On this page
TL;DR
Generative AI in US healthcare touches PHI under the HIPAA Privacy Rule and Security Rule (45 CFR 164) from the moment a clinician opens an ambient note-taker. A compliant programme needs five things: a signed Business Associate Agreement with every model vendor handling PHI, per-workflow risk classification under the NIST AI RMF, ONC-compliant interoperability for any system touching the EHR, mandatory human-in-the-loop on clinical decisions, and a documented patient communication path. Sources: HHS, ONC, 45 CFR 164, NIST AI 600-1, AMA AI guidance. Updated 2026-05-20.
Why healthcare GenAI governance is not the same as enterprise AI governance
Healthcare GenAI sits at the intersection of two regulatory regimes that move on different timelines: HIPAA, which is mature and prescriptive, and AI-specific guidance, which is recent and fast-moving. The combination is harder to govern than either one alone, because HIPAA controls were not designed with foundation models in mind, and AI guidance assumes a general-purpose enterprise context that does not match the clinical setting. CISOs and chief medical informatics officers running a healthcare GenAI programme have to bridge the gap themselves.
The bridge has five load-bearing elements. First, a Business Associate Agreement with every model vendor that touches PHI, with the BAA's permitted uses and disclosures aligned to the actual workflow rather than a generic template. Second, a per-workflow risk classification under the NIST AI RMF (and increasingly under the EU AI Act for any operation with EU exposure). Third, ONC-compliant interoperability for any system that touches the EHR, because anti-information-blocking expectations apply to AI-mediated access just as they apply to traditional access. Fourth, a documented human-in-the-loop control on any AI output that informs a clinical decision, with the human reviewer's authority and accountability explicit. Fifth, a patient-facing communication path that explains the AI use in a form patients can act on.
At Areebi, we built the healthcare workflow templates to operationalise these five elements in a single platform so that the bridge between HIPAA and AI governance does not have to be rebuilt for each workflow. The strategic point: the cost of getting healthcare GenAI governance wrong is concentrated, with HIPAA Tier 4 penalties, ONC information-blocking penalties, and state medical board exposure all stacking on the same incident.
The five GenAI workflows in healthcare operations
The five workflows below cover the bulk of GenAI deployment in 2026 US healthcare organisations. Each one has its own dominant risk pattern and its own control set. The order is from clinical to administrative, with PHI sensitivity highest at the top.
Workflow 1: Ambient clinical documentation
Ambient note-takers (microphone-equipped systems that capture clinician-patient conversations and produce structured notes) are the highest-volume GenAI deployment in US healthcare today and the most regulated. The workflow handles raw PHI in audio and transcript form, produces structured PHI in note form, writes to the EHR, and increasingly drives downstream coding and billing.
Required controls. Business Associate Agreement that explicitly permits the audio processing use case, names the subprocessors, and binds the vendor to HIPAA Security Rule expectations (encryption at rest and in transit per 45 CFR 164.312, access controls, audit logging). Patient notification at the point of care with a meaningful opt-out, consistent with HHS guidance on AI in healthcare and state-level expectations (California, Texas, and New York have all signalled specific positions on consent). Human review of the generated note before sign-off, with the clinician's signature carrying the same authority as on a self-authored note. Provenance metadata captured for each AI-generated section so that downstream coding, billing, and quality reporting can be reconciled to the underlying audio. Quarterly accuracy audit by sampled note review, with the sample stratified by specialty and patient population.
The trap to avoid. Treating the ambient system as a transcription tool when it is in fact a clinical decision support input. The note that goes into the EHR becomes the source of truth for downstream care, billing, and quality measurement, and an inaccurate AI-generated section can propagate for years. The Areebi healthcare solution binds the ambient workflow to the inventory and the policy engine so that every note carries provenance and every model version is auditable.
Workflow 2: Claims and coding assistance
GenAI in claims and coding sits between revenue-cycle operations and clinical care. The most common deployment is a coding assistant that proposes ICD-10 and CPT codes from clinical documentation, with a human coder reviewing and accepting or modifying each proposal. Adjacent deployments include prior authorisation summarisation for utilisation management nurses and denial appeal drafting.
Required controls. BAA covering the specific claims data flow, with attention to the secondary uses the vendor may make of de-identified or aggregated outputs. Human-in-the-loop on every coded claim before submission, with the coder bearing the same accountability as on a manually coded claim. Audit log per claim showing which codes were AI-proposed and which were human-amended, retained for the seven-year HIPAA records-retention window. Anti-upcoding controls including a periodic statistical comparison of AI-influenced coding distributions against the organisation's historical baseline. Patient communication path for any denial or coverage decision that was materially shaped by AI output, even when the formal decision was human-made.
