Secure Healthcare AI for HIPAA and GDPR Compliance

Healthcare organizations face the tightest data protection requirements of any industry. Patient data — Protected Health Information (PHI) under HIPAA and personal health data under GDPR — must never reach an LLM provider in identifiable form. Keeptrusts provides purpose-built controls that make healthcare AI safe by default.

Use this page when

You deploy AI in healthcare and must ensure HIPAA Safe Harbor compliance for all 18 PHI identifiers.
You need zero-retention routing to guarantee no patient data is stored or used for model training by providers.
You are configuring healthcare-specific compliance policies (medical disclaimers, unsafe advice blocking).

Primary audience

Primary: Technical Leaders
Secondary: Technical Engineers, AI Agents

What you'll achieve

HIPAA Safe Harbor compliance with automatic detection and redaction of all 18 PHI identifiers
Zero-retention routing ensuring no patient data is stored or used for model training
Healthcare-specific compliance policies adding medical disclaimers and blocking unsafe medical advice
Immutable audit trail satisfying HIPAA audit control requirements (45 CFR § 164.312(b))
Evidence export ready for HIPAA and GDPR compliance reviews

The 18 HIPAA Safe Harbor identifiers

The hipaa-phi-detector policy detects and redacts all 18 categories defined by the HIPAA Safe Harbor method:

#	Identifier	Examples
1	Names	Patient names, provider names
2	Geographic data	Street address, city, ZIP code
3	Dates	Birth date, admission date, discharge date
4	Phone numbers	All telephone numbers
5	Fax numbers	All fax numbers
6	Email addresses	All email addresses
7	Social Security numbers	SSN
8	Medical record numbers	MRN, chart numbers
9	Health plan beneficiary numbers	Insurance IDs
10	Account numbers	Billing account numbers
11	Certificate/license numbers	DEA numbers, medical licenses
12	Vehicle identifiers	VIN, license plates
13	Device identifiers	Serial numbers, UDIs
14	Web URLs	Patient portal URLs
15	IP addresses	All IP addresses
16	Biometric identifiers	Fingerprints, voiceprints
17	Full-face photos	Comparable images
18	Any other unique identifier	Research subject IDs

HIPAA compliance configuration

pack:
  name: healthcare-hipaa
  version: "1.0"
  description: HIPAA-compliant healthcare AI governance

policies:
  chain:
    - data-routing-policy
    - hipaa-phi-detector
    - pii-detector
    - healthcare-compliance
    - audit-logger

policy:
  data-routing-policy:
    require_zero_data_retention: true
    require_no_training: true
    max_retention_days: 0
    on_no_compliant_provider: block
    log_provider_selection: true

  hipaa-phi-detector:
    mode: hipaa_18
    action: redact
    safe_harbor_method: true

  pii-detector:
    action: redact
    healthcare_mode: true

  healthcare-compliance: {}

  audit-logger:
    immutable: true
    retention_days: 2555
    hipaa_audit_controls: true

What this configuration does:

Routes only to zero-retention providers — patient data never stored by upstream providers
Detects all 18 PHI categories — Safe Harbor method compliance
Redacts PII in healthcare mode — enhanced detection tuned for medical contexts
Applies healthcare compliance rules — blocks unsafe medical advice, adds disclaimers
Maintains immutable audit logs — 7-year retention per HIPAA requirements

Zero-retention provider setup

Declare data policies on each provider target so the data-routing-policy can enforce routing:

pack:
  name: secure-healthcare-ai-providers-2
  version: 1.0.0
  enabled: true
providers:
  targets:
  - id: azure-openai-hipaa
    provider: azure-openai
    model: gpt-4o
    base_url: https://hipaa-resource.openai.azure.com
    secret_key_ref:
      env: AZURE_OPENAI_KEY
  - id: openai-standard
    provider: openai
    model: gpt-4o
    secret_key_ref:
      env: OPENAI_API_KEY
policies:
  chain:
  - audit-logger
policy:
  audit-logger:
    immutable: true
    retention_days: 365
    log_all_access: true
    hipaa_audit_controls: true

With require_zero_data_retention: true, only azure-openai-hipaa will receive healthcare traffic. The standard OpenAI endpoint is automatically excluded.

For European healthcare organizations, layer GDPR-specific controls:

policies:
  chain:
    - data-routing-policy
    - hipaa-phi-detector
    - pii-detector
    - healthcare-compliance
    - bias-monitor
    - audit-logger

policy:
  data-routing-policy:
    require_zero_data_retention: true
    require_no_training: true
    on_no_compliant_provider: block

  pii-detector:
    action: redact
    healthcare_mode: true
    categories:
      - email
      - phone
      - address
      - date_of_birth
      - national_id

  bias-monitor:
    protected_attributes:
      - age
      - gender
      - ethnicity
      - disability
    action: escalate

  audit-logger:
    immutable: true
    retention_days: 3650

The bias-monitor helps satisfy GDPR's requirements around automated decision-making fairness (Article 22).

