Governance
HIPAA
HIPAA (Health Insurance Portability and Accountability Act) is the US federal law governing protected health information (PHI). HIPAA-compliant AI deployments use BAA-covered model endpoints (AWS Bedrock, Azure OpenAI, Google Cloud Healthcare API), keep PHI in controlled storage, and produce audit logs of every model call. Off-the-shelf consumer ChatGPT or Gemini is not HIPAA-compliant.
Related terms
- PIPEDA — PIPEDA (Personal Information Protection and Electronic Documents Act) is Canada's federal private-sector privacy law.
- AI Compliance — AI compliance is the demonstrable conformance of AI deployments to applicable laws and standards — GDPR, PIPEDA, the EU AI Act, NIST AI RMF, ISO/IEC 42001, sector-specific rules in healthcare, finance, and government.
- PHI (Protected Health Information) — PHI (Protected Health Information) is any individually identifiable health data covered by HIPAA — diagnoses, treatments, billing, demographic identifiers tied to health context.