BenGuardBENGUARD/Docs/Scanners/HIPAA Compliance
Back to Documentation

HIPAA Compliance

Scans for Protected Health Information (PHI)

API Field: hipaa_enabled

Overview

HIPAA Compliance Detection identifies Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act. This scanner helps healthcare organizations maintain compliance when using AI systems with patient data.

What It Detects

  • Patient names with medical context
  • Medical record numbers
  • Health insurance information
  • Diagnosis and treatment details
  • Prescription information
  • Lab results and test data
  • Provider names with patient associations
  • Dates of treatment/admission

Why It Matters

HIPAA violations can result in fines from $100 to $50,000 per violation, up to $1.5 million annually. Beyond fines, violations damage patient trust and can result in criminal charges for willful neglect.

Technical Details

Risk Score Range

0.0 - 1.0 (High risk: > 0.4)

Confidence Level

Typically 0.88 - 0.98

Processing Time

< 70ms per scan

Common Use Cases

Healthcare chatbotsMedical transcriptionPatient portal assistantsClinical decision supportTelehealth platforms

Detection Examples

Threat Example #1Risk: 99%
Patient John Doe, DOB 01/15/1985, was diagnosed with Type 2 Diabetes on March 3rd.

Full PHI record: name, DOB, diagnosis, and date - maximum risk.

Threat Example #2Risk: 97%
Medical Record #12345 shows positive HIV test results.

Medical record number linked to sensitive diagnosis.

Threat Example #3Risk: 92%
Dr. Smith prescribed 20mg Lexapro for the patient's depression.

Prescription details revealing mental health treatment.

API Usage

Enable this scanner in your API request by setting hipaa_enabled to true in your API key settings, or include it in your request:

curl -X POST https://benguard.io/api/v1/scan \
  -H "X-API-Key: ben_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "prompt": "Your user input here"
  }'

The scanner settings are configured per API key in your dashboard under Settings → Scanner Configuration.

Response Format

When this scanner detects a threat, the response will include:

{
  "is_valid": false,
  "status": "threat_detected",
  "risk_score": 0.99,
  "threat_types": ["hipaa"],
  "details": {
    "results": [
      {
        "scanner": "hipaa",
        "threat_detected": true,
        "risk_score": 0.99,
        "confidence": 0.92,
        "details": {
          "reason": "Full PHI record: name, DOB, diagnosis, and date - maximum risk.",
          "evidence": ["detected pattern in input"]
        }
      }
    ]
  },
  "request_id": "req_abc123"
}

Best Practices

  • Implement Business Associate Agreements (BAA) with AI vendors
  • Use de-identification before AI processing
  • Maintain audit logs of all PHI access
  • Train staff on AI-specific HIPAA requirements
  • Regular compliance audits of AI systems

Related Scanners

Consider enabling these related scanners for comprehensive protection:

PII Detection

Scans for personally identifiable information

GDPR/CCPA Compliance

Detects EU/California protected personal data