HIPAA AI development for US healthcare teams.

HIPAA does not have a third-party vendor certification scheme — that is precisely why the Business Associate Agreement structure exists under the Privacy Rule. What Aiinfox provides is HIPAA-aligned engineering controls: a signed BAA before any PHI is shared, US-region inference, customer-controlled cloud deployment, audit logs on every model and tool call, least-privilege access through your identity provider, and PHI masking in non-production environments. We will not market a HIPAA certification we cannot hold. We will sign the BAA, document the data flow, and stand behind the controls in writing.

The BAA covers permitted uses and disclosures of PHI, the safeguards required (administrative, physical, and technical, mapped to HIPAA Security Rule §164.308 / §164.310 / §164.312), subcontractor flow-down, breach notification timing (no later than 60 days after discovery, sooner where contractually agreed), termination and return-or-destruction obligations, and indemnification. We sign it before any PHI is shared — typically before kickoff. We work from your template or provide ours. If your engagement involves managed LLM inference, we ensure the downstream BAA chain holds: AWS Bedrock with Anthropic Claude has a BAA path, Azure OpenAI Service has a BAA path, and self-hosted open-weight models on vLLM inside your VPC do not require an external BAA because no third party is processing PHI.

Inside your AWS, Azure, or GCP account by default, in a US region you specify — us-east-1 (N. Virginia), us-west-2 (Oregon), and AWS GovCloud are the patterns we run most. For inference, you have three options. One: managed LLMs with BAA — Anthropic Claude via AWS Bedrock (US-region, BAA available), OpenAI via Azure OpenAI Service (US-region, BAA available). Two: self-hosted Llama 3 or Llama 3.1 on vLLM inside your VPC — zero third-party inference, full control of logging, GPU autoscaling. Three: hybrid — non-PHI prompts route to managed Claude or GPT-4o, PHI-bearing prompts route to self-hosted Llama. We will not silently route PHI through any non-US endpoint.

Yes — this is one of our standard deployment patterns. We deploy Llama 3 (8B / 70B) or Llama 3.1 on vLLM inside your AWS or Azure VPC with autoscaling GPU groups, quantization where the quality bar permits, and OpenAI-compatible API endpoints so your application code does not change between managed and self-hosted modes. For ambient scribing or other latency-sensitive PHI workloads, we run inference on dedicated GPU instances in the same VPC as the application — round-trip latency stays sub-second and PHI never leaves your network boundary. Cost typically lands at 40-60% of equivalent managed LLM spend at production volume, but the headline is policy compliance, not unit economics.

Every model call, tool call, retrieval, and refusal is logged with: request ID, operator identity (mapped to your IdP), prompt version hash, input (with PHI tags), output, retrieval sources, refusal reason where applicable, latency, cost, and timestamp. Logs are written to your chosen log sink (CloudWatch, Datadog, Splunk, S3 with object-lock for tamper-evidence) inside your account — we do not retain copies. The log schema is built to answer an OCR breach inquiry: what was disclosed, to whom, when, under what access path, with what authorization. We provide an OCR-response template in the runbook handover.

Yes — takeover audits for HIPAA workloads are routine. Step one is a PHI data-flow audit: where does PHI actually touch storage, inference, logging, and analytics, and which of those endpoints has a BAA? Step two is reading the code, evals (if any), refusal layer, and audit-log schema, then shipping the smallest valuable change to prove the system is now operable. Step three is the longer-term plan — incremental remediation, a parallel rebuild, or shutting it down. Most takeovers we see did not need a full rewrite; they needed a missing BAA, US-region inference pinning, a refusal layer, and an audit-log schema that could survive a regulator question.

Senior engineering rates at Aiinfox land roughly 30 to 50 percent below equivalent US HIPAA-experienced AI consultancies, which is real but it is not the headline. The headline is the delivery model: senior engineers only, fixed-price six-week scope, overrun cost on us if we miss for reasons on our side, BAA in hand before kickoff. Most US HIPAA AI consultancies bill timesheets, run multi-month discovery, and either churn senior staff onto bigger accounts or staff a junior pool behind a senior nameplate. We bill shipped systems; the engineer on your kickoff call writes your code through launch.

State-level breach notification laws (every US state has its own), 42 CFR Part 2 for substance use disorder records (different consent regime than HIPAA), state Medicaid and Medicare regulatory overlays, the FDA Software as a Medical Device guidance for clinical decision support (we will not build SaMD-classified systems without your regulatory affairs team in the loop), and information-blocking rules under the 21st Century Cures Act. For multi-state digital health products, we treat California and New York as the baseline for state-level controls and layer additional state requirements on top.