How do I make an AI chatbot HIPAA-compliant when it queries patient data?

Question

Accepted Answer

HIPAA compliance for an LLM chatbot touching PHI is a stack of technical, organizational, and procedural controls. The technical layer: 1. **BAA with the LLM provider.** OpenAI, Anthropic, Google Cloud, AWS Bedrock all offer BAAs on enterprise tiers — required before sending any PHI through prompts. 2. **Minimum-necessary at the query layer (164.514(d)).** AST policy enforces column-level redaction: the chatbot's SQL projection cannot include `ssn`, `dob`, `mrn` unless its policy explicitly allows them for that user-role. 3. **Audit controls (164.312(b)).** Tamper-evident log of every query: subject, prompt, SQL, decision, tables/columns accessed, row count (not contents — never log PHI). Retain six years. 4. **Access controls (164.312(a)).** Per-agent DB role with `SELECT` only on PHI-redacted views. RLS ties row visibility to `app.patient_authorized_users` or equivalent. 5. **Transmission security (164.312(e)).** TLS 1.2+ end-to-end; the QueryShield API is TLS-only and offers self-host for VPC-bound deployments. 6. **De-identification for analytics agents.** Where possible, agents query Safe Harbor de-identified views; the AST policy enforces that the agent never references `phi_raw` tables. QueryShield ships the AST + policy + log layers. The BAA, ePHI inventory, breach-notification procedure, and workforce training are organizational responsibilities — but a sound technical foundation makes the rest defensible.