Free for a week, then $19 for your first month
Expert Advice

The One HIPAA Rule Most AI Startups Overlook

Missing this HIPAA rule can cost you. Protect your AI startup and patient data now

Dr. Eli Neimark's profile picture
By  Dr. Eli Neimark Dr. Eli Neimark profile pictureDr. Eli NeimarkLicensed Medical Doctor

Dr. Eli Neimark is a certified ophthalmologist and accomplished tech expert with a unique dual background that seamlessly integrates advanced medicine with cutting‑edge technology. He has delivered patient care across diverse clinical environments, including hospitals, emergency departments, outpatient clinics, and operating rooms. His medical proficiency is further enhanced by more than a decade of experience in cybersecurity, during which he held senior roles at international firms serving clients across the globe.

 , Licensed Medical Doctor
6 min read Expert Verified How is this page expert verified? At Twofold Health, we take the accuracy of our content seriously. "Expert verified" means our Clinical Advisory Board — practicing clinicians and industry experts — has thoroughly evaluated the article for accuracy, clarity, and relevance. They hold us accountable for delivering trustworthy resources clinicians can rely on. About our Review Board
Reviewed by  Dr. Dora Matis Dr. Dora Matis profile pictureDr. Dora MatisLicensed Medical Doctor

Dr. Dora Matis is a licensed medical doctor currently working as a psychiatrist and psychotherapist at a leading clinic in Germany. With a strong passion for mental health and holistic care, she combines clinical expertise with a compassionate approach to patient well‑being. Beyond her clinical practice, Dr. Matis is actively involved in medical research and has published several articles across various fields of medicine, reflecting her dedication to advancing medical knowledge and improving patient outcomes.
The HIPAA rule most AI startups overlook in 2026: BAA chain coverage, AI output PHI handling, and the gap between 'HIPAA-compliant infrastructure' and full HIPAA compliance

Among the many HIPAA requirements AI startups must navigate, one rule is consistently overlooked: the Business Associate Agreement (BAA). While founders focus on encryption and secure infrastructure, they miss the contractual foundation of compliance.

Under HIPAA, any vendor that creates, receives, maintains, or transmits Protected Health Information (PHI) on behalf of a covered entity must sign a BAA. Without a signed BAA with every vendor in your AI stack, your startup operates outside HIPAA, regardless of technical safeguards. Learn how to avoid this overlooked HIPAA rule and protect your practice and patients.

The BAA Gap That's Costing AI Startups Millions

The rule everyone skips is simple: Every vendor in your AI stack that interacts with PHI must have a signed BAA with your startup, and your startup must have a signed

BAA with each of your covered entity customers. Why is this so costly? Because investors and healthcare systems now perform BAA audits before signing contracts. One missing BAA can kill a deal worth millions.

5 HIPAA gaps AI startups overlook in 2026: BAA chain coverage (every subprocessor needs flow-down), infrastructure vs compliance (AWS BAA is one layer only), AI outputs as PHI (generated clinical notes are PHI from creation), training data policy (Safe Harbor de-identification has 18 specific identifiers), and audit logging design (AI inference logs need their own retention beyond application logs).

Why "HIPAA-Compliant Infrastructure" Is Not the Same as HIPAA Compliance

Most AI startups believe that if they host their LLM on AWS or Azure, they are automatically compliant. That is not true. Infrastructure providers offer HIPAA‑eligible services, but eligibility is not compliance.

Compliance requires a shared responsibility model. You can have encryption at rest and in transit, but if you haven’t signed a BAA with your cloud provider and every sub‑processor, you are putting patient information and your startup at risk.

Who Counts as a Business Associate When AI Is in the Room

Under HIPAA, a Business Associate is any person or entity that performs functions involving PHI on behalf of a covered entity. In an AI stack, this includes:

  • Cloud transmitters.
  • Data hosting and storage.
  • Scribing and transcription software.

What Happens When AI Outputs Become PHI

If an AI generates a discharge summary containing a patient's name, date of birth, and diagnosis, that output is PHI the moment it is saved.

Your BAA must cover outputs, not just inputs. Also, because AI models can hallucinate or reconstruct training data, you must treat every output as potentially containing PHI. That means your entire data pipeline, from prompt to response to storage, must be under signed BAAs.

For a deeper dive on handling sensitive note types, see our guide on psychotherapy notes.

The Training Data Problem Most Startups Discover Too Late

Some AI startups build their own models or fine‑tune existing ones using clinical data. If you use PHI to train or fine‑tune any model, that model becomes PHI. Every subsequent inference from that model is a disclosure of the original training data.

Without a BAA that specifically addresses model weights as PHI, you cannot legally implement that fine‑tuned model. Additionally, if you share the model with other customers without de‑identifying the training data per the Safe Harbor law, you’ve committed a breach.

Why Audit Logging for AI Is Nothing Like Audit Logging for Traditional Software

Traditional HIPAA audit logs track who viewed a record and when. AI requires logs for:

  • Every prompt sent to an LLM (full text).
  • Every model output returned.
  • Temperature and token settings (which affect output determinism).
  • System prompts and retrieval-augmented generation (RAG) contexts.

Without these logs, you cannot reconstruct what PHI was shared with the AI or answer a patient's access request.

The Real Cost of Getting This Wrong

The HHS Office for Civil Rights (OCR) has made clear that BAAs are a top enforcement priority. The HIPAA penalty structure fines start at $100 per violation and can exceed 1.5 million (Tier 1‑4). Beyond fines, a breach notification due to an unsigned BAA destroys customer trust. Health systems will drop your product immediately if they discover you were sharing PHI with an LLM vendor that refused to sign a BAA.

