What stays on-device
- raw user text, images, audio, and sensor readings
- most inference requests and outputs
- local training batches and personal adaptation data
HIPAA-compliant AI starts with keeping the risky data path small.
HIPAA-compliant AI is artificial intelligence that handles electronic Protected Health Information (ePHI) under a combination of HIPAA Security Rule safeguards (administrative, physical, and technical) and the contractual controls that go alongside them — most prominently a Business Associate Agreement (BAA) and explicit data-use terms covering training, retention, and de-identification. Octomil narrows the surface area further by running inference on the device, so raw patient content rarely leaves it in the first place.
Common requirements and controls for HIPAA-aligned AI
Real-world HIPAA reviews mix three categories. The HHS Security Rule defines administrative, physical, and technical safeguards. Alongside those, vendors and customers negotiate contractual data-use terms; and on top of HIPAA itself, some jurisdictions (notably California) layer additional disclosure obligations on the provider.
Technical safeguards (HIPAA Security Rule)
- Encryption in transit and at rest: TLS 1.2+ on the wire; AES-256 (or equivalent) for data at rest.
- Access control (incl. RBAC): least-privilege, org-scoped access to the control plane and any logged data.
- Audit controls: tamper-evident records of who ran what model against what cohort, with a defined retention window.
- Integrity and authentication: safeguards against unauthorized alteration of ePHI in transit or storage.
Contractual controls (negotiated alongside the safeguards)
- Business Associate Agreement (BAA): the vendor signs and accepts liability for handling Protected Health Information.
- No patient data in model training: ePHI you process must not flow into public or commercial training corpora.
- Zero-data retention or de-identification: systems strip or tokenize identifiers before content reaches the LLM, or never persist it.
- Subprocessor and breach-notification terms: who else can see the data, and how fast you're told if something goes wrong.
Customer-side disclosure obligations Octomil can help support
- California AB 3030 (effective January 2025): applies to California health facilities, clinics, physician offices, and group practices using generative AI to communicate clinical information to a patient. The obligation sits with the provider, not the AI vendor — Octomil's role is to surface the metadata (model version, prompt path, cohort) the provider needs to generate the disclosure. See the Medical Board of California's GenAI notification guidance.
Octomil narrows several of the technical and contractual surfaces by keeping inference on-device: the control plane never sees raw ePHI, so encryption-at-rest, retention, de-identification, and even subprocessor exposure shrink to telemetry and audit metadata only. The BAA path, RBAC, and customer-side disclosure obligations still apply.
HIPAA-compliant AI is an operating model, not a slogan
What the control plane stores
- rollout assignments and device eligibility state
- telemetry for latency, health, and model quality
- audit logs, access events, and deployment history
Why that matters
Reducing centralized handling of sensitive data can shrink the surface area you need to justify during security, privacy, and procurement review.
How Octomil supports regulated deployment reviews
Routing and fallback controls
Define when requests stay local, when cloud fallback is allowed, and where additional review is needed for specific workloads or cohorts.
Audit and access controls
Use organization-scoped access, audit logs, and review-ready documentation to explain who can change deployments and what signals are stored centrally.
Security architecture support
Pair this commercial review page with the technical documentation in the security architecture guide for implementation detail and operational posture.
What buyers usually ask for next
Security architecture guide
Technical detail on identity, key management, device authentication, and production hardening.
Open technical guide →Trust and review posture
Review the broader trust center for disclosure process, operating posture, and team contacts.
Open trust center →Deployment economics
Use the AI inference cost calculator to model when on-device execution reduces both cost and centralized data exposure.
Estimate AI inference cost →We can walk through your architecture and review path.
Tell us about your device mix, routing requirements, and review constraints. We’ll help map what stays on-device, what reaches the control plane, and what needs a BAA or security review.