There is a conversation happening in every hospital, health plan, and large medical group right now. It goes something like this: a nurse asks a clinical documentation specialist whether it's okay to paste a patient's discharge summary into ChatGPT to get a faster draft of a care transition letter. The documentation specialist isn't sure. The privacy officer is called. The privacy officer gives a cautious answer about "not including identifiable information." Everyone leaves the room slightly less certain than when they arrived.
The ambiguity is understandable. Consumer AI tools are fast, helpful, and deeply embedded in how clinical and administrative staff now work. The HIPAA framework was written in a world where the main external threat was a fax sent to the wrong number.
But the ambiguity is also a compliance risk — and OCR has been closing that gap steadily for the last 18 months.
What HIPAA Actually Says About AI Tool Use
HIPAA doesn't have an AI carve-out. The rules that govern how covered entities and business associates handle protected health information apply regardless of the technology involved. Three provisions are especially relevant when employees use external AI tools:
The minimum necessary standard (45 CFR 164.502(b)) requires that access to and disclosure of PHI be limited to the minimum necessary to accomplish the intended purpose. When a physician pastes a full patient chart into an AI assistant to get help drafting a single paragraph, the entire chart is disclosed to a third-party system. The minimum necessary standard does not ask whether the disclosure was intentional — it asks whether the amount of PHI disclosed was justified by the purpose.
The Business Associate Agreement requirement means that any vendor who creates, receives, maintains, or transmits PHI on behalf of a covered entity must be operating under a BAA that sets out the permissible uses and required safeguards. ChatGPT in its consumer form offers no HIPAA BAA. Microsoft has a HIPAA BAA for Copilot in enterprise configurations — but the default consumer Copilot that employees can access through a personal Microsoft account does not. The difference between a compliant and a non-compliant AI interaction can come down to which URL an employee bookmarked.
Audit controls under 45 CFR 164.312(b) require covered entities and business associates to implement hardware, software, and procedural mechanisms that record and examine activity in systems containing or using ePHI. An employee submitting PHI to an external AI service through a browser generates no entry in your EHR audit log. It generates no entry in your network access logs unless you're specifically capturing HTTPS payloads. The audit trail that satisfies your OCR compliance review has a structural gap that most healthcare organizations have not yet addressed.
OCR's December 2024 Proposed Rule Changes the Stakes
On December 27, 2024, HHS OCR proposed the first major update to the HIPAA Security Rule since 2013. The proposed rule is a direct response to a dramatic escalation in healthcare data breaches: OCR reported that large breach reports increased 102 percent from 2018 to 2023, and the number of individuals affected by such breaches increased 1,002 percent over the same period. In 2023, more than 167 million individuals were affected by large healthcare breaches.
The Change Healthcare breach — described by OCR as "the largest breach in our health care system in U.S. history" — accelerated the timeline for regulatory action.
For healthcare organizations deploying or tolerating employee use of AI tools, the proposed rule matters for three reasons:
First, it proposes to eliminate the distinction between required and addressable safeguards, replacing it with explicit mandatory requirements. "Addressable" has functioned, in practice, as a softer compliance standard — organizations could document their rationale for not implementing a particular control. Under the proposed rule, that flexibility shrinks significantly. AI systems processing ePHI will be subject to more stringent, less negotiable security controls.
Second, it explicitly scopes ePHI used in AI training data, prediction models, and algorithm data maintained for covered functions as protected health information under HIPAA. This is not a small change. It means that if an employee submits PHI to an AI tool and that tool uses the interaction to update its model, the organization may have an impermissible use or disclosure on its hands — regardless of whether the employee thought they were just getting a faster draft.
Third, it proposes regular review, testing, and updating of policies and procedures in writing — not annual training attestations, but documented, tested controls. For healthcare compliance officers, that means that "we told employees not to use AI with patient data" is no longer a sufficient answer. The question will be: what technical controls did you implement to enforce that policy?
