Free for a week, then $19 for your first month
Expert Advice

BAAs, Access Controls, and Audit Logs: The Security Stack Behind Safe AI Notes

See the must-have security layers for compliant, safe AI notes.

Dr. Eli Neimark's profile picture
By  Dr. Eli NeimarkDr. Eli Neimark profile pictureDr. Eli NeimarkLicensed Medical Doctor

Dr. Eli Neimark is a certified ophthalmologist and accomplished tech expert with a unique dual background that seamlessly integrates advanced medicine with cutting‑edge technology. He has delivered patient care across diverse clinical environments, including hospitals, emergency departments, outpatient clinics, and operating rooms. His medical proficiency is further enhanced by more than a decade of experience in cybersecurity, during which he held senior roles at international firms serving clients across the globe.

 , Licensed Medical Doctor
4 min read Expert Verified How is this page expert verified? At Twofold Health, we take the accuracy of our content seriously. "Expert verified" means our Clinical Advisory Board — practicing clinicians and industry experts — has thoroughly evaluated the article for accuracy, clarity, and relevance. They hold us accountable for delivering trustworthy resources clinicians can rely on. About our Review Board
Reviewed by  Dr. Dora MatisDr. Dora Matis profile pictureDr. Dora MatisLicensed Medical Doctor

Dr. Dora Matis is a licensed medical doctor currently working as a psychiatrist and psychotherapist at a leading clinic in Germany. With a strong passion for mental health and holistic care, she combines clinical expertise with a compassionate approach to patient well‑being. Beyond her clinical practice, Dr. Matis is actively involved in medical research and has published several articles across various fields of medicine, reflecting her dedication to advancing medical knowledge and improving patient outcomes.
BAAs, Access Controls, and Audit Logs: The Security Stack Behind Safe AI Notes hero image

AI can draft a clinical note in seconds, but speed without security is a liability. Standard AI tools lack HIPAA safeguards, exposing patient data to unauthorized access, missing audit trails, and vendor misuse. For truly HIPAA-compliant AI notes, you need a complete security stack: a Business Associate Agreement (BAA) to bind your vendor legally, access controls to enforce who sees what, and audit logs to prove every interaction. One or two layers won’t protect you. This guide breaks down why all three are non‑negotiable, and how they work together to keep AI notes safe, compliant, and defensible.

Under HIPAA, any AI vendor that stores or transmits PHI is a Business Associate, and without a signed Business Associate Agreement, you violate the HIPAA Privacy Rule.

Three-layer security stack diagram for HIPAA-compliant AI clinical notes. The bottom foundation layer is the Business Associate Agreement (BAA) that defines the legal obligations of the AI vendor handling protected health information. The middle operational layer is access controls including role-based access, multi-factor authentication, least-privilege defaults, and session timeouts. The top verification layer is audit logs that prove every prompt, model version, and PHI read or write, with AI-specific events tracked.

BAA + access controls + audit logs — drop any layer and the stack collapses.

What a Proper AI Vendor BAA Must Include

  • Use Restrictions: No training AI models on your clinical notes without explicit opt-in.
  • Breach Notification: Maximum 60-day window to notify you.
  • Subcontractor Control: Vendor must have BAAs with all sub-processors (OpenAI, AWS, etc.).

Warning Signs to Look Out For in a Vendor's BAA:

  1. Allows de-identified data for model training without opt-out.
  2. No liability for subcontractors' compliance failures.
  3. Lacks specific provisions for AI-generated content retention.

2. Access Controls: Who Sees What, and When

HIPAA's Security Rule requires limiting PHI access to the "minimum necessary." For AI notes, this means controlling access at the user, role, and session level.

Must-Have Access Control Features for AI Notes

  • Role-Based Access Control: Physicians see full notes; billers see only codes; researchers see de-identified data.
  • Just-in-Time Access: Temporary, auto-revoked approval for sensitive notes.
  • Multi-Factor Authentication + SSO: Required for every device generating AI notes.
  • Location Restrictions: Block personal phones or foreign IPs.

3. Audit Logs: Proving What Didn't Happen

HIPAA requires audit log retention for 6 years. For AI notes, logs must capture who viewed, edited, exported, and who prompted the AI, and with what text.

AI-Specific Audit Trail Requirements

  • Prompt Logging: Exact text (including PHI) sent to the AI model, the most commonly missed log.
  • Output Logging: AI's raw response before human editing.
  • Download/Print/Forward Events: Often missed but required.

