workforce training on policies and procedures (45 CFR § 164.308(a)(5)). Add AI-specific content:

What constitutes PHI in an AI prompt (identifiers, conditions, treatment details).
Which AI tools are approved and on which accounts (enterprise, not consumer).
How to recognize PHI in an AI-generated output and handle it correctly.
How to report suspected unauthorized disclosures of PHI through AI tools.
Annual acknowledgment of the AI acceptable-use policy.

1.5 Include AI tools in the sanctions policy

The HIPAA sanctions policy (45 CFR § 164.308(a)(1)(ii)(C)) requires documented consequences for policy violations. Update the sanctions policy to explicitly include unauthorized use of AI tools with PHI — sending patient data to a consumer AI account, using a personal-device AI assistant for clinical documentation without approval, etc.

1.6 Maintain an AI vendor inventory

Document every AI tool used with PHI:

Vendor name and product name.
BAA execution date and renewal schedule.
Data types PHI categories that may reach the tool.
Risk assessment date and outcome.
Approved configurations (which models, which features, which user groups).

1.7 Review AI tools in the contingency plan

The HIPAA contingency plan (45 CFR § 164.308(a)(7)) addresses how the organization responds to emergencies affecting systems containing PHI. If AI tools are used for clinical documentation or care coordination, their unavailability is an operational risk. Document backup procedures for AI-assisted workflows.

Section 2: Physical safeguards

2.1 Workstation policies for AI tool use

HIPAA's workstation use controls (45 CFR § 164.310(b)) apply to systems accessing PHI. Extend workstation policies to cover:

AI tools may only be used on organization-managed devices.
Screen lock policies apply — AI chat sessions containing PHI must be protected from unauthorized viewing.
AI tool sessions must not be left open on shared workstations.

2.2 Mobile device management for AI-enabled clinical workflows

If clinicians use mobile AI features (Epic's ambient listening, AI documentation tools on tablets, voice AI on smartphones), the mobile device must be under MDM:

MDM enrollment for all devices accessing PHI through AI tools.
Remote wipe capability in case of device loss or theft.
App restriction policies to prevent installation of unapproved AI apps on managed devices.

Section 3: Technical safeguards

3.1 Unique user identification for AI tool access

HIPAA requires unique user IDs for each person with access to PHI-containing systems (45 CFR § 164.312(a)(2)(i)). For AI tools:

AI tool accounts must be tied to individual user IDs — no shared "team" accounts.
Enforce SSO through your identity provider so that AI tool access is tied to the organization's user directory and disabled when an employee terminates.
Audit log capabilities should allow you to attribute AI interactions to specific users.

3.2 Automatic logoff

AI web sessions or desktop applications should be configured to log off automatically after a defined inactivity period. For clinical environments, 15 minutes is a common standard.

3.3 Encryption in transit

AI tool traffic to approved vendor services should be encrypted (TLS 1.2+). This is standard for enterprise AI platforms. Verify the vendor's encryption standards in their security documentation or SOC 2 report.

3.4 Audit controls

HIPAA requires audit controls for systems containing PHI (45 CFR § 164.312(b)). For AI tools:

Enterprise AI platforms (ChatGPT Enterprise, Claude for Work, Microsoft 365 Copilot) provide interaction logs that can be reviewed for unauthorized PHI transmission.
Configure log retention in accordance with your HIPAA records retention policy.
Establish a review cadence for AI interaction logs — quarterly at minimum, monthly for high-volume clinical AI deployments.

3.5 Technical controls to prevent unauthorized AI use

Policy controls alone are insufficient. Technical controls that prevent PHI from reaching non-approved AI tools are more reliable:

DLP policies that detect PHI patterns (patient names + diagnoses, medical record numbers, DOBs) and block transmission to non-approved AI endpoints.
Network controls that restrict access to AI tool domains to approved services only.
Local-first redaction tools that detect and mask PHI before transmission for users who need to use AI in clinical workflows — preserving utility while protecting identifiers.
CASB policies that monitor and log AI tool usage across the organization.

For a detailed comparison of cloud DLP vs. local-first controls for AI use cases, see Sonomos vs. cloud DLP.