The Section 1557 Layer
Separate from the Security Rule update, OCR's Section 1557 enforcement has added another AI-specific obligation. The Section 1557 final rule, effective July 5, 2024, prohibits covered entities from discriminating through the use of patient care decision support tools — including AI.
OCR is a federal regulator and law enforcement agency that is uniquely positioned to safeguard the public's trust in the use of AI and other emerging technologies in health care. Unlike other federal agencies that regulate the tools themselves, OCR regulates the use of these tools when providers use them to make health care and benefits decisions.
Affirmative requirements to identify and mitigate risks of discrimination from AI-based clinical decision support took effect on May 1, 2025. For health systems deploying any AI tool that touches clinical decision-making, that is now an active compliance obligation — not a future framework consideration.
The combination of the Security Rule NPRM and the Section 1557 enforcement action creates a two-layer AI governance obligation: one layer around data security and audit trails, one layer around non-discriminatory use of AI in patient care. Most healthcare organizations are not yet managing both layers with any systematic controls.
The Problem Is Shadow AI, Not Just Approved Tools
The governance challenge isn't limited to the AI tools your IT department formally approved. The harder problem is the tools employees discovered on their own.
A social worker using Claude to draft a patient outreach letter. A billing specialist pasting claim details into a generic AI chatbot to look for documentation gaps. A hospitalist using Perplexity to research a differential diagnosis while referencing a patient's lab values in the query. These interactions happen entirely in the browser, entirely outside the perimeter of EHR audit logging, and entirely outside any BAA your organization has signed.
The compliance answer to this problem is not more training. Training-only governance hasn't worked for shadow IT, and it won't work for shadow AI in an environment where AI tools are genuinely useful and employees are facing time pressure on every interaction.
The compliance answer is runtime enforcement: a governance layer that evaluates each AI submission before it leaves the organization, applies your PHI policies, blocks or warns on out-of-policy disclosures, and produces an audit trail that satisfies the evidentiary standard of an OCR investigation — not just a training attestation.
What Runtime Governance for Healthcare AI Looks Like
For healthcare IT and compliance teams, a runtime AI governance solution should satisfy three requirements that map directly to the HIPAA framework:
Policy enforcement at the point of submission. Before a nurse's query reaches ChatGPT or Copilot, a policy engine evaluates whether it contains PHI patterns — patient identifiers, dates of service, diagnosis codes, medication names, or other ePHI markers — and enforces your organization's rules about what can be submitted to which AI services, under what conditions.
Audit trail that satisfies 45 CFR 164.312(b). Every AI interaction — user, timestamp, destination AI service, policy outcome, and matched content category — logged to an immutable record. When OCR requests your audit documentation as part of a Security Rule investigation, the answer is a log, not a policy document.
Coverage of the full AI surface. ChatGPT, Microsoft Copilot, Google Gemini, Claude, Perplexity, and the AI capabilities embedded in the clinical workflow tools your staff use every day. Governance that only covers your approved enterprise tools misses the Shadow AI problem entirely.
This is the gap that Containment.AI addresses: proxy and browser-layer enforcement that operates between your employees and every external AI endpoint, with policy configuration in the admin dashboard and a real-time audit trail built for regulated environments.
OCR's Direction of Travel Is Clear
The December 2024 NPRM, the Section 1557 enforcement posture, and the volume of AI-related guidance OCR has issued since 2024 all point in the same direction: OCR is moving toward treating AI governance in healthcare as an auditable compliance requirement, not a best practice.
Healthcare organizations that build the governance infrastructure now — runtime enforcement, real-time audit logging, documented policies backed by technical controls — will be able to demonstrate compliance when the auditors arrive. Those that wait for a final rule before acting will be building under regulatory pressure, with considerably less time and considerably more scrutiny.
The ambiguity that filled that hospital conference room is closing. The question is whether your compliance program closes it first.
Containment.AI enforces AI governance policies in real time — at the proxy layer, in the browser, and in the admin dashboard — giving healthcare compliance teams the runtime audit trail and PHI policy enforcement that HIPAA's Security Rule and OCR's evolving AI guidance require. Learn more or request a demo.