What does HIPAA actually require?
HIPAA sets out governance, risk-assessment, and documentation requirements for the AI systems in its scope. See the framework brief for the full obligation list.
What is HIPAA?
HIPAA governs the privacy and security of Protected Health Information (PHI) in the United States. AI vendors operating in healthcare must meet HIPAA Security Rule requirements (ac
Last updated April 24, 2026 · Every fact traceable to a public source
HIPAA governs the privacy and security of Protected Health Information (PHI) in the United States. AI vendors operating in healthcare must meet HIPAA Security Rule requirements (access controls, audit logs, integrity, encryption) and sign BAAs with covered entities. HIPAA applies directly to many AI use cases in clinical decision support, diagnostics, and healthcare operations.
Who is in scope of HIPAA?
HIPAA is active in United States. Scope attaches based on jurisdiction and the role a company plays in the AI supply chain. See /frameworks/hipaa for the full scope note and source links.
Which vendors help with HIPAA compliance?
In our directory, the following vendors reference HIPAA in their compliance coverage: Scrut Automation, Braintrust, Drata, Giskard. Each profile links to the public source for the claim.
Related
Keep reading
Editorial independence
This FAQ is editorial. No vendor can pay to be included, highlighted, or ranked in answers. Paid listing tiers affect profile depth only — never rankings or commentary. Read our methodology for details.