Healthcare compliance policy behavior

The healthcare-compliance policy applies healthcare-specific controls:

Blocked patterns — detects and blocks attempts to get the AI to provide specific medical diagnoses, prescriptions, or treatment plans without appropriate context
Disclaimer injection — adds medical disclaimers to AI responses when healthcare topics are detected
Escalation triggers — flags potentially unsafe medical advice for human review

Audit readiness for HIPAA

HIPAA requires specific audit controls. Here's how Keeptrusts maps to the Security Rule:

HIPAA Requirement	CFR Reference	Keeptrusts control
Audit controls	§ 164.312(b)	`audit-logger` with `hipaa_audit_controls: true`
Access controls	§ 164.312(a)(1)	RBAC + team scoping + gateway keys
Integrity controls	§ 164.312(c)(1)	`immutable: true` audit logs
Transmission security	§ 164.312(e)(1)	TLS-enforced gateway connections
Person authentication	§ 164.312(d)	Session-based authentication + CSRF

Generating HIPAA audit evidence

# Export HIPAA audit evidence for the past quarter
kt export create \
  --format json \
  --from "2026-01-01T00:00:00Z" \
  --to "2026-03-31T23:59:59Z" \
  --filter "policy_type=hipaa-phi-detector" \
  --include-policy-outcomes

Quick wins

Deploy the HIPAA template — immediate PHI protection with zero application changes
Configure at least one zero-retention provider — ensure patient data has a compliant route
Set audit-logger retention to 2555 days (7 years) — meet HIPAA retention requirements
Test with sample PHI — verify all 18 identifier categories are detected
Create your first audit evidence export — prove the system works before an audit

Testing PHI detection

Send a test request with synthetic PHI to verify detection:

curl -X POST http://localhost:8080/v1/chat/completions \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gpt-4o",
    "messages": [
      {"role": "user", "content": "Patient John Smith, DOB 03/15/1985, MRN 12345678, was seen at 123 Main St, Springfield. SSN 123-45-6789. Phone 555-0123."}
    ]
  }'

The gateway should redact the patient name, DOB, MRN, address, SSN, and phone number before forwarding.

For AI systems

Canonical terms: hipaa-phi-detector, HIPAA Safe Harbor 18 identifiers, data-routing-policy, zero-retention, healthcare-compliance, pii-detector (healthcare_mode).
Config keys: policy.hipaa-phi-detector.mode: hipaa_18, policy.data-routing-policy.require_zero_data_retention, policy.data-routing-policy.require_no_training, policy.pii-detector.healthcare_mode.
CLI commands: kt gateway run, kt events list --filter "policy_type=hipaa-phi-detector".
Best next pages: Healthcare HIPAA Template, Prevent Data Leaks, Pass Compliance Audits.

For engineers

Prerequisites: gateway running with hipaa-phi-detector, data-routing-policy, and audit-logger in the chain.
Set hipaa-phi-detector.mode: hipaa_18 with safe_harbor_method: true for full Safe Harbor coverage.
Enable data-routing-policy.require_zero_data_retention: true and require_no_training: true.
Validate: send a request containing a test MRN or patient name and confirm redaction in the event record.
Set audit-logger.immutable: true for HIPAA audit control compliance (45 CFR § 164.312(b)).

For leaders

HIPAA breach penalties reach $1.9M per violation category per year; technical PHI redaction eliminates the most common AI breach vector.
Zero-retention enforcement means no patient data persists at the provider — reduces breach notification scope.
Immutable audit logs satisfy the HIPAA Security Rule audit control requirement (45 CFR § 164.312(b)).
The healthcare-hipaa template provides ready-to-deploy HIPAA compliance without custom policy development.

Next steps

Healthcare HIPAA Template — detailed template configuration
Prevent Data Leaks — broader data protection guide
Pass Compliance Audits — general audit readiness
Zero Retention Endpoints — reference list of ZDR providers
Meet EU AI Act — additional EU regulatory requirements

Use this page when​

Primary audience​

What you'll achieve​

The 18 HIPAA Safe Harbor identifiers​

HIPAA compliance configuration​

Zero-retention provider setup​

GDPR-specific additions​

Healthcare compliance policy behavior​

Audit readiness for HIPAA​

Generating HIPAA audit evidence​

Quick wins​

Testing PHI detection​

For AI systems​

For engineers​

For leaders​

Next steps​