Towards a HIPAA Compliant Agentic AI System in Healthcare

• URL: http://arxiv.org/abs/2504.17669v1
• Date: Thu, 24 Apr 2025 15:38:20 GMT
• Title: Towards a HIPAA Compliant Agentic AI System in Healthcare
• Authors: Subash Neupane, Shaswata Mitra, Sudip Mittal, Shahram Rahimi,
• Abstract summary: This paper introduces a HIPAA-compliant Agentic AI framework that enforces regulatory compliance through dynamic, context-aware policy enforcement.<n>Our framework integrates three core mechanisms: (1) Attribute-Based Access Control (ABAC) for granular governance, (2) a hybrid PHI sanitization pipeline combining patterns and BERT-based model to minimize leakage, and (3) immutable audit trails for compliance verification.
• Score: 3.3123773366516645
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Agentic AI systems powered by Large Language Models (LLMs) as their foundational reasoning engine, are transforming clinical workflows such as medical report generation and clinical summarization by autonomously analyzing sensitive healthcare data and executing decisions with minimal human oversight. However, their adoption demands strict compliance with regulatory frameworks such as Health Insurance Portability and Accountability Act (HIPAA), particularly when handling Protected Health Information (PHI). This work-in-progress paper introduces a HIPAA-compliant Agentic AI framework that enforces regulatory compliance through dynamic, context-aware policy enforcement. Our framework integrates three core mechanisms: (1) Attribute-Based Access Control (ABAC) for granular PHI governance, (2) a hybrid PHI sanitization pipeline combining regex patterns and BERT-based model to minimize leakage, and (3) immutable audit trails for compliance verification.

Related papers

• In-House Evaluation Is Not Enough: Towards Robust Third-Party Flaw Disclosure for General-Purpose AI [93.33036653316591]
  We call for three interventions to advance system safety.<n>First, we propose using standardized AI flaw reports and rules of engagement for researchers.<n>Second, we propose GPAI system providers adopt broadly-scoped flaw disclosure programs.<n>Third, we advocate for the development of improved infrastructure to coordinate distribution of flaw reports.
  arXiv  Detail & Related papers  (2025-03-21T05:09:46Z)
• Media and responsible AI governance: a game-theoretic and LLM analysis [61.132523071109354]
  This paper investigates the interplay between AI developers, regulators, users, and the media in fostering trustworthy AI systems.<n>Using evolutionary game theory and large language models (LLMs), we model the strategic interactions among these actors under different regulatory regimes.
  arXiv  Detail & Related papers  (2025-03-12T21:39:38Z)
• Compliance of AI Systems [0.0]
  This paper systematically examines the compliance of AI systems with relevant legislation, focusing on the EU's AI Act.<n>The analysis highlighted many challenges associated with edge devices, which are increasingly being used to deploy AI applications closer and closer to the data sources.<n>The importance of data set compliance is highlighted as a cornerstone for ensuring the trustworthiness, transparency, and explainability of AI systems.
  arXiv  Detail & Related papers  (2025-03-07T16:53:36Z)
• Implications of Artificial Intelligence on Health Data Privacy and Confidentiality [0.0]
  The rapid integration of artificial intelligence in healthcare is revolutionizing medical diagnostics, personalized medicine, and operational efficiency.<n>However, significant challenges arise concerning patient data privacy, ethical considerations, and regulatory compliance.<n>This paper examines the dual impact of AI on healthcare, highlighting its transformative potential and the critical need for safeguarding sensitive health information.
  arXiv  Detail & Related papers  (2025-01-03T05:17:23Z)
• RIRAG: Regulatory Information Retrieval and Answer Generation [51.998738311700095]
  We introduce a task of generating question-passages pairs, where questions are automatically created and paired with relevant regulatory passages.<n>We create the ObliQA dataset, containing 27,869 questions derived from the collection of Abu Dhabi Global Markets (ADGM) financial regulation documents.<n>We design a baseline Regulatory Information Retrieval and Answer Generation (RIRAG) system and evaluate it with RePASs, a novel evaluation metric.
  arXiv  Detail & Related papers  (2024-09-09T14:44:19Z)
• Beyond One-Time Validation: A Framework for Adaptive Validation of Prognostic and Diagnostic AI-based Medical Devices [55.319842359034546]
  Existing approaches often fall short in addressing the complexity of practically deploying these devices. The presented framework emphasizes the importance of repeating validation and fine-tuning during deployment. It is positioned within the current US and EU regulatory landscapes.
  arXiv  Detail & Related papers  (2024-09-07T11:13:52Z)
• Balancing Patient Privacy and Health Data Security: The Role of Compliance in Protected Health Information (PHI) Sharing [0.312488427986006]
  Protected Health Information (PHI) sharing significantly enhances patient care quality and coordination, contributing to more accurate diagnoses, efficient treatment plans, and a comprehensive understanding of patient history. Compliance with strict privacy and security policies, such as those required by laws like HIPAA, is critical to protect PHI. We propose a blockchain technology that integrates smart contracts to partially automate consent-related processes and ensuring that PHI access and sharing follow patient preferences and legal requirements.
  arXiv  Detail & Related papers  (2024-07-03T02:49:33Z)
• GPT, Ontology, and CAABAC: A Tripartite Personalized Access Control Model Anchored by Compliance, Context and Attribute [3.932043050439443]
  This study presents Generative Transformer (GPT), medical access and context-Aware Attribute-Based Access Control (BACT) Unlike traditional models, GP-Onto-CAABACT dynamically interprets policies and adapts to changing healthcare and legal environments. Findings suggest its broader applicability in sectors where access control must meet stringent compliance and situational standards.
  arXiv  Detail & Related papers  (2024-03-13T05:30:30Z)
• The Design and Implementation of a National AI Platform for Public Healthcare in Italy: Implications for Semantics and Interoperability [62.997667081978825]
  The Italian National Health Service is adopting Artificial Intelligence through its technical agencies. Such a vast programme requires special care in formalising the knowledge domain. Questions have been raised about the impact that AI could have on patients, practitioners, and health systems.
  arXiv  Detail & Related papers  (2023-04-24T08:00:02Z)
• Adherence Forecasting for Guided Internet-Delivered Cognitive Behavioral Therapy: A Minimally Data-Sensitive Approach [59.535699822923]
  Internet-delivered psychological treatments (IDPT) are seen as an effective and scalable pathway to improving the accessibility of mental healthcare. This work proposes a deep-learning approach to perform automatic adherence forecasting, while relying on minimally sensitive login/logout data. The proposed Self-Attention Network achieved over 70% average balanced accuracy, when only 1/3 of the treatment duration had elapsed.
  arXiv  Detail & Related papers  (2022-01-11T13:55:57Z)
• Semi-automated checking for regulatory compliance in e-Health [0.41998444721319206]
  This work presents a methodology check in a semi-automated regulatory compliance of a business process. We analyse an e-Health hospital service in particular: the Hospital at Home (HaH) service.
  arXiv  Detail & Related papers  (2021-10-14T20:58:02Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.