The trap to avoid. Coding assistants drift toward higher-value codes over time as the model is fine-tuned on the organisation's historical data, which is itself a feedback loop. Without an upcoding-distribution check, this can produce a False Claims Act exposure that is detectable only by external audit. The HIPAA compliance hub covers the relevant controls in depth.
Workflow 3: Patient communication and engagement
GenAI-mediated patient communication covers chatbot triage, appointment reminders, post-visit summaries, and increasingly the patient-portal message draft assistant. Each of these touches PHI, each shapes patient understanding and behaviour, and each is subject to the HIPAA Privacy Rule expectations on disclosure and minimum necessary use.
Required controls. BAA with the model vendor covering patient-directed communication, including specific provisions on retention and training. Reading-level and language-access requirements consistent with Section 1557 of the Affordable Care Act (Office for Civil Rights enforcement on language access has intensified through 2025). Clinician sign-off on any communication that contains clinical instruction or that responds to a clinical question. Patient-facing disclosure that the message was AI-assisted, where state law (notably California AB 3030 and similar bills) requires it. Audit log of every patient-directed message with the model version and prompt template that produced it.
The trap to avoid. Patient-portal message drafting that suggests language a clinician then rubber-stamps creates an automation-bias risk where the clinician accepts AI-suggested clinical content they would not have authored independently. AMA AI guidance and the state medical board positions emerging through 2025 both flag this as a discipline-of-medicine issue. The control is a clinician-review interface that surfaces the AI-suggested text alongside the underlying chart context, so that the clinician can verify before signing.
Workflow 4: Research and quality improvement
GenAI in research and quality improvement touches PHI under different rules than clinical care. HIPAA permits research use of PHI under several pathways (waiver of authorisation by an IRB, limited data set with a Data Use Agreement, de-identification under the Safe Harbor or Expert Determination method), and each pathway has its own implications for GenAI vendors.
Required controls. Pathway-specific BAA or DUA aligned to the research design. Re-identification risk assessment for any GenAI output that combines de-identified records (the combination of fields a generative model can produce may exceed the de-identification threshold even when each individual field is below it). IRB review of any GenAI use that goes beyond a documented quality improvement scope into human-subjects research. Audit log of every research query, the model version, and the data set version. Output review for any GenAI-produced finding that will be cited in a publication or a regulatory filing.
The trap to avoid. Treating GenAI as a black-box tool in research workflows. The reproducibility expectations of clinical research require that the model version, the data set version, and the prompt strategy be documented to the same standard as a traditional statistical method. The NIST AI RMF MAP function deep dive covers the capability-documentation discipline that operationalises this in MAP 3.
Workflow 5: Administrative operations
GenAI in administrative operations covers HR, scheduling, supply chain, marketing, and the wider non-clinical surface. The dominant risk pattern is incidental PHI exposure (a marketing dataset that contains patient identifiers, a scheduling system whose chatbot leaks visit reasons) rather than primary PHI processing.
Required controls. Inventory of every administrative system that touches the EHR or any system containing PHI, with the data-flow documented and the GenAI components labelled. Data classification policy that prevents PHI from being pasted into non-BAA-covered tools, enforced by the AI control plane at the prompt boundary. Vendor risk assessment for every administrative GenAI vendor, including the model subprocessors. Training programme for administrative staff on what counts as PHI under HIPAA, refreshed annually. Incident response playbook covering the specific case of PHI leaking into a non-BAA-covered model.
The trap to avoid. Administrative GenAI is often deployed under SaaS procurement processes that do not surface the BAA requirement. By the time the gap is detected, employees have routinely been pasting patient information into public chatbots for months. The shadow AI primer covers the broader pattern, and the cost of one shadow-AI breach walks through the financial exposure.
See Areebi in action
Get a 30-minute personalised demo tailored to your industry, team size, and compliance requirements.
