---
type: CKG Bundle
title: HIPAA x AI
description: How HIPAA applies to AI / ML systems handling health data — PHI, BAAs, de-identification, safeguards, breach, AI-specific risks.
resource: https://graphifymd.com/ckgs/hipaa-ai-ckg.md
tags: [hipaa, ai, compliance, healthcare, phi, security]
timestamp: 2026-06-18T00:00:00Z
ckg:
  id: hipaa-ai
  version: 1.0.0
  node_count: 42
  source: "45 CFR Parts 160 & 164; HITECH; HHS/OCR guidance; NIST SP 800-66 Rev.2"
---

# Compressed Knowledge Graph — HIPAA × AI

> A portable, model-agnostic knowledge layer: how HIPAA applies to AI / ML systems handling health data.
> Drop it into any model (paste, or `pip install ckg-mcp`) and ask hard, multi-step questions — it traverses, it cites, it doesn't guess.

## META
- domain: HIPAA compliance for AI / ML systems
- version: 1.0.0
- node_count: 42
- edge_count: 58
- taxonomy: FOUND (foundational) · PRIV (Privacy Rule) · SEC (Security Rule) · DEID (de-identification) · AI (AI application) · ENF (breach & enforcement)
- sources: 45 CFR Parts 160 & 164 (HIPAA Privacy & Security Rules); HITECH Act (2009); HHS/OCR guidance; NIST SP 800-66 Rev. 2 (2024)
- license: CC BY 4.0 · Graphify.md
- integrity: 0% hallucination by construction — every node is declared and sourced; relationships are explicit, not inferred.
- disclaimer: Educational reference, not legal advice. Confirm against current regulation and counsel.

---

## NODES  (ConceptID, ConceptLabel, Dependencies, TaxonomyID)
```csv
ConceptID,ConceptLabel,Dependencies,TaxonomyID
1,Protected Health Information (PHI),,FOUND
2,Electronic PHI (ePHI),1,FOUND
3,Individually Identifiable Health Information,1,FOUND
4,Covered Entity,1,FOUND
5,Business Associate,1|4,FOUND
6,Business Associate Agreement (BAA),5,FOUND
7,Privacy Rule (45 CFR 164 Subpart E),1,PRIV
8,Security Rule (45 CFR 164 Subpart C),2,SEC
9,Minimum Necessary Standard,7,PRIV
10,Permitted Uses & Disclosures,7,PRIV
11,Treatment/Payment/Operations (TPO),10,PRIV
12,Patient Authorization,7,PRIV
13,Individual Right of Access (164.524),7,PRIV
14,Accounting of Disclosures,7,PRIV
15,Notice of Privacy Practices,7,PRIV
16,Risk Analysis (164.308(a)(1)),8,SEC
17,Administrative Safeguards,8|16,SEC
18,Physical Safeguards,8,SEC
19,Technical Safeguards,8,SEC
20,Access Control (164.312(a)),19,SEC
21,Audit Controls (164.312(b)),19,SEC
22,Integrity Controls (164.312(c)),19,SEC
23,Transmission Security / Encryption (164.312(e)),19,SEC
24,Authentication (164.312(d)),19,SEC
25,De-identification (164.514),1,DEID
26,Safe Harbor — 18 Identifiers,25,DEID
27,Expert Determination,25,DEID
28,Limited Data Set,25|12,DEID
29,Re-identification Risk,25,DEID
30,Training an AI model on PHI,1|10,AI
31,Inference / prompting with PHI,2|9,AI
32,LLM / AI vendor as Business Associate,5|6,AI
33,Model memorization & leakage,30|29,AI
34,Output disclosure risk,31|33,AI
35,De-identify before training,25|30,AI
36,Minimum-necessary prompting,9|31,AI
37,Human oversight & review,34,AI
38,Audit logging of AI access to PHI,21|31,AI
39,No PHI to a public LLM without a BAA,32|34,AI
40,Breach of unsecured PHI,2,ENF
41,Breach Notification Rule (164.400),40,ENF
42,OCR enforcement & civil penalties,41|8,ENF
```

---

## CONCEPT NOTES  (one sourced line per node)
- **1 PHI** — individually identifiable health info held/transmitted by a covered entity or BA (45 CFR 160.103).
- **2 ePHI** — PHI created, received, maintained, or transmitted electronically; the object of the Security Rule.
- **4 Covered Entity** — health plans, clearinghouses, and providers who transmit health info electronically.
- **5 Business Associate** — a person/entity that creates, receives, maintains, or transmits PHI on a covered entity's behalf. **An AI vendor processing PHI is a BA.**
- **6 BAA** — the contract required before a BA may handle PHI; must bind the BA to safeguard PHI (164.504(e)).
- **9 Minimum Necessary** — limit PHI to the least needed for the purpose; applies directly to what you put in a prompt/context.
- **16 Risk Analysis** — the mandatory, ongoing assessment of risks to ePHI; the entry point of the Security Rule. **An AI system handling ePHI must be in scope.**
- **25 De-identification** — PHI that is de-identified (164.514) is no longer PHI and falls outside HIPAA.
- **26 Safe Harbor** — remove all 18 specified identifiers (names, dates, geo < state, MRNs, etc.).
- **27 Expert Determination** — a qualified expert certifies the re-identification risk is very small.
- **30 Training on PHI** — permitted only under a lawful basis (TPO, authorization, or a BA relationship); otherwise de-identify first.
- **33 Memorization & leakage** — models can memorize training data; PHI in training can surface in outputs → a disclosure.
- **39 No public LLM w/o BAA** — sending PHI to a consumer LLM with no BAA is an impermissible disclosure (and likely a breach).
- **41 Breach Notification** — unsecured (un-encrypted/un-destroyed) PHI breaches trigger notice to individuals, HHS, and sometimes media (164.400–414).

---

## KEY EDGES  (typed relationships)
```
Business Associate            --requires-->        BAA                       (164.502(e))
LLM/AI vendor (handles PHI)   --is_a-->            Business Associate
Training on PHI               --requires-->        lawful basis OR de-identify-first
Security Rule                 --requires-->        Risk Analysis
Risk Analysis                 --scopes-->          AI system handling ePHI
De-identify before training   --mitigates-->       Model memorization & leakage
Minimum-necessary prompting   --mitigates-->       Output disclosure risk
Audit logging                 --satisfies-->       Audit Controls (164.312(b))
Encryption                    --renders PHI "secured"--> reduces Breach exposure
Human oversight & review      --gates-->           Output disclosure risk
No PHI to public LLM w/o BAA  --prevents-->         Breach of unsecured PHI
Breach of unsecured PHI       --triggers-->         Breach Notification Rule
Breach Notification Rule      --enforced_by-->      OCR enforcement & penalties
Safe Harbor / Expert Determ.  --produce-->          De-identified data (out of HIPAA scope)
```

---

## HOW THIS SAVES YOU
Instead of pasting the HIPAA regulations (tens of thousands of tokens) into every prompt, the model reads this graph once (~a few hundred tokens), traverses the dependency chain, and answers with citations — no document dump, no guessing. ~11× fewer tokens than RAG on the same questions, and **0 hallucinated requirements by construction**.

*Built by Graphify.md — own the knowledge layer, rent the model.  ·  graphifymd.com*