Building HIPAA-Compliant AI Applications

Building AI applications in healthcare requires careful attention to HIPAA regulations. Here's how to do it right with PiyAPI.

What is PHI?

Protected Health Information includes 18 identifiers:

Automatic PHI Detection

PiyAPI automatically detects PHI in your memories:

const memory = await client.memories.create({

content: "Patient John Smith, DOB 03/15/1980, has diabetes",

detectPhi: true, // Default: true for healthcare plans

});

// Response includes PHI locations:

// memory.phiDetected: ["John Smith", "03/15/1980"]

Redaction Options

Option 1: Store with Redaction

const memory = await client.memories.create({

content: "Patient John Smith has diabetes",

redactPhi: true,

});

// Stored: "Patient [NAME] has diabetes"

Option 2: Redact on Retrieval

const results = await client.search.semantic({

query: "diabetes patients",

redactResults: true,

});

Getting a BAA

For HIPAA compliance, you need a Business Associate Agreement. Contact enterprise@piyapi.cloud to get started.

Best Practices

1. **Enable PHI detection** on all memory operations

2. **Use namespaces** to isolate patient data

3. **Enable audit logging** for compliance

4. **Encrypt at rest** (enabled by default)

5. **Review access logs** regularly