Get a DemoWorkflow-to-control matrix
The table below summarises the dominant controls per workflow, indexed to the HIPAA citation and the NIST AI RMF function that operationalises each control.
| Workflow | Dominant control | HIPAA / regulatory citation | NIST AI RMF function |
|---|---|---|---|
| Ambient clinical documentation | BAA, patient notice, clinician sign-off, provenance metadata | 45 CFR 164.504(e), 164.520, 164.312 | GOVERN, MAP, MANAGE |
| Claims and coding | Human-in-the-loop, audit log, upcoding-distribution check | 45 CFR 164.312, False Claims Act | MEASURE, MANAGE |
| Patient communication | BAA, clinician sign-off, AI-assisted disclosure, language access | 45 CFR 164.502, ACA 1557, state AI disclosure laws | GOVERN, MAP, MANAGE |
| Research and quality improvement | Pathway-specific BAA/DUA, re-identification risk, IRB review, output review | 45 CFR 164.514, 164.512(i) | MAP, MEASURE |
| Administrative operations | Inventory, data classification, vendor risk, employee training | 45 CFR 164.530, 164.308 | GOVERN, MEASURE |
The full mapping from each Areebi platform capability to these controls is on the HIPAA compliance hub and the healthcare solution page.
Implementation checklist
Use the checklist below to verify your healthcare GenAI programme against HIPAA and HHS expectations. Each item is binary, with the evidence artefact named so that an auditor can find it on first request.
- Inventory of every GenAI system that touches PHI, with the workflow classification (clinical, claims, patient communication, research, administrative), the data flow, and the model and policy version. Evidence: AI system inventory entries.
- Business Associate Agreement on file for every GenAI vendor whose system processes PHI, with the BAA's permitted uses and disclosures aligned to the actual workflow. Evidence: signed BAA per vendor.
- Per-workflow risk classification under NIST AI RMF MAP 2, with the higher-impact workflows (ambient clinical, claims, patient communication) on the dedicated review cycle. Evidence: risk classification per system.
- Patient notification path covering ambient clinical use, AI-assisted patient communication, and any other workflow where state law or HHS guidance requires patient disclosure. Evidence: patient notice templates and audit log of delivery.
- Human-in-the-loop control on every clinical decision and every coded claim, with the human reviewer's signature carrying explicit authority. Evidence: workflow design documents and audit log of human signatures.
- Audit log retention consistent with the HIPAA seven-year window, covering every AI interaction with PHI. Evidence: log retention policy and a sampled retrieval test.
- Quarterly accuracy and disparate-impact audit on the high-impact workflows (ambient clinical, claims, patient communication), with the results fed back into the policy and the impact assessment. Evidence: audit reports and corresponding policy updates.
- Annual programme review by the AI Governance Committee with sign-off from the chief medical informatics officer, the CISO, the privacy officer, and the chief compliance officer. Evidence: meeting minutes and board paper.
Common pitfalls in healthcare GenAI governance
Three pitfalls show up repeatedly when US healthcare organisations stand up a GenAI governance programme, and each one is avoidable with discipline at design.
Pitfall 1: BAA template drift. The organisation uses a generic BAA template that does not reflect the specific GenAI use case. The vendor signs the template, the workflow goes live, and a year later the privacy officer realises the BAA permits a different data flow than the one in production. Avoid this by reviewing every BAA against the specific GenAI workflow on a per-vendor basis at signing and at every renewal.
Pitfall 2: Human-in-the-loop that is rubber-stamping. The workflow has a human reviewer on paper, but the reviewer's interface presents the AI output as a fait accompli and the reviewer signs off without meaningful inspection. The AMA AI guidance and the state medical board positions emerging through 2025 both treat this pattern as a discipline-of-medicine issue. Avoid it by designing the review interface to surface the underlying source material (the audio, the chart context, the supporting documentation) alongside the AI output, so that the reviewer's signature reflects actual review.
Pitfall 3: Administrative GenAI under-the-radar. The clinical GenAI programme is rigorously governed, while the administrative side proliferates through SaaS procurement without BAA review. The first material incident typically originates in administrative operations rather than clinical care. Avoid this by extending the AI inventory and the BAA review process to every administrative tool with a GenAI component, with the data classification policy enforced at the prompt boundary by an AI control plane.
What to read next
To extend the healthcare GenAI playbook into adjacent governance work, follow this cluster in order.
- Healthcare AI governance CISO guide - the CISO-facing companion that covers the broader programme architecture.
- HIPAA compliance hub - the canonical Areebi reference for HIPAA controls and the AI-specific mapping.
- Healthcare solution - the platform-side view of the controls in this playbook.
- NIST AI RMF GOVERN function deep dive - the cross-cutting policy and accountability foundation for the workflows above.
- NIST AI RMF MAP function deep dive - the per-system context and risk-classification discipline that operationalises the workflow-to-control matrix.
