Towards a HIPAA Compliant Agentic AI System in Healthcare
This work addresses regulatory compliance for AI systems handling sensitive healthcare data, but it is incremental as it builds on existing methods like ABAC and BERT for a specific domain.
The paper tackles the challenge of ensuring HIPAA compliance for agentic AI systems in healthcare by introducing a framework that integrates attribute-based access control, a hybrid PHI sanitization pipeline, and immutable audit trails.
Agentic AI systems powered by Large Language Models (LLMs) as their foundational reasoning engine, are transforming clinical workflows such as medical report generation and clinical summarization by autonomously analyzing sensitive healthcare data and executing decisions with minimal human oversight. However, their adoption demands strict compliance with regulatory frameworks such as Health Insurance Portability and Accountability Act (HIPAA), particularly when handling Protected Health Information (PHI). This work-in-progress paper introduces a HIPAA-compliant Agentic AI framework that enforces regulatory compliance through dynamic, context-aware policy enforcement. Our framework integrates three core mechanisms: (1) Attribute-Based Access Control (ABAC) for granular PHI governance, (2) a hybrid PHI sanitization pipeline combining regex patterns and BERT-based model to minimize leakage, and (3) immutable audit trails for compliance verification.