Is healthcare AI HIPAA compliant? What SOC 2 Type II actually means.

"Is your AI HIPAA compliant?" is the first question we get from every risk-bearing buyer, and it is the right question asked slightly wrong. HIPAA does not certify AI, or any software, as compliant. Compliance describes how an organization handles protected health information (PHI). The useful version of the question is: does this specific system have the controls that keep PHI safe, and can it prove they work? Here is what to look for.

HIPAA basics and the Business Associate Agreement

HIPAA governs PHI held by covered entities (health plans, providers, clearinghouses) and the vendors that work on their behalf. The moment a vendor creates, receives, maintains, or transmits PHI to perform a service for a covered entity, that vendor becomes a business associate, and a Business Associate Agreement (BAA) is required before any PHI changes hands.

The BAA is not a formality. Per HHS, it must establish the permitted uses of PHI, require the business associate to implement appropriate safeguards including the requirements of the Security Rule for electronic PHI, and obligate it to report breaches. Operating without a required BAA is itself a HIPAA violation, regardless of whether a breach ever occurs. So the first thing to confirm about any healthcare AI vendor is simple: will they sign a BAA. If the answer is no, the conversation is over.

What SOC 2 Type II is, and how it differs from Type I

SOC 2 is an audit framework from the AICPA, built on the Trust Services Criteria, of which Security is required in every report and Availability, Confidentiality, Processing Integrity, and Privacy can be added. An independent CPA firm performs the audit. The difference between the two report types is about evidence, and it is the difference that matters most for a buyer.

• SOC 2 Type I assesses whether controls are designed appropriately at a single point in time. It answers: on the day of the audit, were the right controls in place?
• SOC 2 Type II assesses both design and operating effectiveness over a period of time, typically 6 to 12 months. It answers the harder question: did those controls actually work, consistently, across months of real operation?

A Type I report can be earned by configuring controls correctly the week of the audit. A Type II report cannot be faked at the last minute, because the auditor samples evidence across the whole period. When a vendor says "SOC 2," ask which type and over what observation window. Type II is the stronger assurance.

Audit trails for AI actions

This is where AI raises a genuinely new question. A dashboard reads PHI. An agent acts: it places a call, writes to a record, books a visit, flags a diagnosis. The control that makes that safe is an audit trail built for agents, not just for users.

Three properties make an AI audit trail trustworthy:

• Attributable. Every action is tied to a specific member and a specific step in a workflow, with what data the agent read, what it changed, when, and on whose behalf. Nothing the agent does is anonymous on the record.
• Reviewable. A human can reconstruct exactly what the agent did and why, after the fact, without reverse-engineering it from logs scattered across systems.
• Reversible. If an action was wrong, it can be undone, and the reversal is itself logged. An agent that can act but cannot be rolled back is a liability.

Treat the AI agent like any other actor on the record. The same access controls, logging, and review that apply to a human coordinator apply to it.

The myth that AI and compliance are in tension

A common assumption is that adopting AI means loosening compliance, or that compliance means you cannot really use AI on PHI. Both are wrong. The properties that make an AI system compliant, least-privilege access, complete logging, attribution, reversibility, are the same properties that make it operationally trustworthy. A system you can audit is a system you can debug, govern, and improve. Compliance done right is not a tax on the AI; it is the spec the AI should have been built to anyway.

"An agent you cannot audit is not a faster team. It is an unattributed actor writing to a record full of PHI. The audit trail is not paperwork. It is the difference between an asset and a breach."

PHI handling, minimum-necessary, and access controls

Beyond the BAA and attestations, three operating practices carry most of the day-to-day weight:

• Minimum-necessary. HIPAA requires that uses and disclosures of PHI be limited to the minimum necessary for the purpose. In practice that means an agent working a refill reminder should not have, or need, the member's full chart. Scope data access to the task.
• Access controls. Role-based, least-privilege access for both humans and agents, with authentication and authorization enforced at the data layer, not just the UI.
• Encryption and Security Rule safeguards. PHI encrypted in transit and at rest, with the administrative, physical, and technical safeguards the Security Rule requires.

What to ask an AI vendor

If you are evaluating healthcare AI, these questions separate real controls from marketing:

1. Will you sign a BAA, and what does it cover?
2. Do you have a SOC 2 Type II report, over what observation period, and can we see it under NDA?
3. How is every AI action logged, and can you show me an audit trail for one member end to end?
4. Can an AI action be reviewed and reversed, and is the reversal logged?
5. How do you enforce minimum-necessary access for agents, not just humans?
6. Where is PHI stored, who can access it, and how is that access controlled and monitored?

If a vendor cannot answer these crisply, the gap will show up later as risk you own.

For our part, Pelica is SOC 2 Type II and HIPAA compliant, with full audit trails. Every agent action on the canonical record is attributable to a member and a step, reviewable by a human, and reversible. We sign a BAA, and we built the audit trail first, because an operating system that acts on PHI has no business existing without one. You can read more on our Trust and security page.

Sources and further reading

• U.S. Department of Health and Human Services: Business Associates (when a BAA is required)
• HHS: Sample Business Associate Agreement Provisions (required BAA contents)
• AICPA & CIMA: System and Organization Controls (SOC) Suite of Services (SOC 2 and Type I vs Type II)