- NIST AI RMF MANAGE function deep dive - the continuous improvement and incident-driven update cycle.
- Cost of one shadow-AI breach - the financial exposure model that motivates the administrative-operations controls.
Frequently Asked Questions
Does HIPAA require a Business Associate Agreement with every GenAI vendor?
Yes, for any vendor whose system creates, receives, maintains, or transmits PHI on behalf of the covered entity. The HIPAA Privacy Rule (45 CFR 164.504(e)) and the breach notification rule both make this explicit. A GenAI model vendor processing prompts that contain PHI is a Business Associate, and the BAA must align to the actual workflow rather than a generic template. HHS guidance on AI in healthcare reinforces this expectation.
What are the dominant penalties for a HIPAA-coded GenAI breach?
HHS HIPAA penalty tiers run from Tier 1 (no knowledge) to Tier 4 (wilful neglect not corrected), with Tier 4 carrying the statutory maximum of USD 2.134 million per identical violation per year under the 2025 schedule. A GenAI workflow that processes PHI without a BAA, or that breaches BAA-permitted uses, typically lands at Tier 3 or Tier 4 depending on the organisation's remediation behaviour. State attorney general enforcement under state-level health-privacy laws can stack on top of the HHS penalty.
Does ONC information-blocking apply to GenAI?
Yes, in the sense that any AI-mediated barrier to permitted access, exchange, or use of electronic health information (EHI) is treated under the same anti-information-blocking expectations as a traditional barrier. ONC has signalled through 2024 and 2025 guidance that AI systems integrated with the EHR are within scope, and that AI-driven gating of EHI sharing must be justified by one of the published exceptions under the ONC rule. Penalty exposure for ONC information-blocking sits alongside the HIPAA penalties referenced above.
What is the patient-disclosure expectation for AI-assisted communication?
Federal HHS guidance encourages disclosure of AI use in patient-facing communication, and a growing list of states (California AB 3030 and successors, Texas, New York, Illinois) have specific statutory disclosure requirements for AI-mediated clinical or insurance-coverage communication. The defensible baseline for a national US healthcare organisation in 2026 is to disclose AI use in any patient-facing communication that contains clinical instruction or insurance-coverage decisions, with the disclosure documented in the audit log and the patient given a meaningful contact path for follow-up.
How do I prove human-in-the-loop in a coding workflow?
The defensible evidence pattern is a per-claim audit log that records, for each code on the claim, whether the code was AI-proposed, AI-modified-by-human, or human-authored, with the coder's identity and timestamp attached. Combined with a periodic statistical comparison of AI-influenced coding distributions against the organisation's historical baseline (anti-upcoding control), this gives external auditors a concrete artefact to test the human-in-the-loop assertion against. The Areebi audit log generates this artefact as a byproduct of normal claims processing.
How does the NIST AI RMF map to HIPAA controls?
The four NIST AI RMF functions map cleanly to HIPAA workstreams. GOVERN aligns to the HIPAA administrative safeguards (45 CFR 164.308) including security management, risk analysis, and workforce training. MAP aligns to the HIPAA risk analysis discipline at the per-system level. MEASURE aligns to ongoing evaluation and audit (45 CFR 164.308(a)(1)(ii)(D)). MANAGE aligns to incident response (45 CFR 164.308(a)(6)) and the continuous improvement cycle. The combined NIST AI RMF plus HIPAA implementation is the dominant pattern in 2026 US healthcare governance.
What is the role of an AI Governance Committee in a healthcare organisation?
The AI Governance Committee in a healthcare organisation is the cross-functional body that signs off on per-workflow risk classification, BAA scope, patient communication policy, and incident response. The standard membership covers the chief medical informatics officer, the CISO, the privacy officer, the chief compliance officer, the chief quality officer, and a representative from medical staff. NIST AI 100-1 GOVERN function expects this body to exist and to meet on a defined cadence; HHS guidance reinforces the expectation for healthcare specifically.
Related Resources
Stay ahead of AI governance
Weekly insights on enterprise AI security, compliance updates, and governance best practices.
Stay ahead of AI governance
Weekly insights on enterprise AI security, compliance updates, and best practices.
About the Author
Areebi Research
The Areebi research team combines hands-on enterprise security work with deep AI governance research. Our analysis is informed by primary sources (NIST, ISO, OECD, federal registers, IAPP) and the operational realities of CISOs running AI programs in regulated industries today.
Ready to govern your AI?
See how Areebi can help your organization adopt AI securely and compliantly.