Compliance
PHI screening & guardrails for HIPAA
For covered entities and their business associates, the LLM question is blunt: the moment protected health information reaches a model provider, that provider is in your compliance picture – business associate agreements, safeguards, breach exposure. Many model providers will not sign a BAA at all, and each one that does is another vendor in the chain of custody.
The alternative is architectural: never send PHI in the first place. The proxy screens identifying information into placeholders before any data reaches your model provider – so the model works on de-identified-in-practice text and the real values never leave our infrastructure.
The honest part, up front: no tool makes you compliant. Compliance is a property of your organization – its processes, contracts, and documentation – not of any component you install. What a guardrails proxy provides is technical measures and evidence that support the obligations below. Assess your own obligations with counsel.
Minimum necessary standard – disclosures limited to the minimum necessary for the purpose
A summarization or drafting model does not need the patient’s name, MRN, or contact details – placeholders carry the clinical text’s meaning without the identifiers. Minimum necessary becomes the mechanical default, not a per-developer judgment call.
Security Rule – technical safeguards: access control, audit controls, integrity, transmission security
Per-request audit records (what ran, what was found, what was decided), taint tracking that blocks screened values from leaving via tool calls, encrypted transport, and screened-by-default storage address the technical-safeguard categories at the LLM boundary specifically.
Business associate exposure – every vendor touching PHI needs a BAA and expands breach surface
Screening changes what the provider touches: placeholders, not PHI. Since the model provider never receives real PHI – only de-identified placeholder text – your compliance analysis with them changes significantly.
Accuracy in clinical content – wrong figures in clinical text are safety events, not just quality issues
Not a HIPAA clause, but the reason healthcare teams deploy guardrails: deterministic numeric grounding catches a dosage or lab value that drifted from the source document – before a clinician sees it.
Breach notification calculus – what was exposed determines what an incident is
Logs that store screened transcripts, and a placeholder map that never persists, mean the LLM audit trail itself holds no PHI – shrinking what any log-layer incident could ever expose.
Does screening PHI into placeholders count as HIPAA de-identification?
Formal de-identification has two defined paths – Safe Harbor’s 18 identifiers or expert determination – and we make no certification claim. What screening does is architectural: identifying values are replaced before text leaves your environment, and your compliance team evaluates the deployment against your obligations.
Do we still need a BAA with our model provider?
That is a determination for your privacy counsel based on what actually reaches the provider in your deployment. Screening is designed so that the answer to “what PHI does the provider receive?” is “none” – which changes the analysis your counsel performs.
Can we run it in our data center?
The proxy is a cloud-based SaaS service. What matters for PHI safety: PII/PHI is screened into placeholders before it leaves our infrastructure to reach any model provider, so what the provider receives is placeholder text, never real identifiers.
What about PHI in agent tool calls?
Taint tracking covers the egress path detection alone misses: screened values and detected secrets are blocked from leaving through tool-call arguments unless the tool is explicitly allowed to receive that entity type.
Bring your compliance team to the demo.
The per-request evidence trail tends to answer their questions faster than a slide deck. We’re running a limited demo – sign up and we’ll get you in as soon as we can.