The Complete Security Stack: How the Layers Work Together

You Have

But Missing

Result

BAA Only

Access Controls + Audit Logs

Legal on paper, but no enforcement or proof of who did what.

Access Controls Only

BAA + Audit Logs

The vendor can still misuse your data.

Audit Logs Only

BAA + Access Controls

You see the breach happened after it was too late to stop it.

All three

Defensible HIPAA-compliant AI notes.

Why Most "HIPAA Compliant AI Notes" Tools Fall Short

Many vendors claim compliance, but here's what they actually miss:

3 Common Vendor Gaps:

  • Offer A BAA That Allows Model Training: The fine print often permits using "de-identified" notes for AI improvement, a loophole most clinicians miss.
  • Have Audit Logs But Don't Log AI Prompts: You'll see that a note was generated, but not what text was sent to the model, making breach investigations impossible.
  • Use RBAC, But Share Tenant Databases: Different customers' data sits in the same database. One misconfigured query can leak PHI across practices.
Comparison table of a standard AI tool marketed as HIPAA-friendly versus an AI clinical-notes tool built with a full HIPAA security stack, across five controls: whether a Business Associate Agreement is signed at signup, whether access controls are role-based and record-scoped, whether multi-factor authentication is required on admin accounts, whether prompt and model usage is captured in audit logs, and whether PHI deletion is logged and verifiable.

“HIPAA-friendly” isn't HIPAA-safe — the gap shows up across every control on this table.

Conclusion

Relying on just one or two security layers leaves your AI notes exposed. The BAA binds your vendor legally, access controls determine who sees what, and audit logs prove every action. Remove any layer, and the stack collapses. Many tools claim "HIPAA compliance," but few deliver all three with prompt logging, model training prohibitions, and role‑based access. Before committing, verify each layer. A signed BAA means nothing if audit logs are missing or access controls are weak. For safe, defensible HIPAA‑compliant AI notes, all three must work as one.


References

Alder, S. (2026, January 3). HIPAA Privacy Rule - Updated for 2026. The HIPAA Journal.

Alder, S. (2026, January 5). HIPAA Retention Requirements - 2026 Update. The HIPAA Journal.

Alder, S. (2026, January 15). The HIPAA Minimum Necessary Rule Standard - Updated for 2026. The HIPAA Journal.

Alder, S. (2026, January 29). HIPAA Security Rule. The HIPAA Journal.

Stanger, K. (2023, October 19). Business Associate Agreements: Requirements and Suggestions. Holland & Hart LLP.

FAQ

Frequently asked questions

  • Do I still need a BAA if the AI vendor claims they delete all PHI immediately after generating the note?

    Yes, you still need a signed BAA. HIPAA defines a Business Associate based on access to PHI, not just storage.

    • Access Matters More Than Retention: Even momentary processing of PHI constitutes a disclosure under HIPAA. Without a BAA, that millisecond of access is an unauthorized disclosure.
    • Verification Problem: "Immediate deletion" is nearly impossible to audit or prove. A BAA gives you contractual recourse and breach notification rights.
    • Subprocessor Risk: Even if the primary vendor deletes data, their subprocessor (e.g., OpenAI) may retain logs for debugging or model improvement.
    • Best Practice: Never process PHI through any AI tool without a signed BAA in place first.

    See how Twofold handles BAAs for AI notes.


  • What's the difference between standard audit logs and AI-specific audit logs for clinical notes?

    Standard audit logs track basic events. AI‑specific logs capture what actually happened with the model.

    • Why it Matters: Without prompt logs, you cannot prove what PHI was sent to the AI. Without regeneration tracking, you miss multiple disclosure events.
    • Best Practice: Require append-only audit logs that capture prompts, outputs, regenerations, and export actions, and retain them for 6 years.

    FInd out how to spot compliance red flags.

  • Can I use a single, shared login for my AI note tool if we're a small practice?

    No. HIPAA's Security Rule explicitly requires unique user identification (size does not exempt you).

    • The Problem: Shared logins make it impossible to know which individual accessed, prompted, or edited an AI note.
    • The Consequence: During an OCR investigation or lawsuit, you cannot defend yourself. "We don't know who did it" is not a good answer.
    • Best Practice: Enforce unique logins, role-based access controls, and MFA for every user, even in a one-clinician practice.

    Explore how to choose a HIPAA-compliant AI notes tool.

More

Continue reading