HIPAA §164.312 compliance evidence
HIPAA Technical Safeguards evidence for healthcare AI deployments.
Summary
HIPAA §164.312 requires covered entities and business associates to implement technical safeguards protecting electronic Protected Health Information (ePHI). When healthcare staff use AI tools — copilots, search assistants, analysis platforms — every prompt that contains patient data is a §164.312 audit event. membrAIn provides audit controls, access control, integrity, and transmission security specifically scoped to AI interactions.
Who this applies to
- Healthcare providers using AI tools that may process PHI
- Health plans deploying AI for claims, member services, or care management
- Business associates processing PHI on behalf of covered entities
- Healthcare AI vendors selling into HIPAA-regulated organizations
Requirement-by-requirement mapping
Access Control
Implement technical policies and procedures for electronic information systems that maintain ePHI to allow access only to those persons or software programs granted access rights.
Per-agent API key management with explicit scope and rate limits. Each AI interaction is attributed to a specific agent, team, and user. Unauthorized agents are blocked at the gateway before any prompt reaches the AI provider.
Evidence: /demo →Audit Controls
Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI.
Every AI interaction is logged to a tamper-evident Ed25519 audit chain. Each record signs the previous, producing a cryptographically verifiable sequence. Auditors can paste any exported segment into a public verifier and confirm authenticity independently. This is stronger than typical HIPAA audit-log requirements, which permit plain database logging.
Evidence: /test-suite.html#audit-chain-verification →Integrity
Implement policies and procedures to protect ePHI from improper alteration or destruction.
Cryptographic audit lineage is, by construction, tamper-evident. Any modification to any historical audit record breaks the signature chain and is detected on the next verification. This provides demonstrable integrity controls beyond what database-only logging can offer.
Evidence: /test-suite.html#audit-chain-verification →Person or Entity Authentication
Implement procedures to verify that a person or entity seeking access to ePHI is the one claimed.
Gateway authentication via API key bound to a specific agent identity. Optional integration with enterprise identity providers (Okta, Azure AD) for human-in-the-loop AI sessions.
Evidence: /demo →Transmission Security
Implement technical security measures to guard against unauthorized access to ePHI being transmitted over an electronic communications network.
TLS 1.3 for all gateway connections. Real-time DLP scanning intercepts PHI patterns (SSN, MRN-shape identifiers, ICD/CPT code clusters with patient names) before transmission to external AI providers. Configurable to BLOCK rather than LOG for PHI-classified content.
Evidence: /test-suite.html#dlp-coverage →Unique User Identification
Assign a unique name and/or number for identifying and tracking user identity in ePHI systems.
Every AI request is attributed to a unique end-user identity via the X-Membrain-User header. User identity is embedded in the signed Ed25519 audit event and persisted in D1 alongside the full request metadata. Each user's AI interactions are independently traceable in the audit log, enabling per-user ePHI access reporting for HIPAA compliance audits.
Evidence: /demo →Emergency Access Procedure
Establish procedures for obtaining necessary ePHI during an emergency.
membrAIn operates as a proxy layer over existing AI providers. In emergencies, organizations can bypass the gateway by reverting the two environment variables to direct provider endpoints, maintaining uninterrupted access to AI systems while the governance layer is restored. The compliance-mode KV flag provides per-account emergency metadata-only mode that preserves audit logging while reducing latency overhead.
Evidence: /demo →Automatic Logoff
Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.
Portal sessions use JWT access tokens with 15-minute expiry and 7-day refresh tokens. Inactive sessions are automatically invalidated. Agent keys can be scoped with budget caps and daily rate limits that enforce operational boundaries. MSP administrators can suspend or revoke agent access instantly from the Command Center without affecting other client organizations.
Evidence: /demo →Encryption and Decryption
Implement a mechanism to encrypt and decrypt ePHI.
All data in transit uses TLS 1.3 minimum across every surface: client to gateway (Cloudflare edge), gateway to upstream LLM providers, portal to API. OAuth tokens for Lane 4 audit connectors are stored encrypted at rest using AES-256-GCM via the CONNECTOR_ENC_KEY environment secret. The audit chain itself uses Ed25519 asymmetric cryptography — the private key never leaves the Cloudflare Worker secrets store.
Evidence: /test-suite.html →Mechanism to Authenticate Electronic Protected Health Information
Implement electronic mechanisms to corroborate that ePHI has not been altered or destroyed in an unauthorized manner.
Every audit event that involves ePHI interaction is individually signed with Ed25519 and hash-chained to the prior event. The chain structure means that any retroactive alteration — modifying a DLP result, deleting a PHI-detection event, or inserting a false clean event — invalidates the signature of all subsequent records. Auditors can verify the integrity of any export offline using the published per-account public key without trusting membrAIn infrastructure.
Evidence: /test-suite.html#audit-chain-verification →Encryption of ePHI in Transit
Implement a mechanism to encrypt ePHI whenever deemed appropriate.
All ePHI-containing prompts are intercepted and blocked before transmission to LLM providers — the ePHI never leaves the governance layer in transit to any third-party model. For prompts containing contact-class PII (email, phone), membrAIn redacts inline and transmits the sanitized version. The full payload including redaction evidence is stored only in the customer's own D1 database, encrypted in transit via TLS 1.3 to Cloudflare's edge infrastructure.
Evidence: /test-suite.html#dlp-coverage →What membrAIn does NOT cover
Honesty matters for procurement evaluation. These are explicit gaps where HIPAA §164.312 requirements fall outside our scope or require complementary controls.
- HIPAA Business Associate Agreements (BAAs) with downstream AI providers (e.g., OpenAI Enterprise, Anthropic Enterprise) must be executed separately. membrAIn does not retroactively HIPAA-enable AI providers that lack a BAA — though it can block prompts to non-BAA providers at the gateway.
- Administrative Safeguards (§164.308) and Physical Safeguards (§164.310) are organizational and facility-level requirements outside membrAIn's scope.
- Breach notification under §164.404 remains the covered entity's obligation. membrAIn provides the forensic evidence needed for rapid breach assessment but does not file notifications.