Governance
PHI (Protected Health Information)
PHI (Protected Health Information) is any individually identifiable health data covered by HIPAA — diagnoses, treatments, billing, demographic identifiers tied to health context. AI deployments that process PHI must use BAA-covered infrastructure, scoped retrieval (the AI sees only PHI the user is authorized to see), and audit logging. Sending PHI to a non-BAA endpoint is a HIPAA violation regardless of intent.
Related terms
- HIPAA — HIPAA (Health Insurance Portability and Accountability Act) is the US federal law governing protected health information (PHI).
- AI Compliance — AI compliance is the demonstrable conformance of AI deployments to applicable laws and standards — GDPR, PIPEDA, the EU AI Act, NIST AI RMF, ISO/IEC 42001, sector-specific rules in healthcare, finance, and government.