HIPAA Compliance Built In, Not Bolted On, With Twofold

Twofold provides HIPAA-compliant AI notes with BAAs signed with major LLM providers, full audit logging, and a contractual framework that satisfies covered entities.

  • Signed BAAs: Twofold has already executed BAAs on your behalf, covering every AI vendor in the stack.
  • Full Audit Logging: Automatic six-year retention of all PHI interactions, including model parameters and RAG contexts, so you can answer patient access requests and pass OCR audits.
  • A Contractual Framework: BAAs for your covered entity customers are ready to sign, plus vendor subprocessor agreements. You go from nothing to being fully HIPAA-compliant.
Built-in vs bolted-on HIPAA across 5 controls: BAA flow-down (Twofold covers all subprocessors at signup vs manual review per integration with typical AI startups), audio retention (deleted after note drafted vs variable retention), AI output handling (treated as PHI from creation with audit trail vs treated as derivative content), training data policy (PHI excluded by contract vs opt-out required per session), audit logging scope (unified inference + edit + access logs vs application logs only).

Conclusion

Among all HIPAA requirements, the Business Associate Agreement remains the most overlooked by AI startups. Encryption and secure infrastructure are necessary but insufficient without signed BAAs covering every vendor that interacts with PHI. Startups that skip this step operate outside HIPAA regardless of their technical safeguards. The best approach is to audit your entire vendor stack, confirm BAAs are in place with every Business Associate, and establish BAAs with your covered entity customers before processing any patient data. For founders seeking a streamlined path, platforms with pre‑negotiated BAAs offer a reliable alternative to building compliance from nothing.

References

Alder, S. (2026, January 2). The Most Common HIPAA Violations You Must Avoid - 2026 Update. The HIPAA Journal.

Alder, S. (2026, January 2). What is Considered Protected Health Information Under HIPAA? 2026 Update. The HIPAA Journal.

Alder, S. (2026, January 5). HIPAA Business Associate Agreement - 2026 Update. The HIPAA Journal.

Alder, S. (2026, January 5). HIPAA Retention Requirements - 2026 Update. The HIPAA Journal.

Alder, S. (2026, January 5). What is the HIPAA Safe Harbor Law? The HIPAA Journal.

Alder, S. (2026, January 28). What are the Penalties for HIPAA Violations? 2026 Update. The HIPAA Journal.

IBM. (2023, September). What are AI hallucinations? IBM.

Pohlmann, J. (2026, April 8). HIPAA Business Associate Agreement (BAA) Compliance Guide. Linford & Company LLP.

Watkins, S. (2024, August 21). Business Associate Agreements Matter: Demystifying the Perceived Simplicity of HIPAA Agreements. Holland & Knight.

FAQ

Frequently asked questions

  • Does using a HIPAA-compliant cloud provider automatically make an AI application HIPAA-compliant?

    No. A HIPAA‑compliant cloud provider offers HIPAA‑eligible infrastructure, but compliance requires a signed Business Associate Agreement (BAA), proper safeguards, and coverage for every vendor in your stack, not just the cloud host.

    • Infrastructure vs. Compliance: Cloud providers operate under a shared responsibility model. They secure the hardware; you secure the application, BAAs, and vendor chain.
    • The BAA Requirement: Without a signed BAA from your cloud provider, you cannot legally process PHI on their infrastructure, regardless of encryption or access controls
  • What is the difference between de-identifying data for storage and de-identifying it for AI model training?

    De‑identification for storage removes 18 specific HIPAA identifiers, so the data is no longer PHI. De‑identification for AI training is riskier because models can memorize and reconstruct patient information.

    • Storage de-identification: Once 18 identifiers are removed, the data is legally not PHI. No BAA is required for storage or sharing.
    • Training de-identification: Models may retain and regenerate PHI even from "de-identified" training data. A BAA is still required with any vendor hosting or fine-tuning the model.
    • Re-identification Risk: AI outputs can inadvertently contain names, dates, or diagnoses. Treat any model trained on clinical data as potentially containing PHI.
  • Can an AI startup face HIPAA penalties even if no patient data was actually breached?

    Yes, HIPAA violations are enforced based on risk of exposure. Missing BAAs, insufficient audit logs, or improper access controls trigger penalties regardless of whether data is leaked.

    • No Breach Required: OCR fines startups for systemic compliance failures, not just breaches. A missing BAA with your LLM provider is a violation.
    • Common Non-Breach Violations: Failing to sign a BAA, lacking six-year audit logs, denying patient access requests, or using unencrypted devices.
    • Penalty Amounts: Fines can add up in the thousands per violation category, even if no patient data ever left your system.

    See more information on common HIPAA violations you must avoid.

  • Does Twofold sign a Business Associate Agreement with every account, or only enterprise plans?

    Twofold signs a Business Associate Agreement with every account, including individual clinicians, small practices, and AI startups. A BAA is not reserved for enterprise plans only.

    • All Customers: Every Twofold account receives a signed BAA before processing any PHI. No exceptions.
    • Enterprise Additions: Enterprise plans add custom terms, subprocessor lists, and expanded liability coverage, but the BAA is essentially universal.
    • Startup-Friendly: You do not need legal resources or large minimums to get a BAA from Twofold.
  • How does Twofold handle session audio once a clinical note has been generated?

    Twofold does not permanently store session audio. Once the clinical note is generated, the raw audio file is automatically deleted from the system.

    • Processing: Audio exists only during active transcription and never persists beyond note generation.
    • No Secondary Use: Session audio is never used for training, analytics, model improvement, or any purpose other than generating the requested note.

    See how HIPAA-compliant AI notes can streamline clinical documentation without compromising compliance.


More

Continue reading