The AI-specific HIPAA breach response

If an employee sends PHI to a non-BAA-covered AI tool:

Document the incident immediately — what was sent, to which tool, by which user, at what time.
Assess breach notification requirements under 45 CFR § 164.400. A disclosure to a non-BAA vendor is an impermissible disclosure of PHI. Perform the four-factor risk assessment: nature of the PHI, to whom it was disclosed, whether it was actually acquired or viewed, and extent to which the risk has been mitigated.
Notify as required — covered entity notification to affected individuals (if more than 500: HHS and media) within 60 days, or within 60 days of year-end for smaller breaches. Business associates notify covered entities.
Remediate — update policies, technical controls, and training to prevent recurrence.
Document the risk assessment and its conclusion even if breach notification is not required.

The HIPAA AI compliance checklist summary

Administrative safeguards:

[ ] AI use owner designated with documented responsibility.
[ ] Risk analysis completed for each AI tool used with PHI.
[ ] BAA executed with each AI vendor before use.
[ ] Workforce training updated to include AI-specific PHI guidance.
[ ] Sanctions policy updated to cover unauthorized AI use.
[ ] AI vendor inventory maintained and reviewed annually.

Physical safeguards:

[ ] Workstation policies extended to cover AI tool sessions.
[ ] MDM enrollment required for mobile AI-enabled clinical devices.

Technical safeguards:

[ ] Unique user IDs for all AI tool accounts; SSO enforced.
[ ] Automatic logoff configured for AI sessions.
[ ] Encryption in transit verified for approved AI platforms.
[ ] Audit logging enabled and reviewed on a defined cadence.
[ ] DLP or local-first redaction deployed to prevent unauthorized PHI transmission.

Breach preparedness:

[ ] Incident response procedure for AI-related PHI disclosures documented.
[ ] Breach risk assessment process defined and trained.

Frequently asked questions

Which AI tools currently offer HIPAA BAAs?

As of mid-2026: OpenAI offers a BAA for ChatGPT Enterprise and API customers. Anthropic offers a BAA for Claude for Work (Teams and Enterprise plans). Microsoft offers a BAA through the Microsoft HIPAA Business Associate Agreement covering M365 Copilot on commercial plans and Azure OpenAI. Google offers a BAA through Google Cloud Healthcare BAA covering Vertex AI and Healthcare Natural Language API; the consumer Gemini interface is not covered. Perplexity does not offer a HIPAA BAA. GitHub Copilot does not offer a HIPAA BAA. For the detailed breakdown, see Is ChatGPT HIPAA Compliant?, Is Claude HIPAA Compliant?, and Is Gemini HIPAA Compliant?.

Does the minimum necessary standard apply to AI prompts?

Yes. The minimum necessary standard (45 CFR § 164.502(b)) requires that when PHI is disclosed, only the minimum information necessary to accomplish the purpose is included. For AI prompts, this means including only the patient details genuinely required to get a useful AI output — not the full patient record when only the diagnosis is relevant. Train clinicians to apply the minimum necessary standard before including patient details in AI prompts.

Are AI-generated clinical notes covered by HIPAA?

Yes, if they contain PHI about a specific patient. An AI-generated progress note, discharge summary, or clinical decision support output that includes patient-identifying information and relates to that patient's care is PHI and is subject to all HIPAA obligations — access controls, audit logging, the right to access under 45 CFR § 164.524, and breach notification if improperly disclosed.

How should we handle AI vendor security incidents?

Your BAA should include breach notification obligations requiring the vendor to notify you within 60 days of discovering an unauthorized use or disclosure of PHI. Upon notification: document the incident, perform the breach risk assessment, and determine notification obligations. The vendor's failure to notify you does not relieve you of your HIPAA obligations.

The bottom line

HIPAA compliance for AI tools in 2026 is achievable but requires more than a vendor contract. The organizations that manage it well treat AI tools like any other PHI-touching system: risk analysis, signed BAA, access controls, audit logging, and a trained workforce that understands what constitutes PHI in a prompt. The organizations that fail treat the BAA as the end of the analysis rather than the beginning.

HIPAA-Compliant AI: A Complete Checklist for Healthcare Organizations in 2026