Why it matters

Healthcare is major LLM market. HIPAA compliance required.

Advertisement

The architecture

PHI: any identifiable health information.

Requirements: BAA with vendors, encryption at rest + in transit, access controls, audit.

HIPAA elementsPHI protectionencryption + accessBAA with vendorsincluding model providersAudit trailfor PHI accessModel providers with HIPAA BAAs: Anthropic (Claude), Google Vertex AI, some Azure OpenAI configs
HIPAA requirements.
Advertisement

How it works end to end

BAA (Business Associate Agreement): needed with any vendor touching PHI.

Model providers offering HIPAA: Anthropic (Claude), Google (Vertex AI), Azure (specific config).

De-identification: preferred where possible.